Help with translation of LDAP settings to xwiki

Good day all I am trying to setup an LDAP central server for a group of services in icluding xwiki, so far so good on most I think, but the xwiki configuration in particular seems quite confusing…

This is what works for codimd

  - CMD_LDAP_URL=ldaps://ldapsrv
  - CMD_LDAP_BINDDN=cn=codimd,ou=system,dc=ldap,dc=rekt
  - CMD_LDAP_BINDCREDENTIALS=password
  - CMD_LDAP_SEARCHBASE=ou=people,dc=ldap,dc=rekt
  - CMD_LDAP_SEARCHFILTER=(cn={{username}})
  - CMD_LDAP_PROVIDERNAME=Rekt Shell
  - CMD_LDAP_USERIDFIELD=cn
  - CMD_LDAP_USERNAMEFIELD=givenName

Discourse and Anope/LDAP are pretty much the same … when I look into xwiki’s config for ldap though: https://extensions.xwiki.org/xwiki/bin/view/Extension/LDAP/Authenticator/

I am fairly new to LDAP and there are so many options for xwiki, would anyone be able to help me convert my working config options for discourse/anope[plugin_ldap]/codimd to what they should be in xwiki.cfg for the ldap extension?

Conversion

  • CMD_LDAP_URL:
    • server=ldapsrv to indicate the host
    • ssl=1 to enable SSL access to the LDAP server
  • CMD_LDAP_BINDDN -> bind_DN
  • CMD_LDAP_BINDCREDENTIALS -> bind_pass
  • CMD_LDAP_SEARCHBASE -> base_DN

No need

  • CMD_LDAP_SEARCHFILTER -> user_search_fmt (but what you have in your example is already the default)
  • CMD_LDAP_USERIDFIELD -> UID_attr (but what you have in your example is already the default)

Not sure

  • CMD_LDAP_USERNAMEFIELD: if that’s the value to use to create the user profile on the client side XWiki use whatever the user type in login by default, it’s customizable using userPageName and the exact equivalent of your example would be ${ldap.givenName} I think
  • CMD_LDAP_PROVIDERNAME: no idea what is that or why you would need it
1 Like

Ah many thanks, CMD_LDAP_PROVIDERNAME is nothing useful all it does is put ‘Company Name’ in the ‘LDAP PROVIDER’ dialogue,

But xwiki will not have permission to write to this ldap directory, I am not sure if this will create a problem or not, as the LDAP is standing as a central repo for quite a few different services, the idea was to have a separate ‘user management’ page

Thank you for the helpful conversion guide :slight_smile:

It won’t try :slight_smile:

1 Like

This probably does not belong here but while its open showing the error … , when I try to mark this as resolved the site errors :slight_smile: @vmassol

Onedrive (2 images)