hello,
I'm trying connect xwiki to the ldap using this manual
http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication#HGeneric…
but have problem with auth..
i'm using:
slapd 2.3.30-5+etch2
apache-tomcat-6.0.18
xwiki-enterprise-web-1.7-milestone-1.war
jdk1.6.0_07
xwiki.cfg ldap section:
#-------------------------------------------------------------------------------------
# LDAP
#-------------------------------------------------------------------------------------
#-# new LDAP authentication service
xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl
#-# Turn LDAP authentication on - otherwise only XWiki authentication
#-# 0: disable
#-# 1: enable
xwiki.authentication.ldap=1
#-# LDAP Server (Active Directory, eDirectory, OpenLDAP, etc.)
xwiki.authentication.ldap.server=127.0.0.1
xwiki.authentication.ldap.port=389
#-# LDAP login, empty = anonymous access, otherwise specify full dn
#-# {0} is replaced with the username, {1} with the password
xwiki.authentication.ldap.bind_DN=cn={0},ou=people,dc=xxx,dc=com
xwiki.authentication.ldap.bind_pass={1}
#-# Force to check password after LDAP connection
#-# 0: disable
#-# 1: enable
xwiki.authentication.ldap.validate_password=0
#-# only members of the following group will be verified in the LDAP
#-# otherwise only users that are found after searching starting from
the base_DN
#
xwiki.authentication.ldap.user_group=cn=developers,ou=groups,o=MegaNova,c=US
#-# [Since 1.5RC1, XWikiLDAPAuthServiceImpl]
#-# only users not member of the following group can autheticate
# xwiki.authentication.ldap.exclude_group=cn=admin,ou=groups,o=MegaNova,c=US
#-# base DN for searches
xwiki.authentication.ldap.base_DN=ou=people,dc=xxx,dc=com
#-# Specifies the LDAP attribute containing the identifier to be used as
the XWiki name (default=cn)
xwiki.authentication.ldap.UID_attr=cn
#-# [Since 1.5M1, XWikiLDAPAuthServiceImpl]
#-# Specifies the LDAP attribute containing the password to be used
"when xwiki.authentication.ldap.validate_password" is set to 1
xwiki.authentication.ldap.password_field=userPassword
#-# [Since 1.5M1, XWikiLDAPAuthServiceImpl]
#-# The potential LDAP groups classes. Separated by commas.
#
xwiki.authentication.ldap.group_classes=group,groupOfNames,groupOfUniqueNames,dynamicGroup,dynamicGroupAux,groupWiseDistributionList
#-# [Since 1.5M1, XWikiLDAPAuthServiceImpl]
#-# The potential names of the LDAP groups fields containings the
members. Separated by commas.
# xwiki.authentication.ldap.group_memberfields=member,uniqueMember
#-# retrieve the following fields from LDAP and store them in the XWiki
user object (xwiki-attribute=ldap-attribute)
#-# ldap_dn=dn -- dn is set by class, caches dn in XWiki.user object
for faster access
xwiki.authentication.ldap.fields_mapping=last_name=sn,first_name=givenName,fullname=fullName,email=mail,ldap_dn=dn
#-# [Since 1.3M2, XWikiLDAPAuthServiceImpl]
#-# on every login update the mapped attributes from LDAP to XWiki
otherwise this happens only once when the XWiki account is created.
xwiki.authentication.ldap.update_user=1
#-# [Since 1.3M2, XWikiLDAPAuthServiceImpl]
#-# mapps XWiki groups to LDAP groups, separator is "|"
#
xwiki.authentication.ldap.group_mapping=XWiki.XWikiAdminGroup=cn=AdminRole,ou=groups,o=MegaNova,c=US|\
#
XWiki.Organisation=cn=testers,ou=groups,o=MegaNova,c=US
#-# [Since 1.3M2, XWikiLDAPAuthServiceImpl]
#-# time in s after which the list of members in a group is refreshed
from LDAP (default=3600*6)
# xwiki.authentication.ldap.groupcache_expiration=21800
#-# [Since 1.3M2, XWikiLDAPAuthServiceImpl]
#-# - create : synchronize group membership only when the user is first
created
#-# - always: synchronize on every login
# xwiki.authentication.ldap.mode_group_sync=always
#-# [Since 1.3M2, XWikiLDAPAuthServiceImpl]
#-# if ldap authentication fails for any reason, try XWiki DB
authentication with the same credentials
xwiki.authentication.ldap.trylocal=1
#-# [Since 1.3M2, XWikiLDAPAuthServiceImpl]
#-# SSL connection to LDAP server
#-# 0: normal
#-# 1: SSL
xwiki.authentication.ldap.ssl=0
#-# [Since 1.3M2, XWikiLDAPAuthServiceImpl]
#-# The keystore file to use in SSL connection
xwiki.authentication.ldap.ssl.keystore=
#-# [Since 1.5M1, XWikiLDAPAuthServiceImpl]
#-# The java secure provider used in SSL connection
#
xwiki.authentication.ldap.ssl.secure_provider=com.sun.net.ssl.internal.ssl.Provider
java LDAP debug module exeption:
/
21:07:39,624 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin]
[http-8080-7] DEBUG LDAP.XWikiLDAPAuthServiceImpl - LDAP
authentication failed: login null
21:07:39,627 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin]
[http-8080-7] DEBUG ldap.XWikiLDAPConnection - Connection to LDAP
server [127.0.0.1:389]
21:07:39,641 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin]
[http-8080-7] DEBUG ldap.XWikiLDAPConnection - Binding to LDAP
server with credentials login=[cn=user1,ou=people,dc=xxx,dc=com ]
password=[user1]
21:07:39,644 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin]
[http-8080-7] DEBUG LDAP.XWikiLDAPAuthServiceImpl - Found user dn with
the user object: cn=user1,ou=people,dc=xxx,dc=com
21:07:39,646 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin]
[http-8080-7] DEBUG LDAP.XWikiLDAPAuthServiceImpl - LDAP attributes
will be used to update XWiki attributes.
21:07:39,646 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin]
[http-8080-7] DEBUG ldap.XWikiLDAPConfig - Ready to create
user from LDAP with fields
last_name=sn,first_name=givenName,fullname=fullName,email=mail,ldap_dn=dn
21:07:39,649 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin]
[http-8080-7] DEBUG LDAP.XWikiLDAPAuthServiceImpl - Updating existing
user with LDAP attribues located at cn=user1,ou=people,dc=xxx,dc=com
21:07:39,650 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin]
[http-8080-7] DEBUG ldap.XWikiLDAPConfig - Ready to create
user from LDAP with fields
last_name=sn,first_name=givenName,fullname=fullName,email=mail,ldap_dn=dn
21:07:39,651 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin]
[http-8080-7] DEBUG LDAP.XWikiLDAPAuthServiceImpl - Local LDAP
authentication failed.
java.lang.NullPointerException
at
com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.updateUserFromLDAP(XWikiLDAPAuthServiceImpl.java:730)
at
com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.syncUser(XWikiLDAPAuthServiceImpl.java:497)
at
com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticateInContext(XWikiLDAPAuthServiceImpl.java:410)
at
com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWikiLDAPAuthServiceImpl.java:198)
at
com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.authenticate(XWikiLDAPAuthServiceImpl.java:149)
at
com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.authenticate(MyFormAuthenticator.java:239)
at
com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:165)
at
com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:148)
at
com.xpn.xwiki.user.impl.xwiki.XWikiAuthServiceImpl.checkAuth(XWikiAuthServiceImpl.java:205)
at com.xpn.xwiki.XWiki.checkAuth(XWiki.java:3564)
at
com.xpn.xwiki.user.impl.xwiki.XWikiRightServiceImpl.checkAccess(XWikiRightServiceImpl.java:139)
at com.xpn.xwiki.XWiki.checkAccess(XWiki.java:3572)
at com.xpn.xwiki.XWiki.prepareDocuments(XWiki.java:4478)
at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:190)
at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:115)
at
org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:431)
at
org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:236)
at
org.apache.struts.action.ActionServlet.process(ActionServlet.java:1196)
at
org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:432)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
com.xpn.xwiki.wysiwyg.server.filter.ConversionFilter.doFilter(ConversionFilter.java:96)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
com.xpn.xwiki.web.SavedRequestRestorerFilter.doFilter(SavedRequestRestorerFilter.java:287)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
com.xpn.xwiki.web.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:112)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845)
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
at
org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Thread.java:619)
21:07:39,653 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin]
[http-8080-7] DEBUG LDAP.XWikiLDAPAuthServiceImpl - Trying
authentication against XWiki DB/
In ldap logs:
/Oct 23 21:07:39 ubot slapd[4919]: conn=216 fd=11 ACCEPT from
IP=127.0.0.1:41337 (IP=0.0.0.0:389)
Oct 23 21:07:39 ubot slapd[4919]: conn=216 op=0 BIND
dn="cn=user1,ou=people,dc=xxx,dc=com" method=128
Oct 23 21:07:39 ubot slapd[4919]: conn=216 op=0 BIND
dn="cn=user1,ou=people,dc=xxx,dc=com" mech=SIMPLE ssf=0
Oct 23 21:07:39 ubot slapd[4919]: conn=216 op=0 RESULT tag=97 err=0 text=
Oct 23 21:07:39 ubot slapd[4919]: conn=216 op=1 EXT oid=0.0.0.0
Oct 23 21:07:39 ubot slapd[4919]: do_extended: unsupported operation
"0.0.0.0"
Oct 23 21:07:39 ubot slapd[4919]: conn=216 op=1 RESULT tag=120 err=2
text=unsupported extended operation
Oct 23 21:07:39 ubot slapd[4919]: conn=216 op=2 BIND anonymous
mech=implicit ssf=0
Oct 23 21:07:39 ubot slapd[4919]: conn=216 op=2 BIND
dn="cn=user1,ou=people,dc=xxx,dc=com" method=128
Oct 23 21:07:39 ubot slapd[4919]: conn=216 op=2 BIND
dn="cn=user1,ou=people,dc=xxx,dc=com" mech=SIMPLE ssf=0
Oct 23 21:07:39 ubot slapd[4919]: conn=216 op=2 RESULT tag=97 err=0 text=
Oct 23 21:07:39 ubot slapd[4919]: conn=216 op=3 SRCH
base="cn=user1,ou=people,dc=xxx,dc=com" scope=0 deref=0
filter="(objectClass=*)"
Oct 23 21:07:39 ubot slapd[4919]: conn=216 op=3 SRCH attr=sn givenName
fullName mail dn
Oct 23 21:07:39 ubot slapd[4919]: conn=216 op=3 SEARCH RESULT tag=101
err=0 nentries=1 text=
Oct 23 21:07:39 ubot slapd[4919]: conn=216 op=4 ABANDON msg=93
Oct 23 21:07:39 ubot slapd[4919]: conn=216 op=5 UNBIND
Oct 23 21:07:39 ubot slapd[4919]: conn=216 fd=11 closed
/Somebody can help me? Thanks and Greetings,
Bart
--
Bartłomiej Radziszewski
mobile: +48 509 561 540
e-mail: br(a)debian.linux.pl
JID: br(a)debian.linux.pl
ICQ: #305569725
Okay, so having a bit of difficulty with this...
I have a space 'Peoples', with a class/sheet/template associated with it.
I can create a new instance of this object, and it is created in the
'People' space, that's all fine and dandy...
In this class there is a property 'location', that is a static list, single
selection only in a drop down box.
For example's sake, I'll say there are 3 locations, 'X', 'Y', 'Z'.
On the 'Peoples' space's main page, where a user may create a new instance,
or see a list of already created 'People', I'm trying to create this list
divided by the three locations.
I tried to calculate the number of 'People' instances with the location 'X'
in the following manner:
#set ($whereClauseX = "obj.name=doc.fullName and
obj.name<>'Peoples.PeopleClassTemplate' and
obj.className='Peoples.PeopleClass' and prop.id.id = obj.id and
prop.id.name='location' and prop.value='X' order by doc.creationDate desc")
#set ($numX = "select count(distinct doc) from XWikiDocument doc, BaseObject
as obj, LargeStringProperty as prop where $whereClauseX")
Now, I know there are instances of 'People' objects in this space that have
the value 'X' for the 'location' property, but whenever I access this
variable, it is always being calculated as 0.
Can someone point out my problem with that block of code?
Also, this affects my later code I think as, when it hits the following
block of code, nothing appears on screen, and I get some errors in the
Tomcat screen. Code:
#if ($numX > 0)
<h3>Location X:</h3>
#set ($sql = ", BaseObject as obj, LargeStringProperty as prop where
$whereClauseX")
#set($bentrydoc = $xwiki.getDocument($item))
#set($bentryobj = $bentrydoc.getObject("Peoples.PeopleClass", "language",
$language, true))
#foreach ($item in $xwiki.searchDocuments($sql))
* [${bentrydoc.display("first_name","view",$bentryobj)}
${bentrydoc.display("last_name","view",$bentryobj)}|$item]
#end
#end
And the Tomcat error(s):
WARNING: Parameters: Invalid chunk ignored.
[ERROR] Left side of '>=' operation is not a Numbere. Peoples.WebHome [line
82, column 15]
However, no where in my code am I using the operator '>='...
Any kind person with a helping hand would be appreciated. Thanks again
community!
--
View this message in context: http://n2.nabble.com/Help-with-Velocity-HQL-query-tp1372223p1372223.html
Sent from the XWiki- Users mailing list archive at Nabble.com.
Hi,
I have noticed that the Watchlist update sent by email does not contain
the full path to a changed attachment.
e.g. I received the following watchlist update email:
(Note: I removed all the styles for better readability)
...
<tr>
<td>
<a href="http://localhost
:8080/xwiki/bin/view/TestSpace/TestPage">TestPage</a><br/><span>TestSpace.TestPage</span>
</td>
<td>
modified by Reto Hotz on 2008/10/24 11:03 , comment : Upload new
attachment <a
href="/xwiki/bin/downloadrev/TestSpace/TestPage/test.pdf?rev=1.1">test.pdf</a>
</td>
</tr>
...
As you can see, the test.pdf link href does not include the domain. The
link to the TestPage though is correct.
Is this a bug or a misconfiguration?
Thanks
Reto
I saw this code snippet for setting rights on a page. Does someone know the equivalent for setting the right on the space. How to get the space object(something equivalent to the first line in the snippet)
http://code.xwiki.org/xwiki/bin/view/Snippets/SettingRightsSnippet
thanks.
sharan.
Hi all,
Hopefully somebody has come across this before.
I am trying to create a line chart that can have repeated data in each
column e.g
{table}
id | number
22 | 23 |
22 | 23 |
25 | 24 |
{table}
My problem is the graph will only get rendered if one column has unique
data.
Charting exception: Error number 0 in 5: X-value already exists. Wrapped
Exception: X-value already exists. com.xpn.xwiki.XWikiException: Error
number 0 in 5: X-value already exists. Wrapped Exception: X-value already
exists. at
com.xpn.xwiki.plugin.charts.ChartingMacro.exception(ChartingMacro.java:143)
at com.xpn.xwiki.plugin.charts.ChartingMacro.execute(ChartingMacro.java:80)
at com.xpn.xwiki.render.filter.MacroFilter.handleMatch(MacroFilter.java:90)
at
org.radeox.filter.regex.RegexTokenFilter$1.handleMatch(RegexTokenFilter.java:91)
at org.radeox.regex.JdkMatcher.substitute(JdkMatcher.java:48) at
org.radeox.filter.regex.RegexTokenFilter.filter(RegexTokenFilter.java:89) at
org.radeox.filter.FilterPipe.filter(FilterPipe.java:169) at
com.xpn.xwiki.render.XWikiRadeoxRenderEngine.render(XWikiRadeoxRenderEngine.java:92)
at
com.xpn.xwiki.render.XWikiRadeoxRenderer.render(XWikiRadeoxRenderer.java:118)
If i make all the data unique in one column above then the chart renders ok.
Is there a parameter that i can use to allow repeated data or is the
charting macro designed to have one column with unique data?
Regards,
John Carroll
--
View this message in context: http://www.nabble.com/Chart-macro-problem-tp18191025p18191025.html
Sent from the XWiki- Users mailing list archive at Nabble.com.
If at all possible, is there a more comprehensive look at all the
datatypes/properties that a Class can be composed of.
In the DevGuide's
http://platform.xwiki.org/xwiki/bin/view/DevGuide/DataModel Data Model ,
there is a list of the supported datatypes, but it does not mention any of
the options/configurations for the said properties.
An in depth look at these datatypes would be highly beneficial for new XWiki
users trying to create structured content, as this feature is one of the
main attractions to XWiki. Some of the datatypes are self explanitory, but
others are more advanced, and have configuration options that the
average/new XWiki user would not know about.
If anyone has any information on these datatypes, I would be greatly
appreciative, or if there is a plan for a more formal documentation of the
datatypes, I'm sure many others would be highly pleased as well!
Thanks very much.
--
View this message in context: http://n2.nabble.com/Documentation-of-Class-Properties-for-Structured-Conte…
Sent from the XWiki- Users mailing list archive at Nabble.com.
Hi!
How to modify administration page style? I can completely it remove
(##$xwiki.ssx.use("XWiki.AdminSheet")) and create my own, but I still
want to find the stylesheet attached to it.
Ar cieņu, Mihails
Hi,
Sorry to answer only now I had lot's of work and not that much with
Internet access ;)
On Tue, Oct 21, 2008 at 4:04 PM, <ramongb(a)mp.go.gov.br> wrote:
> Hi Thomas,
>
> First I would congratulate you guys for such a powerful and top-of-mind tool like Xwiki. I'm the leader of the team here on my Company in Brazil (a Court government institute) that is implementing a wiki tool, and my first - and de-facto - choice was Xwiki. We're on ongoing works on it for integration with our AD infrastucture and it shows to be a complete and very powerful tool to fulfill our requirements.
> This AD integration (and the ACL's Xwiki provides through AD imported groups) is the decisive feature for our needs. And on this subject, some questions came in mind. I've installed your last 1.6-SNAPSHOT, that corrects the bug regarding the AD authentication and seems to work (and log) well. But my question is about reseting the LDAP password through Xwiki. As I could notice, when I reset
a password from a AD user through the "Forgot your password" feature,
it doesn't reset the AD user password, but it resets (or creates?) the
user password only in the internal database.
Yes XWiki does not write/modify anything in LDAP server and it as to
remain like this IMO. But you are right there is a problem with
"Forgot your password" feature that should be disabled for LDAP users
on XWiki.
I will investigate this, thanks for the report.
> The logs show that
it can't authenticate anymore on the LDAP, but it tries to log on the
Xwiki database and succeeds. Because of this, one can get two
out-of-sync working passwords: one through LDAP (and it permits that
his AD attributes be refreshed on every login - just what we need) and
other through Xwiki database, which does not provide LDAP attributes
refresh (once the authentication fails).
> Does the last Xwiki 1.6 have this capability of password sync'ing? Is it a bug? I know sure that this could be a serious security breach (once one knows the username of another, the LDAP password can be compromised). This leads to another questions and we're touch them later. My mails is too big already :-)
>
> By the way, I'm gonna provide the Brazilian Portuguese translation for the project :-)
Great !
> I'm looking forward to your response.
> Thanks in advance,
>
> Ramon Gomes Brandão
>
I'm forwarding also in users(a)xwiki.org mailing list as this can be
interesting for anyone.
--
Thomas Mortagne
