Hi, Sorry for my late reply. I have implemented an improvement to the LDAP Authentication component that comes with XWiki. The code that comes with XWiki does not yet support SSL and has other severe limitations (IMHO). Here is my latest update. I have only tested the component against Novell eDirectory and OpenLDAP and not against AD, but that should not be a problem. My component provides a variety of new features. (as described in more details in my IRA-issue) if so configured: - it will add a user to XWiki that is authenticated against LDAP - user must belong to a group in LDAP to be allowed to login - a user is joined and removed from XWiki groups if he belongs to mapped LDAP groups - Attributes (email, tel, ...) are mapped from LDAP in the XWiki. - fall back to authenticate against the XWiki DB (with a password configured just there) works. Also, I didn't have the chance to verify the code that removes a user from a group based on the user leaving an LDAP group. SSL works fine, if you have the certificate installed correctly with my component. (All the new features can be deactivated in xwiki.cfg) Installation instructions: - unzip under WEB-INF (all the java classes go deep under the "classes" directory. I have also activated logging for this component.) - I have included my heavily commented example of the xwiki.cfg within the zip. (Caution that you don't overwrite your own xwiki.cfg while unpacking) - There is a keytool.exe with the JDK that converts SSL certificates. Afterwards, you can specify the path where the component finds the certificate in the xwiki.cfg for SSL to work. I welcome any feedback, testing and verification. Regards, Gunter P.S.: This example contains one strange piece of code: It tries to create a dummy user in the beginning. In my experiments this call always fails (but actually shouldn't), but afterwards, creating a user with the same call based on LDAP will work. ------------------------------------------------------------------------------- Diese E-Mail enthaelt vertrauliche und/oder rechtlich geschuetzte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtuemlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet. The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. -------------------------------------------------------------------------------