Hello again,
I've been running XE 1.5 for a while and our LDAP authentication against
Active Directory works fine. I've installed a separate, test instance of
XE 1.6 and, using the same LDAP configuration, all of our login attempts
fail when going against our Active Directory server.
09:04:00,401 [
http://xwiki-dev/bin/loginsubmit/XWiki/XWikiLogin]
[resin-tcp-connection-127.0.0.1:6808-1]
DEBUG LDAP.XWikiLDAPAuthServiceImpl - Found user dn with the user
object: null
09:04:00,402 [
http://xwiki-dev/bin/loginsubmit/XWiki/XWikiLogin]
[resin-tcp-connection-127.0.0.1:6808-1]
DEBUG ldap.XWikiLDAPConfig - Ready to create user from
LDAP with fields
name=sAMAccountName,last_name=sn,first_name=givenName,fullname=displayNa
me,mail=mail,ldap_dn=dn
09:04:00,402 [
http://xwiki-dev/bin/loginsubmit/XWiki/XWikiLogin]
[resin-tcp-connection-127.0.0.1:6808-1]
DEBUG ldap.XWikiLDAPUtils - Searching for the user in
LDAP: user:jnovak base:
query:(sAMAccountName=jnovak) uid:sAMAccountName
09:04:00,484 [
http://xwiki-dev/bin/loginsubmit/XWiki/XWikiLogin]
[resin-tcp-connection-127.0.0.1:6808-1]
DEBUG ldap.XWikiLDAPConnection - LDAP Search failed
LDAPException: No Such Object (32) No Such Object
LDAPException: Server Message: 0000208D: NameErr: DSID-031001A8,
problem 2001 (NO_OBJECT),
data 0, best match of:
''
Our XE 1.5.2.12758 installation with the same configuration works fine.
Does the above error look to you like it's not even binding to the AD
server? That's my hunch.
The first log line on our working 1.5 install look like this when I
authenticate:
08:47:09,148 [
http://xwiki/bin/loginsubmit/XWiki/XWikiLogin]
[resin-tcp-connection-127.0.0.1:6807-3]
DEBUG LDAP.XWikiLD APAuthServiceImpl - Found user dn with the user
object:
CN=Jamison Novak,CN=Users,DC=NNNNN,DC=com
This is our base_DN:
xwiki.authentication.ldap.base_DN=cn=Users,dc=NNNNN,dc=com
This is our bind_DN:
xwiki.authentication.ldap.bind_DN=cn=svc_webapp,ou=Service
Accounts,dc=NNNNN,dc=com
Is it possible that the space in the "ou=Service Accounts" is causing
some unlogged error? I tried putting quotes around the entire thing
(bind_dn="string here"), but that just caused it to fail to try LDAP at
all.
Any thoughts? I'm really confused why it's changed between 1.5 and 1.6
like this, at least for us.
-Jamie