Re: [xwiki-users] Problem with AD authentication in XWiki 1.3
I started discussion below. There is something new in this case. First I have to say that I made mistake when I wrote we tested ver. 1.2 and it works with AD well. Working version was 1.1.2 not 1.2. And also now we have ver. 1.3 working with AD authentication. We don't know what helped, but my colleague who installed it, tried it once more, set all things as before and it works. New user is created in XWikiAllGroup :-) But I noticed problem with editing :-( In wiki mode editing is OK, but when I switch to WYSIWYG mode I'm logged out immediately (I receive Log-in screen). We are working on it, when I will have something new I'll report it. Frantisek *************** Date: Mon, 17 Mar 2008 21:19:18 +0200 From: Mihails Agafonovs <[email protected]> Subject: Re: [xwiki-users] Problem with AD authentication in XWiki 1.3 To: XWiki Users <[email protected]> Message-ID: <[email protected]> Content-Type: text/plain; charset="windows-1257" No, it doesn't. Quoting Thomas Mortagne : On Mon, Mar 17, 2008 at 3:43 PM, Mihails Agafonovs wrote: You can try to specify the base_DN (for me it worked). // base_DN=dc=domain,dc=com You're also using sAMAccountName. What format does it have? name.surname? In our company our sAMAccountName is like name.surname, and it doesn't work with XWiki. So I've changed UID_attr to cn. P.S. I still use version 1.1.2, because it's the only version working properly with AD (user is created in XWikiAllGroup). No other version is working in my case :) The new LDAP authenticator (since 1.3) works perfectly with that and also add group mapping between XWiki and LDAP. Quoting Frantisek Kall : A month ago we tested 1.2 ver. XWiki and there wasn't problem to set up Active Directory authentication. Now we are going to start XWiki for enterprise use and we had a problem to setup AD authentication with 1.3 ver. Can anybody help us? Frantisek Kall
Hi Frantisek, Would you mind sharing the LDAP section of your xwiki.cfg? Because I want to confirm something... In my LDAP/AD configuration, I have to set the -- xwiki.authentication.ldap.user_group -- value to make it work (contrary to what the parameter description says). Thanks! On Mon, Mar 17, 2008 at 5:08 PM, Frantisek Kall <[email protected]> wrote:
I started discussion below. There is something new in this case. First I have to say that I made mistake when I wrote we tested ver. 1.2 and it works with AD well. Working version was 1.1.2 not 1.2.
And also now we have ver. 1.3 working with AD authentication. We don't know what helped, but my colleague who installed it, tried it once more, set all things as before and it works. New user is created in XWikiAllGroup :-)
But I noticed problem with editing :-( In wiki mode editing is OK, but when I switch to WYSIWYG mode I'm logged out immediately (I receive Log-in screen). We are working on it, when I will have something new I'll report it.
Frantisek
*************** Date: Mon, 17 Mar 2008 21:19:18 +0200 From: Mihails Agafonovs <[email protected]> Subject: Re: [xwiki-users] Problem with AD authentication in XWiki 1.3 To: XWiki Users <[email protected]> Message-ID: <[email protected]> Content-Type: text/plain; charset="windows-1257"
No, it doesn't. Quoting Thomas Mortagne : On Mon, Mar 17, 2008 at 3:43 PM, Mihails Agafonovs wrote: You can try to specify the base_DN (for me it worked). // base_DN=dc=domain,dc=com You're also using sAMAccountName. What format does it have? name.surname? In our company our sAMAccountName is like name.surname, and it doesn't work with XWiki. So I've changed UID_attr to cn. P.S. I still use version 1.1.2, because it's the only version working properly with AD (user is created in XWikiAllGroup). No other version is working in my case :) The new LDAP authenticator (since 1.3) works perfectly with that and also add group mapping between XWiki and LDAP. Quoting Frantisek Kall : A month ago we tested 1.2 ver. XWiki and there wasn't problem to set up Active Directory authentication. Now we are going to start XWiki for enterprise use and we had a problem to setup AD authentication with 1.3 ver. Can anybody help us? Frantisek Kall _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users
Hi Benjamin here is our xwiki.cfg file. Superuser hasn't any problem with wysiwyg editing, it's only AD users problem. Frantisek ****************** xwiki.base=../../ xwiki.store.class=com.xpn.xwiki.store.XWikiHibernateStore xwiki.store.hibernate.path=/WEB-INF/hibernate.cfg.xml xwiki.store.hibernate.updateschema=1 xwiki.store.hibernate.custommapping=1 xwiki.store.cache=1 xwiki.store.cache.capacity=100 xwiki.store.migration=1 xwiki.monitor=1 # List of active plugins. xwiki.plugins=\ com.xpn.xwiki.monitor.api.MonitorPlugin,\ com.xpn.xwiki.plugin.calendar.CalendarPlugin,\ com.xpn.xwiki.plugin.feed.FeedPlugin,\ com.xpn.xwiki.plugin.ldap.LDAPPlugin,\ com.xpn.xwiki.plugin.google.GooglePlugin,\ com.xpn.xwiki.plugin.flickr.FlickrPlugin,\ com.xpn.xwiki.plugin.mail.MailPlugin,\ com.xpn.xwiki.plugin.packaging.PackagePlugin,\ com.xpn.xwiki.plugin.query.QueryPlugin,\ com.xpn.xwiki.plugin.svg.SVGPlugin,\ com.xpn.xwiki.plugin.charts.ChartingPlugin,\ com.xpn.xwiki.plugin.fileupload.FileUploadPlugin,\ com.xpn.xwiki.plugin.image.ImagePlugin,\ com.xpn.xwiki.plugin.captcha.CaptchaPlugin,\ com.xpn.xwiki.plugin.userdirectory.UserDirectoryPlugin,\ com.xpn.xwiki.plugin.usertools.XWikiUserManagementToolsImpl,\ com.xpn.xwiki.plugin.zipexplorer.ZipExplorerPlugin,\ com.xpn.xwiki.plugin.autotag.AutoTagPlugin,\ com.xpn.xwiki.plugin.lucene.LucenePlugin,\ com.xpn.xwiki.plugin.diff.DiffPlugin,\ com.xpn.xwiki.plugin.rightsmanager.RightsManagerPlugin,\ com.xpn.xwiki.plugin.jodatime.JodaTimePlugin,\ com.xpn.xwiki.plugin.scheduler.SchedulerPlugin,\ com.xpn.xwiki.plugin.mailsender.MailSenderPlugin,\ com.xpn.xwiki.plugin.watchlist.WatchListPlugin # This parameter allows XWiki to operate in Hosting mode allowing to create # multiple wikis having their own database and responding to different URLs xwiki.virtual=0 xwiki.virtual.redirect=http://127.0.0.1:9080/xwiki/bin/Main/ThisWikiDoesNotExist # This parameter will activate the eXo Platform integration xwiki.exo=0 xwiki.authentication=form xwiki.authentication.validationKey=totototototototototototototototo xwiki.authentication.encryptionKey=titititititititititititititititi xwiki.authentication.cookiedomains=xwiki.com,wiki.fr # Comment if you want to enable logout only for /bin/logout/XWiki/XWikiLogout xwiki.authentication.logoutpage=/[^/]+/logout/* # Stats configuration allows to globally activate/deactivate stats module # It is also possible to choose a different stats service to record # statistics separately from XWiki. # Note: Statistics are disabled by default for improved performances. xwiki.stats=0 xwiki.stats.default=1 xwiki.stats.class=com.xpn.xwiki.stats.impl.XWikiStatsServiceImpl xwiki.encoding=UTF-8 xwiki.backlinks=1 xwiki.tags=1 # Use edit comments xwiki.editcomment=1 # Hide editcomment field and only use Javascript xwiki.editcomment.hidden=0 # Make edit comment mandatory xwiki.editcomment.mandatory=0 # Make edit comment suggested (asks 1 time if the comment is empty. # 1 shows one popup if comment is empty. # 0 means there is no popup. # This setting is ignored if mandatory is set xwiki.editcomment.suggested=0 # GraphViz plugin configuration. The GraphViz plugin is not configured by default. # To enable it, add "com.xpn.xwiki.plugin.graphviz.GraphVizPlugin" to the list of plugins # in the xwiki.plugins property. # Uncomment and set the locations of the Dot and Neato executables #xwiki.plugin.graphviz.dotpath=c:/Program Files/ATT/GraphViz/bin/dot.exe #xwiki.plugin.graphviz.neatopath=c:/Program Files/ATT/GraphViz/bin/neato.exe xwiki.plugin.laszlo.baseurl=/openlaszlo/xwiki/ xwiki.plugin.laszlo.path=c:/Program Files/Apache Software Foundation/Tomcat 5.0/webapps/openlaszlo/xwiki/ xwiki.plugin.image.cache.capacity=30 xwiki.plugin.captcha=0 # Enable to allow superadmin. It is disabled by default as this could be a security breach if # it were set and you forgot about it. xwiki.superadminpassword=system #------------------------------------------------------------------------------------- # LDAP #------------------------------------------------------------------------------------- #-# new LDAP authentication service xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl #-# Turn LDAP authentication on - otherwise only XWiki authentication #-# 0 : disable #-# 1 : enable xwiki.authentication.ldap=1 #-# LDAP Server (Active Directory, eDirectory, OpenLDAP, etc.) xwiki.authentication.ldap.server=10.0.1.2 xwiki.authentication.ldap.port=389 #-# LDAP login, empty = anonymous access, otherwise specify full dn #-# {0} is replaced with the username, {1} with the password xwiki.authentication.ldap.bind_DN=CHEMOSVIT\\{0} xwiki.authentication.ldap.bind_pass={1} #-# only members of the following group will be verified in the LDAP # otherwise only users that are found after searching starting from the base_DN xwiki.authentication.ldap.user_group=cn=XWikiUsers,ou=XWikiGroups,ou=groups,dc=chemosvit,dc=SK #-# base DN for searches xwiki.authentication.ldap.base_DN=dc=chemosvit,dc=sk #-# specifies the LDAP attribute containing the identifier to be used as the XWiki name (default=cn) xwiki.authentication.ldap.UID_attr=sAMAccountName #-# retrieve the following fields from LDAP and store them in the XWiki user object (xwiki-attribute=ldap-attribute) #-# ldap_dn=dn -- dn is set by class, caches dn in XWiki.user object for faster access xwiki.authentication.ldap.fields_mapping=last_name=sn,first_name=givenName,fullname=fullName,email=mail,ldap_dn=dn #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] #-# on every login update the mapped attributes from LDAP to XWiki otherwise this happens only once when the XWiki account is created. xwiki.authentication.ldap.update_user=1 #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] #-# mapps XWiki groups to LDAP groups, separator is "|" xwiki.authentication.ldap.group_mapping=XWiki.XWikiAdminGroup=cn=XWikiAdmin,ou=XWikiGroups,ou=Groups,dc=chemosvit,dc=sk|\ # XWiki.Organisation=cn=testers,ou=groups,o=MegaNova,c=US #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] #-# time in s after which the list of members in a group is refreshed from LDAP (default=3600*6) # xwiki.authentication.ldap.groupcache_expiration=21800 #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] #-# - create : synchronize group membership only when the user is first created #-# - always: synchronize on every login # xwiki.authentication.ldap.mode_group_sync=always #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] #-# if ldap authentication fails for any reason, try XWiki DB authentication with the same credentials xwiki.authentication.ldap.trylocal=0 #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] #-# SSL connection to LDAP server #-# 0 : normal #-# 1 : SSL # xwiki.authentication.ldap.ssl=0 #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] #-# The keystore file to use in SSL connection # xwiki.authentication.ldap.ssl.keystore= #------------------------------------------------------------------------------------- xwiki.authentication.unauthorized_code=200 # This parameter will activate the sectional editing xwiki.section.edit=1 # Uncomment if you want to ignore requests for unmapped actions, and simply display the document # xwiki.unknownActionResponse=view # You can configure the toolbars you wish to see in the WYSIWYG editor by defining the # xwiki.wysiwyg.toolbars property. # When not defined it defaults to: # xwiki.wysiwyg.toolbars=texttoolbar, listtoolbar, indenttoolbar, undotoolbar, titletoolbar, \ # styletoolbar, horizontaltoolbar, attachmenttoolbar, macrostoolbar, \ # tabletoolbar, tablerowtoolbar, tablecoltoolbar, linktoolbar # The full list of toolbars includes the one defined above and the following ones: # subtoolbar, findtoolbar, symboltoolbar xwiki.defaultskin=toucan xwiki.defaultbaseskin=albatross xwiki.temp.dir=/tmp/xwiki # xwiki.work.dir=/usr/local/xwiki # xwiki.plugins.lucene.indexdir=/usr/local/xwiki/lucene # xwiki.plugins.lucene.analyzer=org.apache.lucene.analysis.standard.StandardAnalyzer # xwiki.plugins.lucene.indexinterval=20 xwiki.work.dir=/docudata/xwiki Benjamin Leung-2 wrote:
Hi Frantisek,
Would you mind sharing the LDAP section of your xwiki.cfg? Because I want to confirm something...
In my LDAP/AD configuration, I have to set the -- xwiki.authentication.ldap.user_group -- value to make it work (contrary to what the parameter description says).
Thanks!
On Mon, Mar 17, 2008 at 5:08 PM, Frantisek Kall <[email protected]> wrote:
I started discussion below. There is something new in this case. First I have to say that I made mistake when I wrote we tested ver. 1.2 and it works with AD well. Working version was 1.1.2 not 1.2.
And also now we have ver. 1.3 working with AD authentication. We don't know what helped, but my colleague who installed it, tried it once more, set all things as before and it works. New user is created in XWikiAllGroup :-)
But I noticed problem with editing :-( In wiki mode editing is OK, but when I switch to WYSIWYG mode I'm logged out immediately (I receive Log-in screen). We are working on it, when I will have something new I'll report it.
Frantisek
*************** Date: Mon, 17 Mar 2008 21:19:18 +0200 From: Mihails Agafonovs <[email protected]> Subject: Re: [xwiki-users] Problem with AD authentication in XWiki 1.3 To: XWiki Users <[email protected]> Message-ID: <[email protected]> Content-Type: text/plain; charset="windows-1257"
No, it doesn't. Quoting Thomas Mortagne : On Mon, Mar 17, 2008 at 3:43 PM, Mihails Agafonovs wrote: You can try to specify the base_DN (for me it worked). // base_DN=dc=domain,dc=com You're also using sAMAccountName. What format does it have? name.surname? In our company our sAMAccountName is like name.surname, and it doesn't work with XWiki. So I've changed UID_attr to cn. P.S. I still use version 1.1.2, because it's the only version working properly with AD (user is created in XWikiAllGroup). No other version is working in my case :) The new LDAP authenticator (since 1.3) works perfectly with that and also add group mapping between XWiki and LDAP. Quoting Frantisek Kall : A month ago we tested 1.2 ver. XWiki and there wasn't problem to set up Active Directory authentication. Now we are going to start XWiki for enterprise use and we had a problem to setup AD authentication with 1.3 ver. Can anybody help us? Frantisek Kall _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users
_______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users
-- View this message in context: http://www.nabble.com/Problem-with-AD-authentication-in-XWiki-1.3-tp16089974... Sent from the XWiki- Users mailing list archive at Nabble.com.
Hi! I've managed to login using AD credentials in version 1.3 (group mapping is disabled), but the user is not created in any group. The second problem is, when I enable group mapping, XWiki tries to log in, but without success. I mean the browser is showing it's loading, and never stops. But when I restart tomcat and go to my XWiki page, I'm successfully logged in and even created in XWikiAllGroup (but it's incorrect, because according to mapping I should be created in XWikiAdminGroup)! In group mapping I specify the whole path in AD tree. Here is my LDAP configuration: #------------------------------------------------------------------------------------- # LDAP #------------------------------------------------------------------------------------- #-# new LDAP authentication service xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl #-# Turn LDAP authentication on - otherwise only XWiki authentication #-# 0 : disable #-# 1 : enable xwiki.authentication.ldap=1 #-# LDAP Server (Active Directory, eDirectory, OpenLDAP, etc.) xwiki.authentication.ldap.server=my.domain.com xwiki.authentication.ldap.port=389 #-# LDAP login, empty = anonymous access, otherwise specify full dn #-# {0} is replaced with the username, {1} with the password xwiki.authentication.ldap.bind_DN={0} xwiki.authentication.ldap.bind_pass={1} #-# only members of the following group will be verified in the LDAP # otherwise only users that are found after searching starting from the base_DN # xwiki.authentication.ldap.user_group=cn=developers,ou=groups,o=MegaNova,c=US #-# base DN for searches xwiki.authentication.ldap.base_DN=dc=domain,dc=com #-# specifies the LDAP attribute containing the identifier to be used as the XWiki name (default=cn) xwiki.authentication.ldap.UID_attr=cn #-# retrieve the following fields from LDAP and store them in the XWiki user object (xwiki-attribute=ldap-attribute) #-# ldap_dn=dn -- dn is set by class, caches dn in XWiki.user object for faster access xwiki.authentication.ldap.fields_mapping=last_name=sn,first_name=givenName,fullname=fullName,email=mail,ldap_dn=dn #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] #-# on every login update the mapped attributes from LDAP to XWiki otherwise this happens only once when the XWiki account is created. xwiki.authentication.ldap.update_user=1 #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] #-# mapps XWiki groups to LDAP groups, separator is "|" xwiki.authentication.ldap.group_mapping=XWiki.XWikiAdminGroup=ou=admin-group,ou=Users,ou=Riga,ou=LAT,dc=domain,dc=com| XWiki.XWikiAllGroup=ou=Users,ou=Riga,ou=LAT,dc=domain,dc=com #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] #-# time in s after which the list of members in a group is refreshed from LDAP (default=3600*6) # xwiki.authentication.ldap.groupcache_expiration=21800 #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] #-# - create : synchronize group membership only when the user is first created #-# - always: synchronize on every login xwiki.authentication.ldap.mode_group_sync=always #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] #-# if ldap authentication fails for any reason, try XWiki DB authentication with the same credentials xwiki.authentication.ldap.trylocal=1 #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] #-# SSL connection to LDAP server #-# 0 : normal #-# 1 : SSL # xwiki.authentication.ldap.ssl=0 #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] #-# The keystore file to use in SSL connection # xwiki.authentication.ldap.ssl.keystore= Quoting Frantisek Kall : Hi Benjamin here is our xwiki.cfg file. Superuser hasn't any problem with wysiwyg editing, it's only AD users problem. Frantisek ****************** xwiki.base=../../ xwiki.store.class=com.xpn.xwiki.store.XWikiHibernateStore xwiki.store.hibernate.path=/WEB-INF/hibernate.cfg.xml xwiki.store.hibernate.updateschema=1 xwiki.store.hibernate.custommapping=1 xwiki.store.cache=1 xwiki.store.cache.capacity=100 xwiki.store.migration=1 xwiki.monitor=1 # List of active plugins. xwiki.plugins= com.xpn.xwiki.monitor.api.MonitorPlugin, com.xpn.xwiki.plugin.calendar.CalendarPlugin, com.xpn.xwiki.plugin.feed.FeedPlugin, com.xpn.xwiki.plugin.ldap.LDAPPlugin, com.xpn.xwiki.plugin.google.GooglePlugin, com.xpn.xwiki.plugin.flickr.FlickrPlugin, com.xpn.xwiki.plugin.mail.MailPlugin, com.xpn.xwiki.plugin.packaging.PackagePlugin, com.xpn.xwiki.plugin.query.QueryPlugin, com.xpn.xwiki.plugin.svg.SVGPlugin, com.xpn.xwiki.plugin.charts.ChartingPlugin, com.xpn.xwiki.plugin.fileupload.FileUploadPlugin, com.xpn.xwiki.plugin.image.ImagePlugin, com.xpn.xwiki.plugin.captcha.CaptchaPlugin, com.xpn.xwiki.plugin.userdirectory.UserDirectoryPlugin, com.xpn.xwiki.plugin.usertools.XWikiUserManagementToolsImpl, com.xpn.xwiki.plugin.zipexplorer.ZipExplorerPlugin, com.xpn.xwiki.plugin.autotag.AutoTagPlugin, com.xpn.xwiki.plugin.lucene.LucenePlugin, com.xpn.xwiki.plugin.diff.DiffPlugin, com.xpn.xwiki.plugin.rightsmanager.RightsManagerPlugin, com.xpn.xwiki.plugin.jodatime.JodaTimePlugin, com.xpn.xwiki.plugin.scheduler.SchedulerPlugin, com.xpn.xwiki.plugin.mailsender.MailSenderPlugin, com.xpn.xwiki.plugin.watchlist.WatchListPlugin # This parameter allows XWiki to operate in Hosting mode allowing to create # multiple wikis having their own database and responding to different URLs xwiki.virtual=0 xwiki.virtual.redirect=http://127.0.0.1:9080/xwiki/bin/Main/ThisWikiDoesNotExist # This parameter will activate the eXo Platform integration xwiki.exo=0 xwiki.authentication=form xwiki.authentication.validationKey=totototototototototototototototo xwiki.authentication.encryptionKey=titititititititititititititititi xwiki.authentication.cookiedomains=xwiki.com,wiki.fr # Comment if you want to enable logout only for /bin/logout/XWiki/XWikiLogout xwiki.authentication.logoutpage=/[^/]+/logout/* # Stats configuration allows to globally activate/deactivate stats module # It is also possible to choose a different stats service to record # statistics separately from XWiki. # Note: Statistics are disabled by default for improved performances. xwiki.stats=0 xwiki.stats.default=1 xwiki.stats.class=com.xpn.xwiki.stats.impl.XWikiStatsServiceImpl xwiki.encoding=UTF-8 xwiki.backlinks=1 xwiki.tags=1 # Use edit comments xwiki.editcomment=1 # Hide editcomment field and only use Javascript xwiki.editcomment.hidden=0 # Make edit comment mandatory xwiki.editcomment.mandatory=0 # Make edit comment suggested (asks 1 time if the comment is empty. # 1 shows one popup if comment is empty. # 0 means there is no popup. # This setting is ignored if mandatory is set xwiki.editcomment.suggested=0 # GraphViz plugin configuration. The GraphViz plugin is not configured by default. # To enable it, add "com.xpn.xwiki.plugin.graphviz.GraphVizPlugin" to the list of plugins # in the xwiki.plugins property. # Uncomment and set the locations of the Dot and Neato executables #xwiki.plugin.graphviz.dotpath=c:/Program Files/ATT/GraphViz/bin/dot.exe #xwiki.plugin.graphviz.neatopath=c:/Program Files/ATT/GraphViz/bin/neato.exe xwiki.plugin.laszlo.baseurl=/openlaszlo/xwiki/ xwiki.plugin.laszlo.path=c:/Program Files/Apache Software Foundation/Tomcat 5.0/webapps/openlaszlo/xwiki/ xwiki.plugin.image.cache.capacity=30 xwiki.plugin.captcha=0 # Enable to allow superadmin. It is disabled by default as this could be a security breach if # it were set and you forgot about it. xwiki.superadminpassword=system #------------------------------------------------------------------------------------- # LDAP #------------------------------------------------------------------------------------- #-# new LDAP authentication service xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl #-# Turn LDAP authentication on - otherwise only XWiki authentication #-# 0 : disable #-# 1 : enable xwiki.authentication.ldap=1 #-# LDAP Server (Active Directory, eDirectory, OpenLDAP, etc.) xwiki.authentication.ldap.server=10.0.1.2 xwiki.authentication.ldap.port=389 #-# LDAP login, empty = anonymous access, otherwise specify full dn #-# {0} is replaced with the username, {1} with the password xwiki.authentication.ldap.bind_DN=CHEMOSVIT\{0} xwiki.authentication.ldap.bind_pass={1} #-# only members of the following group will be verified in the LDAP # otherwise only users that are found after searching starting from the base_DN xwiki.authentication.ldap.user_group=cn=XWikiUsers,ou=XWikiGroups,ou=groups,dc=chemosvit,dc=SK #-# base DN for searches xwiki.authentication.ldap.base_DN=dc=chemosvit,dc=sk #-# specifies the LDAP attribute containing the identifier to be used as the XWiki name (default=cn) xwiki.authentication.ldap.UID_attr=sAMAccountName #-# retrieve the following fields from LDAP and store them in the XWiki user object (xwiki-attribute=ldap-attribute) #-# ldap_dn=dn -- dn is set by class, caches dn in XWiki.user object for faster access xwiki.authentication.ldap.fields_mapping=last_name=sn,first_name=givenName,fullname=fullName,email=mail,ldap_dn=dn #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] #-# on every login update the mapped attributes from LDAP to XWiki otherwise this happens only once when the XWiki account is created. xwiki.authentication.ldap.update_user=1 #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] #-# mapps XWiki groups to LDAP groups, separator is "|" xwiki.authentication.ldap.group_mapping=XWiki.XWikiAdminGroup=cn=XWikiAdmin,ou=XWikiGroups,ou=Groups,dc=chemosvit,dc=sk| # XWiki.Organisation=cn=testers,ou=groups,o=MegaNova,c=US #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] #-# time in s after which the list of members in a group is refreshed from LDAP (default=3600*6) # xwiki.authentication.ldap.groupcache_expiration=21800 #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] #-# - create : synchronize group membership only when the user is first created #-# - always: synchronize on every login # xwiki.authentication.ldap.mode_group_sync=always #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] #-# if ldap authentication fails for any reason, try XWiki DB authentication with the same credentials xwiki.authentication.ldap.trylocal=0 #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] #-# SSL connection to LDAP server #-# 0 : normal #-# 1 : SSL # xwiki.authentication.ldap.ssl=0 #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] #-# The keystore file to use in SSL connection # xwiki.authentication.ldap.ssl.keystore= #------------------------------------------------------------------------------------- xwiki.authentication.unauthorized_code=200 # This parameter will activate the sectional editing xwiki.section.edit=1 # Uncomment if you want to ignore requests for unmapped actions, and simply display the document # xwiki.unknownActionResponse=view # You can configure the toolbars you wish to see in the WYSIWYG editor by defining the # xwiki.wysiwyg.toolbars property. # When not defined it defaults to: # xwiki.wysiwyg.toolbars=texttoolbar, listtoolbar, indenttoolbar, undotoolbar, titletoolbar, # styletoolbar, horizontaltoolbar, attachmenttoolbar, macrostoolbar, # tabletoolbar, tablerowtoolbar, tablecoltoolbar, linktoolbar # The full list of toolbars includes the one defined above and the following ones: # subtoolbar, findtoolbar, symboltoolbar xwiki.defaultskin=toucan xwiki.defaultbaseskin=albatross xwiki.temp.dir=/tmp/xwiki # xwiki.work.dir=/usr/local/xwiki # xwiki.plugins.lucene.indexdir=/usr/local/xwiki/lucene # xwiki.plugins.lucene.analyzer=org.apache.lucene.analysis.standard.StandardAnalyzer # xwiki.plugins.lucene.indexinterval=20 xwiki.work.dir=/docudata/xwiki Benjamin Leung-2 wrote: Hi Frantisek, Would you mind sharing the LDAP section of your xwiki.cfg? Because I want to confirm something... In my LDAP/AD configuration, I have to set the -- xwiki.authentication.ldap.user_group -- value to make it work (contrary to what the parameter description says). Thanks! On Mon, Mar 17, 2008 at 5:08 PM, Frantisek Kall wrote: I started discussion below. There is something new in this case. First I have to say that I made mistake when I wrote we tested ver. 1.2 and it works with AD well. Working version was 1.1.2 not 1.2. And also now we have ver. 1.3 working with AD authentication. We don't know what helped, but my colleague who installed it, tried it once more, set all things as before and it works. New user is created in XWikiAllGroup :-) But I noticed problem with editing :-( In wiki mode editing is OK, but when I switch to WYSIWYG mode I'm logged out immediately (I receive Log-in screen). We are working on it, when I will have something new I'll report it. Frantisek *************** Date: Mon, 17 Mar 2008 21:19:18 +0200 From: Mihails Agafonovs Subject: Re: [xwiki-users] Problem with AD authentication in XWiki 1.3 To: XWiki Users Message-ID: Content-Type: text/plain; charset="windows-1257" No, it doesn't. Quoting Thomas Mortagne : On Mon, Mar 17, 2008 at 3:43 PM, Mihails Agafonovs wrote: You can try to specify the base_DN (for me it worked). // base_DN=dc=domain,dc=com You're also using sAMAccountName. What format does it have? name.surname? In our company our sAMAccountName is like name.surname, and it doesn't work with XWiki. So I've changed UID_attr to cn. P.S. I still use version 1.1.2, because it's the only version working properly with AD (user is created in XWikiAllGroup). No other version is working in my case :) The new LDAP authenticator (since 1.3) works perfectly with that and also add group mapping between XWiki and LDAP. Quoting Frantisek Kall : A month ago we tested 1.2 ver. XWiki and there wasn't problem to set up Active Directory authentication. Now we are going to start XWiki for enterprise use and we had a problem to setup AD authentication with 1.3 ver. Can anybody help us? Frantisek Kall _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users -- View this message in context: http://www.nabble.com/Problem-with-AD-authentication-in-XWiki-1.3-tp16089974... Sent from the XWiki- Users mailing list archive at Nabble.com. _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users Ar cieņu, Mihails Links: ------ [1] mailto:[email protected]
participants (3)
-
Benjamin Leung -
Frantisek Kall -
Mihails Agafonovs