On Sun, Apr 10, 2011 at 23:32, Joel Schuster <joel.schuster(a)gmx.com> wrote:
Thomas,
Thanks for the response!
Ok, I turned on trace for both. Based on what I see now (I've copied the piece that
seems important out of the log)
2011-04-10 21:09:56,257 DEBUG ldap.XWikiLDAPConnection - LDAP search:
baseDN=[ou=users,dc=snapteam,dc=org] query=[null] attr=[[objectClass, cn, memberuid]]
ldapScope=[0]
2011-04-10 21:09:56,258 DEBUG ldap.XWikiLDAPConnection - - values for attribute
"objectClass"
2011-04-10 21:09:56,258 DEBUG ldap.XWikiLDAPConnection - |-
[organizationalUnit]
2011-04-10 21:09:56,259 DEBUG ldap.XWikiLDAPConnection - LDAP search found
attributes: [{name=dn value=ou=users,dc=snapteam,dc=org}, {name=objectClass
value=organizationalUnit}]
2011-04-10 21:09:56,259 ERROR ldap.XWikiLDAPUtils - Could not find attribute
cn for LDAP dn ou=users,dc=snapteam,dc=org
2011-04-10 21:09:56,259 DEBUG ldap.XWikiLDAPUtils - Found group
[ou=users,dc=snapteam,dc=org] members :null
2011-04-10 21:09:56,259 TRACE xwiki.XWikiException - Error number 8001 in 8:
LDAP user snapadmin does not belong to LDAP group ou=users,dc=snapteam,dc=org.
I've appended the ldif for the whole ldap tree below. That group doesn't have a
cn attribute, why does the main user group need one? This group is for holding ALL users,
not separating the users into groups.
I can't add a cn attribute as an organizationalUnit doesn't allow for a cn
attribute, so I'd need to add a different object type. I'm I simply setting this
up the wrong way? This setup is working just fine already for bugzilla, openfire and
postfix.
XWiki only works with groups which explicitly list members (like
cn=admins,ou=groups,dc=snapteam,dc=org). Anyway if
ou=users,dc=snapteam,dc=org contains all users then you should really
not setup xwiki.authentication.ldap.user_group since this property is
is here to accept only some user (the ones who are part of this
group).
- Joel
> Here are the settings in the xwiki.cfg:
>
>
xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl
> xwiki.authentication.ldap=1
> xwiki.authentication.ldap.server=127.0.0.1
> xwiki.authentication.ldap.port=389
> xwiki.authentication.ldap.bind_DN=cn=admin,dc=snapteam,dc=org
> xwiki.authentication.ldap.bind_pass=adminPassword
>
xwiki.authentication.ldap.ldap_user_search_fmt=(&({0}={1})(objectClass=posixAccount))
> xwiki.authentication.ldap.user_group=ou=users,dc=snapteam,dc=org
> xwiki.authentication.ldap.base_DN=dc=snapteam,dc=org
> xwiki.authentication.ldap.group_classes=posixGroup
> xwiki.authentication.ldap.group_memberfields=memberUid
>
xwiki.authentication.ldap.fields_mapping=last_name=sn,first_name=givenName,email=mail
> xwiki.authentication.ldap.update_user=1
>
xwiki.authentication.ldap.group_mapping=XWiki.XWikiAdminGroup=cn=admins,ou=groups,dc=snapteam,dc=org|\
> XWiki.SnapGroup=cn=snap,ou=groups,dc=snapteam,dc=org|\
> XWiki.AARGroup=cn=aar,ou=groups,dc=snapteam,dc=org|\
> XWiki.AACUSGroup=cn=aacus,ou=groups,dc=snapteam,dc=org
>
> xwiki.authentication.ldap.groupcache_expiration=21800
> xwiki.authentication.ldap.mode_group_sync=always
> xwiki.authentication.ldap.trylocal=1
The LDIF:
version: 1
dn: dc=snapteam,dc=org
objectClass: top
objectClass: dcObject
objectClass: organization
dc: snapteam
o: snapteam
description: Snapteam LDAP
dn: cn=admin,dc=snapteam,dc=org
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
userPassword:: cDFqbXM1Iw==
description: LDAP administrator
dn: ou=users,dc=snapteam,dc=org
objectClass: organizationalUnit
ou: users
dn: ou=groups,dc=snapteam,dc=org
objectClass: organizationalUnit
ou: groups
dn: cn=admins,ou=groups,dc=snapteam,dc=org
objectClass: posixGroup
cn: admins
gidNumber: 0
description: Administrators within the
snapteam.org domain
memberUid: uid=bobf,ou=users,dc=snapteam,dc=org
memberUid: uid=snapadmin,ou=users,dc=snapteam,dc=org
dn: cn=snap,ou=groups,dc=snapteam,dc=org
objectClass: posixGroup
cn: snap
gidNumber: 10000
description: snapteam members
memberUid: uid=joels,ou=users,dc=snapteam,dc=org
memberUid: uid=snapadmin,ou=users,dc=snapteam,dc=org
dn: cn=aar,ou=groups,dc=snapteam,dc=org
objectClass: posixGroup
cn: aar
gidNumber: 10001
description: aar group members
dn: cn=aacus,ou=groups,dc=snapteam,dc=org
objectClass: posixGroup
cn: aacus
gidNumber: 10002
description: aacus group members
dn: uid=bobf,ou=users,dc=snapteam,dc=org
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
cn: Bob Frank
gidNumber: 0
homeDirectory: /home/bobf
sn: Frank
uid: bobf
uidNumber: 1000
displayName: Bob Frank
gecos: Bob Frank
givenName: Bob
homePhone: 719-123-1234
initials: BF
l: Colorado Springs
loginShell: /bin/bash
mail: bobf(a)snapteam.org
mobile: 719-123-1234
o: SNAP
postalAddress: 1234 Hearth Ct
postalCode: 80922
shadowExpire: -1
shadowFlag: 0
shadowLastChange: 10877
shadowMax: 999999
shadowMin: 8
shadowWarning: 7
st: CO
title: System Administrator
userPassword:: e1NIQX1JZmFqYzRNSUFQdWNmQ1lEMkF6MC9YTytLb3M9
dn: uid=snapadmin,ou=users,dc=snapteam,dc=org
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
cn: Snap Admin
gidNumber: 0
homeDirectory: /home/snapadmin
sn: Admin
uid: snapadmin
uidNumber: 1001
displayName: Snap Admin
gecos: Snap Admin
givenName: Snap
homePhone: 719-123-1234
initials: SA
l: Colorado Springs
loginShell: /bin/bash
mail: snapadmin(a)snapteam.org
mobile: 719-123-1234
o: SNAP
postalAddress: 1234 Hearth Ct
postalCode: 80922
shadowExpire: -1
shadowFlag: 0
shadowLastChange: 10877
shadowMax: 999999
shadowMin: 8
shadowWarning: 7
st: CO
title: System Administrator
userPassword:: cDFqbXM1Iw==
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
--
Thomas Mortagne