If your sAMAccountName is like name.surname, it won't work. XWiki has
some problems with "." (or is this solved?) sign when logging in.
Quoting Fabien : Hi,
I don't know if this will help, but here is below my xwiki.cfg
configuration
file that enable me to bind.
I still do not reach the field mapping step though, I get a
"LDAPReferralException: Automatic referral following not enabled
(10)
Referral LDAPReferralException: Server Message: 0000202B: RefErr:
DSID-0310063C, data 0, 1 access points Iref 1: 'ad.toto.com'"
------8
yep, that was the first attempt. no matter what
variation i try i
get
bind errors or invalid credentials (depending on what
user i try
to
login). xwiki shows an 'internal error' on the
login dialog.
its very weird. he mediawiki configuration is alost exactly the
same
(using that domain\user syntax rather than ldap)
hard to tell what i'm doing wrong :)
i'll do another attempt on a different server next week to make
sure its
nothing too stupid.
thanks!
regards
werner
Thomas Mortagne schrieb:
Hi,
Did you tryed the suggested AD configuration at
http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication#HLDAPCon…
?
On Mon, May 12, 2008 at 12:38 PM, Mihails Agafonovs
wrote:
>> Try LDAP Browser to find the correct configuration.
>>
>> I've succeeded in connecting to AD, using the CN attribute, so
in
>> config it would be:
>>
>> bind_DN={0} /// here the user will type his cn
>> UID_attr=cn
>> Quoting werner mueller : hallo
>>
>> well i am a little stuck. i cant make it work although i
copied the
>> settings from a working example (well
another tool but the
same
>> servers). i can only get to 'invalid
credentials'
>> does the server need to be in the same domain as the active
>> directory to
>> use the bind_DN=subdomain{0} bind schema? the server is a
linux
>> machine and is not added to the windows
domain.
>> is there a unit test or little tool or something one could
use for
>> testing? its a little weird its not
working.
>> thanks for any ideas :)
>> regards
>> werner
>> Thomas Mortagne schrieb:
>> > You can enable "debug" logging, see
>> >
http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Logging
>> >
>> > On Wed, Apr 30, 2008 at 1:54 PM, werner mueller
>>
>>
>> > wrote:
>> >> Hallo
>> >>
>> >> thanks for the quick reply.
>> >>
>> >> well the config should work then :/
>> >> i compared it with the bugzilla / subversion config which
uses
>> the same
>> >> ldap / active directory auth. the only difference is that
they
>> >> distinguish the bind user with
the user to be
authenticated. but
>> in my
>> >> case even the bind user cannot login.
>> >>
>> >>
>> >> 2008-04-30 13:44:34,891
>> >>
>>
[
http://dev.edoras.ch:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin]
>> >> [http-8080-Processor24] WARN
LDAP.XWikiLDAPAuthServiceImpl -
>> LDAP
>> >> authentication failed.
>> >>
>> >> com.xpn.xwiki.plugin.ldap.XWikiLDAPException: Error number
0
in
> 5: LDAP
> >> bind failed with LDAPException.
> >> Wrapped Exception: Invalid Credentials
> >> at
> >>
>
com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:178)
com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:109)
com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWikiLDAPAuthServiceImpl.java:194)
com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.authenticate(XWikiLDAPAuthServiceImpl.java:107)
>> >> .........
>> >>
>> >> Wrapped Exception:
>> >>
>> >>
>> >> LDAPException: Invalid Credentials (49) Invalid
Credentials
>> >> LDAPException: Server Message:
80090308: LdapErr:
DSID-0C090334,
>> >> comment: AcceptSecurityContext
error, data 525, vece
>> >> LDAPException: Matched DN:
>> >> at
>> com.novell.ldap.LDAPResponse.getResultException(Unknown
Source)
>> >> at
com.novell.ldap.LDAPResponse.chkResultCode(Unknown
> >> Source)
>> >> at
com.novell.ldap.LDAPConnection.chkResultCode(Unknown
>> Source)
>> >> at com.novell.ldap.LDAPConnection.bind(Unknown
Source)
>> >> at
com.novell.ldap.LDAPConnection.bind(Unknown
Source)
com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:170)
com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:109)
com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWikiLDAPAuthServiceImpl.java:194)
>> >>
>> >>
>> >>
>> >>
>> >> is there some debug feature i can turn on to get some
more
>> information?
>> >> or some small test-class to verify the settings? it seems
it
>> uses the
>> >> login name from the login form but then authentication
fails.
>> >>
>> >>
>> >>
>> >> thanks a lot :)
>> >> regards
>> >>
>> >> werner
>> >>
>> >>
>> >>
>> >>
>> >> Thomas Mortagne schrieb:
>> >> > On Wed, Apr 30, 2008 at 11:55 AM, werner mueller
>>
>>
>> >> > wrote:
>> >> >> Hallo
>> >> >>
>> >> >> thanks for the reply.
>> >> >> back to stupid questions:
>> >> >>
>> >> >> > #-# LDAP login, empty = anonymous access, otherwise
>> specify full dn
>> >> >> > #-# {0} is replaced with the username, {1} with
the
>> password
>> >> >> >
>> #xwiki.authentication.ldap.bind_DN=cn={0},department=USER,o=MP
>> >> >>
>> >> >> > #xwiki.authentication.ldap.bind_pass={1}
>> >> >>
>> >> >> {0} is the username from the login form in xwiki?
>> >> >> {1} is the password from the login form in xwiki?
>> >> >
>> >> > Yes, you really write "{0}" and "{1}" in
the
configuration and
>> it will
>> >> > be replaced at runtime by user/pass provided by user in
the
>> login
>> >> > form.
>> >> >
>> >> >> or are these documentation placeholders to be filled
in the
>> config file
>> >> >> directly?
>> >> >>
>> >> >> thanks :)
>> >> >>
>> >> >>
>> >> >>
>> >> >> regards
>> >> >>
>> >> >> werner
>> >> >>
>> >> >>
>> >> >>
>> >> >>
>> >> >> Thomas Mortagne schrieb:
>> >> >> > On Tue, Apr 29, 2008 at 1:30 PM, werner mueller
>>
>> >> >> > wrote:
>> >> >> >> Hallo
>> >> >> >>
>> >> >> >> thanks for the hints.
>> >> >> >>
>> >> >> >> i tried some other configurations but with no
luck. it
>> seems not every
>> >> >> >> user is allowed to query the ldap structure. i
have to
>> use a special
>> >> >> >> user/password to bind xwiki to the active
directory.
>> that user can login
>> >> >> >> but thats not a solution. aloow everyone to
query
the ad
>> is not an
>> >> >> >> option for us.
>> >> >> >>
>> >> >> >> has anyone a working active directory config he
or she
>> could share?
>> >> >> >>
>> >> >> >> is it possible to trick xwiki to use a different
user to
>> bind to the AD
>> >> >> >> and then use username/password from login to
process the
>> login?
>> >> >> >> i've been doing similar things for
bugzilla/ldap
using
>
LDAPbinddn =
> >> >> >> cn=,cn=Users,dc=domain,dc=com:
>
>
> >> >> >
> >> >> > Yes and it's the default way to work for LDAP
> authenticator. You can
> >> >> > see in default xwiki.cfg :
> >> >> >
> >> >> > #-# LDAP login, empty = anonymous access, otherwise
> specify full dn
> >> >> > #-# {0} is replaced with the username, {1} with the
> password
> >> >> >
>
#xwiki.authentication.ldap.bind_DN=cn={0},department=USER,department=INFORMATIK,department=1230,o=MP
>> >> >> >
#xwiki.authentication.ldap.bind_pass={1}
>> >> >> >
>> >> >> > So in your case it would be :
>> >> >> >
>>
xwiki.authentication.ldap.bind_DN=cn={0},cn=Users,dc=domain,dc=com
>> >> >> >
xwiki.authentication.ldap.bind_pass={1}
>> >> >> >
>> >> >> >> btw: yes i am sure its version 1.3.2.9174. its
the one
>> copy pasted from
>> >> >> >> xwiki. unless its not correct there but that
would be
> weird.
> >> >> >>
> >> >> >>
> >> >> >> any hints or examples would be cool :)
> >> >> >> thanks a lot
> >> >> >>
> >> >> >> regards
> >> >> >>
> >> >> >> werner
> >> >> >>
> >> >> >>
> >> >> >>
> >> >> >> Thomas Mortagne schrieb:
> >> >> >> > Also I think
>
http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication#HLDAPCon…
> >>
>> >> > is based in old LDAP authenticator (see
> >> >> >> >
>
http://platform.xwiki.org/xwiki/bin/view/AdminGuide/AuthenticationLdapOld
).
>> >> >> >> >
>> >> >> >> > On Thu, Apr 17, 2008 at 7:35 PM, Thomas
Mortagne
>>
>> >> >> >> > wrote:
>> >> >> >> >> Hi,
>> >> >> >> >>
>> >> >> >> >>
>> >> >> >> >>
>> >> >> >> >> On Thu, Apr 17, 2008 at 7:02 PM,
werner
mueller
>>
>>
>> >> >> >> >> wrote:
>> >> >> >> >> > hallo
>> >> >> >> >> >
>> >> >> >> >> > i am currently trying to setup
xwiki on
taomcat
>
5.5/mysql. until now its
> >> >> >> >> > doing quite well :)
> >> >> >> >> >
> >> >> >> >> > my next step is to get ldap
authentication
> against an active directory
> >> >> >> >> > working. i followed
> >> >> >> >> >
>
http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication#HLDAPCon…
>> >> >> >> >>
> and some postings on the mailing list but
i cant
>> get it to work.
>> >> >> >> >> >
>> >> >> >> >> > i either end up with:
>> >> >> >> >> >
com.xpn.xwiki.plugin.ldap.XWikiLDAPException:
>> Error number 0 in 5: LDAP
>> >> >> >> >> > bind failed with LDAPException.
>> >> >> >> >> > Wrapped Exception: Invalid
Credentials
>> >> >> >> >> >
>> >> >> >> >> > or worse (with in my eyes the
propper
config):
> >>
>> >> >> > WARN LDAP.XWikiLDAPAuthS
> >> >> >> >> > erviceImpl - LDAP authentication
failed.
> >> >> >> >> > java.lang.NullPointerException
> >> >> >> >> > at
> >> >> >> >> >
>
com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWikiLDAPAuthServiceImpl.java:256)
> >>
>> >> >> > at
> >> >> >> >> >
>
com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.authenticate(XWikiLDAPAuthServiceImpl.java:107)
> >>
>> >> >> > at
> >> >> >> >> >
>
com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.authenticate(MyFormAuthenticator.java:194)
> >>
>> >> >> > at
> >> >> >> >> >
>
com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:127)
> >>
>> >> >> > at
> >> >> >> >> >
>
com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:112)
> >>
>> >> >> > at
> >> >> >> >> >
>
com.xpn.xwiki.user.impl.xwiki.XWikiAuthServiceImpl.checkAuth(XWikiAuthServiceImpl.java:214)
> >> >> >> >> >> > at
> >> com.xpn.xwiki.XWiki.checkAuth(XWiki.java:3307)
> >>
>> >> >> > at
> >> >> >> >> >
>
com.xpn.xwiki.user.impl.xwiki.XWikiRightServiceImpl.checkAccess(XWikiRightServiceImpl.java:136)
>> >> >> >> >>
> at
>> com.xpn.xwiki.XWiki.checkAccess(XWiki.java:3315)
>> >> >> >> >> > at
>> com.xpn.xwiki.XWiki.prepareDocuments(XWiki.java:4259)
>> >> >> >> >> > at
>> com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:173)
>> >> >> >> >> > ...
>> >> >> >> >>
>> >> >> >> >> Could you copy/paste your
configuration.
>> >> >> >> >>
>> >> >> >> >>
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> > i've done ldap auth on
several other tools
>> (apache/subversion,
>> >> >> >> >> > bugzilla). there i used two
accounts: one
allowed
>> to bind to the active
>> >> >> >> >> > directory and do searches and
the
useraccount
>> itself.
>> >> >> >> >> >
>> >> >> >> >> > in the xwiki config i can only
see the
user
>> logging in is used to bind
>> >> >> >> >> > to the ldap server?
>> >> >> >> >>
>> >> >> >> >> You can define a user able to bind to
the
active
>> directory using
>> >> >> >> >> "bind_DN" and
"bind_pass" properties and it
will
>> search for provided
>> >> >> >> >> login in ldap based on
"UID_attr" property
>> >> >> >> >>
>> >> >> >> >>
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> > is the documentation current for
xwiki
>> 1.3.2.9174? or can someone give
>> >> >> >> >> > me a hint to make this work?
>> >> >> >> >>
>> >> >> >> >> Are you sure you use xwiki-core 1.3.2
version, I
>> can't find in the
>> >> >> >> >> code what could make
NullPointerException at
>> >> >> >> >> XWikiLDAPAuthServiceImpl.java:256
>> >> >> >> >>
>> >> >> >> >>
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> > thanks a lot
>> >> >> >> >> > regards
>> >> >> >> >> >
>> >> >> >> >> > werner
>> >> >> >> >> >
>> >> >> >> >> >
_______________________________________________
>> >> >> >> >>
> users mailing list
>> >> >> >> >> > users(a)xwiki.org
>> >> >> >> >> >
http://lists.xwiki.org/mailman/listinfo/users
> >>
>> >> >
> >> >> >>
> >> >> >>
> >> >> >>
> >> >> >> --
> >> >> >> Thomas Mortagne
> >> >> >>
> >> >> >
> >> >> >
> >> >> >
> >> >>
> >> >> _______________________________________________
> >> >> users mailing list
> >> >> users(a)xwiki.org
> >> >>
http://lists.xwiki.org/mailman/listinfo/users
> >> >>
> >> >
> >> >
> >> >
> >>
> >> _______________________________________________
> >> users mailing list
> >> users(a)xwiki.org
> >>
http://lists.xwiki.org/mailman/listinfo/users
> >>
> >
> >
> >
>
> _______________________________________________
> users mailing list
> users(a)xwiki.org
>
http://lists.xwiki.org/mailman/listinfo/users
>
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
Ar cieņu, Mihails
Links:
------
[1] mailto:werner.mueller@mimacom.ch
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
Ar cieņu, Mihails
Links:
------
[1] mailto:fbataill@gmail.com