We might need a task in JIRA to implemented anonymous binding Ludovic Tim Suter a écrit :
Andreas is right. I banged my way through this integration. I couldn't get it to work anonymously so I had to create a user and a pass to login to LDAP with.
Andreas Haumer wrote:
Hi!
[email protected] schrieb:
Does anyone have any suggestions for me on what I might be missing
getting xwiki integrated with my open-ldap?
I've added the following to xwiki.cfg, then no users (including
Admin) have the ability to log in. I've tried both existing xwiki users and non-existing xwiki users, and neither work:
xwiki.authentication.ldap=1 xwiki.authentication.ldap.server=ldaphost xwiki.authentication.ldap.port=389 xwiki.authentication.ldap.base_DN=ou=People,dc=mydomain,dc=com xwiki.authentication.ldap.UID_attr=uid
My LDAP administrator didn't think I needed any settings for the
following configuration options, so these are currently commented out:
#xwiki.authentication.ldap.check_level #xwiki.authentication.ldap.bind_DN #xwiki.authentication.ldap.bind_pass #xwiki.authentication.ldap.fields_mapping
You'll need these as well!
Here's the LDAP part of my xwiki.cfg:
xwiki.authentication.ldap=1 xwiki.authentication.ldap.check_level=1 xwiki.authentication.ldap.server=ldap.intern.xss.co.at xwiki.authentication.ldap.base_DN=ou=people,ou=accounts,dc=xss,dc=co,dc=at xwiki.authentication.ldap.bind_DN=uid={0},ou=people,ou=accounts,dc=xss,dc=co,dc=at xwiki.authentication.ldap.bind_pass={1} xwiki.authentication.ldap.UID_attr=uid xwiki.authentication.ldap.fields_mapping=name=uid,last_name=sn,first_name=givenName,fullname=cn,mail=mail,ldap_dn=dn
Please note the placeholders {0} and {1} in the bind_DN and bind_pass attribute settings. These are replaced by the username and password the user gives at the login page.
With this information xwiki performs the following actions against the LDAP server:
1.) bind with bind_DN and bind_pass 2.) Lookup of the user entry using UID_attr attribute and base_DN search base
Look at the following log messages my OpenLDAP server produces when I log in to xwiki: [...] Nov 3 19:43:51 kant slapd[27005]: conn=20146 fd=32 ACCEPT from IP=192.168.162.2:56549 (IP=0.0.0.0:389) Nov 3 19:43:51 kant slapd[27032]: conn=20146 op=0 BIND dn="uid=andreas,ou=people,ou=accounts,dc=xss,dc=co,dc=at" method=128 Nov 3 19:43:51 kant slapd[27032]: conn=20146 op=0 BIND dn="uid=andreas,ou=people,ou=accounts,dc=xss,dc=co,dc=at" mech=SIMPLE ssf=0 Nov 3 19:43:51 kant slapd[27032]: conn=20146 op=0 RESULT tag=97 err=0 text= Nov 3 19:43:51 kant slapd[16011]: conn=20146 op=1 SRCH base="ou=people,ou=accounts,dc=xss,dc=co,dc=at" scope=2 deref=0 filter="(uid=andreas)" Nov 3 19:43:51 kant slapd[16011]: conn=20146 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= Nov 3 19:43:51 kant slapd[27018]: conn=20146 op=2 UNBIND Nov 3 19:43:51 kant slapd[27018]: conn=20146 fd=32 closed [...]
HTH
- andreas
-- Andreas Haumer | mailto:[email protected] *x Software + Systeme | http://www.xss.co.at/ Karmarschgasse 51/2/20 | Tel: +43-1-6060114-0 A-1100 Vienna, Austria | Fax: +43-1-6060114-71
-------------------------
-- You receive this message as a subscriber of the [email protected] mailing list. To unsubscribe: mailto:[email protected] For general help: mailto:[email protected]?subject=help ObjectWeb mailing lists service home page: http://www.objectweb.org/wws
------------------------------------------------------------------------
-- You receive this message as a subscriber of the [email protected] mailing list. To unsubscribe: mailto:[email protected] For general help: mailto:[email protected]?subject=help ObjectWeb mailing lists service home page: http://www.objectweb.org/wws
-- Ludovic Dubost XPertNet: http://www.xpertnet.fr/ Blog: http://www.ludovic.org/blog/ XWiki: http://www.xwiki.com Skype: ldubost AIM: nvludo Yahoo: ludovic