7 Oct
2008
7 Oct
'08
8:17 p.m.
Hi Thomas,
Thanks, as always, for the reply.
Shouldn't your base_DN be
xwiki.authentication.ldap.base_DN=dc=NNNNN,dc=com as your bind_DN
does not seems included in it ?
Our bind user isn't really a user, so I specified the base_DN in such a
way that only real people are included in the search. I've modified it
as you suggested, but it had no effect.
I have the DEBUG log enabled already, which is how I got the information
for my initial question. It is not altogether helpful, though.
Since XE 1.6, the default LDAP authenticator is
XWikiLDAPAuthServiceImpl as you can see in the log.
I have that specifically enabled in both my 1.5 and 1.6 xwiki.cfg file.
#-# new LDAP authentication service
xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAut
hServiceImpl
With that enabled, our 1.5.2.12758 install of XWiki successfully
authenticates against our Active Directory domain. It binds, it
authenticates me, and logs me in.
Our 1.6.13286 install does not.
I think the problem is that, with the 1.6 installation, it is not
binding to the AD server while the 1.5 install is.
12:58:07,674 [http://wiki-dev/bin/loginsubmit/XWiki/XWikiLogin]
[resin-tcp-connection-127.0.0.1:6808-1] DEBUG
LDAP.XWikiLDAPAuthServiceImpl
- Found user dn with the user object: null
[ ... ]
12:58:07,741 [http://wiki-dev/bin/loginsubmit/XWiki/XWikiLogin]
[resin-tcp-connection-127.0.0.1:6808-1] DEBUG
ldap.XWikiLDAPConnection
- LDAP Search failed
LDAPException: No Such Object (32) No Such Object
LDAPException: Server Message: 0000208D: NameErr: DSID-031001A8,
problem 2001
(NO_OBJECT), data 0, best match of:
''
^@
LDAPException: Matched DN:
at com.novell.ldap.LDAPResponse.getResultException(Unknown
Source)
at com.novell.ldap.LDAPResponse.chkResultCode(Unknown Source)
at com.novell.ldap.LDAPSearchResults.next(Unknown Source)
at
com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.searchLDAP(XWikiLDAPConnec
tion.java:270)
at
com.xpn.xwiki.plugin.ldap.XWikiLDAPUtils.searchUserAttributesByUid(XWiki
LDAPUtils.java:507)
at
com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticateIn
Context(XWikiLDAPAuthServiceImpl.java:338)
[ ... ]
In the 1.5 DEBUG log, the "Found user dn" log line returns the proper
information, rather than "null". (See my previous message).
What I want to know is why it succeeds in 1.5, but fails in 1.6 - both
using the same xwiki.cfg settings for all things LDAP. The DEBUG log is
not helping me understand why exactly it's failing.
The ONLY thing I can think of is that the space in "Service Accounts" in
our bind_DN is causing it to break under 1.6.
xwiki.authentication.ldap.bind_DN=cn=svc_webapp,ou=Service
Accounts,dc=MLT,dc=inc
Is that possible? Can you think of any other reasons why it would be
failing? Both instances are running on the same server, just obviously
not the same Java/Resin instance.
Confused,
Jamie