Gunter Leeb wrote:
Hi Ricardo,
Yes, 1-3. is correct. One of the features that I am proposing in
JIRA-1079 is the (configurable) fallback authentication using the XWiki
DB.
Fallback authentication works great. Here a typical sequence registered
in xwiki.log
12:02:24,625 [http-193.144.34.240-80-1] ERROR
thentication.LDAPAuthenticater - Bind to LDAP server failed.
12:02:24,625 [http-193.144.34.240-80-1] DEBUG
thentication.LDAPAuthenticater - Trying authentication against XWiki DB
12:02:24,651 [http-193.144.34.240-80-1] DEBUG
thentication.LDAPAuthenticater - Finding user egarciarodeja
12:02:24,652 [http-193.144.34.240-80-1] DEBUG
thentication.LDAPAuthenticater - Found user egarciarodeja
12:02:24,653 [http-193.144.34.240-80-1] DEBUG
thentication.LDAPAuthenticater - XWiki DB login succeeded
My library was developed based on code of the ldap
authentication
plug-in from XWiki pre-1.0. I have not followed any changes in XWiki's
ldap plug-in since then.
I am afraid I am not devoting time enough to follow XWiki development,
so I am a bit lost. Must I be able to find a LDAP authentication plug-in
in XWiki Code Zone? I guess it is bundled in the XWiki distribution?
I have added SSL binding to the LDAP Server later and
added the code to
the JIRA issue.
I am using the classes included in ldap.zip dated on May the 29th, 2007.
I think the errors I am getting are related with the value of
xwiki.authentication.ldap.ssl.keystore parameter. Does this make any
sense for you?
mire:/home/webmaster/bin # tail -200 xwiki.log | grep SSLException
javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected
error: java.security.InvalidAlgorithmParameterException: the
trustAnchors parameter must be non-empty
Caused by: javax.net.ssl.SSLException: java.lang.RuntimeException:
Unexpected error: java.security.InvalidAlgorithmParameterException: the
trustAnchors parameter must be non-empty
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown
Source)
I read in XWIKI-1079 issue:
# keystore for certificates / root certificates (default is .keystore in
the xwiki-process-users homedirectory)
xwiki.authentication.ldap.ssl.keystore=<path_to_ssl_keystore>
Please what is the xwiki-process-users homedirectory?
The code checked in the JIRA issue is a suggestion for
improvement of
XWiki coming out of the community. It is a plug-in and therefore is
fairly independent from the regular XWiki development and build process.
By referencing xwiki.jar (and novell's ldap jar) you should be able to
compile the sources that I provided.
JIRA issue XWIKI-1079 is related with XWIKI-865 by Philippe Marzouk.
There is a xwiki-ldap-ssl.patch attached there, but no comments or any
further information. I understand this proposal has not been considered
and never added to the main distribution. And that your classes keep
also out of the main distribution and are only available from the JIRA
issue, am I right?
Please, Gunter, when a suggestion from the community does become part of
the official distribution?
Just trying to understand how things are done...
I have also added the class files.
You are corret the last bug fixes I checked in in the mentioned
attachment.
If you haven't done before, before you go thorough compiling the
plug-in try out the classes. See if you can handle the configuration.
Regards,
Gunter
I will try to use your classes, then moved ahead and try to compile the
last version.
Cheers,
Ricardo
--
Ricardo RodrÃguez
Your XEN ICT Team