[xwiki-users] ldap auth problem

24 Oct 2008

hello,

I'm trying connect xwiki to the ldap using this manual 
http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication#HGeneric…

but have problem with auth..

i'm using:
slapd 2.3.30-5+etch2
apache-tomcat-6.0.18
xwiki-enterprise-web-1.7-milestone-1.war
jdk1.6.0_07

xwiki.cfg ldap section:

#-------------------------------------------------------------------------------------
# LDAP
#-------------------------------------------------------------------------------------

#-# new LDAP authentication service
xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl

#-# Turn LDAP authentication on - otherwise only XWiki authentication
#-# 0: disable
#-# 1: enable
xwiki.authentication.ldap=1

#-# LDAP Server (Active Directory, eDirectory, OpenLDAP, etc.)
xwiki.authentication.ldap.server=127.0.0.1
xwiki.authentication.ldap.port=389

#-# LDAP login, empty = anonymous access, otherwise specify full dn
#-# {0} is replaced with the username, {1} with the password
xwiki.authentication.ldap.bind_DN=cn={0},ou=people,dc=xxx,dc=com
xwiki.authentication.ldap.bind_pass={1}

#-# Force to check password after LDAP connection
#-# 0: disable
#-# 1: enable
xwiki.authentication.ldap.validate_password=0

#-# only members of the following group will be verified in the LDAP
#-# otherwise only users that are found after searching starting from 
the base_DN
# 
xwiki.authentication.ldap.user_group=cn=developers,ou=groups,o=MegaNova,c=US

#-# [Since 1.5RC1, XWikiLDAPAuthServiceImpl]
#-# only users not member of the following group can autheticate
# xwiki.authentication.ldap.exclude_group=cn=admin,ou=groups,o=MegaNova,c=US

#-# base DN for searches
xwiki.authentication.ldap.base_DN=ou=people,dc=xxx,dc=com

#-# Specifies the LDAP attribute containing the identifier to be used as 
the XWiki name (default=cn)
 xwiki.authentication.ldap.UID_attr=cn

#-# [Since 1.5M1, XWikiLDAPAuthServiceImpl]
#-# Specifies the LDAP attribute containing the password to be used 
"when xwiki.authentication.ldap.validate_password" is set to 1
xwiki.authentication.ldap.password_field=userPassword

#-# [Since 1.5M1, XWikiLDAPAuthServiceImpl]
#-# The potential LDAP groups classes. Separated by commas.
# 
xwiki.authentication.ldap.group_classes=group,groupOfNames,groupOfUniqueNames,dynamicGroup,dynamicGroupAux,groupWiseDistributionList

#-# [Since 1.5M1, XWikiLDAPAuthServiceImpl]
#-# The potential names of the LDAP groups fields containings the 
members. Separated by commas.
# xwiki.authentication.ldap.group_memberfields=member,uniqueMember

#-# retrieve the following fields from LDAP and store them in the XWiki 
user object (xwiki-attribute=ldap-attribute)
#-# ldap_dn=dn  -- dn is set by class, caches dn in XWiki.user object 
for faster access
xwiki.authentication.ldap.fields_mapping=last_name=sn,first_name=givenName,fullname=fullName,email=mail,ldap_dn=dn

#-# [Since 1.3M2, XWikiLDAPAuthServiceImpl]
#-# on every login update the mapped attributes from LDAP to XWiki 
otherwise this happens only once when the XWiki account is created.
xwiki.authentication.ldap.update_user=1

#-# [Since 1.3M2, XWikiLDAPAuthServiceImpl]
#-# mapps XWiki groups to LDAP groups, separator is "|"
# 
xwiki.authentication.ldap.group_mapping=XWiki.XWikiAdminGroup=cn=AdminRole,ou=groups,o=MegaNova,c=US|\
#                                         
XWiki.Organisation=cn=testers,ou=groups,o=MegaNova,c=US

#-# [Since 1.3M2, XWikiLDAPAuthServiceImpl]
#-# time in s after which the list of members in a group is refreshed 
from LDAP (default=3600*6)
# xwiki.authentication.ldap.groupcache_expiration=21800

#-# [Since 1.3M2, XWikiLDAPAuthServiceImpl]
#-# - create : synchronize group membership only when the user is first 
created
#-# - always: synchronize on every login
# xwiki.authentication.ldap.mode_group_sync=always

#-# [Since 1.3M2, XWikiLDAPAuthServiceImpl]
#-# if ldap authentication fails for any reason, try XWiki DB 
authentication with the same credentials
xwiki.authentication.ldap.trylocal=1

#-# [Since 1.3M2, XWikiLDAPAuthServiceImpl]
#-# SSL connection to LDAP server
#-# 0: normal
#-# 1: SSL
xwiki.authentication.ldap.ssl=0

#-# [Since 1.3M2, XWikiLDAPAuthServiceImpl]
#-# The keystore file to use in SSL connection
xwiki.authentication.ldap.ssl.keystore=

#-# [Since 1.5M1, XWikiLDAPAuthServiceImpl]
#-# The java secure provider used in SSL connection
# 
xwiki.authentication.ldap.ssl.secure_provider=com.sun.net.ssl.internal.ssl.Provider

java LDAP debug module exeption:
/
21:07:39,624 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] 
[http-8080-7] DEBUG LDAP.XWikiLDAPAuthServiceImpl   - LDAP 
authentication failed: login null
21:07:39,627 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] 
[http-8080-7] DEBUG ldap.XWikiLDAPConnection        - Connection to LDAP 
server [127.0.0.1:389]
21:07:39,641 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] 
[http-8080-7] DEBUG ldap.XWikiLDAPConnection        - Binding to LDAP 
server with credentials login=[cn=user1,ou=people,dc=xxx,dc=com ] 
password=[user1]
21:07:39,644 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] 
[http-8080-7] DEBUG LDAP.XWikiLDAPAuthServiceImpl   - Found user dn with 
the user object: cn=user1,ou=people,dc=xxx,dc=com
21:07:39,646 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] 
[http-8080-7] DEBUG LDAP.XWikiLDAPAuthServiceImpl   - LDAP attributes 
will be used to update XWiki attributes.
21:07:39,646 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] 
[http-8080-7] DEBUG ldap.XWikiLDAPConfig            - Ready to create 
user from LDAP with fields 
last_name=sn,first_name=givenName,fullname=fullName,email=mail,ldap_dn=dn
21:07:39,649 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] 
[http-8080-7] DEBUG LDAP.XWikiLDAPAuthServiceImpl   - Updating existing 
user with LDAP attribues located at cn=user1,ou=people,dc=xxx,dc=com
21:07:39,650 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] 
[http-8080-7] DEBUG ldap.XWikiLDAPConfig            - Ready to create 
user from LDAP with fields 
last_name=sn,first_name=givenName,fullname=fullName,email=mail,ldap_dn=dn
21:07:39,651 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] 
[http-8080-7] DEBUG LDAP.XWikiLDAPAuthServiceImpl   - Local LDAP 
authentication failed.
java.lang.NullPointerException
       at 
com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.updateUserFromLDAP(XWikiLDAPAuthServiceImpl.java:730)
       at 
com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.syncUser(XWikiLDAPAuthServiceImpl.java:497)
       at 
com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticateInContext(XWikiLDAPAuthServiceImpl.java:410)
       at 
com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWikiLDAPAuthServiceImpl.java:198)
       at 
com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.authenticate(XWikiLDAPAuthServiceImpl.java:149)
       at 
com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.authenticate(MyFormAuthenticator.java:239)
       at 
com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:165)
       at 
com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:148)
       at 
com.xpn.xwiki.user.impl.xwiki.XWikiAuthServiceImpl.checkAuth(XWikiAuthServiceImpl.java:205)
       at com.xpn.xwiki.XWiki.checkAuth(XWiki.java:3564)
       at 
com.xpn.xwiki.user.impl.xwiki.XWikiRightServiceImpl.checkAccess(XWikiRightServiceImpl.java:139)
       at com.xpn.xwiki.XWiki.checkAccess(XWiki.java:3572)
       at com.xpn.xwiki.XWiki.prepareDocuments(XWiki.java:4478)
       at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:190)
       at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:115)
       at 
org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:431)
       at 
org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:236)
       at 
org.apache.struts.action.ActionServlet.process(ActionServlet.java:1196)
       at 
org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:432)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
       at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
       at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
       at 
com.xpn.xwiki.wysiwyg.server.filter.ConversionFilter.doFilter(ConversionFilter.java:96)
       at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
       at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
       at 
com.xpn.xwiki.web.SavedRequestRestorerFilter.doFilter(SavedRequestRestorerFilter.java:287)
       at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
       at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
       at 
com.xpn.xwiki.web.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:112)
       at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
       at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
       at 
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
       at 
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
       at 
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
       at 
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
       at 
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
       at 
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
       at 
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845)
       at 
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
       at 
org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
       at java.lang.Thread.run(Thread.java:619)
21:07:39,653 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] 
[http-8080-7] DEBUG LDAP.XWikiLDAPAuthServiceImpl   - Trying 
authentication against XWiki DB/

In ldap logs:

/Oct 23 21:07:39 ubot slapd[4919]: conn=216 fd=11 ACCEPT from 
IP=127.0.0.1:41337 (IP=0.0.0.0:389)
Oct 23 21:07:39 ubot slapd[4919]: conn=216 op=0 BIND 
dn="cn=user1,ou=people,dc=xxx,dc=com" method=128
Oct 23 21:07:39 ubot slapd[4919]: conn=216 op=0 BIND 
dn="cn=user1,ou=people,dc=xxx,dc=com" mech=SIMPLE ssf=0
Oct 23 21:07:39 ubot slapd[4919]: conn=216 op=0 RESULT tag=97 err=0 text=
Oct 23 21:07:39 ubot slapd[4919]: conn=216 op=1 EXT oid=0.0.0.0
Oct 23 21:07:39 ubot slapd[4919]: do_extended: unsupported operation 
"0.0.0.0"
Oct 23 21:07:39 ubot slapd[4919]: conn=216 op=1 RESULT tag=120 err=2 
text=unsupported extended operation
Oct 23 21:07:39 ubot slapd[4919]: conn=216 op=2 BIND anonymous 
mech=implicit ssf=0
Oct 23 21:07:39 ubot slapd[4919]: conn=216 op=2 BIND 
dn="cn=user1,ou=people,dc=xxx,dc=com" method=128
Oct 23 21:07:39 ubot slapd[4919]: conn=216 op=2 BIND 
dn="cn=user1,ou=people,dc=xxx,dc=com" mech=SIMPLE ssf=0
Oct 23 21:07:39 ubot slapd[4919]: conn=216 op=2 RESULT tag=97 err=0 text=
Oct 23 21:07:39 ubot slapd[4919]: conn=216 op=3 SRCH 
base="cn=user1,ou=people,dc=xxx,dc=com" scope=0 deref=0 
filter="(objectClass=*)"
Oct 23 21:07:39 ubot slapd[4919]: conn=216 op=3 SRCH attr=sn givenName 
fullName mail dn
Oct 23 21:07:39 ubot slapd[4919]: conn=216 op=3 SEARCH RESULT tag=101 
err=0 nentries=1 text=
Oct 23 21:07:39 ubot slapd[4919]: conn=216 op=4 ABANDON msg=93
Oct 23 21:07:39 ubot slapd[4919]: conn=216 op=5 UNBIND
Oct 23 21:07:39 ubot slapd[4919]: conn=216 fd=11 closed

/Somebody can help me? Thanks and Greetings,
Bart

-- 
Bartłomiej Radziszewski
mobile: +48 509 561 540
e-mail: br(a)debian.linux.pl
JID: br(a)debian.linux.pl
ICQ: #305569725

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

[xwiki-users] ldap auth problem