【Linux】架設 xwiki，並使用 LDAP (新增手動安裝)

tags: OlitGlobal Linux

Common 目標

• 建立可以搭配 LDAP 的 wiki
  • LDAP：Lightweight Directory Access Protocol 輕型目錄存取協定
• 官網：xwiki
• 中文官網：xwiki中文网

Tutorial 教學1：預設資料庫 HSQLDB

步驟1：安裝套件

• apt-get update && apt-get upgrade
• 安裝 Java

sudo add-apt-repository ppa:webupd8team/java
sudo apt-get update
sudo apt-get install oracle-java8-installer

java -version

步驟2：下載並安裝 xwiki

• 下載連結：http://download.forge.ow2.org/xwiki/
  • 可以自行找到最新版本下載
    
    
  • wget http://download.forge.ow2.org/xwiki/xwiki-enterprise-installer-generic-9.4-standard.jar
• 安裝：sudo java -jar xwiki-enterprise-installer-generic-9.4-standard.jar

步驟3：啟動 xwiki

• 安裝完成後
• 啟動 xwiki

  cd /usr/local/XWiki Enterprise 9.4
  sudo bash start_xwiki.sh
  

• 開啟瀏覽器：localhost:8080

步驟4：設定防火牆 ufw

• 若開啟8080不會自動導向xwiki，請調整ufw設定

sudo ufw enable
sudo ufw allow 8080/tcp
sudo ufw reload
sudo ufw status

• 開啟瀏覽器：localhost:8080

Tutorial 教學2：其他資料庫

步驟1：安裝套件

• apt-get update && apt-get upgrade
• apt-get install tomcat8
• xwiki

wget -q "http://maven.xwiki.org/public.gpg" -O- | sudo apt-key add -
wget "http://maven.xwiki.org/stable/xwiki-stable.list" -P /etc/apt/sources.list.d/

apt-get update

步驟2：安裝 XWiki Enterprise

• apt-cache search xwiki

• 依照需求下載
  • MySQL：apt-get install xwiki-enterprise-tomcat8-mysql
  • PostgreSQL：apt-get install xwiki-enterprise-tomcat8-pgsql

步驟3：設定 tomcat

• 新增資料夾：mkdir /var/lib/tomcat8/bin

• 新增設定檔：vim /var/lib/tomcat8/bin/setenv.sh

  • 注意：Xms, Xmx 不要大於或等於記憶體大小，可能會導致tomcat無法start或restart
  • 注意：要設置JAVA_HOME，避免使用Java 9以上的版本，可能出錯
  

#!/bin/sh
export JAVA_HOME="/usr/local/java/jdk1.8.0"
export JAVA_OPTS="${JAVA_OPTS} -Djava.awt.headless=true"
CATALINA_OPTS="-Xms4096M -Xmx4096M -XX:PermSize=512M -XX:MaxPermSize=512M"

• 重啟 tomcat：/etc/init.d/tomcat8 restart
  • 其他 tomcat 啟動方式
• 開啟瀏覽器：localhost:8080/xwiki

步驟4：初始化 xwiki

• Step 2 - User Interface
  • 一定要下載升級插件，install

Tutorial 教學3：手動安裝

步驟1：下載套件

• tomcat：各版本下載連結
  • sudo wget http://apache.mirrors.ionfish.org/tomcat/tomcat-8/v8.5.38/bin/apache-tomcat-8.5.38.tar.gz
• xwiki：各版本下載連結
  • sudo wget http://nexus.xwiki.org/nexus/content/groups/public/org/xwiki/platform/xwiki-platform-distribution-war/11.1/xwiki-platform-distribution-war-11.1.war

步驟2：解壓縮

• 選擇適當的位置，放tomcat、xwiki檔案
• tomcat：tar zxvf FileName.tar.gz
• 將xwiki的war檔，放置於 tomcat/webapps
• 啟動tomcat：bin/startup.sh
  • 若有port的問題，可以再啟動前先修改設定檔
  • 設定檔：conf/server.xml
• xwiki自動解壓縮

步驟3：PostgreSQL JDBC Driver

• 放置於 tomcat/lib
• sudo wget https://jdbc.postgresql.org/download/postgresql-42.2.5.jar

步驟4：修改設定檔

• conf/server.xml
  • 添加：URIEncoding="UTF-8"

<Connector port="9080" protocol="HTTP/1.1"
    URIEncoding="UTF-8"
    connectionTimeout="20000"
    redirectPort="9443" />

• webapps/xwiki/WEB-INF/hibernate.cfg.xml
  • 修改資料庫的部分，舉例：PostgreSQL

<property name="connection.url">jdbc:postgresql:xwiki</property>
<property name="connection.username">xwiki</property>
<property name="connection.password">1234</property>
<property name="connection.driver_class">org.postgresql.Driver</property>
<property name="dialect">org.hibernate.dialect.PostgreSQLDialect</property>
<property name="xwiki.virtual_mode">schema</property>
<property name="jdbc.use_streams_for_binary">false</property>

• 補充：xwiki 11.1 版

LDAP

新增 LDAP 插件

• 使用管理員登入

• 進入管理wiki設定頁面，並選擇 Extensions

  
  
  

• 搜尋 LDAP，選擇 LDAP Authenticator 安裝

  
  
  

• 設定 WEB-INF/xwiki.cfg

  • vim /usr/lib/xwiki/WEB-INF/xwiki.cfg

#-# LDAP authentication service
xwiki.authentication.authclass=org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl

#-# Turn LDAP authentication on - otherwise only XWiki authentication
#-# - 0: disable
#-# - 1: enable
#-# The default is 0
xwiki.authentication.ldap=1

#-# Enable local accounts in addition to LDAP.
#-# Without this setting you will be unable to log into XWiki with local accounts.
#-# - 0: disable
#-# - 1: enable
#-# The default is 0
xwiki.authentication.ldap.trylocal=1

• 設定 xwiki.cfg
  • vim /etc/xwiki/xwiki.cfg

#-# Turn LDAP authentication on - otherwise only XWiki authentication
#-# - 0: disable
#-# - 1: enable
#-# The default is 0
xwiki.authentication.ldap=1

#-# LDAP Server (Active Directory, eDirectory, OpenLDAP, etc.)
#-# The default host is localhost
xwiki.authentication.ldap.server=localhost
#-# The default port is 389 (636 if xwiki.authentication.ldap.ssl is enabled)
xwiki.authentication.ldap.port=389

#-# LDAP credentials, empty = anonymous access, otherwise specify full dn
#-# {0} is replaced with the user name, {1} with the password
xwiki.authentication.ldap.bind_DN=cn={0},department=USER,department=INFORMATIK,department=1230,o=MP
xwiki.authentication.ldap.bind_pass={1}

#-# The Base DN used in LDAP searches
xwiki.authentication.ldap.base_DN=

#-# LDAP query to search the user in the LDAP database (in case a static admin user is provided in
#-# xwiki.authentication.ldap.bind_DN)
#-# {0} is replaced with the user uid field name and {1} with the user name
#-# The default is ({0}={1})
# xwiki.authentication.ldap.user_search_fmt=({0}={1})

#-# Only members of the following group can authenticate.
#-# The following kind of groups are supported:
#-# * LDAP static groups (users/subgroups are listed statically in the group object)
#-# * [Since 3.3M1] LDAP organization units (users/subgroups are sub object of the provided organization unit)
#-# * [Since 3.3M1] LDAP filter (users/groups are object found in a search with the provided filter)
# xwiki.authentication.ldap.user_group=cn=developers,ou=groups,o=MegaNova,c=US

#-# [Since 1.5RC1]
#-# Only users not member of the following group can authenticate.
#-# The following kind of groups are supported:
#-# * LDAP static groups (users/subgroups are listed statically in the group object)
#-# * [Since 3.3M1] LDAP organization units (users/subgroups are sub object of the provided organization unit)
#-# * [Since 3.3M1] LDAP filter (users/groups are object found in a search with the provided filter)
# xwiki.authentication.ldap.exclude_group=cn=admin,ou=groups,o=MegaNova,c=US

#-# Specifies the LDAP attribute containing the identifier to be used as the XWiki name
#-# The default is cn
xwiki.authentication.ldap.UID_attr=cn

#-# [Since 1.5M1]
#-# The potential LDAP groups classes. Separated by commas.
#-# The default is group,groupOfNames,groupOfUniqueNames,dynamicGroup,dynamicGroupAux,groupWiseDistributionList,posixGroup,apple-group
# xwiki.authentication.ldap.group_classes=group,groupOfNames,groupOfUniqueNames,dynamicGroup,dynamicGroupAux,groupWiseDistributionList,posixGroup,apple-group

#-# [Since 1.5M1]
#-# The potential names of the LDAP groups fields containings the members. Separated by commas.
#-# The default is member,uniqueMember,memberUid
# xwiki.authentication.ldap.group_memberfields=member,uniqueMember,memberUid

#-# Retrieve the following fields from LDAP and store them in the XWiki user object (xwiki-attribute=ldap-attribute)
#-# By default the list is empty
xwiki.authentication.ldap.fields_mapping=last_name=sn,first_name=givenName,email=mail

#-# [Since 1.3M2]
#-# On every authentication update the mapped attributes from LDAP to XWiki otherwise this happens only once when the XWiki
#-# account is created.
#-# - 0: only when creating user
#-# - 1: at each authentication
#-# The default is 0
xwiki.authentication.ldap.update_user=1

• 重啟 tomcat：/etc/init.d/tomcat8 restart
  • 其他 tomcat 啟動方式

Result 完成畫面

• 一定要登入，才能看到畫面

Tomcat

• service：sudo service tomcat7 restart
• systemctl：sudo systemctl restart tomcat8

常用指令

• start
• stop
• restart
• status

Extensive Reading 延伸閱讀

1. 介紹LDAP
2. Ubuntu based GNU/Linux 上的防火牆 (ufw) 基本設定
3. [PostgreSQL]

Reference 參考資料

1. Install XWiki on Ubuntu 16.04
2. 如何在Ubuntu 16.04上安装和配置XWiki
3. LDAP Authenticator
4. ubuntu 官方文件 - systemctl
5. Installing XWiki .war package manually
6. xwiki Installation