Xwiki 13.1 LDAP Secure installation and configuration

Hello @all,
I’m new with xwiki and need some help with the configuration.
I have install xwiki 13.1 with Apache Tomcat/9.0.31 and openjdk version “11.0.10”
Also the LDAP Authenticator 9.5.2 is installed.
My xwiki.cfg looks like this:

######add LDAP Auth
#-# LDAP authentication service
xwiki.authentication.authclass=org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl
#LDAPS
xwiki.authentication.ldap.server=mydom.com
xwiki.authentication.ldap.ssl=1
xwiki.authentication.ldap.port=636
xwiki.authentication.ldap.ssl.secure_provider=com.sun.net.ssl.internal.ssl.Provider
xwiki.authentication.ldap.base_DN=dc=mydom,dc=com
xwiki.authentication.ldap.bind_DN=sub{0}
xwiki.authentication.ldap.bind_pass={1}
xwiki.authentication.ldap.UID_attr=sAMAccountName
xwiki.authentication.ldap.fields_mapping=name=sAMAccountName,last_name=sn,first_name=givenName,fullname=displayName,email=mail,ldap_dn=dn
xwiki.authentication.ldap.trylocal=1
xwiki.authentication.ldap.update_user=1

I trie to search for user or Login with AD-Credentials but nothing is working
I trie to seeing in the Log vom Tomcat anything but there is no LDAP connection.
What I’m doing wrong?

many thank for helping
TheBob

is there no one how can help me with LDAP Auth?
I have try that also with the latest lts Version 12.10.06 with LDAP Application.
I test it also without ssl and xwiki.authentication.ldap.bind_DN wiht User and domain\{0}
Everything i try is not working

Pls help!
may thanks

Hello @all,
i have found configuration working on XWiki LTS Version with installed LDAP Application and Authenticator.

Configuration xwiki.cfg:

######add LDAP Auth
#-# LDAP authentication service
xwiki.authentication.authclass=org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl

#-# Turn LDAP authentication on - otherwise only XWiki authentication
#-# - 0: disable
#-# - 1: enable
#-# The default is 0
xwiki.authentication.ldap=1

#-# Enable local accounts in addition to LDAP.
#-# Without this setting you will be unable to log into XWiki with local accounts.
#-# - 0: disable
#-# - 1: enable
#-# The default is 0
xwiki.authentication.ldap.trylocal=1

#LDAPS
xwiki.authentication.ldap.ssl=1
xwiki.authentication.ldap.ssl.secure_provider=com.sun.net.ssl.internal.ssl.Provider

Update Certificate to TrustStore:

keytool -import -trustcacerts -alias ca -file certificate.cer -keystore cacerts

Global Administration - other - LDAP

Enable or not LDAP authentication = Yes
Ldap Serveradresse = IP oder FQDN from LDAP Server
Ldap Server-Port = 636
Ldap Login = User@domain.xxx
Ldap pwd = Password from user
Ldap BaseDN = ou=User,ou=aaa,ou=bb,dc=local,dc=com (dependend of you AD Directory)
Ldap UID Attributname = sAMAccountName
Try local Auth if LDAP is not available = Yes
LDAP User Mapping = last_name → sn; first_name → givenName; etc.

Also you can specify group-mapping like this:

local_Group_name → cn=AD-GroupX,ou=Groups,ou=aaa,ou=bbb,dc=local,dc=com

Thats all
Hope this helps someone.
regards.
TBC

Hi, did you manage to get LDAPS working with Xwiki 13 ?

Enabling debug log returns the following when trying to auth through LDAPS :

org.xwiki.contrib.ldap.XWikiLDAPException: Error number 0 in 5: Fail to load secure ssl provider.
[…]
Caused by: java.lang.ClassNotFoundException: com.sun.net.ssl.internal.ssl.Provider
at java.base/java.net.URLClassLoader.findClass(URLClassLoader.java:445)
at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:587)
at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:520)
at org.xwiki.classloader.xwiki.internal.ContextNamespaceURLClassLoader.loadClass(ContextNamespaceURLClassLoader.java:176)
at org.xwiki.contrib.ldap.XWikiLDAPConfig.getSecureProvider(XWikiLDAPConfig.java:535)
… 56 common frames omitted

Tried with OpenJDK 14 and Java 17.0.1, same result.

unsecure LDAP is working though.

Hello,
under the 13.x version I have not LDAP to run and therefore only the LTS version 12.10.x running.