Fix for General LDAP authentication documentation?


I’m trying to setup LDAP authentication to trial XWiki as a replacement for TWiki at my workplace. I have the “LDAP Authenticator” and “LDAP Admin” extensions installed.

The admin guide says that all I need to do is add the below to my xwiki.cfg and I should be able to configure it via the admin interface:


After making this change and restarting XWiki the admin interface tells me LDAP isn’t enabled.

This forum post says to use a slightly different setting:


When I do this I can no longer log in with either the default Admin account or my personal account which I created.

In order for it to work as expected I had to make these changes before enabling LDAP in xwiki.cfg:

  • Go to the Other - LDAP section in XWikiPreferences
  • Set LDAP to either “yes” or “no” (by default it is “—”)
  • Set “Try Local Login” to “Yes” (by default it is “—”)

After these changes, everything seems to work as expected.

I’m happy to update the documentation, but given that I’m brand new here I’d like to make sure that my understanding is correct before perhaps misleading others!


Good obvservation. I got bitten by the same thing and I had to use the superadmin account to bail myself out.

1 Like

Well the first lines of this documentation also indicate the following:

It’s recommended to use the LDAP Authenticator extension instead of the core LDAP authenticator.
The following documentation is for the core LDAP authenticator which has been removed in 8.3.

But 8.3 is old now so I will move this whole section in a more hidden place I think :slight_smile:

So if you click on the link you end up in the right documentation: (i.e. the documentation of the extension you installed). And this document does suggest to set at least xwiki.authentication.ldap.trylocal (to avoid this issue you had).

Should be a bit more clear now.

Thanks. I’ve made updated the documentation to make it even a bit more explicit, because I think I might have still missed what your changes point to.

Good tip, I didn’t know yet that there was a superadmin account. Thanks. :slight_smile:

Thanks @adamshand ! Note that you had broke the release note link, I fixed it. Also improved a bit to not duplicate tryLocal documentation.

Whoops, sorry about breaking the link. Not sure how I did that! Thanks for catching my mistake.