[xwiki on docker] Issue with configuration of LDAP

Help / Discuss
,
#1

Hey guys!

I’ve tried a few things and can’t get any further.

I have installed the “LDAP Authenticator” extension with the aim of granting certain users in our AD access to the wiki.

According to the instructions on the extension website, the xwiki.cfg file in the WEB-INF directory should be adjusted with the following attributes after installation:

#-# LDAP authentication service
xwiki.authentication.authclass=org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl

#-# Turn LDAP authentication on - otherwise only XWiki authentication
#-# - 0: disable
#-# - 1: enable
#-# The default is 0
xwiki.authentication.ldap=1

#-# Enable local accounts in addition to LDAP.
#-# Without this setting you will be unable to log into XWiki with local accounts.
#-# - 0: disable
#-# - 1: enable
#-# The default is 0
xwiki.authentication.ldap.trylocal=1

(and more of course, but otherwise it will be too long)

When I connect to the container with docker exec and want to edit the file, I don’t have a single entry that has anything to do with LDAP. I also can’t find the variable xwiki.authentication.authclass anywhere…

What am I doing wrong?

#2

You just need to add that whole section to the file (and remember to readd it on update).

The xwiki.cfg file (and the .properties one) is XWiki configuration file. Both the directives for XWiki itself and for extensions must be set there, but those for extensions of course aren’t already there.

#3

I see, makes sense. Thanks a lot!

One more question regarding LDAP:
If I change the authentication method in the xWiki admin panel to LDAP server (instead of authentication with users created manually in the admin panel), I can no longer log in with these self-created users.

Is there any way to use LDAP and the users created on xwiki at the same time?

#4

@MagaZne You can use local XWiki users when the LDAP authentication is enabled, but you cannot use LDAP users when LDAP authentication is not enabled. The authentication is checked by LDAP and not by XWiki, for the LDAP users.

Does this answer to your question?