Dear Forum,
did anyone try to map the Confluence “User Directory” settings from a running instance to the LDAP Authenticator?
The Configuration of our running Confluence includes the following fields:
Name:AnyName
Directory Type:Microsoft Active Directory
Hostname:adserver.some.domain.de
Port:3666
Use SSL: Yes
Username:ldap_user
Password:-password-
LDAP Schema
Base DN:DC=some,DC=domain,DC=de
Additional User DN:
Additional Group DN:cn=G-Intranet,ou=Benutzer
Read-Only with local Groups:Yes
Secure SSL:Yes
Filter out expired users:Yes
Use Paged Results:50
(?) Follow Referrals:Yes
(?) Naive DN matching:Yes
User Schema Settings:
User Object Class:user
(???) User Object Filter:(&(objectCategory=Person)(sAMAccountName=*)(memberOf=cn=G-Intranet,ou=Benutzer,DC=some,DC=domain,DC=de))
User Name Attribute:sAMAccountName
(?) User Name RDN Attribute:cn
User First Name Attribute:givenName
User Last Name Attribute:sn
(?) User Display Name Attribute:displayName
User Email Attribute:mail
(???) User Password Attribute:unicodePwd
(???) User Unique ID Attribute:objectGUID —The attribute field to use for tracking user identity across user renames.
Group Schema Settings
Group Object Class:group
Group Object Filter:(objectCategory=Group)
Group Name Attribute:cn
Group Description Attribute:description
Membership Schema Settings
Group Members Attribute:member
User Membership Attribute:memberOf
ldapsearch on the commandline works perfectly, listing our servers as a test:
TLS_CACERT /etc/ssl/certs/certificates.crt
TLS_REQCERT ALLOW
HOST adserver.some.domain.de
PORT 3666
$ ldapsearch -D “cn=ldap_user,OU=Server,DC=some,DC=domain,DC=de” -b “OU=Server,DC=some,DC=domain,DC=de” -H ldaps://adserver.some.domain.de -w -password-
I tried to find the counterparts in the documentation of the LDAP Authenticator and this is my current xorg.cfg part for it. The ones with (?) and importantly (???) I did not find any equivalent. Login is not working. Even on DEBUG I only get a 403 error and not much more information.
xwiki.cfg:
xwiki.authentication.authclass=org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl
xwiki.authentication.ldap.port=3666
xwiki.authentication.ldap=1
xwiki.authentication.ldap.ssl=1
xwiki.authentication.ldap.fields_mapping=last_name=sn,first_name=givenName,email=mail
xwiki.authentication.ldap.server=adserver.some.domain.de
xwiki.authentication.ldap.base_DN=dc=some,dc=domain,dc=de
xwiki.authentication.ldap.bind_DN=ldap_user
xwiki.authentication.ldap.bind_pass=-password-
xwiki.authentication.ldap.trylocal=1
(???) xwiki.authentication.ldap.user_search_fmt=({0}={1})
xwiki.authentication.ldap.user_group=cn=G-Intranet,ou=Benutzer
xwiki.authentication.ldap.exclude_group=
xwiki.authentication.ldap.UID_attr=sAMAccountName
xwiki.authentication.ldap.update_user=1
xwiki.authentication.ldap.group_mapping=XWiki.XWikiADGroup=ou=Benutzer
xwiki.authentication.ldap.mode_group_sync=always
xwiki.authentication.ldap.maxresults=1000
xwiki.authentication.ldap.searchPageSize=50
Any ideas? Anyone tried this in the past?
Note: I tried the xWiki SAS Active Directory Extension but it keeps changing the configuration on pressing the SAVE-button and once it says OK to the “Connection Test” button, the next time it will fail again. There seem to be some bugs in that one, so I am not going further with that one.
Thanks in advance. Any help appreciated!