if i change the Configuration to this --> Active Directory LDAP don´t work anymore:
xwiki.authentication.ldap.ssl=1
xwiki.authentication.ldap.port=636
xwiki.authentication.ldap.ssl.secure_provider=com.sun.net.ssl.internal.ssl.Provider
xwiki.authentication.ldap.ssl.keystore=/data/xwiki/DC.keystore
In the Keystore (without a password) is the Certificate of the Domain Controller to which i want to connect.
Unfortunatelly i see no error in the tomcat Log so i have no clue where i have to search.
My other Applications works fine with LDAPS, so i can exclude a Problem with the Windows Domaincontrollers.
I use also ldaps against an ad, but I don’t set any special ssl settings.
here is my sample config:
xwiki.authentication.ldap.port=636
xwiki.authentication.ldap.ssl=1
xwiki.authentication.ldap.server=<don’t use an ad controller here, use the domain name, so dns will do the rest>
to check the ldaps connection you can use openssl:
i tried the openssl test. and it worked. It made a connections but as Returncoe i became: Verify return code: 20 (unable to get local issuer certificate).
Which is OK, the Openssl don´t know that it can trust the Certificate. This is while i set the Parameter “xwiki.authentication.ldap.ssl.keystore” in which the DC Certificate is present.
It tested it with the Dubug Level on “Trace” in the Config File. Same as before i became only the following related information in the Log:
The provided user is null. We don’t try to authenticate, it probably means the user is in non logged mode
XWikiUser: null
Starting LDAP authentication
LDAP authentication failed: LDAP not activ
LDAP authentication failed for user [xwikiadtestuser]
Have you an Idea?
Because of the Error with Provided User is 0 here my complete XWIKI Config for LDAP: