11 Aug
2005
11 Aug
'05
2:58 p.m.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Try as I might, with 0.8.40 and the current Subversion HEAD, I cannot
get LDAP authentication to work. Here is the environment:
* Gentoo Linux 2.6.12, Tomcat/5.0.27, Blackdown-1.4.2-02
(I think this is all pretty mainstream)
* No error messages are displayed to the user although, as the
CATALINA.LOG records show, the user successfully authenticated
* XWIKI.LOG has FormBeanConfig errors, but this seems to be a know
problem (judging from the ticket in the tracking system)
If I set "log4j.logger.com.xpn.xwiki=info" in classes/log4j.properties,
I get this line, but nothing else helpful:
INFO http-8080-Processor23
http://green.ohiolink.edu:8080/xwiki/bin/login/XWiki/XWikiLogin
MyFormAuthenticator:processLogin:142 - User peter(a)OhioLINK.edu login
has failed
I've been banging my head against this for two days and am about to give
up in favor of a less attractive, yet likely at least functional,
solution with a different wiki system. Advice would be greatly
appreciated...
XWIKI.CONF
xwiki.authentication.cookiedomains=ohiolink.edu
xwiki.authentication.useip=false
xwiki.authentication.ldap=1
xwiki.authentication.ldap.server=ldap.ohiolink.edu
xwiki.authentication.ldap.port=389
xwiki.authentication.ldap.base_DN=ou=People,dc=ohiolink,dc=edu
xwiki.authentication.ldap.UID_addr=mail # Login is e-mail address
xwiki.authentication.ldap.fields_mapping=name=mail,last_name=sn,first_name=givenName,fullname=displayName,mail=mail,ldap_dn=dn
xwiki.authentication.ldap.check_level=0 # Also tried "1"
XWIKI.LOG
WARN http-8080-Processor25
http://green.ohiolink.edu:8080/xwiki/bin/view/Main/WebHome
XWikiStatsServiceImpl:addCookie:474 - Setting cookie
12SKZHIOAL5BZEUWE7AVRXP7BJAT2IKN for name visitid with domain
ohiolink.edu and path / and maxage 942002
WARN http-8080-Processor24 RequestUtils:createActionForm:177 - No
FormBeanConfig found under 'login'
WARN http-8080-Processor24
http://green.ohiolink.edu:8080/xwiki/bin/login/XWiki/XWikiLogin?xredirect=h…
RequestUtils:createActionForm:177 - No FormBeanConfig found under
'loginerror'
WARN http-8080-Processor24 RequestUtils:createActionForm:177 - No
FormBeanConfig found under 'login'
WARN http-8080-Processor24
http://green.ohiolink.edu:8080/xwiki/bin/login/XWiki/XWikiLogin?xredirect=h…
RequestUtils:createActionForm:177 - No FormBeanConfig found under
'loginerror'
CATALINA.LOG:
JNDIRealm[Catalina]: Searching for peter(a)OhioLINK.edu
JNDIRealm[Catalina]: base: ou=People,dc=ohiolink,dc=edu filter:
(mail=peter(a)OhioLINK.edu)
JNDIRealm[Catalina]: entry found for peter(a)OhioLINK.edu with dn
uid=peter,ou=People,dc=ohiolink,dc=edu
JNDIRealm[Catalina]: retrieving values for attribute memberOf
JNDIRealm[Catalina]: validating credentials by binding as the user
JNDIRealm[Catalina]: binding as uid=peter,ou=People,dc=ohiolink,dc=edu
JNDIRealm[Catalina]: Username peter(a)OhioLINK.edu successfully authenticated
JNDIRealm[Catalina]: getRoles(uid=peter,ou=People,dc=ohiolink,dc=edu)
JNDIRealm[Catalina]: Searching role base
'ou=Groups,dc=ohiolink,dc=edu' for attribute 'cn'
JNDIRealm[Catalina]: With filter expression
'(uniqueMember=uid=peter,ou=People,dc=ohiolink,dc=edu)'
JNDIRealm[Catalina]: retrieving values for attribute cn
JNDIRealm[Catalina]: retrieving values for attribute cn
JNDIRealm[Catalina]: Returning 2 roles
JNDIRealm[Catalina]: Found role developers
JNDIRealm[Catalina]: Found role drcadmin
- --
Peter Murray http://www.pandc.org/peter/work/
Assistant Director, Multimedia Systems tel:+1-614-728-3600;ext=338
OhioLINK: the Ohio Library and Information Network Columbus, Ohio
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (Darwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFC+0t14+t4qSfPIHIRAtBvAJ9nFj0jpbPfPShwsm1RbEJPJc5mEwCeJnUG
9G65anfEx7ubb9YsG2MYPFU=
=qKVk
-----END PGP SIGNATURE-----
11 Aug
11 Aug
3:10 p.m.
New subject: [xwiki-users] LDAP authentication not working
Hi Peter,
There is something that seems weird to me.. In the catalina.log, this
does not seem very xwiki:
"JNDIRealm[Catalina]"
Wouldn't it be possible that you have something else configured with
LDAP on your tomcat..
What type of user auth do you see ? Do you see a Form based interface of
xwiki or a basic auth ?
Ludovic
Peter Murray wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Try as I might, with 0.8.40 and the current Subversion HEAD, I cannot
get LDAP authentication to work. Here is the environment:
* Gentoo Linux 2.6.12, Tomcat/5.0.27, Blackdown-1.4.2-02
(I think this is all pretty mainstream)
* No error messages are displayed to the user although, as the
CATALINA.LOG records show, the user successfully authenticated
* XWIKI.LOG has FormBeanConfig errors, but this seems to be a know
problem (judging from the ticket in the tracking system)
If I set "log4j.logger.com.xpn.xwiki=info" in classes/log4j.properties,
I get this line, but nothing else helpful:
INFO http-8080-Processor23
http://green.ohiolink.edu:8080/xwiki/bin/login/XWiki/XWikiLogin
MyFormAuthenticator:processLogin:142 - User peter(a)OhioLINK.edu login
has failed
I've been banging my head against this for two days and am about to give
up in favor of a less attractive, yet likely at least functional,
solution with a different wiki system. Advice would be greatly
appreciated...
XWIKI.CONF
xwiki.authentication.cookiedomains=ohiolink.edu
xwiki.authentication.useip=false
xwiki.authentication.ldap=1
xwiki.authentication.ldap.server=ldap.ohiolink.edu
xwiki.authentication.ldap.port=389
xwiki.authentication.ldap.base_DN=ou=People,dc=ohiolink,dc=edu
xwiki.authentication.ldap.UID_addr=mail # Login is e-mail address
xwiki.authentication.ldap.fields_mapping=name=mail,last_name=sn,first_name=givenName,fullname=displayName,mail=mail,ldap_dn=dn
xwiki.authentication.ldap.check_level=0 # Also tried "1"
XWIKI.LOG
WARN http-8080-Processor25
http://green.ohiolink.edu:8080/xwiki/bin/view/Main/WebHome
XWikiStatsServiceImpl:addCookie:474 - Setting cookie
12SKZHIOAL5BZEUWE7AVRXP7BJAT2IKN for name visitid with domain
ohiolink.edu and path / and maxage 942002
WARN http-8080-Processor24 RequestUtils:createActionForm:177 - No
FormBeanConfig found under 'login'
WARN http-8080-Processor24
http://green.ohiolink.edu:8080/xwiki/bin/login/XWiki/XWikiLogin?xredirect=h…
RequestUtils:createActionForm:177 - No FormBeanConfig found under
'loginerror'
WARN http-8080-Processor24 RequestUtils:createActionForm:177 - No
FormBeanConfig found under 'login'
WARN http-8080-Processor24
http://green.ohiolink.edu:8080/xwiki/bin/login/XWiki/XWikiLogin?xredirect=h…
RequestUtils:createActionForm:177 - No FormBeanConfig found under
'loginerror'
CATALINA.LOG:
JNDIRealm[Catalina]: Searching for peter(a)OhioLINK.edu
JNDIRealm[Catalina]: base: ou=People,dc=ohiolink,dc=edu filter:
(mail=peter(a)OhioLINK.edu)
JNDIRealm[Catalina]: entry found for peter(a)OhioLINK.edu with dn
uid=peter,ou=People,dc=ohiolink,dc=edu
JNDIRealm[Catalina]: retrieving values for attribute memberOf
JNDIRealm[Catalina]: validating credentials by binding as the user
JNDIRealm[Catalina]: binding as uid=peter,ou=People,dc=ohiolink,dc=edu
JNDIRealm[Catalina]: Username peter(a)OhioLINK.edu successfully authenticated
JNDIRealm[Catalina]: getRoles(uid=peter,ou=People,dc=ohiolink,dc=edu)
JNDIRealm[Catalina]: Searching role base
'ou=Groups,dc=ohiolink,dc=edu' for attribute 'cn'
JNDIRealm[Catalina]: With filter expression
'(uniqueMember=uid=peter,ou=People,dc=ohiolink,dc=edu)'
JNDIRealm[Catalina]: retrieving values for attribute cn
JNDIRealm[Catalina]: retrieving values for attribute cn
JNDIRealm[Catalina]: Returning 2 roles
JNDIRealm[Catalina]: Found role developers
JNDIRealm[Catalina]: Found role drcadmin
- --
Peter Murray http://www.pandc.org/peter/work/
Assistant Director, Multimedia Systems tel:+1-614-728-3600;ext=338
OhioLINK: the Ohio Library and Information Network Columbus, Ohio
--
Ludovic Dubost
XPertNet: http://www.xpertnet.fr/
Blog: http://www.ludovic.org/blog/
XWiki: http://www.xwiki.com
Skype: ldubost AIM: nvludo Yahoo: ludovic
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (Darwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFC+0t14+t4qSfPIHIRAtBvAJ9nFj0jpbPfPShwsm1RbEJPJc5mEwCeJnUG
9G65anfEx7ubb9YsG2MYPFU=
=qKVk
-----END PGP SIGNATURE-----
------------------------------------------------------------------------
--
You receive this message as a subscriber of the xwiki-users(a)objectweb.org mailing list.
To unsubscribe: mailto:xwiki-users-unsubscribe@objectweb.org
For general help: mailto:sympa@objectweb.org?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws
6:20 p.m.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 8/11/05 9:10 AM, Ludovic Dubost wrote:
There is something that seems weird to me.. In the
catalina.log, this
does not seem very xwiki:
"JNDIRealm[Catalina]"
Wouldn't it be possible that you have something else configured with
LDAP on your tomcat..
I do indeed -- we use LDAP as a source for single-signon, so other
applications on the same server use a JNDI realm for user authentication.
What type of user auth do you see ? Do you see a Form
based interface
of xwiki or a basic auth ?
I see a the form-based interface, not basic auth. At the point I'm
trying to log into XWiki, I have not signed into other applications on
the same server using basic auth (so there are no basic auth credentials
stored in the browser).
Peter
- --
Peter Murray http://www.pandc.org/peter/work/
Assistant Director, Multimedia Systems tel:+1-614-728-3600;ext=338
OhioLINK: the Ohio Library and Information Network Columbus, Ohio
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (Darwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFC+3rp4+t4qSfPIHIRApUOAJ48IOxwnsv/42pKqydbQVbZG/6RfgCcCeRV
fFbw5OLR32KgZlLCaUXgwcs=
=z9QY
-----END PGP SIGNATURE-----
6:35 p.m.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
...I did not thank you for your initial reply looking at this issue,
Ludovic. My fault. Thank you.
And, for what it's worth, I disabled the LDAP UserDatabase realm in
Tomcat's server.xml file, stopped and restarted tomcat, and the same
problem still occurs. (Same exact symptoms.)
Peter
- --
Peter Murray http://www.pandc.org/peter/work/
Assistant Director, Multimedia Systems tel:+1-614-728-3600;ext=338
OhioLINK: the Ohio Library and Information Network Columbus, Ohio
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (Darwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFC+35K4+t4qSfPIHIRAukHAJ43fBkz8soB2eOapR8ax5GQ7b6OwQCgvawv
ykMHIOJe415EdPEza2psvEg=
=dLCs
-----END PGP SIGNATURE-----
12 Aug
12 Aug
9:05 a.m.
New subject: [xwiki-users] Re: LDAP authentication not working
You should switch to "debug" in the log4j.properties to see if at least
it goes through the LDAP code..
Although some more debug code would be needed in the LDAP module to
actually know exactly what is happening..
Now I see that you have no bind_DN and bind_pass.. I suspect this is
necessary.. We would have to ask alex though who has written the LDAP
module..
Alex is there any anonymous binding ?
Ludovic
Peter Murray wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
...I did not thank you for your initial reply looking at this issue,
Ludovic. My fault. Thank you.
And, for what it's worth, I disabled the LDAP UserDatabase realm in
Tomcat's server.xml file, stopped and restarted tomcat, and the same
problem still occurs. (Same exact symptoms.)
Peter
- --
Peter Murray http://www.pandc.org/peter/work/
Assistant Director, Multimedia Systems tel:+1-614-728-3600;ext=338
OhioLINK: the Ohio Library and Information Network Columbus, Ohio
--
Ludovic Dubost
XPertNet: http://www.xpertnet.fr/
Blog: http://www.ludovic.org/blog/
XWiki: http://www.xwiki.com
Skype: ldubost AIM: nvludo Yahoo: ludovic
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (Darwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFC+35K4+t4qSfPIHIRAukHAJ43fBkz8soB2eOapR8ax5GQ7b6OwQCgvawv
ykMHIOJe415EdPEza2psvEg=
=dLCs
-----END PGP SIGNATURE-----
------------------------------------------------------------------------
--
You receive this message as a subscriber of the xwiki-users(a)objectweb.org mailing list.
To unsubscribe: mailto:xwiki-users-unsubscribe@objectweb.org
For general help: mailto:sympa@objectweb.org?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws
1:46 p.m.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Thanks for the suggestions, but I think I still have the same problem.
I tried using non-anonymous binding (using the Active Directory
instructions as guidelines) and turning on debugging. My xwiki.xml file
now has:
xwiki.authentication.ldap.bind_DN=mail={0},ou=People,dc=ohiolink,dc=edu
xwiki.authentication.ldap.bind_pass={1}
and with debugging turned on (and removing the time and URL information
to shorten the log entries) I get:
DEBUG XWikiHibernateStore:beginTransaction:376 - Trying to open
transaction
DEBUG XWikiHibernateStore:beginTransaction:378 - Opened transaction
org.hibernate.transaction.JDBCTransaction@595420
DEBUG XWikiHibernateStore:endTransaction:407 - Releasing hibernate
transaction org.hibernate.transaction.JDBCTransaction@595420
DEBUG XWikiHibernateStore:closeSession:424 - Releasing hibernate
session
org.hibernate.impl.SessionImpl(PersistentContext[entitiesByKey={}]
ActionQueue[insertions=[] updates=[] deletions=[] collectionCreations=[]
collectionRemovals=[] collectionUpdates=[]])
INFO DBCPConnectionProvider:logStatistics:271 - active: 0 (max: 50)
idle: 1(max: 5)
INFO MyFormAuthenticator:processLogin:142 - User peter(a)OhioLINK.edu
login has failed
WARN RequestUtils:createActionForm:177 - No FormBeanConfig found
under 'loginerror'
Peter
On 8/12/05 3:05 AM, Ludovic Dubost wrote:
You should switch to "debug" in the
log4j.properties to see if at
least it goes through the LDAP code.. Although some more debug code
would be needed in the LDAP module to actually know exactly what is
happening..
Now I see that you have no bind_DN and bind_pass.. I suspect this is
necessary.. We would have to ask alex though who has written the
LDAP module.. Alex is there any anonymous binding ?
- --
Peter Murray http://www.pandc.org/peter/work/
Assistant Director, Multimedia Systems tel:+1-614-728-3600;ext=338
OhioLINK: the Ohio Library and Information Network Columbus, Ohio
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (Darwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFC/IwX4+t4qSfPIHIRAi7aAJsFm2DJzrr1eFHq6dVHBgv9JjoyfgCfQkzI
T7hIv1SDp891T39Kc3M30N4=
=VFX/
-----END PGP SIGNATURE-----
3:16 p.m.
New subject: [xwiki-users] Re: LDAP authentication not working
There should be a message from the LDAP module..
I've added some debug info in the class.. Try this instead of the LDAP
Auth class
Ludovic
Peter Murray wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Thanks for the suggestions, but I think I still have the same problem.
I tried using non-anonymous binding (using the Active Directory
instructions as guidelines) and turning on debugging. My xwiki.xml file
now has:
xwiki.authentication.ldap.bind_DN=mail={0},ou=People,dc=ohiolink,dc=edu
xwiki.authentication.ldap.bind_pass={1}
and with debugging turned on (and removing the time and URL information
to shorten the log entries) I get:
DEBUG XWikiHibernateStore:beginTransaction:376 - Trying to open
transaction
DEBUG XWikiHibernateStore:beginTransaction:378 - Opened transaction
org.hibernate.transaction.JDBCTransaction@595420
DEBUG XWikiHibernateStore:endTransaction:407 - Releasing hibernate
transaction org.hibernate.transaction.JDBCTransaction@595420
DEBUG XWikiHibernateStore:closeSession:424 - Releasing hibernate
session
org.hibernate.impl.SessionImpl(PersistentContext[entitiesByKey={}]
ActionQueue[insertions=[] updates=[] deletions=[] collectionCreations=[]
collectionRemovals=[] collectionUpdates=[]])
INFO DBCPConnectionProvider:logStatistics:271 - active: 0 (max: 50)
idle: 1(max: 5)
INFO MyFormAuthenticator:processLogin:142 - User peter(a)OhioLINK.edu
login has failed
WARN RequestUtils:createActionForm:177 - No FormBeanConfig found
under 'loginerror'
Peter
On 8/12/05 3:05 AM, Ludovic Dubost wrote:
--
Ludovic Dubost
XPertNet: http://www.xpertnet.fr/
Blog: http://www.ludovic.org/blog/
XWiki: http://www.xwiki.com
Skype: ldubost AIM: nvludo Yahoo: ludovic
You should switch to "debug" in the
log4j.properties to see if at
least it goes through the LDAP code.. Although some more debug code
would be needed in the LDAP module to actually know exactly what is
happening..
Now I see that you have no bind_DN and bind_pass.. I suspect this is
necessary.. We would have to ask alex though who has written the
LDAP module.. Alex is there any anonymous binding ?
- --
Peter Murray http://www.pandc.org/peter/work/
Assistant Director, Multimedia Systems tel:+1-614-728-3600;ext=338
OhioLINK: the Ohio Library and Information Network Columbus, Ohio
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (Darwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFC/IwX4+t4qSfPIHIRAi7aAJsFm2DJzrr1eFHq6dVHBgv9JjoyfgCfQkzI
T7hIv1SDp891T39Kc3M30N4=
=VFX/
-----END PGP SIGNATURE-----
------------------------------------------------------------------------
--
You receive this message as a subscriber of the xwiki-users(a)objectweb.org mailing list.
To unsubscribe: mailto:xwiki-users-unsubscribe@objectweb.org
For general help: mailto:sympa@objectweb.org?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws
8:39 p.m.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 8/12/05 9:16 AM, Ludovic Dubost wrote:
There should be a message from the LDAP module..
I've added some
debug info in the class.. Try this instead of the LDAP Auth class
The plot thickens. I can see your debug messages, and it lead me to
look at the code. Remember that I am using e-mail address as the
userid (bind_DN is "mail={0},ou=People,dc=OhioLINK,dc=edu"). Near the
top of the authenticate() method in LDAPAuthServiceImpl.java is this
chunk of code:
if (context!=null) {
String susername = username;
int i = username.indexOf(".");
if (i!=-1)
susername = username.substring(i+1);
String DN = getLDAP_DN(susername, context);
Initially I think why I was failing is the part that is taking just the
left segment of the string up the first period. My e-mail address, of
course, has a period, so it was in effect getting truncated before being
passed to getLDAP_DN.
So I switched to using just a uid (no periods) and I get a little
farther in xwiki.log:
DEBUG LDAPAuthServiceImpl:checkUserPassword:230 - LDAP Password check
for user peter
DEBUG LDAPAuthServiceImpl:checkUserPassword:253 - LDAP Connect
successfull to host ldap.ohiolink.edu and port 389
DEBUG LDAPAuthServiceImpl:Bind:441 - LDAP Bind starting
DEBUG LDAPAuthServiceImpl:Bind:451 - LDAP Bind successfull
INFO MyFormAuthenticator:processLogin:142 - User peter login has failed
(references to Hibernate and DBCPConnectionProvider have been removed).
I'm looking at this again after a few hours, and I still can't figure
out why I'm falling through to line 142 of MyFormAuthenticator. FWIW, I
am hoping to make use of the dynamic account creation feature out of
LDAP information, so there isn't (yet) a "peter" login in the XWiki user
database. Could that be where the next problem is?
Peter
- --
Peter Murray http://www.pandc.org/peter/work/
Assistant Director, Multimedia Systems tel:+1-614-728-3600;ext=338
OhioLINK: the Ohio Library and Information Network Columbus, Ohio
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (Darwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFC/OzD4+t4qSfPIHIRAh/fAJ0Wz66vN2cCMo4G70Dx+J3y0oRBfACgr3cV
gyHDpzrTjzA4XCbgLaCeO0Y=
=nMKe
-----END PGP SIGNATURE-----
9:05 p.m.
New subject: [xwiki-users] Re: LDAP authentication not working
Hi Peter,
Right.. I had the feeling an email address would not work..
The fact that there is no page yet in the wiki should not be a problem
at this point..
I don't get why you get no message between these two:
DEBUG LDAPAuthServiceImpl:Bind:451 - LDAP Bind successfull
INFO MyFormAuthenticator:processLogin:142 - User peter login has failed
There should be at least one.. when I look at the code I put to give
some debut messages
What is your LDAP server by the way ?
Ludovic
Peter Murray wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 8/12/05 9:16 AM, Ludovic Dubost wrote:
--
Ludovic Dubost
XPertNet: http://www.xpertnet.fr/
Blog: http://www.ludovic.org/blog/
XWiki: http://www.xwiki.com
Skype: ldubost AIM: nvludo Yahoo: ludovic
There should be a message from the LDAP module..
I've added some
debug info in the class.. Try this instead of the LDAP Auth class
The plot thickens. I can see your debug messages, and it lead me to
look at the code. Remember that I am using e-mail address as the
userid (bind_DN is "mail={0},ou=People,dc=OhioLINK,dc=edu"). Near the
top of the authenticate() method in LDAPAuthServiceImpl.java is this
chunk of code:
if (context!=null) {
String susername = username;
int i = username.indexOf(".");
if (i!=-1)
susername = username.substring(i+1);
String DN = getLDAP_DN(susername, context);
Initially I think why I was failing is the part that is taking just the
left segment of the string up the first period. My e-mail address, of
course, has a period, so it was in effect getting truncated before being
passed to getLDAP_DN.
So I switched to using just a uid (no periods) and I get a little
farther in xwiki.log:
DEBUG LDAPAuthServiceImpl:checkUserPassword:230 - LDAP Password check
for user peter
DEBUG LDAPAuthServiceImpl:checkUserPassword:253 - LDAP Connect
successfull to host ldap.ohiolink.edu and port 389
DEBUG LDAPAuthServiceImpl:Bind:441 - LDAP Bind starting
DEBUG LDAPAuthServiceImpl:Bind:451 - LDAP Bind successfull
INFO MyFormAuthenticator:processLogin:142 - User peter login has failed
(references to Hibernate and DBCPConnectionProvider have been removed).
I'm looking at this again after a few hours, and I still can't figure
out why I'm falling through to line 142 of MyFormAuthenticator. FWIW, I
am hoping to make use of the dynamic account creation feature out of
LDAP information, so there isn't (yet) a "peter" login in the XWiki user
database. Could that be where the next problem is?
Peter
- --
Peter Murray http://www.pandc.org/peter/work/
Assistant Director, Multimedia Systems tel:+1-614-728-3600;ext=338
OhioLINK: the Ohio Library and Information Network Columbus, Ohio
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (Darwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFC/OzD4+t4qSfPIHIRAh/fAJ0Wz66vN2cCMo4G70Dx+J3y0oRBfACgr3cV
gyHDpzrTjzA4XCbgLaCeO0Y=
=nMKe
-----END PGP SIGNATURE-----
------------------------------------------------------------------------
--
You receive this message as a subscriber of the xwiki-users(a)objectweb.org mailing list.
To unsubscribe: mailto:xwiki-users-unsubscribe@objectweb.org
For general help: mailto:sympa@objectweb.org?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws
13 Aug
13 Aug
7:34 p.m.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 8/12/05 3:05 PM, Ludovic Dubost wrote:
Right.. I had the feeling an email address would not
work.. The fact
that there is no page yet in the wiki should not be a problem at this
point..
Okay -- we'll need to work around that at some point because most of my
folks log in with an e-mail address (just a few of us have non-email
UIDs in the LDAP directory). First, though, I'd like to fix this
challenge, then worry about that.
I don't get why you get no message between these
two:
DEBUG LDAPAuthServiceImpl:Bind:451 - LDAP Bind successfull INFO
MyFormAuthenticator:processLogin:142 - User peter login has failed
'tis true, 'tis true. For me it ranks right up there with trying to
figure out how I got to line 142 of MyFormAuthenticator.
There should be at least one.. when I look at the code
I put to give
some debut messages
What is your LDAP server by the way ?
OpenLDAP (latest version -- just installed it).
Peter
- --
Peter Murray http://www.pandc.org/peter/work/
Assistant Director, Multimedia Systems tel:+1-614-728-3600;ext=338
OhioLINK: the Ohio Library and Information Network Columbus, Ohio
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (Darwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFC/i8r4+t4qSfPIHIRAlZ5AJ4jJUlPNWIiWrJWQhmdb20tlJ+zBwCgxJ13
wp1UQgLQPAXQQkX0KTUVgz8=
=02y/
-----END PGP SIGNATURE-----
15 Aug
15 Aug
12:52 p.m.
New subject: [xwiki-users] Re: LDAP authentication not working
I've added some more debug code to the LDAP auth class.. Can you send me
a full log file to check it out..
If this does not give more info I suggest debugging..
Ludovic
Peter Murray wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 8/12/05 3:05 PM, Ludovic Dubost wrote:
--
Ludovic Dubost
XPertNet: http://www.xpertnet.fr/
Blog: http://www.ludovic.org/blog/
XWiki: http://www.xwiki.com
Skype: ldubost AIM: nvludo Yahoo: ludovic
package com.xpn.xwiki.user.impl.LDAP;
import com.xpn.xwiki.user.impl.xwiki.*;
import com.xpn.xwiki.XWikiContext;
import com.xpn.xwiki.XWikiException;
import com.xpn.xwiki.objects.classes.BaseClass;
import com.xpn.xwiki.objects.BaseObject;
import com.xpn.xwiki.doc.XWikiDocument;
import com.novell.ldap.*;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.commons.lang.StringUtils;
import org.securityfilter.realm.SimplePrincipal;
import java.security.Principal;
import java.io.UnsupportedEncodingException;
import java.util.*;
import java.text.MessageFormat;
/**
* Created by IntelliJ IDEA.
* User: Alex
* Date: 18 avr. 2005
* Time: 16:18:50
* To change this template use File | Settings | File Templates.
*/
public class LDAPAuthServiceImpl extends XWikiAuthServiceImpl {
private static final Log log = LogFactory.getLog(LDAPAuthServiceImpl.class);
public Principal authenticate(String username, String password, XWikiContext context)
throws XWikiException {
Principal principal = null;
if ((username==null)||(username.trim().equals("")))
return null;
if ((password==null)||(password.trim().equals("")))
return null;
String superadmin = "superadmin";
if (username.equals(superadmin)) {
String superadminpassword =
context.getWiki().Param("xwiki.superadminpassword");
if ((superadminpassword!=null)&&(superadminpassword.equals(password)))
{
principal = new SimplePrincipal("XWiki.superadmin");
return principal;
} else {
return null;
}
}
// If we have the context then we are using direct mode
// then we should specify the database
// This is needed for virtual mode to work
if (context!=null) {
String susername = username;
int i = username.indexOf(".");
if (i!=-1)
susername = username.substring(i+1);
String DN = getLDAP_DN(susername, context);
if (DN != null && DN.length()!=0)
{
if (checkDNPassword(DN, susername, password, context))
{
principal = GetUserPrincipal(susername, context);
}
}
else
{
HashMap attributes = new HashMap();
if (checkUserPassword(susername, password, attributes, context))
{
principal = GetUserPrincipal(susername, context);
if (principal == null && attributes.size() > 0)
{
CreateUserFromLDAP(susername, attributes, context);
principal = GetUserPrincipal(susername, context);
}
}
}
}
return principal;
}
private void CreateUserFromLDAP(String susername, HashMap attributes, XWikiContext
context) throws XWikiException {
String ldapFieldMapping = getParam("ldap_fields_mapping",context);
if (ldapFieldMapping != null && ldapFieldMapping.length() > 0)
{
String[] fields = ldapFieldMapping.split(",");
BaseClass bclass = context.getWiki().getUserClass(context);
BaseObject bobj = new BaseObject();
bobj.setClassName(bclass.getName());
String name = null;
String fullwikiname = null;
for(int i = 0; i < fields.length; i++ )
{
String[] field = fields[i].split("=");
if (2 == field.length)
{
String fieldName = field[0];
if (attributes.containsKey(field[1]))
{
String fieldValue;
fieldValue = (String)attributes.get(field[1]);
if (fieldName.equals("name"))
{
name = fieldValue;
fullwikiname = "XWiki." + name;
bobj.setName(fullwikiname);
}
else
{
bobj.setStringValue(fieldName, fieldValue);
}
}
}
}
if (name != null && name.length() > 0)
{
XWikiDocument doc = context.getWiki().getDocument(fullwikiname, context);
doc.setParent("");
doc.addObject(bclass.getName(), bobj);
doc.setContent("#includeForm(\"XWiki.XWikiUserTemplate\")");
context.getWiki().ProtectUserPage(context, fullwikiname, "edit",
doc);
context.getWiki().saveDocument(doc, null, context);
context.getWiki().SetUserDefaultGroup(context, fullwikiname);
}
}
}
protected Principal GetUserPrincipal(String susername, XWikiContext context) {
Principal principal = null;
// First we check in the local database
try {
String user = findUser(susername, context);
if (user!=null) {
principal = new SimplePrincipal(user);
}
} catch (Exception e) {}
if (context.isVirtual()) {
if (principal==null) {
// Then we check in the main database
String db = context.getDatabase();
try {
context.setDatabase(context.getWiki().getDatabase());
try {
String user = findUser(susername, context);
if (user!=null)
principal = new SimplePrincipal(context.getDatabase() +
":" + user);
} catch (Exception e) {}
} finally {
context.setDatabase(db);
}
}
}
return principal;
}
public String getLDAP_DN(String susername, XWikiContext context)
{
String DN=null;
if (context!=null) {
// First we check in the local database
try {
String user = findUser(susername, context);
if (user!=null && user.length()!=0) {
DN = readLDAP_DN(user, context);
}
} catch (Exception e) {}
if (context.isVirtual()) {
if (DN==null && DN.length()!=0) {
// Then we check in the main database
String db = context.getDatabase();
try {
context.setDatabase(context.getWiki().getDatabase());
try {
String user = findUser(susername, context);
if (user!=null && user.length()!=0)
DN = readLDAP_DN(user, context);
} catch (Exception e) {}
} finally {
context.setDatabase(db);
}
}
}
}
return DN;
}
private String readLDAP_DN(String username, XWikiContext context) {
String DN = null;
try {
XWikiDocument doc = context.getWiki().getDocument(username, context);
// We only allow empty password from users having a XWikiUsers object.
if (doc.getObject("XWiki.XWikiUsers")!=null) {
DN = doc.getStringValue("XWiki.XWikiUsers", "ldap_dn");
}
} catch (Throwable e) {}
return DN;
}
protected boolean checkUserPassword(String username, String password, HashMap
attributes, XWikiContext context) throws XWikiException {
LDAPConnection lc = new LDAPConnection();
boolean result = false;
boolean notinLDAP = false;
String foundDN = null;
try {
if (log.isDebugEnabled())
log.debug("LDAP Password check for user " + username);
int ldapPort = getLDAPPort(context);
int ldapVersion = LDAPConnection.LDAP_V3;
String ldapHost = getParam("ldap_server", context);
String bindDNFormat = getParam("ldap_bind_DN",context);
String bindPasswordFormat = getParam("ldap_bind_pass",context);
int checkLevel = GetCheckLevel(context);
Object[] arguments = {
username,
password
};
String bindDN = MessageFormat.format(bindDNFormat, arguments);
String bindPassword = MessageFormat.format(bindPasswordFormat, arguments);
String baseDN = getParam("ldap_base_DN",context);
lc.connect( ldapHost, ldapPort );
if (log.isDebugEnabled())
log.debug("LDAP Connect successfull to host " + ldapHost +
" and port " + ldapPort );
// authenticate to the server
result = Bind(bindDN, bindPassword, lc, ldapVersion);
if (log.isDebugEnabled())
log.debug("LDAP Bind returned");
if (result && checkLevel > 0)
{
if (log.isDebugEnabled())
log.debug("LDAP searching user");
LDAPSearchResults searchResults =
lc.search( baseDN,
LDAPConnection.SCOPE_SUB ,
"("+ getParam("ldap_UID_attr",context)
+
"=" + username + ")",
null, // return all attributes
false); // return attrs and values
if (searchResults.hasMore())
{
if (log.isDebugEnabled())
log.debug("LDAP searching found user");
LDAPEntry nextEntry = searchResults.next();
foundDN = nextEntry.getDN();
if (log.isDebugEnabled())
log.debug("LDAP searching found DN: " + foundDN);
if (checkLevel > 1)
{
if (log.isDebugEnabled())
log.debug("LDAP comparing password");
LDAPAttribute attr = new LDAPAttribute(
"userPassword", password
);
result = lc.compare( foundDN, attr );
}
if (result)
{
if (log.isDebugEnabled())
log.debug("LDAP adding user attributes");
LDAPAttributeSet attributeSet = nextEntry.getAttributeSet();
Iterator allAttributes = attributeSet.iterator();
while(allAttributes.hasNext()) {
LDAPAttribute attribute =
(LDAPAttribute)allAttributes.next();
String attributeName = attribute.getName();
Enumeration allValues = attribute.getStringValues();
if( allValues != null) {
while(allValues.hasMoreElements()) {
if (log.isDebugEnabled())
log.debug("LDAP adding user attribute "
+ attributeName);
String Value = (String) allValues.nextElement();
attributes.put(attributeName, Value);
}
}
}
attributes.put("dn", foundDN);
}
}
else {
if (log.isDebugEnabled())
log.debug("LDAP search user failed");
notinLDAP = true;
}
if (log.isInfoEnabled()) {
if (result)
log.info("LDAP Password check for user " + username +
" successfull");
else
log.info("LDAP Password check for user " + username +
" failed");
}
}
}
catch( LDAPException e ) {
if (log.isInfoEnabled())
log.info("LDAP Password check for user " + username + "
failed with exception " + e.getMessage());
if ( e.getResultCode() == LDAPException.NO_SUCH_OBJECT ) {
notinLDAP = true;
} else if ( e.getResultCode() ==
LDAPException.NO_SUCH_ATTRIBUTE ) {
notinLDAP = true;
}
}
catch (Throwable e) {
notinLDAP = true;
if (log.isErrorEnabled())
log.error("LDAP Password check for user " + username + "
failed with exception " + e.getMessage());
}
finally
{
if (log.isDebugEnabled())
log.debug("LDAP check in finally block");
try {
lc.disconnect();
} catch (LDAPException e) {
e.printStackTrace();
}
}
if (notinLDAP)
{
if (log.isDebugEnabled())
log.debug("LDAP Password check reverting to XWiki");
// Use XWiki password if user not in LDAP
result = checkPassword(username, password, context);
foundDN = null;
}
return result;
}
private String getParam(String name, XWikiContext context) {
String param = "";
try {
param = context.getWiki().getXWikiPreference(name,context);
} catch (Exception e) {}
if (param == null || "".equals(param))
{
try{
param = context.getWiki().Param("xwiki.authentication." +
StringUtils.replace(name, "ldap_","ldap."));
} catch (Exception e) {}
}
if (param == null)
param = "";
return param;
}
protected int GetCheckLevel(XWikiContext context)
{
String checkLevel = getParam("ldap_check_level", context);
int val = 2;
if ("1".equals(checkLevel))
val = 1;
else if ("0".equals(checkLevel))
val = 0;
return val;
}
private int getLDAPPort(XWikiContext context) {
try {
return context.getWiki().getXWikiPreferenceAsInt("ldap_port",
context);
} catch (Exception e) {
return
(int)context.getWiki().ParamAsLong("xwiki.authentication.ldap.port",
LDAPConnection.DEFAULT_PORT);
}
}
protected boolean checkDNPassword(String DN, String username, String password,
XWikiContext context) throws XWikiException {
LDAPConnection lc = new LDAPConnection();
boolean result = false;
boolean notinLDAP = false;
try {
int ldapPort = getLDAPPort(context);
int ldapVersion = LDAPConnection.LDAP_V3;
String ldapHost = getParam("ldap_server", context);
String bindDN = getParam("ldap_bind_DN",context);
String bindPassword = getParam("ldap_bind_pass",context);
String baseDN = getParam("ldap_base_DN",context);
lc.connect( ldapHost, ldapPort );
// authenticate to the server
result = Bind(DN, password, lc, ldapVersion);
if (log.isDebugEnabled()) {
if (result)
log.debug("(debug) Password check for user " + DN + "
successfull");
else
log.debug("(debug) Password check for user " + DN + "
failed");
}
}
catch( LDAPException e ) {
if ( e.getResultCode() == LDAPException.NO_SUCH_OBJECT ) {
notinLDAP = true;
} else if ( e.getResultCode() ==
LDAPException.NO_SUCH_ATTRIBUTE ) {
notinLDAP = true;
}
}
catch (Throwable e) {
e.printStackTrace();
}
finally
{
try {
lc.disconnect();
} catch (LDAPException e) {
e.printStackTrace();
}
}
if (notinLDAP)
{
// Use XWiki password if user not in LDAP
result = checkPassword(username, password, context);
}
return result;
}
private boolean Bind(String bindDN, String bindPassword, LDAPConnection lc, int
ldapVersion) throws UnsupportedEncodingException {
boolean bound = false;
if (log.isDebugEnabled())
log.debug("LDAP Bind starting");
if (bindDN != null && bindDN.length() > 0 && bindPassword !=
null)
{
try
{
lc.bind( ldapVersion, bindDN, bindPassword.getBytes("UTF8") );
bound = true;
if (log.isDebugEnabled())
log.debug("LDAP Bind successfull");
}
catch(LDAPException e) {
if (log.isErrorEnabled())
log.error("LDAP Bind failed with Exception " +
e.getMessage());
};
} else {
if (log.isDebugEnabled())
log.debug("LDAP Bind does not have binding info");
}
return bound;
}
}
Right.. I had the feeling an email address would
not work.. The fact
that there is no page yet in the wiki should not be a problem at this
point..
Okay -- we'll need to work around that at some point because most of my
folks log in with an e-mail address (just a few of us have non-email
UIDs in the LDAP directory). First, though, I'd like to fix this
challenge, then worry about that.
I don't get why you get no message between
these two:
DEBUG LDAPAuthServiceImpl:Bind:451 - LDAP Bind successfull INFO
MyFormAuthenticator:processLogin:142 - User peter login has failed
'tis true, 'tis true. For me it ranks right up there with trying to
figure out how I got to line 142 of MyFormAuthenticator.
There should be at least one.. when I look at the
code I put to give
some debut messages
What is your LDAP server by the way ?
OpenLDAP (latest version -- just installed it).
Peter
- --
Peter Murray http://www.pandc.org/peter/work/
Assistant Director, Multimedia Systems tel:+1-614-728-3600;ext=338
OhioLINK: the Ohio Library and Information Network Columbus, Ohio
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (Darwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFC/i8r4+t4qSfPIHIRAlZ5AJ4jJUlPNWIiWrJWQhmdb20tlJ+zBwCgxJ13
wp1UQgLQPAXQQkX0KTUVgz8=
=02y/
-----END PGP SIGNATURE-----
------------------------------------------------------------------------
--
You receive this message as a subscriber of the xwiki-users(a)objectweb.org mailing list.
To unsubscribe: mailto:xwiki-users-unsubscribe@objectweb.org
For general help: mailto:sympa@objectweb.org?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws
21 Aug
21 Aug
9:17 p.m.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 8/15/05 6:52 AM, Ludovic Dubost wrote:
I've added some more debug code to the LDAP auth
class.. Can you send
me a full log file to check it out.. If this does not give more info
I suggest debugging..
Sorry for the delay, and thanks again for looking at this. I put the
new class in place, and this is the entirety of the log file through the
point of "MyFormAuthenticator:processLogin:142 - User xxxxx login has
failed"
###,142 WARN RequestUtils:createActionForm:177 - No FormBeanConfig
found under 'login'
###,146 DEBUG XWikiHibernateStore:beginTransaction:361 - Trying to get
session from pool
###,148 DEBUG XWikiHibernateStore:beginTransaction:367 - Taken session
from pool
org.hibernate.impl.SessionImpl(PersistentContext[entitiesByKey={}]
ActionQueue[insertions=[] updates=[] deletions=[] collectionCreations=[]
collectionRemovals=[] collectionUpdates=[]])
###,152 INFO DBCPConnectionProvider:logStatistics:271 - active: 1
(max: 50) idle: 4(max: 5)
###,155 DEBUG XWikiHibernateStore:beginTransaction:376 - Trying to open
transaction
###,158 DEBUG XWikiHibernateStore:beginTransaction:378 - Opened
transaction org.hibernate.transaction.JDBCTransaction@d1cea7
###,166 DEBUG XWikiHibernateStore:endTransaction:407 - Releasing
hibernate transaction org.hibernate.transaction.JDBCTransaction@d1cea7
###,169 DEBUG XWikiHibernateStore:closeSession:424 - Releasing
hibernate session
org.hibernate.impl.SessionImpl(PersistentContext[entitiesByKey={}]
ActionQueue[insertions=[] updates=[] deletions=[] collectionCreations=[]
collectionRemovals=[] collectionUpdates=[]])
###,174 INFO DBCPConnectionProvider:logStatistics:271 - active: 0
(max: 50) idle: 5(max: 5)
###,177 DEBUG XWikiHibernateStore:beginTransaction:361 - Trying to get
session from pool
###,180 DEBUG XWikiHibernateStore:beginTransaction:367 - Taken session
from pool
org.hibernate.impl.SessionImpl(PersistentContext[entitiesByKey={}]
ActionQueue[insertions=[] updates=[] deletions=[] collectionCreations=[]
collectionRemovals=[] collectionUpdates=[]])
###,202 INFO DBCPConnectionProvider:logStatistics:271 - active: 1
(max: 50) idle: 4(max: 5)
###,205 DEBUG XWikiHibernateStore:beginTransaction:376 - Trying to open
transaction
###,208 DEBUG XWikiHibernateStore:beginTransaction:378 - Opened
transaction org.hibernate.transaction.JDBCTransaction@a2d31
###,224 DEBUG XWikiHibernateStore:endTransaction:407 - Releasing
hibernate transaction org.hibernate.transaction.JDBCTransaction@a2d31
###,227 DEBUG XWikiHibernateStore:closeSession:424 - Releasing
hibernate session
org.hibernate.impl.SessionImpl(PersistentContext[entitiesByKey={}]
ActionQueue[insertions=[] updates=[] deletions=[] collectionCreations=[]
collectionRemovals=[] collectionUpdates=[]])
###,230 INFO DBCPConnectionProvider:logStatistics:271 - active: 0
(max: 50) idle: 5(max: 5)
###,233 DEBUG LDAPAuthServiceImpl:checkUserPassword:218 - LDAP Password
check for user peter
###,243 DEBUG LDAPAuthServiceImpl:checkUserPassword:241 - LDAP Connect
successfull to host ldap.ohiolink.edu and port 389
###,245 DEBUG LDAPAuthServiceImpl:Bind:456 - LDAP Bind starting
###,249 DEBUG LDAPAuthServiceImpl:Bind:466 - LDAP Bind successfull
###,251 DEBUG LDAPAuthServiceImpl:checkUserPassword:247 - LDAP Bind
returned
###,253 DEBUG LDAPAuthServiceImpl:checkUserPassword:343 - LDAP check in
finally block
###,328 DEBUG XWikiHibernateStore:beginTransaction:361 - Trying to get
session from pool
###,330 DEBUG XWikiHibernateStore:beginTransaction:367 - Taken session
from pool
org.hibernate.impl.SessionImpl(PersistentContext[entitiesByKey={}]
ActionQueue[insertions=[] updates=[] deletions=[] collectionCreations=[]
collectionRemovals=[] collectionUpdates=[]])
###,333 INFO DBCPConnectionProvider:logStatistics:271 - active: 1
(max: 50) idle: 4(max: 5)
###,336 DEBUG XWikiHibernateStore:beginTransaction:376 - Trying to open
transaction
###,338 DEBUG XWikiHibernateStore:beginTransaction:378 - Opened
transaction org.hibernate.transaction.JDBCTransaction@9faacf
###,348 DEBUG XWikiHibernateStore:endTransaction:407 - Releasing
hibernate transaction org.hibernate.transaction.JDBCTransaction@9faacf
###,351 DEBUG XWikiHibernateStore:closeSession:424 - Releasing
hibernate session
org.hibernate.impl.SessionImpl(PersistentContext[entitiesByKey={}]
ActionQueue[insertions=[] updates=[] deletions=[] collectionCreations=[]
collectionRemovals=[] collectionUpdates=[]])
###,355 INFO DBCPConnectionProvider:logStatistics:271 - active: 0
(max: 50) idle: 5(max: 5)
###,357 INFO MyFormAuthenticator:processLogin:142 - User peter login
has failed
###,360 WARN RequestUtils:createActionForm:177 - No FormBeanConfig
found under 'loginerror'
###,363 DEBUG XWikiRightServiceImpl:logAllow:47 - Access has been
granted for (XWiki.XWikiGuest,XWiki.XWikiLogin,loginerror): login/logout
pages
###,400 DEBUG XWikiRightServiceImpl:checkRight:233 - Checking right:
XWiki.XWikiGuest,XWiki.XWikiPreferences,admin,true,true,true
###,403 DEBUG XWikiRightServiceImpl:checkRight:251 - Found a right for true
###,421 DEBUG XWikiRightServiceImpl:checkRight:284 - Searching for
matching rights at group level
###,425 DEBUG XWikiRightServiceImpl:checkRight:348 - Searching for
matching rights for 0 groups: []
###,428 DEBUG XWikiRightServiceImpl:checkRight:371 - Finished searching
for rights for XWiki.XWikiGuest: true
Peter
- --
Peter Murray http://www.pandc.org/peter/work/
Assistant Director, Multimedia Systems tel:+1-614-728-3600;ext=338
OhioLINK: the Ohio Library and Information Network Columbus, Ohio
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (Darwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFDCNNV4+t4qSfPIHIRAn4ZAKCaOP6fJV4mI4rZxt2hgqll7fjNBQCfaMjv
KNRHrDj3twiM3+XAuBt3eu8=
=lw1v
-----END PGP SIGNATURE-----
10:07 p.m.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Oh, cr*p. My xwiki.cfg file had "xwiki.authentication.ldap.UID_addr"
instead of "xwiki.authentication.ldap.UID_attr" (the difference between
addr and attr). I've gotten it to work now. For what its worth, I'd
leave the debug code in -- it was helpful in figuring out what was going
on with the LDAP server.
Now, back to an original goal -- I'd like the login ID to be the e-mail
address, but early in LDAPAuthServiceImpl.authenticate there is a bit
which removes everything except what follows the final period in the
string. Why? Is there any harm in commenting out this part of the code?
Peter
On 8/21/05 3:17 PM, Peter Murray wrote:
On 8/15/05 6:52 AM, Ludovic Dubost wrote:
- --
Peter Murray http://www.pandc.org/peter/work/
Assistant Director, Multimedia Systems tel:+1-614-728-3600;ext=338
OhioLINK: the Ohio Library and Information Network Columbus, Ohio
I've added some more debug code to the LDAP
auth class.. Can you send
me a full log file to check it out.. If this does not give more info
I suggest debugging..
Sorry for the delay, and thanks again for looking at this. I put the
new class in place, and this is the entirety of the log file through the
point of "MyFormAuthenticator:processLogin:142 - User xxxxx login has
failed" -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (Darwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFDCN8d4+t4qSfPIHIRAi2wAJ9sj57LKqSX2nWtMz28nx+M/pwwaACgiPyY
D1I/uPcgwuIYbOY4Hxl/4PU=
=jByl
-----END PGP SIGNATURE-----
6966
days inactive
6976
days old
12 comments
2 participants
participants (2)
-
Ludovic Dubost -
Peter Murray