8 Nov
2005
8 Nov
'05
12:15 a.m.
We might need a task in JIRA to implemented anonymous binding
Ludovic
Tim Suter a écrit :
Andreas is right. I banged my way through this
integration. I couldn't
get it to work anonymously so I had to create a user and a pass to login
to LDAP with.
Andreas Haumer wrote:
--
Ludovic Dubost
XPertNet: http://www.xpertnet.fr/
Blog: http://www.ludovic.org/blog/
XWiki: http://www.xwiki.com
Skype: ldubost AIM: nvludo Yahoo: ludovic
Hi!
wb(a)zootweb.com schrieb:
-------------------------
--
You receive this message as a subscriber of the
xwiki-users(a)objectweb.org mailing list.
To unsubscribe: mailto:xwiki-users-unsubscribe@objectweb.org
For general help: mailto:sympa@objectweb.org?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws
------------------------------------------------------------------------
--
You receive this message as a subscriber of the xwiki-users(a)objectweb.org mailing list.
To unsubscribe: mailto:xwiki-users-unsubscribe@objectweb.org
For general help: mailto:sympa@objectweb.org?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws
Does anyone have any suggestions for me on what I
might be missing
getting xwiki integrated with my open-ldap?
I've added the following to xwiki.cfg, then
no users (including
Admin) have the ability to log in. I've tried both existing xwiki
users and non-existing xwiki users, and neither work:
xwiki.authentication.ldap=1
xwiki.authentication.ldap.server=ldaphost
xwiki.authentication.ldap.port=389
xwiki.authentication.ldap.base_DN=ou=People,dc=mydomain,dc=com
xwiki.authentication.ldap.UID_attr=uid
My LDAP administrator didn't think I needed any settings for the
following configuration options, so these are currently commented out:
> #xwiki.authentication.ldap.check_level
> #xwiki.authentication.ldap.bind_DN
> #xwiki.authentication.ldap.bind_pass
> #xwiki.authentication.ldap.fields_mapping
>
You'll need these as well!
Here's the LDAP part of my xwiki.cfg:
xwiki.authentication.ldap=1
xwiki.authentication.ldap.check_level=1
xwiki.authentication.ldap.server=ldap.intern.xss.co.at
xwiki.authentication.ldap.base_DN=ou=people,ou=accounts,dc=xss,dc=co,dc=at
xwiki.authentication.ldap.bind_DN=uid={0},ou=people,ou=accounts,dc=xss,dc=co,dc=at
xwiki.authentication.ldap.bind_pass={1}
xwiki.authentication.ldap.UID_attr=uid
xwiki.authentication.ldap.fields_mapping=name=uid,last_name=sn,first_name=givenName,fullname=cn,mail=mail,ldap_dn=dn
Please note the placeholders {0} and {1} in the bind_DN and
bind_pass attribute settings. These are replaced by the username
and password the user gives at the login page.
With this information xwiki performs the following actions
against the LDAP server:
1.) bind with bind_DN and bind_pass
2.) Lookup of the user entry using UID_attr attribute and base_DN
search base
Look at the following log messages my OpenLDAP server produces
when I log in to xwiki:
[...]
Nov 3 19:43:51 kant slapd[27005]: conn=20146 fd=32 ACCEPT from
IP=192.168.162.2:56549 (IP=0.0.0.0:389)
Nov 3 19:43:51 kant slapd[27032]: conn=20146 op=0 BIND
dn="uid=andreas,ou=people,ou=accounts,dc=xss,dc=co,dc=at" method=128
Nov 3 19:43:51 kant slapd[27032]: conn=20146 op=0 BIND
dn="uid=andreas,ou=people,ou=accounts,dc=xss,dc=co,dc=at" mech=SIMPLE
ssf=0
Nov 3 19:43:51 kant slapd[27032]: conn=20146 op=0 RESULT tag=97 err=0
text=
Nov 3 19:43:51 kant slapd[16011]: conn=20146 op=1 SRCH
base="ou=people,ou=accounts,dc=xss,dc=co,dc=at" scope=2 deref=0
filter="(uid=andreas)"
Nov 3 19:43:51 kant slapd[16011]: conn=20146 op=1 SEARCH RESULT
tag=101 err=0 nentries=1 text=
Nov 3 19:43:51 kant slapd[27018]: conn=20146 op=2 UNBIND
Nov 3 19:43:51 kant slapd[27018]: conn=20146 fd=32 closed
[...]
HTH
- andreas
--
Andreas Haumer | mailto:andreas@xss.co.at
*x Software + Systeme | http://www.xss.co.at/
Karmarschgasse 51/2/20 | Tel: +43-1-6060114-0
A-1100 Vienna, Austria | Fax: +43-1-6060114-71