I think you get "wrong passowrd" just because LDAP failed to connect
for some reason so the authentication tried the XWiki authenticator
and obviously it fail since the password is registered on LDAP server
and not in XWiki database.
Could you enable LDAP debug log (see
)
and try to reproduce it ? We will see better what append when LDAP
fail to connect.
On Thu, Feb 5, 2009 at 10:24 AM, Stefan Woehrer <stefan_woehrer(a)yahoo.de> wrote:
thanks a lot. it seems that this was an additional problem with the
firewall(!?)
anyway, the firewall is now configured to let through the whole ldap traffic
from the xwiki machine. the problem hasn't changed: sometimes, users are
randomly logged out with the "wrong passowrd" error message. when they try
to log in, they get the very same error message for a couple of times. a few
minutes later, they can login again and everything works.
this happens spontaniously a couple of times per day.
does any1 experience the same problem?
the next issue is that suddenly no (error/warning) messages are generated
any more. i will try a tomcat restart in the afternoon, but since we did
that a lot of times before i don't think this will help.
i would very much apprechiate any kind of help! thank you in advance.
steve
tmortagne wrote:
Hi,
On Mon, Feb 2, 2009 at 9:48 AM, Stefan Woehrer <stefan_woehrer(a)yahoo.de>
wrote:
Hi,
we just upgraded our XWiki from 1.3.2 to 1.7.1.
Right afterwards the firewall registers LDAP-Packages from the XWiki
mashine
as an attack, saying:
"A malicious LDAP packet may indicate a potential attack. An attacker
could
use a modified LDAP message to cause buffer overflows on defective
systems
and execute arbitary code. (LDAP message contains malicious data which
does
not comply with ASN.1)"
It seems that it has something to to with the changings made since 1.3.2.
Is
that possible?
By default 1.7.1 use the new XWiki LDAP authenticator when 1.3.2 use
the old one. See
http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication#HLDAPAut…
Now on the technical details it's using exactly the same Novell ldap
client implementation and the differences are more on the XWiki side
so I don't see why it would suddenly send wrong datas.
Greetings,
Steve
--
View this message in context:
http://n2.nabble.com/LDAP-Login-changes-in-new-version-tp2257004p2257004.ht…
Sent from the XWiki- Users mailing list archive at
Nabble.com.
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
--
Thomas Mortagne
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
--
View this message in context:
http://n2.nabble.com/LDAP-Login-changes-in-new-version-tp2257004p2273948.ht…
Sent from the XWiki- Users mailing list archive at
Nabble.com.
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users