?
On Mon, May 12, 2008 at 12:38 PM, Mihails Agafonovs <_muxa(a)inbox.lv> wrote:
Try LDAP Browser to find the correct configuration.
I've succeeded in connecting to AD, using the CN attribute, so in
config it would be:
bind_DN={0} /// here the user will type his cn
UID_attr=cn
Quoting werner mueller : hallo
well i am a little stuck. i cant make it work although i copied the
settings from a working example (well another tool but the same
servers). i can only get to 'invalid credentials'
does the server need to be in the same domain as the active
directory to
use the bind_DN=subdomain\{0} bind schema? the server is a linux
machine and is not added to the windows domain.
is there a unit test or little tool or something one could use for
testing? its a little weird its not working.
thanks for any ideas :)
regards
werner
Thomas Mortagne schrieb:
You can enable "debug" logging, see
http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Logging
On Wed, Apr 30, 2008 at 1:54 PM, werner mueller
wrote:
> Hallo
>
> thanks for the quick reply.
>
> well the config should work then :/
> i compared it with the bugzilla / subversion config which uses
the same
> ldap / active directory auth. the only
difference is that they
> distinguish the bind user with the user to be authenticated. but
in my
> case even the bind user cannot login.
>
>
> 2008-04-30 13:44:34,891
>
[
http://dev.edoras.ch:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin]
> [http-8080-Processor24] WARN
LDAP.XWikiLDAPAuthServiceImpl -
LDAP
> authentication failed.
>
> com.xpn.xwiki.plugin.ldap.XWikiLDAPException: Error number 0 in
5: LDAP
> bind failed with LDAPException.
> Wrapped Exception: Invalid Credentials
> at
>
com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:178)
> at
>
com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:109)
> at
>
com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWikiLDAPAuthServiceImpl.java:194)
> at
>
>>
com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.authenticate(XWikiLDAPAuthServiceImpl.java:107)
> .........
>
> Wrapped Exception:
>
>
> LDAPException: Invalid Credentials (49) Invalid Credentials
> LDAPException: Server Message: 80090308: LdapErr: DSID-0C090334,
> comment: AcceptSecurityContext error, data 525, vece
> LDAPException: Matched DN:
> at
com.novell.ldap.LDAPResponse.getResultException(Unknown Source)
> at
com.novell.ldap.LDAPResponse.chkResultCode(Unknown
Source)
> at
com.novell.ldap.LDAPConnection.chkResultCode(Unknown
Source)
>> at com.novell.ldap.LDAPConnection.bind(Unknown Source)
>> at com.novell.ldap.LDAPConnection.bind(Unknown Source)
> at
>
com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:170)
> at
>
com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:109)
> at
>
com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWikiLDAPAuthServiceImpl.java:194)
>
>
>
>
> is there some debug feature i can turn on to get some more
information?
> or some small test-class to verify the
settings? it seems it
uses the
> login name from the login form but then
authentication fails.
>
>
>
> thanks a lot :)
> regards
>
> werner
>
>
>
>
> Thomas Mortagne schrieb:
> > On Wed, Apr 30, 2008 at 11:55 AM, werner mueller
> > wrote:
> >> Hallo
> >>
> >> thanks for the reply.
> >> back to stupid questions:
> >>
> >> > #-# LDAP login, empty = anonymous access, otherwise
specify
full dn
> >> > #-# {0} is replaced with the
username, {1} with the
password
> >> >
#xwiki.authentication.ldap.bind_DN=cn={0},department=USER,o=MP
> >>
> >> > #xwiki.authentication.ldap.bind_pass={1}
> >>
> >> {0} is the username from the login form in xwiki?
> >> {1} is the password from the login form in xwiki?
> >
> > Yes, you really write "{0}" and "{1}" in the configuration
and
it will
> > be replaced at runtime by user/pass
provided by user in the
login
> > form.
> >
> >> or are these documentation placeholders to be filled in the
config
file
> >> directly?
> >>
> >> thanks :)
> >>
> >>
> >>
> >> regards
> >>
> >> werner
> >>
> >>
> >>
> >>
> >> Thomas Mortagne schrieb:
> >> > On Tue, Apr 29, 2008 at 1:30 PM, werner mueller
> >> > wrote:
> >> >> Hallo
> >> >>
> >> >> thanks for the hints.
> >> >>
> >> >> i tried some other configurations but with no luck. it
seems not every
> >> >> user is allowed to query
the ldap structure. i have to
use a special
> >> >> user/password to bind
xwiki to the active directory.
that user can login
> >> >> but thats not a
solution. aloow everyone to query the ad
is not an
> >> >> option for us.
> >> >>
> >> >> has anyone a working active directory config he or she
could share?
> >> >>
> >> >> is it possible to trick xwiki to use a different user to
bind to the AD
> >> >> and then use
username/password from login to process the
login?
> >> >> i've been doing
similar things for bugzilla/ldap using
LDAPbinddn =
> >> >>
cn=,cn=Users,dc=domain,dc=com:
> >> >
> >> > Yes and it's the default way to work for LDAP
authenticator. You can
> >> > see in default xwiki.cfg :
> >> >
> >> > #-# LDAP login, empty = anonymous access, otherwise
specify
full dn
> >> > #-# {0} is replaced with the
username, {1} with the
password
> >> >
#xwiki.authentication.ldap.bind_DN=cn={0},department=USER,department=INFORMATIK,department=1230,o=MP
>> >> > #xwiki.authentication.ldap.bind_pass={1}
> >> >
>> >>
> So in your case it would be :
> >> >
xwiki.authentication.ldap.bind_DN=cn={0},cn=Users,dc=domain,dc=com
>> >> > xwiki.authentication.ldap.bind_pass={1}
> >> >
>> >>
>> btw: yes i am sure its version 1.3.2.9174. its the one
copy pasted from
> >> >> xwiki. unless its not
correct there but that would be
weird.
> >> >>
> >> >>
> >> >> any hints or examples would be cool :)
> >> >> thanks a lot
> >> >>
> >> >> regards
> >> >>
> >> >> werner
> >> >>
> >> >>
> >> >>
> >> >> Thomas Mortagne schrieb:
> >> >> > Also I think
http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication#HLDAPCon…
> >> >> > is based in old
LDAP authenticator (see
> >> >> >
http://platform.xwiki.org/xwiki/bin/view/AdminGuide/AuthenticationLdapOld).
> >> >> >
> >> >> > On Thu, Apr 17, 2008 at 7:35 PM, Thomas Mortagne
> >> >> > wrote:
> >> >> >> Hi,
> >> >> >>
> >> >> >>
> >> >> >>
> >> >> >> On Thu, Apr 17, 2008 at 7:02 PM, werner mueller
> >> >> >> wrote:
> >> >> >> > hallo
> >> >> >> >
> >> >> >> > i am currently trying to setup xwiki on taomcat
5.5/mysql. until now its
> >> >> >> > doing
quite well :)
> >> >> >> >
> >> >> >> > my next step is to get ldap authentication
against an active directory
> >> >> >> > working.
i followed
> >> >> >> >
http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication#HLDAPCon…
> >> >> >> > and some
postings on the mailing list but i cant
get it to work.
> >> >> >> >
> >> >> >> > i either end up with:
> >> >> >> > com.xpn.xwiki.plugin.ldap.XWikiLDAPException:
Error number 0 in 5: LDAP
> >> >> >> > bind
failed with LDAPException.
> >> >> >> > Wrapped Exception: Invalid Credentials
> >> >> >> >
> >> >> >> > or worse (with in my eyes the propper config):
> >> >> >> > WARN LDAP.XWikiLDAPAuthS
> >> >> >> > erviceImpl - LDAP authentication failed.
> >> >> >> > java.lang.NullPointerException
> >> >> >> > at
> >> >> >> >
com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWikiLDAPAuthServiceImpl.java:256)
> >> >> >> >
at
> >> >> >> >
com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.authenticate(XWikiLDAPAuthServiceImpl.java:107)
> >> >> >> >
at
> >> >> >> >
com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.authenticate(MyFormAuthenticator.java:194)
> >> >> >> >
at
> >> >> >> >
com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:127)
> >> >> >> >
at
> >> >> >> >
com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:112)
> >> >> >> >
at
> >> >> >> >
com.xpn.xwiki.user.impl.xwiki.XWikiAuthServiceImpl.checkAuth(XWikiAuthServiceImpl.java:214)
> >> >> >> >
at
com.xpn.xwiki.XWiki.checkAuth(XWiki.java:3307)
> >> >> >> >
at
> >> >> >> >
com.xpn.xwiki.user.impl.xwiki.XWikiRightServiceImpl.checkAccess(XWikiRightServiceImpl.java:136)
> >> >> >> >
at
com.xpn.xwiki.XWiki.checkAccess(XWiki.java:3315)
> >> >> >> >
at
com.xpn.xwiki.XWiki.prepareDocuments(XWiki.java:4259)
> >> >> >> >
at
com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:173)
> >> >> >> > ...
> >> >> >>
> >> >> >> Could you copy/paste your configuration.
> >> >> >>
> >> >> >>
> >> >> >> >
> >> >> >> >
> >> >> >> > i've done ldap auth on several other tools
(apache/subversion,
> >> >> >> >
bugzilla). there i used two accounts: one allowed
to bind to the active
> >> >> >> >
directory and do searches and the useraccount
itself.
> >> >> >> >
> >> >> >> > in the xwiki config i can only see the user
logging in is used to bind
> >> >> >> > to the
ldap server?
> >> >> >>
> >> >> >> You can define a user able to bind to the active
directory using
> >> >> >>
"bind_DN" and "bind_pass" properties and it will
search for
provided
> >> >> >> login in ldap
based on "UID_attr" property
> >> >> >>
> >> >> >>
> >> >> >> >
> >> >> >> >
> >> >> >> > is the documentation current for xwiki
1.3.2.9174? or can someone give
> >> >> >> > me a
hint to make this work?
> >> >> >>
> >> >> >> Are you sure you use xwiki-core 1.3.2 version, I
can't find in the
>> >> >> >> code what could make NullPointerException at
>> >> >> >> XWikiLDAPAuthServiceImpl.java:256
>> >> >> >>
>> >> >> >>
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > thanks a lot
>> >> >> >> > regards
>> >> >> >> >
>> >> >> >> > werner
>> >> >> >> >
>> >> >> >> >
_______________________________________________
>> >> >> >> > users mailing list
>> >> >> >> > users(a)xwiki.org
>> >> >> >> >
http://lists.xwiki.org/mailman/listinfo/users
>> >> >> >> >
>> >> >> >>
>> >> >> >>
>> >> >> >>
>> >> >> >> --
>> >> >> >> Thomas Mortagne
>> >> >> >>
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >>
>> >> >> _______________________________________________
>> >> >> users mailing list
>> >> >> users(a)xwiki.org
>> >> >>
http://lists.xwiki.org/mailman/listinfo/users
>> >> >>
> >> >
> >> >
>
>> >
>> >>
>> >> _______________________________________________
>> >> users mailing list
>> >> users(a)xwiki.org
>> >>
http://lists.xwiki.org/mailman/listinfo/users
>> >>
>> >
>> >
>> >
>>
>> _______________________________________________
>> users mailing list
>> users(a)xwiki.org
>>
http://lists.xwiki.org/mailman/listinfo/users
>>
>
>
>
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
Ar cieņu, Mihails
Links:
------
[1] mailto:werner.mueller@mimacom.ch
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users