On Fri, Jun 4, 2010 at 13:09, Martin Kunze <kunze.martin(a)yahoo.de> wrote:
Hey,
there are some good news and some not so good ones.
After I upgraded xwiki to Version 2.3.1 and reconfigured xwiki.cfg the
ActiveDirectory-Authentication works. User now can login. But has no rights.
Now of course, I have to set some groupmapping. I did it like that:
xwiki.authentication.ldap.group_mapping=XWiki.GruppeA=cn=Standort,ou=Standortgruppen,ou=Gruppen,ou=Another
Group
So now, that doesn't work. There are three things I want to know:
1. do I have to add the "dc=domain,dc=suffix" string at the end?
The LDAP side has to be the full DN, so yes.
2. the last group contains a space - can that be a
problem?
No, the DN can contains anything.
3. are there any other things that can be wrong?
No, it looks ok.
Did you checked if the user is added to the group ? If not then you
should look at the debug log.
By the way, "GruppeA" exists in the wiki. I created it and granted some
rights.
Best Regards :-)
Martin
________________________________
Von: Thomas Mortagne <thomas.mortagne(a)xwiki.com>
An: XWiki Users <users(a)xwiki.org>
Gesendet: Mittwoch, den 2. Juni 2010, 16:52:41 Uhr
Betreff: Re: [xwiki-users] log4j doesn't log information about LDAP connection
On Wed, Jun 2, 2010 at 13:26, Martin Kunze <kunze.martin(a)yahoo.de> wrote:
Hello Thomas,
this morning I had the possibility to restart the whole server on which xwiki and tomcat
are running.
You won't beleave me but now there is some Logging and the "Starting LDAP
authentication" string in the xwiki.log. crazy.
But authentication fails. ("Invalid credentials"). xwiki.log sais the
following:
"The provided User is null. We don't try to authenticate, it probably means the
user is in non logged mode."
This log is because when you access XWiki the authenticator is called
with no user for SSO based authenticators.
You should have another "Starting LDAP authentication" with different
logs after this one, just look at the time when you try to
authenticate and takes the logs from this time and send them here so
that i can look at them.
Any idea what that means here and what to do???
Thanks for your help!!!
--
Martin
Try setting "trace" level instead of
"debug" and see if you have
"Starting LDAP authentication" to really make sure you don't have log
because of some very magical authenticator bug, that way we will at
least know we have to focus in logging.
xwiki.authentication.ldap=1
xwiki.authentication.ldap.server=IP-Adress
xwiki.authentication.ldap.port=389
xwiki.authentication.ldap.base_DN=dc=domain,dc=suffix
xwiki.authentication.ldap.bind_DN=domain\{0}
xwiki.authentication.ldap.bind_pass={1}
xwiki.authentication.ldap.UID_attr=sAMAccountName
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
--
Thomas Mortagne
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
--
Thomas Mortagne