9 Aug
2007
9 Aug
'07
3:37 p.m.
Is the example AD configuration in the Wiki the right way to do things?
My understanding is that the bind_DN and bind_pass are for setting the
username and password XWiki will use to connect to the LDAP server in
order to do a search, then the UID_attr field is searched for the
username entered on the form.
If that is correct then the bind_dn and bind_pass should either be
hardcoded to a special AD user with restricted privileges, or left blank
to bind anonymously. (I see no mention of anonymous binding?)
For the first of these XWiki connects to AD ok but then seems to
'authenticate OK' whatever username/password I enter on the form even if
the user does not exist in AD at all. Is this a bug?
I can't seem to get anonymous binding to work - if I leave bind_dn and
bind_pass empty or comment out the entries entirely I always get the
'LDAP Bind failed with Exception Invalid Credentials' error message. My
LDAP server does allow anonymous binding - I've tested this in LDAP Browser.
Cheers
Neil
10 Aug
10 Aug
1:23 a.m.
New subject: [xwiki-users] Authenticating to AD/LDAP
I set this up at work, and if recall correctly, I let the bind_DN be
that of the authenticating user logging into XWiki, and likewise for
their password. Effectively,binding to ActiveDirectory as the user
attempting to authenticate to XWiki.
Regards,
Brian.
Neil Sedger wrote:
Is the example AD configuration in the Wiki the right
way to do things?
My understanding is that the bind_DN and bind_pass are for setting the
username and password XWiki will use to connect to the LDAP server in
order to do a search, then the UID_attr field is searched for the
username entered on the form.
If that is correct then the bind_dn and bind_pass should either be
hardcoded to a special AD user with restricted privileges, or left
blank to bind anonymously. (I see no mention of anonymous binding?)
For the first of these XWiki connects to AD ok but then seems to
'authenticate OK' whatever username/password I enter on the form even
if the user does not exist in AD at all. Is this a bug?
I can't seem to get anonymous binding to work - if I leave bind_dn and
bind_pass empty or comment out the entries entirely I always get the
'LDAP Bind failed with Exception Invalid Credentials' error message.
My LDAP server does allow anonymous binding - I've tested this in LDAP
Browser.
Cheers
Neil
------------------------------------------------------------------------
--
You receive this message as a subscriber of the xwiki-users(a)objectweb.org mailing list.
To unsubscribe: mailto:xwiki-users-unsubscribe@objectweb.org
For general help: mailto:sympa@objectweb.org?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws
9:49 a.m.
New subject: [xwiki-users] Authenticating to AD/LDAP
Effectively,binding to ActiveDirectory as the user
attempting to authenticate to XWiki.
Yes, I've seen the same here.
But is this the way it is supposed to work?
The documentation at:
http://www.xwiki.org/xwiki/bin/view/AdminGuide/Authentication#HLDAPConfigur…
says:
'The bind_DN and bind_pass fields contain the username and password for
binding to the LDAP server in order to search, which will not
necessarily be the same credentials as the user logging in.'
But the example given does not use it in this way, contradicting those
words below it.
I'm happy to fix whichever bit of that documentation is wrong, or raise
a bug report if people believe it should work as quoted above and
currently doesn't?
Brian, have you tried the other way? For me it 'auth OK's everything but
I could well have misconfigured the UID_attr or fields_mapping. Or there
could be something funny with the setup of the AD server I'm using.
Cheers
Neil
Brian J. Sayatovic wrote:
I set this up at work, and if recall correctly, I let
the bind_DN be
that of the authenticating user logging into XWiki, and likewise for
their password. Effectively,binding to ActiveDirectory as the user
attempting to authenticate to XWiki.
Regards,
Brian.
Neil Sedger wrote:
Is the example AD configuration in the Wiki the
right way to do things?
My understanding is that the bind_DN and bind_pass are for setting the
username and password XWiki will use to connect to the LDAP server in
order to do a search, then the UID_attr field is searched for the
username entered on the form.
If that is correct then the bind_dn and bind_pass should either be
hardcoded to a special AD user with restricted privileges, or left
blank to bind anonymously. (I see no mention of anonymous binding?)
For the first of these XWiki connects to AD ok but then seems to
'authenticate OK' whatever username/password I enter on the form even
if the user does not exist in AD at all. Is this a bug?
I can't seem to get anonymous binding to work - if I leave bind_dn and
bind_pass empty or comment out the entries entirely I always get the
'LDAP Bind failed with Exception Invalid Credentials' error message.
My LDAP server does allow anonymous binding - I've tested this in LDAP
Browser.
Cheers
Neil
------------------------------------------------------------------------
--
You receive this message as a subscriber of the xwiki-users(a)objectweb.org mailing list.
To unsubscribe: mailto:xwiki-users-unsubscribe@objectweb.org
For general help: mailto:sympa@objectweb.org?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws
12:15 p.m.
New subject: [xwiki-users] Authenticating to AD/LDAP
To confirm (now that I am at work), here's my settings:
xwiki.authentication.ldap=1
xwiki.authentication.ldap.server=myadserver.myhost.com
xwiki.authentication.ldap.check_level=1
xwiki.authentication.ldap.port=389
xwiki.authentication.ldap.base_DN=dc=myntdomain,dc=mlan
xwiki.authentication.ldap.bind_DN=cn={0},cn=Users,dc=,myntdomain,dc=mlan
xwiki.authentication.ldap.bind_pass={1}
xwiki.authentication.ldap.UID_attr=sAMAccountName # Used to be "cn"
xwiki.authentication.ldap.fields_mapping=name=cn,last_name=sn,first_name=givenName,fullname=displayName,mail=cn,ldap_dn=dn
Regards,
Brian.
Neil Sedger
<xwiki-users@mole
y.org.uk> To
xwiki-users(a)objectweb.org
08/09/2007 11:37 cc
AM
Subject
[xwiki-users] Authenticating to
Please respond to AD/LDAP
xwiki-users@objec
tweb.org
Is the example AD configuration in the Wiki the right way to do things?
My understanding is that the bind_DN and bind_pass are for setting the
username and password XWiki will use to connect to the LDAP server in
order to do a search, then the UID_attr field is searched for the
username entered on the form.
If that is correct then the bind_dn and bind_pass should either be
hardcoded to a special AD user with restricted privileges, or left blank
to bind anonymously. (I see no mention of anonymous binding?)
For the first of these XWiki connects to AD ok but then seems to
'authenticate OK' whatever username/password I enter on the form even if
the user does not exist in AD at all. Is this a bug?
I can't seem to get anonymous binding to work - if I leave bind_dn and
bind_pass empty or comment out the entries entirely I always get the
'LDAP Bind failed with Exception Invalid Credentials' error message. My
LDAP server does allow anonymous binding - I've tested this in LDAP
Browser.
Cheers
Neil
--
You receive this message as a subscriber of the xwiki-users(a)objectweb.org
mailing list.
To unsubscribe: mailto:xwiki-users-unsubscribe@objectweb.org
For general help: mailto:sympa@objectweb.org?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws
-----------------------------------------
CONFIDENTIALITY STATEMENT:
This e-mail transmission contains information that is intended to
be confidential. It is intended only for the addressee named
above. If you receive this e-mail in error, please do not read,
copy, or disseminate it. If you are not the intended recipient,
any disclosure, copying, distribution or use of the contents of
this information is prohibited. Please reply to the message
immediately by informing the sender that the message was
misdirected. After replying, please erase it from your computer
system. Your assistance in correcting this error is appreciated.
6443
days inactive
6444
days old
3 comments
3 participants
participants (3)
-
Brian J. Sayatovic -
BSayatovic@amig.com -
Neil Sedger