8 May
2008
8 May
'08
2:25 p.m.
Uncommenting xwiki.authentication.ldap.validate_password=0 did
nothing.
About ".".
In version 1.1.2, there was no problem connecting to AD using CN
attribute (name surname), and user was automatically created in
XWikiAllGroup. So this is strange that in the newer version that
doesn't work.
Also, nothing changed in our AD. I still can login in XWiki 1.1.2 and
LDAP browser, for example, in both cases using my CN.
Quoting Thomas Mortagne : Try to uncomment
xwiki.authentication.ldap.validate_password=0
You should not have 5 as this is used to force login/pass validation
when you don't connect to LDAP with provided user/pass (bind_DN and
bind_pass set to an existing ldap user/pass)
Another thing, in your example you seem to test with a user name
containing a ".", the LDAP authenticator does not support it yet,
see
http://jira.xwiki.org/jira/browse/XWIKI-2264
2008/5/8 Mihails Agafonovs :
(00002080:
xwiki.authentication.ldap.user_group=ou=Riga,ou=LAT,dc=domain,dc=com
xwiki.authentication.ldap.fields_mapping=name=cn,last_name=sn,first_name=givenName,fullname=fullName,email=mail,ldap_dn=dn
xwiki.authentication.ldap.group_mapping=XWiki.XWikiAdminGroup=ou=Riga,ou=LAT,dc=GDNEurope,dc=com|
http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication,
xwiki.authentication.ldap.fields_mapping=name=sAMAccountName,last_name=sn,first_name=givenName,fullname=displayName,mail=mail,ldap_dn=dn
Here's a pice from xwiki.log:
-----------------------------------------------
java.lang.NullPointerException
at
com.xpn.xwiki.plugin.lucene.IndexUpdater.run(IndexUpdater.java:209)
at java.lang.Thread.run(Thread.java:619)
2008-05-07 14:11:31,078 [index updating thread] [Thread-20] ERROR
lucene.IndexUpdater - Writer not open and closeWriter
called
2008-05-07 14:15:49,735
[http://192.168.220.128/xwiki/bin/view/Main]
[TP-Processor3] INFO .AbstractXWikiMigrationManager
- No
storage
migration required since current version is [7351]
2008-05-07 14:17:37,228
[http://192.168.220.128/xwiki/bin/loginsubmit/XWiki/XWikiLogin]
[TP-Processor3] ERROR LDAP.LDAPAuthServiceImpl - LDAP Bind
failed with Exception Invalid Credentials
2008-05-07 14:20:29,787
[http://192.168.220.128/xwiki/bin/view/Main]
[TP-Processor3] INFO .AbstractXWikiMigrationManager
- No
storage
migration required since current version is [7351]
2008-05-07 14:25:32,020 [index updating thread] [Thread-20] ERROR
lucene.IndexUpdater - IOException when opening Lucene
Index for writing at
/var/lib/tomcat5/webapps/xwiki/WEB-INF/work/lucene
-------------------------------------------------------------------------------------
And from Wireshark it's the same I pasted in a previous mail. I
can
add the function sequence watched via Wireshark:
1) bindRequest() with domainname.surname
2) bindresponse() - success
3) searchRequest() with dc=domain, dc=com,
sAMAccountName=name.surname
4) searchResEntry() - returns my full correct dn
5) compareRequest() with my full dn and userPassword=mypass
6) LDAP error about no such attribute userPassword
7) unbindRequest()
Quoting Thomas Mortagne : Could be you paste the whole error log
?
2008/5/8 Mihails Agafonovs :
> Again, the same error from LDAP:
>
> LDAPMessage compareResponse(7) noSuchAttribute (00002080:
AtrErr:
>
> DSID-03080139, #1:
> 0: 00002080: DSID-03080139, problem 1001
(NO_ATTRIBUTE_OR_VAL),
data
> 0, Att 23 (userPassword)
> )
>
> Quoting Thomas Mortagne : 2008/5/7 Mihails Agafonovs
> <_muxa(a)inbox.lv>box.lv>:
> > Hi!
> >
> > I've been trying to setup LDAP connection on XWiki
1.3.2.
Using
> Wireshark, I've discovered, that LDAP performs
unbindRequest()
> after
> > the following error:
> >
> > LDAPMessage compareResponse(3) noSuchAttribute AtrErr:
> DSID-03080139, #1:
> 0: 00002080: DSID-03080139, problem 1001
(NO_ATTRIBUTE_OR_VAL), data
> 0, Att 23 (userPassword)
> )
> Here is the configuration:
>
> ----------------------------------------------
> xwiki.authentication.ldap=1
> xwiki.authentication.ldap.server=my.domain.com
> xwiki.authentication.ldap.port=389
> xwiki.authentication.ldap.bind_DN={0}
> xwiki.authentication.ldap.bind_pass={1}
> # xwiki.authentication.ldap.validate_password=0
>
>
xwiki.authentication.ldap.base_DN=dc=domain,dc=com
> xwiki.authentication.ldap.UID_attr=cn
>
> #
xwiki.authentication.ldap.update_user=1
>
> >
> >
XWiki.Organisation=cn=testers,ou=groups,o=MegaNova,c=US
> > #
xwiki.authentication.ldap.groupcache_expiration=21800
> #
xwiki.authentication.ldap.mode_group_sync=always
> xwiki.authentication.ldap.trylocal=1
I don't know AD very well but,according to
should't
be:
xwiki.authentication.ldap.bind_DN=subdomain{0}
xwiki.authentication.ldap.UID_attr=sAMAccountName
> ?
> > ------------------------------------------------------
> >
> > Any ideas?
> >
> > P.S. If I use in the login form
name.surname(a)domain.com or
> > domainname.surname as a username, I
can login, but
without
any
--
Thomas Mortagne
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
Ar cieņu, Mihails
Links:
------
[1] mailto:thomas.mortagne@xwiki.com
> rights.
>
> Ar cieņu, Mihails
> _______________________________________________
> users mailing list
> users(a)xwiki.org
> http://lists.xwiki.org/mailman/listinfo/users
>
--
Thomas Mortagne
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
Ar cieņu, Mihails
Links:
------
[1] mailto:thomas.mortagne@xwiki.com
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
--
Thomas Mortagne
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
Ar cieņu, Mihails
Links:
------
[1] mailto:thomas.mortagne@xwiki.com
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users