UI that makes it easier to configure LDAP

Description

Usage

As an administrator, visit your wiki's administration area and get into the LDAP section:

Enabling LDAP authentication on a wiki

The LDAP application assumes LDAP is enabled as the main authenticator via the bundled XWiki LDAP authenticator. If it's not the case, you will be "welcomed" with the following warning message:

In the event you encounter this message, please report to the administration guide in order to enable the LDAP authenticator on your wiki.

Using this requires LDAP authentication to be enabled in xwiki.cfg.

Search for:

Uncomment it and then restart your Tomcat instance.

There should be no other parts of the LDAP configuration enabled.

Once this is all set up, you can start configuring all other LDAP settings directly into XWiki administrative area. If you are running a farm of wikis (via XWiki Enterprise Manager), you can have different LDAP settings on a per-wiki basis.

The first setting offered allows you to decide if LDAP authentication should be enabled for the wiki at hand. In a single-wiki environment, this option can be used as a switch for LDAP authentication. In a multi-wiki environment this option helps you decide on which wikis should users be created. A classical configuration will be to enable LDAP on the main wiki, and disable it on other wikis, to have users centralized on the main wiki.

See use cases of configuration to authenticate users with LDAP for some examples of the configuration that used the previous method.

Configuring a LDAP connection

When you've decided to enable LDAP authentication on a wiki, you can then let XWiki know how it should connect to the LDAP server via a set of parameters exposed by the LDAP administration UI. Note that those parameters as well as any other parameter below this point are in fact overriding matching properties in xwiki.cfg. This means that if you or the server administrator of your wiki already have configured the LDAP connection in the XWiki configuration file, you can use this application to just override some settings (on a per wiki basis on a farm, for example) or to fill settings that have been ignored in the configuration file (like users and groups mappings for example). If, on the contrary, no LDAP configuration has been established at all in xwiki.cfg on the filesystem (except for setting LDAP as main authenticator), you will then have to fill in sufficient information in the LDAP administration section for the LDAP connection to work properly.

In order to communicate with your LDAP server, XWiki needs to know at least two pieces of information:

• The address (IP or domain name) of the server and the port to connect to. For example 127.0.0.1 and 389 for a server that would be located on the same machine and running on the standard LDAP port
• A bind login and password to connect to the server with. This can be left empty for annonymous access to the LDAP server. If you want the user's own login to be used for binding when they connect to XWiki, you can use {0} as placeholder for the user uid field, and {1} for his passsword. See the image below for an example configuration:

Mapping user properties and groups

A typical use of this LDAP administration UI will be to configure user and groups mappings, as it offers a more visual way to provide this informations. This permits to link fields of user profiles on the LDAP server to fields of the user profile in XWiki, as well as mapping groups or searches on LDAP to XWiki groups. The image below illustrate how you can take advantage of such mappings:

Prerequisites & Installation Instructions

We recommend using the Extension Manager to install this extension (Make sure that the text "Installable with the Extension Manager" is displayed at the top right location on this page to know if this extension can be installed with the Extension Manager). Note that installing Extensions when being offline is currently not supported and you'd need to use some complex manual method.

You can also use the following manual method, which is useful if this extension cannot be installed with the Extension Manager or if you're using an old version of XWiki that doesn't have the Extension Manager:

1. Log in the wiki with a user having Administration rights
2. Go to the Administration page and select the Import category
3. Follow the on-screen instructions to upload the downloaded XAR
4. Click on the uploaded XAR and follow the instructions
5. You'll also need to install all dependent Extensions that are not already installed in your wiki

Dependencies

Dependencies for this extension (org.xwiki.platform:xwiki-platform-ldap-ui 7.0):

• org.xwiki.rendering:xwiki-rendering-macro-html 7.0
• org.xwiki.platform:xwiki-platform-rendering-macro-velocity 7.0
• org.xwiki.platform:xwiki-platform-ldap-api 7.0