A month ago we tested 1.2 ver. XWiki and there wasn't problem to set up Active Directory authentication. Now we are going to start XWiki for enterprise use and we had a problem to setup AD authentication with 1.3 ver. Can anybody help us?
Frantisek KallOur System info:
=========================================================================JBoss Bootstrap Environment
JBOSS_HOME: /JBoss
JAVA: /usr/java/jdk1.5.0_11/bin/java
JAVA_OPTS: -Dprogram.name=run.sh -server -Xms128m -Xmx1024m -XX:PermSize=64m -XX:MaxPermSize=256m -Dsun.rmi.dgc.client.gcInterval=3600000 -Dsun.rmi.dgc.server.gcInterval=3600000 -Djava.net.preferIPv4Stack=true
CLASSPATH: /JBoss/bin/run.jar:/usr/java/jdk1.5.0_11/lib/tools.jar
=========================================================================
08:02:48,641 INFO [Server] Starting JBoss (MX MicroKernel)...
08:02:48,644 INFO [Server] Release ID: JBoss [Trinity] 4.2.2.GA (build: SVNTag=JBoss_4_2_2_GA date=200710221139)
08:02:48,648 INFO [Server] Home Dir: /JBoss
08:02:48,649 INFO [Server] Home URL: file:/JBoss/
08:02:48,652 INFO [Server] Patch URL: null
08:02:48,652 INFO [Server] Server Name: default
xwiki.cfg:xwiki.base=../../
xwiki.store.class=com.xpn.xwiki.store.XWikiHibernateStore
xwiki.store.hibernate.path=/WEB-INF/hibernate.cfg.xml
xwiki.store.hibernate.updateschema=1
xwiki.store.hibernate.custommapping=1
xwiki.store.cache=1
xwiki.store.cache.capacity=100
xwiki.store.migration=1
xwiki.monitor=1
# List of active plugins.
xwiki.plugins=\
com.xpn.xwiki.monitor.api.MonitorPlugin,\
com.xpn.xwiki.plugin.calendar.CalendarPlugin,\
com.xpn.xwiki.plugin.feed.FeedPlugin,\
com.xpn.xwiki.plugin.ldap.LDAPPlugin,\
com.xpn.xwiki.plugin.google.GooglePlugin,\
com.xpn.xwiki.plugin.flickr.FlickrPlugin,\
com.xpn.xwiki.plugin.mail.MailPlugin,\
com.xpn.xwiki.plugin.packaging.PackagePlugin,\
com.xpn.xwiki.plugin.query.QueryPlugin,\
com.xpn.xwiki.plugin.svg.SVGPlugin,\
com.xpn.xwiki.plugin.charts.ChartingPlugin,\
com.xpn.xwiki.plugin.fileupload.FileUploadPlugin,\
com.xpn.xwiki.plugin.image.ImagePlugin,\
com.xpn.xwiki.plugin.captcha.CaptchaPlugin,\
com.xpn.xwiki.plugin.userdirectory.UserDirectoryPlugin,\
com.xpn.xwiki.plugin.usertools.XWikiUserManagementToolsImpl,\
com.xpn.xwiki.plugin.zipexplorer.ZipExplorerPlugin,\
com.xpn.xwiki.plugin.autotag.AutoTagPlugin,\
com.xpn.xwiki.plugin.lucene.LucenePlugin,\
com.xpn.xwiki.plugin.diff.DiffPlugin,\
com.xpn.xwiki.plugin.rightsmanager.RightsManagerPlugin,\
com.xpn.xwiki.plugin.jodatime.JodaTimePlugin,\
com.xpn.xwiki.plugin.scheduler.SchedulerPlugin,\
com.xpn.xwiki.plugin.mailsender.MailSenderPlugin,\
com.xpn.xwiki.plugin.watchlist.WatchListPlugin
# This parameter allows XWiki to operate in Hosting mode allowing to create
# multiple wikis having their own database and responding to different URLs
xwiki.virtual=0
xwiki.virtual.redirect=http://127.0.0.1:9080/xwiki/bin/Main/ThisWikiDoesNotExist
# This parameter will activate the eXo Platform integration
xwiki.exo=0
xwiki.authentication=form
xwiki.authentication.validationKey=totototototototototototototototo
xwiki.authentication.encryptionKey=titititititititititititititititi
xwiki.authentication.cookiedomains=xwiki.com,wiki.fr
# Comment if you want to enable logout only for /bin/logout/XWiki/XWikiLogout
xwiki.authentication.logoutpage=/[^/]+/logout/*
# Stats configuration allows to globally activate/deactivate stats module
# It is also possible to choose a different stats service to record
# statistics separately from XWiki.
# Note: Statistics are disabled by default for improved performances.
xwiki.stats=0
xwiki.stats.default=1
xwiki.stats.class=com.xpn.xwiki.stats.impl.XWikiStatsServiceImpl
xwiki.encoding=UTF-8
xwiki.backlinks=1
xwiki.tags=1
# Use edit comments
xwiki.editcomment=1
# Hide editcomment field and only use Javascript
xwiki.editcomment.hidden=0
# Make edit comment mandatory
xwiki.editcomment.mandatory=0
# Make edit comment suggested (asks 1 time if the comment is empty.
# 1 shows one popup if comment is empty.
# 0 means there is no popup.
# This setting is ignored if mandatory is set
xwiki.editcomment.suggested=0
# GraphViz plugin configuration. The GraphViz plugin is not configured by default.
# To enable it, add "com.xpn.xwiki.plugin.graphviz.GraphVizPlugin" to the list of plugins
# in the xwiki.plugins property.
# Uncomment and set the locations of the Dot and Neato executables
#xwiki.plugin.graphviz.dotpath=c:/Program Files/ATT/GraphViz/bin/dot.exe
#xwiki.plugin.graphviz.neatopath=c:/Program Files/ATT/GraphViz/bin/neato.exe
xwiki.plugin.laszlo.baseurl=/openlaszlo/xwiki/
xwiki.plugin.laszlo.path=c:/Program Files/Apache Software Foundation/Tomcat 5.0/webapps/openlaszlo/xwiki/
xwiki.plugin.image.cache.capacity=30
xwiki.plugin.captcha=0
# Enable to allow superadmin. It is disabled by default as this could be a security breach if
# it were set and you forgot about it.
xwiki.superadminpassword=system
#-------------------------------------------------------------------------------------
# LDAP
#-------------------------------------------------------------------------------------
#-# new LDAP authentication service
xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl
#-# Turn LDAP authentication on - otherwise only XWiki authentication
#-# 0: disable
#-# 1: enable
xwiki.authentication.ldap=1
#-# LDAP Server (Active Directory, eDirectory, OpenLDAP, etc.)
xwiki.authentication.ldap.server=10.0.1.2
xwiki.authentication.ldap.port=389
xwiki.authentication.ldap.check_level=1
xwiki.authentication.ldap.bind_DN=CHEMOSVIT\\{0}
xwiki.authentication.ldap.bind_pass={1}
authentication.ldap.UID_attr=sAMAccountName
authentication.ldap.fields_mapping=name=sAMAccountName,last_name=sn,first_name=givenName,fullname=displayName,mail=mail,ldap_dn=dn
xwiki.authentication.ldap.base_DN=dc=chemosvit,dc=sk
#-# LDAP login, empty = anonymous access, otherwise specify full dn
#-# {0} is replaced with the username, {1} with the password
#xwiki.authentication.ldap.bind_DN=cn={0},department=USER,department=INFORMATIK,department=1230,o=MP
#xwiki.authentication.ldap.bind_pass={1}
#-# Force to check password after LDAP connection
#-# 0: disable
#-# 1: enable
xwiki.authentication.ldap.validate_password=0
#-# only members of the following group will be verified in the LDAP
# otherwise only users that are found after searching starting from the base_DN
#xwiki.authentication.ldap.user_group=cn=developers,ou=groups,o=MegaNova,c=US
#-# base DN for searches
#xwiki.authentication.ldap.base_DN=
#-# specifies the LDAP attribute containing the identifier to be used as the XWiki name (default=cn)
#xwiki.authentication.ldap.UID_attr=cn
#-# retrieve the following fields from LDAP and store them in the XWiki user object (xwiki-attribute=ldap-attribute)
#-# ldap_dn=dn -- dn is set by class, caches dn in XWiki.user object for faster access
#xwiki.authentication.ldap.fields_mapping=last_name=sn,first_name=givenName,fullname=fullName,email=mail,ldap_dn=dn
#-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl]
#-# on every login update the mapped attributes from LDAP to XWiki otherwise this happens only once when the XWiki account is created.
xwiki.authentication.ldap.update_user=1
#-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl]
#-# mapps XWiki groups to LDAP groups, separator is "|"
xwiki.authentication.ldap.group_mapping=XWiki.XWikiAdminGroup=cn=XWikiAdmin,ou=XWikiGroups,ou=groups,dc=chemosvit,dc=sk|\
# XWiki.Organisation=cn=XWikiUsers,ou=XWikiGroups,ou=groups,o=MegaNova,c=US
#-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl]
#-# time in s after which the list of members in a group is refreshed from LDAP (default=3600*6)
# xwiki.authentication.ldap.groupcache_expiration=21800
#-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl]
#-# - create : synchronize group membership only when the user is first created
#-# - always: synchronize on every login
# xwiki.authentication.ldap.mode_group_sync=always
#-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl]
#-# if ldap authentication fails for any reason, try XWiki DB authentication with the same credentials
xwiki.authentication.ldap.trylocal=0
#-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl]
#-# SSL connection to LDAP server
#-# 0: normal
#-# 1: SSL
xwiki.authentication.ldap.ssl=0
#-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl]
#-# The keystore file to use in SSL connection
# xwiki.authentication.ldap.ssl.keystore=
#-------------------------------------------------------------------------------------
xwiki.authentication.unauthorized_code=200
# This parameter will activate the sectional editing
xwiki.section.edit=1
# Uncomment if you want to ignore requests for unmapped actions, and simply display the document
# xwiki.unknownActionResponse=view
# You can configure the toolbars you wish to see in the WYSIWYG editor by defining the
# xwiki.wysiwyg.toolbars property.
# When not defined it defaults to:
# xwiki.wysiwyg.toolbars=texttoolbar, listtoolbar, indenttoolbar, undotoolbar, titletoolbar, \
# styletoolbar, horizontaltoolbar, attachmenttoolbar, macrostoolbar, \
# tabletoolbar, tablerowtoolbar, tablecoltoolbar, linktoolbar
# The full list of toolbars includes the one defined above and the following ones:
# subtoolbar, findtoolbar, symboltoolbar
xwiki.defaultskin=toucan
xwiki.defaultbaseskin=albatross
xwiki.temp.dir=/tmp/xwiki
# xwiki.work.dir=/usr/local/xwiki
# xwiki.plugins.lucene.indexdir=/usr/local/xwiki/lucene
# xwiki.plugins.lucene.analyzer=org.apache.lucene.analysis.standard.StandardAnalyzer
# xwiki.plugins.lucene.indexinterval=20
xwiki.work.dir=/docudata/xwiki
Authentication Error message:
08:05:46,657 INFO [STDOUT] 2008-03-17 08:05:46,642 [http://dokument.chemosvit.sk:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] [http-10.0.1.17-8080-1] WARN LDAP.XWikiLDAPAuthServiceImpl - LDAP authentication failed.
com.xpn.xwiki.XWikiException: Error number 8001 in 8: Can't find LDAP user DN.
at com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWikiLDAPAuthServiceImpl.java:268)
at com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.authenticate(XWikiLDAPAuthServiceImpl.java:107)
at com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.authenticate(MyFormAuthenticator.java:195)
at com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:128)
at com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:113)
at com.xpn.xwiki.user.impl.xwiki.XWikiAuthServiceImpl.checkAuth(XWikiAuthServiceImpl.java:211)
at com.xpn.xwiki.XWiki.checkAuth(XWiki.java:3258)
at com.xpn.xwiki.user.impl.xwiki.XWikiRightServiceImpl.checkAccess(XWikiRightServiceImpl.java:136)
at com.xpn.xwiki.XWiki.checkAccess(XWiki.java:3266)
at com.xpn.xwiki.XWiki.prepareDocuments(XWiki.java:4210)
at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:164)
at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:431)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:236)
at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1196)
at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:432)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at com.xpn.xwiki.web.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:117)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:179)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
at java.lang.Thread.run(Thread.java:595)