Wiki source code of AuthenticationLdapOld
Version 1.2 by Vincent Massol on 2008/02/19
Show last authors
| author | version | line-number | content |
|---|---|---|---|
| 1 | 1.1 Old LDAP Authentication (before XWiki Platform 1.3M2) | ||
| 2 | |||
| 3 | 1.1.1 Generic LDAP configuration | ||
| 4 | |||
| 5 | In order to enable the LDAP support you have to change the authentication method in ~~WEB-INF/xwiki.cfg~~ as follows: | ||
| 6 | {code} | ||
| 7 | xwiki.authentication.ldap=1 | ||
| 8 | {code} | ||
| 9 | |||
| 10 | You can setup the LDAP configuration in the ~~xwiki.cfg~~ file by filling the following properties: | ||
| 11 | * xwiki.authentication.ldap.server | ||
| 12 | ** LDAP server, either an IP address or a host name. For example: localhost | ||
| 13 | * xwiki.authentication.ldap.port | ||
| 14 | ** LDAP server port number. Typical value is 389. | ||
| 15 | * xwiki.authentication.ldap.check_level | ||
| 16 | ** The default value is <tt>2</tt> if this property is not defined. Here are the possible values | ||
| 17 | *** checklevel 0: LDAP connection login to LDAP is sufficient | ||
| 18 | *** checklevel 1: Login & username located, attributes loaded | ||
| 19 | *** checklevel 2: Compare password for user (e.g. necessary if the LDAP bind didn't use the user's credentials) | ||
| 20 | * xwiki.authentication.ldap.base_DN | ||
| 21 | * xwiki.authentication.ldap.bind_DN | ||
| 22 | * xwiki.authentication.ldap.bind_pass | ||
| 23 | * xwiki.authentication.ldap.UID_attr | ||
| 24 | * xwiki.authentication.ldap.fields_mapping | ||
| 25 | |||
| 26 | Example: | ||
| 27 | |||
| 28 | {code} | ||
| 29 | xwiki.authentication.ldap=1 | ||
| 30 | xwiki.authentication.ldap.authclass=com.xpn.xwiki.user.impl.LDAP.LDAPAuthServiceImpl | ||
| 31 | xwiki.authentication.ldap.server=dsmaster | ||
| 32 | xwiki.authentication.ldap.check_level=1 | ||
| 33 | xwiki.authentication.ldap.port=389 | ||
| 34 | xwiki.authentication.ldap.base_DN=department=USER,department=INFORMATIK,department=1230,o=MP | ||
| 35 | xwiki.authentication.ldap.bind_DN=cn={0},department=USER,department=INFORMATIK,department=1230,o=MP | ||
| 36 | xwiki.authentication.ldap.bind_pass={1} | ||
| 37 | xwiki.authentication.ldap.UID_attr=uid | ||
| 38 | {code} | ||
| 39 | |||
| 40 | #info("You can also setup the LDAP configuration in XWiki.XWikiPreferences page by going to the class editor and adding the following fields: | ||
| 41 | * ldap_server | ||
| 42 | * ldap_port | ||
| 43 | * ldap_check_level | ||
| 44 | * ldap_base_DN | ||
| 45 | * ldap_bind_DN | ||
| 46 | * ldap_bind_pass | ||
| 47 | * ldap_UID_attr | ||
| 48 | * ldap_fields_mapping") | ||
| 49 | |||
| 50 | 1.1.1 LDAP Configuration for Active Directory | ||
| 51 | |||
| 52 | Here are values of the properties you need to set if your LDAP server implementation is Miscrosoft Active Directory: | ||
| 53 | - *ldap_server*: name/IP of AD server machine | ||
| 54 | - *ldap_port*: port ~~(e.g. 389)~~ | ||
| 55 | - *ldap_check_level*: 1 | ||
| 56 | - *ldap_base_DN*: name of root DN ~~(e.g. dc=ad,dc=company,dc=com)~~ | ||
| 57 | - *ldap_bind_DN*: domain\{0\} ~~(e.g. ad\{0\} where \{0\} will be replaced by username during validation)~~ | ||
| 58 | - *ldap_bind_pass*: \{1\} ~~(where \{1\} will be replaced by password during validation)~~ | ||
| 59 | - *ldap_UID_attr*: sAMAccountName | ||
| 60 | - *ldap_fields_mapping*: name=sAMAccountName,last_name=sn,first_name=givenName,fullname=displayName,mail=mail,ldap_dn=dn | ||
| 61 | |||
| 62 | Example: | ||
| 63 | {code} | ||
| 64 | xwiki.authentication.ldap=1 | ||
| 65 | xwiki.authentication.ldap.authclass=com.xpn.xwiki.user.impl.LDAP.LDAPAuthServiceImpl | ||
| 66 | xwiki.authentication.ldap.server=adserver | ||
| 67 | xwiki.authentication.ldap.check_level=1 | ||
| 68 | xwiki.authentication.ldap.port=389 | ||
| 69 | xwiki.authentication.ldap.base_DN=dc=subdomain,dc=domain,dc=suffix | ||
| 70 | xwiki.authentication.ldap.bind_DN=subdomain\\{0} | ||
| 71 | xwiki.authentication.ldap.bind_pass={1} | ||
| 72 | xwiki.authentication.ldap.UID_attr=sAMAccountName | ||
| 73 | xwiki.authentication.ldap.fields_mapping=name=sAMAccountName,last_name=sn,first_name=givenName,fullname=displayName,mail=mail,ldap_dn=dn | ||
| 74 | {code} | ||
| 75 | |||
| 76 | The bind_DN and bind_pass fields contain the username and password for binding to the LDAP server in order to search, which will not necessarily be the same credentials as the user logging in. | ||
| 77 | |||
| 78 | |||
| 79 | The exact details of this configuration will vary based on your server configuration. It may not be necessary to prefix the username (represented by {0}) with the subdomain. | ||
| 80 | |||
| 81 | For testing purposes, you may wish to omit the "ldap.fields_mapping" field, to test the authentication first, and then add it later to get the mappings right. | ||
| 82 | |||
| 83 | This java client, [LDAP Browser/Editor > http://www-unix.mcs.anl.gov/~gawor/ldap/] is a handy tool for checking your configuration. |
