Yes, I am sure. This is what is configured:
xwiki.authentication.ldap.group_classes=group,groupOfNames,groupOfUniqueNames,dynamicGroup,dynamicGroupAux,groupWiseDistributionList,Top
I also tried this configuration
xwiki.authentication.ldap.group_classes=groupOfNames,Top,groupOfNames
xwiki.authentication.ldap.group_memberfields=member,equivalentToMe
and this again, is the group in LDAP
dn:
cn=Admin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore
DirXML-Associations:
cn=AUTH-IDV,cn=DriverSet,ou=IDM,ou=system,o=wlgore#1#{E21DA9D4-FD4F-944c-40BA-E21DA9D4FD4F}
equivalentToMe: cn=a22094,ou=associates,ou=users,o=wlgore
objectClass: groupOfNames
objectClass: Top
member: cn=a22094,ou=associates,ou=users,o=wlgore
description: XWiki Admin Group
cn: Admin
Not sure if I understand your last mail in regards to you adding some more
logs.
Thanks
Thomas
"Thomas Mortagne" <thomas.mortagne(a)xwiki.com>
Sent by: users-bounces(a)xwiki.org
19.11.2008 10:43
Please respond to
XWiki Users <users(a)xwiki.org>
To
"XWiki Users" <users(a)xwiki.org>
cc
Subject
Re: [xwiki-users] LDAP Groupmembers not updated to XWiki-Groups
In the meantime, are you sure that group_classes and
group_memberfields has the right values for your LDAP schema ?
On Wed, Nov 19, 2008 at 10:42 AM, Thomas Mortagne
<thomas.mortagne(a)xwiki.com> wrote:
On Wed, Nov 19, 2008 at 8:44 AM, Thomas Zwitanowitsch
<tzwitano(a)wlgore.com> wrote:
> Hi Thomas,
>
> Yes, there is an entry on this, but it looks like it doesn't find
> anything.
>
> ldap.XWikiLDAPUtils - Retrieving Members of the group:
> cn=MSOE,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore
> ldap.XWikiLDAPUtils - Found group
>
[cn=MSOE,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore]
> members :{}
> ldap.XWikiLDAPUtils - Retrieving Members of the group:
>
cn=Admin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore
> ldap.XWikiLDAPUtils - Found group
>
[cn=Admin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore]
> members :{}
> ldap.XWikiLDAPUtils - Retrieving Members of the group:
>
cn=MedFabAdmin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore
> ldap.XWikiLDAPUtils - Found group
>
[cn=MedFabAdmin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore]
> members :{}
> ldap.XWikiLDAPUtils - Retrieving Members of the group:
>
cn=MedFabUser,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore
> ldap.XWikiLDAPUtils - Found group
>
[cn=MedFabUser,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore]
> members :{}
>
>
> The Admin-group in LDAP looks like this:
>
> dn:
>
cn=Admin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore
> DirXML-Associations:
>
cn=AUTH-IDV,cn=DriverSet,ou=IDM,ou=system,o=wlgore#1#{E21DA9D4-FD4F-944c-40BA-E21DA9D4FD4F}
> equivalentToMe:
cn=a12345,ou=associates,ou=users,o=wlgore
> objectClass: groupOfNames
> objectClass: Top
> member: cn=a12345,ou=associates,ou=users,o=wlgore
> description: XWiki Admin Group
> cn: Admin
>
> So I see no reason for it not finding the members. In regards to the
group
cache, I
already set it to 60s just to make sure it's being refreshed -
with no effect.
Ok them let me add some more log for your particular case and commit
for you to try to find why it can't find any LDAP group's member..
>
> Thanks!
> Thomas
>
>
>
>
> "Thomas Mortagne" <thomas.mortagne(a)xwiki.com>
> Sent by: users-bounces(a)xwiki.org
> 18.11.2008 18:26
> Please respond to
> XWiki Users <users(a)xwiki.org>
>
>
> To
> "XWiki Users" <users(a)xwiki.org>
> cc
>
> Subject
> Re: [xwiki-users] LDAP Groupmembers not updated to XWiki-Groups
>
>
>
>
>
>
> Hi,
>
> On Tue, Nov 18, 2008 at 5:39 PM, Thomas Zwitanowitsch
> <tzwitano(a)wlgore.com> wrote:
>> Hi,
>>
>> I've updated from 1.5.2 to 1.6.1. After this, I found all groups
beeing
>> empty - so no users were there anymore.
>>
>> As result I started mapping LDAP groups to XWiki groups to let XWiki
>> populate the memberships again - I was planning this anyway.
>>
>> For some reason XWiki is not able to get the groups members and I
cannot
>> understand why. Also it is not putting my user
in the XWiki.AllGroup -
>> still my groups do not have any member.
>>
>
> Can you see "Retrieving Members of the group..." anywhere in the whole
log
> ?
>
> In your log I only see "Found group" which should means the group
> cache already contains the group members.
>
>> This are the logs:
>>
>> DEBUG LDAP.XWikiLDAPAuthServiceImpl - Updating existing user with
LDAP
>> attribues located at
cn=a12345,ou=associates,ou=users,o=wlgore
>> DEBUG ldap.XWikiLDAPConfig - Ready to create user from LDAP
>> with fields
>>
>
last_name=sn,first_name=givenName,fullname=fullName,email=mail,ldap_dn=dn
>> DEBUG ldap.XWikiLDAPConfig -
Groupmapping found:
>> XWiki.XWikiAdminGroup
>>
cn=Admin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore
>> DEBUG ldap.XWikiLDAPConfig -
Groupmapping found:
>> XWiki.MSOEGroup
>>
cn=MSOE,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore
>> DEBUG ldap.XWikiLDAPConfig -
Groupmapping found:
>> XWiki.MedicalFabricsAdmGroup
>>
>
cn=MedFabAdmin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore
>> DEBUG ldap.XWikiLDAPConfig -
Groupmapping found:
>> XWiki.MedicalFabricsGroup
>>
>
cn=MedFabUser,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore
>> DEBUG LDAP.XWikiLDAPAuthServiceImpl -
Updating group membership for
> the
>> user: tzwitano
>> DEBUG LDAP.XWikiLDAPAuthServiceImpl - The user belongs to following
>> XWiki groups:
>> DEBUG LDAP.XWikiLDAPAuthServiceImpl - XWiki.XWikiAllGroup
>> DEBUG LDAP.XWikiLDAPAuthServiceImpl - All defined XWiki groups:
>> DEBUG LDAP.XWikiLDAPAuthServiceImpl - XWiki.MSOEGroup
>> DEBUG LDAP.XWikiLDAPAuthServiceImpl - XWiki.MedicalFabricsAdmGroup
>> DEBUG LDAP.XWikiLDAPAuthServiceImpl - XWiki.MedicalFabricsGroup
>> DEBUG LDAP.XWikiLDAPAuthServiceImpl - XWiki.TrillrAdmin
>> DEBUG LDAP.XWikiLDAPAuthServiceImpl - XWiki.TrillrUser
>> DEBUG LDAP.XWikiLDAPAuthServiceImpl - XWiki.XWikiAdminGroup
>> DEBUG LDAP.XWikiLDAPAuthServiceImpl - XWiki.XWikiAllGroup
>> DEBUG ldap.XWikiLDAPUtils - Found group
>>
>
[cn=MSOE,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore]
>> members :{}
>> DEBUG ldap.XWikiLDAPUtils - Found group
>>
>
[cn=Admin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore]
>> members :{}
>> DEBUG ldap.XWikiLDAPUtils - Found group
>>
>
[cn=MedFabAdmin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore]
>> members :{}
>> DEBUG ldap.XWikiLDAPUtils - Found group
>>
>
[cn=MedFabUser,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore]
>> members :{}
>>
>> This is my config:
>>
>> #-# new LDAP authentication service
>>
>
xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl
>>
>> #-# Turn LDAP authentication on - otherwise only XWiki authentication
>> #-# 0: disable
>> #-# 1: enable
>> xwiki.authentication.ldap=1
>>
>> #-# Force to check password after LDAP connection
>> #-# 0: disable
>> #-# 1: enable
>> xwiki.authentication.ldap.validate_password=0
>>
>> #-# only members of the following group will be verified in the LDAP
>> # otherwise only users that are found after searching starting from
the
>> base_DN
>> #xwiki.authentication.ldap.user_group=o=wlgore
>>
>> #-# base DN for searches
>> #xwiki.authentication.ldap.base_DN=o=wlgore
>>
>> #-# Specifies the LDAP attribute containing the identifier to be used
as
>> the XWiki name (default=cn)
>> xwiki.authentication.ldap.UID_attr=uid
>>
>> #-# [SINCE 1.5M1, XWikiLDAPAuthServiceImpl]
>> #-# Specifies the LDAP attribute containing the password to be used
> "when
>> xwiki.authentication.ldap.validate_password" is set to 1
>> # xwiki.authentication.ldap.password_field=userPassword
>>
>> #-# [SINCE 1.5M1, XWikiLDAPAuthServiceImpl]
>> #-# The potential LDAP groups classes. Separated by commas.
>>
>
xwiki.authentication.ldap.group_classes=group,groupOfNames,groupOfUniqueNames,dynamicGroup,dynamicGroupAux,groupWiseDistributionList,Top
>>
#xwiki.authentication.ldap.group_classes=groupOfNames,Top,groupOfNames
>>
>> #-# [SINCE 1.5M1, XWikiLDAPAuthServiceImpl]
>> #-# The potential names of the LDAP groups fields containings the
> members.
>> Separated by commas.
>> xwiki.authentication.ldap.group_memberfields=member,equivalentToMe
>>
>> #-# retrieve the following fields from LDAP and store them in the
XWiki
>> user object (xwiki-attribute=ldap-attribute)
>> #-# ldap_dn=dn -- dn is set by class, caches dn in XWiki.user object
> for
>> faster access
>>
>
xwiki.authentication.ldap.fields_mapping=last_name=sn,first_name=givenName,fullname=fullName,email=mail,ldap_dn=dn
>>
>> #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl]
>> #-# on every login update the mapped attributes from LDAP to XWiki
>> otherwise this happens only once when the XWiki account is created.
>> xwiki.authentication.ldap.update_user=1
>>
>> #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl]
>> #-# mapps XWiki groups to LDAP groups, separator is "|"
>>
>
xwiki.authentication.ldap.group_mapping=XWiki.XWikiAdminGroup=cn=Admin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore|\
>>
>
XWiki.MSOEGroup=cn=MSOE,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore|\
>>
>
XWiki.MedicalFabricsAdmGroup=cn=MedFabAdmin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore|\
>>
>
XWiki.MedicalFabricsGroup=cn=MedFabUser,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore
>>
>> #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl]
>> #-# time in s after which the list of members in a group is refreshed
> from
>> LDAP (default=3600*6)
>> xwiki.authentication.ldap.groupcache_expiration=60
>>
>> #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl]
>> #-# - create : synchronize group membership only when the user is
first
created
#-# - always: synchronize on every login
xwiki.authentication.ldap.mode_group_sync=always
#-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl]
#-# if ldap authentication fails for any reason, try XWiki DB
authentication with the same credentials
xwiki.authentication.ldap.trylocal=1
Thanks!
Thomas
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
--
Thomas Mortagne
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
--
Thomas Mortagne
--
Thomas Mortagne
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users