[xwiki-users] Active Directory
Thomas Mortagne
thomas.mortagne at xwiki.com
Thu May 8 13:59:41 CEST 2008
Try to uncomment xwiki.authentication.ldap.validate_password=0
You should not have 5 as this is used to force login/pass validation
when you don't connect to LDAP with provided user/pass (bind_DN and
bind_pass set to an existing ldap user/pass)
Another thing, in your example you seem to test with a user name
containing a ".", the LDAP authenticator does not support it yet, see
http://jira.xwiki.org/jira/browse/XWIKI-2264
2008/5/8 Mihails Agafonovs <_muxa at inbox.lv>:
> Here's a pice from xwiki.log:
> -----------------------------------------------
> java.lang.NullPointerException
> at
> com.xpn.xwiki.plugin.lucene.IndexUpdater.run(IndexUpdater.java:209)
> at java.lang.Thread.run(Thread.java:619)
> 2008-05-07 14:11:31,078 [index updating thread] [Thread-20] ERROR
> lucene.IndexUpdater - Writer not open and closeWriter
> called
> 2008-05-07 14:15:49,735 [http://192.168.220.128/xwiki/bin/view/Main]
> [TP-Processor3] INFO .AbstractXWikiMigrationManager - No storage
> migration required since current version is [7351]
> 2008-05-07 14:17:37,228
> [http://192.168.220.128/xwiki/bin/loginsubmit/XWiki/XWikiLogin]
> [TP-Processor3] ERROR LDAP.LDAPAuthServiceImpl - LDAP Bind
> failed with Exception Invalid Credentials
> 2008-05-07 14:20:29,787 [http://192.168.220.128/xwiki/bin/view/Main]
> [TP-Processor3] INFO .AbstractXWikiMigrationManager - No storage
> migration required since current version is [7351]
> 2008-05-07 14:25:32,020 [index updating thread] [Thread-20] ERROR
> lucene.IndexUpdater - IOException when opening Lucene
> Index for writing at
> /var/lib/tomcat5/webapps/xwiki/WEB-INF/work/lucene
> -------------------------------------------------------------------------------------
>
> And from Wireshark it's the same I pasted in a previous mail. I can
> add the function sequence watched via Wireshark:
> 1) bindRequest() with domainname.surname
> 2) bindresponse() - success
> 3) searchRequest() with dc=domain, dc=com,
> sAMAccountName=name.surname
> 4) searchResEntry() - returns my full correct dn
> 5) compareRequest() with my full dn and userPassword=mypass
> 6) LDAP error about no such attribute userPassword
> 7) unbindRequest()
>
> Quoting Thomas Mortagne : Could be you paste the whole error log ?
> 2008/5/8 Mihails Agafonovs :
>
>
> > Again, the same error from LDAP:
> >
> > LDAPMessage compareResponse(7) noSuchAttribute (00002080: AtrErr:
> >
> > DSID-03080139, #1:
> > 0: 00002080: DSID-03080139, problem 1001 (NO_ATTRIBUTE_OR_VAL),
> data
> > 0, Att 23 (userPassword)
> > )
> >
> > Quoting Thomas Mortagne : 2008/5/7 Mihails Agafonovs
> > <_muxa at inbox.lv>:
> > > Hi!
> > >
> > > I've been trying to setup LDAP connection on XWiki 1.3.2.
> > Using
> > > Wireshark, I've discovered, that LDAP performs
> unbindRequest()
> > after
> > > the following error:
> > >
> > > LDAPMessage compareResponse(3) noSuchAttribute (00002080:
> > AtrErr:
> > > DSID-03080139, #1:
> > > 0: 00002080: DSID-03080139, problem 1001
> >
> > (NO_ATTRIBUTE_OR_VAL), data
> > > 0, Att 23 (userPassword)
> > > )
> > > Here is the configuration:
> > >
> > > ----------------------------------------------
> > > xwiki.authentication.ldap=1
> > > xwiki.authentication.ldap.server=my.domain.com
> > > xwiki.authentication.ldap.port=389
> > > xwiki.authentication.ldap.bind_DN={0}
> > > xwiki.authentication.ldap.bind_pass={1}
> > > # xwiki.authentication.ldap.validate_password=0
> > >
> >
> >
> xwiki.authentication.ldap.user_group=ou=Riga,ou=LAT,dc=domain,dc=com
> > > xwiki.authentication.ldap.base_DN=dc=domain,dc=com
> > > xwiki.authentication.ldap.UID_attr=cn
> > >
> >
> >
> xwiki.authentication.ldap.fields_mapping=name=cn,last_name=sn,first_name=givenName,fullname=fullName,email=mail,ldap_dn=dn
> > > # xwiki.authentication.ldap.update_user=1
> > >
> >
> >
> xwiki.authentication.ldap.group_mapping=XWiki.XWikiAdminGroup=ou=Riga,ou=LAT,dc=GDNEurope,dc=com|
> > >
> > > XWiki.Organisation=cn=testers,ou=groups,o=MegaNova,c=US
> > > # xwiki.authentication.ldap.groupcache_expiration=21800
> > > # xwiki.authentication.ldap.mode_group_sync=always
> > > xwiki.authentication.ldap.trylocal=1
> >
> > I don't know AD very well but,according to
> >
> http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication,
> > should't be:
> > xwiki.authentication.ldap.bind_DN=subdomain{0}
> > xwiki.authentication.ldap.UID_attr=sAMAccountName
> >
> >
> xwiki.authentication.ldap.fields_mapping=name=sAMAccountName,last_name=sn,first_name=givenName,fullname=displayName,mail=mail,ldap_dn=dn
> > ?
> > > ------------------------------------------------------
> > >
> > > Any ideas?
> > >
> > > P.S. If I use in the login form name.surname at domain.com or
> > > domainname.surname as a username, I can login, but without
> any
> > > rights.
> > >
> > > Ar cieņu, Mihails
> > > _______________________________________________
> > > users mailing list
> > > users at xwiki.org
> > > http://lists.xwiki.org/mailman/listinfo/users
> > >
> > --
> > Thomas Mortagne
> >
> > _______________________________________________
> > users mailing list
> > users at xwiki.org
> > http://lists.xwiki.org/mailman/listinfo/users
> > Ar cieņu, Mihails
> >
> > Links:
> > ------
> > [1] mailto:thomas.mortagne at xwiki.com
> >
> >
> > _______________________________________________
> > users mailing list
> > users at xwiki.org
> > http://lists.xwiki.org/mailman/listinfo/users
> >
> --
> Thomas Mortagne
> _______________________________________________
> users mailing list
> users at xwiki.org
> http://lists.xwiki.org/mailman/listinfo/users
> Ar cieņu, Mihails
>
> Links:
> ------
> [1] mailto:thomas.mortagne at xwiki.com
> _______________________________________________
> users mailing list
> users at xwiki.org
> http://lists.xwiki.org/mailman/listinfo/users
>
--
Thomas Mortagne
More information about the users
mailing list