LDAP authenticator user member of multiple groups and group_mapping configuration

Help / Discuss
#1

I have two LDAP groups that I’m mapping to two XWiki groups (with different rights), say group A and B.

One user is part of both LDAP groups: is there a priority / order of the configured groups or something?
I do not have a chance to test that right now.

User belonging to two groups with different permissions / rights
#2

Not sure I understand what you mean by priority. If the user is part of both LDAP groups, is going to be added to both XWiki groups.

1 Like
#3

OK, I thought, i.e., with:

xwiki.authentication.ldap.group_mapping=XWiki.XWikiAdminGroup=CN=A|\
                                        XWiki.XWikiEmployeesGroup=CN=B

And Alice being member of both A and B, that in Xwiki she would end up being only member of XWikiEmployeesGroup.

#4

No, in this configuration you tell XWiki that both:

  • “if the user is part of A it should be also part of XWiki.XWikiAdminGroup”
  • and “if the user is part of B it should be also part of XWiki.XWikiEmployeesGroup”

| is just a separator for the list of mappings, it does not mean OR :slight_smile:

1 Like