I never use the LDAP application myself but here is what I would do: * start XWiki * go to the admin and install "LDAP Application" (it's possible you have to click the "All remote extensions" blue button to see this extension) * modify the xwiki.cfg and copy/paste everything that can be found on http://extensions.xwiki.org/xwiki/bin/view/Extension/LDAP/Authenticator/ among which you can find the following important parts:
#-# LDAP authentication service xwiki.authentication.authclass=org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl and #-# If ldap authentication fails for any reason, try XWiki DB authentication with the same credentials #-# - 0: disable #-# - 1: enable #-# The default is 0 xwiki.authentication.ldap.trylocal=1 since I want to access the administration even when the LDAP authenticator is not properly configured. * restart XWiki That's it, the LDAP authenticator is used as authenticator and you have what is described on http://extensions.xwiki.org/xwiki/bin/view/Extension/LDAP/Application/ when you do to the administration -> LDAP. If you think you configured LDAP authenticator with the right values and login still fail then you should do what is explained on http://extensions.xwiki.org/xwiki/bin/view/Extension/LDAP/Authenticator/#HEnableLDAPdebuglog and you will have all the details to see why it fails. On Wed, Mar 15, 2017 at 4:20 AM, Douglas Landau <dougl...@westmarine.com> wrote: > OK, now I'm -totally- confused. :-) I am looking for the LDAP > Application form. > > I started over with the standalone installer. > I installed the LDAP Authenticator using the built-in (pre-installed?) admin > application > I tried adding the LDAP settings found here to xwiki.cfg: > http://extensions.xwiki.org/xwiki/bin/view/Extension/LDAP/Authenticator/ > Therefore I have "xwiki.authentication.ldap=1" > I also set a value/server-hostname for "xwiki.authentication.ldap.server=" > I left these two lines uncommented, hoping for anonymous LDAP binding, which > I am told we offer. > > xwiki.authentication.ldap.bind_DN=cn={0},department=USER,department=INFORMATIK,department=1230,o=MP > xwiki.authentication.ldap.bind_pass={1} > > I have a value for "xwiki.authentication.ldap.base_DN=" > I stopped XWiki by pressing Control-C twice in the window in which I started > it using start_xwiki.sh, since I never got a prompt back. > I modified my xwiki.cfg but am not able to log in using LDAP. > I saw where it says "if you are not using the LDAP application, you will have > to redeploy". But I don’t know what that means or see it explained anywhere. > So I installed the LDAP Application. Version 9.2.3. The version of the > LDAP Authenticator is also 9.2.3. I installed XWiki 8.4.4. > I finally got to a known point!!!!!!!!!!!!!!!!!!!!!!!!! PHEW! I go to > here, from the LDAP Application page: > ----------------------------------------------------------------------------------- > Enabling LDAP authentication on a wiki > The LDAP application assumes LDAP is enabled as the main authenticator via > the bundled XWiki LDAP authenticator. If it's not the case, you will be > "welcomed" with the following warning message: > > ldap-authenticator-warning.png > > In the event you encounter this message, please report to Authenticator > documentation in order to enable the LDAP authenticator on your wiki. > > You need to make sure you have have the following in your xwiki.cfg file: > > xwiki.authentication.authclass=org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl > since LDAP Application 8.3 or if you are using older version of the > application: > > xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl > Uncomment it and then restart XWiki. > --------------------------------------------------------------------------------------------------------- > > Okay!!!! Right ON. Now, it says "Since LDAP Application 8.3 or if you are > using an older version of the application." > This is confusing to me. Since 8.3 I ought to use that line, and also if I > am using an older version?!? OK, I'll try that, since I am using 9.2.3, and > it sounds like I ought be using that ever since 8.3. And I got Java errors > when I tried to start xwiki again. > Okay. I guess that is not going to work. I'll try the other line, the first > one suggested. That time I got no Java errors. > Now I have this: > xwiki.authentication.authclass=org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl > > Okay. After setting that to that, I was able to start xwiki again. I > logged in as Admin and went to the LDAP Application. The page is titled > "LDAP Admin sheet". There is some whitespace. The in large font is the > work "Configuration". There is a pencil on the far right. Below that is the > word "Miscellaneous". Another pencil on the far right. Below that is a > button "Reset group cache". I pressed it. I then clicked the pencil to the > right of "Configuration". There is nothing there. > > Where is the form I see on this page: > http://extensions.xwiki.org/xwiki/bin/view/Extension/LDAP/Application/ ??? > I see no error msgs or guidance of any sort going to the window in which I > started xwiki. > I still can't log in using LDAP credentials. > > OK Now I've uncommeted out these two lines and removed their values: > xwiki.authentication.ldap.bind_DN= > xwiki.authentication.ldap.bind_pass= > > Same story. Maybe I'll give up on anonymous binding. OK, now I've filled > those in. I've restarted and same story - cant auth using LDAP and can't > find the form, just a pencil on the LDAP Admin sheet. Not sure what to do > next except start over with XWiki 9. Guess I'll get that going in another VM. > > Help? > > Thanks. > > > > The information contained in this transmission may contain West Marine > proprietary, confidential and/or privileged > information. It is intended only for the use of the person(s) named above. > If you are not the intended recipient, you are > hereby notified that any review, dissemination, distribution or duplication > of this communication is strictly prohibited. > If you are not the intended recipient, please contact the sender by reply > email and destroy all copies of the original > message. To reply to our email administrator directly, please send an email > to netad...@westmarine.com. -- Thomas Mortagne
