Re: [xwiki-users] Help with LDAP

30 Jan 2013

AD requires* an authenticated bind.

*unless anonymous bind has been specifically enabled

Cheers

Sent on the move

On 30 Jan 2013, at 17:04, Jeremie BOUSQUET &lt;jeremie.bousquet(a)gmail.com&gt; wrote:

...
  Hi,

 Are you sure you need to authenticate for ldap bind, and if yes, of the
 user/pwd ?
 During my little experience, I've encountered ldap bind with anonymous
 access, or with specific admin account.
 (binding is not authentication)

 "provided user is null" seems a bit strange.
 But I'm no ldap expert...
 Le 30 janv. 2013 17:47, "Pape, Barry" &lt;Barry.Pape(a)nov.com&gt; a écrit :

  Greetings Xwiki Gurus,

 I've been trying to get our installation authenticating with LDAP and am
 having no luck.  We are running XWiki 4.3 in Tomcat 7.0.34 on Windows
 Server 2008 R2 Standard.  I have installed the LDAP Application Extension
 and tried configuring it both through the web interface and xwiki.config
 with no success.  Every time I attempt to login I receive an Invalid
 Credentials error (stack trace below,) and the LDAP section from
 xwiki.config file is below that.  I've tried a number of different values
 for the server, bind DN, and the base DN, but nothing works.  Any
 suggestions are greatly appreciated?  Is there any additional logging that
 I can add for more information?

 Thanks,
 Barry

 2013-01-30 10:12:55,825 [
 http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X
 Wiki/XWikiLogin] TRACE u.i.L.XWikiLDAPAuthServiceImpl - Starting LDAP
 authentica
 tion
 2013-01-30 10:12:55,825 [
 http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X
 Wiki/XWikiLogin] DEBUG u.i.L.XWikiLDAPAuthServiceImpl - The provided user
 is nul
 l. We don't try to authenticate, it probably means the user is in non
 logged mod
 e.
 2013-01-30 10:12:55,825 [
 http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X
 Wiki/XWikiLogin] TRACE u.i.L.XWikiLDAPAuthServiceImpl - Starting LDAP
 authentica
 tion
 2013-01-30 10:12:55,840 [
 http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X
 Wiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConfig      -
 ldap_group_classes: [gro
 upofnames, groupwisedistributionlist, dynamicgroup, dynamicgroupaux,
 groupofuniq
 uenames, group]
 2013-01-30 10:12:55,840 [
 http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X
 Wiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConfig      -
 ldap_group_memberfields:
 [member, uniquemember]
 2013-01-30 10:12:55,857 [
 http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X
 Wiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConnection  - Connection to
 LDAP serve
 r [ldap.nov.com:389]
 2013-01-30 10:12:55,868 [
 http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X
 Wiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConnection  - Binding to LDAP
 server w
 ith credentials login=[cn=papeb,dc=nov,dc=com]
 2013-01-30 10:12:55,928 [
 http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X
 Wiki/XWikiLogin] DEBUG u.i.L.XWikiLDAPAuthServiceImpl - Local LDAP
 authenticatio
 n failed.
 com.xpn.xwiki.plugin.ldap.XWikiLDAPException: Error number 0 in 5: LDAP
 bind fai
 led with LDAPException.
 Wrapped Exception: Invalid Credentials
        at
 com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnectio
 n.java:184) ~[xwiki-platform-legacy-oldcore-4.4.jar:na]
        at
 com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnectio
 n.java:113) ~[xwiki-platform-legacy-oldcore-4.4.jar:na]
        at
 com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticat
 eInContext(XWikiLDAPAuthServiceImpl.java:305)
 [xwiki-platform-legacy-oldcore-4.4
 .jar:na]

 #-------------------------------------------------------------------------------------
 # LDAP

 #-------------------------------------------------------------------------------------

 #-# LDAP authentication service

 xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl

 #-# Turn LDAP authentication on - otherwise only XWiki authentication
 #-# - 0: disable
 #-# - 1: enable
 #-# The default is 0
 xwiki.authentication.ldap=1

 #-# LDAP Server (Active Directory, eDirectory, OpenLDAP, etc.)
 xwiki.authentication.ldap.server=ldap.nov.com
 xwiki.authentication.ldap.port=389

 #-# LDAP login, empty = anonymous access, otherwise specify full dn
 #-# {0} is replaced with the user name, {1} with the password
 xwiki.authentication.ldap.bind_DN= cn={0},dc=nov,dc=com
 xwiki.authentication.ldap.bind_pass={1}

 #-# The Base DN used in LDAP searches
 xwiki.authentication.ldap.base_DN=dc=nov,dc=com

 #-# LDAP query to search the user in the LDAP database (in case a static
 admin user is provided in
 #-# xwiki.authentication.ldap.bind_DN)
 #-# {0} is replaced with the user uid field name and {1} with the user name
 #-# The default is ({0}={1})
 # xwiki.authentication.ldap.user_search_fmt=({0}={1})

 #-# Only members of the following group will be verified in the LDAP
 #-# otherwise only users that are found after searching starting from the
 base_DN
 #
 xwiki.authentication.ldap.user_group=cn=developers,ou=groups,o=MegaNova,c=US

 #-# [Since 1.5RC1, XWikiLDAPAuthServiceImpl]
 #-# Only users not member of the following group can autheticate
 #
 xwiki.authentication.ldap.exclude_group=cn=admin,ou=groups,o=MegaNova,c=US

 #-# Specifies the LDAP attribute containing the identifier to be used as
 the XWiki name
 #-# The default is cn
 # xwiki.authentication.ldap.UID_attr=sAMAccountName

 #-# [Since 1.5M1, XWikiLDAPAuthServiceImpl]
 #-# The potential LDAP groups classes. Separated by commas.
 #

xwiki.authentication.ldap.group_classes=group,groupOfNames,groupOfUniqueNames,dynamicGroup,dynamicGroupAux,groupWiseDistributionList

 #-# [Since 1.5M1, XWikiLDAPAuthServiceImpl]
 #-# The potential names of the LDAP groups fields containings the members.
 Separated by commas.
 # xwiki.authentication.ldap.group_memberfields=member,uniqueMember

 #-# retrieve the following fields from LDAP and store them in the XWiki
 user object (xwiki-attribute=ldap-attribute)

 #xwiki.authentication.ldap.fields_mapping=last_name=sn,first_name=givenName,email=mail

 #-# [Since 1.3M2, XWikiLDAPAuthServiceImpl]
 #-# On every login update the mapped attributes from LDAP to XWiki
 otherwise this happens only once when the XWiki
 #-# account is created.
 #-# - 0: only when creating user
 #-# - 1: at each authentication
 #-# The default is 0
 #xwiki.authentication.ldap.update_user=1

 #-# [Since 1.3M2, XWikiLDAPAuthServiceImpl]
 #-# Maps XWiki groups to LDAP groups, separator is "|". The following kind
 of groups are supported:
 #-# * LDAP static groups (users/subgroups are listed statically in the
 group object)
 #-# * [Since 3.3M1] LDAP organization units (users/subgroups are sub
 object of the provided organization unit)
 #-# * [Since 3.3M1] LDAP filter (users/groups are object found in a search
 with the provided filter),
 #-#   | character in the filter need to be escaped with backslash (\).
 #-#
 #-# Here is an example:
 #

xwiki.authentication.ldap.group_mapping=XWiki.XWikiAdminGroup=cn=AdminRole,ou=groups,o=domain,c=com|\
 #
 XWiki.LDAPUsers=ou=groups,o=domain,c=com|\
 #                                         XWiki.Organisation=(cn=testers)

 #-# [Since 1.3M2, XWikiLDAPAuthServiceImpl]
 #-# Time in s after which the list of members in a group is refreshed from
 LDAP
 #-# The default is 21600 (6 hours)
 # xwiki.authentication.ldap.groupcache_expiration=21600

 #-# [Since 1.3M2, XWikiLDAPAuthServiceImpl]
 #-# - create : synchronize group membership only when the user is first
 created
 #-# - always: synchronize on every login
 #-# The default is always
 # xwiki.authentication.ldap.mode_group_sync=always

 #-# [Since 1.3M2, XWikiLDAPAuthServiceImpl]
 #-# If ldap authentication fails for any reason, try XWiki DB
 authentication with the same credentials
 #-# - 0: disable
 #-# - 1: enable
 #-# The default is 0
 xwiki.authentication.ldap.trylocal=1

 #-# [Since 1.3M2, XWikiLDAPAuthServiceImpl]
 #-# SSL connection to LDAP server
 #-# - 0: normal
 #-# - 1: SSL
 #-# The default is 0
 # xwiki.authentication.ldap.ssl=0

 #-# [Since 1.3M2, XWikiLDAPAuthServiceImpl]
 #-# The keystore file to use in SSL connection
 # xwiki.authentication.ldap.ssl.keystore=

 #-# [Since 1.5M1, XWikiLDAPAuthServiceImpl]
 #-# The java secure provider used in SSL connection
 #-# The default is com.sun.net.ssl.internal.ssl.Provider
 #
 xwiki.authentication.ldap.ssl.secure_provider=com.sun.net.ssl.internal.ssl.Provider

 #-# Bypass standard LDAP bind validation by doing a direct password
 comparison.
 #-# If you don't know what you do, don't use that. It's covering very rare
 and bad use cases.
 #-# - 0: disable
 #-# - 1: enable
 #-# The default is 0
 # xwiki.authentication.ldap.validate_password=0

 #-# [Since 1.5M1, XWikiLDAPAuthServiceImpl]
 #-# Specifies the LDAP attribute containing the password to be used "when
 xwiki.authentication.ldap.validate_password"
 #-# is set to 1
 # xwiki.authentication.ldap.password_field=userPassword

 #-# [Since 4.3M1, XWikiLDAPAuthServiceImpl]
 #-# The maximum number of milliseconds the client waits for any operation
 under these constraints to complete.
 #-# The default is 1000
 # xwiki.authentication.ldap.timeout=1000
 _______________________________________________
 users mailing list
 users(a)xwiki.org
 http://lists.xwiki.org/mailman/listinfo/users 
_______________________________________________
 users mailing list
 users(a)xwiki.org
 http://lists.xwiki.org/mailman/listinfo/users 

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

Re: [xwiki-users] Help with LDAP