Re: [xwiki-users] Help with AD authentication

Wed, 22 Oct 2008 10:22:48 -0700 

Hm,
I'm still getting nothing.  Where are the logs for ldap related issues  
held?

Sam

On Oct 22, 2008, at 9:44 AM, Thomas Mortagne wrote:

> Hi,
>
> On Wed, Oct 22, 2008 at 6:32 PM, Samuel Lee <[EMAIL PROTECTED]>  
> wrote:
>> I can't seem to get my XWiki to recognize my AD usernames.  Can  
>> anyone
>> take a look at my xwiki.cfg to see if I'm doing something wrong?
>>
>> When I try to log into the xwiki, I get a "Wrong User name", and the
>> user i'm using is in the crbs-admin group, which I've mapped to the
>> XWiki.XWikiAdminGroup group.
>>
>> Thanks,
>> Sam
>>
>> #-# new LDAP authentication service^M
>> xwiki
>> .authentication
>> .authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl
>>
>> #-# Turn LDAP authentication on - otherwise only XWiki authentication
>> #-# 0: disable
>> #-# 1: enable^M
>> xwiki.authentication.ldap=1
>>
>> #-# LDAP Server (Active Directory, eDirectory, OpenLDAP, etc.)^M
>> xwiki.authentication.ldap.server=ldap.ad.xxxx.yyy
>> xwiki.authentication.ldap.port=636
>>
>> #-# LDAP login, empty = anonymous access, otherwise specify full dn  
>> ^M
>> #-# {0} is replaced with the username, {1} with the password
>> #
>> xwiki
>> .authentication
>> .ldap
>> .bind_DN
>> =cn={0},department=USER,department=INFORMATIK,department=1230,o=MP^M
>> xwiki.authentication.ldap.bind_DN={0}
>
> This means that the login entered by use will be used to authenticate
> against LDAP/AD server. But enter an uid and not the complete DN.
> You should look at
> http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication#HLDAPConfigurationforActiveDirectory
>
>> xwiki.authentication.ldap.bind_pass={1}
>>
>> #-# Force to check password after LDAP connection
>> #-# 0: disable
>> #-# 1: enable
>> xwiki.authentication.ldap.validate_password=0
>> ^M
>> #-# only members of the following group will be verified in the  
>> LDAP^M
>> # otherwise only users that are found after searching starting from
>> the base_DN^M
>> #
>> xwiki
>> .authentication
>> .ldap.user_group=cn=developers,ou=groups,o=MegaNova,c=US^M
>> ^M
>> #-# base DN for searches^M
>> xwiki.authentication.ldap.base_DN=OU=CRBS,DC=AD,DC=XXXX,DC=YYY
>> ^M
>> #-# Specifies the LDAP attribute containing the identifier to be used
>> as the XWiki name (default=cn)^M
>> xwiki.authentication.ldap.UID_attr=sAMAccountName
>>
>> #-# [SINCE 1.5M1, XWikiLDAPAuthServiceImpl]
>> #-# Specifies the LDAP attribute containing the password to be used
>> "when xwiki.authentication.ldap.validate_password" is set to 1
>> # xwiki.authentication.ldap.password_field=userPassword
>>
>> #-# [SINCE 1.5M1, XWikiLDAPAuthServiceImpl]
>> #-# The potential LDAP groups classes. Separated by commas.
>> #
>> xwiki
>> .authentication
>> .ldap
>> .group_classes
>> =
>> group
>> ,groupOfNames
>> ,groupOfUniqueNames
>> ,dynamicGroup,dynamicGroupAux,groupWiseDistributionList
>>
>> #-# [SINCE 1.5M1, XWikiLDAPAuthServiceImpl]
>> #-# The potential names of the LDAP groups fields containings the
>> members. Separated by commas.
>> # xwiki.authentication.ldap.group_memberfields=member,uniqueMember^M
>> ^M
>> #-# retrieve the following fields from LDAP and store them in the
>> XWiki user object (xwiki-attribute=ldap-attribute)
>> #-# ldap_dn=dn  -- dn is set by class, caches dn in XWiki.user object
>> for faster access^M
>> xwiki
>> .authentication
>> .ldap
>> .fields_mapping
>> =
>> name
>> =
>> sAMAccountName
>> ,last_name
>> =sn,first_name=givenName,fullname=fullName,email=mail,ldap_dn=dn
>> ^M
>> #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl]
>> #-# on every login update the mapped attributes from LDAP to XWiki
>> otherwise this happens only once when the XWiki account is created.^M
>> xwiki.authentication.ldap.update_user=1
>> ^M
>> #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl]
>> #-# mapps XWiki groups to LDAP groups, separator is "|"^M
>> xwiki 
>> .authentication.ldap.group_mapping=XWiki.XWikiAdminGroup=CN=crbs-
>> admin,OU=CRBS,DC=AD,DC=XXXX,DC=YYY|XWiki.XWiki.AllGroup=CN=crbs-
>> users,OU=CRBS,DC=AD,DC=XXXX,DC=YYY
>> #
>> XWiki.Organisation=cn=testers,ou=groups,o=MegaNova,c=US^M
>> ^M
>> #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl]
>> #-# time in s after which the list of members in a group is refreshed
>> from LDAP (default=3600*6)^M
>> # xwiki.authentication.ldap.groupcache_expiration=21800^M
>>
>> #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl]^M
>> #-# - create : synchronize group membership only when the user is
>> first created
>> #-# - always: synchronize on every login^M
>> # xwiki.authentication.ldap.mode_group_sync=always^M
>> ^M
>> #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl]
>> #-# if ldap authentication fails for any reason, try XWiki DB
>> authentication with the same credentials^M
>> xwiki.authentication.ldap.trylocal=1
>>
>> #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl]
>> #-# SSL connection to LDAP server
>> #-# 0: normal
>> #-# 1: SSL
>> # xwiki.authentication.ldap.ssl=0
>>
>> #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl]
>> #-# The keystore file to use in SSL connection
>> # xwiki.authentication.ldap.ssl.keystore=
>>
>> #-# [SINCE 1.5M1, XWikiLDAPAuthServiceImpl]
>> #-# The java secure provider used in SSL connection
>> #
>> xwiki
>> .authentication
>> .ldap.ssl.secure_provider=com.sun.net.ssl.internal.ssl.Provider
>>
>> _______________________________________________
>> users mailing list
>> users@xwiki.org
>> http://lists.xwiki.org/mailman/listinfo/users
>>
>
>
>
> -- 
> Thomas Mortagne
> _______________________________________________
> users mailing list
> users@xwiki.org
> http://lists.xwiki.org/mailman/listinfo/users
>

_______________________________________________
users mailing list
users@xwiki.org
http://lists.xwiki.org/mailman/listinfo/users

Reply via email to