Problem with LDAPs

Hi
I’m trying to configure my xwiki (with Tomcat) for LDAPs authentication. I modified my xwiki.cfg and put the certificates in cacert file. When I try to login I’m not allowed into xwiki and there are no errors in the log.
Please help

xwiki.cfg

# LDAP
xwiki.authentication.authclass=org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl
xwiki.authentication.ldap.trylocal=1
xwiki.authentication.ldap.server=server
xwiki.authentication.ldap.ssl=1
xwiki.authentication.ldap.port=636
xwiki.authentication.ldap.ssl.secure_provider=com.sun.net.ssl.internal.ssl.Provider
xwiki.authentication.ldap.base_DN=DC=server,DC=global
xwiki.authentication.ldap.bind_DN=CN={0},OU=Production,DC=server,DC=global
xwiki.authentication.ldap.bind_pass={1}
xwiki.authentication.ldap.UID_attr=sAMAccountName
xwiki.authentication.ldap.update_user=1
xwiki.authentication.ldap.fields_mapping=last_name=sn,first_name=GivenName,email=mail,fullname=mailNickname

log:

2022-09-06 08:01:51,093 [https-openssl-nio-8180-exec-2 - https://11.312.32.3:8180/xWiki/bin/loginsubmit/XWiki/XWikiLogin] TRACE x.c.l.XWikiLDAPAuthServiceImpl - Starting LDAP authentication 
2022-09-06 08:01:51,093 [https-openssl-nio-8180-exec-2 - https://11.312.32.3:8180/xWiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG x.c.l.XWikiLDAPAuthServiceImpl - The provided user is null. We don't try to authenticate, it probably means the user is in non logged mode. 
2022-09-06 08:01:51,093 [https-openssl-nio-8180-exec-2 - https://11.312.32.3:8180/xWiki/bin/loginsubmit/XWiki/XWikiLogin] TRACE x.c.l.XWikiLDAPAuthServiceImpl - Starting LDAP authentication 
2022-09-06 08:01:51,093 [https-openssl-nio-8180-exec-2 - https://11.312.32.3:8180/xWiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.l.XWikiLDAPConfig        - remoteUserParser: null 
2022-09-06 08:01:51,093 [https-openssl-nio-8180-exec-2 - https://11.312.32.3:8180/xWiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.l.XWikiLDAPConfig        - ldap_group_classes: [groupofnames, posixgroup, apple-group, groupofuniquenames, dynamicgroup, groupwisedistributionlist, group, dynamicgroupaux] 
2022-09-06 08:01:51,093 [https-openssl-nio-8180-exec-2 - https://11.312.32.3:8180/xWiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.l.XWikiLDAPConfig        - ldap_group_memberfields: [uniquemember, memberuid, member] 
2022-09-06 08:01:51,093 [https-openssl-nio-8180-exec-2 - https://11.312.32.3:8180/xWiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG x.c.l.XWikiLDAPAuthServiceImpl - LDAP authentication failed: LDAP not activ 
2022-09-06 08:01:51,093 [https-openssl-nio-8180-exec-2 - https://11.312.32.3:8180/xWiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG x.c.l.XWikiLDAPAuthServiceImpl - Trying authentication against XWiki DB 
2022-09-06 08:01:51,093 [https-openssl-nio-8180-exec-2 - https://11.312.32.3:8180/xWiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG x.c.l.XWikiLDAPAuthServiceImpl - LDAP authentication failed for user [test] 
2022-09-06 08:01:51,093 [https-openssl-nio-8180-exec-2 - https://11.312.32.3:8180/xWiki/bin/loginsubmit/XWiki/XWikiLogin] WARN  nticationFailureLoggerListener - Authentication failure with login [test] 
2022-09-06 08:01:51,093 [https-openssl-nio-8180-exec-2 - https://11.312.32.3:8180/xWiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG x.c.l.XWikiLDAPAuthServiceImpl - XWikiUser: null

It seems to simply forgot to enable LDAP. See https://extensions.xwiki.org/xwiki/bin/view/Extension/LDAP/Authenticator/#HGenericLDAPconfiguration.

I was thinking if I want ssl I should only set xwiki.authentication.ldap.ssl = 1 without xwiki.authentication.ldap = 1

so my xwiki.cfg should look like this ?

xwiki.authentication.authclass=org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl
xwiki.authentication.ldap.trylocal=1
**xwiki.authentication.ldap=1**
xwiki.authentication.ldap.server=server
xwiki.authentication.ldap.ssl=1
xwiki.authentication.ldap.port=636
xwiki.authentication.ldap.ssl.secure_provider=com.sun.net.ssl.internal.ssl.Provider
xwiki.authentication.ldap.base_DN=DC=server,DC=global
xwiki.authentication.ldap.bind_DN=CN={0},OU=Production,DC=server,DC=global
xwiki.authentication.ldap.bind_pass={1}
xwiki.authentication.ldap.UID_attr=sAMAccountName
xwiki.authentication.ldap.update_user=1
xwiki.authentication.ldap.fields_mapping=last_name=sn,first_name=GivenName,email=mail,fullname=mailNickname

Those are two unrelated properties (other than being LDAP authenticator properties).

At least it will be enabled now :slight_smile: