Re: [xwiki-users] LDAP Authentication fails with AD

Hello, I seem to have a LDAP configuration problem which I can not solve. I'm tryin gto authenticate to a AD Windows 2008 domain. The domain is standard one forest, one domain named mega.local. I;ve configured xwiki.cfg according instructions with: #------------------------------------------------------------------------------------- # LDAP #------------------------------------------------------------------------------------- #-# new LDAP authentication service xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl #-# Turn LDAP authentication on - otherwise only XWiki authentication #-# 0: disable #-# 1: enable xwiki.authentication.ldap=1 #-# LDAP Server (Active Directory, eDirectory, OpenLDAP, etc.) xwiki.authentication.ldap.server=hf-dom02.mega.local xwiki.authentication.ldap.port=389 #-# LDAP login, empty = anonymous access, otherwise specify full dn #-# {0} is replaced with the username, {1} with the password xwiki.authentication.ldap.bind_DN=mega\\sa_ad xwiki.authentication.ldap.bind_pass=..... #-# Force to check password after LDAP connection #-# 0: disable #-# 1: enable xwiki.authentication.ldap.validate_password=0 #-# only members of the following group will be verified in the LDAP #-# otherwise only users that are found after searching starting from the base_DN # xwiki.authentication.ldap.user_group=cn=Users #-# [Since 1.5RC1, XWikiLDAPAuthServiceImpl] #-# only users not member of the following group can autheticate # xwiki.authentication.ldap.exclude_group=cn=admin,ou=groups,o=MegaNova,c=US #-# base DN for searches xwiki.authentication.ldap.base_DN=dc=mega,dc=local #-# Specifies the LDAP attribute containing the identifier to be used as the XWiki name (default=cn) xwiki.authentication.ldap.UID_attr=saAMAccountName

But all searches failed with the following error. Anyone ideas left? 2009-11-13 13:53:47,157 [http://ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin] [http://ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin<http://ict.mega.l…] INFO  .AbstractXWikiMigrationManager  - No storage migration required since current version is [15429] 2009-11-13 13:53:48,735 [http://ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin] [http://ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin<http://ict.mega.l…] DEBUG LDAP.XWikiLDAPAuthServiceImpl   - The provided user is null. We don't try to authenticate, it probably means the user is in non logged mode. 2009-11-13 13:53:48,735 [http://ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin] [http://ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin<http://ict.mega.l…] DEBUG ldap.XWikiLDAPConfig            - ldap_group_classes: [groupofnames, groupwisedistributionlist, dynamicgroup, dynamicgroupaux, groupofuniquenames, group] 2009-11-13 13:53:48,735 [http://ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin] [http://ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin] DEBUG ldap.XWikiLDAPConfig            - ldap_group_memberfields: [member, uniquemember<http://ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin%5d%20%5bhttp:/ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin%5d%20DEBUG%20ldap.XWikiLDAPConfig%20           -%20ldap_group_memberfields:%20%5bmember,%20uniquemember>] 2009-11-13 13:53:48,767 [http://ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin] [http://ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin<http://ict.mega.l…] DEBUG ldap.XWikiLDAPConnection        - Connection to LDAP server [hf-dom02.mega.local:389] 2009-11-13 13:53:48,782 [http://ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin] [http://ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin<http://ict.mega.l…] DEBUG ldap.XWikiLDAPConnection        - Binding to LDAP server with credentials login=[mega\sa_ad] 2009-11-13 13:53:48,813 [http://ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin] [http://ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin<http://ict.mega.l…] DEBUG ldap.XWikiLDAPUtils             - Searching for the user in LDAP: user:p.rijnhout base:dc=mega,dc=local query:(saAMAccountName=p.rijnhout) uid:saAMAccountName 2009-11-13 13:53:48,813 [http://ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin] [http://ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin] DEBUG ldap.XWikiLDAPConnection        - LDAP search: baseDN=[dc=mega,dc=local<http://ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin%5d%20%5bhttp:/ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin%5d%20DEBUG%20ldap.XWikiLDAPConnection%20       -%20LDAP%20search:%20baseDN=%5bdc=mega,dc=local>] query=[(saAMAccountName=p.rijnhout)] attr=[[sn, givenName, mail]] ldapScope=[2] 2009-11-13 13:53:48,829 [http://ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin] [http://ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin<http://ict.mega.l…] DEBUG ldap.XWikiLDAPConnection        - LDAP Search failed LDAPReferralException: Search result reference received, and referral following is off (10) Referral

LDAPReferralException: Referral: ldap://ForestDnsZones.mega.local/DC=ForestDnsZones,DC=mega,DC=local            at com.novell.ldap.LDAPSearchResults.next(Unknown Source)            at com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.searchLD Met vriendelijke groet/Best regards, Paul Rijnhout _______________________________________________ users mailing list users(a)xwiki.org http://lists.xwiki.org/mailman/listinfo/users