How to fix common LDAP issues in XWiki

19 Aug 2021 5 min read

Written by

Oana Elena Florea

, Customer Support Manager

LDAP is an open computer network authentication protocol supported by many different directory services and access management solutions. As an enterprise platform, XWiki is commonly used with an LDAP server to reuse information like users and groups, improve security and easily manage replication. Our seasoned support team would like to share with our community how to fix the most common LDAP issues in XWiki.

How to connect XWiki with LDAP?

To connect XWiki to an LDAP server, you can choose any of the following options:

What are the most common configuration issues?

1. LDAP Invalid Credentials

For this type of connection issue, on support we noticed the following common symptoms:

  • The user cannot connect.
  • For the Active Directory Pro application, there is an error message when clicking to check the connection.

    LDAPConnectionError.png

  • The server logs display an error message mentioning “Invalid Credentials”, e.g.
Caused by: LDAPException: Invalid Credentials (49) Invalid Credentials
LDAPException: Server Message: 80090308: LdapErr: DSID-0C09042A, comment: AcceptSecurityContext error, data 52e, v3839

To investigate the issue, here is a recommendation from our support team:

  • Testing with a different user to confirm the problem is caused by the invalid password.
  • Checking the password for the LDAP bind DN used to setup the LDAP server 

2. LDAP Certificates

Certificate issues can look similar to connection issues as the user notices he cannot connect and the error message “Invalid credentials” may be present on the XWiki login UI. However, in this case, there is a specific error on the application server logs:

Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path

Our support team recommends checking with the infrastructure team or your service provider to update the certificate.

3. Group mapping

To synchronize LDAP groups to XWiki groups, you would need to add the group mapping in xwiki.cfg or use the visual editor for the Active Directory Pro application.

When the group is not created in the wiki upon login, our support team recommends the following fix:

  • Check the exact group DN from the Active Directory/LDAP server and add it to the mapping section.

ADGroupMapping.png

Tips and Tricks

Before you start any investigation for LDAP, our support team recommends enabling more logs:

  • Open the “Global Administration: Logging” section on your wiki.
  • Search for “ldap”.
  • Set the log level to DEBUG.

LDAP-logging.png

  • Redo the login and check again the server logs.

If you have further questions concerning LDAP and XWiki, do not hesitate to get in touch with us. Write to us directly on the support mail address support@xwiki.com or if you are a client, you can also contact the support team through our Customer Portal with your dedicated account.

Looking to connect to Azure? Take a look at the new Microsoft Azure Active Directory Single Sign-On Pro application.

You may also be interested in:

Best practices

How Santa's elves manage Christmas operations with XWiki

Santa may get all the glory, but it’s the elves, backed by XWiki, who ensure all operations run smoothly like butter biscuits and Christmas magic happens on time. Learn what features are of great help for the elves in supporting Santa Claus to deliver Christmas.

News

🤖 The first AI-assistant in XWiki is here! (BETA)

XWiki SAS announces the release of the first XWiki LLM application (BETA), funded by NGI Search. The app integrates AI-powered functionalities directly into your wiki instance, bringing content generation, translation, and intelligent knowledge retrieval to your fingertips. To facilitate this, we’ve integrated a chatbot inside XWiki that allows you to ask any question about the information in your wiki, receiving answers based on our Retrieval Augmented Generation (RAG) system. Additionally, the LLM app offers you flexibility and control over your data through the chosen model, ensuring that your sensitive information remains private and secure. Read the full announcement here.