Re: [xwiki-users] ldap auth against active directory fails

#-# LDAP login, empty = anonymous access, otherwise specify full dn #-# {0} is replaced with the username, {1} with the password #xwiki.authentication.ldap.bind_DN=cn={0},department=USER,o=MP

#xwiki.authentication.ldap.bind_pass={1}

On Tue, Apr 29, 2008 at 1:30 PM, werner mueller &lt;werner.mueller(a)mimacom.ch&gt; wrote: > Hallo > > thanks for the hints. > > i tried some other configurations but with no luck. it seems not every > user is allowed to query the ldap structure. i have to use a special > user/password to bind xwiki to the active directory. that user can login > but thats not a solution. aloow everyone to query the ad is not an > option for us. > > has anyone a working active directory config he or she could share? > > is it possible to trick xwiki to use a different user to bind to the AD > and then use username/password from login to process the login? > i've been doing similar things for bugzilla/ldap using LDAPbinddn = > cn=<LDAPQUERYUSERNAME>,cn=Users,dc=domain,dc=com:<LDAPQUERYPASSWORD> Yes and it's the default way to work for LDAP authenticator. You can see in default xwiki.cfg : #-# LDAP login, empty = anonymous access, otherwise specify full dn #-# {0} is replaced with the username, {1} with the password #xwiki.authentication.ldap.bind_DN=cn={0},department=USER,department=INFORMATIK,department=1230,o=MP #xwiki.authentication.ldap.bind_pass={1} So in your case it would be : xwiki.authentication.ldap.bind_DN=cn={0},cn=Users,dc=domain,dc=com xwiki.authentication.ldap.bind_pass={1} > btw: yes i am sure its version 1.3.2.9174. its the one copy pasted from > xwiki. unless its not correct there but that would be weird. > > > any hints or examples would be cool :) > thanks a lot > > regards > > werner > > > > Thomas Mortagne schrieb: > > Also I think http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication#HLDAPCon… > > is based in old LDAP authenticator (see > > http://platform.xwiki.org/xwiki/bin/view/AdminGuide/AuthenticationLdapOld). > > > > On Thu, Apr 17, 2008 at 7:35 PM, Thomas Mortagne > > &lt;thomas.mortagne(a)xwiki.com&gt; wrote: > >> Hi, > >> > >> > >> > >> On Thu, Apr 17, 2008 at 7:02 PM, werner mueller > >> &lt;werner.mueller(a)mimacom.ch&gt; wrote: > >> > hallo > >> > > >> > i am currently trying to setup xwiki on taomcat 5.5/mysql. until now its > >> > doing quite well :) > >> > > >> > my next step is to get ldap authentication against an active directory > >> > working. i followed > >> > http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication#HLDAPCon… > >> > and some postings on the mailing list but i cant get it to work. > >> > > >> > i either end up with: > >> > com.xpn.xwiki.plugin.ldap.XWikiLDAPException: Error number 0 in 5: LDAP > >> > bind failed with LDAPException. > >> > Wrapped Exception: Invalid Credentials > >> > > >> > or worse (with in my eyes the propper config): > >> > WARN LDAP.XWikiLDAPAuthS > >> > erviceImpl - LDAP authentication failed. > >> > java.lang.NullPointerException > >> > at > >> > com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWikiLDAPAuthServiceImpl.java:256) > >> > at > >> > com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.authenticate(XWikiLDAPAuthServiceImpl.java:107) > >> > at > >> > com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.authenticate(MyFormAuthenticator.java:194) > >> > at > >> > com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:127) > >> > at > >> > com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:112) > >> > at > >> > com.xpn.xwiki.user.impl.xwiki.XWikiAuthServiceImpl.checkAuth(XWikiAuthServiceImpl.java:214) > >> > at com.xpn.xwiki.XWiki.checkAuth(XWiki.java:3307) > >> > at > >> > com.xpn.xwiki.user.impl.xwiki.XWikiRightServiceImpl.checkAccess(XWikiRightServiceImpl.java:136) > >> > at com.xpn.xwiki.XWiki.checkAccess(XWiki.java:3315) > >> > at com.xpn.xwiki.XWiki.prepareDocuments(XWiki.java:4259) > >> > at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:173) > >> > ... > >> > >> Could you copy/paste your configuration. > >> > >> > >> > > >> > > >> > i've done ldap auth on several other tools (apache/subversion, > >> > bugzilla). there i used two accounts: one allowed to bind to the active > >> > directory and do searches and the useraccount itself. > >> > > >> > in the xwiki config i can only see the user logging in is used to bind > >> > to the ldap server? > >> > >> You can define a user able to bind to the active directory using > >> "bind_DN" and "bind_pass" properties and it will search for provided > >> login in ldap based on "UID_attr" property > >> > >> > >> > > >> > > >> > is the documentation current for xwiki 1.3.2.9174? or can someone give > >> > me a hint to make this work? > >> > >> Are you sure you use xwiki-core 1.3.2 version, I can't find in the > >> code what could make NullPointerException at > >> XWikiLDAPAuthServiceImpl.java:256 > >> > >> > >> > > >> > > >> > thanks a lot > >> > regards > >> > > >> > werner > >> > > >> > _______________________________________________ > >> > users mailing list > >> > users(a)xwiki.org > >> > http://lists.xwiki.org/mailman/listinfo/users > >> > > >> > >> > >> > >> -- > >> Thomas Mortagne > >> > > > > > > > > _______________________________________________ > users mailing list > users(a)xwiki.org > http://lists.xwiki.org/mailman/listinfo/users >