!! LDAP for JSPWiki 2.2

This module provides a simple LDAP based authenticator. Following properties are required: 
* jspwiki.authenticator - name of our class: LDAPAuthenticator 
* jspwiki.ldapAuthenticator.serverurl - URL of the server used for authentication (ex: ldap://myserver/) 
* jspwiki.ldapAuthenticator.binddn - DN of an existing user used when searching entries (ex: cn=myuser,dc=in,dc=mydomain) 
* jspwiki.ldapAuthenticator.binddn-password - Password for the previous DN (ex: mypassword) 
* jspwiki.ldapAuthenticator.accountattribute - attribute to search for (ex, for a Windows Directory: sAMAccountName) 
* jspwiki.ldapAuthenticator.searchbase - The DN of the branch of the directory where all searches should start from. (ex: dc=mydomain) 

Please note that this code as only been lightly tested against a Windows 2000 Active Directory LDAP server with version 2.1.103 of JSPWiki.

-- [Sebastien Tanguy|mailto:stanguy+jspwiki@gmail.com]

Parameters which must be set in jspwiki.properties:
* jspwiki.authorizer = PageAuthorizer
* jspwiki.policy.strictLogins = true
* jspwiki.auth.useOldAuth = true

There is working class with some changes which works fine with [OpenLDAP|http://www.openldap.org/] server.

-- [Raimondas Berniunas|mailto:raimondas.b@gmail.com]

!! LDAP for JSPWiki 2.4

For JSPWiki 2.4.x, there is a ~UserDatabase-based LDAP implementation available at http://kaukoluwiki.opendfki.de/wiki/LDAPUserDatabase .

--Kiesel, 26-July-2006

Here's an [overview|ActiveDirectoryIntegration] of what I did to get container authentication working for tomcat 5.5.x and Windows Active Directory.
--JRosler, 20-Oct-2006


! Discussion

This LDAPAuthenticator class will not work for newer versions of JSPWiki as there is no interface called WikiAuthenticator.

Is there LDAPAuthenticator available for newer versions.

Thanking You
Kiran Thakkar

--Kiran Thakkar, 16-Mar-2006


Hello! I have a problem with LDAPAuthentication from kaukoluwiki. Im using JSPWiki 2.6. On my localhost it works
without any problems. But when I deploy the same code to a testserver (changing baseURL in jspwiki.properties) the
LDAPAuthentication is not invoked. "Failed Login" error by AuthenticationManager.class

Has anybody an idea what is going wrong???

Thx a lot,

--Tom, 13-Mar-2008


I'm planning to release ASAP a new class which will work with the newest version of JspWiki.
-- [Raimondas Berniunas|mailto:raimondas.b@gmail.com]

--Raimis, 13-Apr-2006


Hi Raimis --

There are two ways you could do this with the 2.3.x version of JSPWiki:
* __Create a JAAS LoginModule__ that interfaces with LDAP. Then, you'd add the login module to the JAAS configuration file {{jspwiki.jaas}} that tells JSPWiki which login modules to invoke. You'd add it to this block:
{{{JSPWiki-custom {
  com.raimis.LDAPLoginModule    SUFFICIENT;
  com.ecyrd.jspwiki.auth.login.UserDatabaseLoginModule    SUFFICIENT;
}; }}}
* __Implement UserDatabase__ so that it calls LDAP for authentication, and can store and retrieve user attributes. In this case, you'd need users to modify the {{jspwiki.userdatabase}} property in {{jspwiki.properties}}. 

Either method would work, but if using LDAP as a repository for user information is what you want, a custom UserDatabase implementation is the way to go... and if that's something you choose to do, I'd be ''very'' interested in adding it to the core JSPWiki build.

PS. There is a third alternative that I didn't mention -- if you use your servlet container's authentication system, then you clearly have the ability to use whatever the container provides. Most containers provide a sample LDAP authentication option. But I assumed you wanted something that was less container-dependent, and usable with any JSPWiki implementation.

--AndrewJaquith, 15-Apr-2006


Hi Andrew

Can you please elaborate on first option.
I mean if i write LDAPAuthentication code in LoginModule then what will take place of UserDatabase.
And UserDatabase is used at so many places specially to check ACLs.

If i can have some more idea on first option then i don't mind writing it so that we can use it.

--Kiran Thakkar, 17-May-2006