Wiki source code of AuthenticationLdapOld

Version 1.2 by Vincent Massol on 2008/02/19

Show last authors
1 1.1 Old LDAP Authentication (before XWiki Platform 1.3M2)
2
3 1.1.1 Generic LDAP configuration
4
5 In order to enable the LDAP support you have to change the authentication method in ~~WEB-INF/xwiki.cfg~~ as follows:
6 {code}
7 xwiki.authentication.ldap=1
8 {code}
9
10 You can setup the LDAP configuration in the ~~xwiki.cfg~~ file by filling the following properties:
11 * xwiki.authentication.ldap.server
12 ** LDAP server, either an IP address or a host name. For example: localhost
13 * xwiki.authentication.ldap.port
14 ** LDAP server port number. Typical value is 389.
15 * xwiki.authentication.ldap.check_level
16 ** The default value is <tt>2</tt> if this property is not defined. Here are the possible values
17 *** checklevel 0: LDAP connection login to LDAP is sufficient
18 *** checklevel 1: Login & username located, attributes loaded
19 *** checklevel 2: Compare password for user (e.g. necessary if the LDAP bind didn't use the user's credentials)
20 * xwiki.authentication.ldap.base_DN
21 * xwiki.authentication.ldap.bind_DN
22 * xwiki.authentication.ldap.bind_pass
23 * xwiki.authentication.ldap.UID_attr
24 * xwiki.authentication.ldap.fields_mapping
25
26 Example:
27
28 {code}
29 xwiki.authentication.ldap=1
30 xwiki.authentication.ldap.authclass=com.xpn.xwiki.user.impl.LDAP.LDAPAuthServiceImpl
31 xwiki.authentication.ldap.server=dsmaster
32 xwiki.authentication.ldap.check_level=1
33 xwiki.authentication.ldap.port=389
34 xwiki.authentication.ldap.base_DN=department=USER,department=INFORMATIK,department=1230,o=MP
35 xwiki.authentication.ldap.bind_DN=cn={0},department=USER,department=INFORMATIK,department=1230,o=MP
36 xwiki.authentication.ldap.bind_pass={1}
37 xwiki.authentication.ldap.UID_attr=uid
38 {code}
39
40 #info("You can also setup the LDAP configuration in XWiki.XWikiPreferences page by going to the class editor and adding the following fields:
41 * ldap_server
42 * ldap_port
43 * ldap_check_level
44 * ldap_base_DN
45 * ldap_bind_DN
46 * ldap_bind_pass
47 * ldap_UID_attr
48 * ldap_fields_mapping")
49
50 1.1.1 LDAP Configuration for Active Directory
51
52 Here are values of the properties you need to set if your LDAP server implementation is Miscrosoft Active Directory:
53 - *ldap_server*: name/IP of AD server machine
54 - *ldap_port*: port ~~(e.g. 389)~~
55 - *ldap_check_level*: 1
56 - *ldap_base_DN*: name of root DN ~~(e.g. dc=ad,dc=company,dc=com)~~
57 - *ldap_bind_DN*: domain\{0\} ~~(e.g. ad\{0\} where \{0\} will be replaced by username during validation)~~
58 - *ldap_bind_pass*: \{1\} ~~(where \{1\} will be replaced by password during validation)~~
59 - *ldap_UID_attr*: sAMAccountName
60 - *ldap_fields_mapping*: name=sAMAccountName,last_name=sn,first_name=givenName,fullname=displayName,mail=mail,ldap_dn=dn
61
62 Example:
63 {code}
64 xwiki.authentication.ldap=1
65 xwiki.authentication.ldap.authclass=com.xpn.xwiki.user.impl.LDAP.LDAPAuthServiceImpl
66 xwiki.authentication.ldap.server=adserver
67 xwiki.authentication.ldap.check_level=1
68 xwiki.authentication.ldap.port=389
69 xwiki.authentication.ldap.base_DN=dc=subdomain,dc=domain,dc=suffix
70 xwiki.authentication.ldap.bind_DN=subdomain\\{0}
71 xwiki.authentication.ldap.bind_pass={1}
72 xwiki.authentication.ldap.UID_attr=sAMAccountName
73 xwiki.authentication.ldap.fields_mapping=name=sAMAccountName,last_name=sn,first_name=givenName,fullname=displayName,mail=mail,ldap_dn=dn
74 {code}
75
76 The bind_DN and bind_pass fields contain the username and password for binding to the LDAP server in order to search, which will not necessarily be the same credentials as the user logging in.
77
78
79 The exact details of this configuration will vary based on your server configuration. It may not be necessary to prefix the username (represented by {0}) with the subdomain.
80
81 For testing purposes, you may wish to omit the "ldap.fields_mapping" field, to test the authentication first, and then add it later to get the mappings right.
82
83 This java client, [LDAP Browser/Editor > http://www-unix.mcs.anl.gov/~gawor/ldap/] is a handy tool for checking your configuration.

Get Connected