Changes for page User Authentication

Last modified by Simon Urli on 2023/12/11

From version 1.17
edited by ShawnLauzon
on 2007/06/15
Change comment: There is no comment for this version
To version 1.21
edited by jmcettrick
on 2007/10/05
Change comment: Added comment

Summary

Details

Page properties
Author
... ... @@ -1,1 +1,1 @@
1 -XWiki.ShawnLauzon
1 +XWiki.jmcettrick
Content
... ... @@ -1,6 +1,6 @@
1 1  1 User Authentication
2 2  
3 -XWiki supports different authentication mechanisms for authenticating users:
3 +XWiki supports several different authentication mechanisms for authenticating users:
4 4  #toc("" "" "")
5 5  
6 6  The form authentication is the default mechanism.
... ... @@ -67,7 +67,32 @@
67 67   - *ldap_UID_attr*: sAMAccountName
68 68   - *ldap_fields_mapping*: name=sAMAccountName,last_name=sn,first_name=givenName,fullname=displayName,mail=mail,ldap_dn=dn
69 69  
70 +Example:
71 +{code}
72 +xwiki.authentication.ldap=1
73 +xwiki.authentication.ldap.authclass=com.xpn.xwiki.user.impl.LDAP.LDAPAuthServiceImpl
74 +xwiki.authentication.ldap.server=adserver
75 +xwiki.authentication.ldap.check_level=1
76 +xwiki.authentication.ldap.port=389
77 +xwiki.authentication.ldap.base_DN=dc=subdomain,dc=domain,dc=suffix
78 +xwiki.authentication.ldap.bind_DN=subdomain\\{0}
79 +xwiki.authentication.ldap.bind_pass={1}
80 +xwiki.authentication.ldap.UID_attr=sAMAccountName
81 +xwiki.authentication.ldap.fields_mapping=name=sAMAccountName,last_name=sn,first_name=givenName,fullname=displayName,mail=mail,ldap_dn=dn
82 +{code}
70 70  
84 +The bind_DN and bind_pass fields contain the username and password for binding to the LDAP server in order to search, which will not necessarily be the same credentials as the user logging in.
85 +
86 +
87 +The exact details of this configuration will vary based on your server configuration. It may not be necessary to prefix the username (represented by {0}) with the subdomain.
88 +
89 +For testing purposes, you may wish to omit the "ldap.fields_mapping" field, to test the authentication first, and then add it later to get the mappings right.
90 +
91 +This java client, [LDAP Browser/Editor > http://www-unix.mcs.anl.gov/~gawor/ldap/] is a handy tool for checking your configuration.
92 +
93 +
94 +
95 +
71 71  1.1 eXo Authentication
72 72  
73 73  The eXo authentication is used automatically by adding/editing the ~~xwiki.exo=1~~ property in ~~WEB-INF/xwiki.cfg~~.
... ... @@ -114,3 +114,4 @@
114 114  # Only required if protection = validation or all (default)
115 115  
116 116  
142 +
XWiki.XWikiComments[4]
Author
... ... @@ -1,0 +1,1 @@
1 +XWiki.mamoulian
Comment
... ... @@ -1,0 +1,4 @@
1 +Is the example AD configuration above the right way to do things?
2 +My understanding is that the bind_DN and bind_pass are for setting the username and password XWiki will use to connect to the LDAP server in order to do a search, then the UID_attr field is searched for the username entered on the form.
3 +If that is correct then the bind_dn and bind_pass should either be hardcoded to a special AD user with restricted privileges, or left blank to bind anonymously.
4 +I have tried the first of these: XWiki then seems to 'authenticate OK' whatever username/password I enter on the form even if the user does not exist in AD at all.
Date
... ... @@ -1,0 +1,1 @@
1 +2007-08-09 17:29:08.0
XWiki.XWikiComments[5]
Author
... ... @@ -1,0 +1,1 @@
1 +XWiki.yjanet
Comment
... ... @@ -1,0 +1,3 @@
1 +I need to use Sun Access Manager to authenticate users against global web SSO.
2 +I'm trying to build a new authentication module, but I can't find XWikiAuthService Javadoc ...
3 +Isn't this public or should i retrieve whole sources and build the doc by myself ?
Date
... ... @@ -1,0 +1,1 @@
1 +2007-10-05 12:03:16.231

Get Connected