How to enable extension LDAP Authenticator after upgrading

An old instance of XWiki used to have the extension LDAP Authenticator working, and after upgrading to v13.10.9, LDAP stopped working. So, I am now logging in by enabling the superadminpassword.

On the old instance, I noticed that the xwiki.cfg file contains the below section of LDAP configurations mentioned on the official XWiki extension page above; however, the new version does not have it. So, not sure if we are supposed to add in the configurations manually.

I am new to this part of the configuration, so any hints or suggestions will be helpful.

Partial xwiki.cfg file regarding LDAP:

...
#---------------------------------------
# LDAP
#

#-# LDAP authentication service
# xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl

#-# Turn LDAP authentication on - otherwise only XWiki authentication
#-# - 0: disable
#-# - 1: enable
#-# The default is 0
xwiki.authentication.ldap=1

#-# LDAP Server (Active Directory, eDirectory, OpenLDAP, etc.)
xwiki.authentication.ldap.port=389
xwiki.authentication.ldap.server=xxx.xxx.xx

#-# LDAP login, empty = anonymous access, otherwise specify full dn
...

Well, LDAP is not enabled in that xwiki.cfg, whatever the version of XWiki. But maybe you are the one who commented the xwiki.authentication.authclass property ?

You did not indicate from which version of XWiki you upgraded to, not easy to be sure, but let’s assume it was < 8.3. What changed in 8.3 is that the LDAP authenticator is not embedded anymore and you have to:

  • install the “LDAP Authenticator” extension
  • use org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl for xwiki.authentication.authclass property

See LDAP Authenticator (XWiki.org) for more details about the move.

1 Like

Thank you for your reply, @tmortagne.

I am upgrading from v7.0.1 to v13.10.9.

And, I will confirm the solution if it works in testing. Thank you for your help and patience.

I have already installed the extension “LDAP Authenticator” by the extension manager, but have not set xwiki.authentication.authclass yet.

Also, just to clarify one question:

By “LDAP authenticator is not embedded”, it means we are expected to manually add the configuration items in xwiki.cfg, right?

Thank you for your help.

No, it means LDAP is not part of XWiki Standard anymore, and you have to install an extension.

Setting authclass always been officially required for any authenticator, it’s just that under specific circumstance xwiki.authentication.ldap=1 could be enough for LDAP (but not always) which seems to be your case.

1 Like

The LDAP started working on the new version of v13.10.9 after the following steps:

  1. changed to xwiki.authentication.authclass=org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl in xwiki.cfg, and
  2. installed extension “LDAP Authenticator” of the current version v9.7.5. I think the extension gets LDAP parameters from “Administrator Wiki > Other > LDAP” context, not from the text configuration file xwiki.cfg.

On the old version of XWiki v7.0.1, xwiki.cfg contained more items, e.g. xwiki.authentication.ldap.port, etc. But I don’t think they are necessary for the current version.

I appreciate your help, @tmortagne. Please let me know if you see anything wrong with my understanding above.

Not exactly. For each properly it checks the configuration on the wiki first but if empty fallback on xwiki.cfg (the properties are the same as before, there is just some new ones). See LDAP Authenticator (XWiki.org) for more details.

1 Like