Difficulty getting sAMAccountName as login

Help / Discuss
#1

Version 7.2
I’m having trouble getting sAMAccountName to be the login used to gain entry into xwiki. So far, only cn works. If I try to change cn to sAMAccountName, it just doesnt authenticate. cn doesn’t work for us since it contains spaces require middle names. thank you!

Current xwiki.cfg:
xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl
xwiki.authentication.ldap=1
xwiki.authentication.ldap.server=[redacted]
xwiki.authentication.ldap.port=389
xwiki.authentication.ldap.bind_DN=cn={0},OU=users,OU=contoso,DC=contoso,DC=com
xwiki.authentication.ldap.bind_pass={1}
xwiki.authentication.ldap.base_DN=OU=users,OU=contoso,DC=contoso,DC=com
xwiki.authentication.ldap.UID_attr=cn
xwiki.authentication.ldap.update_user=1

#2

Hi tngo,
I assume you connect to a windows LDAP server.
I’m not quite sure about the LDAP configuration in 7.2 as in later . But I used “Ldap UID Attributname” for . And I had to use only LDAPBASE_DN to specify the particular user group in our environment.
bind_DN should be the name of a user having at least read access to the LDAP server to read the corresponding tree and bind_pass the password for that user.
Hope that helps, Wolfgang

#3

Sorry for for almost unreadable reply…:disappointed:

I configured in 7.4.5 and later to connect to windows active directory server (LDAP), my configuration:

xwiki.authentication.ldap=1
xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl
xwiki.authentication.ldap.server=your LDAP servername
xwiki.authentication.ldap.port=389
xwiki.authentication.ldap.bind_DN=Name of user having read access to LDAP-server
xwiki.authentication.ldap.bind_pass=password for bind_DN
xwiki.authentication.ldap.base_DN=spefication for user group in LDAP server
xwiki.authentication.ldap.UID_attr=sAMAccountName
LDAP field mapping (optional)
XWIKI -> LDAP
email -> mail
first_name -> givenName
last_name -> last_name

Hope this is somewaht clearer…
Wolfgang

#4

That fixed it!! THANK YOU!!!

I did not realize it required a specific AD account, it led me to believe it was just a general, “where are users located in your directory.”