On Thu, Jun 14, 2012 at 3:18 PM, Patrycja Suchomska
<szablowska.patrycja(a)gmail.com> wrote:
You sure
it's exactly the same ? I don't see how you can get "Binding
to LDAP server with credentials login=[cn=xwiki]" with this
configuration. It should indeicate
"login=[uid=xwiki,ou=People,dc=debuntu,dc=local]".
Maybe you have some configuration set in
XWiki.XWikiPreferences page
which override what you have in xwiki.cfg, did you tried the LDAP UI
before seting xwiki.cfg ?
You're right, I've tried the LDAP UI before setting the xwiki.cfg. I
removed it, but it seems that XWiki still stores those settings
somewhere. I uninstalled it earlier in web interface and even removed
directories such as
/var/lib/xwiki/data/extension/repository/org.xwiki.platform%3Axwiki-platform-ldap-ui/
and
/var/lib/xwiki/data/extension/repository/org.xwiki.platform%3Axwiki-platform-ldap-api/.
LDAP UI extension disappeared in web administration. But still I could
see in catalina.out that message "Binding to LDAP server with
credentials login=[cn=xwiki]", despite the fact my xwiki.cfg was
different.
I did 'locate ldap | grep xwiki' on serrver to find where it may be.
The only things it found are:
/usr/lib/xwiki/WEB-INF/lib/jldap-4.3.jar
/var/cache/tomcat6/Catalina/localhost/xwiki/aether-repository/com/novell/ldap
/var/cache/tomcat6/Catalina/localhost/xwiki/aether-repository/com/novell/ldap/jldap
/var/cache/tomcat6/Catalina/localhost/xwiki/aether-repository/com/novell/ldap/jldap/4.3
/var/cache/tomcat6/Catalina/localhost/xwiki/aether-repository/com/novell/ldap/jldap/4.3/_maven.repositories
/var/cache/tomcat6/Catalina/localhost/xwiki/aether-repository/com/novell/ldap/jldap/4.3/jldap-4.3.pom
/var/cache/tomcat6/Catalina/localhost/xwiki/aether-repository/com/novell/ldap/jldap/4.3/jldap-4.3.pom.sha1
I have no idea where does LDAP UI store its configuration.
As I said, it's in the XWiki.XWikiPreferences page. Go to
http://yourdomain/xwiki/bin/edit/XWiki/XWikiPreferences?editor=object,
you should find some LDAP properties at the end of the
XWikiPreferences object.
Anyway, after your response, I've tried to install and configure XWiki
UI again (since I'm unable to fully remove its configuration),
according to your proposals. I got different output in catalina.out,
but still no luck:
2012-06-14 14:54:21,163
[
http://10.1.0.220:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] TRACE
u.i.L.XWikiLDAPAuthServiceImpl - Starting LDAP authentication
2012-06-14 14:54:21,173
[
http://10.1.0.220:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG
c.x.x.p.l.XWikiLDAPConfig - ldap_group_classes: [groupofnames,
groupwisedistributionlist, dynamicgroup, dynamicgroupaux,
groupofuniquenames, group]
2012-06-14 14:54:21,173
[
http://10.1.0.220:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG
c.x.x.p.l.XWikiLDAPConfig - ldap_group_memberfields: [member,
uniquemember]
2012-06-14 14:54:21,200
[
http://10.1.0.220:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG
c.x.x.p.l.XWikiLDAPConnection - Connection to LDAP server
[127.0.0.1:389]
2012-06-14 14:54:21,209
[
http://10.1.0.220:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG
c.x.x.p.l.XWikiLDAPConnection - Binding to LDAP server with
credentials login=[uid=xwiki,ou=People,dc=debuntu,dc=local]
2012-06-14 14:54:21,244
[
http://10.1.0.220:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG
u.i.L.XWikiLDAPAuthServiceImpl - Local LDAP authentication failed.
com.xpn.xwiki.plugin.ldap.XWikiLDAPException: Error number 0 in 5:
LDAP bind failed with LDAPException.
Wrapped Exception: Invalid Credentials
at
com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:172)
~[xwiki-platform-legacy-oldcore-4.0.jar:na]
at
com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:101)
~[xwiki-platform-legacy-oldcore-4.0.jar:na]
at
com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticateInContext(XWikiLDAPAuthServiceImpl.java:305)
[xwiki-platform-legacy-oldcore-4.0.jar:na]
(exception same as before)
2012-06-14 14:54:21,245
[
http://10.1.0.220:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG
u.i.L.XWikiLDAPAuthServiceImpl - Trying authentication against XWiki
DB
2012-06-14 14:54:21,276
[
http://10.1.0.220:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG
u.i.L.XWikiLDAPAuthServiceImpl - LDAP authentication failed for user
[xwiki]
2012-06-14 14:54:21,356
[
http://10.1.0.220:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] WARN
o.x.v.i.DefaultVelocityEngine - Deprecated usage of method
[com.xpn.xwiki.api.XWiki.parseMessage] in /templates/login.vm@29,33
And here's my detailed configuration in XWiki's LDAP UI, as (like I
said) I didn't manage to remove it fully (and use xwiki.cfg instead):
LDAP
Yes
LDAP SERVER ADDRESS
127.0.0.1
LDAP SERVER PORT
389
LDAP LOGIN MATCHING
uid={0},ou=People,dc=debuntu,dc=local
LDAP PASSWORD MATCHING
{1}
RESTRICT TO GROUP
LDAP GROUP TO EXCLUDE
LDAP BASE DN
ou=People,dc=debuntu,dc=local
LDAP UID ATTRIBUTE NAME
uid
TRY LOCAL LOGIN
Yes
UPDATE USER FROM LDAP AFTER LOGIN
Yes
LDAP USER FIELDS MAPPING
name -> uid
last_name -> uid
first_name -> uid
fullname -> uid
LDAP GROUPS MAPPING
LDAP GROUPS CACHE EXPIRATION
WHEN TO SYNCHRONIZE LDAP GROUPS
At each authentication of a user
Is this wrong, or perhaps should I use only xwiki.cfg? If so, do you
know where can I find Xwiki's LDAP UI configuration files?
All I can say is that XWiki connect to an LDAP server with host
127.0.0.1 and port 389, try to bind (authenticate) with DN
"uid=xwiki,ou=People,dc=debuntu,dc=local" and the password you provide
in the form and the LDAP server is answering that it's wrong.
Since the DN seems ok according to the ldapsearch you did then the
issue probably comes from the password. You should try to connect with
those credential with an LDAP client, you can find some listed on
http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication#HLDAPAut….
You might try to look at OpenLDAP log (I don't know OpenLDAP very well
so I don't know exactly where you can find it but I would bet for
/var/log/... if you installed it with apt-get).
Thanks
Patricia
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
--
Thomas Mortagne