When you register on a TWiki with user ID and LDAP authentication setup for the apache you still get a password stored in a local .htpasswd file.
And this password is actually use by TWiki in some cases. For example when you change email address.
This is a show stopper issue for a corporate installation. LDAP authentication is LDAP authentication. There should be no local passwords.
Once the user has changed his global password many times he has no clue what it was when he registered.
This actually worked well in Cairo and is now totally broken.
OK. This is not entirely true.
But we still have an issue.
To work on a corporate Intranet with LDAP you need to
- Configure: Set the Login Manager to TWiki::Client::ApacheLogin
- Configure: Set the PasswordManager to None
- Set up httpd.conf / .htaccess so the .../bin scripts gets authenticated. Not all. Just the ones that must be authenticated. viewauth in particular.
I think we still have an action to document this on Twiki.org. When I have all working I will try and write a TwikiOnLDAP
We also still have the issue that email addresses in this case is not stored in the user topic.
I will close this bug and open a new so we do not forget this.
In SVN 8475 the 'none' password manager stores emails in the user topic.