[xwiki-users] Active Directory
Thomas Mortagne
thomas.mortagne at xwiki.com
Tue May 13 10:08:53 CEST 2008
On Mon, May 12, 2008 at 12:34 PM, Mihails Agafonovs <_muxa at inbox.lv> wrote:
> Here's the log:
>
> 2008-05-12 13:27:05,076 [http://localhost/xwiki/bin/view/Main]
> [TP-Processor3] INFO .AbstractXWikiMigrationManager - No storage
>
> migration required since current version is [7351]
> 2008-05-12 13:27:31,563
> [http://localhost/xwiki/bin/loginsubmit/XWiki/XWikiLogin]
> [TP-Processor1] ERROR ldap.XWikiLDAPUtils - Could not find
> attribute cn for LDAP dn
> ou=Enterprise,ou=Users,ou=RRR,ou=LAT,dc=domain,dc=com
This error is returned by LDAP serveur saying that you try to use "cn"
attribute which does not exists in the targetted object
(ou=Enterprise,ou=Users,ou=RRR,ou=LAT,dc=domain,dc=com). I don't have
Active Directory so I can't check this...
> 2008-05-12 13:27:31,630
> [http://localhost/xwiki/bin/loginsubmit/XWiki/XWikiLogin]
> [TP-Processor1] WARN LDAP.XWikiLDAPAuthServiceImpl - LDAP
> authentication failed.
> Quoting Thomas Mortagne : I means what to you have in the log, the
> stack trace etc...
>
>
> On Fri, May 9, 2008 at 12:22 PM, Mihails Agafonovs wrote:
> > errorMessage: 0000203D: LdapErr: DSID-0C090C7D, comment: Unknown
> > extended request OID, data 0, vece
> > Quoting Thomas Mortagne : On Thu, May 8, 2008 at 4:49 PM, Mihails
> > Agafonovs wrote:
> > > You were right - I was using the old authenticator. Thanks!
> > >
> > > Now I can log in, but I'm not created in any group. Also, if I
> > enable
> > > extended search (when only users of the specified AD group will
> be
> > > verified), the LDAP throws error.
> > Which error exactly ?
> > > Quoting Thomas Mortagne : Which LDAP authenticator
> > > (xwiki.authentication.ldap.authclass) do you
> > > use ? If it's com.xpn.xwiki.user.impl.LDAP.LDAPAuthServiceImpl
> or
> > if
> > > you did not configured xwiki.authentication.ldap.authclass
> forgot
> > > pretty much all I said as I spoke about the new (since 1.3)
> LDAP
> > > authenticator
> > >
> >
> (xwiki.authentication.ldap.authclass=com.xpn.xwiki.ldap.authentication.XWikiLDAPAuthServiceImpl)...
> > > 2008/5/8 Mihails Agafonovs <_muxa at inbox.lv>:
> > > > Uncommenting
> xwiki.authentication.ldap.validate_password=0
> > did
> > > > nothing.
> > > >
> > > > About ".".
> > > >
> > > > In version 1.1.2, there was no problem connecting to AD
> > using
> > > CN
> > > > attribute (name surname), and user was automatically
> > created
> > > in
> > > > XWikiAllGroup. So this is strange that in the newer
> version
> > > that
> > > > doesn't work.
> > > >
> > > > Also, nothing changed in our AD. I still can login in
> XWiki
> > > 1.1.2 and
> > > > LDAP browser, for example, in both cases using my CN.
> > > > Quoting Thomas Mortagne : Try to uncomment
> > > >
> > > > xwiki.authentication.ldap.validate_password=0
> > > > You should not have 5 as this is used to force
> login/pass
> > > validation
> > > > when you don't connect to LDAP with provided user/pass
> > > (bind_DN and
> > > > bind_pass set to an existing ldap user/pass)
> > > > Another thing, in your example you seem to test with a
> > user
> > > name
> > > > containing a ".", the LDAP authenticator does
> > not
> > > support it yet,
> > > > see
> > > > http://jira.xwiki.org/jira/browse/XWIKI-2264
> > > > 2008/5/8 Mihails Agafonovs :
> > > >
> > > >
> > > > > Here's a pice from xwiki.log:
> > > > > -----------------------------------------------
> > > > > java.lang.NullPointerException
> > > > > at
> > > > >
> > > >
> > >
> >
> com.xpn.xwiki.plugin.lucene.IndexUpdater.run(IndexUpdater.java:209)
> > > > > at java.lang.Thread.run(Thread.java:619)
> > > > > 2008-05-07 14:11:31,078 [index updating thread]
> > > [Thread-20] ERROR
> > > > > lucene.IndexUpdater - Writer not open
> > and
> > > closeWriter
> > > > > called
> > > > > 2008-05-07 14:15:49,735
> > > > [http://192.168.220.128/xwiki/bin/view/Main]
> > > > > [TP-Processor3] INFO
> .AbstractXWikiMigrationManager
> > -
> > > No
> > > > storage
> > > > > migration required since current version is
> [7351]
> > > > > 2008-05-07 14:17:37,228
> > > > >
> > > [http://192.168.220.128/xwiki/bin/loginsubmit/XWiki/XWikiLogin]
> > > > > [TP-Processor3] ERROR LDAP.LDAPAuthServiceImpl
> > -
> > > LDAP Bind
> > > > > failed with Exception Invalid Credentials
> > > > > 2008-05-07 14:20:29,787
> > > > [http://192.168.220.128/xwiki/bin/view/Main]
> > > > > [TP-Processor3] INFO
> .AbstractXWikiMigrationManager
> > -
> > > No
> > > > storage
> > > > > migration required since current version is
> [7351]
> > > > > 2008-05-07 14:25:32,020 [index updating thread]
> > > [Thread-20] ERROR
> > > > > lucene.IndexUpdater - IOException
> when
> > > opening Lucene
> > > > > Index for writing at
> > > > >
> /var/lib/tomcat5/webapps/xwiki/WEB-INF/work/lucene
> > > > >
> > > >
> > >
> >
> -------------------------------------------------------------------------------------
> > > > >
> > > > > And from Wireshark it's the same I pasted in a
> > previous
> > > mail. I
> > > > can
> > > > > add the function sequence watched via Wireshark:
> > > > > 1) bindRequest() with domainname.surname
> > > > > 2) bindresponse() - success
> > > > > 3) searchRequest() with dc=domain, dc=com,
> > > > > sAMAccountName=name.surname
> > > > > 4) searchResEntry() - returns my full correct dn
> > > > > 5) compareRequest() with my full dn and
> > > userPassword=mypass
> > > > > 6) LDAP error about no such attribute
> userPassword
> > > > > 7) unbindRequest()
> > > > >
> > > > > Quoting Thomas Mortagne : Could be you paste the
> > whole
> > > error log
> > > > ?
> > > > > 2008/5/8 Mihails Agafonovs :
> > > > >
> > > > >
> > > > > > Again, the same error from LDAP:
> > > > > >
> > > > > > LDAPMessage compareResponse(7)
> > noSuchAttribute
> > > (00002080:
> > > > AtrErr:
> > > > > >
> > > > > > DSID-03080139, #1:
> > > > > > 0: 00002080: DSID-03080139, problem 1001
> > > > (NO_ATTRIBUTE_OR_VAL),
> > > > > data
> > > > > > 0, Att 23 (userPassword)
> > > > > > )
> > > > > >
> > > > > > Quoting Thomas Mortagne : 2008/5/7
> Mihails
> > > Agafonovs
> > > > > > &lt;_muxa at inbox.lv&gt;:
> > > > > > &gt; Hi!
> > > > > > &gt;
> > > > > > &gt; I've been trying to setup LDAP
> > > connection on XWiki
> > > > 1.3.2.
> > > > > > Using
> > > > > > &gt; Wireshark, I've discovered,
> that
> > LDAP
> > > performs
> > > > > unbindRequest()
> > > > > > after
> > > > > > &gt; the following error:
> > > > > > &gt;
> > > > > > &gt; LDAPMessage compareResponse(3)
> > > noSuchAttribute
> > > > (00002080:
> > > > > > AtrErr:
> > > > > > &gt; DSID-03080139, #1:
> > > > > > &gt; 0: 00002080: DSID-03080139,
> > problem
> > > 1001
> > > > > >
> > > > > > (NO_ATTRIBUTE_OR_VAL), data
> > > > > > &gt; 0, Att 23 (userPassword)
> > > > > > &gt; )
> > > > > > &gt; Here is the configuration:
> > > > > > &gt;
> > > > > > &gt;
> > > ----------------------------------------------
> > > > > > &gt; xwiki.authentication.ldap=1
> > > > > > &gt;
> > > xwiki.authentication.ldap.server=my.domain.com
> > > > > > &gt;
> xwiki.authentication.ldap.port=389
> > > > > > &gt;
> > xwiki.authentication.ldap.bind_DN={0}
> > > > > > &gt;
> > > xwiki.authentication.ldap.bind_pass={1}
> > > > > > &gt; #
> > > xwiki.authentication.ldap.validate_password=0
> > > > > > &gt;
> > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> xwiki.authentication.ldap.user_group=ou=Riga,ou=LAT,dc=domain,dc=com
> > > > > > &gt;
> > > xwiki.authentication.ldap.base_DN=dc=domain,dc=com
> > > > > > &gt;
> > xwiki.authentication.ldap.UID_attr=cn
> > > > > > &gt;
> > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> xwiki.authentication.ldap.fields_mapping=name=cn,last_name=sn,first_name=givenName,fullname=fullName,email=mail,ldap_dn=dn
> > > > > > &gt; #
> > > xwiki.authentication.ldap.update_user=1
> > > > > > &gt;
> > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> xwiki.authentication.ldap.group_mapping=XWiki.XWikiAdminGroup=ou=Riga,ou=LAT,dc=GDNEurope,dc=com|
> > > > > > &gt;
> > > > > > &gt;
> > > > XWiki.Organisation=cn=testers,ou=groups,o=MegaNova,c=US
> > > > > > &gt; #
> > > > xwiki.authentication.ldap.groupcache_expiration=21800
> > > > > > &gt; #
> > > xwiki.authentication.ldap.mode_group_sync=always
> > > > > > &gt;
> > xwiki.authentication.ldap.trylocal=1
> > > > > >
> > > > > > I don't know AD very well but,according to
> > > > > >
> > > > >
> > > >
> > >
> >
> http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication,
> > > > > > should't be:
> > > > > >
> > xwiki.authentication.ldap.bind_DN=subdomain{0}
> > > > > >
> > > xwiki.authentication.ldap.UID_attr=sAMAccountName
> > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> xwiki.authentication.ldap.fields_mapping=name=sAMAccountName,last_name=sn,first_name=givenName,fullname=displayName,mail=mail,ldap_dn=dn
> > > > > > ?
> > > > > > &gt;
> > > ------------------------------------------------------
> > > > > > &gt;
> > > > > > &gt; Any ideas?
> > > > > > &gt;
> > > > > > &gt; P.S. If I use in the login form
> > > > name.surname at domain.com or
> > > > > > &gt; domainname.surname as a
> username,
> > I
> > > can login, but
> > > > without
> > > > > any
> > > > > > &gt; rights.
> > > > > > &gt;
> > > > > > &gt; Ar cie&#326;u, Mihails
> > > > > > &gt;
> > > _______________________________________________
> > > > > > &gt; users mailing list
> > > > > > &gt; users at xwiki.org
> > > > > > &gt;
> > > http://lists.xwiki.org/mailman/listinfo/users
> > > > > > &gt;
> > > > > > --
> > > > > > Thomas Mortagne
> > > > > >
> > > > > >
> > _______________________________________________
> > > > > > users mailing list
> > > > > > users at xwiki.org
> > > > > >
> > http://lists.xwiki.org/mailman/listinfo/users
> > > > > > Ar cieņu, Mihails
> > > > > >
> > > > > > Links:
> > > > > > ------
> > > > > > [1] mailto:thomas.mortagne at xwiki.com
> > > > > >
> > > > > >
> > > > > >
> > _______________________________________________
> > > > > > users mailing list
> > > > > > users at xwiki.org
> > > > > >
> http://lists.xwiki.org/mailman/listinfo/users
> > > > > >
> > > > > --
> > > > > Thomas Mortagne
> > > > > _______________________________________________
> > > > > users mailing list
> > > > > users at xwiki.org
> > > > > http://lists.xwiki.org/mailman/listinfo/users
> > > > > Ar cieņu, Mihails
> > > > >
> > > > > Links:
> > > > > ------
> > > > > [1] mailto:thomas.mortagne at xwiki.com
> > > > > _______________________________________________
> > > > > users mailing list
> > > > > users at xwiki.org
> > > > > http://lists.xwiki.org/mailman/listinfo/users
> > > > >
> > > > --
> > > > Thomas Mortagne
> > > > _______________________________________________
> > > > users mailing list
> > > > users at xwiki.org
> > > > http://lists.xwiki.org/mailman/listinfo/users
> > > > Ar cieņu, Mihails
> > > >
> > > > Links:
> > > > ------
> > > > [1] mailto:thomas.mortagne at xwiki.com
> > > > _______________________________________________
> > > > users mailing list
> > > > users at xwiki.org
> > > > http://lists.xwiki.org/mailman/listinfo/users
> > > >
> > > --
> > > Thomas Mortagne
> > > _______________________________________________
> > > users mailing list
> > > users at xwiki.org
> > > http://lists.xwiki.org/mailman/listinfo/users
> > > Ar cieņu, Mihails
> > >
> > > Links:
> > > ------
> > > [1] mailto:thomas.mortagne at xwiki.com
> > > _______________________________________________
> > > users mailing list
> > > users at xwiki.org
> > > http://lists.xwiki.org/mailman/listinfo/users
> > >
> > --
> > Thomas Mortagne
> > _______________________________________________
> > users mailing list
> > users at xwiki.org
> > http://lists.xwiki.org/mailman/listinfo/users
> > Ar cieņu, Mihails
> >
> > Links:
> > ------
> > [1] mailto:thomas.mortagne at xwiki.com
> >
> > Advertisement:
> >
> > prasi mammai!
> > www.mama.lv
> > _______________________________________________
> > users mailing list
> > users at xwiki.org
> > http://lists.xwiki.org/mailman/listinfo/users
> >
> --
> Thomas Mortagne
> _______________________________________________
> users mailing list
> users at xwiki.org
> http://lists.xwiki.org/mailman/listinfo/users
> Ar cieņu, Mihails
>
> Links:
> ------
> [1] mailto:thomas.mortagne at xwiki.com
> _______________________________________________
> users mailing list
> users at xwiki.org
> http://lists.xwiki.org/mailman/listinfo/users
>
--
Thomas Mortagne
More information about the users
mailing list