Wiki source code of Old LDAP Authentication (before XWiki Platform 1.3M2)
Last modified by Vincent Massol on 2017/09/06
Hide last authors
| author | version | line-number | content |
|---|---|---|---|
 |
2.2 | 1 | {{box cssClass="floatinginfobox" title="**Contents**"}} |
| 2 | {{toc/}} | ||
| 3 | {{/box}} | ||
 |
1.1 | 4 | |
| |
2.2 | 5 | = Generic LDAP configuration = |
| |
1.1 | 6 | |
| |
2.1 | 7 | In order to enable the LDAP support you have to change the authentication method in //WEB-INF/xwiki.cfg// as follows: |
| 8 | |||
| 9 | {{code}} | ||
| |
1.1 | 10 | xwiki.authentication.ldap=1 |
| |
2.1 | 11 | {{/code}} |
| |
1.1 | 12 | |
| |
2.2 | 13 | You can setup the LDAP configuration in the **xwiki.cfg** file by filling the following properties: |
| |
2.1 | 14 | |
| |
1.1 | 15 | * xwiki.authentication.ldap.server |
| |
2.2 | 16 | ** LDAP server, either an IP address or a host name (for example: localhost) |
| |
1.1 | 17 | * xwiki.authentication.ldap.port |
| 18 | ** LDAP server port number. Typical value is 389. | ||
| 19 | * xwiki.authentication.ldap.check_level | ||
| |
2.1 | 20 | ** The default value is ##2## if this property is not defined. Here are the possible values |
| |
1.1 | 21 | *** checklevel 0: LDAP connection login to LDAP is sufficient |
| 22 | *** checklevel 1: Login & username located, attributes loaded | ||
| 23 | *** checklevel 2: Compare password for user (e.g. necessary if the LDAP bind didn't use the user's credentials) | ||
| 24 | * xwiki.authentication.ldap.base_DN | ||
| 25 | * xwiki.authentication.ldap.bind_DN | ||
| 26 | * xwiki.authentication.ldap.bind_pass | ||
| 27 | * xwiki.authentication.ldap.UID_attr | ||
| 28 | * xwiki.authentication.ldap.fields_mapping | ||
| 29 | |||
| 30 | Example: | ||
| 31 | |||
| |
2.1 | 32 | {{code}} |
| |
1.1 | 33 | xwiki.authentication.ldap=1 |
| 34 | xwiki.authentication.ldap.authclass=com.xpn.xwiki.user.impl.LDAP.LDAPAuthServiceImpl | ||
| 35 | xwiki.authentication.ldap.server=dsmaster | ||
| 36 | xwiki.authentication.ldap.check_level=1 | ||
| 37 | xwiki.authentication.ldap.port=389 | ||
| 38 | xwiki.authentication.ldap.base_DN=department=USER,department=INFORMATIK,department=1230,o=MP | ||
| 39 | xwiki.authentication.ldap.bind_DN=cn={0},department=USER,department=INFORMATIK,department=1230,o=MP | ||
| 40 | xwiki.authentication.ldap.bind_pass={1} | ||
| 41 | xwiki.authentication.ldap.UID_attr=uid | ||
| |
2.1 | 42 | {{/code}} |
| |
1.1 | 43 | |
| |
2.1 | 44 | {{info}} |
| |
2.2 | 45 | You can also setup the LDAP configuration in the XWiki.XWikiPreferences page by going to the class editor and adding the following fields: |
| |
2.1 | 46 | |
| |
1.1 | 47 | * ldap_server |
| 48 | * ldap_port | ||
| 49 | * ldap_check_level | ||
| 50 | * ldap_base_DN | ||
| 51 | * ldap_bind_DN | ||
| 52 | * ldap_bind_pass | ||
| 53 | * ldap_UID_attr | ||
| |
2.1 | 54 | * ldap_fields_mapping |
| 55 | {{/info}} | ||
| |
1.1 | 56 | |
| |
2.2 | 57 | = LDAP Configuration for Active Directory = |
| |
2.1 | 58 | |
| |
1.1 | 59 | Here are values of the properties you need to set if your LDAP server implementation is Miscrosoft Active Directory: |
| 60 | |||
| |
2.1 | 61 | * **ldap_server**: name/IP of AD server machine |
| 62 | * **ldap_port**: port //(e.g. 389)// | ||
| 63 | * **ldap_check_level**: 1 | ||
| 64 | * **ldap_base_DN**: name of root DN //(e.g. dc=ad,dc=company,dc=com)// | ||
| |
2.2 | 65 | * **ldap_bind_DN**: domain{0} //(e.g. ad{0}, where {0} will be replaced by username during validation)// |
| |
2.1 | 66 | * **ldap_bind_pass**: {1} //(where {1} will be replaced by password during validation)// |
| 67 | * **ldap_UID_attr**: sAMAccountName | ||
| 68 | * **ldap_fields_mapping**: name=sAMAccountName,last_name=sn,first_name=givenName,fullname=displayName,mail=mail,ldap_dn=dn | ||
| 69 | |||
| |
1.1 | 70 | Example: |
| |
2.1 | 71 | |
| 72 | {{code}} | ||
| |
1.1 | 73 | xwiki.authentication.ldap=1 |
| 74 | xwiki.authentication.ldap.authclass=com.xpn.xwiki.user.impl.LDAP.LDAPAuthServiceImpl | ||
| 75 | xwiki.authentication.ldap.server=adserver | ||
| 76 | xwiki.authentication.ldap.check_level=1 | ||
| 77 | xwiki.authentication.ldap.port=389 | ||
| 78 | xwiki.authentication.ldap.base_DN=dc=subdomain,dc=domain,dc=suffix | ||
| 79 | xwiki.authentication.ldap.bind_DN=subdomain\\{0} | ||
| 80 | xwiki.authentication.ldap.bind_pass={1} | ||
| 81 | xwiki.authentication.ldap.UID_attr=sAMAccountName | ||
| 82 | xwiki.authentication.ldap.fields_mapping=name=sAMAccountName,last_name=sn,first_name=givenName,fullname=displayName,mail=mail,ldap_dn=dn | ||
| |
2.1 | 83 | {{/code}} |
| |
1.1 | 84 | |
| 85 | The bind_DN and bind_pass fields contain the username and password for binding to the LDAP server in order to search, which will not necessarily be the same credentials as the user logging in. | ||
| 86 | |||
| 87 | The exact details of this configuration will vary based on your server configuration. It may not be necessary to prefix the username (represented by {0}) with the subdomain. | ||
| 88 | |||
| 89 | For testing purposes, you may wish to omit the "ldap.fields_mapping" field, to test the authentication first, and then add it later to get the mappings right. |
