Hi, you were right. There was an error in the config file. Now i have the following line in xwiki.cfg: xwiki.authentication.ldap.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl Afterwards I restarted Tomcat6. Hi, The problem still remains: Users that are already added (by the former LDAP mechanism or by hand) can login (with their active directory password), but no new users are created as they want to log in for the first time. The stdout_xxxxxxxx.log says: [http-80-1] INFO .AbstractXWikiMigrationManager - No storage migration required since current version is [7351] [http-80-2] ERROR LDAP.LDAPAuthServiceImpl - LDAP Bind failed with Exception Invalid Credentials --> get this line every time a user that doesn't exist in the xwiki userlist wants to login I also tried the old one authservice class using this line: xwiki.authentication.ldap.authclass=com.xpn.xwiki.user.impl.LDAP.LDAPAuthServiceImpl with the same result. All the other logs in the tomcat log directory look clean... Thanks Helmut Thomas Mortagne wrote:
Hi,
On Tue, Jun 3, 2008 at 5:46 PM, hel-o <[email protected]> wrote:
Hi,
Authentication worked before 1.3.2. Works now for existing users but not for New Users. New Users are not created when they log in the first time.
Log file: --- 2008-06-03 17:24:46,344 [http://server/bin/view/Main/WebHome] [http-80-1] ERROR LDAP.LDAPAuthServiceImpl - LDAP Bind failed with Exception
This looks like you use LDAPAuthServiceImpl and not XWikiLDAPAuthServiceImpl as it is written in the configuration you sent... Makes sure you restarted xwiki after modifying xwiki.cfg.
Invalid Credentials 2008-06-03 17:24:47,125 [http://server/bin/view/Main/WebHome] [http-80-1] ERROR LDAP.LDAPAuthServiceImpl - LDAP Bind failed with Exception Invalid Credentials ---
Configuration: --- # new LDAP authentication service # xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl
#-# Turn LDAP authentication on - otherwise only XWiki authentication #-# 0: disable #-# 1: enable xwiki.authentication.ldap=1
#-# LDAP Server (Active Directory, eDirectory, OpenLDAP, etc.) xwiki.authentication.ldap.server=server xwiki.authentication.ldap.port=389
#-# LDAP login, empty = anonymous access, otherwise specify full dn #-# {0} is replaced with the username, {1} with the password xwiki.authentication.ldap.bind_DN=CN=user,OU=ServicesAccounts,DC=company,DC=holding,DC=ch xwiki.authentication.ldap.bind_pass=password
#-# Force to check password after LDAP connection #-# 0: disable #-# 1: enable xwiki.authentication.ldap.validate_password=0
#-# only members of the following group will be verified in the LDAP # otherwise only users that are found after searching starting from the base_DN # xwiki.authentication.ldap.user_group=cn=developers,ou=groups,o=MegaNova,c=US
#-# base DN for searches xwiki.authentication.ldap.base_DN=DC=company,DC=holding,DC=ch
#-# specifies the LDAP attribute containing the identifier to be used as the XWiki name (default=cn) xwiki.authentication.ldap.UID_attr=sAMAccountName
#-# retrieve the following fields from LDAP and store them in the XWiki user object (xwiki-attribute=ldap-attribute) #-# ldap_dn=dn -- dn is set by class, caches dn in XWiki.user object for faster access xwiki.authentication.ldap.fields_mapping=name=sAMAccountName,last_name=sn,first_name=givenName,fullname=fullName,email=mail,ldap_dn=dn
#-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] #-# on every login update the mapped attributes from LDAP to XWiki otherwise this happens only once when the XWiki account is created. xwiki.authentication.ldap.update_user=1
#-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] #-# mapps XWiki groups to LDAP groups, separator is "|" # xwiki.authentication.ldap.group_mapping=XWiki.XWikiAdminGroup=cn=AdminRole,ou=groups,o=MegaNova,c=US|\ # XWiki.Organisation=cn=testers,ou=groups,o=MegaNova,c=US
#-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] #-# time in s after which the list of members in a group is refreshed from LDAP (default=3600*6) # xwiki.authentication.ldap.groupcache_expiration=21800
#-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] #-# - create : synchronize group membership only when the user is first created #-# - always: synchronize on every login xwiki.authentication.ldap.mode_group_sync=create
#-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] #-# if ldap authentication fails for any reason, try XWiki DB authentication with the same credentials xwiki.authentication.ldap.trylocal=1
#-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] #-# SSL connection to LDAP server #-# 0: normal #-# 1: SSL # xwiki.authentication.ldap.ssl=0
#-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] #-# The keystore file to use in SSL connection # xwiki.authentication.ldap.ssl.keystore= ----
Connection in LDAP-Browser works with the settings used in the configuration above.
Thanks for your help Helmut -- View this message in context: http://www.nabble.com/LDAP-Authentication-%28Active-Directory-tp17626760p176... Sent from the XWiki- Users mailing list archive at Nabble.com.
_______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users
-- Thomas Mortagne _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users
-- View this message in context: http://www.nabble.com/LDAP-Authentication-%28Active-Directory%29-tp17626760p... Sent from the XWiki- Users mailing list archive at Nabble.com.