computer-playbook/roles/web-app-xwiki/templates/xwiki.cfg.j2

# ---- Authentication selection
{% if XWIKI_OIDC_ENABLED | bool %}
xwiki.authentication.authclass=org.xwiki.contrib.oidc.auth.OIDCAuthServiceImpl
{% elif XWIKI_LDAP_ENABLED | bool %}
xwiki.authentication.authclass=org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl
xwiki.authentication.ldap=1
xwiki.authentication.ldap.trylocal={{ (XWIKI_LDAP_TRYLOCAL | bool) | ternary(1, 0) }}
xwiki.authentication.ldap.group_mapping=XWiki.XWikiAdminGroup={{ XWIKI_LDAP_ADMIN_GROUP_DN }}
xwiki.authentication.ldap.mode_group_sync=always
xwiki.authentication.ldap.server={{ XWIKI_LDAP_SERVER }}
xwiki.authentication.ldap.port={{ XWIKI_LDAP_PORT }}
xwiki.authentication.ldap.base_DN={{ XWIKI_LDAP_BASE_DN }}
xwiki.authentication.ldap.bind_DN={{ XWIKI_LDAP_BIND_DN }}
xwiki.authentication.ldap.bind_pass={{ XWIKI_LDAP_BIND_PASS }}
xwiki.authentication.ldap.fields_mapping={{ XWIKI_LDAP_FIELDS_MAPPING }}
xwiki.authentication.ldap.update_user=1
{% else %}
# Fallback: Native XWiki Auth
# xwiki.authentication.authclass=com.xpn.xwiki.user.impl.xwiki.XWikiAuthServiceImpl
{% endif %}

# ---- Superadmin must live in xwiki.cfg (not in xwiki.properties)
xwiki.superadminpassword={{ XWIKI_SUPERADMIN_PASSWORD }}