19 Nov
2008
19 Nov
'08
10:42 a.m.
On Wed, Nov 19, 2008 at 8:44 AM, Thomas Zwitanowitsch
<tzwitano(a)wlgore.com> wrote:
Hi Thomas,
Yes, there is an entry on this, but it looks like it doesn't find
anything.
ldap.XWikiLDAPUtils - Retrieving Members of the group:
cn=MSOE,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore
ldap.XWikiLDAPUtils - Found group
[cn=MSOE,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore]
members :{}
ldap.XWikiLDAPUtils - Retrieving Members of the group:
cn=Admin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore
ldap.XWikiLDAPUtils - Found group
[cn=Admin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore]
members :{}
ldap.XWikiLDAPUtils - Retrieving Members of the group:
cn=MedFabAdmin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore
ldap.XWikiLDAPUtils - Found group
[cn=MedFabAdmin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore]
members :{}
ldap.XWikiLDAPUtils - Retrieving Members of the group:
cn=MedFabUser,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore
ldap.XWikiLDAPUtils - Found group
[cn=MedFabUser,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore]
members :{}
The Admin-group in LDAP looks like this:
dn:
cn=Admin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore
DirXML-Associations:
cn=AUTH-IDV,cn=DriverSet,ou=IDM,ou=system,o=wlgore#1#{E21DA9D4-FD4F-944c-40BA-E21DA9D4FD4F}
equivalentToMe: cn=a12345,ou=associates,ou=users,o=wlgore
objectClass: groupOfNames
objectClass: Top
member: cn=a12345,ou=associates,ou=users,o=wlgore
description: XWiki Admin Group
cn: Admin
So I see no reason for it not finding the members. In regards to the group
cache, I already set it to 60s just to make sure it's being refreshed -
with no effect.
Ok them let me add some more log for your particular case and commit
for you to try to find why it can't find any LDAP group's member..
Thanks!
Thomas
"Thomas Mortagne" <thomas.mortagne(a)xwiki.com Sent by: users-bounces(a)xwiki.org
18.11.2008 18:26
Please respond to
XWiki Users <users(a)xwiki.org
To
"XWiki Users" <users(a)xwiki.org
cc
Subject
Re: [xwiki-users] LDAP Groupmembers not updated to XWiki-Groups
Hi,
On Tue, Nov 18, 2008 at 5:39 PM, Thomas Zwitanowitsch
<tzwitano(a)wlgore.com> wrote:
XWiki.MSOEGroup=cn=MSOE,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore|\
XWiki.MedicalFabricsAdmGroup=cn=MedFabAdmin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore|\
XWiki.MedicalFabricsGroup=cn=MedFabUser,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore
> #-# [SINCE 1.3M2,
XWikiLDAPAuthServiceImpl]
> #-# time in s after which the list of members in a group is refreshed
from
> LDAP (default=3600*6)
> xwiki.authentication.ldap.groupcache_expiration=60
> #-# [SINCE 1.3M2,
XWikiLDAPAuthServiceImpl]
> #-# - create : synchronize group membership only when the user is first
> created
> #-# - always: synchronize on every login
> xwiki.authentication.ldap.mode_group_sync=always
> #-# [SINCE 1.3M2,
XWikiLDAPAuthServiceImpl]
> #-# if ldap authentication fails for any reason, try XWiki DB
> authentication with the same credentials
> xwiki.authentication.ldap.trylocal=1
> Thanks!
> Thomas
> _______________________________________________
> users mailing list
> users(a)xwiki.org
> http://lists.xwiki.org/mailman/listinfo/users
--
Thomas Mortagne
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
--
Thomas Mortagne
Hi,
I've updated from 1.5.2 to 1.6.1. After this, I found all groups beeing
empty - so no users were there anymore.
As result I started mapping LDAP groups to XWiki groups to let XWiki
populate the memberships again - I was planning this anyway.
For some reason XWiki is not able to get the groups members and I cannot
understand why. Also it is not putting my user in the XWiki.AllGroup -
still my groups do not have any member.
Can you see "Retrieving Members of the group..." anywhere in the whole log
?
In your log I only see "Found group" which should means the group
cache already contains the group members.
This are the logs:
DEBUG LDAP.XWikiLDAPAuthServiceImpl - Updating existing user with LDAP
attribues located at cn=a12345,ou=associates,ou=users,o=wlgore
DEBUG ldap.XWikiLDAPConfig - Ready to create user from LDAP
with fields
last_name=sn,first_name=givenName,fullname=fullName,email=mail,ldap_dn=dn
DEBUG ldap.XWikiLDAPConfig -
Groupmapping found:
XWiki.XWikiAdminGroup
cn=Admin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore
DEBUG ldap.XWikiLDAPConfig - Groupmapping found:
XWiki.MSOEGroup
cn=MSOE,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore
DEBUG ldap.XWikiLDAPConfig - Groupmapping found:
XWiki.MedicalFabricsAdmGroup
cn=MedFabAdmin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore
DEBUG ldap.XWikiLDAPConfig -
Groupmapping found:
XWiki.MedicalFabricsGroup
cn=MedFabUser,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore
DEBUG LDAP.XWikiLDAPAuthServiceImpl - Updating
group membership for
the
user: tzwitano
DEBUG LDAP.XWikiLDAPAuthServiceImpl - The user belongs to following
XWiki groups:
DEBUG LDAP.XWikiLDAPAuthServiceImpl - XWiki.XWikiAllGroup
DEBUG LDAP.XWikiLDAPAuthServiceImpl - All defined XWiki groups:
DEBUG LDAP.XWikiLDAPAuthServiceImpl - XWiki.MSOEGroup
DEBUG LDAP.XWikiLDAPAuthServiceImpl - XWiki.MedicalFabricsAdmGroup
DEBUG LDAP.XWikiLDAPAuthServiceImpl - XWiki.MedicalFabricsGroup
DEBUG LDAP.XWikiLDAPAuthServiceImpl - XWiki.TrillrAdmin
DEBUG LDAP.XWikiLDAPAuthServiceImpl - XWiki.TrillrUser
DEBUG LDAP.XWikiLDAPAuthServiceImpl - XWiki.XWikiAdminGroup
DEBUG LDAP.XWikiLDAPAuthServiceImpl - XWiki.XWikiAllGroup
DEBUG ldap.XWikiLDAPUtils - Found group
[cn=MSOE,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore]
members :{}
DEBUG ldap.XWikiLDAPUtils - Found group
[cn=Admin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore]
members :{}
DEBUG ldap.XWikiLDAPUtils - Found group
[cn=MedFabAdmin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore]
members :{}
DEBUG ldap.XWikiLDAPUtils - Found group
[cn=MedFabUser,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore]
members :{}
This is my config:
#-# new LDAP authentication service
xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl
#-# Turn LDAP authentication on - otherwise only XWiki authentication
#-# 0: disable
#-# 1: enable
xwiki.authentication.ldap=1
#-# Force to check password after LDAP connection
#-# 0: disable
#-# 1: enable
xwiki.authentication.ldap.validate_password=0
#-# only members of the following group will be verified in the LDAP
# otherwise only users that are found after searching starting from the
base_DN
#xwiki.authentication.ldap.user_group=o=wlgore
#-# base DN for searches
#xwiki.authentication.ldap.base_DN=o=wlgore
#-# Specifies the LDAP attribute containing the identifier to be used as
the XWiki name (default=cn)
xwiki.authentication.ldap.UID_attr=uid
#-# [SINCE 1.5M1, XWikiLDAPAuthServiceImpl]
#-# Specifies the LDAP attribute containing the password to be used
"when
xwiki.authentication.ldap.validate_password"
is set to 1
# xwiki.authentication.ldap.password_field=userPassword
#-# [SINCE 1.5M1, XWikiLDAPAuthServiceImpl]
#-# The potential LDAP groups classes. Separated by commas.
xwiki.authentication.ldap.group_classes=group,groupOfNames,groupOfUniqueNames,dynamicGroup,dynamicGroupAux,groupWiseDistributionList,Top
#xwiki.authentication.ldap.group_classes=groupOfNames,Top,groupOfNames
#-# [SINCE 1.5M1, XWikiLDAPAuthServiceImpl]
#-# The potential names of the LDAP groups fields containings the
members.
Separated by commas.
xwiki.authentication.ldap.group_memberfields=member,equivalentToMe
#-# retrieve the following fields from LDAP and store them in the XWiki
user object (xwiki-attribute=ldap-attribute)
#-# ldap_dn=dn -- dn is set by class, caches dn in XWiki.user object
for
faster access
xwiki.authentication.ldap.fields_mapping=last_name=sn,first_name=givenName,fullname=fullName,email=mail,ldap_dn=dn
#-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl]
#-# on every login update the mapped attributes from LDAP to XWiki
otherwise this happens only once when the XWiki account is created.
xwiki.authentication.ldap.update_user=1
#-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl]
#-# mapps XWiki groups to LDAP groups, separator is "|"
xwiki.authentication.ldap.group_mapping=XWiki.XWikiAdminGroup=cn=Admin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore|\