HorlogeSkynet/blog
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Fixes mistakes and improves procedure clarity for XWiki and LDAPS

Browse Source
This commit is contained in:
Samuel FORESTIER
2019-01-31 08:26:01 +01:00
parent da07f4f3ce
commit df5e7cd94c
1 changed files with 4 additions and 4 deletions

8
_posts/2018-11-21-how-to-lean-an-xwiki-docker-container-against-active-directory-over-ldaps.md

@ -35,7 +35,7 @@ docker run \
--name xwiki \
-p 127.0.0.1:8080:8080 \
-v /data/xwiki:/usr/local/xwiki \
-v /etc/ssl/certs/ca-certificates.crt:/usr/local/share/ca-certificates/your-ca.crt:ro \
-v /usr/local/share/ca-certificates/your-ca.crt:/usr/local/share/ca-certificates/your-ca.crt:ro \
-e DB_USER=xwiki \
-e DB_PASSWORD=pass_4_xwiki \
-e DB_DATABASE=xwiki \
@ -51,7 +51,7 @@ docker restart xwiki
So basically, we create a new container named `xwiki` from the `xwiki:mysql-tomcat` official image.
The most important parts are the mounted volumes.
The first one will allow us to tweak the XWiki configuration from our host (and of course will add some persistance for the data files and the extensions), under `/data/xwiki/`.
The first one will allow us to tweak the XWiki configuration from our host (and of course will add some persistence for the data files and the extensions), under `/data/xwiki/`.
The second one is interesting : We actually map the bundle of our CA (present on the host) into the `/usr/local/share/ca-certificates/` directory, which is supposed to store our personal CAs (note the `ro` (read only) aspect of the mapping).
After its creation, we execute two commands within our container :
@ -67,7 +67,7 @@ Once the additions has been performed, we restart our container to make the JVM
### The configuration
Now that you noticed where our XWiki configuration is located, I wil show you the required entries to perform LDAP authentication from the application !
Now that you noticed where our XWiki configuration is located, I will show you the required entries to perform LDAP authentication from the application !
`# nano /data/xwiki/data/xwiki.cfg`
@ -96,7 +96,7 @@ xwiki.authentication.ldap.base_DN=OU=Users,DC=YOUR,DC=DOMAIN,DC=NAME
{% endhighlight %}
So here we enabled SSL/TLS for LDAP connections and configured some parameters to lean the authentication process against our Active Directory directly.
A precision though : You will have to replace the `PrivilegedUser` & its associated password by the credentials of an user with read rights on your dictionnary.
A precision though : You will have to replace the `PrivilegedUser` & its associated password by the credentials of an user with read rights on your dictionary.
### The execution