21 Aug
2008
21 Aug
'08
3:23 p.m.
Myself, I try to add LDAP authentication without succeed.
How could I setup log to display LDAP request and response?
I've update log4j.properties with:
log4j.logger.com.xpn.plugin.ldap=debug
log4j.lo.com.xpn.xwiki.user.impl.LDAP=debug
Arnaud.
2008/8/21 Thomas Mortagne <thomas.mortagne(a)xwiki.com>
If it does not work you should try to enable debug log
(see
http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Logging) to see
mre details on what append during the LDAP authentication.
On Thu, Aug 21, 2008 at 10:59 AM, Thomas Mortagne
<thomas.mortagne(a)xwiki.com> wrote:
Hi,
Your configuration seems correct to me (except the
XWiki.XWikiAllGroup=cn=users,ou=xwiki,ou=Groups,dc=mydomain in
group_mapping which is useless).
Could you try the last 1.5 snapshot at
http://maven.xwiki.org/snapshots/com/xpn/xwiki/platform/xwiki-core/1.5-SNAP…
(which will be soon the 1.5.1), I fixed some bugs
(like ogin with user
id contaning poits that was broken) on LDAP but not directly related
to this. With this version it's working for me with OpenLDAP but, not
with exactly the same LDAP schema but very similar.
On Wed, Aug 20, 2008 at 11:17 PM, Richard V. <xgcom(a)hotmail.com> wrote:
>
>
> Hello XWiki users,
>
> I have a problem getting OpenLDAP to work with XWiki 1.5.11446. For some
strange reason i cannot login into xwiki from an account located in OpenLDAP
and no error messages are produced. The login page just refreshes itself and
nothing else happens. This problem started when I migrated Xwiki 1.4 to 1.5.
As solution, I downgraded back to 1.4 and everything seems to work again. Is
the LDAP plugin broken in 1.5? I have copy-pasted a sample ldif of my
OpenLDAP as well as the xwiki.cfg settings so that someone can give me a
hint on where the problem could be.
>
> Many thanks in advanced.
>
> Richard
>
> ------------------------------------------------------ BEGIN
ldif-------------------------------------------------------------------
>
> dn: dc=mydomain
> objectClass: organization
> objectClass: dcObject
> dc: mydomain
> o: mydomain
>
> dn: ou=Users,dc=mydomain
> objectClass: organizationalUnit
> ou: Users
>
> dn: ou=People,ou=Users,dc=mydomain
> objectClass: organizationalUnit
> ou: People
>
> dn: ou=Groups,dc=mydomain
> objectClass: organizationalUnit
> ou: Groups
>
> dn: ou=Machines,ou=Users,dc=mydomain
> objectClass: organizationalUnit
> ou: Machines
>
> dn: ou=Domains,dc=mydomain
> objectClass: organizationalUnit
> ou: Domains
>
> dn: sambaDomainName=SCRAPPY,ou=Domains,dc=mydomain
> objectClass: sambaDomain
> sambaAlgorithmicRidBase: 1000
> sambaSID: S-1-5-21-4074884656-2525905897-914379862
> sambaDomainName: SCRAPPY
> sambaMinPwdLength: 8
>
> dn: cn=domainUsers,ou=Groups,dc=mydomain
> objectClass: sambaGroupMapping
> objectClass: posixGroup
> displayName: Domain Users
> sambaGroupType: 2
> sambaSID: S-1-5-21-4074884656-2525905897-914379862-513
> description: Domain Users
> gidNumber: 2001
> cn: domainUsers
> memberUid: richi
>
> dn: cn=domainGuests,ou=Groups,dc=mydomain
> objectClass: sambaGroupMapping
> objectClass: posixGroobjectClass: posixGroup
> displayName: Domain Guests
> sambaGroupType: 2
> sambaSID: S-1-5-21-4074884656-2525905897-914379862-514
> description: Domain Guests
> gidNumber: 2002
> cn: domainGuests
>
> dn: cn=domainComputers,ou=Groups,dc=mydomain
> objectClass: sambaGroupMapping
> objectClass: posixGroup
> displayName: Domain Computers
> sambaGroupType: 2
> sambaSID: S-1-5-21-4074884656-2525905897-914379862-515
> description: Domain Computers
> gidNumber: 2003
> cn: domainComputers
>
> dn: uid=richi,ou=People,ou=Users,dc=mydomain
> objectClass: sambaSamAccount
> objectClass: shadowAccount
> objectClass: posixAccount
> objectClass: inetOrgPerson
> sambaHomeDrive: U:
> sambaDomainName: SCRAPPY
> sambaAcctFlags: [XU ]
> displayName: Richi
> sambaPrimaryGroupSID: S-1-5-21-4074884656-2525905897-914379862-512
> sambaSID: S-1-5-21-4074884656-2525905897-914379862-5000
> sambaLMPassword: <hidden>
> sambaNTPassword: <hidden>
> sambaPwdLastSet: 1218502167
> shadowWarning: 10
> shadowInactive: 10
> shadowMin: 1
> shadowMax: 365
> homeDirectory: /home/richi
> loginShell: /bin/bash
> uid: richi
> cn: Richi
> uidNumber: 2000
> gidNumber: 2000
> sn: Smith
> givenName: Richi
> shadowLastChange: 14105
> userPassword: secret
>
> dn: cn=domainAdmins,ou=Groups,dc=mydomain
> cn: domainAdmins
> description: Domain Admins
> objectClass: sambaGroupMapping
> objectClass: posixGroup
> gidNumber: 2000
> sambaSID: S-1-5-21-4074884656-2525905897-914379862-512
> sambaGroupType: 2
> displayName: Domain Admin
>
> dn: ou=xwiki,ou=Groups,dc=mydomain
> ou: xwiki
> objectClass: top
> objectClass: organizationalUnit
>
> dn: cn=users,ou=xwiki,ou=Groups,dc=mydomain
> cn: users
> member: uid=richi,ou=People,ou=Users,dc=mydomain
> objectClass: groupOfNames
> objectClass: top
> ou: xwiki
>
> dn: cn=admins,ou=xwiki,ou=Groups,dc=mydomain
> cn: admins
> member: uid=richi,ou=People,ou=Users,dc=mydomain
> ou: xwiki
> objectClass: groupOfNames
> objectClass: top
>
>
> ------------------------------------------------- END ldif
------------------------------------------------------------
>
> ------------------------------------------------- BEGIN xwiki.cfg
------------------------------------------------
> #-# new LDAP authentication service
>
xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl
>
> #-# Turn LDAP authentication on - otherwise only XWiki authentication
> #-# 0: disable
> #-# 1: enable
> xwiki.authentication.ldap=1
>
> #-# LDAP Server (Active Directory, eDirectory, OpenLDAP, etc.)
> xwiki.authentication.ldap.server=localhost
> xwiki.authentication.ldap.port=389
>
> #-# LDAP login, empty = anonymous access, otherwise specify full dn
> #-# {0} is replaced with the username, {1} with the password
> xwiki.authentication.ldap.bind_DN=uid={0},ou=People,ou=Users,dc=mydomain
> xwiki.authentication.ldap.bind_pass={1}
>
> #-# Force to check password after LDAP connection
> #-# 0: disable
> #-# 1: enable
> xwiki.authentication.ldap.validate_password=0
>
> #-# only members of the following group will be verified in the LDAP
> # otherwise only users that are found after searching starting from the
base_DN
>
xwiki.authentication.ldap.user_group=cn=users,ou=xwiki,ou=Groups,dc=mydomain
>
>> #-# base DN for searches
>> xwiki.authentication.ldap.base_DN=ou=People,ou=Users,dc=mydomain
>> #-# Specifies the LDAP attribute containing the identifier to be used as
the XWiki name (default=cn)
>> xwiki.authentication.ldap.UID_attr=uid
>
>> #-# [SINCE 1.5M1,
XWikiLDAPAuthServiceImpl]
>> #-# Specifies the LDAP attribute containing the password to be used
"when xwiki.authentication.ldap.validate_password" is set to 1
>> xwiki.authentication.ldap.password_field=userPassword
>
>> #-# [SINCE 1.5M1,
XWikiLDAPAuthServiceImpl]
>> #-# The potential LDAP groups classes. Separated by commas.
>
xwiki.authentication.ldap.group_classes=group,groupOfNames,groupOfUniqueNames,dynamicGroup
>
>> #-# [SINCE 1.5M1,
XWikiLDAPAuthServiceImpl]
>> #-# The potential names of the LDAP groups fields containings the
members. Separated by commas.
>> xwiki.authentication.ldap.group_memberfields=member,uniqueMember
>
>> #-# retrieve the following
fields from LDAP and store them in the XWiki
user object (xwiki-attribute=ldap-attribute)
> #-# ldap_dn=dn -- dn is set by class, caches
dn in XWiki.user object
for faster access
>
xwiki.authentication.ldap.fields_mapping=last_name=sn,first_name=givenName,fullname=displayName,email=mail
>
>> #-# [SINCE 1.3M2,
XWikiLDAPAuthServiceImpl]
>> #-# on every login update the mapped attributes from LDAP to XWiki
otherwise thi
>> s happens only once when the XWiki account is created.
>> xwiki.authentication.ldap.update_user=1
>
>> #-# [SINCE 1.3M2,
XWikiLDAPAuthServiceImpl]
>> #-# mapps XWiki groups to LDAP groups, separator is "|"
>> xwiki.authentication.ldap.group_mapping=\
>> XWiki.XWikiAdminGroup=cn=admins,ou=xwiki,ou=Groups,dc=mydomain|\
>> XWiki.XWikiAllGroup=cn=users,ou=xwiki,ou=Groups,dc=mydomain
>
>> #-# [SINCE 1.3M2,
XWikiLDAPAuthServiceImpl]
>> #-# time in s after which the list of members in a group is refreshed
from LDAP (default=3600*6)
>> #Every half an hour
>> xwiki.authentication.ldap.groupcache_expiration=1800
>
>> #-# [SINCE 1.3M2,
XWikiLDAPAuthServiceImpl]
>> #-# - create : synchronize group membership only when the user is first
created
>> #-# - always: synchronize on every login
>> xwiki.authentication.ldap.mode_group_sync=always
>
>> #-# if ldap authentication
fails for any reason, try XWiki DB
authentication with the same credentials
>> xwiki.authentication.ldap.trylocal=0
>
>> #-# [SINCE 1.3M2,
XWikiLDAPAuthServiceImpl]
>> #-# SSL connection to LDAP server
>> #-# 0: normal
>> #-# 1: SSL
>> # xwiki.authentication.ldap.ssl=0
>
>> #-# [SINCE 1.3M2,
XWikiLDAPAuthServiceImpl]
>> #-# The keystore file to use in SSL connection
>> # xwiki.authentication.ldap.ssl.keystore=
>
>> #-# [SINCE 1.5M1,
XWikiLDAPAuthServiceImpl]
>> #-# The java secure provider used in SSL connection
>> #
xwiki.authentication.ldap.ssl.secure_provider=com.sun.net.ssl.internal.ssl.Provider
>
>>
--------------------------------------------------- END xwiki.cfg
---------------------------------------------------------
>
>>
_________________________________________________________________
>> Get ideas on sharing photos from people like you. Find new ways to
share.
>
http://www.windowslive.com/explore/photogallery/posts?ocid=TXT_TAGLM_WL_Pho…
>> _______________________________________________
>> users mailing list
>> users(a)xwiki.org
>> http://lists.xwiki.org/mailman/listinfo/users
>
>
>
>
> --
> Thomas Mortagne
>
--
Thomas Mortagne
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users