On Wed, Apr 30, 2008 at 11:55 AM, werner mueller
<werner.mueller(a)mimacom.ch> wrote:
Hallo
thanks for the reply.
back to stupid questions:
> #-# LDAP login, empty = anonymous access, otherwise specify full dn
> #-# {0} is replaced with the username, {1} with the password
> #xwiki.authentication.ldap.bind_DN=cn={0},department=USER,o=MP
> #xwiki.authentication.ldap.bind_pass={1}
{0} is the username from the login form in xwiki?
{1} is the password from the login form in xwiki?
Yes, you really write "{0}" and "{1}" in the configuration and it
will
be replaced at runtime by user/pass provided by user in the login
form.
or are these documentation placeholders to be
filled in the config file
directly?
thanks :)
regards
werner
Thomas Mortagne schrieb:
> On Tue, Apr 29, 2008 at 1:30 PM, werner mueller
> <werner.mueller(a)mimacom.ch> wrote:
>> Hallo
>>
>> thanks for the hints.
>>
>> i tried some other configurations but with no luck. it seems not every
>> user is allowed to query the ldap structure. i have to use a special
>> user/password to bind xwiki to the active directory. that user can login
>> but thats not a solution. aloow everyone to query the ad is not an
>> option for us.
>>
>> has anyone a working active directory config he or she could share?
>>
>> is it possible to trick xwiki to use a different user to bind to the AD
>> and then use username/password from login to process the login?
>> i've been doing similar things for bugzilla/ldap using LDAPbinddn =
>>
cn=<LDAPQUERYUSERNAME>,cn=Users,dc=domain,dc=com:<LDAPQUERYPASSWORD>
>
> Yes and it's the default way to work for LDAP authenticator. You can
> see in default xwiki.cfg :
>
> #-# LDAP login, empty = anonymous access, otherwise specify full dn
> #-# {0} is replaced with the username, {1} with the password
>
#xwiki.authentication.ldap.bind_DN=cn={0},department=USER,department=INFORMATIK,department=1230,o=MP
> #xwiki.authentication.ldap.bind_pass={1}
>
> So in your case it would be :
> xwiki.authentication.ldap.bind_DN=cn={0},cn=Users,dc=domain,dc=com
> xwiki.authentication.ldap.bind_pass={1}
>
>> btw: yes i am sure its version 1.3.2.9174. its the one copy pasted from
>> xwiki. unless its not correct there but that would be weird.
>>
>>
>> any hints or examples would be cool :)
>> thanks a lot
>>
>> regards
>>
>> werner
>>
>>
>>
>> Thomas Mortagne schrieb:
>> > Also I think
http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication#HLDAPCon…
>> > is based in old LDAP authenticator (see
>> >
http://platform.xwiki.org/xwiki/bin/view/AdminGuide/AuthenticationLdapOld).
>> >
>> > On Thu, Apr 17, 2008 at 7:35 PM, Thomas Mortagne
>> > <thomas.mortagne(a)xwiki.com> wrote:
>> >> Hi,
>> >>
>> >>
>> >>
>> >> On Thu, Apr 17, 2008 at 7:02 PM, werner mueller
>> >> <werner.mueller(a)mimacom.ch> wrote:
>> >> > hallo
>> >> >
>> >> > i am currently trying to setup xwiki on taomcat 5.5/mysql.
until now its
>> >> > doing quite well :)
>> >> >
>> >> > my next step is to get ldap authentication against an active
directory
>> >> > working. i followed
>> >> >
http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication#HLDAPCon…
>> >> > and some postings on the mailing list but i cant get it to
work.
>> >> >
>> >> > i either end up with:
>> >> > com.xpn.xwiki.plugin.ldap.XWikiLDAPException: Error number 0
in 5: LDAP
>> >> > bind failed with LDAPException.
>> >> > Wrapped Exception: Invalid Credentials
>> >> >
>> >> > or worse (with in my eyes the propper config):
>> >> > WARN LDAP.XWikiLDAPAuthS
>> >> > erviceImpl - LDAP authentication failed.
>> >> > java.lang.NullPointerException
>> >> > at
>> >> >
com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWikiLDAPAuthServiceImpl.java:256)
>> >> > at
>> >> >
com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.authenticate(XWikiLDAPAuthServiceImpl.java:107)
>> >> > at
>> >> >
com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.authenticate(MyFormAuthenticator.java:194)
>> >> > at
>> >> >
com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:127)
>> >> > at
>> >> >
com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:112)
>> >> > at
>> >> >
com.xpn.xwiki.user.impl.xwiki.XWikiAuthServiceImpl.checkAuth(XWikiAuthServiceImpl.java:214)
>> >> > at com.xpn.xwiki.XWiki.checkAuth(XWiki.java:3307)
>> >> > at
>> >> >
com.xpn.xwiki.user.impl.xwiki.XWikiRightServiceImpl.checkAccess(XWikiRightServiceImpl.java:136)
>> >> > at com.xpn.xwiki.XWiki.checkAccess(XWiki.java:3315)
>> >> > at
com.xpn.xwiki.XWiki.prepareDocuments(XWiki.java:4259)
>> >> > at
com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:173)
>> >> > ...
>> >>
>> >> Could you copy/paste your configuration.
>> >>
>> >>
>> >> >
>> >> >
>> >> > i've done ldap auth on several other tools
(apache/subversion,
>> >> > bugzilla). there i used two accounts: one allowed to bind to
the active
>> >> > directory and do searches and the useraccount itself.
>> >> >
>> >> > in the xwiki config i can only see the user logging in is used
to bind
>> >> > to the ldap server?
>> >>
>> >> You can define a user able to bind to the active directory using
>> >> "bind_DN" and "bind_pass" properties and it will
search for provided
>> >> login in ldap based on "UID_attr" property
>> >>
>> >>
>> >> >
>> >> >
>> >> > is the documentation current for xwiki 1.3.2.9174? or can
someone give
>> >> > me a hint to make this work?
>> >>
>> >> Are you sure you use xwiki-core 1.3.2 version, I can't find in
the
>> >> code what could make NullPointerException at
>> >> XWikiLDAPAuthServiceImpl.java:256
>> >>
>> >>
>> >> >
>> >> >
>> >> > thanks a lot
>> >> > regards
>> >> >
>> >> > werner
>> >> >
>> >> > _______________________________________________
>> >> > users mailing list
>> >> > users(a)xwiki.org
>> >> >
http://lists.xwiki.org/mailman/listinfo/users
>> >> >
>> >>
>> >>
>> >>
>> >> --
>> >> Thomas Mortagne
>> >>
>> >
>> >
>> >
>>
>> _______________________________________________
>> users mailing list
>> users(a)xwiki.org
>>
http://lists.xwiki.org/mailman/listinfo/users
>>
>
>
>
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users