8 Oct
2008
8 Oct
'08
11:57 a.m.
On Wed, Oct 8, 2008 at 11:51 AM, Thomas Mortagne
<thomas.mortagne(a)xwiki.com> wrote:
--
Thomas Mortagne
On Tue, Oct 7, 2008 at 8:17 PM, Jamison Novak
<JNovak(a)mltvacations.com> wrote:
I think i found something, i'm fixing and committing and you will be
able to test if it's working for you with a 1.6-SNAPSHOT version.
Hi Thomas,
Thanks, as always, for the reply.
I would like to know too ;)
Shouldn't your base_DN be
xwiki.authentication.ldap.base_DN=dc=NNNNN,dc=com as your bind_DN
does not seems included in it ?
Our bind user isn't really a user, so I specified the base_DN in such a
way that only real people are included in the search. I've modified it
as you suggested, but it had no effect.
I have the DEBUG log enabled already, which is how I got the information
for my initial question. It is not altogether helpful, though.
Since XE 1.6, the default LDAP authenticator is
XWikiLDAPAuthServiceImpl as you can see in the log.
I have that specifically enabled in both my 1.5 and 1.6 xwiki.cfg file.
#-# new LDAP authentication service
xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAut
hServiceImpl
With that enabled, our 1.5.2.12758 install of XWiki successfully
authenticates against our Active Directory domain. It binds, it
authenticates me, and logs me in.
Our 1.6.13286 install does not.
I think the problem is that, with the 1.6 installation, it is not
binding to the AD server while the 1.5 install is.
12:58:07,674 [http://wiki-dev/bin/loginsubmit/XWiki/XWikiLogin]
[resin-tcp-connection-127.0.0.1:6808-1] DEBUG
LDAP.XWikiLDAPAuthServiceImpl
- Found user dn with the user object: null
[ ... ]
12:58:07,741 [http://wiki-dev/bin/loginsubmit/XWiki/XWikiLogin]
[resin-tcp-connection-127.0.0.1:6808-1] DEBUG
ldap.XWikiLDAPConnection
- LDAP Search failed
LDAPException: No Such Object (32) No Such Object
LDAPException: Server Message: 0000208D: NameErr: DSID-031001A8,
problem 2001
(NO_OBJECT), data 0, best match of:
''
^@
LDAPException: Matched DN:
at com.novell.ldap.LDAPResponse.getResultException(Unknown
Source)
at com.novell.ldap.LDAPResponse.chkResultCode(Unknown Source)
at com.novell.ldap.LDAPSearchResults.next(Unknown Source)
at
com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.searchLDAP(XWikiLDAPConnec
tion.java:270)
at
com.xpn.xwiki.plugin.ldap.XWikiLDAPUtils.searchUserAttributesByUid(XWiki
LDAPUtils.java:507)
at
com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticateIn
Context(XWikiLDAPAuthServiceImpl.java:338)
[ ... ]
In the 1.5 DEBUG log, the "Found user dn" log line returns the proper
information, rather than "null". (See my previous message).
What I want to know is why it succeeds in 1.5, but fails in 1.6 - both
using the same xwiki.cfg settings for all things LDAP. The DEBUG log is
not helping me understand why exactly it's failing.
The ONLY thing I can think of is that the space in "Service Accounts" in
our bind_DN is causing it to break under 1.6.
xwiki.authentication.ldap.bind_DN=cn=svc_webapp,ou=Service
Accounts,dc=MLT,dc=inc
Is that possible? Can you think of any other reasons why it would be
failing? Both instances are running on the same server, just obviously
not the same Java/Resin instance.
I don't think that's the problem no... but there something weird in your log:
LDAP: user:jnovak base:
query:(sAMAccountName=jnovak) uid:sAMAccountName
the base DN should be printed here so I think that's the problem: the
search is done with an empty base DN. My guess is that it's a bug
introduced in 1.6 but every unit test pass on this...
I'm searching a little more...
Confused,
Jamie
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
--
Thomas Mortagne