16 Nov
2009
16 Nov
'09
2:39 p.m.
On Mon, Nov 16, 2009 at 13:31, Paul Rijnhout
<prijnhout(a)megagrouptrade.com> wrote:
HI Thomas,
Thanks for your reply. I'm using 2.0.3, freshly installed, no other pages imported or
loaded, just the default Xwiki XAR, and this is the result.
I think the jldap automatic referral support support only anonymous
access to referals. Does
ldap://ForestDnsZones.mega.local/DC=ForestDnsZones,DC=mega,DC=local
login/password ? That maybe would explain. If that's the case would be
great if you could create an issue on http://jira.xwiki.org about
referral with authentication support.
What is weird is that error message seems to indicate that automatic
referral support is not enabled ("referral following is off"), i would
need to test it more when i can find some time.
Met vriendelijke groet/Best regards,
Paul Rijnhout
ICT Manager
-----Oorspronkelijk bericht-----
Van: users-bounces(a)xwiki.org [mailto:users-bounces@xwiki.org] Namens Thomas Mortagne
Verzonden: zaterdag 14 november 2009 18:24
Aan: XWiki Users
Onderwerp: Re: [xwiki-users] LDAP Authentication fails with AD
Hi,
On Sat, Nov 14, 2009 at 10:19, Paul Rijnhout
<prijnhout(a)megagrouptrade.com> wrote:
--
Thomas Mortagne
Hello,
I seem to have a LDAP configuration problem which I can not solve. I'm tryin gto
authenticate to a AD Windows 2008 domain. The domain is standard one forest, one domain
named mega.local. I;ve configured xwiki.cfg according instructions with:
#-------------------------------------------------------------------------------------
# LDAP
#-------------------------------------------------------------------------------------
#-# new LDAP authentication service
xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl
#-# Turn LDAP authentication on - otherwise only XWiki authentication
#-# 0: disable
#-# 1: enable
xwiki.authentication.ldap=1
#-# LDAP Server (Active Directory, eDirectory, OpenLDAP, etc.)
xwiki.authentication.ldap.server=hf-dom02.mega.local
xwiki.authentication.ldap.port=389
#-# LDAP login, empty = anonymous access, otherwise specify full dn
#-# {0} is replaced with the username, {1} with the password
xwiki.authentication.ldap.bind_DN=mega\\sa_ad
xwiki.authentication.ldap.bind_pass=.....
#-# Force to check password after LDAP connection
#-# 0: disable
#-# 1: enable
xwiki.authentication.ldap.validate_password=0
#-# only members of the following group will be verified in the LDAP
#-# otherwise only users that are found after searching starting from the base_DN
# xwiki.authentication.ldap.user_group=cn=Users
#-# [Since 1.5RC1, XWikiLDAPAuthServiceImpl]
#-# only users not member of the following group can autheticate
# xwiki.authentication.ldap.exclude_group=cn=admin,ou=groups,o=MegaNova,c=US
#-# base DN for searches
xwiki.authentication.ldap.base_DN=dc=mega,dc=local
#-# Specifies the LDAP attribute containing the identifier to be used as the XWiki name
(default=cn)
xwiki.authentication.ldap.UID_attr=saAMAccountName
It's sAMAccountName, maybe you did a wrong copy past in the mail
But all searches failed with the following error. Anyone ideas left?
2009-11-13 13:53:47,157 [http://ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin]
[http://ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin<http://ict.mega.l…]
INFO .AbstractXWikiMigrationManager - No storage migration required since current
version is [15429]
2009-11-13 13:53:48,735 [http://ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin]
[http://ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin<http://ict.mega.l…]
DEBUG LDAP.XWikiLDAPAuthServiceImpl - The provided user is null. We don't try to
authenticate, it probably means the user is in non logged mode.
2009-11-13 13:53:48,735 [http://ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin]
[http://ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin<http://ict.mega.l…]
DEBUG ldap.XWikiLDAPConfig - ldap_group_classes: [groupofnames,
groupwisedistributionlist, dynamicgroup, dynamicgroupaux, groupofuniquenames, group]
2009-11-13 13:53:48,735 [http://ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin]
[http://ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin] DEBUG ldap.XWikiLDAPConfig
- ldap_group_memberfields: [member,
uniquemember<http://ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin%5d%20%5bhttp:/ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin%5d%20DEBUG%20ldap.XWikiLDAPConfig%20 -%20ldap_group_memberfields:%20%5bmember,%20uniquemember>]
2009-11-13 13:53:48,767 [http://ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin]
[http://ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin<http://ict.mega.l…]
DEBUG ldap.XWikiLDAPConnection - Connection to LDAP server
[hf-dom02.mega.local:389]
2009-11-13 13:53:48,782 [http://ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin]
[http://ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin<http://ict.mega.l…]
DEBUG ldap.XWikiLDAPConnection - Binding to LDAP server with credentials
login=[mega\sa_ad]
2009-11-13 13:53:48,813 [http://ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin]
[http://ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin<http://ict.mega.l…]
DEBUG ldap.XWikiLDAPUtils - Searching for the user in LDAP: user:p.rijnhout
base:dc=mega,dc=local query:(saAMAccountName=p.rijnhout) uid:saAMAccountName
2009-11-13 13:53:48,813 [http://ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin]
[http://ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin] DEBUG ldap.XWikiLDAPConnection
- LDAP search:
baseDN=[dc=mega,dc=local<http://ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin%5d%20%5bhttp:/ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin%5d%20DEBUG%20ldap.XWikiLDAPConnection%20 -%20LDAP%20search:%20baseDN=%5bdc=mega,dc=local>]
query=[(saAMAccountName=p.rijnhout)] attr=[[sn, givenName, mail]] ldapScope=[2]
2009-11-13 13:53:48,829 [http://ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin]
[http://ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin<http://ict.mega.l…]
DEBUG ldap.XWikiLDAPConnection - LDAP Search failed
LDAPReferralException: Search result reference received, and referral following is off
(10) Referral
Looks like the result is in another LDAP server (a referral), a
partial support of LDAP referrals has been added in XWiki 2.0.3, if
you are using older version that's why it's not working for you.
LDAPReferralException: Referral:
ldap://ForestDnsZones.mega.local/DC=ForestDnsZones,DC=mega,DC=local
at com.novell.ldap.LDAPSearchResults.next(Unknown Source)
at com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.searchLD
Met vriendelijke groet/Best regards,
Paul Rijnhout
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
--
Thomas Mortagne
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users