Hi,
On Thu, Nov 20, 2008 at 1:04 PM, Robert Munro <[EMAIL PROTECTED]> wrote:
> Hi ,
>
> I am trying to authenticate against our LDAP but the password field doesnt
> seem to be readable, when i change the password field to cn it seem to be
> fine - is there anything that has to be done to allow xwiki to read hidden
> attributes? the password field should just be the standard "userPassword",
> and it works with other systems.
>
> my LDAP config is :-
> #-# new LDAP authentication service
>
> xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl
>
>
> #-# Turn LDAP authentication on - otherwise only XWiki authentication
> #-# 0: disable
> #-# 1: enable
> xwiki.authentication.ldap=1
>
> #-# LDAP Server (Active Directory, eDirectory, OpenLDAP, etc.)
> xwiki.authentication.ldap.server=<HOSTNAME>
> xwiki.authentication.ldap.port=389
>
> #-# LDAP login, empty = anonymous access, otherwise specify full dn
> #-# {0} is replaced with the username, {1} with the password
> xwiki.authentication.ldap.bind_DN=CN=<ADMINUSER>,CN=AdminUsers,O=CapitaGroup
>
> xwiki.authentication.ldap.bind_pass=<ADMINPASSWD>
>
> #-# Force to check password after LDAP connection
> #-# 0: disable
> #-# 1: enable
> xwiki.authentication.ldap.validate_password=1
This option is here only if you want to field for password that is not
the one used by your LDAP server.
With validate_password=0, if the use dn used to connect to LDAP server
is not the same than DN of the user trying to connect, the LDAP
authenticator validate the user password with a bind and not by
looking directly in the field.
I need to improve the xwiki.cfg comment.
>
> #-# only members of the following group will be verified in the LDAP
> #-# otherwise only users that are found after searching starting from the
> base_DN
> #
> xwiki.authentication.ldap.user_group=cn=developers,ou=groups,o=MegaNova,c=US
>
>
> #-# [Since 1.5RC1, XWikiLDAPAuthServiceImpl]
> #-# only users not member of the following group can autheticate
> # xwiki.authentication.ldap.exclude_group=cn=admin,ou=groups,o=MegaNova,c=US
>
>
> #-# base DN for searches
> xwiki.authentication.ldap.base_DN=O=CapitaGroup
>
>
> #-# Specifies the LDAP attribute containing the identifier to be used as the
> XWiki name (default=cn)
> xwiki.authentication.ldap.UID_attr=cn
> #xwiki.authentication.ldap.UID_attr=sAMAccountName
>
> #-# [Since 1.5M1, XWikiLDAPAuthServiceImpl]
> #-# Specifies the LDAP attribute containing the password to be used "when
> xwiki.authentication.ldap.validate_password" is set to 1
> #xwiki.authentication.ldap.password_field=userPassword
> xwiki.authentication.ldap.password_field=cn
>
> #-# [Since 1.5M1, XWikiLDAPAuthServiceImpl]
> #-# The potential LDAP groups classes. Separated by commas.
> #
> xwiki.authentication.ldap.group_classes=group,groupOfNames,groupOfUniqueNames,dynamicGroup,dynamicGroupAux,groupWiseDistributionList
>
>
> #-# [Since 1.5M1, XWikiLDAPAuthServiceImpl]
> #-# The potential names of the LDAP groups fields containings the members.
> Separated by commas.
> # xwiki.authentication.ldap.group_memberfields=member,uniqueMember
>
> #-# retrieve the following fields from LDAP and store them in the XWiki user
> object (xwiki-attribute=ldap-attribute)
> #-# ldap_dn=dn -- dn is set by class, caches dn in XWiki.user object for
> faster access
> xwiki.authentication.ldap.fields_mapping=last_name=sn,first_name=givenName,email=mail,ldap_dn=dn
>
>
> #-# [Since 1.3M2, XWikiLDAPAuthServiceImpl]
> #-# on every login update the mapped attributes from LDAP to XWiki otherwise
> this happens only once when the XWiki account is created.
> xwiki.authentication.ldap.update_user=1
>
> #-# [Since 1.3M2, XWikiLDAPAuthServiceImpl]
> #-# mapps XWiki groups to LDAP groups, separator is "|"
> # xwiki.authentication.ldap.group_mapping=
> XWiki.XWikiAllGroup=CN=MiisRoles,O=CapitaGroup|\
> XWiki.sapadmin=
> CN=Y_BC_XW_SAPADMIN,CN=MiisRoles,O=CapitaGroup|\
>
> XWiki.portal_developer=CN=Y_BC_XW_EP_DEVELOPER,CN=MiisRoles,O=CapitaGroup|\
>
> XWiki.team_leader=CN=Y_BC_XW_TEAM_LEADER,CN=MiisRoles,O=CapitaGroup
>
> #-# [Since 1.3M2, XWikiLDAPAuthServiceImpl]
> #-# time in s after which the list of members in a group is refreshed from
> LDAP (default=3600*6)
> # xwiki.authentication.ldap.groupcache_expiration=21800
>
> #-# [Since 1.3M2, XWikiLDAPAuthServiceImpl]
> #-# - create : synchronize group membership only when the user is first
> created
> #-# - always: synchronize on every login
> # xwiki.authentication.ldap.mode_group_sync=always
>
> #-# [Since 1.3M2, XWikiLDAPAuthServiceImpl]
> #-# if ldap authentication fails for any reason, try XWiki DB authentication
> with the same credentials
> xwiki.authentication.ldap.trylocal=1
>
> #-# [Since 1.3M2, XWikiLDAPAuthServiceImpl]
> #-# SSL connection to LDAP server
> #-# 0: normal
> #-# 1: SSL
> # xwiki.authentication.ldap.ssl=0
>
> #-# [Since 1.3M2, XWikiLDAPAuthServiceImpl]
> #-# The keystore file to use in SSL connection
> # xwiki.authentication.ldap.ssl.keystore=
>
> #-# [Since 1.5M1, XWikiLDAPAuthServiceImpl]
> #-# The java secure provider used in SSL connection
> #
> xwiki.authentication.ldap.ssl.secure_provider=com.sun.net.ssl.internal.ssl.Provider
> _______________________________________________
> users mailing list
> [email protected]
> http://lists.xwiki.org/mailman/listinfo/users
>
--
Thomas Mortagne
_______________________________________________
users mailing list
[email protected]
http://lists.xwiki.org/mailman/listinfo/users
