22 Oct
2008
22 Oct
'08
6:44 p.m.
Hi,
On Wed, Oct 22, 2008 at 6:32 PM, Samuel Lee <samlee(a)ncmir.ucsd.edu> wrote:
I can't seem to get my XWiki to recognize my AD
usernames. Can anyone
take a look at my xwiki.cfg to see if I'm doing something wrong?
When I try to log into the xwiki, I get a "Wrong User name", and the
user i'm using is in the crbs-admin group, which I've mapped to the
XWiki.XWikiAdminGroup group.
Thanks,
Sam
#-# new LDAP authentication service^M
xwiki
.authentication
.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl
#-# Turn LDAP authentication on - otherwise only XWiki authentication
#-# 0: disable
#-# 1: enable^M
xwiki.authentication.ldap=1
#-# LDAP Server (Active Directory, eDirectory, OpenLDAP, etc.)^M
xwiki.authentication.ldap.server=ldap.ad.xxxx.yyy
xwiki.authentication.ldap.port=636
#-# LDAP login, empty = anonymous access, otherwise specify full dn ^M
#-# {0} is replaced with the username, {1} with the password
#
xwiki
.authentication
.ldap
.bind_DN
=cn={0},department=USER,department=INFORMATIK,department=1230,o=MP^M
xwiki.authentication.ldap.bind_DN={0}
This means that the login entered by use will be used to authenticate
against LDAP/AD server. But enter an uid and not the complete DN.
You should look at
http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication#HLDAPCon…
xwiki.authentication.ldap.bind_pass={1}
#-# Force to check password after LDAP connection
#-# 0: disable
#-# 1: enable
xwiki.authentication.ldap.validate_password=0
^M
#-# only members of the following group will be verified in the LDAP^M
# otherwise only users that are found after searching starting from
the base_DN^M
#
xwiki
.authentication
.ldap.user_group=cn=developers,ou=groups,o=MegaNova,c=US^M
^M
#-# base DN for searches^M
xwiki.authentication.ldap.base_DN=OU=CRBS,DC=AD,DC=XXXX,DC=YYY
^M
#-# Specifies the LDAP attribute containing the identifier to be used
as the XWiki name (default=cn)^M
xwiki.authentication.ldap.UID_attr=sAMAccountName
#-# [SINCE 1.5M1, XWikiLDAPAuthServiceImpl]
#-# Specifies the LDAP attribute containing the password to be used
"when xwiki.authentication.ldap.validate_password" is set to 1
# xwiki.authentication.ldap.password_field=userPassword
#-# [SINCE 1.5M1, XWikiLDAPAuthServiceImpl]
#-# The potential LDAP groups classes. Separated by commas.
#
xwiki
.authentication
.ldap
.group_classes
=
group
,groupOfNames
,groupOfUniqueNames
,dynamicGroup,dynamicGroupAux,groupWiseDistributionList
#-# [SINCE 1.5M1, XWikiLDAPAuthServiceImpl]
#-# The potential names of the LDAP groups fields containings the
members. Separated by commas.
# xwiki.authentication.ldap.group_memberfields=member,uniqueMember^M
^M
#-# retrieve the following fields from LDAP and store them in the
XWiki user object (xwiki-attribute=ldap-attribute)
#-# ldap_dn=dn -- dn is set by class, caches dn in XWiki.user object
for faster access^M
xwiki
.authentication
.ldap
.fields_mapping
=
name
=
sAMAccountName
,last_name
=sn,first_name=givenName,fullname=fullName,email=mail,ldap_dn=dn
^M
#-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl]
#-# on every login update the mapped attributes from LDAP to XWiki
otherwise this happens only once when the XWiki account is created.^M
xwiki.authentication.ldap.update_user=1
^M
#-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl]
#-# mapps XWiki groups to LDAP groups, separator is "|"^M
xwiki.authentication.ldap.group_mapping=XWiki.XWikiAdminGroup=CN=crbs-
admin,OU=CRBS,DC=AD,DC=XXXX,DC=YYY|XWiki.XWiki.AllGroup=CN=crbs-
users,OU=CRBS,DC=AD,DC=XXXX,DC=YYY
#
XWiki.Organisation=cn=testers,ou=groups,o=MegaNova,c=US^M
^M
#-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl]
#-# time in s after which the list of members in a group is refreshed
from LDAP (default=3600*6)^M
# xwiki.authentication.ldap.groupcache_expiration=21800^M
#-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl]^M
#-# - create : synchronize group membership only when the user is
first created
#-# - always: synchronize on every login^M
# xwiki.authentication.ldap.mode_group_sync=always^M
^M
#-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl]
#-# if ldap authentication fails for any reason, try XWiki DB
authentication with the same credentials^M
xwiki.authentication.ldap.trylocal=1
#-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl]
#-# SSL connection to LDAP server
#-# 0: normal
#-# 1: SSL
# xwiki.authentication.ldap.ssl=0
#-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl]
#-# The keystore file to use in SSL connection
# xwiki.authentication.ldap.ssl.keystore=
#-# [SINCE 1.5M1, XWikiLDAPAuthServiceImpl]
#-# The java secure provider used in SSL connection
#
xwiki
.authentication
.ldap.ssl.secure_provider=com.sun.net.ssl.internal.ssl.Provider
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
--
Thomas Mortagne