Changes for page User Authentication

Last modified by Clemens Robbenhaar on 2023/02/07
<
From version < 5.1 >
edited by rssh
on 2008/02/11
To version < 6.1 >
edited by Thomas Mortagne
on 2008/02/19
>
Change comment: There is no comment for this version

Summary

Details

Page properties
Author
... ... @@ -1,1 +1,1 @@
1 -XWiki.rssh
1 +XWiki.ThomasMortagne
Content
... ... @@ -12,6 +12,7 @@
12 12  TODO
13 13  
14 14  1.1 LDAP Authentication
15 +#warning("New experimental service since XWiki Platform 1.3M2, see [previous LDAP authentication service documentation>AuthenticationLdapOld]")
15 15  
16 16  1.1.1 Generic LDAP configuration
17 17  
... ... @@ -21,36 +21,61 @@
21 21  {code}
22 22  
23 23  You can setup the LDAP configuration in the ~~xwiki.cfg~~ file by filling the following properties:
24 -* xwiki.authentication.ldap.server
25 -** LDAP server, either an IP address or a host name. For example: localhost
26 -* xwiki.authentication.ldap.port
27 -** LDAP server port number. Typical value is 389.
28 -* xwiki.authentication.ldap.check_level
29 -** The default value is <tt>2</tt> if this property is not defined. Here are the possible values
30 -*** checklevel 0: LDAP connection login to LDAP is sufficient
31 -*** checklevel 1: Login & username located, attributes loaded
32 -*** checklevel 2: Compare password for user (e.g. necessary if the LDAP bind didn't use the user's credentials)
33 -* xwiki.authentication.ldap.base_DN
34 -* xwiki.authentication.ldap.bind_DN
35 -* xwiki.authentication.ldap.bind_pass
36 -* xwiki.authentication.ldap.UID_attr
37 -* xwiki.authentication.ldap.fields_mapping
38 38  
39 -Example:
26 +{code:none}
27 +## new LDAP authentication service
28 +xwiki.authentication.authclass=com.xpn.xwiki.ldap.authentication.XWikiLDAPAuthServiceImpl
40 40  
41 -{code}
30 +
31 +## Turn LDAP authentication on - otherwise only XWiki authentication
32 +## 0 : disable
33 +## 1 : enable
42 42  xwiki.authentication.ldap=1
43 -xwiki.authentication.ldap.authclass=com.xpn.xwiki.user.impl.LDAP.LDAPAuthServiceImpl
44 -xwiki.authentication.ldap.server=dsmaster
45 -xwiki.authentication.ldap.check_level=1
35 +
36 +## LDAP Server (Active Directory, eDirectory, OpenLDAP, etc.)
37 +xwiki.authentication.ldap.server=156.58.101.204
46 46  xwiki.authentication.ldap.port=389
47 -xwiki.authentication.ldap.base_DN=department=USER,department=INFORMATIK,department=1230,o=MP
39 +
40 +
41 +## LDAP login, empty = anonymous access, otherwise specify full dn
42 +## {0} is replaced with the username, {1} with the password
48 48  xwiki.authentication.ldap.bind_DN=cn={0},department=USER,department=INFORMATIK,department=1230,o=MP
49 49  xwiki.authentication.ldap.bind_pass={1}
50 -xwiki.authentication.ldap.UID_attr=uid
45 +
46 +## only members of the following group will be verified in the LDAP
47 +## otherwise only users that are found after searching starting from the base_DN
48 +xwiki.authentication.ldap.user_group=cn=developers,ou=groups,o=MegaNova,c=US
49 +
50 +## base DN for searches
51 +xwiki.authentication.ldap.base_DN=
52 +department=USER,department=INFORMATIK,department=1230,o=MP
53 +
54 +## specifies the LDAP attribute containing the identifier to be used as the XWiki name (default=cn)
55 +xwiki.authentication.ldap.UID_attr=cn
56 +
57 +## retrieve the following fields from LDAP and store them in the XWiki user object (xwiki-attribute=ldap-attribute)
58 +xwiki.authentication.ldap.fields_mapping=last_name=sn,first_name=givenName,fullname=fullName,email=mail,ldap_dn=dn
59 +
60 +# on every login update the mapped attributes from LDAP to XWiki otherwise this happens only once when the XWiki account is created.
61 +xwiki.authentication.ldap.update_user=1
62 +
63 +## maps XWiki groups to LDAP groups, separator is "|"
64 +xwiki.authentication.ldap.group_mapping=XWiki.XWikiAdminGroup=cn=AdminRole,ou=groups,o=MegaNova,c=US|\
65 + XWiki.Organisation=cn=testers,ou=groups,o=MegaNova,c=US
66 +
67 +## time in seconds after which the list of members in a group is refreshed from LDAP (default=3600*6)
68 +xwiki.authentication.ldap.groupcache_expiration=21800
69 +
70 +## - create : synchronize group membership only when the user is first created
71 +## - always: synchronize on every login
72 +xwiki.authentication.ldap.mode_group_sync=always
73 +
74 +## if ldap authentication fails for any reason, try XWiki DB authentication with the same credentials
75 +xwiki.authentication.ldap.trylocal=1
51 51  {code}
52 52  
53 53  #info("You can also setup the LDAP configuration in XWiki.XWikiPreferences page by going to the class editor and adding the following fields:
79 +* ldap
54 54  * ldap_server
55 55  * ldap_port
56 56  * ldap_check_level
... ... @@ -58,7 +58,12 @@
58 58  * ldap_bind_DN
59 59  * ldap_bind_pass
60 60  * ldap_UID_attr
61 -* ldap_fields_mapping")
87 +* ldap_fields_mapping
88 +* ldap_update_user
89 +* ldap_group_mapping
90 +* ldap_groupcache_expiration
91 +* ldap_mode_group_sync
92 +* ldap_trylocal")
62 62  
63 63  1.1.1 LDAP Configuration for Active Directory
64 64  
... ... @@ -96,8 +96,6 @@
96 96  This java client, [LDAP Browser/Editor > http://www-unix.mcs.anl.gov/~gawor/ldap/] is a handy tool for checking your configuration.
97 97  
98 98  
99 -
100 -
101 101  1.1 eXo Authentication
102 102  
103 103  The eXo authentication is used automatically by adding/editing the ~~xwiki.exo=1~~ property in ~~WEB-INF/xwiki.cfg~~.

About

About

Support

Platform

User Guide

Admin Guide

Developer Guide

Projects

XWiki

Extensions

Other

Contribute

Status

Practices

Under the Hood

Get Involved

Get Connected