Wiki source code of AuthenticationLdapOld
Version 1.2 by Vincent Massol on 2008/02/19
Show last authors
author | version | line-number | content |
---|---|---|---|
1 | 1.1 Old LDAP Authentication (before XWiki Platform 1.3M2) | ||
2 | |||
3 | 1.1.1 Generic LDAP configuration | ||
4 | |||
5 | In order to enable the LDAP support you have to change the authentication method in ~~WEB-INF/xwiki.cfg~~ as follows: | ||
6 | {code} | ||
7 | xwiki.authentication.ldap=1 | ||
8 | {code} | ||
9 | |||
10 | You can setup the LDAP configuration in the ~~xwiki.cfg~~ file by filling the following properties: | ||
11 | * xwiki.authentication.ldap.server | ||
12 | ** LDAP server, either an IP address or a host name. For example: localhost | ||
13 | * xwiki.authentication.ldap.port | ||
14 | ** LDAP server port number. Typical value is 389. | ||
15 | * xwiki.authentication.ldap.check_level | ||
16 | ** The default value is <tt>2</tt> if this property is not defined. Here are the possible values | ||
17 | *** checklevel 0: LDAP connection login to LDAP is sufficient | ||
18 | *** checklevel 1: Login & username located, attributes loaded | ||
19 | *** checklevel 2: Compare password for user (e.g. necessary if the LDAP bind didn't use the user's credentials) | ||
20 | * xwiki.authentication.ldap.base_DN | ||
21 | * xwiki.authentication.ldap.bind_DN | ||
22 | * xwiki.authentication.ldap.bind_pass | ||
23 | * xwiki.authentication.ldap.UID_attr | ||
24 | * xwiki.authentication.ldap.fields_mapping | ||
25 | |||
26 | Example: | ||
27 | |||
28 | {code} | ||
29 | xwiki.authentication.ldap=1 | ||
30 | xwiki.authentication.ldap.authclass=com.xpn.xwiki.user.impl.LDAP.LDAPAuthServiceImpl | ||
31 | xwiki.authentication.ldap.server=dsmaster | ||
32 | xwiki.authentication.ldap.check_level=1 | ||
33 | xwiki.authentication.ldap.port=389 | ||
34 | xwiki.authentication.ldap.base_DN=department=USER,department=INFORMATIK,department=1230,o=MP | ||
35 | xwiki.authentication.ldap.bind_DN=cn={0},department=USER,department=INFORMATIK,department=1230,o=MP | ||
36 | xwiki.authentication.ldap.bind_pass={1} | ||
37 | xwiki.authentication.ldap.UID_attr=uid | ||
38 | {code} | ||
39 | |||
40 | #info("You can also setup the LDAP configuration in XWiki.XWikiPreferences page by going to the class editor and adding the following fields: | ||
41 | * ldap_server | ||
42 | * ldap_port | ||
43 | * ldap_check_level | ||
44 | * ldap_base_DN | ||
45 | * ldap_bind_DN | ||
46 | * ldap_bind_pass | ||
47 | * ldap_UID_attr | ||
48 | * ldap_fields_mapping") | ||
49 | |||
50 | 1.1.1 LDAP Configuration for Active Directory | ||
51 | |||
52 | Here are values of the properties you need to set if your LDAP server implementation is Miscrosoft Active Directory: | ||
53 | - *ldap_server*: name/IP of AD server machine | ||
54 | - *ldap_port*: port ~~(e.g. 389)~~ | ||
55 | - *ldap_check_level*: 1 | ||
56 | - *ldap_base_DN*: name of root DN ~~(e.g. dc=ad,dc=company,dc=com)~~ | ||
57 | - *ldap_bind_DN*: domain\{0\} ~~(e.g. ad\{0\} where \{0\} will be replaced by username during validation)~~ | ||
58 | - *ldap_bind_pass*: \{1\} ~~(where \{1\} will be replaced by password during validation)~~ | ||
59 | - *ldap_UID_attr*: sAMAccountName | ||
60 | - *ldap_fields_mapping*: name=sAMAccountName,last_name=sn,first_name=givenName,fullname=displayName,mail=mail,ldap_dn=dn | ||
61 | |||
62 | Example: | ||
63 | {code} | ||
64 | xwiki.authentication.ldap=1 | ||
65 | xwiki.authentication.ldap.authclass=com.xpn.xwiki.user.impl.LDAP.LDAPAuthServiceImpl | ||
66 | xwiki.authentication.ldap.server=adserver | ||
67 | xwiki.authentication.ldap.check_level=1 | ||
68 | xwiki.authentication.ldap.port=389 | ||
69 | xwiki.authentication.ldap.base_DN=dc=subdomain,dc=domain,dc=suffix | ||
70 | xwiki.authentication.ldap.bind_DN=subdomain\\{0} | ||
71 | xwiki.authentication.ldap.bind_pass={1} | ||
72 | xwiki.authentication.ldap.UID_attr=sAMAccountName | ||
73 | xwiki.authentication.ldap.fields_mapping=name=sAMAccountName,last_name=sn,first_name=givenName,fullname=displayName,mail=mail,ldap_dn=dn | ||
74 | {code} | ||
75 | |||
76 | The bind_DN and bind_pass fields contain the username and password for binding to the LDAP server in order to search, which will not necessarily be the same credentials as the user logging in. | ||
77 | |||
78 | |||
79 | The exact details of this configuration will vary based on your server configuration. It may not be necessary to prefix the username (represented by {0}) with the subdomain. | ||
80 | |||
81 | For testing purposes, you may wish to omit the "ldap.fields_mapping" field, to test the authentication first, and then add it later to get the mappings right. | ||
82 | |||
83 | This java client, [LDAP Browser/Editor > http://www-unix.mcs.anl.gov/~gawor/ldap/] is a handy tool for checking your configuration. |