Changes for page User Authentication

Last modified by Thomas Mortagne on 2023/04/28
<
From version < 37.1 >
edited by Thomas Mortagne
on 2010/04/19
To version < 35.1 >
edited by Caleb James DeLisle
on 2010/03/11
>
Change comment: Filled in some values in the authentication parameters chart.

Summary

Details

Page properties
Author
... ... @@ -1,1 +1,1 @@
1 -XWiki.ThomasMortagne
1 +XWiki.CalebJamesDeLisle
Content
... ... @@ -35,72 +35,61 @@
35 35  You can setup the LDAP configuration in the //xwiki.cfg// file by filling the following properties:
36 36  
37 37  {{code language="none"}}
38 -#-# LDAP Server (Active Directory, eDirectory, OpenLDAP, etc.)
39 -xwiki.authentication.ldap.server=127.0.0.1
38 +## LDAP Server (Active Directory, eDirectory, OpenLDAP, etc.)
39 +xwiki.authentication.ldap.server=156.58.101.204
40 40  xwiki.authentication.ldap.port=389
41 41  
42 -#-# LDAP login, empty = anonymous access, otherwise specify full dn
43 -#-# {0} is replaced with the username, {1} with the password
42 +## LDAP login, empty = anonymous access, otherwise specify full dn
43 +## {0} is replaced with the username, {1} with the password
44 44  xwiki.authentication.ldap.bind_DN=cn={0},department=USER,department=INFORMATIK,department=1230,o=MP
45 45  xwiki.authentication.ldap.bind_pass={1}
46 46  
47 -#-# Force to check password after LDAP connection
48 -#-# 0: disable
49 -#-# 1: enable
47 +## Force to check password after LDAP connection
48 +## 0: disable
49 +## 1: enable
50 50  xwiki.authentication.ldap.validate_password=0
51 51  
52 -#-# only members of the following group will be verified in the LDAP
53 -#-# otherwise only users that are found after searching starting from the base_DN
54 -# xwiki.authentication.ldap.user_group=cn=developers,ou=groups,o=MegaNova,c=US
52 +## only members of the following group will be verified in the LDAP
53 +## otherwise only users that are found after searching starting from the base_DN
54 +xwiki.authentication.ldap.user_group=cn=developers,ou=groups,o=MegaNova,c=US
55 55  
56 -#-# only users not member of the following group can autheticate
57 -# xwiki.authentication.ldap.exclude_group=cn=admin,ou=groups,o=MegaNova,c=US
56 +## only users not member of the following group can autheticate
57 +xwiki.authentication.ldap.exclude_group=cn=admin,ou=groups,o=MegaNova,c=US
58 58  
59 -#-# base DN for searches
59 +## base DN for searches
60 60  xwiki.authentication.ldap.base_DN=
61 +department=USER,department=INFORMATIK,department=1230,o=MP
61 61  
62 -#-# Specifies the LDAP attribute containing the identifier to be used as the XWiki name (default=cn)
63 -# xwiki.authentication.ldap.UID_attr=cn
63 +## specifies the LDAP attribute containing the identifier to be used as the XWiki name (default=cn)
64 +xwiki.authentication.ldap.UID_attr=cn
64 64  
65 -#-# Specifies the LDAP attribute containing the password to be used "when xwiki.authentication.ldap.validate_password" is set to 1
66 -# xwiki.authentication.ldap.password_field=userPassword
66 +## retrieve the following fields from LDAP and store them in the XWiki user object (xwiki-attribute=ldap-attribute)
67 +xwiki.authentication.ldap.fields_mapping=last_name=sn,first_name=givenName,fullname=fullName,email=mail
67 67  
68 -#-# The potential LDAP groups classes. Separated by commas.
69 -# xwiki.authentication.ldap.group_classes=group,groupOfNames,groupOfUniqueNames,dynamicGroup,dynamicGroupAux,groupWiseDistributionList
70 -
71 -#-# The potential names of the LDAP groups fields containings the members. Separated by commas.
72 -# xwiki.authentication.ldap.group_memberfields=member,uniqueMember
73 -
74 -#-# retrieve the following fields from LDAP and store them in the XWiki user object (xwiki-attribute=ldap-attribute)
75 -xwiki.authentication.ldap.fields_mapping=last_name=sn,first_name=givenName,email=mail
76 -
77 -#-# on every login update the mapped attributes from LDAP to XWiki otherwise this happens only once when the XWiki account is created.
69 +# on every login update the mapped attributes from LDAP to XWiki otherwise this happens only once when the XWiki account is created.
78 78  xwiki.authentication.ldap.update_user=1
79 79  
80 -#-# mapps XWiki groups to LDAP groups, separator is "|"
81 -# xwiki.authentication.ldap.group_mapping=XWiki.XWikiAdminGroup=cn=AdminRole,ou=groups,o=MegaNova,c=US|\
82 -# XWiki.Organisation=cn=testers,ou=groups,o=MegaNova,c=US
72 +## maps XWiki groups to LDAP groups, separator is "|"
73 +xwiki.authentication.ldap.group_mapping=XWiki.XWikiAdminGroup=cn=AdminRole,ou=groups,o=MegaNova,c=US|\
74 + XWiki.Organisation=cn=testers,ou=groups,o=MegaNova,c=US
83 83  
84 -#-# time in s after which the list of members in a group is refreshed from LDAP (default=3600*6)
85 -# xwiki.authentication.ldap.groupcache_expiration=21800
76 +## time in seconds after which the list of members in a group is refreshed from LDAP (default=3600*6)
77 +xwiki.authentication.ldap.groupcache_expiration=21800
86 86  
87 -#-# - create : synchronize group membership only when the user is first created
88 -#-# - always: synchronize on every login
89 -# xwiki.authentication.ldap.mode_group_sync=always
79 +## - create : synchronize group membership only when the user is first created
80 +## - always: synchronize on every login
81 +xwiki.authentication.ldap.mode_group_sync=always
90 90  
91 -#-# if ldap authentication fails for any reason, try XWiki DB authentication with the same credentials
83 +## if ldap authentication fails for any reason, try XWiki DB authentication with the same credentials
92 92  xwiki.authentication.ldap.trylocal=1
93 93  
94 -#-# SSL connection to LDAP server
95 -#-# 0: normal
96 -#-# 1: SSL
97 -# xwiki.authentication.ldap.ssl=0
86 +## SSL connection to LDAP server
87 +## 0 : normal
88 +## 1 : SSL
89 +xwiki.authentication.ldap.ssl=1
98 98  
99 -#-# The keystore file to use in SSL connection
100 -# xwiki.authentication.ldap.ssl.keystore=
101 -
102 -#-# The java secure provider used in SSL connection
103 -# xwiki.authentication.ldap.ssl.secure_provider=com.sun.net.ssl.internal.ssl.Provider
91 +## The keystore file to use in SSL connection
92 +xwiki.authentication.ldap.ssl.keystore=
104 104  {{/code}}
105 105  
106 106  {{info}}
... ... @@ -112,7 +112,7 @@
112 112  Here are some LDAP client for checking your configuration:
113 113  
114 114  * [[Apache Directory Studio>>http://directory.apache.org/studio/]]
115 -* [[LDAPExplorerTool>>http://ldaptool.sourceforge.net/]]
104 +* [[LDAP Browser/Editor>>http://www-unix.mcs.anl.gov/gawor/ldap/]]
116 116  
117 117  == Detailed use cases ==
118 118  
... ... @@ -172,7 +172,7 @@
172 172  
173 173  Then in a wiki page put some Groovy code that returns a XWikiAuthService object.
174 174  
175 -= Authentication parameters =
164 += Authentication parameters ===
176 176  
177 177  You can set each of these parameters by setting:
178 178  

About

About

Support

Platform

User Guide

Admin Guide

Developer Guide

Projects

XWiki

Extensions

Other

Contribute

Status

Practices

Under the Hood

Get Involved

Get Connected