Hi, On Mon, Mar 31, 2008 at 1:36 PM, David Delbecq <[EMAIL PROTECTED]> wrote: > Hello, > > am trying to get xwiki to work on an ldap. I configured xwiki.cfg as below: > I tried with & without authclass line, with and without keystore > parameter, but everytime xwiki is attempting to disscuss in plain text > with ldap server instead of starting a ssl handshake (i can see the > xwiki request in network dumps). The ldaps server does not recognize > that as a ssl handshake and drops connection? I have set > authentification.ldap.ssl=1, which should be suffisant for using ssl, > isn't it? Am i missing something in the configuration for ssl? Is the > ssl support not yet implemented in 1.3 release?
SSL is implemented and should works but has not been tested a lot (we don't have ssl based integration tests yet). Could you set log4j level to "debug" (see http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Logging) and see if the log contains "Connecting to LDAP using SSL" message ? > > Thanks > > Configuration file: > > #-# new LDAP authentication service > > xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl > > > > > #-# Turn LDAP authentication on - otherwise only XWiki authentication > #-# 0 : disable > #-# 1 : enable > xwiki.authentication.ldap=1 > > #-# LDAP Server (Active Directory, eDirectory, OpenLDAP, etc.) > xwiki.authentication.ldap.server=ldap.oma.be > xwiki.authentication.ldap.port=636 > > #-# LDAP login, empty = anonymous access, otherwise specify full dn > #-# {0} is replaced with the username, {1} with the password > xwiki.authentication.ldap.bind_DN=uid={0},ou=People,dc=oma,dc=be > xwiki.authentication.ldap.bind_pass={1} > > #-# only members of the following group will be verified in the LDAP > # otherwise only users that are found after searching starting from the > base_DN > #xwiki.authentication.ldap.user_group=cn=developers,ou=groups,dc=oma,dc=be > > #-# base DN for searches > xwiki.authentication.ldap.base_DN=ou=People,dc=oma,dc=be > > #-# specifies the LDAP attribute containing the identifier to be used as > the XWiki name (default=cn) > xwiki.authentication.ldap.UID_attr=uid > > #-# retrieve the following fields from LDAP and store them in the XWiki > user object (xwiki-attribute=ldap-attribute) > #-# ldap_dn=dn -- dn is set by class, caches dn in XWiki.user object > for faster access > > xwiki.authentication.ldap.fields_mapping=name=cn,last_name=sn,first_name=givenName,fullname=cn,email=mail > > > > > #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] > #-# on every login update the mapped attributes from LDAP to XWiki > otherwise this happens only once when the XWiki account is created. > xwiki.authentication.ldap.update_user=1 > > #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] > #-# mapps XWiki groups to LDAP groups, separator is "|" > > xwiki.authentication.ldap.group_mapping=XWiki.XWikiAdminGroup=cn=meslideadmin,ou=Group,dc=oma,dc=be > > > > > #xwiki.authentication.ldap.group_mapping=XWiki.XWikiAdminGroup=cn=meslideadmin,ou=Group,dc=oma,dc=be|\ > # > XWiki.Organisation=cn=testers,ou=groups,o=MegaNova,c=US > > #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] > #-# time in s after which the list of members in a group is refreshed > from LDAP (default=3600*6) > #Every 10 minutes > xwiki.authentication.ldap.groupcache_expiration=600 > > #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] > #-# - create : synchronize group membership only when the user is first > created > #-# - always: synchronize on every login > xwiki.authentication.ldap.mode_group_sync=always > > #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] > #-# if ldap authentication fails for any reason, try XWiki DB > authentication with the same credentials > # xwiki.authentication.ldap.trylocal=1 > > #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] > #-# SSL connection to LDAP server > #-# 0 : normal > #-# 1 : SSL > xwiki.authentication.ldap.ssl=1 > > #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] > #-# The keystore file to use in SSL connection > xwiki.authentication.ldap.ssl.keystore=/tmp/jssecacerts > > > _______________________________________________ > users mailing list > [email protected] > http://lists.xwiki.org/mailman/listinfo/users > -- Thomas Mortagne _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users
