19 Nov
2008
19 Nov
'08
8:44 a.m.
Hi Thomas,
Yes, there is an entry on this, but it looks like it doesn't find
anything.
ldap.XWikiLDAPUtils - Retrieving Members of the group:
cn=MSOE,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore
ldap.XWikiLDAPUtils - Found group
[cn=MSOE,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore]
members :{}
ldap.XWikiLDAPUtils - Retrieving Members of the group:
cn=Admin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore
ldap.XWikiLDAPUtils - Found group
[cn=Admin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore]
members :{}
ldap.XWikiLDAPUtils - Retrieving Members of the group:
cn=MedFabAdmin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore
ldap.XWikiLDAPUtils - Found group
[cn=MedFabAdmin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore]
members :{}
ldap.XWikiLDAPUtils - Retrieving Members of the group:
cn=MedFabUser,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore
ldap.XWikiLDAPUtils - Found group
[cn=MedFabUser,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore]
members :{}
The Admin-group in LDAP looks like this:
dn:
cn=Admin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore
DirXML-Associations:
cn=AUTH-IDV,cn=DriverSet,ou=IDM,ou=system,o=wlgore#1#{E21DA9D4-FD4F-944c-40BA-E21DA9D4FD4F}
equivalentToMe: cn=a12345,ou=associates,ou=users,o=wlgore
objectClass: groupOfNames
objectClass: Top
member: cn=a12345,ou=associates,ou=users,o=wlgore
description: XWiki Admin Group
cn: Admin
So I see no reason for it not finding the members. In regards to the group
cache, I already set it to 60s just to make sure it's being refreshed -
with no effect.
Thanks!
Thomas
"Thomas Mortagne" <thomas.mortagne(a)xwiki.com
Sent by: users-bounces(a)xwiki.org
18.11.2008 18:26
Please respond to
XWiki Users <users(a)xwiki.org>
To
"XWiki Users" <users(a)xwiki.org>
cc
Subject
Re: [xwiki-users] LDAP Groupmembers not updated to XWiki-Groups
Hi,
On Tue, Nov 18, 2008 at 5:39 PM, Thomas Zwitanowitsch
<tzwitano(a)wlgore.com> wrote:
XWiki.MSOEGroup=cn=MSOE,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore|\
XWiki.MedicalFabricsAdmGroup=cn=MedFabAdmin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore|\
XWiki.MedicalFabricsGroup=cn=MedFabUser,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore
Hi,
I've updated from 1.5.2 to 1.6.1. After this, I found all groups beeing
empty - so no users were there anymore.
As result I started mapping LDAP groups to XWiki groups to let XWiki
populate the memberships again - I was planning this anyway.
For some reason XWiki is not able to get the groups members and I cannot
understand why. Also it is not putting my user in the XWiki.AllGroup -
still my groups do not have any member.
Can you see "Retrieving Members of the group..." anywhere in the whole log
?
In your log I only see "Found group" which should means the group
cache already contains the group members.
This are the logs:
DEBUG LDAP.XWikiLDAPAuthServiceImpl - Updating existing user with LDAP
attribues located at cn=a12345,ou=associates,ou=users,o=wlgore
DEBUG ldap.XWikiLDAPConfig - Ready to create user from LDAP
with fields
last_name=sn,first_name=givenName,fullname=fullName,email=mail,ldap_dn=dn
DEBUG ldap.XWikiLDAPConfig - Groupmapping
found:
XWiki.XWikiAdminGroup
cn=Admin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore
DEBUG ldap.XWikiLDAPConfig - Groupmapping found:
XWiki.MSOEGroup
cn=MSOE,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore
DEBUG ldap.XWikiLDAPConfig - Groupmapping found:
XWiki.MedicalFabricsAdmGroup
cn=MedFabAdmin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore
DEBUG ldap.XWikiLDAPConfig - Groupmapping
found:
XWiki.MedicalFabricsGroup
cn=MedFabUser,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore
DEBUG LDAP.XWikiLDAPAuthServiceImpl - Updating group
membership for
the
user: tzwitano
DEBUG LDAP.XWikiLDAPAuthServiceImpl - The user belongs to following
XWiki groups:
DEBUG LDAP.XWikiLDAPAuthServiceImpl - XWiki.XWikiAllGroup
DEBUG LDAP.XWikiLDAPAuthServiceImpl - All defined XWiki groups:
DEBUG LDAP.XWikiLDAPAuthServiceImpl - XWiki.MSOEGroup
DEBUG LDAP.XWikiLDAPAuthServiceImpl - XWiki.MedicalFabricsAdmGroup
DEBUG LDAP.XWikiLDAPAuthServiceImpl - XWiki.MedicalFabricsGroup
DEBUG LDAP.XWikiLDAPAuthServiceImpl - XWiki.TrillrAdmin
DEBUG LDAP.XWikiLDAPAuthServiceImpl - XWiki.TrillrUser
DEBUG LDAP.XWikiLDAPAuthServiceImpl - XWiki.XWikiAdminGroup
DEBUG LDAP.XWikiLDAPAuthServiceImpl - XWiki.XWikiAllGroup
DEBUG ldap.XWikiLDAPUtils - Found group
[cn=MSOE,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore]
members :{}
DEBUG ldap.XWikiLDAPUtils - Found group
[cn=Admin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore]
members :{}
DEBUG ldap.XWikiLDAPUtils - Found group
[cn=MedFabAdmin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore]
members :{}
DEBUG ldap.XWikiLDAPUtils - Found group
[cn=MedFabUser,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore]
members :{}
This is my config:
#-# new LDAP authentication service
xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl
#-# Turn LDAP authentication on - otherwise only XWiki authentication
#-# 0: disable
#-# 1: enable
xwiki.authentication.ldap=1
#-# Force to check password after LDAP connection
#-# 0: disable
#-# 1: enable
xwiki.authentication.ldap.validate_password=0
#-# only members of the following group will be verified in the LDAP
# otherwise only users that are found after searching starting from the
base_DN
#xwiki.authentication.ldap.user_group=o=wlgore
#-# base DN for searches
#xwiki.authentication.ldap.base_DN=o=wlgore
#-# Specifies the LDAP attribute containing the identifier to be used as
the XWiki name (default=cn)
xwiki.authentication.ldap.UID_attr=uid
#-# [SINCE 1.5M1, XWikiLDAPAuthServiceImpl]
#-# Specifies the LDAP attribute containing the password to be used
"when
xwiki.authentication.ldap.validate_password" is
set to 1
# xwiki.authentication.ldap.password_field=userPassword
#-# [SINCE 1.5M1, XWikiLDAPAuthServiceImpl]
#-# The potential LDAP groups classes. Separated by commas.
xwiki.authentication.ldap.group_classes=group,groupOfNames,groupOfUniqueNames,dynamicGroup,dynamicGroupAux,groupWiseDistributionList,Top
#xwiki.authentication.ldap.group_classes=groupOfNames,Top,groupOfNames
#-# [SINCE 1.5M1, XWikiLDAPAuthServiceImpl]
#-# The potential names of the LDAP groups fields containings the
members.
Separated by commas.
xwiki.authentication.ldap.group_memberfields=member,equivalentToMe
#-# retrieve the following fields from LDAP and store them in the XWiki
user object (xwiki-attribute=ldap-attribute)
#-# ldap_dn=dn -- dn is set by class, caches dn in XWiki.user object
for
faster access
xwiki.authentication.ldap.fields_mapping=last_name=sn,first_name=givenName,fullname=fullName,email=mail,ldap_dn=dn
#-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl]
#-# on every login update the mapped attributes from LDAP to XWiki
otherwise this happens only once when the XWiki account is created.
xwiki.authentication.ldap.update_user=1
#-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl]
#-# mapps XWiki groups to LDAP groups, separator is "|"
xwiki.authentication.ldap.group_mapping=XWiki.XWikiAdminGroup=cn=Admin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore|\
#-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl]
#-# time in s after which the list of members in a group is refreshed
from
LDAP (default=3600*6)
xwiki.authentication.ldap.groupcache_expiration=60
#-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl]
#-# - create : synchronize group membership only when the user is first
created
#-# - always: synchronize on every login
xwiki.authentication.ldap.mode_group_sync=always
#-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl]
#-# if ldap authentication fails for any reason, try XWiki DB
authentication with the same credentials
xwiki.authentication.ldap.trylocal=1
Thanks!
Thomas
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
--
Thomas Mortagne
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users