On Wed, Nov 19, 2008 at 12:08 PM, Thomas
Zwitanowitsch
<tzwitano(a)wlgore.com> wrote:
Looks like it doesn't see the other
attributes...
ldap.XWikiLDAPUtils - Found group
[cn=Admin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore]
members :{}
ldap.XWikiLDAPUtils - Retrieving Members of the group:
cn=MedFabAdmin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore
ldap.XWikiLDAPConnection - LDAP search:
baseDN=[cn=MedFabAdmin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore]
query=[null] attr=[[Ljava.lang.String;@178f36a] ldapScope=[0]
ldap.XWikiLDAPConnection - LDAP search found attributes: [{name=dn
value=cn=MedFabAdmin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore},
{name=objectClass value=groupOfNames}, {name=objectClass value=Top}]
Do you need the other lines as well?
I just improved the log to see exactly what attributes names are used
in the search (in place of [[Ljava.lang.String;@178f36a]), you try the
last core jar at same URL.
Thomas
"Thomas Mortagne" <thomas.mortagne(a)xwiki.com>
Sent by: users-bounces(a)xwiki.org
19.11.2008 11:34
Please respond to
XWiki Users <users(a)xwiki.org>
To
"XWiki Users" <users(a)xwiki.org>
cc
Subject
Re: [xwiki-users] LDAP Groupmembers not updated to XWiki-Groups
On Wed, Nov 19, 2008 at 10:51 AM, Thomas Zwitanowitsch
<tzwitano(a)wlgore.com> wrote:
Yes, I am sure. This is what is configured:
xwiki.authentication.ldap.group_classes=group,groupOfNames,groupOfUniqueNames,dynamicGroup,dynamicGroupAux,groupWiseDistributionList,Top
I also tried this configuration
xwiki.authentication.ldap.group_classes=groupOfNames,Top,groupOfNames
xwiki.authentication.ldap.group_memberfields=member,equivalentToMe
and this again, is the group in LDAP
dn:
cn=Admin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore
DirXML-Associations:
cn=AUTH-IDV,cn=DriverSet,ou=IDM,ou=system,o=wlgore#1#{E21DA9D4-FD4F-944c-40BA-E21DA9D4FD4F}
equivalentToMe:
cn=a22094,ou=associates,ou=users,o=wlgore
objectClass: groupOfNames
objectClass: Top
member: cn=a22094,ou=associates,ou=users,o=wlgore
description: XWiki Admin Group
cn: Admin
Not sure if I understand your last mail in regards to you adding some
more
logs.
Can you download and try last snapshot core 1.6 jar at
http://maven.xwiki.org/snapshots/com/xpn/xwiki/platform/xwiki-core/1.6-SNAP…
.
You should get more informations on what append, this will help us to
see what is the problem.
Thanks
Thomas
"Thomas Mortagne" <thomas.mortagne(a)xwiki.com>
Sent by: users-bounces(a)xwiki.org
19.11.2008 10:43
Please respond to
XWiki Users <users(a)xwiki.org>
To
"XWiki Users" <users(a)xwiki.org>
cc
Subject
Re: [xwiki-users] LDAP Groupmembers not updated to XWiki-Groups
In the meantime, are you sure that group_classes and
group_memberfields has the right values for your LDAP schema ?
On Wed, Nov 19, 2008 at 10:42 AM, Thomas Mortagne
<thomas.mortagne(a)xwiki.com> wrote:
> On Wed, Nov 19, 2008 at 8:44 AM, Thomas Zwitanowitsch
> <tzwitano(a)wlgore.com> wrote:
>> Hi Thomas,
>>
>> Yes, there is an entry on this, but it looks like it doesn't find
>> anything.
>>
>> ldap.XWikiLDAPUtils - Retrieving Members of the group:
>>
cn=MSOE,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore
>
ldap.XWikiLDAPUtils - Found group
>
[cn=MSOE,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore]
>>> members :{}
>>> ldap.XWikiLDAPUtils - Retrieving Members of the group:
>>>
> cn=Admin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore
>
ldap.XWikiLDAPUtils - Found group
>
[cn=Admin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore]
>
members :{}
> ldap.XWikiLDAPUtils - Retrieving Members of the group:
>
cn=MedFabAdmin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore
>
ldap.XWikiLDAPUtils - Found group
>
[cn=MedFabAdmin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore]
>
members :{}
> ldap.XWikiLDAPUtils - Retrieving Members of the group:
>
cn=MedFabUser,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore
>
ldap.XWikiLDAPUtils - Found group
>
[cn=MedFabUser,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore]
>
members :{}
>
>
> The Admin-group in LDAP looks like this:
>
> dn:
>
cn=Admin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore
> DirXML-Associations:
>
cn=AUTH-IDV,cn=DriverSet,ou=IDM,ou=system,o=wlgore#1#{E21DA9D4-FD4F-944c-40BA-E21DA9D4FD4F}
>
equivalentToMe: cn=a12345,ou=associates,ou=users,o=wlgore
> objectClass: groupOfNames
> objectClass: Top
> member: cn=a12345,ou=associates,ou=users,o=wlgore
> description: XWiki Admin Group
> cn: Admin
>
> So I see no reason for it not finding the members. In regards to the
group
>> cache, I already set it to 60s just to make sure it's being refreshed
-
> with
no effect.
Ok them let me add some more log for your particular case and commit
for you to try to find why it can't find any LDAP group's member..
>
> Thanks!
> Thomas
>
>
>
>
> "Thomas Mortagne" <thomas.mortagne(a)xwiki.com>
> Sent by: users-bounces(a)xwiki.org
> 18.11.2008 18:26
> Please respond to
> XWiki Users <users(a)xwiki.org>
>
>
> To
> "XWiki Users" <users(a)xwiki.org>
> cc
>
> Subject
> Re: [xwiki-users] LDAP Groupmembers not updated to XWiki-Groups
>
>
>
>
>
>
> Hi,
>
> On Tue, Nov 18, 2008 at 5:39 PM, Thomas Zwitanowitsch
> <tzwitano(a)wlgore.com> wrote:
>> Hi,
>>
>> I've updated from 1.5.2 to 1.6.1. After this, I found all groups
beeing
>> empty - so no users were there anymore.
>>
>> As result I started mapping LDAP groups to XWiki groups to let XWiki
>> populate the memberships again - I was planning this anyway.
>>
>> For some reason XWiki is not able to get the groups members and I
cannot
>>> understand why. Also it is not putting my user in the XWiki.AllGroup
-
>>
still my groups do not have any member.
>>
>
> Can you see "Retrieving Members of the group..." anywhere in the whole
log
> ?
>
> In your log I only see "Found group" which should means the group
> cache already contains the group members.
>
>> This are the logs:
>>
>> DEBUG LDAP.XWikiLDAPAuthServiceImpl - Updating existing user with
LDAP
>>> attribues located at cn=a12345,ou=associates,ou=users,o=wlgore
>>> DEBUG ldap.XWikiLDAPConfig - Ready to create user from
LDAP
last_name=sn,first_name=givenName,fullname=fullName,email=mail,ldap_dn=dn
>>
DEBUG ldap.XWikiLDAPConfig - Groupmapping found:
>> XWiki.XWikiAdminGroup
>>
cn=Admin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore
>> DEBUG ldap.XWikiLDAPConfig -
Groupmapping found:
>> XWiki.MSOEGroup
>>
cn=MSOE,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore
>> DEBUG ldap.XWikiLDAPConfig -
Groupmapping found:
>> XWiki.MedicalFabricsAdmGroup
>>
>
cn=MedFabAdmin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore
>>
DEBUG ldap.XWikiLDAPConfig - Groupmapping found:
>> XWiki.MedicalFabricsGroup
>>
>
cn=MedFabUser,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore
>>
DEBUG LDAP.XWikiLDAPAuthServiceImpl - Updating group membership for
> the
>> user: tzwitano
>> DEBUG LDAP.XWikiLDAPAuthServiceImpl - The user belongs to following
>> XWiki groups:
>> DEBUG LDAP.XWikiLDAPAuthServiceImpl - XWiki.XWikiAllGroup
>> DEBUG LDAP.XWikiLDAPAuthServiceImpl - All defined XWiki groups:
>> DEBUG LDAP.XWikiLDAPAuthServiceImpl - XWiki.MSOEGroup
>> DEBUG LDAP.XWikiLDAPAuthServiceImpl - XWiki.MedicalFabricsAdmGroup
>> DEBUG LDAP.XWikiLDAPAuthServiceImpl - XWiki.MedicalFabricsGroup
>> DEBUG LDAP.XWikiLDAPAuthServiceImpl - XWiki.TrillrAdmin
>> DEBUG LDAP.XWikiLDAPAuthServiceImpl - XWiki.TrillrUser
>> DEBUG LDAP.XWikiLDAPAuthServiceImpl - XWiki.XWikiAdminGroup
>> DEBUG LDAP.XWikiLDAPAuthServiceImpl - XWiki.XWikiAllGroup
>> DEBUG ldap.XWikiLDAPUtils - Found group
>>
>
[cn=MSOE,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore]
>>
members :{}
>> DEBUG ldap.XWikiLDAPUtils - Found group
>>
>
[cn=Admin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore]
>>
members :{}
>> DEBUG ldap.XWikiLDAPUtils - Found group
>>
>
[cn=MedFabAdmin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore]
>>
members :{}
>> DEBUG ldap.XWikiLDAPUtils - Found group
>>
>
[cn=MedFabUser,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore]
>>
members :{}
>>
>> This is my config:
>>
>> #-# new LDAP authentication service
>>
>
xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl
>>
>> #-# Turn LDAP authentication on - otherwise only XWiki authentication
>> #-# 0: disable
>> #-# 1: enable
>> xwiki.authentication.ldap=1
>>
>> #-# Force to check password after LDAP connection
>> #-# 0: disable
>> #-# 1: enable
>> xwiki.authentication.ldap.validate_password=0
>>
>> #-# only members of the following group will be verified in the LDAP
>> # otherwise only users that are found after searching starting from
the
>> base_DN
>> #xwiki.authentication.ldap.user_group=o=wlgore
>>
>> #-# base DN for searches
>> #xwiki.authentication.ldap.base_DN=o=wlgore
>>
>> #-# Specifies the LDAP attribute containing the identifier to be used
as
>> the XWiki name (default=cn)
>> xwiki.authentication.ldap.UID_attr=uid
>>
>> #-# [SINCE 1.5M1, XWikiLDAPAuthServiceImpl]
>> #-# Specifies the LDAP attribute containing the password to be used
> "when
>> xwiki.authentication.ldap.validate_password" is set to 1
>> # xwiki.authentication.ldap.password_field=userPassword
>>
>> #-# [SINCE 1.5M1, XWikiLDAPAuthServiceImpl]
>> #-# The potential LDAP groups classes. Separated by commas.
>>
>
xwiki.authentication.ldap.group_classes=group,groupOfNames,groupOfUniqueNames,dynamicGroup,dynamicGroupAux,groupWiseDistributionList,Top
>>>
#xwiki.authentication.ldap.group_classes=groupOfNames,Top,groupOfNames
>>>
>>>> #-# [SINCE
1.5M1, XWikiLDAPAuthServiceImpl]
>>>> #-# The potential names of the LDAP groups fields containings the
>>> members.
>>>> Separated by commas.
>>>> xwiki.authentication.ldap.group_memberfields=member,equivalentToMe
>>>
>>>> #-# retrieve
the following fields from LDAP and store them in the
> XWiki
>>>> user object (xwiki-attribute=ldap-attribute)
>>>> #-# ldap_dn=dn -- dn is set by class, caches dn in XWiki.user object
>>> for
>>>> faster access
>>>
>>>
>
xwiki.authentication.ldap.fields_mapping=last_name=sn,first_name=givenName,fullname=fullName,email=mail,ldap_dn=dn
>>>
>>>> #-# [SINCE
1.3M2, XWikiLDAPAuthServiceImpl]
>>>> #-# on every login update the mapped attributes from LDAP to XWiki
>>>> otherwise this happens only once when the XWiki account is created.
>>>> xwiki.authentication.ldap.update_user=1
>>>
>>>> #-# [SINCE
1.3M2, XWikiLDAPAuthServiceImpl]
>>>> #-# mapps XWiki groups to LDAP groups, separator is "|"
>>>
>>>
>
xwiki.authentication.ldap.group_mapping=XWiki.XWikiAdminGroup=cn=Admin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore|\
>>>
>>>
>
XWiki.MSOEGroup=cn=MSOE,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore|\
>>>
>>>
>
XWiki.MedicalFabricsAdmGroup=cn=MedFabAdmin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore|\
>>>
>>>
>
XWiki.MedicalFabricsGroup=cn=MedFabUser,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore
>>>
>>>> #-# [SINCE
1.3M2, XWikiLDAPAuthServiceImpl]
>>>> #-# time in s after which the list of members in a group is refreshed
>>> from
>>>> LDAP (default=3600*6)
>>>> xwiki.authentication.ldap.groupcache_expiration=60
>>>
>>>> #-# [SINCE
1.3M2, XWikiLDAPAuthServiceImpl]
>>>> #-# - create : synchronize group membership only when the user is
> first
>>>> created
>>>> #-# - always: synchronize on every login
>>>> xwiki.authentication.ldap.mode_group_sync=always
>>>
>>>> #-# [SINCE
1.3M2, XWikiLDAPAuthServiceImpl]
>>>> #-# if ldap authentication fails for any reason, try XWiki DB
>>>> authentication with the same credentials
>>>> xwiki.authentication.ldap.trylocal=1
>>>
>>>> Thanks!
>>>> Thomas
>>>> _______________________________________________
>>>> users mailing list
>>>> users(a)xwiki.org
>>>>
http://lists.xwiki.org/mailman/listinfo/users
>>>
>>>
>>>
>>>
>>> --
>>> Thomas Mortagne
>>> _______________________________________________
>>> users mailing list
>>> users(a)xwiki.org
>>>
http://lists.xwiki.org/mailman/listinfo/users
>>>
>>> _______________________________________________
>>> users mailing list
>>> users(a)xwiki.org
>>>
http://lists.xwiki.org/mailman/listinfo/users
>>>
>>
>>
>>
>> --
>> Thomas Mortagne
>>
>
>
>
> --
> Thomas Mortagne
> _______________________________________________
> users mailing list
> users(a)xwiki.org
>
http://lists.xwiki.org/mailman/listinfo/users
>
> _______________________________________________
> users mailing list
> users(a)xwiki.org
>
http://lists.xwiki.org/mailman/listinfo/users
>
--
Thomas Mortagne
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users