Change comment:
There is no comment for this version
Summary
-
Page properties (2 modified, 0 added, 0 removed)
Details
- Page properties
-
- Author
-
... ... @@ -1,1 +1,1 @@ 1 -XWiki. CalebJamesDeLisle1 +XWiki.ThomasMortagne - Content
-
... ... @@ -35,61 +35,72 @@ 35 35 You can setup the LDAP configuration in the //xwiki.cfg// file by filling the following properties: 36 36 37 37 {{code language="none"}} 38 -## LDAP Server (Active Directory, eDirectory, OpenLDAP, etc.) 39 -xwiki.authentication.ldap.server=1 56.58.101.20438 +#-# LDAP Server (Active Directory, eDirectory, OpenLDAP, etc.) 39 +xwiki.authentication.ldap.server=127.0.0.1 40 40 xwiki.authentication.ldap.port=389 41 41 42 -## LDAP login, empty = anonymous access, otherwise specify full dn 43 -## {0} is replaced with the username, {1} with the password 42 +#-# LDAP login, empty = anonymous access, otherwise specify full dn 43 +#-# {0} is replaced with the username, {1} with the password 44 44 xwiki.authentication.ldap.bind_DN=cn={0},department=USER,department=INFORMATIK,department=1230,o=MP 45 45 xwiki.authentication.ldap.bind_pass={1} 46 46 47 -## Force to check password after LDAP connection 48 -## 0: disable 49 -## 1: enable 47 +#-# Force to check password after LDAP connection 48 +#-# 0: disable 49 +#-# 1: enable 50 50 xwiki.authentication.ldap.validate_password=0 51 51 52 -## only members of the following group will be verified in the LDAP 53 -## otherwise only users that are found after searching starting from the base_DN 54 -xwiki.authentication.ldap.user_group=cn=developers,ou=groups,o=MegaNova,c=US 52 +#-# only members of the following group will be verified in the LDAP 53 +#-# otherwise only users that are found after searching starting from the base_DN 54 +# xwiki.authentication.ldap.user_group=cn=developers,ou=groups,o=MegaNova,c=US 55 55 56 -## only users not member of the following group can autheticate 57 -xwiki.authentication.ldap.exclude_group=cn=admin,ou=groups,o=MegaNova,c=US 56 +#-# only users not member of the following group can autheticate 57 +# xwiki.authentication.ldap.exclude_group=cn=admin,ou=groups,o=MegaNova,c=US 58 58 59 -## base DN for searches 59 +#-# base DN for searches 60 60 xwiki.authentication.ldap.base_DN= 61 -department=USER,department=INFORMATIK,department=1230,o=MP 62 62 63 -## specifies the LDAP attribute containing the identifier to be used as the XWiki name (default=cn)64 -xwiki.authentication.ldap.UID_attr=cn 62 +#-# Specifies the LDAP attribute containing the identifier to be used as the XWiki name (default=cn) 63 +# xwiki.authentication.ldap.UID_attr=cn 65 65 66 -## retrievethefollowing fields fromLDAP and storethemin theXWiki user object(xwiki-attribute=ldap-attribute)67 -xwiki.authentication.ldap. fields_mapping=last_name=sn,first_name=givenName,fullname=fullName,email=mail65 +#-# Specifies the LDAP attribute containing the password to be used "when xwiki.authentication.ldap.validate_password" is set to 1 66 +# xwiki.authentication.ldap.password_field=userPassword 68 68 69 -# on every login update the mapped attributes from LDAP to XWiki otherwise this happens only once when the XWiki account is created. 68 +#-# The potential LDAP groups classes. Separated by commas. 69 +# xwiki.authentication.ldap.group_classes=group,groupOfNames,groupOfUniqueNames,dynamicGroup,dynamicGroupAux,groupWiseDistributionList 70 + 71 +#-# The potential names of the LDAP groups fields containings the members. Separated by commas. 72 +# xwiki.authentication.ldap.group_memberfields=member,uniqueMember 73 + 74 +#-# retrieve the following fields from LDAP and store them in the XWiki user object (xwiki-attribute=ldap-attribute) 75 +xwiki.authentication.ldap.fields_mapping=last_name=sn,first_name=givenName,email=mail 76 + 77 +#-# on every login update the mapped attributes from LDAP to XWiki otherwise this happens only once when the XWiki account is created. 70 70 xwiki.authentication.ldap.update_user=1 71 71 72 -## maps XWiki groups to LDAP groups, separator is "|" 73 -xwiki.authentication.ldap.group_mapping=XWiki.XWikiAdminGroup=cn=AdminRole,ou=groups,o=MegaNova,c=US|\ 74 - XWiki.Organisation=cn=testers,ou=groups,o=MegaNova,c=US 80 +#-# mapps XWiki groups to LDAP groups, separator is "|" 81 +# xwiki.authentication.ldap.group_mapping=XWiki.XWikiAdminGroup=cn=AdminRole,ou=groups,o=MegaNova,c=US|\ 82 +# XWiki.Organisation=cn=testers,ou=groups,o=MegaNova,c=US 75 75 76 -## time in s econdsafter which the list of members in a group is refreshed from LDAP (default=3600*6)77 -xwiki.authentication.ldap.groupcache_expiration=21800 84 +#-# time in s after which the list of members in a group is refreshed from LDAP (default=3600*6) 85 +# xwiki.authentication.ldap.groupcache_expiration=21800 78 78 79 -## - create : synchronize group membership only when the user is first created 80 -## - always: synchronize on every login 81 -xwiki.authentication.ldap.mode_group_sync=always 87 +#-# - create : synchronize group membership only when the user is first created 88 +#-# - always: synchronize on every login 89 +# xwiki.authentication.ldap.mode_group_sync=always 82 82 83 -## if ldap authentication fails for any reason, try XWiki DB authentication with the same credentials 91 +#-# if ldap authentication fails for any reason, try XWiki DB authentication with the same credentials 84 84 xwiki.authentication.ldap.trylocal=1 85 85 86 -## SSL connection to LDAP server 87 -## 0 88 -## 1 89 -xwiki.authentication.ldap.ssl= 194 +#-# SSL connection to LDAP server 95 +#-# 0: normal 96 +#-# 1: SSL 97 +# xwiki.authentication.ldap.ssl=0 90 90 91 -## The keystore file to use in SSL connection 92 -xwiki.authentication.ldap.ssl.keystore= 99 +#-# The keystore file to use in SSL connection 100 +# xwiki.authentication.ldap.ssl.keystore= 101 + 102 +#-# The java secure provider used in SSL connection 103 +# xwiki.authentication.ldap.ssl.secure_provider=com.sun.net.ssl.internal.ssl.Provider 93 93 {{/code}} 94 94 95 95 {{info}} ... ... @@ -101,7 +101,7 @@ 101 101 Here are some LDAP client for checking your configuration: 102 102 103 103 * [[Apache Directory Studio>>http://directory.apache.org/studio/]] 104 -* [[LDAP Browser/Editor>>http://www-unix.mcs.anl.gov/gawor/ldap/]]115 +* [[LDAPExplorerTool>>http://ldaptool.sourceforge.net/]] 105 105 106 106 == Detailed use cases == 107 107 ... ... @@ -161,7 +161,7 @@ 161 161 162 162 Then in a wiki page put some Groovy code that returns a XWikiAuthService object. 163 163 164 -= Authentication parameters = ==175 += Authentication parameters = 165 165 166 166 You can set each of these parameters by setting: 167 167