[xwiki-users] Active Directory

Mihails Agafonovs _muxa at inbox.lv
Thu May 8 14:25:40 CEST 2008 

Uncommenting xwiki.authentication.ldap.validate_password=0 did
nothing.

About ".".

In version 1.1.2, there was no problem connecting to AD using CN
attribute (name surname), and user was automatically created in
XWikiAllGroup. So this is strange that in the newer version that
doesn't work.

Also, nothing changed in our AD. I still can login in XWiki 1.1.2 and
LDAP browser, for example, in both cases using my CN.
 Quoting Thomas Mortagne : Try to uncomment
xwiki.authentication.ldap.validate_password=0
 You should not have 5 as this is used to force login/pass validation
 when you don't connect to LDAP with provided user/pass (bind_DN and
 bind_pass set to an existing ldap user/pass)
 Another thing, in your example you seem to test with a user name
 containing a ".", the LDAP authenticator does not support it yet,
see
 http://jira.xwiki.org/jira/browse/XWIKI-2264
 2008/5/8 Mihails Agafonovs :
 > Here's a pice from xwiki.log:
 >  -----------------------------------------------
 >  java.lang.NullPointerException
 >   at
 > 
com.xpn.xwiki.plugin.lucene.IndexUpdater.run(IndexUpdater.java:209)
 >   at java.lang.Thread.run(Thread.java:619)
 >  2008-05-07 14:11:31,078 [index updating thread] [Thread-20] ERROR
 >  lucene.IndexUpdater             - Writer not open and closeWriter
 >  called
 >  2008-05-07 14:15:49,735
[http://192.168.220.128/xwiki/bin/view/Main]
 >  [TP-Processor3] INFO  .AbstractXWikiMigrationManager  - No
storage
 >  migration required since current version is [7351]
 >  2008-05-07 14:17:37,228
 >  [http://192.168.220.128/xwiki/bin/loginsubmit/XWiki/XWikiLogin]
 >  [TP-Processor3] ERROR LDAP.LDAPAuthServiceImpl        - LDAP Bind
 >  failed with Exception Invalid Credentials
 >  2008-05-07 14:20:29,787
[http://192.168.220.128/xwiki/bin/view/Main]
 >  [TP-Processor3] INFO  .AbstractXWikiMigrationManager  - No
storage
 >  migration required since current version is [7351]
 >  2008-05-07 14:25:32,020 [index updating thread] [Thread-20] ERROR
 >  lucene.IndexUpdater             - IOException when opening Lucene
 >  Index for writing at
 >  /var/lib/tomcat5/webapps/xwiki/WEB-INF/work/lucene
 > 
-------------------------------------------------------------------------------------
 >
 >  And from Wireshark it's the same I pasted in a previous mail. I
can
 >  add the function sequence watched via Wireshark:
 >  1) bindRequest() with domainname.surname
 >  2) bindresponse() - success
 >  3) searchRequest() with dc=domain, dc=com,
 >  sAMAccountName=name.surname
 >  4) searchResEntry() - returns my full correct dn
 >  5) compareRequest() with my full dn and userPassword=mypass
 >  6) LDAP error about no such attribute userPassword
 >  7) unbindRequest()
 >
 >   Quoting Thomas Mortagne : Could be you paste the whole error log
?
 >   2008/5/8 Mihails Agafonovs :
 >
 >
 >  > Again, the same error from LDAP:
 >   >
 >   >  LDAPMessage compareResponse(7) noSuchAttribute (00002080:
AtrErr:
 >   >
 >   > DSID-03080139, #1:
 >   >   0: 00002080: DSID-03080139, problem 1001
(NO_ATTRIBUTE_OR_VAL),
 >  data
 >   >  0, Att 23 (userPassword)
 >   >  )
 >   >
 >   >   Quoting Thomas Mortagne : 2008/5/7 Mihails Agafonovs
 >   >  <_muxa at inbox.lv>:
 >   >   > Hi!
 >   >   >
 >   >   >  I've been trying to setup LDAP connection on XWiki
1.3.2.
 >   >  Using
 >   >   >  Wireshark, I've discovered, that LDAP performs
 >  unbindRequest()
 >   >  after
 >   >   >  the following error:
 >   >   >
 >   >   >  LDAPMessage compareResponse(3) noSuchAttribute
(00002080:
 >   >  AtrErr:
 >   >   >  DSID-03080139, #1:
 >   >   >   0: 00002080: DSID-03080139, problem 1001
 >   >
 >   > (NO_ATTRIBUTE_OR_VAL), data
 >   >   >  0, Att 23 (userPassword)
 >   >   >  )
 >   >   >  Here is the configuration:
 >   >   >
 >   >   >  ----------------------------------------------
 >   >   >  xwiki.authentication.ldap=1
 >   >   >  xwiki.authentication.ldap.server=my.domain.com
 >   >   >  xwiki.authentication.ldap.port=389
 >   >   >  xwiki.authentication.ldap.bind_DN={0}
 >   >   >  xwiki.authentication.ldap.bind_pass={1}
 >   >   >  # xwiki.authentication.ldap.validate_password=0
 >   >   >
 >   >
 >   >
 > 
xwiki.authentication.ldap.user_group=ou=Riga,ou=LAT,dc=domain,dc=com
 >   >   >  xwiki.authentication.ldap.base_DN=dc=domain,dc=com
 >   >   >  xwiki.authentication.ldap.UID_attr=cn
 >   >   >
 >   >
 >   >
 > 
xwiki.authentication.ldap.fields_mapping=name=cn,last_name=sn,first_name=givenName,fullname=fullName,email=mail,ldap_dn=dn
 >   >   >  # xwiki.authentication.ldap.update_user=1
 >   >   >
 >   >
 >   >
 > 
xwiki.authentication.ldap.group_mapping=XWiki.XWikiAdminGroup=ou=Riga,ou=LAT,dc=GDNEurope,dc=com|
 >   >   >
 >   >   > 
XWiki.Organisation=cn=testers,ou=groups,o=MegaNova,c=US
 >   >   >  #
xwiki.authentication.ldap.groupcache_expiration=21800
 >   >   >  # xwiki.authentication.ldap.mode_group_sync=always
 >   >   >  xwiki.authentication.ldap.trylocal=1
 >   >
 >   >  I don't know AD very well but,according to
 >   >
 > 
http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication,
 >   >   should't be:
 >   >   xwiki.authentication.ldap.bind_DN=subdomain{0}
 >   >   xwiki.authentication.ldap.UID_attr=sAMAccountName
 >   >
 >   >
 > 
xwiki.authentication.ldap.fields_mapping=name=sAMAccountName,last_name=sn,first_name=givenName,fullname=displayName,mail=mail,ldap_dn=dn
 >   >   ?
 >   >   >  ------------------------------------------------------
 >   >   >
 >   >   >  Any ideas?
 >   >   >
 >   >   >  P.S. If I use in the login form
name.surname at domain.com or
 >   >   >  domainname.surname as a username, I can login, but
without
 >  any
 >   >   >  rights.
 >   >   >
 >   >   >   Ar cieņu, Mihails
 >   >   >  _______________________________________________
 >   >   >  users mailing list
 >   >   >  users at xwiki.org
 >   >   >  http://lists.xwiki.org/mailman/listinfo/users
 >   >   >
 >   >   --
 >   >   Thomas Mortagne
 >   >
 >   >  _______________________________________________
 >   >   users mailing list
 >   >   users at xwiki.org
 >   >   http://lists.xwiki.org/mailman/listinfo/users
 >   >   Ar cieņu, Mihails
 >   >
 >   >  Links:
 >   >  ------
 >   >  [1] mailto:thomas.mortagne at xwiki.com
 >   >
 >   >
 >   > _______________________________________________
 >   >  users mailing list
 >   >  users at xwiki.org
 >   >  http://lists.xwiki.org/mailman/listinfo/users
 >   >
 >   --
 >   Thomas Mortagne
 >   _______________________________________________
 >   users mailing list
 >   users at xwiki.org
 >   http://lists.xwiki.org/mailman/listinfo/users
 >   Ar cieņu, Mihails
 >
 >  Links:
 >  ------
 >  [1] mailto:thomas.mortagne at xwiki.com
 >  _______________________________________________
 >  users mailing list
 >  users at xwiki.org
 >  http://lists.xwiki.org/mailman/listinfo/users
 >
 -- 
 Thomas Mortagne
 _______________________________________________
 users mailing list
 users at xwiki.org
 http://lists.xwiki.org/mailman/listinfo/users
 Ar cieņu, Mihails

Links:
------
[1] mailto:thomas.mortagne at xwiki.com

More information about the users mailing list