7 Apr
2017
7 Apr
'17
12:33 p.m.
Hi @all
I have some trouble to connect a new blank XWIKI installation to a MS AD DS Server.
This is my XWIKI installation:
XWIKI Enterprise 9.2
LDAP relecant Extensions:
- LDAP Application 9.2.4
- LDAP Class Libraries for Java (JLDAP) 4.3
- LDAP API 9.2.4
- LDAP Authenticator 9.2.4
The only LDAP related settings in xwiki.cfg are:
xwiki.authentication.authclass=org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl
xwiki.authentication.ldap.trylocal=1
These are the most important AD DS connection settings done in the XWIKI "LDAP
Application" UI interface:
Ldap login matching: CN={0},OU=Benutzer,OU=TTBV,DC=ttbv,DC=local
Ldap password matching: {1}
Restrict to group: CN=xwiki,OU=Gruppen,OU=TTBV,DC=ttbv,DC=local
Ldap base DN: DC=ttbv,DC=local
Ldap UID attribute name: CN
Unfortunately, the bind to the AD DS server doesn't work. In the XWIKI log file with
LDAP logging set to "debug" I get the following exception:
TRACE o.x.c.ldap.XWikiLDAPAuthServiceImpl - Starting LDAP authentication
DEBUG o.x.c.ldap.XWikiLDAPAuthServiceImpl - The provided user is null. We don't try to
authenticate, it probably means the user is in non logged mode.
TRACE o.x.c.ldap.XWikiLDAPAuthServiceImpl - Starting LDAP authentication
DEBUG o.x.contrib.ldap.XWikiLDAPConfig - remoteUserParser: null
DEBUG o.x.contrib.ldap.XWikiLDAPConfig - ldap_group_classes: [groupofnames, posixgroup,
apple-group, groupofuniquenames, dynamicgroup, groupwisedistributionlist, group,
dynamicgroupaux]
DEBUG o.x.contrib.ldap.XWikiLDAPConfig - ldap_group_memberfields: [uniquemember,
memberuid, member]
DEBUG o.x.c.ldap.XWikiLDAPConnection - Connection to LDAP server [xxx.xx.xxx.x:xxx]
DEBUG o.x.c.ldap.XWikiLDAPConnection - Binding to LDAP server with credentials
login=[CN=Thomas Froehlich,OU=Benutzer,OU=TTBV,DC=ttbv,DC=local]
DEBUG o.x.c.ldap.XWikiLDAPAuthServiceImpl - Local LDAP authentication failed.
org.xwiki.contrib.ldap.XWikiLDAPException: Error number 0 in 5: LDAP bind failed with
LDAPException.
at org.xwiki.contrib.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:227)
at org.xwiki.contrib.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:155)
at
org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl.ldapAuthenticateInContext(XWikiLDAPAuthServiceImpl.java:518)
at
org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWikiLDAPAuthServiceImpl.java:334)
at
org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl.authenticate(XWikiLDAPAuthServiceImpl.java:268)
at
com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.authenticate(MyFormAuthenticator.java:272)
at
com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:192)
at
com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:174)
at
com.xpn.xwiki.user.impl.xwiki.XWikiAuthServiceImpl.checkAuth(XWikiAuthServiceImpl.java:239)
at
org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl.checkAuth(XWikiLDAPAuthServiceImpl.java:163)
at com.xpn.xwiki.XWiki.checkAuth(XWiki.java:3788)
The same exception occurs if I use the following subdomain setting (found on the
Internet):
Ldap login matching: ttbv\\{0}
I tested the connection settings from above using another LDAP client like "SOFTERRA
LDAP Browser 4.5" and the settings worked fine: Using this LDAP browser with login
credentials "CN=Thomas Froehlich,OU=Benutzer,OU=TTBV,DC=ttbv,DC=local" (plus
pwd) I was able to connect to the AD DS server and I was able to browse to the group
"CN=xwiki,OU=Gruppen,OU=TTBV,DC=ttbv,DC=local" (so there are no restrictions for
this user to browse the directory from base DN down to any group).
I have no more ideas what else to do or what else to test. Any kind of help is welcome.
With kind regards
Thomas