Change comment:
There is no comment for this version
Summary
-
Page properties (2 modified, 0 added, 0 removed)
Details
- Page properties
-
- Author
-
... ... @@ -1,1 +1,1 @@ 1 -XWiki.he xC0DE1 +XWiki.ThomasMortagne - Content
-
... ... @@ -91,38 +91,15 @@ 91 91 92 92 #info("You can also setup the LDAP configuration in XWiki.XWikiPreferences page by going to the object editor. Simply replace \"xwiki.authentication.ldap.\" by \"ldap_\". For example <tt>xwiki.authentication.ldap.base_DN</tt> become <tt>ldap_base_DN</tt>") 93 93 94 -1.1.1 LDAP Configuration for Active Directory 95 - 96 -Here are values of the properties you need to set if your LDAP server implementation is Miscrosoft Active Directory: 97 - - *ldap_server*: name/IP of AD server machine 98 - - *ldap_port*: port ~~(e.g. 389)~~ 99 - - *ldap_base_DN*: name of root DN ~~(e.g. dc=ad,dc=company,dc=com)~~ 100 - - *ldap_bind_DN*: domain\{0\} ~~(e.g. ad\{0\} where \{0\} will be replaced by username during validation)~~ 101 - - *ldap_bind_pass*: \{1\} ~~(where \{1\} will be replaced by password during validation)~~ 102 - - *ldap_UID_attr*: sAMAccountName 103 - - *ldap_fields_mapping*: name=sAMAccountName,last_name=sn,first_name=givenName,fullname=displayName,email=mail,ldap_dn=dn 104 - 105 -Example: 106 -{code} 107 -xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl 108 -xwiki.authentication.ldap=1 109 -xwiki.authentication.ldap.server=adserver 110 -xwiki.authentication.ldap.port=389 111 -xwiki.authentication.ldap.base_DN=dc=subdomain,dc=domain,dc=suffix 112 -xwiki.authentication.ldap.bind_DN=subdomain\\{0} 113 -xwiki.authentication.ldap.bind_pass={1} 114 -xwiki.authentication.ldap.UID_attr=sAMAccountName 115 -xwiki.authentication.ldap.fields_mapping=name=sAMAccountName,last_name=sn,first_name=givenName,fullname=displayName,email=mail,ldap_dn=dn 116 -{code} 117 - 118 118 The bind_DN and bind_pass fields contain the username and password for binding to the LDAP server in order to search, which will not necessarily be the same credentials as the user logging in. 119 119 120 - 121 121 The exact details of this configuration will vary based on your server configuration. It may not be necessary to prefix the username (represented by {0}) with the subdomain. 122 122 123 123 For testing purposes, you may wish to omit the "ldap.fields_mapping" field, to test the authentication first, and then add it later to get the mappings right. 124 124 125 -This java client, [LDAP Browser/Editor > http://www-unix.mcs.anl.gov/~gawor/ldap/] is a handy tool for checking your configuration. 100 +Here are some LDAP client for checking your configuration: 101 +* This java client, [LDAP Browser/Editor > http://www-unix.mcs.anl.gov/~gawor/ldap/] is a handy tool for checking your configuration. 102 +* [Apache Directory Studio>http://directory.apache.org/studio/] 126 126 127 127 1.1.1 Detailed use cases 128 128
