LDAP Authentication

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

LDAP Authentication

tsuter
I am trying to enable LDAP authentication against an OpenLDAP server and
need some advice on how to get this up and running.  Can someone help me
out?

Heres the content of the authentication portion of my xwiki.cfg file in
following the configuration instructions here:
http://www.xwiki.org/xwiki/bin/view/Dev/LDAPIntegrationAD
You will note that I have asked some questions throughout the file.
 
xwiki.authentication=form
xwiki.authentication.validationKey=totototototototototototototototo
xwiki.authentication.encryptionKey=titititititititititititititititi
xwiki.authentication.cookiedomains=xwiki.com,wiki.fr
xwiki.authentication.useip=false
xwiki.authentication.ldap=1
xwiki.authentication.ldap.server=ldap.cait.org
xwiki.authentication.ldap.port=389
#xwiki.authentication.ldap.check_level=  <?  Wasn't sure of what this
should be.  Need more info on what this is and does.>
xwiki.authentication.ldap.base_DN=ou=People,o=cait.org
#xwiki.authentication.ldap.bind_DN=  <blank for anonymous access  What's
the proper way to indicate 'blank'?>
#xwiki.authentication.ldap.bind_pass=  <blank for anonymous access>
#xwiki.authentication.ldap.UID_attr=uid

The ones I have commented out are also commented out currently in the
config file.  Should I comment some out or change others?

Tim





--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws
Reply | Threaded
Open this post in threaded view
|

Re: LDAP Authentication

Peter Murray
On 9/20/05 5:25 PM, Tim Suter wrote:
> I am trying to enable LDAP authentication against an OpenLDAP server and
> need some advice on how to get this up and running.  Can someone help me
> out?
> #xwiki.authentication.ldap.bind_DN=  <blank for anonymous access  What's
> the proper way to indicate 'blank'?>
> #xwiki.authentication.ldap.bind_pass=  <blank for anonymous access>

The XWiki LDAP module does not support anonymous binding -- you'll need
to create a directory object and put its DN/password here.  (This
tripped me up for a *very* long time.)


Peter
--
Peter Murray                       http://www.pandc.org/peter/work/
Assistant Director, Multimedia Systems  tel:+1-614-728-3600;ext=338
OhioLINK: the Ohio Library and Information Network   Columbus, Ohio



--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws
Reply | Threaded
Open this post in threaded view
|

Re: Re: LDAP Authentication

tsuter
What about the LDAP field mappings parameter?  We are unclear of what
needs to go in there.  Is it necessary to have in there.  Again, we are
not using AD.

Peter Murray wrote:

>On 9/20/05 5:25 PM, Tim Suter wrote:
>  
>
>>I am trying to enable LDAP authentication against an OpenLDAP server and
>>need some advice on how to get this up and running.  Can someone help me
>>out?
>>#xwiki.authentication.ldap.bind_DN=  <blank for anonymous access  What's
>>the proper way to indicate 'blank'?>
>>#xwiki.authentication.ldap.bind_pass=  <blank for anonymous access>
>>    
>>
>
>The XWiki LDAP module does not support anonymous binding -- you'll need
>to create a directory object and put its DN/password here.  (This
>tripped me up for a *very* long time.)
>
>
>Peter
>  
>
>------------------------------------------------------------------------
>
>
>--
>You receive this message as a subscriber of the [hidden email] mailing list.
>To unsubscribe: mailto:[hidden email]
>For general help: mailto:[hidden email]?subject=help
>ObjectWeb mailing lists service home page: http://www.objectweb.org/wws
>  
>



--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws
Reply | Threaded
Open this post in threaded view
|

Re: LDAP Authentication

Peter Murray
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I think the LDAP field mappings are only important if you are creating
XWiki accounts on the fly.  I am, and used the existing AD-based
instructions on the XWiki site to fill in the right parameters.  (Some
of them were AD-specific.)


Peter

On 9/21/05 11:16 AM, Tim Suter wrote:
> What about the LDAP field mappings parameter?  We are unclear of what
> needs to go in there.  Is it necessary to have in there.  Again, we are
> not using AD.

- --
Peter Murray                       http://www.pandc.org/peter/work/
Assistant Director, Multimedia Systems  tel:+1-614-728-3600;ext=338
OhioLINK: the Ohio Library and Information Network   Columbus, Ohio
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (Darwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDMYKH4+t4qSfPIHIRAk6LAJ9PA32n7eTTOT4NxlxkDKsXvnG8CwCfaLwm
eWCW52jQPSjxPjV5q8jf5xI=
=zZ5I
-----END PGP SIGNATURE-----



--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws