Active Directory Authentication

22 Jun 2007

      Hi All,

Does anyone sucessfully authenticate with Active Directory using xwiki 1.0?

On my newly installed XWiki, I'm trying to authenticate against active directory. I installed the xwiki 1.0 war on tomcat 6, using mysql 5 as the database.

Using the default forms authentication method works fine, when I try to enable using the AD via the LDAP authentication, it doesn't work; I always get messages in the xwiki.log saying that  "LDAP Bind failed with Exception Invalid Credentials".

I am able to connect to the AD using ldap function in Coldfusion, so it should be possible.

Also, I'm using the following log4j.properties file located in WEB-INF/lib:

****log4j.properties:

### Direct log messages to stdout
log4j.appender.stdout=org.apache.log4j.ConsoleAppender
log4j.appender.stdout.Target=System.out
log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
log4j.appender.stdout.layout.ConversionPattern=%d{ABSOLUTE} %5p %t %X{url} %c{1}:%M:%L - %m%n

log4j.appender.file=org.apache.log4j.RollingFileAppender
log4j.appender.file.File=xwiki.log
log4j.appender.file.MaxFileSize=10MB
log4j.appender.file.MaxBackupIndex=50
log4j.appender.file.layout=org.apache.log4j.PatternLayout
log4j.appender.file.layout.ConversionPattern=%d{ABSOLUTE} [%t] %-5p %-30.30c{2} %x - %m %n

### By default everything that is of warning or severity WARN, ERROR or FATAL is logged both to
### the console and to the xwiki.log file.
#log4j.rootLogger=warn, stdout, file
log4j.rootLogger=debug, stdout, file

### Hibernate logging options
log4j.logger.org.hibernate=warn
log4j.logger.org.hibernate.SQL=warn
log4j.logger.org.hibernate.type=warn
log4j.logger.org.hibernate.ps.PreparedStatementCache=warn

### XWiki logging configuration
log4j.logger.com.xpn.xwiki=warn
log4j.logger.com.xpn.xwiki.render.XWikiRadeoxRenderEngine=warn

### Deactive Radeox warnings
#log4j.logger.org.radeox.macro.BaseLocaleMacro=error

### Deactive Struts warnings
#log4j.logger.org.apache.struts.util.RequestUtils=error

### Deactivate JGroups warnings
#log4j.logger.org.jgroups=error

#turn on debug messages for LDAP
com.xpn.xwiki.user.impl.LDAP=debug

Here are some snippets of the relevant files:

****xwiki.cfg:

xwiki.version=1.0
xwiki.base=../../
xwiki.store.class=com.xpn.xwiki.store.XWikiHibernateStore
xwiki.store.hibernate.path=/WEB-INF/hibernate.cfg.xml
xwiki.store.hibernate.updateschema=1
xwiki.store.hibernate.custommapping=1

## Jcr Store configuration
#xwiki.store.class=com.xpn.xwiki.store.jcr.XWikiJcrStore
#xwiki.store.attachment.class=com.xpn.xwiki.store.jcr.XWikiJcrAttachmentStore
#xwiki.store.versioning.class=com.xpn.xwiki.store.jcr.XWikiJcrPropertyVersioningStore
#xwiki.store.jcr.mapping=WEB-INF/classes/jcrmapping.xml
#xwiki.store.jcr.provider=com.xpn.xwiki.store.jcr.JackRabbitJCRProvider
#xwiki.store.jcr.jackrabbit.repository.config=WEB-INF/classes/jackrabbit/repository.xml
#xwiki.store.jcr.jackrabbit.repository.path=jackrabbitrepo
#xwiki.store.jcr.jackrabbit.nodetypes.config=WEB-INF/classes/jackrabbit/nodetypes.cnd

xwiki.store.cache=1
xwiki.store.cache.capacity=100
xwiki.monitor=1

# List of active plugins.
xwiki.plugins=com.xpn.xwiki.monitor.api.MonitorPlugin,\
              com.xpn.xwiki.plugin.calendar.CalendarPlugin,\
              com.xpn.xwiki.plugin.feed.FeedPlugin,\
              com.xpn.xwiki.plugin.ldap.LDAPPlugin,\
              com.xpn.xwiki.plugin.google.GooglePlugin,\
              com.xpn.xwiki.plugin.flickr.FlickrPlugin,\
              com.xpn.xwiki.plugin.mail.MailPlugin,\
              com.xpn.xwiki.plugin.packaging.PackagePlugin,\
              com.xpn.xwiki.plugin.query.QueryPlugin,\
              com.xpn.xwiki.plugin.svg.SVGPlugin,\
              com.xpn.xwiki.plugin.charts.ChartingPlugin,\
              com.xpn.xwiki.plugin.fileupload.FileUploadPlugin,\
              com.xpn.xwiki.plugin.image.ImagePlugin,\
              com.xpn.xwiki.plugin.captcha.CaptchaPlugin,\
              com.xpn.xwiki.plugin.userdirectory.UserDirectoryPlugin,\
              com.xpn.xwiki.plugin.usertools.XWikiUserManagementToolsImpl

# This parameter allows XWiki to operate in Hosting mode
# allowing to create multiple wikis having their own database
# and responding to different URLs
xwiki.virtual=0
xwiki.virtual.redirect=http://127.0.0.1:9080/xwiki/bin/Main/ThisWikiDoesNotExist

# This parameter will activate the exo integration
xwiki.exo=0

#xwiki.authentication=form
#xwiki.authentication.validationKey=totototototototototototototototo
#xwiki.authentication.encryptionKey=titititititititititititititititi
#xwiki.authentication.cookiedomains=xwiki.com,wiki.fr

# Stats configuration allows to globally activate/deactivate stats module
# it is also possible to choose a different stats service to record
# statistics separately from XWiki.
# Note: Statistics are disabled by default for improved performances.
xwiki.stats=0
xwiki.stats.default=1
xwiki.stats.class=com.xpn.xwiki.stats.impl.XWikiStatsServiceImpl

xwiki.encoding=ISO-8859-1
xwiki.render.macromapping=1
xwiki.backlinks=1
xwiki.tags=1

# GraphViz plugin configuration. The GraphViz plugin is  not configured by default.
# To enable it, add "com.xpn.xwiki.plugin.graphviz.GraphVizPlugin" to the list of plugins
# in the xwiki.plugins property.
# Uncomment and set the locations of the Dot and Neato executables
#xwiki.plugin.graphviz.dotpath=c:/Program Files/ATT/GraphViz/bin/dot.exe
#xwiki.plugin.graphviz.neatopath=c:/Program Files/ATT/GraphViz/bin/neato.exe

xwiki.plugin.laszlo.baseurl=/openlaszlo/xwiki/
xwiki.plugin.laszlo.path=c:/Program Files/Apache Software Foundation/Tomcat 5.0/webapps/openlaszlo/xwiki/

xwiki.plugin.image.cache.capacity=30

xwiki.plugin.captcha=1

## Personal config

# Enable to allow superadmin. It is disabled by default as this could be a security breach if
# it were set and you forgot about it.
#xwiki.superadminpassword=system

#xwiki.authentication.ldap=0
#xwiki.authentication.ldap.server=172.29.116.202
#xwiki.authentication.ldap.check_level=1
#xwiki.authentication.ldap.port=389
#xwiki.authentication.ldap.base_DN=dc=necf,dc=fr
#xwiki.authentication.ldap.bind_DN=cn={0},cn=Users,dc=necf,dc=fr
#xwiki.authentication.ldap.bind_pass={1}
#xwiki.authentication.ldap.UID_attr=sAMAccountName
#xwiki.authentication.ldap.fields_mapping=name=sAMAccountName,last_name=sn,first_name=givenName,fullname=displayName,email=mail,ldap_dn=dn

xwiki.authentication.ldap=1
xwiki.authentication.ldap.authclass=com.xpn.xwiki.user.impl.LDAP.LDAPAuthServiceImpl
xwiki.authentication.ldap.server=adserver
xwiki.authentication.ldap.check_level=1
xwiki.authentication.ldap.port=389
xwiki.authentication.ldap.base_DN=dc=dc1,dc=dc2,dc=dc3
xwiki.authentication.ldap.bind_DN=dc1{0}
xwiki.authentication.ldap.bind_pass={1}
xwiki.authentication.ldap.UID_attr=sAMAccountName
xwiki.authentication.ldap.fields_mapping=name=sAMAccountName,last_name=sn,first_name=givenName,fullname=displayName,mail=mail,ldap_dn=dn

xwiki.authentication.unauthorized_code=200

# This parameter will activate the sectional editing
xwiki.section.edit=1

# Editor config
xwiki.wysiwyg.use_style_toolbar=1

xwiki.defaultskin=albatross
xwiki.defaultbaseskin=albatross

****xwiki.log:

10:41:22,015 [http-8888-2] ERROR LDAP.LDAPAuthServiceImpl        - LDAP Bind failed with Exception Invalid Credentials 
10:43:23,500 [http-8888-1] ERROR LDAP.LDAPAuthServiceImpl        - LDAP Bind failed with Exception Invalid Credentials

etc.

Any thoughts? They would be much appreciated.

Thanks,
Joe

Active Directory Authentication

Joseph P. McEttrick