17 Mar
2008
17 Mar
'08
11:08 a.m.
Hi,
I don't see anything wrong in your configuration and the error message
simply says that the provided user is not found in the LDAP server.
Some LDAP bugs as been fixed in the comming XWiki Platform 1.3.1 which
is not exactly about that but the version you have can cause some
problems on AD as the new LDAP authenticator as not been tested a lot
on AD.
You can find the last snapshot of XWiki Core 1.3 branch on
http://maven.xwiki.org/snapshots/com/xpn/xwiki/platform/xwiki-core/1.3-SNAP….
Could you try to replace you xwiki-core-*.java by the last snapshot
version ?
On Mon, Mar 17, 2008 at 9:08 AM, Frantisek Kall <kaferos(a)gmail.com> wrote:
A month ago we tested 1.2 ver. XWiki and there wasn't problem to set up
Active Directory authentication. Now we are going to start XWiki for
enterprise use and we had a problem to setup AD authentication with 1.3 ver.
Can anybody help us?
Frantisek Kall
Our System info:
=========================================================================
JBoss Bootstrap Environment
JBOSS_HOME: /JBoss
JAVA: /usr/java/jdk1.5.0_11/bin/java
JAVA_OPTS: -Dprogram.name=run.sh -server -Xms128m -Xmx1024m
-XX:PermSize=64m -XX:MaxPermSize=256m
-Dsun.rmi.dgc.client.gcInterval=3600000
-Dsun.rmi.dgc.server.gcInterval=3600000 -Djava.net.preferIPv4Stack=true
CLASSPATH: /JBoss/bin/run.jar:/usr/java/jdk1.5.0_11/lib/tools.jar
=========================================================================
08:02:48,641 INFO [Server] Starting JBoss (MX MicroKernel)...
08:02:48,644 INFO [Server] Release ID: JBoss [Trinity] 4.2.2.GA (build:
SVNTag=JBoss_4_2_2_GA date=200710221139)
08:02:48,648 INFO [Server] Home Dir: /JBoss
08:02:48,649 INFO [Server] Home URL: file:/JBoss/
08:02:48,652 INFO [Server] Patch URL: null
08:02:48,652 INFO [Server] Server Name: default
xwiki.cfg:
xwiki.base=../../
xwiki.store.class=com.xpn.xwiki.store.XWikiHibernateStore
xwiki.store.hibernate.path=/WEB-INF/hibernate.cfg.xml
xwiki.store.hibernate.updateschema=1
xwiki.store.hibernate.custommapping=1
xwiki.store.cache=1
xwiki.store.cache.capacity=100
xwiki.store.migration=1
xwiki.monitor=1
# List of active plugins.
xwiki.plugins=\
com.xpn.xwiki.monitor.api.MonitorPlugin,\
com.xpn.xwiki.plugin.calendar.CalendarPlugin,\
com.xpn.xwiki.plugin.feed.FeedPlugin,\
com.xpn.xwiki.plugin.ldap.LDAPPlugin,\
com.xpn.xwiki.plugin.google.GooglePlugin,\
com.xpn.xwiki.plugin.flickr.FlickrPlugin,\
com.xpn.xwiki.plugin.mail.MailPlugin,\
com.xpn.xwiki.plugin.packaging.PackagePlugin,\
com.xpn.xwiki.plugin.query.QueryPlugin,\
com.xpn.xwiki.plugin.svg.SVGPlugin,\
com.xpn.xwiki.plugin.charts.ChartingPlugin,\
com.xpn.xwiki.plugin.fileupload.FileUploadPlugin,\
com.xpn.xwiki.plugin.image.ImagePlugin,\
com.xpn.xwiki.plugin.captcha.CaptchaPlugin,\
com.xpn.xwiki.plugin.userdirectory.UserDirectoryPlugin,\
com.xpn.xwiki.plugin.usertools.XWikiUserManagementToolsImpl,\
com.xpn.xwiki.plugin.zipexplorer.ZipExplorerPlugin,\
com.xpn.xwiki.plugin.autotag.AutoTagPlugin,\
com.xpn.xwiki.plugin.lucene.LucenePlugin,\
com.xpn.xwiki.plugin.diff.DiffPlugin,\
com.xpn.xwiki.plugin.rightsmanager.RightsManagerPlugin,\
com.xpn.xwiki.plugin.jodatime.JodaTimePlugin,\
com.xpn.xwiki.plugin.scheduler.SchedulerPlugin,\
com.xpn.xwiki.plugin.mailsender.MailSenderPlugin,\
com.xpn.xwiki.plugin.watchlist.WatchListPlugin
# This parameter allows XWiki to operate in Hosting mode allowing to create
# multiple wikis having their own database and responding to different URLs
xwiki.virtual=0
xwiki.virtual.redirect=http://127.0.0.1:9080/xwiki/bin/Main/ThisWikiDoesNotExist
# This parameter will activate the eXo Platform integration
xwiki.exo=0
xwiki.authentication=form
xwiki.authentication.validationKey=totototototototototototototototo
xwiki.authentication.encryptionKey=titititititititititititititititi
xwiki.authentication.cookiedomains=xwiki.com,wiki.fr
# Comment if you want to enable logout only for
/bin/logout/XWiki/XWikiLogout
xwiki.authentication.logoutpage=/[^/]+/logout/*
# Stats configuration allows to globally activate/deactivate stats module
# It is also possible to choose a different stats service to record
# statistics separately from XWiki.
# Note: Statistics are disabled by default for improved performances.
xwiki.stats=0
xwiki.stats.default=1
xwiki.stats.class=com.xpn.xwiki.stats.impl.XWikiStatsServiceImpl
xwiki.encoding=UTF-8
xwiki.backlinks=1
xwiki.tags=1
# Use edit comments
xwiki.editcomment=1
# Hide editcomment field and only use Javascript
xwiki.editcomment.hidden=0
# Make edit comment mandatory
xwiki.editcomment.mandatory=0
# Make edit comment suggested (asks 1 time if the comment is empty.
# 1 shows one popup if comment is empty.
# 0 means there is no popup.
# This setting is ignored if mandatory is set
xwiki.editcomment.suggested=0
# GraphViz plugin configuration. The GraphViz plugin is not configured by
default.
# To enable it, add "com.xpn.xwiki.plugin.graphviz.GraphVizPlugin" to the
list of plugins
# in the xwiki.plugins property.
# Uncomment and set the locations of the Dot and Neato executables
#xwiki.plugin.graphviz.dotpath=c:/Program Files/ATT/GraphViz/bin/dot.exe
#xwiki.plugin.graphviz.neatopath=c:/Program Files/ATT/GraphViz/bin/neato.exe
xwiki.plugin.laszlo.baseurl=/openlaszlo/xwiki/
xwiki.plugin.laszlo.path=c:/Program Files/Apache Software Foundation/Tomcat
5.0/webapps/openlaszlo/xwiki/
xwiki.plugin.image.cache.capacity=30
xwiki.plugin.captcha=0
# Enable to allow superadmin. It is disabled by default as this could be a
security breach if
# it were set and you forgot about it.
xwiki.superadminpassword=system
#-------------------------------------------------------------------------------------
# LDAP
#-------------------------------------------------------------------------------------
#-# new LDAP authentication service
xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl
#-# Turn LDAP authentication on - otherwise only XWiki authentication
#-# 0: disable
#-# 1: enable
xwiki.authentication.ldap=1
#-# LDAP Server (Active Directory, eDirectory, OpenLDAP, etc.)
xwiki.authentication.ldap.server=10.0.1.2
xwiki.authentication.ldap.port=389
xwiki.authentication.ldap.check_level=1
xwiki.authentication.ldap.bind_DN=CHEMOSVIT\\{0}
xwiki.authentication.ldap.bind_pass={1}
authentication.ldap.UID_attr=sAMAccountName
authentication.ldap.fields_mapping=name=sAMAccountName,last_name=sn,first_name=givenName,fullname=displayName,mail=mail,ldap_dn=dn
xwiki.authentication.ldap.base_DN=dc=chemosvit,dc=sk
#-# LDAP login, empty = anonymous access, otherwise specify full dn
#-# {0} is replaced with the username, {1} with the password
#xwiki.authentication.ldap.bind_DN=cn={0},department=USER,department=INFORMATIK,department=1230,o=MP
#xwiki.authentication.ldap.bind_pass={1}
#-# Force to check password after LDAP connection
#-# 0: disable
#-# 1: enable
xwiki.authentication.ldap.validate_password=0
#-# only members of the following group will be verified in the LDAP
# otherwise only users that are found after searching starting from the
base_DN
#xwiki.authentication.ldap.user_group=cn=developers,ou=groups,o=MegaNova,c=US
#-# base DN for searches
#xwiki.authentication.ldap.base_DN=
#-# specifies the LDAP attribute containing the identifier to be used as the
XWiki name (default=cn)
#xwiki.authentication.ldap.UID_attr=cn
#-# retrieve the following fields from LDAP and store them in the XWiki user
object (xwiki-attribute=ldap-attribute)
#-# ldap_dn=dn -- dn is set by class, caches dn in XWiki.user object for
faster access
#xwiki.authentication.ldap.fields_mapping=last_name=sn,first_name=givenName,fullname=fullName,email=mail,ldap_dn=dn
#-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl]
#-# on every login update the mapped attributes from LDAP to XWiki otherwise
this happens only once when the XWiki account is created.
xwiki.authentication.ldap.update_user=1
#-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl]
#-# mapps XWiki groups to LDAP groups, separator is "|"
xwiki.authentication.ldap.group_mapping=XWiki.XWikiAdminGroup=cn=XWikiAdmin,ou=XWikiGroups,ou=groups,dc=chemosvit,dc=sk|\
# XWiki.Organisation=cn=XWikiUsers,ou=XWikiGroups,ou=groups,o=MegaNova,c=US
#-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl]
#-# time in s after which the list of members in a group is refreshed from
LDAP (default=3600*6)
# xwiki.authentication.ldap.groupcache_expiration=21800
#-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl]
#-# - create : synchronize group membership only when the user is first
created
#-# - always: synchronize on every login
# xwiki.authentication.ldap.mode_group_sync=always
#-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl]
#-# if ldap authentication fails for any reason, try XWiki DB authentication
with the same credentials
xwiki.authentication.ldap.trylocal=0
#-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl]
#-# SSL connection to LDAP server
#-# 0: normal
#-# 1: SSL
xwiki.authentication.ldap.ssl=0
#-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl]
#-# The keystore file to use in SSL connection
# xwiki.authentication.ldap.ssl.keystore=
#-------------------------------------------------------------------------------------
xwiki.authentication.unauthorized_code=200
# This parameter will activate the sectional editing
xwiki.section.edit=1
# Uncomment if you want to ignore requests for unmapped actions, and simply
display the document
# xwiki.unknownActionResponse=view
# You can configure the toolbars you wish to see in the WYSIWYG editor by
defining the
# xwiki.wysiwyg.toolbars property.
# When not defined it defaults to:
# xwiki.wysiwyg.toolbars=texttoolbar, listtoolbar, indenttoolbar,
undotoolbar, titletoolbar, \
# styletoolbar, horizontaltoolbar, attachmenttoolbar, macrostoolbar, \
# tabletoolbar, tablerowtoolbar, tablecoltoolbar, linktoolbar
# The full list of toolbars includes the one defined above and the following
ones:
# subtoolbar, findtoolbar, symboltoolbar
xwiki.defaultskin=toucan
xwiki.defaultbaseskin=albatross
xwiki.temp.dir=/tmp/xwiki
# xwiki.work.dir=/usr/local/xwiki
# xwiki.plugins.lucene.indexdir=/usr/local/xwiki/lucene
#
xwiki.plugins.lucene.analyzer=org.apache.lucene.analysis.standard.StandardAnalyzer
# xwiki.plugins.lucene.indexinterval=20
xwiki.work.dir=/docudata/xwiki
Authentication Error message:
08:05:46,657 INFO [STDOUT] 2008-03-17 08:05:46,642
[http://dokument.chemosvit.sk:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin]
[http-10.0.1.17-8080-1] WARN LDAP.XWikiLDAPAuthServiceImpl - LDAP
authentication failed.
com.xpn.xwiki.XWikiException: Error number 8001 in 8: Can't find LDAP user
DN.
at
com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWikiLDAPAuthServiceImpl.java:268)
at
com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.authenticate(XWikiLDAPAuthServiceImpl.java:107)
at
com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.authenticate(MyFormAuthenticator.java:195)
at
com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:128)
at
com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:113)
at
com.xpn.xwiki.user.impl.xwiki.XWikiAuthServiceImpl.checkAuth(XWikiAuthServiceImpl.java:211)
at com.xpn.xwiki.XWiki.checkAuth(XWiki.java:3258)
at
com.xpn.xwiki.user.impl.xwiki.XWikiRightServiceImpl.checkAccess(XWikiRightServiceImpl.java:136)
at com.xpn.xwiki.XWiki.checkAccess(XWiki.java:3266)
at com.xpn.xwiki.XWiki.prepareDocuments(XWiki.java:4210)
at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:164)
at
org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:431)
at
org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:236)
at
org.apache.struts.action.ActionServlet.process(ActionServlet.java:1196)
at
org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:432)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
com.xpn.xwiki.web.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:117)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
at
org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:179)
at
org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at
org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
at
org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
at java.lang.Thread.run(Thread.java:595)
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
--
Thomas Mortagne