[xwiki-users] LDAP auth - compareRequest occurs regardless "xwiki.authentication.ldap.validate_password=0"
Hi, I've set up the xwiki installation and I have couple of problems with LDAP auth. 1. I successfully bind to our corp Sun DS. But regardless the xwiki.authentication.ldap.validate_password is set to 0 the compareRequest is generated in the LDAP communication (did some wire snooping with wireshark). IMHO (after quick look to the Java code) the compareRequest should not appear if validate_password is set to 0. 2. I try to map one of my ldap groups to xwiki group and without any effect. The pages that require specific roles remain unaccessible. Needles to say that both xwiki and ldap groups exist. Greg -- SOLIDEX S.A. Tel: +48 12 638 04 80 Fax: +48 12 638 04 70 http://www.SOLIDEX.com.pl http://www.SOLIDnySerwis.pl Niniejsza wiadomo�� zawiera informacje zastrze�one i stanowi�ce tajemnic� przedsi�biorstwa firm grupy SOLIDEX. Ujawnianie tych informacji osobom trzecim lub nieuprawnione wykorzystanie ich do wlasnych cel�w jest zabronione. Je�eli otrzymali�cie Pa�stwo niniejsz� wiadomo�� omy�kowo, prosimy o niezw�oczne skontaktowanie si� z nadawc� oraz usuni�cie wszelkich kopii niniejszej wiadomo�ci. This message contains proprietary information and trade secrets of SOLIDEX group companies. Unauthorized use or disclosure of this information to any third party is prohibited. If you received this message by mistake, please contact the sender immediately and delete all copies of this message.
Hi Greg, You should check if you have xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl uncommented, otherwise it is using the old LDAP authenticator. The new LDAP will be set as default in the next XEM releases (1.3.1 and 1.4). On Wed, Sep 10, 2008 at 12:37 PM, Grzegorz Cempla <[email protected]> wrote:
Hi,
I've set up the xwiki installation and I have couple of problems with LDAP auth.
1. I successfully bind to our corp Sun DS. But regardless the xwiki.authentication.ldap.validate_password is set to 0 the compareRequest is generated in the LDAP communication (did some wire snooping with wireshark). IMHO (after quick look to the Java code) the compareRequest should not appear if validate_password is set to 0.
2. I try to map one of my ldap groups to xwiki group and without any effect. The pages that require specific roles remain unaccessible.
Needles to say that both xwiki and ldap groups exist.
Greg
-- SOLIDEX S.A. Tel: +48 12 638 04 80 Fax: +48 12 638 04 70 http://www.SOLIDEX.com.pl http://www.SOLIDnySerwis.pl
Niniejsza wiadomo�æ zawiera informacje zastrze¿one i stanowi±ce tajemnicê przedsiêbiorstwa firm grupy SOLIDEX. Ujawnianie tych informacji osobom trzecim lub nieuprawnione wykorzystanie ich do wlasnych celów jest zabronione. Je¿eli otrzymali¶cie Pañstwo niniejsz± wiadomo�æ omy³kowo, prosimy o niezw³oczne skontaktowanie siê z nadawc± oraz usuniêcie wszelkich kopii niniejszej wiadomo¶ci.
This message contains proprietary information and trade secrets of SOLIDEX group companies. Unauthorized use or disclosure of this information to any third party is prohibited. If you received this message by mistake, please contact the sender immediately and delete all copies of this message.
_______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users
-- Thomas Mortagne
You're right. Thanks. Now I don't see compareRequests in LDAP communication and I can see that XWiki tries to resolve group membership. Greg W dniu 10.09.2008 13:03, Thomas Mortagne pisze:
Hi Greg,
You should check if you have xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl uncommented, otherwise it is using the old LDAP authenticator. The new LDAP will be set as default in the next XEM releases (1.3.1 and 1.4).
On Wed, Sep 10, 2008 at 12:37 PM, Grzegorz Cempla <[email protected]> wrote:
Hi,
I've set up the xwiki installation and I have couple of problems with LDAP auth.
1. I successfully bind to our corp Sun DS. But regardless the xwiki.authentication.ldap.validate_password is set to 0 the compareRequest is generated in the LDAP communication (did some wire snooping with wireshark). IMHO (after quick look to the Java code) the compareRequest should not appear if validate_password is set to 0.
2. I try to map one of my ldap groups to xwiki group and without any effect. The pages that require specific roles remain unaccessible.
Needles to say that both xwiki and ldap groups exist.
Greg
-- SOLIDEX S.A. Tel: +48 12 638 04 80 Fax: +48 12 638 04 70 http://www.SOLIDEX.com.pl http://www.SOLIDnySerwis.pl
Niniejsza wiadomo�æ zawiera informacje zastrze¿one i stanowi±ce tajemnicê przedsiêbiorstwa firm grupy SOLIDEX. Ujawnianie tych informacji osobom trzecim lub nieuprawnione wykorzystanie ich do wlasnych celów jest zabronione. Je¿eli otrzymali¶cie Pañstwo niniejsz± wiadomo�æ omy³kowo, prosimy o niezw³oczne skontaktowanie siê z nadawc± oraz usuniêcie wszelkich kopii niniejszej wiadomo¶ci.
This message contains proprietary information and trade secrets of SOLIDEX group companies. Unauthorized use or disclosure of this information to any third party is prohibited. If you received this message by mistake, please contact the sender immediately and delete all copies of this message.
_______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users
-- SOLIDEX S.A. Tel: +48 12 638 04 80 Fax: +48 12 638 04 70 http://www.SOLIDEX.com.pl http://www.SOLIDnySerwis.pl Niniejsza wiadomo�� zawiera informacje zastrze�one i stanowi�ce tajemnic� przedsi�biorstwa firm grupy SOLIDEX. Ujawnianie tych informacji osobom trzecim lub nieuprawnione wykorzystanie ich do wlasnych cel�w jest zabronione. Je�eli otrzymali�cie Pa�stwo niniejsz� wiadomo�� omy�kowo, prosimy o niezw�oczne skontaktowanie si� z nadawc� oraz usuni�cie wszelkich kopii niniejszej wiadomo�ci. This message contains proprietary information and trade secrets of SOLIDEX group companies. Unauthorized use or disclosure of this information to any third party is prohibited. If you received this message by mistake, please contact the sender immediately and delete all copies of this message.
participants (2)
-
Grzegorz Cempla -
Thomas Mortagne