LDAPUserDatabase

The JSPWiki/Kaukolu LDAPUserDatabase class allows to use an LDAP server as authentication/user information backend. It can be used with this LDAPLoginModule for user authentication or with existing container managed authentication like JNDI - LDAP lookups. With modifications, it can also work with an unmodified (non posixAccount) Active Directory LDAP server.

Features

• Connects via ldap(s) to an LDAP server
• Authenticates to the LDAP server using the credentials entered by the user (no anonymous binding)
• Pulls user info from LDAP entry (expects a posixAccount LDAP object, see createUserProfileFromAttributes() method for details)
  • User wiki name is built from cn attribute (minus spaces)
• Read-only LDAP access (no updates of the LDAP directory using the wiki)

Status

• Works with JSPWiki 2.4 (changeset:365 needed)
• Works with Kaukolu
• Inefficient (no connection pooling)
• User info gets cached indefinitely (until wiki restart)
• No support for LDAP groups (yet)

Download

None yet, pull sources directly from SVN:

• LDAPUserDatabase.java​
• LDAPLoginModule.java​

Installation

• Download the two java files
• Build/deploy war (could you please add more information about how to do this step)
• Change this in jspwiki.properties:

  jspwiki.security = jaas
  jspwiki.userdatabase = de.opendfki.kaukoluwiki.auth.user.LDAPUserDatabase
  

• Add this to jspwiki.properties:

  jspwiki.ldapuserdatabase.providerurl = ldap://ldap.example.org/ou=People,dc=example,dc=org
  jspwiki.ldapuserdatabase.principal = uid=$USERNAME,ou=People,dc=example,dc=org
  

• Change JSPWiki-custom config in jspwiki.jaas:

  JSPWiki-custom {
    de.opendfki.kaukoluwiki.auth.login.LDAPLoginModule    REQUIRED;
  };
  

Support

None but you may use the ticket system on this site of course.