LDAP Configuration with xwiki

Tadewos · May 22, 2017, 8:20am

Dears,
I have been trying to configure xwiki for LDAP authentication. I am using xwiki 9.2. I followed all the steps for LDAP authenticator with and without GUI(LDAP Application). But xwiki is not working.I just wasted a lot of time.
The following are some of the documentations I followed
1.http://extensions.xwiki.org/xwiki/bin/view/Extension/LDAP/Authenticator/
2.http://extensions.xwiki.org/xwiki/bin/view/Extension/LDAP/Application/
3.http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication#HLDAPAuthentication
4.https://network.xwiki.com/xwiki/bin/view/DocXE27En/LDAPAuthentication
For instance an other php application worked easily and charmingly.Is there is right documentation for xwiki. Or is it just full of bugs and terrible that I have to leave it for ever?

Best,

lmdizon · May 22, 2017, 10:13am

Hi,

LDAP Application worked fine with me. I initially had problems with it but it was because I didn’t put the config “LDAP UID ATTRIBUTE NAME (xwiki.authentication.ldap.UID_attr) = sAMAccountName” . Connection to Active Directory works fine with LDAP.

Lester

Tadewos · May 22, 2017, 10:55am

Hi Lester,
Thank you. I dont understand what you mean by “sAMAccountName”. For my other application I used
User Name and Password credentials of LDAP. So I assigned User Name (xwiki.authentication.ldap.UID_attr = User Name) in xwiki.cfg file. There is no “sAMAccountName” either in xwiki.cfg file or LDAP.
As said in previous email, I followed the documentation on the links, then added your comment.But xwiki is not yet logging in with credentials with which other application is able to login.
Can you explain in more detail?

Pbas · May 22, 2017, 11:30am

Hello,
First, I don’t think these sentences help a lot to fix your ldap problem …

Anyway, you can read this:
http://extensions.xwiki.org/xwiki/bin/view/Extension/LDAP/Authenticator/UseCases/
and more important you must enable ldap authentication log (and check LDAP log side too maybe):
http://extensions.xwiki.org/xwiki/bin/view/Extension/LDAP/Authenticator/#HEnableLDAPdebuglog
to give more informations about your issue.

(I use LDAP over SSL authentication on xwiki 8.4.4)

Pascal

Tadewos · May 22, 2017, 1:38pm

Hi,
Thank you. The first link is for additional features if it works for basic configuration of LDAP login. But I already read and I think it is non sense to worry about additional feature while the basic is not working with configuration according to documentation. In any case, please try to document very well.What I understand now is there is no mature and stable version of xwiki to relay on.
I tried every option, but I really tell you I wasted much much time.
Best,

vmassol · May 23, 2017, 7:04am

XWiki has been stable and mature for over 10 years and a lot of users have been using the LDAP feature. I’m sorry you were not able to make it work. You probably didn’t read the doc carefully enough or you’re lacking some LDAP expertise. For example if you read the doc you’ll find how to turn on LDAP debugging. Have you done this? Actually I don’t know why I’m asking this since you’ve obviously tried it as you said you “tried every option”…

Now since we cannot waste our time with you either (remember that this is all free), I suggest you purchase some professional service from one of the companies sponsoring the development of XWiki and I’m sure they’ll make it work for you. See https://www.xwiki.org/xwiki/bin/view/Main/Supporters/SponsoringCompanies/

Best

lmdizon · May 23, 2017, 1:51pm

I followed https://hub.docker.com/_/xwiki/ and it works fine. Installed LDAP authenticator and it works. I initially had problems with LDAP connection because I didn’t put the config “xwiki.authentication.ldap.UID_attr=sAMAccountName” correctly.

Here’s an example of my config in xwiki.cfg (as per http://extensions.xwiki.org/xwiki/bin/view/Extension/LDAP/Authenticator/UseCases/#HActiveDirectory ):
xwiki.authentication.authclass=org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl
xwiki.authentication.ldap.trylocal=1
xwiki.authentication.ldap=1
xwiki.authentication.ldap.server=10.x.x.xx
xwiki.authentication.ldap.port=389
xwiki.authentication.ldap.base_DN=dc=xxx,dc=local
xwiki.authentication.ldap.bind_DN=cn=XXX,ou=Standards,ou=Accounts,ou=_XXX,dc=xxx,dc=local
xwiki.authentication.ldap.bind_pass=mypassword
xwiki.authentication.ldap.UID_attr=sAMAccountName

Thanks,
Lester

Tadewos · May 24, 2017, 11:01am

Hi Lester,
Thanks.
I am sorry,
I have never faced such ambiguous and poor documentation.What does mypassword represent(the Password attribute of LDAP or actual admin password or what?)
And what sAMAccountName does represent? There is no such attribute in the LDAP list of attributes.For instance, I used corresponding values of “User Name” and “Password” attributes of LDAP to login from other application.
It seems an other assignment to read about xwiki .
My question, what information related to this topic did you get from this link that you sent me? https://hub.docker.com/_/xwiki/
And the other is the one you already sent me.
Best regards,

gdelhumeau · May 24, 2017, 12:19pm

Your question is not that precise neither. Send us your configuration so we may check what’s wrong in it.

Tadewos · May 24, 2017, 1:56pm

Hi,
Actually I have tried different options. For instance the following is my sample configuration.

#-# LDAP authentication service
#-# xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl
xwiki.authentication.ldap=1
xwiki.authentication.authclass=org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl
xwiki.authentication.ldap.trylocal=1
#-#xwiki.authentication.ldap=1
xwiki.authentication.ldap.server=155.x.x.x
xwiki.authentication.ldap.port=389
xwiki.authentication.ldap.base_DN=ou=users,dc=prompt,dc=itc,dc=cnr,dc=it
xwiki.authentication.ldap.bind_DN=cn={0},ou=users,dc=prompt,dc=itc,dc=cnr,dc=it
#-#xwiki.authentication.ldap.bind_DN=cn=users,ou=users,dc=prompt,dc=itc,dc=cnr,dc=it
xwiki.authentication.ldap.bind_pass={1}
xwiki.authentication.ldap.UID_attr=User Name
#-# Turn LDAP authentication on - otherwise only XWiki authentication

In any case, it is better to have good documentation.For instance with other application, I did just in one step because of good documentation. It is only because I came long distance that I haven’t quited xwiki.
Best,

Pbas · May 24, 2017, 2:38pm

Notice that xwiki documentation is … wiki documentation. Then everyone can contribute (and yourself too if you considere that documentation is too light).

Anyway, xwiki.authentication.ldap.UID_attr=User Name could be wrong

# Specifies the LDAP attribute containing the identifier to be used as the XWiki name
#-# The default is cn
xwiki.authentication.ldap.UID_attr=    (must be a LDAP attribute like cn, uid, or ...)

IMO, to solve your problem the better is to contact your LDAP admin to know precisely LDAP parameters to use for xwiki (or https://www.xwiki.org/xwiki/bin/view/Main/Supporters/SponsoringCompanies/)

Tadewos · May 24, 2017, 3:16pm

Hi Pbas,
I am the admin of all stuff and it is me who installed LDAP and everything. I know all of them and tried all possible option. As I said, the other application worked just in 1 step.

vmassol · May 24, 2017, 8:37pm

@Tadewos Would be great if you could help us improve the documentation. You just need to register on http://xwiki.org (top right drawer menu) and then you can edit the doc page to improve it: http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication

Thanks

pdwalker · February 2, 2018, 7:14am

This thread helped me find where I was setting my configuration incorrectly.
http://xwiki.475771.n2.nabble.com/Trouble-with-XWiki-Active-Directory-LDAP-Configuration-td7584331.html

My fix was the same as the original posters.

Turning on the tracing for the ldap classes also helped me see what was happening and where it was failing to connect.