Changes for page User Authentication

Last modified by Thomas Mortagne on 2023/04/28
<
From version < 35.1 >
edited by Caleb James DeLisle
on 2010/03/11
To version < 37.1 >
edited by Thomas Mortagne
on 2010/04/19
>
Change comment: There is no comment for this version

Summary

Details

Page properties
Author
... ... @@ -1,1 +1,1 @@
1 -XWiki.CalebJamesDeLisle
1 +XWiki.ThomasMortagne
Content
... ... @@ -35,61 +35,72 @@
35 35  You can setup the LDAP configuration in the //xwiki.cfg// file by filling the following properties:
36 36  
37 37  {{code language="none"}}
38 -## LDAP Server (Active Directory, eDirectory, OpenLDAP, etc.)
39 -xwiki.authentication.ldap.server=156.58.101.204
38 +#-# LDAP Server (Active Directory, eDirectory, OpenLDAP, etc.)
39 +xwiki.authentication.ldap.server=127.0.0.1
40 40  xwiki.authentication.ldap.port=389
41 41  
42 -## LDAP login, empty = anonymous access, otherwise specify full dn
43 -## {0} is replaced with the username, {1} with the password
42 +#-# LDAP login, empty = anonymous access, otherwise specify full dn
43 +#-# {0} is replaced with the username, {1} with the password
44 44  xwiki.authentication.ldap.bind_DN=cn={0},department=USER,department=INFORMATIK,department=1230,o=MP
45 45  xwiki.authentication.ldap.bind_pass={1}
46 46  
47 -## Force to check password after LDAP connection
48 -## 0: disable
49 -## 1: enable
47 +#-# Force to check password after LDAP connection
48 +#-# 0: disable
49 +#-# 1: enable
50 50  xwiki.authentication.ldap.validate_password=0
51 51  
52 -## only members of the following group will be verified in the LDAP
53 -## otherwise only users that are found after searching starting from the base_DN
54 -xwiki.authentication.ldap.user_group=cn=developers,ou=groups,o=MegaNova,c=US
52 +#-# only members of the following group will be verified in the LDAP
53 +#-# otherwise only users that are found after searching starting from the base_DN
54 +# xwiki.authentication.ldap.user_group=cn=developers,ou=groups,o=MegaNova,c=US
55 55  
56 -## only users not member of the following group can autheticate
57 -xwiki.authentication.ldap.exclude_group=cn=admin,ou=groups,o=MegaNova,c=US
56 +#-# only users not member of the following group can autheticate
57 +# xwiki.authentication.ldap.exclude_group=cn=admin,ou=groups,o=MegaNova,c=US
58 58  
59 -## base DN for searches
59 +#-# base DN for searches
60 60  xwiki.authentication.ldap.base_DN=
61 -department=USER,department=INFORMATIK,department=1230,o=MP
62 62  
63 -## specifies the LDAP attribute containing the identifier to be used as the XWiki name (default=cn)
64 -xwiki.authentication.ldap.UID_attr=cn
62 +#-# Specifies the LDAP attribute containing the identifier to be used as the XWiki name (default=cn)
63 +# xwiki.authentication.ldap.UID_attr=cn
65 65  
66 -## retrieve the following fields from LDAP and store them in the XWiki user object (xwiki-attribute=ldap-attribute)
67 -xwiki.authentication.ldap.fields_mapping=last_name=sn,first_name=givenName,fullname=fullName,email=mail
65 +#-# Specifies the LDAP attribute containing the password to be used "when xwiki.authentication.ldap.validate_password" is set to 1
66 +# xwiki.authentication.ldap.password_field=userPassword
68 68  
69 -# on every login update the mapped attributes from LDAP to XWiki otherwise this happens only once when the XWiki account is created.
68 +#-# The potential LDAP groups classes. Separated by commas.
69 +# xwiki.authentication.ldap.group_classes=group,groupOfNames,groupOfUniqueNames,dynamicGroup,dynamicGroupAux,groupWiseDistributionList
70 +
71 +#-# The potential names of the LDAP groups fields containings the members. Separated by commas.
72 +# xwiki.authentication.ldap.group_memberfields=member,uniqueMember
73 +
74 +#-# retrieve the following fields from LDAP and store them in the XWiki user object (xwiki-attribute=ldap-attribute)
75 +xwiki.authentication.ldap.fields_mapping=last_name=sn,first_name=givenName,email=mail
76 +
77 +#-# on every login update the mapped attributes from LDAP to XWiki otherwise this happens only once when the XWiki account is created.
70 70  xwiki.authentication.ldap.update_user=1
71 71  
72 -## maps XWiki groups to LDAP groups, separator is "|"
73 -xwiki.authentication.ldap.group_mapping=XWiki.XWikiAdminGroup=cn=AdminRole,ou=groups,o=MegaNova,c=US|\
74 - XWiki.Organisation=cn=testers,ou=groups,o=MegaNova,c=US
80 +#-# mapps XWiki groups to LDAP groups, separator is "|"
81 +# xwiki.authentication.ldap.group_mapping=XWiki.XWikiAdminGroup=cn=AdminRole,ou=groups,o=MegaNova,c=US|\
82 +# XWiki.Organisation=cn=testers,ou=groups,o=MegaNova,c=US
75 75  
76 -## time in seconds after which the list of members in a group is refreshed from LDAP (default=3600*6)
77 -xwiki.authentication.ldap.groupcache_expiration=21800
84 +#-# time in s after which the list of members in a group is refreshed from LDAP (default=3600*6)
85 +# xwiki.authentication.ldap.groupcache_expiration=21800
78 78  
79 -## - create : synchronize group membership only when the user is first created
80 -## - always: synchronize on every login
81 -xwiki.authentication.ldap.mode_group_sync=always
87 +#-# - create : synchronize group membership only when the user is first created
88 +#-# - always: synchronize on every login
89 +# xwiki.authentication.ldap.mode_group_sync=always
82 82  
83 -## if ldap authentication fails for any reason, try XWiki DB authentication with the same credentials
91 +#-# if ldap authentication fails for any reason, try XWiki DB authentication with the same credentials
84 84  xwiki.authentication.ldap.trylocal=1
85 85  
86 -## SSL connection to LDAP server
87 -## 0 : normal
88 -## 1 : SSL
89 -xwiki.authentication.ldap.ssl=1
94 +#-# SSL connection to LDAP server
95 +#-# 0: normal
96 +#-# 1: SSL
97 +# xwiki.authentication.ldap.ssl=0
90 90  
91 -## The keystore file to use in SSL connection
92 -xwiki.authentication.ldap.ssl.keystore=
99 +#-# The keystore file to use in SSL connection
100 +# xwiki.authentication.ldap.ssl.keystore=
101 +
102 +#-# The java secure provider used in SSL connection
103 +# xwiki.authentication.ldap.ssl.secure_provider=com.sun.net.ssl.internal.ssl.Provider
93 93  {{/code}}
94 94  
95 95  {{info}}
... ... @@ -101,7 +101,7 @@
101 101  Here are some LDAP client for checking your configuration:
102 102  
103 103  * [[Apache Directory Studio>>http://directory.apache.org/studio/]]
104 -* [[LDAP Browser/Editor>>http://www-unix.mcs.anl.gov/gawor/ldap/]]
115 +* [[LDAPExplorerTool>>http://ldaptool.sourceforge.net/]]
105 105  
106 106  == Detailed use cases ==
107 107  
... ... @@ -161,7 +161,7 @@
161 161  
162 162  Then in a wiki page put some Groovy code that returns a XWikiAuthService object.
163 163  
164 -= Authentication parameters ===
175 += Authentication parameters =
165 165  
166 166  You can set each of these parameters by setting:
167 167  

About

About

Support

Platform

User Guide

Admin Guide

Developer Guide

Projects

XWiki

Extensions

Other

Contribute

Status

Practices

Under the Hood

Get Involved

Get Connected