[xwiki-notifications] [Issue] Commented: (XWIKI-2264) LDAP authentication does not support "." in login names

philip wright (JIRA) jira at xwiki.org
Mon Jun 16 23:23:55 CEST 2008 

    [ http://jira.xwiki.org/jira/browse/XWIKI-2264?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=26348#action_26348 ] 

philip wright commented on XWIKI-2264:
--------------------------------------

I have attempted 1.4.1 and 1.5M2 hopeing this patch was included however I get the below error with the below config.  I can hoever authenticate with CN as being the UID however I can not administer the login because XWIKI currently does not support loginID with spaces which all of my CN's have.  Additinall all of my SamAccountNames have "." between the first and last name.  I am using AD as my LDAP.

Error:



2008-06-16 14:15:03,864 [http://172.24.232.54:81/xwiki/bin/loginsubmit/XWiki/XWikiLogin] [P1-18] WARN  LDAP.XWikiLDAPAuthServiceImpl   - LDAP authentication failed. 
com.xpn.xwiki.XWikiException: Error number 8001 in 8: Can't find LDAP user DN.
	at com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWikiLDAPAuthServiceImpl.java:268)
	at com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.authenticate(XWikiLDAPAuthServiceImpl.java:107)
	at com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.authenticate(MyFormAuthenticator.java:195)
	at com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:128)
	at com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:113)
	at com.xpn.xwiki.user.impl.xwiki.XWikiAuthServiceImpl.checkAuth(XWikiAuthServiceImpl.java:213)
	at com.xpn.xwiki.XWiki.checkAuth(XWiki.java:3412)
	at com.xpn.xwiki.user.impl.xwiki.XWikiRightServiceImpl.checkAccess(XWikiRightServiceImpl.java:137)
	at com.xpn.xwiki.XWiki.checkAccess(XWiki.java:3420)
	at com.xpn.xwiki.XWiki.prepareDocuments(XWiki.java:4382)
	at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:189)
	at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:431)
	at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:236)
	at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1196)
	at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:432)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:616)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:689)
	at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:428)
	at org.mortbay.jetty.servlet.WebApplicationHandler$CachedChain.doFilter(WebApplicationHandler.java:830)
	at com.xpn.xwiki.web.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:112)
	at org.mortbay.jetty.servlet.WebApplicationHandler$CachedChain.doFilter(WebApplicationHandler.java:821)
	at org.mortbay.jetty.servlet.WebApplicationHandler.dispatch(WebApplicationHandler.java:471)
	at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:568)
	at org.mortbay.http.HttpContext.handle(HttpContext.java:1565)
	at org.mortbay.jetty.servlet.WebApplicationContext.handle(WebApplicationContext.java:633)
	at org.mortbay.http.HttpContext.handle(HttpContext.java:1517)
	at org.mortbay.http.HttpServer.service(HttpServer.java:954)
	at org.mortbay.http.HttpConnection.service(HttpConnection.java:816)
	at org.mortbay.http.HttpConnection.handleNext(HttpConnection.java:983)
	at org.mortbay.http.HttpConnection.handle(HttpConnection.java:833)
	at org.mortbay.http.SocketListener.handleConnection(SocketListener.java:244)
	at org.mortbay.util.ThreadedServer.handle(ThreadedServer.java:357)
	at org.mortbay.util.ThreadPool$PoolThread.run(ThreadPool.java:534)

#-------------------------------------------------------------------------------------
# LDAP
#-------------------------------------------------------------------------------------

#-# new LDAP authentication service
xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl

#-# Turn LDAP authentication on - otherwise only XWiki authentication
#-# 0 : disable
#-# 1 : enable
xwiki.authentication.ldap=1

#-# LDAP Server (Active Directory, eDirectory, OpenLDAP, etc.)
xwiki.authentication.ldap.server=xxxx
xwiki.authentication.ldap.port=389

#-# LDAP login, empty = anonymous access, otherwise specify full dn 
#-# {0} is replaced with the username, {1} with the password
xwiki.authentication.ldap.bind_DN=CN=username,OU=XXX,DC=gw,DC=xxx,DC=xxx,DC=xxx
xwiki.authentication.ldap.bind_pass=password

#-# only members of the following group will be verified in the LDAP
# otherwise only users that are found after searching starting from the base_DN
#xwiki.authentication.ldap.user_group=cn=developers,ou=groups,o=MegaNova,c=US

#-# base DN for searches
xwiki.authentication.ldap.base_DN=DC=XX,DC=XX,DC=XXX,DC=XXX

#-# specifies the LDAP attribute containing the identifier to be used as the XWiki name (default=cn)
xwiki.authentication.ldap.UID_attr=samaccountname

#-# retrieve the following fields from LDAP and store them in the XWiki user object (xwiki-attribute=ldap-attribute)
ldap_dn=dn  -- dn is set by class, caches dn in XWiki.user object for faster access
xwiki.authentication.ldap.fields_mapping=last_name=sn,first_name=givenName,fullname=fullName,email=mail,ldap_dn=dn

#-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl]
#-# on every login update the mapped attributes from LDAP to XWiki otherwise this happens only once when the XWiki account is created.
xwiki.authentication.ldap.update_user=1

#-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl]
#-# mapps XWiki groups to LDAP groups, separator is "|"
#-# xwiki.authentication.ldap.group_mapping=XWiki.XWikiAdminGroup=cn=AdminRole,ou=groups,o=MegaNova,c=US|\
#                                         XWiki.Organisation=cn=testers,ou=groups,o=MegaNova,c=US

#-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl]
#-# time in s after which the list of members in a group is refreshed from LDAP (default=3600*6)
xwiki.authentication.ldap.groupcache_expiration=21800

#-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl]
#-# - create : synchronize group membership only when the user is first created
#-# - always: synchronize on every login
xwiki.authentication.ldap.mode_group_sync=always

#-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl]
#-# if ldap authentication fails for any reason, try XWiki DB authentication with the same credentials
xwiki.authentication.ldap.trylocal=1

#-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl]
#-# SSL connection to LDAP server
#-# 0 : normal
#-# 1 : SSL
# xwiki.authentication.ldap.ssl=0

#-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl]
#-# The keystore file to use in SSL connection
# xwiki.authentication.ldap.ssl.keystore=

> LDAP authentication does not support "." in login names
> -------------------------------------------------------
>
>                 Key: XWIKI-2264
>                 URL: http://jira.xwiki.org/jira/browse/XWIKI-2264
>             Project: XWiki Core
>          Issue Type: Bug
>          Components: Auth Service - LDAP
>    Affects Versions: 1.3
>            Reporter: Thomas Mortagne
>            Assignee: Thomas Mortagne
>             Fix For: 1.5 M2
>
>         Attachments: support_login_with_point_in_ldap.patch, support_login_with_point_in_ldap.patch
>
>
> The problem is not at LDAP authenticator level but more generally in XWiki which does not support "." in documents name.
> As it will be too difficult to correct soon on XWiki and it's really needed feature, I propose to add a workaround in LDAP : replace "." with something else like "_" or nothing when creating/updating the XWiki user from LDAP. The only problem here is that login and user name will be different but it's not big issue in my point of view.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.xwiki.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the notifications mailing list