I still have not been able to get the users from Active Directory to map
to XWiki groups. Does anybody have a working sample config I can look
at? Here is my LDAP config:
-----------------------------------------------------------------------
--------------
# LDAP
#-----------------------------------------------------------------------
--------------
#-# new LDAP authentication service
xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.LDAPAuthServ
iceImpl
#-# Turn LDAP authentication on - otherwise only XWiki authentication
#-# 0: disable
#-# 1: enable
xwiki.authentication.ldap=1
#-# LDAP Server (Active Directory, eDirectory, OpenLDAP, etc.)
xwiki.authentication.ldap.server=10.1.1.186
xwiki.authentication.ldap.port=389
#-# LDAP login, empty = anonymous access, otherwise specify full dn
#-# {0} is replaced with the username, {1} with the password
xwiki.authentication.ldap.bind_DN=mts\\{0}
xwiki.authentication.ldap.bind_pass={1}
#-# Force to check password after LDAP connection
#-# 0: disable
#-# 1: enable
xwiki.authentication.ldap.validate_password=0
#-# only members of the following group will be verified in the LDAP
# otherwise only users that are found after searching starting from the
base_DN
xwiki.authentication.ldap.user_group=cn=WebAllMTS,ou=ChatGroups,ou=accou
nts,dc=mtstravel,dc=com
#-# base DN for searches
xwiki.authentication.ldap.base_DN=dc=ad,dc=mtstravel,dc=com
#-# Specifies the LDAP attribute containing the identifier to be used as
the XWiki name (default=cn)
# xwiki.authentication.ldap.UID_attr=sAMAccountName
#-# [SINCE 1.5M1, XWikiLDAPAuthServiceImpl]
#-# Specifies the LDAP attribute containing the password to be used
"when xwiki.authentication.ldap.validate_password" is set to 1
# xwiki.authentication.ldap.password_field=userPassword
#-# [SINCE 1.5M1, XWikiLDAPAuthServiceImpl]
#-# The potential LDAP groups classes. Separated by commas.
xwiki.authentication.ldap.group_classes=group,groupOfNames,groupOfUnique
Names,dynamicGroup,dynamicGroupAux,groupWiseDistributionList
#-# [SINCE 1.5M1, XWikiLDAPAuthServiceImpl]
#-# The potential names of the LDAP groups fields containings the
members. Separated by commas.
xwiki.authentication.ldap.group_memberfields=member,uniqueMember
#-# retrieve the following fields from LDAP and store them in the XWiki
user object (xwiki-attribute=ldap-attribute)
#-# ldap_dn=dn -- dn is set by class, caches dn in XWiki.user object
for faster access
xwiki.authentication.ldap.fields_mapping=name=sAMAccountName,last_name=s
n,first_name=givenName,fullname=displayName,mail=mail,ldap_dn=dn
#-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl]
#-# on every login update the mapped attributes from LDAP to XWiki
otherwise this happens only once when the XWiki account is created.
xwiki.authentication.ldap.update_user=1
#-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl]
#-# mapps XWiki groups to LDAP groups, separator is "|"
xwiki.authentication.ldap.group_mapping=XWiki.XWikiAdminGroup=cn=WebISte
am,ou=ChatGroups,ou=accounts,dc=mtstravel,dc=com|XWiki.XWikiAllGroup=cn=
WebAllMTS,ou=ChatGroups,ou=accounts,dc=mtstravel,dc=com
#-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl]
#-# time in s after which the list of members in a group is refreshed
from LDAP (default=3600*6)
xwiki.authentication.ldap.groupcache_expiration=21800
#-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl]
#-# - create : synchronize group membership only when the user is first
created
#-# - always: synchronize on every login
xwiki.authentication.ldap.mode_group_sync=always
#-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl]
#-# if ldap authentication fails for any reason, try XWiki DB
authentication with the same credentials
xwiki.authentication.ldap.trylocal=1
#-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl]
#-# SSL connection to LDAP server
#-# 0: normal
#-# 1: SSL
# xwiki.authentication.ldap.ssl=0
#-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl]
#-# The keystore file to use in SSL connection
# xwiki.authentication.ldap.ssl.keystore=
#-# [SINCE 1.5M1, XWikiLDAPAuthServiceImpl]
#-# The java secure provider used in SSL connection
#
xwiki.authentication.ldap.ssl.secure_provider=com.sun.net.ssl.internal.s
sl.Provider