Open in app

Sign in

Write

Sign in

How to fix common LDAP issues in XWiki

Elena Oana Florea
3 min readAug 20, 2021
Photo by Matthew Waring on Unsplash

LDAP is an open computer network authentication protocol supported by many different directory services and access management solutions. As an enterprise platform, XWiki is commonly connected to an LDAP server to reuse information like users and groups, improve security and easily manage replication. Our seasoned support team would like to share with our community how to fix the most common LDAP issues in XWiki.

How to use XWiki with LDAP?

To connect XWiki to an LDAP server, you can choose any of the following options:

  • Manual configuration using the generic LDAP authenticator.
  • When connecting XWiki to an Active Directory server (e.g one of the directory servers that uses the LDAP protocol), we recommend choosing the dedicated application Active Directory Pro Application which offers a visual editor, advanced configuration options and technical support.

What are the most common configuration issues?

1. LDAP Invalid Credentials

For this type of connection issue, on support we noticed the following common symptoms:

  • The user cannot connect.
  • For the Active Directory Pro application, there is an error message when clicking to check the connection.
  • The server logs displays an error message mentioning “Invalid Credentials”, e.g.
Caused by: LDAPException: Invalid Credentials (49) Invalid Credentials
LDAPException: Server Message: 80090308: LdapErr: DSID-0C09042A, comment: AcceptSecurityContext error, data 52e, v3839

To investigate the issue, here is a recommendation from our support team:

  • Testing with a different user to confirm the problem is caused by the invalid password.
  • Checking the password for the LDAP bind DN used to setup the LDAP server

2. LDAP Certificates

Certificate issues can look similar to connection issues as the user also notices he cannot connect and the error message “Invalid credentials” may be present on the XWiki login UI. However, in this case there is a specific error on the application server logs:

Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path

Our support team recommends to check with the infrastructure team or your service provider to update the certificate.

3. Group mapping

To synchronize LDAP groups to XWiki groups, you would need to add the group mapping in xwiki.cfg or use the visual editor for the Active Directory Pro application.

When the group is not created in the wiki upon login, our support team recommends the following fix:

  • Check the exact group DN from the Active Directory/LDAP server and add it on the mapping section.

Tips and Tricks

Before you start any investigation for LDAP, our support team recommends to enable more logs:

  • Open the “Global Administration: Logging” section on your wiki.
  • Search for “ldap”.
  • Set the log level to DEBUG.
  • Redo the login and check again the server logs.

If you have further questions concerning LDAP and XWiki, do not hesitate to get in touch with us. Write to us directly on the support mail address support@xwiki.com or if you are a client, you can also contact the support team through our Customer Portal with your dedicated account.

Ldap
Authentication
Support
Xwiki
Wiki

--

--

Elena Oana Florea

Written by Elena Oana Florea

20 Followers

Support Director at XWiki. Passionate about open source, collaborative cultures and great customer service. https://www.linkedin.com/in/oanat/

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams