Last modified by Thomas Mortagne on 2023/09/04 09:29

<
From version < 20.1 >
edited by Thomas Mortagne
on 2009/11/27 15:10
To version < 21.1 >
edited by Thomas Mortagne
on 2010/01/14 17:48
>
Change comment: There is no comment for this version

Summary

Details

Page properties
Content
... ... @@ -22,6 +22,8 @@
22 22  
23 23  So you can't use the <tt>xwiki.authentication.ldap.bind_DN=cn={0},department=USER,department=INFORMATIK,department=1230,o=MP</tt> pattern.
24 24  
25 +The trick here is to to connet to LDAP with a user able to list LDAP users (and groups if you want to do membership synchronization).
26 +
25 25  To handle that LDAP authentication automatically search for user DN trying to match the provided login with <tt>xwiki.authentication.ldap.UID_attr</tt> attribute value. So simply set an existing administration (or any other LDAP user with the right to search in the whole LDAP server) user DN at <tt>xwiki.authentication.ldap.bind_DN</tt> and its password at <tt>xwiki.authentication.ldap.bind_pass</tt>. LDAP authentication will user it to connect to LDAP server, search for provided user and bind found DN with provided password to validate it.
26 26  
27 27  For example if you have an an admin user with DN "cn=Administrator,dc=mydomain,dc=org" and password "pass" set:
... ... @@ -31,6 +31,7 @@
31 31  {code}
32 32  
33 33  
36 +
34 34  1.1 My users are not located on the same server
35 35  
36 36  e.g. if you use several subdomains and the users are defined seperately in each subdomain. This will likely be the case when you have a configuration like this:

Get Connected