12 May
2008
12 May
'08
12:38 p.m.
Try LDAP Browser to find the correct configuration.
I've succeeded in connecting to AD, using the CN attribute, so in
config it would be:
bind_DN={0} /// here the user will type his cn
UID_attr=cn
Quoting werner mueller : hallo
well i am a little stuck. i cant make it work although i copied the
settings from a working example (well another tool but the same
servers). i can only get to 'invalid credentials'
does the server need to be in the same domain as the active
directory to
use the bind_DN=subdomain\{0} bind schema? the server is a linux
machine and is not added to the windows domain.
is there a unit test or little tool or something one could use for
testing? its a little weird its not working.
thanks for any ideas :)
regards
werner
Thomas Mortagne schrieb:
You can enable "debug" logging, see
http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Logging
On Wed, Apr 30, 2008 at 1:54 PM, werner mueller
wrote:
> Hallo
>
> thanks for the quick reply.
>
> well the config should work then :/
> i compared it with the bugzilla / subversion config which uses
the same
> ldap / active directory auth. the only difference
is that they
> distinguish the bind user with the user to be authenticated. but
in my
> case even the bind user cannot login.
>
>
> 2008-04-30 13:44:34,891
>
[http://dev.edoras.ch:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin]
> [http-8080-Processor24] WARN
LDAP.XWikiLDAPAuthServiceImpl -
LDAP
> authentication failed.
>
> com.xpn.xwiki.plugin.ldap.XWikiLDAPException: Error number 0 in
5: LDAP
> bind failed with LDAPException.
> Wrapped Exception: Invalid Credentials
> at
>
com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:178)
> at
>
com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:109)
> at
>
com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWikiLDAPAuthServiceImpl.java:194)
> at
>
>
com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.authenticate(XWikiLDAPAuthServiceImpl.java:107)
> .........
>
> Wrapped Exception:
>
>
> LDAPException: Invalid Credentials (49) Invalid Credentials
> LDAPException: Server Message: 80090308: LdapErr: DSID-0C090334,
> comment: AcceptSecurityContext error, data 525, vece
> LDAPException: Matched DN:
> at
com.novell.ldap.LDAPResponse.getResultException(Unknown Source)
> at
com.novell.ldap.LDAPResponse.chkResultCode(Unknown
Source)
> at
com.novell.ldap.LDAPConnection.chkResultCode(Unknown
Source)
>> at com.novell.ldap.LDAPConnection.bind(Unknown Source)
>> at com.novell.ldap.LDAPConnection.bind(Unknown Source)
> at
>
com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:170)
> at
>
com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:109)
> at
>
com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWikiLDAPAuthServiceImpl.java:194)
>
>
>
>
> is there some debug feature i can turn on to get some more
information?
> or some small test-class to verify the settings?
it seems it
uses the
> login name from the login form but then
authentication fails.
>
>
>
> thanks a lot :)
> regards
>
> werner
>
>
>
>
> Thomas Mortagne schrieb:
> > On Wed, Apr 30, 2008 at 11:55 AM, werner mueller
> > wrote:
> >> Hallo
> >>
> >> thanks for the reply.
> >> back to stupid questions:
> >>
> >> > #-# LDAP login, empty = anonymous access, otherwise
specify
full dn
> >> > #-# {0} is replaced with the
username, {1} with the
password
> >> >
#xwiki.authentication.ldap.bind_DN=cn={0},department=USER,o=MP
> >>
> >> > #xwiki.authentication.ldap.bind_pass={1}
> >>
> >> {0} is the username from the login form in xwiki?
> >> {1} is the password from the login form in xwiki?
> >
> > Yes, you really write "{0}" and "{1}" in the configuration
and
it will
> > be replaced at runtime by user/pass provided
by user in the
login
> > form.
> >
> >> or are these documentation placeholders to be filled in the
config
file
> >> directly?
> >>
> >> thanks :)
> >>
> >>
> >>
> >> regards
> >>
> >> werner
> >>
> >>
> >>
> >>
> >> Thomas Mortagne schrieb:
> >> > On Tue, Apr 29, 2008 at 1:30 PM, werner mueller
> >> > wrote:
> >> >> Hallo
> >> >>
> >> >> thanks for the hints.
> >> >>
> >> >> i tried some other configurations but with no luck. it
seems not every
> >> >> user is allowed to query the
ldap structure. i have to
use a special
> >> >> user/password to bind xwiki
to the active directory.
that user can login
> >> >> but thats not a solution.
aloow everyone to query the ad
is not an
> >> >> option for us.
> >> >>
> >> >> has anyone a working active directory config he or she
could share?
> >> >>
> >> >> is it possible to trick xwiki to use a different user to
bind to the AD
> >> >> and then use
username/password from login to process the
login?
> >> >> i've been doing similar
things for bugzilla/ldap using
LDAPbinddn =
> >> >>
cn=,cn=Users,dc=domain,dc=com:
> >> >
> >> > Yes and it's the default way to work for LDAP
authenticator. You can
> >> > see in default xwiki.cfg :
> >> >
> >> > #-# LDAP login, empty = anonymous access, otherwise
specify
full dn
> >> > #-# {0} is replaced with the
username, {1} with the
password
> >> >
#xwiki.authentication.ldap.bind_DN=cn={0},department=USER,department=INFORMATIK,department=1230,o=MP
>> >> > #xwiki.authentication.ldap.bind_pass={1}
> >> >
>> >> > So
in your case it would be :
> >> >
xwiki.authentication.ldap.bind_DN=cn={0},cn=Users,dc=domain,dc=com
>> >> > xwiki.authentication.ldap.bind_pass={1}
> >> >
>> >>
>> btw: yes i am sure its version 1.3.2.9174. its the one
copy pasted from
> >> >> xwiki. unless its not correct
there but that would be
weird.
> >> >>
> >> >>
> >> >> any hints or examples would be cool :)
> >> >> thanks a lot
> >> >>
> >> >> regards
> >> >>
> >> >> werner
> >> >>
> >> >>
> >> >>
> >> >> Thomas Mortagne schrieb:
> >> >> > Also I think
http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication#HLDAPCon…
>> >> >> > is based in old LDAP authenticator (see
>> > >> >
http://platform.xwiki.org/xwiki/bin/view/AdminGuide/AuthenticationLdapOld).
>> > >> >
>> >> >> > On Thu, Apr 17, 2008 at 7:35 PM, Thomas Mortagne
>> >> >> > wrote:
>> >> >> >> Hi,
>> >> >> >>
>> >> >> >>
>> >> >> >>
>> >> >> >> On Thu, Apr 17, 2008 at 7:02 PM, werner mueller
>> >> >> >> wrote:
>> >> >> >> > hallo
>> >> > >> >
>> >> >> >> > i am currently trying to setup xwiki on
taomcat
5.5/mysql. until now its
>> >> >> >> > doing quite well :)
>> >> > >> >
>> >> >> >> > my next step is to get ldap authentication
against an active directory
> >> >> >> > working. i
followed
> >> >> >> >
http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication#HLDAPCon…
> >> >> >> > and some
postings on the mailing list but i cant
get it to work.
>> >> > >> >
>> >> >> >> > i either end up with:
>> >> >> >> >
com.xpn.xwiki.plugin.ldap.XWikiLDAPException:
Error number 0 in 5: LDAP
>> >> >> >> > bind failed with LDAPException.
>> >> >> >> > Wrapped Exception: Invalid Credentials
>> >> > >> >
>> >> >> >> > or worse (with in my eyes the propper
config):
>> >> >> >> > WARN LDAP.XWikiLDAPAuthS
>> >> >> >> > erviceImpl - LDAP authentication failed.
>> >> >> >> > java.lang.NullPointerException
> >> >> >> > at
> >> >> >> >
com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWikiLDAPAuthServiceImpl.java:256)
> >> >> >> > at
> >> >> >> >
com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.authenticate(XWikiLDAPAuthServiceImpl.java:107)
> >> >> >> > at
> >> >> >> >
com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.authenticate(MyFormAuthenticator.java:194)
> >> >> >> > at
> >> >> >> >
com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:127)
> >> >> >> > at
> >> >> >> >
com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:112)
> >> >> >> > at
> >> >> >> >
com.xpn.xwiki.user.impl.xwiki.XWikiAuthServiceImpl.checkAuth(XWikiAuthServiceImpl.java:214)
> >> >> >> > at
com.xpn.xwiki.XWiki.checkAuth(XWiki.java:3307)
> >> >> >> > at
> >> >> >> >
com.xpn.xwiki.user.impl.xwiki.XWikiRightServiceImpl.checkAccess(XWikiRightServiceImpl.java:136)
> >> >> >> > at
com.xpn.xwiki.XWiki.checkAccess(XWiki.java:3315)
> >> >> >> > at
com.xpn.xwiki.XWiki.prepareDocuments(XWiki.java:4259)
> >> >> >> > at
com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:173)
>> >> >> >> > ...
>> >> >> >>
>> >> >> >> Could you copy/paste your configuration.
>> >> >> >>
>> >> >> >>
>> >> > >> >
>> >> > >> >
>> >> >> >> > i've done ldap auth on several other
tools
(apache/subversion,
> >> >> >> > bugzilla).
there i used two accounts: one allowed
to bind to the active
> >> >> >> > directory and
do searches and the useraccount
itself.
>> >> > >> >
>> >> >> >> > in the xwiki config i can only see the user
logging in is used to bind
> >> >> >> > to the ldap
server?
> >> >> >>
> >> >> >> You can define a user able to bind to the active
directory using
> >> >> >> "bind_DN"
and "bind_pass" properties and it will
search for provided
>> >> >> >> login in ldap based on "UID_attr"
property
>> >> >> >>
>> >> >> >>
>> >> > >> >
>> >> > >> >
>> >> >> >> > is the documentation current for xwiki
1.3.2.9174? or can someone give
> >> >> >> > me a hint to
make this work?
> >> >> >>
> >> >> >> Are you sure you use xwiki-core 1.3.2 version, I
can't find in the
>> >> >> >> code what could make NullPointerException at
>> >> >> >> XWikiLDAPAuthServiceImpl.java:256
>> >> >> >>
>> >> >> >>
>> >> > >> >
>> >> > >> >
>> >> >> >> > thanks a lot
>> >> >> >> > regards
>> >> > >> >
>> >> >> >> > werner
>> >> > >> >
>> >> >> >> >
_______________________________________________
>> >> >> >> > users mailing list
>> >> >> >> > users(a)xwiki.org
>> >> >> >> >
http://lists.xwiki.org/mailman/listinfo/users
>> >> > >> >
>> >> >> >>
>> >> >> >>
>> >> >> >>
>> >> >> >> --
>> >> >> >> Thomas Mortagne
>> >> >> >>
>> > >> >
>> > >> >
>> > >> >
>> >> >>
>> >> >> _______________________________________________
>> >> >> users mailing list
>> >> >> users(a)xwiki.org
>> >> >> http://lists.xwiki.org/mailman/listinfo/users
>> >> >>
> >> >
> >> >
> >> >
>> >>
>> >> _______________________________________________
>> >> users mailing list
>> >> users(a)xwiki.org
>> >> http://lists.xwiki.org/mailman/listinfo/users
>> >>
>> >
>> >
>> >
>>
>> _______________________________________________
>> users mailing list
>> users(a)xwiki.org
>> http://lists.xwiki.org/mailman/listinfo/users
>>
>
>
>
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
Ar cieņu, Mihails
Links:
------
[1] mailto:werner.mueller@mimacom.ch