Old LDAP Authentication (before XWiki Platform 1.3M2) (XWiki.org)

The bind_DN and bind_pass fields contain the username and password for binding to the LDAP server in order to search, which will not necessarily be the same credentials as the user logging in.

86

87

The exact details of this configuration will vary based on your server configuration. It may not be necessary to prefix the username (represented by {0}) with the subdomain.

88

89

For testing purposes, you may wish to omit the "ldap.fields_mapping" field, to test the authentication first, and then add it later to get the mappings right.

Wiki source code of Old LDAP Authentication (before XWiki Platform 1.3M2)

Quick Links

Navigation

About

About

Support

Platform

User Guide

Admin Guide

Developer Guide

Projects

XWiki

Extensions

Other

Contribute

Status

Practices

Under the Hood

Get Involved

Get Connected

author	version	line-number	content
		1	{{box cssClass="floatinginfobox" title="Contents"}}
		2	{{toc/}}
		3	{{/box}}
		4
		5	= Generic LDAP configuration =
		6
		7	In order to enable the LDAP support you have to change the authentication method in //WEB-INF/xwiki.cfg// as follows:
		8
		9	{{code}}
		10	xwiki.authentication.ldap=1
		11	{{/code}}
		12
		13	You can setup the LDAP configuration in the xwiki.cfg file by filling the following properties:
		14
		15	* xwiki.authentication.ldap.server
		16	** LDAP server, either an IP address or a host name (for example: localhost)
		17	* xwiki.authentication.ldap.port
		18	** LDAP server port number. Typical value is 389.
		19	* xwiki.authentication.ldap.check_level
		20	** The default value is ##2## if this property is not defined. Here are the possible values
		21	*** checklevel 0: LDAP connection login to LDAP is sufficient
		22	*** checklevel 1: Login & username located, attributes loaded
		23	*** checklevel 2: Compare password for user (e.g. necessary if the LDAP bind didn't use the user's credentials)
		24	* xwiki.authentication.ldap.base_DN
		25	* xwiki.authentication.ldap.bind_DN
		26	* xwiki.authentication.ldap.bind_pass
		27	* xwiki.authentication.ldap.UID_attr
		28	* xwiki.authentication.ldap.fields_mapping
		29
		30	Example:
		31
		32	{{code}}
		33	xwiki.authentication.ldap=1
		34	xwiki.authentication.ldap.authclass=com.xpn.xwiki.user.impl.LDAP.LDAPAuthServiceImpl
		35	xwiki.authentication.ldap.server=dsmaster
		36	xwiki.authentication.ldap.check_level=1
		37	xwiki.authentication.ldap.port=389
		38	xwiki.authentication.ldap.base_DN=department=USER,department=INFORMATIK,department=1230,o=MP
		39	xwiki.authentication.ldap.bind_DN=cn={0},department=USER,department=INFORMATIK,department=1230,o=MP
		40	xwiki.authentication.ldap.bind_pass={1}
		41	xwiki.authentication.ldap.UID_attr=uid
		42	{{/code}}
		43
		44	{{info}}
		45	You can also setup the LDAP configuration in the XWiki.XWikiPreferences page by going to the class editor and adding the following fields:
		46
		47	* ldap_server
		48	* ldap_port
		49	* ldap_check_level
		50	* ldap_base_DN
		51	* ldap_bind_DN
		52	* ldap_bind_pass
		53	* ldap_UID_attr
		54	* ldap_fields_mapping
		55	{{/info}}
		56
		57	= LDAP Configuration for Active Directory =
		58
		59	Here are values of the properties you need to set if your LDAP server implementation is Miscrosoft Active Directory:
		60
		61	* ldap_server: name/IP of AD server machine
		62	* ldap_port: port //(e.g. 389)//
		63	* ldap_check_level: 1
		64	* ldap_base_DN: name of root DN //(e.g. dc=ad,dc=company,dc=com)//
		65	* ldap_bind_DN: domain{0} //(e.g. ad{0}, where {0} will be replaced by username during validation)//
		66	* ldap_bind_pass: {1} //(where {1} will be replaced by password during validation)//
		67	* ldap_UID_attr: sAMAccountName
		68	* ldap_fields_mapping: name=sAMAccountName,last_name=sn,first_name=givenName,fullname=displayName,mail=mail,ldap_dn=dn
		69
		70	Example:
		71
		72	{{code}}
		73	xwiki.authentication.ldap=1
		74	xwiki.authentication.ldap.authclass=com.xpn.xwiki.user.impl.LDAP.LDAPAuthServiceImpl
		75	xwiki.authentication.ldap.server=adserver
		76	xwiki.authentication.ldap.check_level=1
		77	xwiki.authentication.ldap.port=389
		78	xwiki.authentication.ldap.base_DN=dc=subdomain,dc=domain,dc=suffix
		79	xwiki.authentication.ldap.bind_DN=subdomain\\{0}
		80	xwiki.authentication.ldap.bind_pass={1}
		81	xwiki.authentication.ldap.UID_attr=sAMAccountName
		82	xwiki.authentication.ldap.fields_mapping=name=sAMAccountName,last_name=sn,first_name=givenName,fullname=displayName,mail=mail,ldap_dn=dn
		83	{{/code}}
		84
		85	The bind_DN and bind_pass fields contain the username and password for binding to the LDAP server in order to search, which will not necessarily be the same credentials as the user logging in.
		86
		87	The exact details of this configuration will vary based on your server configuration. It may not be necessary to prefix the username (represented by {0}) with the subdomain.
		88
		89	For testing purposes, you may wish to omit the "ldap.fields_mapping" field, to test the authentication first, and then add it later to get the mappings right.