LDAP Login with Basic Auth and domain\username?

Hello,

i successfully added Authentication with the ldap extension and
xwiki.authentication.ldap.UID_attr=sAMAccountName

I switched from form to basic auth to have a SSO Auth with edge/IE but the user is not found.

I think its because the ldap searches for domain\username instead of only username.

Can i change the search to have both strings found in ad Base. like DN=cn=Users,dc=domain,dc=de ?

Regards

Frank

This requires to configure xwiki.authentication.ldap.remoteUser* properties to extract information from the input user.

Hi Thomas,
thanks for your hint - can you give a little more information. I really searched the forum and the internet and found this: kerberos SSO → strip domainname from :
xwiki.authentication.trustedldap.remoteUserParser=(.+)@(.+)
xwiki.authentication.trustedldap.remoteUserMapping.1=login
but this is a different extension ?
does xwiki.authentication.ldap.remoteUserParser=(.+)@(.+) work ?

xwiki.authentication.ldap.remoteUserParser=(.+)@(.+)
xwiki.authentication.ldap.remoteUserMapping.1=login

this is my auth config now,
xwiki.authentication.ldap.UID_attr=sAMAccountName
if i use xwiki.authentication.ldap.remoteUser how do i change this line or is xwiki.authentication.ldap.UID_attr not used anymore ?

It’s documented on https://extensions.xwiki.org/xwiki/bin/view/Extension/LDAP/Authenticator/#HGenericLDAPconfiguration. You have some examples in it based on UID@DOMAIN while your use case is DOMAIN\UID but it does not make a huge difference, basically just need to change @ in \ and invert 1 and 2 related configuration.

So something like:

xwiki.authentication.ldap.remoteUserParser=(.+)\\\\(.+)
xwiki.authentication.ldap.remoteUserMapping.1=domain,ldap_server,ldap_port,ldap_base_DN,ldap_bind_DN,ldap_bind_pass,ldap_group_mapping
xwiki.authentication.ldap.remoteUserMapping.2=uid

remoteUserParser extract values from the input and remoteUserMapping.1 and remoteUserMapping.2 indicate what they are used for.

Note: I’m not 100% sure how many \ you need in remoteUserParser (it’s also an escaping character).

You should keep the same configuration you used to have for login/pass form and simply setup the remoteUser* properties.