16 May
2008
16 May
'08
3:06 p.m.
Hi,
I don't know if this will help, but here is below my xwiki.cfg configuration
file that enable me to bind.
I still do not reach the field mapping step though, I get a
"LDAPReferralException: Automatic referral following not enabled (10)
Referral LDAPReferralException: Server Message: 0000202B: RefErr:
DSID-0310063C, data 0, 1 access points Iref 1: 'ad.toto.com'"
------8<-----------------------8<-------------------------
#-------------------------------------------------------------------------------------
# LDAP
#-------------------------------------------------------------------------------------
#-# new LDAP authentication service
xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl
#-# Turn LDAP authentication on - otherwise only XWiki authentication
#-# 0 : disable
#-# 1 : enable
xwiki.authentication.ldap=1
#-# LDAP Server (Active Directory, eDirectory, OpenLDAP, etc.)
xwiki.authentication.ldap.server=frvilsidc01.ad2.ad.toto.com
xwiki.authentication.ldap.port=389
#-# LDAP login, empty = anonymous access, otherwise specify full dn
#-# {0} is replaced with the username, {1} with the password
xwiki.authentication.ldap.bind_DN=ad2\\{0}
xwiki.authentication.ldap.bind_pass={1}
#-# only members of the following group will be verified in the LDAP
# otherwise only users that are found after searching starting from the
base_DN
#xwiki.authentication.ldap.user_group=cn=developers,ou=groups,o=MegaNova,c=US
#-# base DN for searches
xwiki.authentication.ldap.base_DN=dc=ad,dc=toto,dc=com
#-# specifies the LDAP attribute containing the identifier to be used as the
XWiki name (default=cn)
xwiki.authentication.ldap.UID_attr=sAMAccountName
#-# retrieve the following fields from LDAP and store them in the XWiki user
object (xwiki-attribute=ldap-attribute)
#-# ldap_dn=dn -- dn is set by class, caches dn in XWiki.user object for
faster access
xwiki.authentication.ldap.fields_mapping=name=sAMAccountName,last_name=sn,first_name=givenName,fullname=displayName,mail=mail
#-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl]
#-# on every login update the mapped attributes from LDAP to XWiki otherwise
this happens only once when the XWiki account is created.
xwiki.authentication.ldap.update_user=1
On Fri, May 16, 2008 at 10:44 AM, werner mueller <werner.mueller(a)mimacom.ch>
wrote:
Hallo
yep, that was the first attempt. no matter what variation i try i get
bind errors or invalid credentials (depending on what user i try to
login). xwiki shows an 'internal error' on the login dialog.
its very weird. he mediawiki configuration is alost exactly the same
(using that domain\\user syntax rather than ldap)
hard to tell what i'm doing wrong :)
i'll do another attempt on a different server next week to make sure its
nothing too stupid.
thanks!
regards
werner
Thomas Mortagne schrieb:
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
Hi,
Did you tryed the suggested AD configuration at
http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication#HLDAPCon…
?
On Mon, May 12, 2008 at 12:38 PM, Mihails Agafonovs <_muxa(a)inbox.lv>
wrote:
> Try LDAP Browser to find the correct
configuration.
>
> I've succeeded in connecting to AD, using the CN attribute, so in
> config it would be:
>
> bind_DN={0} /// here the user will type his cn
> UID_attr=cn
> Quoting werner mueller : hallo
>
> well i am a little stuck. i cant make it work although i copied the
> settings from a working example (well another tool but the same
> servers). i can only get to 'invalid credentials'
> does the server need to be in the same domain as the active
> directory to
> use the bind_DN=subdomain\{0} bind schema? the server is a linux
> machine and is not added to the windows domain.
> is there a unit test or little tool or something one could use for
> testing? its a little weird its not working.
> thanks for any ideas :)
> regards
> werner
> Thomas Mortagne schrieb:
> > You can enable "debug" logging, see
> > http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Logging
> >
> > On Wed, Apr 30, 2008 at 1:54 PM, werner mueller
>
>
> > wrote:
> >> Hallo
> >>
> >> thanks for the quick reply.
> >>
> >> well the config should work then :/
> >> i compared it with the bugzilla / subversion config which uses
> the same
> >> ldap / active directory auth. the only difference is that they
> >> distinguish the bind user with the user to be authenticated. but
> in my
> >> case even the bind user cannot login.
> >>
> >>
> >> 2008-04-30 13:44:34,891
> >>
> [http://dev.edoras.ch:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin]
> >> [http-8080-Processor24] WARN LDAP.XWikiLDAPAuthServiceImpl -
> LDAP
> >> authentication failed.
> >>
> >> com.xpn.xwiki.plugin.ldap.XWikiLDAPException: Error number 0 in
> 5: LDAP
> >> bind failed with LDAPException.
> >> Wrapped Exception: Invalid Credentials
> >> at
> >>
>
com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:178)
> >> at
> >>
>
com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:109)
> >> at
> >>
>
com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWikiLDAPAuthServiceImpl.java:194)
> >> at
> >>
> >>
>
com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.authenticate(XWikiLDAPAuthServiceImpl.java:107)
>> >> .........
>> >>
>> >> Wrapped Exception:
>> >>
>> >>
>> >> LDAPException: Invalid Credentials (49) Invalid Credentials
>> >> LDAPException: Server Message: 80090308: LdapErr: DSID-0C090334,
>> >> comment: AcceptSecurityContext error, data 525, vece
>> >> LDAPException: Matched DN:
>> >> at
>> com.novell.ldap.LDAPResponse.getResultException(Unknown Source)
>> >> at com.novell.ldap.LDAPResponse.chkResultCode(Unknown
>> Source)
>> >> at com.novell.ldap.LDAPConnection.chkResultCode(Unknown
>> Source)
>> >> at com.novell.ldap.LDAPConnection.bind(Unknown Source)
>> >> at com.novell.ldap.LDAPConnection.bind(Unknown Source)
> >> at
> >>
>
com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:170)
> >> at
> >>
>
com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:109)
> >> at
> >>
>
com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWikiLDAPAuthServiceImpl.java:194)
> >>
> >>
> >>
> >>
> >> is there some debug feature i can turn on to get some more
> information?
> >> or some small test-class to verify the settings? it seems it
> uses the
> >> login name from the login form but then authentication fails.
> >>
> >>
> >>
> >> thanks a lot :)
> >> regards
> >>
> >> werner
> >>
> >>
> >>
> >>
> >> Thomas Mortagne schrieb:
> >> > On Wed, Apr 30, 2008 at 11:55 AM, werner mueller
>
>
> >> > wrote:
> >> >> Hallo
> >> >>
> >> >> thanks for the reply.
> >> >> back to stupid questions:
> >> >>
> >> >> > #-# LDAP login, empty = anonymous access, otherwise
> specify full dn
> >> >> > #-# {0} is replaced with the username, {1} with the
> password
> >> >> >
> #xwiki.authentication.ldap.bind_DN=cn={0},department=USER,o=MP
> >> >>
> >> >> > #xwiki.authentication.ldap.bind_pass={1}
> >> >>
> >> >> {0} is the username from the login form in xwiki?
> >> >> {1} is the password from the login form in xwiki?
> >> >
> >> > Yes, you really write "{0}" and "{1}" in the
configuration and
> it will
> >> > be replaced at runtime by user/pass provided by user in the
> login
> >> > form.
> >> >
> >> >> or are these documentation placeholders to be filled in the
> config file
> >> >> directly?
> >> >>
> >> >> thanks :)
> >> >>
> >> >>
> >> >>
> >> >> regards
> >> >>
> >> >> werner
> >> >>
> >> >>
> >> >>
> >> >>
> >> >> Thomas Mortagne schrieb:
> >> >> > On Tue, Apr 29, 2008 at 1:30 PM, werner mueller
>
> >> >> > wrote:
> >> >> >> Hallo
> >> >> >>
> >> >> >> thanks for the hints.
> >> >> >>
> >> >> >> i tried some other configurations but with no luck.
it
> seems not every
> >> >> >> user is allowed to query the ldap structure. i have
to
> use a special
> >> >> >> user/password to bind xwiki to the active directory.
> that user can login
> >> >> >> but thats not a solution. aloow everyone to query the
ad
> is not an
> >> >> >> option for us.
> >> >> >>
> >> >> >> has anyone a working active directory config he or
she
> could share?
> >> >> >>
> >> >> >> is it possible to trick xwiki to use a different user
to
> bind to the AD
> >> >> >> and then use username/password from login to process
the
> login?
> >> >> >> i've been doing similar things for bugzilla/ldap
using
> LDAPbinddn =
> >> >> >> cn=,cn=Users,dc=domain,dc=com:
>
>
> >> >> >
> >> >> > Yes and it's the default way to work for LDAP
> authenticator. You can
> >> >> > see in default xwiki.cfg :
> >> >> >
> >> >> > #-# LDAP login, empty = anonymous access, otherwise
> specify full dn
> >> >> > #-# {0} is replaced with the username, {1} with the
> password
> >> >> >
>
#xwiki.authentication.ldap.bind_DN=cn={0},department=USER,department=INFORMATIK,department=1230,o=MP
> >> >> >
#xwiki.authentication.ldap.bind_pass={1}
> >> >> >
> >> >> > So in your case it would be :
> >> >> >
> xwiki.authentication.ldap.bind_DN=cn={0},cn=Users,dc=domain,dc=com
> >> >> > xwiki.authentication.ldap.bind_pass={1}
> >> >> >
> >> >> >> btw: yes i am sure its version 1.3.2.9174. its the
one
> copy pasted from
> >> >> >> xwiki. unless its not correct there but that would
be
> weird.
> >> >> >>
> >> >> >>
> >> >> >> any hints or examples would be cool :)
> >> >> >> thanks a lot
> >> >> >>
> >> >> >> regards
> >> >> >>
> >> >> >> werner
> >> >> >>
> >> >> >>
> >> >> >>
> >> >> >> Thomas Mortagne schrieb:
> >> >> >> > Also I think
>
http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication#HLDAPCon…
> >> >> >> > is based
in old LDAP authenticator (see
> >> >> >> >
>
http://platform.xwiki.org/xwiki/bin/view/AdminGuide/AuthenticationLdapOld
).
> >> >> >> >
> >> >> >> > On Thu, Apr 17, 2008 at 7:35 PM, Thomas
Mortagne
>
> >> >> >> > wrote:
> >> >> >> >> Hi,
> >> >> >> >>
> >> >> >> >>
> >> >> >> >>
> >> >> >> >> On Thu, Apr 17, 2008 at 7:02 PM, werner
mueller
>
>
> >> >> >> >> wrote:
> >> >> >> >> > hallo
> >> >> >> >> >
> >> >> >> >> > i am currently trying to setup xwiki
on taomcat
> 5.5/mysql. until now its
> >> >> >> >> > doing quite well :)
> >> >> >> >> >
> >> >> >> >> > my next step is to get ldap
authentication
> against an active directory
> >> >> >> >> > working. i followed
> >> >> >> >> >
>
http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication#HLDAPCon…
> >> >> >> >>
> and some postings on the mailing list but i cant
> get it to work.
> >> >> >> >> >
> >> >> >> >> > i either end up with:
> >> >> >> >> >
com.xpn.xwiki.plugin.ldap.XWikiLDAPException:
> Error number 0 in 5: LDAP
> >> >> >> >> > bind failed with LDAPException.
> >> >> >> >> > Wrapped Exception: Invalid
Credentials
> >> >> >> >> >
> >> >> >> >> > or worse (with in my eyes the propper
config):
> >> >> >> >> > WARN LDAP.XWikiLDAPAuthS
> >> >> >> >> > erviceImpl - LDAP authentication
failed.
> >> >> >> >> > java.lang.NullPointerException
> >> >> >> >> > at
> >> >> >> >> >
>
com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWikiLDAPAuthServiceImpl.java:256)
> >> >> >> >>
> at
> >> >> >> >> >
>
com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.authenticate(XWikiLDAPAuthServiceImpl.java:107)
> >> >> >> >>
> at
> >> >> >> >> >
>
com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.authenticate(MyFormAuthenticator.java:194)
> >> >> >> >>
> at
> >> >> >> >> >
>
com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:127)
> >> >> >> >>
> at
> >> >> >> >> >
>
com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:112)
> >> >> >> >>
> at
> >> >> >> >> >
>
com.xpn.xwiki.user.impl.xwiki.XWikiAuthServiceImpl.checkAuth(XWikiAuthServiceImpl.java:214)
>> >> >> >> >> > at
>> com.xpn.xwiki.XWiki.checkAuth(XWiki.java:3307)
> >> >> >> >>
> at
> >> >> >> >> >
>
com.xpn.xwiki.user.impl.xwiki.XWikiRightServiceImpl.checkAccess(XWikiRightServiceImpl.java:136)
> >> >> >> > at
com.xpn.xwiki.XWiki.checkAccess(XWiki.java:3315)
> >> >> >> >
at
com.xpn.xwiki.XWiki.prepareDocuments(XWiki.java:4259)
> >> >> >> >
at
com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:173)
> >> >> >> > ...
> >> >> >>
> >> >> >> Could you copy/paste your configuration.
> >> >> >>
> >> >> >>
> >> >> >> >
> >> >> >> >
> >> >> >> > i've done ldap auth on several other tools
(apache/subversion,
> >> >> >> >
bugzilla). there i used two accounts: one allowed
to bind to the active
> >> >> >> >
directory and do searches and the useraccount
itself.
> >> >> >> >
> >> >> >> > in the xwiki config i can only see the user
logging in is used to bind
> >> >> >> > to the
ldap server?
> >> >> >>
> >> >> >> You can define a user able to bind to the active
directory using
> >> >> >>
"bind_DN" and "bind_pass" properties and it will
search for
provided
> >> >> >> login in ldap
based on "UID_attr" property
> >> >> >>
> >> >> >>
> >> >> >> >
> >> >> >> >
> >> >> >> > is the documentation current for xwiki
1.3.2.9174? or can someone give
> >> >> >> > me a
hint to make this work?
> >> >> >>
> >> >> >> Are you sure you use xwiki-core 1.3.2 version, I
can't find in the
> >> >> >> code what
could make NullPointerException at
> >> >> >> XWikiLDAPAuthServiceImpl.java:256
> >> >> >>
> >> >> >>
> >> >> >> >
> >> >> >> >
> >> >> >> > thanks a lot
> >> >> >> > regards
> >> >> >> >
> >> >> >> > werner
> >> >> >> >
> >> >> >> > _______________________________________________
> >> >> >> > users mailing list
> >> >> >> > users(a)xwiki.org
> >> >> >> > http://lists.xwiki.org/mailman/listinfo/users
> >> >> >> >
> >> >> >>
> >> >> >>
> >> >> >>
> >> >> >> --
> >> >> >> Thomas Mortagne
> >> >> >>
> >> >> >
> >> >> >
> >> >> >
> >> >>
> >> >> _______________________________________________
> >> >> users mailing list
> >> >> users(a)xwiki.org
> >> >> http://lists.xwiki.org/mailman/listinfo/users
> >> >>
> >> >
> >> >
> >> >
> >>
> >> _______________________________________________
> >> users mailing list
> >> users(a)xwiki.org
> >> http://lists.xwiki.org/mailman/listinfo/users
> >>
> >
> >
> >
>
> _______________________________________________
> users mailing list
> users(a)xwiki.org
> http://lists.xwiki.org/mailman/listinfo/users
>
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
Ar cieņu, Mihails
Links:
------
[1] mailto:werner.mueller@mimacom.ch
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users