Hi All, Does anyone use Active Directory for authentication? I can't seem to get it to work on my my new xwiki installation. I installed using Tomcat 6 and MySQL 5 and the xwiki 1.0 war. It works fine with the regular forms authentication, but when I try to enable AD with LDAP, it never works. I also can't seem to get any useful debugging information. I can authentication fine with the AD server using LDAP in Coldfusion. such as like this: <cfldap action="query" name="GetEntries" start="dc=<domain1>, dc=<domain2>, dc=<domain3>" scope="subtree" attributes="dn,sn,cn,sAMAccountName,givenName" sort="sn" server="sulsfp1" filter="sAMAccountName=<username>" username="<domain1>\<username>" password="<password>"> My xwiki.cfg, and xwiki.log are included below. No matter what settings I put in for LDAP, I still get the same error message, about invalid credentials (even if the server name is wrong). I put a log4j.properties (also below) file in WEB-INF/lib, but I don't get any additional debug messages. If anyone has any thoughts, they would be much appreciated. Thanks, Joe Joseph P. McEttrick Web Services Suffolk University Law School jpmcettrick at suffolk dot edu 617.305.6286 ****xwiki.cfg***** xwiki.version=1.0 xwiki.base=../../ xwiki.store.class=com.xpn.xwiki.store.XWikiHibernateStore xwiki.store.hibernate.path=/WEB-INF/hibernate.cfg.xml xwiki.store.hibernate.updateschema=1 xwiki.store.hibernate.custommapping=1 ## Jcr Store configuration #xwiki.store.class=com.xpn.xwiki.store.jcr.XWikiJcrStore #xwiki.store.attachment.class=com.xpn.xwiki.store.jcr.XWikiJcrAttachmentStore #xwiki.store.versioning.class=com.xpn.xwiki.store.jcr.XWikiJcrPropertyVersioningStore #xwiki.store.jcr.mapping=WEB-INF/classes/jcrmapping.xml #xwiki.store.jcr.provider=com.xpn.xwiki.store.jcr.JackRabbitJCRProvider #xwiki.store.jcr.jackrabbit.repository.config=WEB-INF/classes/jackrabbit/repository.xml #xwiki.store.jcr.jackrabbit.repository.path=jackrabbitrepo #xwiki.store.jcr.jackrabbit.nodetypes.config=WEB-INF/classes/jackrabbit/nodetypes.cnd xwiki.store.cache=1 xwiki.store.cache.capacity=100 xwiki.monitor=1 # List of active plugins. xwiki.plugins=com.xpn.xwiki.monitor.api.MonitorPlugin,\ com.xpn.xwiki.plugin.calendar.CalendarPlugin,\ com.xpn.xwiki.plugin.feed.FeedPlugin,\ com.xpn.xwiki.plugin.ldap.LDAPPlugin,\ com.xpn.xwiki.plugin.google.GooglePlugin,\ com.xpn.xwiki.plugin.flickr.FlickrPlugin,\ com.xpn.xwiki.plugin.mail.MailPlugin,\ com.xpn.xwiki.plugin.packaging.PackagePlugin,\ com.xpn.xwiki.plugin.query.QueryPlugin,\ com.xpn.xwiki.plugin.svg.SVGPlugin,\ com.xpn.xwiki.plugin.charts.ChartingPlugin,\ com.xpn.xwiki.plugin.fileupload.FileUploadPlugin,\ com.xpn.xwiki.plugin.image.ImagePlugin,\ com.xpn.xwiki.plugin.captcha.CaptchaPlugin,\ com.xpn.xwiki.plugin.userdirectory.UserDirectoryPlugin,\ com.xpn.xwiki.plugin.usertools.XWikiUserManagementToolsImpl # This parameter allows XWiki to operate in Hosting mode # allowing to create multiple wikis having their own database # and responding to different URLs xwiki.virtual=0 xwiki.virtual.redirect=http://127.0.0.1:9080/xwiki/bin/Main/ThisWikiDoesNotExist # This parameter will activate the exo integration xwiki.exo=0 #xwiki.authentication=form #xwiki.authentication.validationKey=totototototototototototototototo #xwiki.authentication.encryptionKey=titititititititititititititititi #xwiki.authentication.cookiedomains=xwiki.com,wiki.fr # Stats configuration allows to globally activate/deactivate stats module # it is also possible to choose a different stats service to record # statistics separately from XWiki. # Note: Statistics are disabled by default for improved performances. xwiki.stats=0 xwiki.stats.default=1 xwiki.stats.class=com.xpn.xwiki.stats.impl.XWikiStatsServiceImpl xwiki.encoding=ISO-8859-1 xwiki.render.macromapping=1 xwiki.backlinks=1 xwiki.tags=1 # GraphViz plugin configuration. The GraphViz plugin is not configured by default. # To enable it, add "com.xpn.xwiki.plugin.graphviz.GraphVizPlugin" to the list of plugins # in the xwiki.plugins property. # Uncomment and set the locations of the Dot and Neato executables #xwiki.plugin.graphviz.dotpath=c:/Program Files/ATT/GraphViz/bin/dot.exe #xwiki.plugin.graphviz.neatopath=c:/Program Files/ATT/GraphViz/bin/neato.exe xwiki.plugin.laszlo.baseurl=/openlaszlo/xwiki/ xwiki.plugin.laszlo.path=c:/Program Files/Apache Software Foundation/Tomcat 5.0/webapps/openlaszlo/xwiki/ xwiki.plugin.image.cache.capacity=30 xwiki.plugin.captcha=1 ## Personal config # Enable to allow superadmin. It is disabled by default as this could be a security breach if # it were set and you forgot about it. #xwiki.superadminpassword=system #xwiki.authentication.ldap=0 #xwiki.authentication.ldap.server=172.29.116.202 #xwiki.authentication.ldap.check_level=1 #xwiki.authentication.ldap.port=389 #xwiki.authentication.ldap.base_DN=dc=necf,dc=fr #xwiki.authentication.ldap.bind_DN=cn={0},cn=Users,dc=necf,dc=fr #xwiki.authentication.ldap.bind_pass={1} #xwiki.authentication.ldap.UID_attr=sAMAccountName #xwiki.authentication.ldap.fields_mapping=name=sAMAccountName,last_name=sn,first_name=givenName,fullname=displayName,email=mail,ldap_dn=dn xwiki.authentication.ldap=1 xwiki.authentication.ldap.authclass=com.xpn.xwiki.user.impl.LDAP.LDAPAuthServiceImpl xwiki.authentication.ldap.server=<myldapserver> xwiki.authentication.ldap.check_level=1 xwiki.authentication.ldap.port=389 xwiki.authentication.ldap.base_DN=dc=<mydomain1>,dc=<mydomain2>,dc=<mydomain3> xwiki.authentication.ldap.bind_DN=<mydomain1>{0} xwiki.authentication.ldap.bind_pass={1} xwiki.authentication.ldap.UID_attr=sAMAccountName xwiki.authentication.ldap.fields_mapping=name=sAMAccountName,last_name=sn,first_name=givenName,fullname=displayName,mail=mail,ldap_dn=dn xwiki.authentication.unauthorized_code=200 # This parameter will activate the sectional editing xwiki.section.edit=1 # Editor config xwiki.wysiwyg.use_style_toolbar=1 xwiki.defaultskin=albatross xwiki.defaultbaseskin=albatross **** ***xwiki.log**** 10:43:23,500 [http-8888-1] ERROR LDAP.LDAPAuthServiceImpl - LDAP Bind failed with Exception Invalid Credentials ****log4j.properties**** ### Direct log messages to stdout log4j.appender.stdout=org.apache.log4j.ConsoleAppender log4j.appender.stdout.Target=System.out log4j.appender.stdout.layout=org.apache.log4j.PatternLayout log4j.appender.stdout.layout.ConversionPattern=%d{ABSOLUTE} %5p %t %X{url} %c{1}:%M:%L - %m%n log4j.appender.file=org.apache.log4j.RollingFileAppender log4j.appender.file.File=xwiki.log log4j.appender.file.MaxFileSize=10MB log4j.appender.file.MaxBackupIndex=50 log4j.appender.file.layout=org.apache.log4j.PatternLayout log4j.appender.file.layout.ConversionPattern=%d{ABSOLUTE} [%t] %-5p %-30.30c{2} %x - %m %n ### By default everything that is of warning or severity WARN, ERROR or FATAL is logged both to ### the console and to the xwiki.log file. #log4j.rootLogger=warn, stdout, file log4j.rootLogger=debug, stdout, file ### Hibernate logging options log4j.logger.org.hibernate=warn log4j.logger.org.hibernate.SQL=warn log4j.logger.org.hibernate.type=warn log4j.logger.org.hibernate.ps.PreparedStatementCache=warn ### XWiki logging configuration log4j.logger.com.xpn.xwiki=warn log4j.logger.com.xpn.xwiki.render.XWikiRadeoxRenderEngine=warn ### Deactive Radeox warnings #log4j.logger.org.radeox.macro.BaseLocaleMacro=error ### Deactive Struts warnings #log4j.logger.org.apache.struts.util.RequestUtils=error ### Deactivate JGroups warnings #log4j.logger.org.jgroups=error #turn on debug messages for LDAP com.xpn.xwiki.user.impl.LDAP=debug
participants (1)
-
jpmcettrick@suffolk.edu