Hi, I've updated from 1.5.2 to 1.6.1. After this, I found all groups beeing empty - so no users were there anymore. As result I started mapping LDAP groups to XWiki groups to let XWiki populate the memberships again - I was planning this anyway. For some reason XWiki is not able to get the groups members and I cannot understand why. Also it is not putting my user in the XWiki.AllGroup - still my groups do not have any member.

This are the logs: DEBUG LDAP.XWikiLDAPAuthServiceImpl - Updating existing user with LDAP attribues located at cn=a12345,ou=associates,ou=users,o=wlgore DEBUG ldap.XWikiLDAPConfig - Ready to create user from LDAP with fields last_name=sn,first_name=givenName,fullname=fullName,email=mail,ldap_dn=dn DEBUG ldap.XWikiLDAPConfig - Groupmapping found: XWiki.XWikiAdminGroup cn=Admin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore DEBUG ldap.XWikiLDAPConfig - Groupmapping found: XWiki.MSOEGroup cn=MSOE,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore DEBUG ldap.XWikiLDAPConfig - Groupmapping found: XWiki.MedicalFabricsAdmGroup cn=MedFabAdmin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore DEBUG ldap.XWikiLDAPConfig - Groupmapping found: XWiki.MedicalFabricsGroup cn=MedFabUser,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore DEBUG LDAP.XWikiLDAPAuthServiceImpl - Updating group membership for the user: tzwitano DEBUG LDAP.XWikiLDAPAuthServiceImpl - The user belongs to following XWiki groups: DEBUG LDAP.XWikiLDAPAuthServiceImpl - XWiki.XWikiAllGroup DEBUG LDAP.XWikiLDAPAuthServiceImpl - All defined XWiki groups: DEBUG LDAP.XWikiLDAPAuthServiceImpl - XWiki.MSOEGroup DEBUG LDAP.XWikiLDAPAuthServiceImpl - XWiki.MedicalFabricsAdmGroup DEBUG LDAP.XWikiLDAPAuthServiceImpl - XWiki.MedicalFabricsGroup DEBUG LDAP.XWikiLDAPAuthServiceImpl - XWiki.TrillrAdmin DEBUG LDAP.XWikiLDAPAuthServiceImpl - XWiki.TrillrUser DEBUG LDAP.XWikiLDAPAuthServiceImpl - XWiki.XWikiAdminGroup DEBUG LDAP.XWikiLDAPAuthServiceImpl - XWiki.XWikiAllGroup DEBUG ldap.XWikiLDAPUtils - Found group [cn=MSOE,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore] members :{} DEBUG ldap.XWikiLDAPUtils - Found group [cn=Admin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore] members :{} DEBUG ldap.XWikiLDAPUtils - Found group [cn=MedFabAdmin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore] members :{} DEBUG ldap.XWikiLDAPUtils - Found group [cn=MedFabUser,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore] members :{} This is my config: #-# new LDAP authentication service xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl #-# Turn LDAP authentication on - otherwise only XWiki authentication #-# 0: disable #-# 1: enable xwiki.authentication.ldap=1 #-# Force to check password after LDAP connection #-# 0: disable #-# 1: enable xwiki.authentication.ldap.validate_password=0 #-# only members of the following group will be verified in the LDAP # otherwise only users that are found after searching starting from the base_DN #xwiki.authentication.ldap.user_group=o=wlgore #-# base DN for searches #xwiki.authentication.ldap.base_DN=o=wlgore #-# Specifies the LDAP attribute containing the identifier to be used as the XWiki name (default=cn) xwiki.authentication.ldap.UID_attr=uid #-# [SINCE 1.5M1, XWikiLDAPAuthServiceImpl] #-# Specifies the LDAP attribute containing the password to be used "when xwiki.authentication.ldap.validate_password" is set to 1 # xwiki.authentication.ldap.password_field=userPassword #-# [SINCE 1.5M1, XWikiLDAPAuthServiceImpl] #-# The potential LDAP groups classes. Separated by commas. xwiki.authentication.ldap.group_classes=group,groupOfNames,groupOfUniqueNames,dynamicGroup,dynamicGroupAux,groupWiseDistributionList,Top #xwiki.authentication.ldap.group_classes=groupOfNames,Top,groupOfNames #-# [SINCE 1.5M1, XWikiLDAPAuthServiceImpl] #-# The potential names of the LDAP groups fields containings the members. Separated by commas. xwiki.authentication.ldap.group_memberfields=member,equivalentToMe #-# retrieve the following fields from LDAP and store them in the XWiki user object (xwiki-attribute=ldap-attribute) #-# ldap_dn=dn -- dn is set by class, caches dn in XWiki.user object for faster access xwiki.authentication.ldap.fields_mapping=last_name=sn,first_name=givenName,fullname=fullName,email=mail,ldap_dn=dn #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] #-# on every login update the mapped attributes from LDAP to XWiki otherwise this happens only once when the XWiki account is created. xwiki.authentication.ldap.update_user=1 #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] #-# mapps XWiki groups to LDAP groups, separator is "|" xwiki.authentication.ldap.group_mapping=XWiki.XWikiAdminGroup=cn=Admin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore|\ XWiki.MSOEGroup=cn=MSOE,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore|\ XWiki.MedicalFabricsAdmGroup=cn=MedFabAdmin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore|\ XWiki.MedicalFabricsGroup=cn=MedFabUser,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] #-# time in s after which the list of members in a group is refreshed from LDAP (default=3600*6) xwiki.authentication.ldap.groupcache_expiration=60 #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] #-# - create : synchronize group membership only when the user is first created #-# - always: synchronize on every login xwiki.authentication.ldap.mode_group_sync=always #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] #-# if ldap authentication fails for any reason, try XWiki DB authentication with the same credentials xwiki.authentication.ldap.trylocal=1 Thanks! Thomas _______________________________________________ users mailing list users(a)xwiki.org http://lists.xwiki.org/mailman/listinfo/users

Hi Thomas, Yes, there is an entry on this, but it looks like it doesn't find anything. ldap.XWikiLDAPUtils - Retrieving Members of the group: cn=MSOE,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore ldap.XWikiLDAPUtils - Found group [cn=MSOE,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore] members :{} ldap.XWikiLDAPUtils - Retrieving Members of the group: cn=Admin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore ldap.XWikiLDAPUtils - Found group [cn=Admin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore] members :{} ldap.XWikiLDAPUtils - Retrieving Members of the group: cn=MedFabAdmin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore ldap.XWikiLDAPUtils - Found group [cn=MedFabAdmin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore] members :{} ldap.XWikiLDAPUtils - Retrieving Members of the group: cn=MedFabUser,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore ldap.XWikiLDAPUtils - Found group [cn=MedFabUser,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore] members :{} The Admin-group in LDAP looks like this: dn: cn=Admin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore DirXML-Associations: cn=AUTH-IDV,cn=DriverSet,ou=IDM,ou=system,o=wlgore#1#{E21DA9D4-FD4F-944c-40BA-E21DA9D4FD4F} equivalentToMe: cn=a12345,ou=associates,ou=users,o=wlgore objectClass: groupOfNames objectClass: Top member: cn=a12345,ou=associates,ou=users,o=wlgore description: XWiki Admin Group cn: Admin So I see no reason for it not finding the members. In regards to the group cache, I already set it to 60s just to make sure it's being refreshed - with no effect.

Thanks! Thomas "Thomas Mortagne" <thomas.mortagne(a)xwiki.com Sent by: users-bounces(a)xwiki.org 18.11.2008 18:26 Please respond to XWiki Users <users(a)xwiki.org To "XWiki Users" <users(a)xwiki.org cc Subject Re: [xwiki-users] LDAP Groupmembers not updated to XWiki-Groups Hi, On Tue, Nov 18, 2008 at 5:39 PM, Thomas Zwitanowitsch <tzwitano(a)wlgore.com> wrote: Can you see "Retrieving Members of the group..." anywhere in the whole log ? In your log I only see "Found group" which should means the group cache already contains the group members. last_name=sn,first_name=givenName,fullname=fullName,email=mail,ldap_dn=dn cn=MedFabAdmin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore cn=MedFabUser,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore the [cn=MSOE,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore] [cn=Admin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore] [cn=MedFabAdmin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore] [cn=MedFabUser,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore] xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl "when xwiki.authentication.ldap.group_classes=group,groupOfNames,groupOfUniqueNames,dynamicGroup,dynamicGroupAux,groupWiseDistributionList,Top members. for xwiki.authentication.ldap.fields_mapping=last_name=sn,first_name=givenName,fullname=fullName,email=mail,ldap_dn=dn xwiki.authentication.ldap.group_mapping=XWiki.XWikiAdminGroup=cn=Admin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore|\ XWiki.MSOEGroup=cn=MSOE,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore|\ XWiki.MedicalFabricsAdmGroup=cn=MedFabAdmin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore|\ XWiki.MedicalFabricsGroup=cn=MedFabUser,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore > #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] > #-# time in s after which the list of members in a group is refreshed from > LDAP (default=3600*6) > xwiki.authentication.ldap.groupcache_expiration=60 > #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] > #-# - create : synchronize group membership only when the user is first > created > #-# - always: synchronize on every login > xwiki.authentication.ldap.mode_group_sync=always > #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] > #-# if ldap authentication fails for any reason, try XWiki DB > authentication with the same credentials > xwiki.authentication.ldap.trylocal=1 > Thanks! > Thomas > _______________________________________________ > users mailing list > users(a)xwiki.org > http://lists.xwiki.org/mailman/listinfo/users -- Thomas Mortagne _______________________________________________ users mailing list users(a)xwiki.org http://lists.xwiki.org/mailman/listinfo/users _______________________________________________ users mailing list users(a)xwiki.org http://lists.xwiki.org/mailman/listinfo/users

On Wed, Nov 19, 2008 at 8:44 AM, Thomas Zwitanowitsch <tzwitano(a)wlgore.com> wrote: > Hi Thomas, > > Yes, there is an entry on this, but it looks like it doesn't find > anything. > > ldap.XWikiLDAPUtils - Retrieving Members of the group: > cn=MSOE,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore > ldap.XWikiLDAPUtils - Found group >

> members :{} > ldap.XWikiLDAPUtils - Retrieving Members of the group: >

> ldap.XWikiLDAPUtils - Found group >

> members :{} > ldap.XWikiLDAPUtils - Retrieving Members of the group: >

> ldap.XWikiLDAPUtils - Found group >

> members :{} > ldap.XWikiLDAPUtils - Retrieving Members of the group: >

> ldap.XWikiLDAPUtils - Found group >

> members :{} > > > The Admin-group in LDAP looks like this: > > dn: >

> DirXML-Associations: >

> equivalentToMe: cn=a12345,ou=associates,ou=users,o=wlgore > objectClass: groupOfNames > objectClass: Top > member: cn=a12345,ou=associates,ou=users,o=wlgore > description: XWiki Admin Group > cn: Admin > > So I see no reason for it not finding the members. In regards to the

Ok them let me add some more log for your particular case and commit for you to try to find why it can't find any LDAP group's member.. > > Thanks! > Thomas > > > > > "Thomas Mortagne" <thomas.mortagne(a)xwiki.com> > Sent by: users-bounces(a)xwiki.org > 18.11.2008 18:26 > Please respond to > XWiki Users <users(a)xwiki.org> > > > To > "XWiki Users" <users(a)xwiki.org> > cc > > Subject > Re: [xwiki-users] LDAP Groupmembers not updated to XWiki-Groups > > > > > > > Hi, > > On Tue, Nov 18, 2008 at 5:39 PM, Thomas Zwitanowitsch > <tzwitano(a)wlgore.com> wrote: >> Hi, >> >> I've updated from 1.5.2 to 1.6.1. After this, I found all groups

>> empty - so no users were there anymore. >> >> As result I started mapping LDAP groups to XWiki groups to let XWiki >> populate the memberships again - I was planning this anyway. >> >> For some reason XWiki is not able to get the groups members and I

>> understand why. Also it is not putting my user in the XWiki.AllGroup - >> still my groups do not have any member. >> > > Can you see "Retrieving Members of the group..." anywhere in the whole

> ? > > In your log I only see "Found group" which should means the group > cache already contains the group members. > >> This are the logs: >> >> DEBUG LDAP.XWikiLDAPAuthServiceImpl - Updating existing user with

>> attribues located at cn=a12345,ou=associates,ou=users,o=wlgore >> DEBUG ldap.XWikiLDAPConfig - Ready to create user from LDAP >> with fields >> >

>> DEBUG ldap.XWikiLDAPConfig - Groupmapping found: >> XWiki.XWikiAdminGroup >>

>> DEBUG ldap.XWikiLDAPConfig - Groupmapping found: >> XWiki.MSOEGroup >>

>> DEBUG ldap.XWikiLDAPConfig - Groupmapping found: >> XWiki.MedicalFabricsAdmGroup >> >

>> DEBUG ldap.XWikiLDAPConfig - Groupmapping found: >> XWiki.MedicalFabricsGroup >> >

>> DEBUG LDAP.XWikiLDAPAuthServiceImpl - Updating group membership for > the >> user: tzwitano >> DEBUG LDAP.XWikiLDAPAuthServiceImpl - The user belongs to following >> XWiki groups: >> DEBUG LDAP.XWikiLDAPAuthServiceImpl - XWiki.XWikiAllGroup >> DEBUG LDAP.XWikiLDAPAuthServiceImpl - All defined XWiki groups: >> DEBUG LDAP.XWikiLDAPAuthServiceImpl - XWiki.MSOEGroup >> DEBUG LDAP.XWikiLDAPAuthServiceImpl - XWiki.MedicalFabricsAdmGroup >> DEBUG LDAP.XWikiLDAPAuthServiceImpl - XWiki.MedicalFabricsGroup >> DEBUG LDAP.XWikiLDAPAuthServiceImpl - XWiki.TrillrAdmin >> DEBUG LDAP.XWikiLDAPAuthServiceImpl - XWiki.TrillrUser >> DEBUG LDAP.XWikiLDAPAuthServiceImpl - XWiki.XWikiAdminGroup >> DEBUG LDAP.XWikiLDAPAuthServiceImpl - XWiki.XWikiAllGroup >> DEBUG ldap.XWikiLDAPUtils - Found group >> >

>> members :{} >> DEBUG ldap.XWikiLDAPUtils - Found group >> >

>> members :{} >> DEBUG ldap.XWikiLDAPUtils - Found group >> >

>> members :{} >> DEBUG ldap.XWikiLDAPUtils - Found group >> >

>> members :{} >> >> This is my config: >> >> #-# new LDAP authentication service >> >

>> >> #-# Turn LDAP authentication on - otherwise only XWiki authentication >> #-# 0: disable >> #-# 1: enable >> xwiki.authentication.ldap=1 >> >> #-# Force to check password after LDAP connection >> #-# 0: disable >> #-# 1: enable >> xwiki.authentication.ldap.validate_password=0 >> >> #-# only members of the following group will be verified in the LDAP >> # otherwise only users that are found after searching starting from

>> base_DN >> #xwiki.authentication.ldap.user_group=o=wlgore >> >> #-# base DN for searches >> #xwiki.authentication.ldap.base_DN=o=wlgore >> >> #-# Specifies the LDAP attribute containing the identifier to be used

>> the XWiki name (default=cn) >> xwiki.authentication.ldap.UID_attr=uid >> >> #-# [SINCE 1.5M1, XWikiLDAPAuthServiceImpl] >> #-# Specifies the LDAP attribute containing the password to be used > "when >> xwiki.authentication.ldap.validate_password" is set to 1 >> # xwiki.authentication.ldap.password_field=userPassword >> >> #-# [SINCE 1.5M1, XWikiLDAPAuthServiceImpl] >> #-# The potential LDAP groups classes. Separated by commas. >> >

>> #xwiki.authentication.ldap.group_classes=groupOfNames,Top,groupOfNames >> >> #-# [SINCE 1.5M1, XWikiLDAPAuthServiceImpl] >> #-# The potential names of the LDAP groups fields containings the > members. >> Separated by commas. >> xwiki.authentication.ldap.group_memberfields=member,equivalentToMe >> >> #-# retrieve the following fields from LDAP and store them in the

>> user object (xwiki-attribute=ldap-attribute) >> #-# ldap_dn=dn -- dn is set by class, caches dn in XWiki.user object > for >> faster access >> >

>> >> #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] >> #-# on every login update the mapped attributes from LDAP to XWiki >> otherwise this happens only once when the XWiki account is created. >> xwiki.authentication.ldap.update_user=1 >> >> #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] >> #-# mapps XWiki groups to LDAP groups, separator is "|" >> >

>> >

>> >

>> >

>> >> #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] >> #-# time in s after which the list of members in a group is refreshed > from >> LDAP (default=3600*6) >> xwiki.authentication.ldap.groupcache_expiration=60 >> >> #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] >> #-# - create : synchronize group membership only when the user is

-- Thomas Mortagne

Yes, I am sure. This is what is configured:

I also tried this configuration xwiki.authentication.ldap.group_classes=groupOfNames,Top,groupOfNames xwiki.authentication.ldap.group_memberfields=member,equivalentToMe and this again, is the group in LDAP dn: cn=Admin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore DirXML-Associations:

equivalentToMe: cn=a22094,ou=associates,ou=users,o=wlgore objectClass: groupOfNames objectClass: Top member: cn=a22094,ou=associates,ou=users,o=wlgore description: XWiki Admin Group cn: Admin Not sure if I understand your last mail in regards to you adding some

logs.

Thanks Thomas "Thomas Mortagne" <thomas.mortagne(a)xwiki.com> Sent by: users-bounces(a)xwiki.org 19.11.2008 10:43 Please respond to XWiki Users <users(a)xwiki.org> To "XWiki Users" <users(a)xwiki.org> cc Subject Re: [xwiki-users] LDAP Groupmembers not updated to XWiki-Groups In the meantime, are you sure that group_classes and group_memberfields has the right values for your LDAP schema ? On Wed, Nov 19, 2008 at 10:42 AM, Thomas Mortagne <thomas.mortagne(a)xwiki.com> wrote: > On Wed, Nov 19, 2008 at 8:44 AM, Thomas Zwitanowitsch > <tzwitano(a)wlgore.com> wrote: >> Hi Thomas, >> >> Yes, there is an entry on this, but it looks like it doesn't find >> anything. >> >> ldap.XWikiLDAPUtils - Retrieving Members of the group: >>

cn=Admin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore

group >> cache, I already set it to 60s just to make sure it's being refreshed

beeing cannot >>> understand why. Also it is not putting my user in the XWiki.AllGroup

log LDAP >>> attribues located at cn=a12345,ou=associates,ou=users,o=wlgore >>> DEBUG ldap.XWikiLDAPConfig - Ready to create user from

cn=Admin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore cn=MSOE,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore

the as

>>>

XWiki

first -- Thomas Mortagne _______________________________________________ users mailing list users(a)xwiki.org http://lists.xwiki.org/mailman/listinfo/users _______________________________________________ users mailing list users(a)xwiki.org http://lists.xwiki.org/mailman/listinfo/users

On Wed, Nov 19, 2008 at 12:08 PM, Thomas Zwitanowitsch <tzwitano(a)wlgore.com> wrote: I just improved the log to see exactly what attributes names are used in the search (in place of [[Ljava.lang.String;@178f36a]), you try the last core jar at same URL. -- Thomas Mortagne

We're using Novell's eDirectory. I thought of the same thing that lowercase could be a problem. But on the other side the "member" attribute is all lowercase - only "equivalentToMe" is mixed case. And I just tried it to only map it to "member" with no change.

Here are the new logs: bstractXWikiMigrationManager - No storage migration required since current version is [7351] ldap.XWikiLDAPConfig - ldap_group_classes: [groupofnames, group, top, dynamicgroupaux, groupofuniquenames, groupwisedistributionlist, dynamicgroup] ldap.XWikiLDAPConfig - ldap_group_memberfields: [equivalenttome, member] ldap.XWikiLDAPConnection - Connection to LDAP server [heffalump.wlgore.com:389] ldap.XWikiLDAPConnection - Binding to LDAP server with credentials login=[cn=intranet_proxy,ou=proxy-users,ou=system,o=wlgore] password=[***********] LDAP.XWikiLDAPAuthServiceImpl - Found user dn with the user object: null ldap.XWikiLDAPConfig - Ready to create user from LDAP with fields last_name=sn,first_name=givenName,fullname=fullName,email=mail,ldap_dn=dn ldap.XWikiLDAPUtils - Searching for the user in LDAP: user:tzwitano base: query:(uid=tzwitano) uid:uid ldap.XWikiLDAPConnection - LDAP search: baseDN=[] query=[(uid=tzwitano)] attr=[[sn, givenName, fullName, mail, dn]] ldapScope=[2] ldap.XWikiLDAPConnection - LDAP search found attributes: [{name=dn value=cn=a12345,ou=associates,ou=users,o=wlgore}, {name=sn value=Zwitanowitsch}, {name=mail value=tzwitano(a)wlgore.com}, {name=givenName value=Thomas}, {name=fullName value=Thomas Zwitanowitsch }] LDAP.XWikiLDAPAuthServiceImpl - LDAP attributes will be used to update XWiki attributes. LDAP.XWikiLDAPAuthServiceImpl - Updating existing user with LDAP attribues located at cn=a12345,ou=associates,ou=users,o=wlgore ldap.XWikiLDAPConfig - Ready to create user from LDAP with fields last_name=sn,first_name=givenName,fullname=fullName,email=mail,ldap_dn=dn ldap.XWikiLDAPConfig - Groupmapping found: XWiki.XWikiAdminGroup cn=Admin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore ldap.XWikiLDAPConfig - Groupmapping found: XWiki.MSOEGroup cn=MSOE,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore ldap.XWikiLDAPConfig - Groupmapping found: XWiki.MedicalFabricsAdmGroup cn=MedFabAdmin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore ldap.XWikiLDAPConfig - Groupmapping found: XWiki.MedicalFabricsGroup cn=MedFabUser,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore LDAP.XWikiLDAPAuthServiceImpl - Updating group membership for the user: tzwitano LDAP.XWikiLDAPAuthServiceImpl - The user belongs to following XWiki groups: LDAP.XWikiLDAPAuthServiceImpl - XWiki.XWikiAllGroup LDAP.XWikiLDAPAuthServiceImpl - All defined XWiki groups: LDAP.XWikiLDAPAuthServiceImpl - XWiki.MSOEGroup LDAP.XWikiLDAPAuthServiceImpl - XWiki.MedicalFabricsAdmGroup LDAP.XWikiLDAPAuthServiceImpl - XWiki.MedicalFabricsGroup LDAP.XWikiLDAPAuthServiceImpl - XWiki.TrillrAdmin LDAP.XWikiLDAPAuthServiceImpl - XWiki.TrillrUser LDAP.XWikiLDAPAuthServiceImpl - XWiki.XWikiAdminGroup LDAP.XWikiLDAPAuthServiceImpl - XWiki.XWikiAllGroup ldap.XWikiLDAPUtils - Retrieving Members of the group: cn=MSOE,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore ldap.XWikiLDAPConnection - LDAP search: baseDN=[cn=MSOE,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore] query=[null] attr=[[objectClass, uid, equivalenttome, member]] ldapScope=[0] ldap.XWikiLDAPConnection - LDAP search found attributes: [{name=dn value=cn=MSOE,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore}, {name=objectClass value=groupOfNames}, {name=objectClass value=Top}] ldap.XWikiLDAPUtils - Found group [cn=MSOE,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore] members :{} ldap.XWikiLDAPUtils - Retrieving Members of the group: cn=Admin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore ldap.XWikiLDAPConnection - LDAP search: baseDN=[cn=Admin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore] query=[null] attr=[[objectClass, uid, equivalenttome, member]] ldapScope=[0] ldap.XWikiLDAPConnection - LDAP search found attributes: [{name=dn value=cn=Admin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore}, {name=objectClass value=groupOfNames}, {name=objectClass value=Top}] ldap.XWikiLDAPUtils - Found group [cn=Admin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore] members :{} ldap.XWikiLDAPUtils - Retrieving Members of the group: cn=MedFabAdmin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore ldap.XWikiLDAPConnection - LDAP search: baseDN=[cn=MedFabAdmin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore] query=[null] attr=[[objectClass, uid, equivalenttome, member]] ldapScope=[0] ldap.XWikiLDAPConnection - LDAP search found attributes: [{name=dn value=cn=MedFabAdmin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore}, {name=objectClass value=groupOfNames}, {name=objectClass value=Top}] ldap.XWikiLDAPUtils - Found group [cn=MedFabAdmin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore] members :{} ldap.XWikiLDAPUtils - Retrieving Members of the group: cn=MedFabUser,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore ldap.XWikiLDAPConnection - LDAP search: baseDN=[cn=MedFabUser,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore] query=[null] attr=[[objectClass, uid, equivalenttome, member]] ldapScope=[0] ldap.XWikiLDAPConnection - LDAP search found attributes: [{name=dn value=cn=MedFabUser,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore}, {name=objectClass value=groupOfNames}, {name=objectClass value=Top}] ldap.XWikiLDAPUtils - Found group [cn=MedFabUser,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore] members :{} "Thomas Mortagne" <thomas.mortagne(a)xwiki.com> Sent by: users-bounces(a)xwiki.org 19.11.2008 13:11 Please respond to XWiki Users <users(a)xwiki.org> To "XWiki Users" <users(a)xwiki.org> cc Subject Re: [xwiki-users] LDAP Groupmembers not updated to XWiki-Groups By the way Maybe your already said it but which LDAP server are you using ? The attributes are lower cased by XWiki to not depends on the case of attributes when manipulating them. It's generaly not a problem for LDAP but maybe there a problem with the server your are using... On Wed, Nov 19, 2008 at 1:07 PM, Thomas Mortagne <thomas.mortagne(a)xwiki.com> wrote: [cn=Admin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore] cn=MedFabAdmin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore baseDN=[cn=MedFabAdmin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore] [{name=dn value=cn=MedFabAdmin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore}, >> {name=objectClass value=groupOfNames}, {name=objectClass value=Top}] >> Do you need the other lines as well? > > I just improved the log to see exactly what attributes names are used > in the search (in place of [[Ljava.lang.String;@178f36a]), you try the > last core jar at same URL. > >> Thomas >> "Thomas Mortagne" <thomas.mortagne(a)xwiki.com> >> Sent by: users-bounces(a)xwiki.org >> 19.11.2008 11:34 >> Please respond to >> XWiki Users <users(a)xwiki.org> >> To >> "XWiki Users" <users(a)xwiki.org> >> cc >> Subject >> Re: [xwiki-users] LDAP Groupmembers not updated to XWiki-Groups >> On Wed, Nov 19, 2008 at 10:51 AM, Thomas Zwitanowitsch >> <tzwitano(a)wlgore.com> wrote: >>> Yes, I am sure. This is what is configured: >> xwiki.authentication.ldap.group_classes=group,groupOfNames,groupOfUniqueNames,dynamicGroup,dynamicGroupAux,groupWiseDistributionList,Top >>> I also tried this configuration >>> xwiki.authentication.ldap.group_classes=groupOfNames,Top,groupOfNames >>> xwiki.authentication.ldap.group_memberfields=member,equivalentToMe >>>> and this again, is the group in LDAP >>>> dn: > cn=Admin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore >>> DirXML-Associations: > cn=AUTH-IDV,cn=DriverSet,ou=IDM,ou=system,o=wlgore#1#{E21DA9D4-FD4F-944c-40BA-E21DA9D4FD4F} >>> equivalentToMe: cn=a22094,ou=associates,ou=users,o=wlgore >>> objectClass: groupOfNames >>> objectClass: Top >>> member: cn=a22094,ou=associates,ou=users,o=wlgore >>> description: XWiki Admin Group >>> cn: Admin >>>> Not sure if I understand your last mail in regards to you adding some >> more >>> logs. >> Can you download and try last snapshot core 1.6 jar at http://maven.xwiki.org/snapshots/com/xpn/xwiki/platform/xwiki-core/1.6-SNAP… >> . >> You should get more informations on what append, this will help us to >> see what is the problem. >>>> Thanks >>> Thomas >>>>>>> "Thomas Mortagne" <thomas.mortagne(a)xwiki.com> >>> Sent by: users-bounces(a)xwiki.org >>> 19.11.2008 10:43 >>> Please respond to >>> XWiki Users <users(a)xwiki.org> >>>>> To >>> "XWiki Users" <users(a)xwiki.org> >>> cc >>>> Subject >>> Re: [xwiki-users] LDAP Groupmembers not updated to XWiki-Groups >>>>>>>>> In the meantime, are you sure that group_classes and >>> group_memberfields has the right values for your LDAP schema ? >>>> On Wed, Nov 19, 2008 at 10:42 AM, Thomas Mortagne >>> <thomas.mortagne(a)xwiki.com> wrote: >>>> On Wed, Nov 19, 2008 at 8:44 AM, Thomas Zwitanowitsch >>>> <tzwitano(a)wlgore.com> wrote: >>>>> Hi Thomas, >>>>>>>> Yes, there is an entry on this, but it looks like it doesn't find >>>>> anything. >>>>>>>> ldap.XWikiLDAPUtils - Retrieving Members of the group: >>>>> cn=MSOE,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore >>>>> ldap.XWikiLDAPUtils - Found group >>>> [cn=MSOE,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore] >>>>> members :{} >>>>> ldap.XWikiLDAPUtils - Retrieving Members of the group: >>>> cn=Admin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore >>>>> ldap.XWikiLDAPUtils - Found group >>>> [cn=Admin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore] >>>>> members :{} >>>>> ldap.XWikiLDAPUtils - Retrieving Members of the group: >>>> cn=MedFabAdmin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore >>>>> ldap.XWikiLDAPUtils - Found group >>>> [cn=MedFabAdmin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore] >>>>> members :{} >>>>> ldap.XWikiLDAPUtils - Retrieving Members of the group: >>>> cn=MedFabUser,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore >>>>> ldap.XWikiLDAPUtils - Found group >>>> [cn=MedFabUser,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore] >>>>> members :{} >>>>>>>>>>> The Admin-group in LDAP looks like this: >>>>>>>> dn: >>>> cn=Admin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore >>>>> DirXML-Associations: >>>> cn=AUTH-IDV,cn=DriverSet,ou=IDM,ou=system,o=wlgore#1#{E21DA9D4-FD4F-944c-40BA-E21DA9D4FD4F} >>>>> equivalentToMe: cn=a12345,ou=associates,ou=users,o=wlgore >>>>> objectClass: groupOfNames >>>>> objectClass: Top >>>>> member: cn=a12345,ou=associates,ou=users,o=wlgore >>>>> description: XWiki Admin Group >>>>> cn: Admin >>>>>>>> So I see no reason for it not finding the members. In regards to the >>> group >>>>> cache, I already set it to 60s just to make sure it's being refreshed >> - >>>>> with no effect. >>>>>> Ok them let me add some more log for your particular case and commit >>>> for you to try to find why it can't find any LDAP group's member.. >>>>>>>>>> Thanks! >>>>> Thomas >>>>>>>>>>>>>>>>> "Thomas Mortagne" <thomas.mortagne(a)xwiki.com> >>>>> Sent by: users-bounces(a)xwiki.org >>>>> 18.11.2008 18:26 >>>>> Please respond to >>>>> XWiki Users <users(a)xwiki.org> >>>>>>>>>>> To >>>>> "XWiki Users" <users(a)xwiki.org> >>>>> cc >>>>>>>> Subject >>>>> Re: [xwiki-users] LDAP Groupmembers not updated to XWiki-Groups >>>>>>>>>>>>>>>>>>>>>>> Hi, >>>>>>>> On Tue, Nov 18, 2008 at 5:39 PM, Thomas Zwitanowitsch >>>>> <tzwitano(a)wlgore.com> wrote: >>>>>> Hi, >>>>>>>>>> I've updated from 1.5.2 to 1.6.1. After this, I found all groups >>> beeing >>>>>> empty - so no users were there anymore. >>>>>>>>>> As result I started mapping LDAP groups to XWiki groups to let XWiki >>>>>> populate the memberships again - I was planning this anyway. >>>>>>>>>> For some reason XWiki is not able to get the groups members and I >>> cannot >>>>>> understand why. Also it is not putting my user in the XWiki.AllGroup >> - >>>>>> still my groups do not have any member. >>>>>>>>>>>> Can you see "Retrieving Members of the group..." anywhere in the whole >>> log >>>>> ? >>>>>>>> In your log I only see "Found group" which should means the group >>>>> cache already contains the group members. >>>>>>>>> This are the logs: >>>>>>>>>> DEBUG LDAP.XWikiLDAPAuthServiceImpl - Updating existing user with >>> LDAP >>>>>> attribues located at cn=a12345,ou=associates,ou=users,o=wlgore >>>>>> DEBUG ldap.XWikiLDAPConfig - Ready to create user from >> LDAP >>>>>> with fields >>>>>>>> last_name=sn,first_name=givenName,fullname=fullName,email=mail,ldap_dn=dn >>>>>> DEBUG ldap.XWikiLDAPConfig - Groupmapping found: >>>>>> XWiki.XWikiAdminGroup >>>>> cn=Admin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore >>>>>> DEBUG ldap.XWikiLDAPConfig - Groupmapping found: >>>>>> XWiki.MSOEGroup >>>>> cn=MSOE,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore >>>>>> DEBUG ldap.XWikiLDAPConfig - Groupmapping found: >>>>>> XWiki.MedicalFabricsAdmGroup >>>>>>>> cn=MedFabAdmin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore >>>>>> DEBUG ldap.XWikiLDAPConfig - Groupmapping found: >>>>>> XWiki.MedicalFabricsGroup >>>>>>>> cn=MedFabUser,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore for following XWiki.MedicalFabricsAdmGroup >>>>>> DEBUG LDAP.XWikiLDAPAuthServiceImpl - XWiki.MedicalFabricsGroup >>>>>> DEBUG LDAP.XWikiLDAPAuthServiceImpl - XWiki.TrillrAdmin >>>>>> DEBUG LDAP.XWikiLDAPAuthServiceImpl - XWiki.TrillrUser >>>>>> DEBUG LDAP.XWikiLDAPAuthServiceImpl - XWiki.XWikiAdminGroup >>>>>> DEBUG LDAP.XWikiLDAPAuthServiceImpl - XWiki.XWikiAllGroup >>>>>> DEBUG ldap.XWikiLDAPUtils - Found group >>>>>>>> [cn=MSOE,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore] >>>>>> members :{} >>>>>> DEBUG ldap.XWikiLDAPUtils - Found group >>>>>>>> [cn=Admin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore] >>>>>> members :{} >>>>>> DEBUG ldap.XWikiLDAPUtils - Found group >>>>>>>> [cn=MedFabAdmin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore] >>>>>> members :{} >>>>>> DEBUG ldap.XWikiLDAPUtils - Found group >>>>>>>> [cn=MedFabUser,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore] >>>>>> members :{} >>>>>>>>>> This is my config: >>>>>>>>>> #-# new LDAP authentication service >>>>>>>> xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl >>>>>>>>>> #-# Turn LDAP authentication on - otherwise only XWiki authentication >>>>>> #-# 0: disable >>>>>> #-# 1: enable >>>>>> xwiki.authentication.ldap=1 >>>>>>>>>> #-# Force to check password after LDAP connection >>>>>> #-# 0: disable >>>>>> #-# 1: enable >>>>>> xwiki.authentication.ldap.validate_password=0 >>>>>>>>>> #-# only members of the following group will be verified in the LDAP >>>>>> # otherwise only users that are found after searching starting from >>> the >>>>>> base_DN >>>>>> #xwiki.authentication.ldap.user_group=o=wlgore >>>>>>>>>> #-# base DN for searches >>>>>> #xwiki.authentication.ldap.base_DN=o=wlgore >>>>>>>>>> #-# Specifies the LDAP attribute containing the identifier to be used >>> as >>>>>> the XWiki name (default=cn) >>>>>> xwiki.authentication.ldap.UID_attr=uid >>>>>>>>>> #-# [SINCE 1.5M1, XWikiLDAPAuthServiceImpl] >>>>>> #-# Specifies the LDAP attribute containing the password to be used >>>>> "when >>>>>> xwiki.authentication.ldap.validate_password" is set to 1 >>>>>> # xwiki.authentication.ldap.password_field=userPassword >>>>>>>>>> #-# [SINCE 1.5M1, XWikiLDAPAuthServiceImpl] >>>>>> #-# The potential LDAP groups classes. Separated by commas. >>>>>>>> xwiki.authentication.ldap.group_classes=group,groupOfNames,groupOfUniqueNames,dynamicGroup,dynamicGroupAux,groupWiseDistributionList,Top >>>>>> #xwiki.authentication.ldap.group_classes=groupOfNames,Top,groupOfNames >>>>>>>>>> #-# [SINCE 1.5M1, XWikiLDAPAuthServiceImpl] >>>>>> #-# The potential names of the LDAP groups fields containings the >>>>> members. >>>>>> Separated by commas. >>>>>> xwiki.authentication.ldap.group_memberfields=member,equivalentToMe >>>>>>>>>> #-# retrieve the following fields from LDAP and store them in the >>> XWiki >>>>>> user object (xwiki-attribute=ldap-attribute) >>>>>> #-# ldap_dn=dn -- dn is set by class, caches dn in XWiki.user object >>>>> for >>>>>> faster access >>>>>>>> xwiki.authentication.ldap.fields_mapping=last_name=sn,first_name=givenName,fullname=fullName,email=mail,ldap_dn=dn >>>>>>>>>> #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] >>>>>> #-# on every login update the mapped attributes from LDAP to XWiki >>>>>> otherwise this happens only once when the XWiki account is created. >>>>>> xwiki.authentication.ldap.update_user=1 >>>>>>>>>> #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] >>>>>> #-# mapps XWiki groups to LDAP groups, separator is "|" >>>>>>>> xwiki.authentication.ldap.group_mapping=XWiki.XWikiAdminGroup=cn=Admin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore|\ >>>>>>>> XWiki.MSOEGroup=cn=MSOE,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore|\ >>>>>>>> XWiki.MedicalFabricsAdmGroup=cn=MedFabAdmin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore|\ >>>>>>>> XWiki.MedicalFabricsGroup=cn=MedFabUser,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore >>>>>>>>>> #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] >>>>>> #-# time in s after which the list of members in a group is refreshed >>>>> from >>>>>> LDAP (default=3600*6) >>>>>> xwiki.authentication.ldap.groupcache_expiration=60 >>>>>>>>>> #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] >>>>>> #-# - create : synchronize group membership only when the user is >>> first >>>>>> created >>>>>> #-# - always: synchronize on every login >>>>>> xwiki.authentication.ldap.mode_group_sync=always >>>>>>>>>> #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] >>>>>> #-# if ldap authentication fails for any reason, try XWiki DB >>>>>> authentication with the same credentials >>>>>> xwiki.authentication.ldap.trylocal=1 >>>>>>>>>> Thanks! >>>>>> Thomas >>>>>> _______________________________________________ >>>>>> users mailing list >>>>>> users(a)xwiki.org >>>>>> http://lists.xwiki.org/mailman/listinfo/users >>>>>>>>>>>>>>>>>> -- >>>>> Thomas Mortagne >>>>> _______________________________________________ >>>>> users mailing list >>>>> users(a)xwiki.org >>>>> http://lists.xwiki.org/mailman/listinfo/users >>>>>>>> _______________________________________________ >>>>> users mailing list >>>>> users(a)xwiki.org >>>>> http://lists.xwiki.org/mailman/listinfo/users >>>>>>>>>>>>> -- >>>> Thomas Mortagne >>>>>>>> -- >>> Thomas Mortagne >>> _______________________________________________ >>> users mailing list >>> users(a)xwiki.org >>> http://lists.xwiki.org/mailman/listinfo/users >>>> _______________________________________________ >>> users mailing list >>> users(a)xwiki.org >>> http://lists.xwiki.org/mailman/listinfo/users >>> -- >> Thomas Mortagne >> _______________________________________________ >> users mailing list >> users(a)xwiki.org >> http://lists.xwiki.org/mailman/listinfo/users >> _______________________________________________ >> users mailing list >> users(a)xwiki.org >> http://lists.xwiki.org/mailman/listinfo/users > > > > -- > Thomas Mortagne > -- Thomas Mortagne _______________________________________________ users mailing list users(a)xwiki.org http://lists.xwiki.org/mailman/listinfo/users _______________________________________________ users mailing list users(a)xwiki.org http://lists.xwiki.org/mailman/listinfo/users

We're using Novell's eDirectory. I thought of the same thing that lowercase could be a problem. But on the other side the "member"

is all lowercase - only "equivalentToMe" is mixed case. And I just tried it to only map it to "member" with no change.

Here are the new logs: bstractXWikiMigrationManager - No storage migration required since current version is [7351] ldap.XWikiLDAPConfig - ldap_group_classes: [groupofnames, group, top, dynamicgroupaux, groupofuniquenames, groupwisedistributionlist, dynamicgroup] ldap.XWikiLDAPConfig - ldap_group_memberfields: [equivalenttome, member] ldap.XWikiLDAPConnection - Connection to LDAP server [heffalump.wlgore.com:389] ldap.XWikiLDAPConnection - Binding to LDAP server with

login=[cn=intranet_proxy,ou=proxy-users,ou=system,o=wlgore] password=[***********] LDAP.XWikiLDAPAuthServiceImpl - Found user dn with the user object:

ldap.XWikiLDAPConfig - Ready to create user from LDAP with fields

ldap.XWikiLDAPUtils - Searching for the user in LDAP: user:tzwitano base: query:(uid=tzwitano) uid:uid ldap.XWikiLDAPConnection - LDAP search: baseDN=[] query=[(uid=tzwitano)] attr=[[sn, givenName, fullName, mail, dn]] ldapScope=[2] ldap.XWikiLDAPConnection - LDAP search found attributes:

ldap.XWikiLDAPConfig - Ready to create user from LDAP with fields

ldap.XWikiLDAPConfig - Groupmapping found: XWiki.XWikiAdminGroup cn=Admin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore ldap.XWikiLDAPConfig - Groupmapping found: XWiki.MSOEGroup cn=MSOE,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore ldap.XWikiLDAPConfig - Groupmapping found: XWiki.MedicalFabricsAdmGroup

ldap.XWikiLDAPConfig - Groupmapping found: XWiki.MedicalFabricsGroup

LDAP.XWikiLDAPAuthServiceImpl - Updating group membership for the

tzwitano LDAP.XWikiLDAPAuthServiceImpl - The user belongs to following XWiki groups: LDAP.XWikiLDAPAuthServiceImpl - XWiki.XWikiAllGroup LDAP.XWikiLDAPAuthServiceImpl - All defined XWiki groups: LDAP.XWikiLDAPAuthServiceImpl - XWiki.MSOEGroup LDAP.XWikiLDAPAuthServiceImpl - XWiki.MedicalFabricsAdmGroup LDAP.XWikiLDAPAuthServiceImpl - XWiki.MedicalFabricsGroup LDAP.XWikiLDAPAuthServiceImpl - XWiki.TrillrAdmin LDAP.XWikiLDAPAuthServiceImpl - XWiki.TrillrUser LDAP.XWikiLDAPAuthServiceImpl - XWiki.XWikiAdminGroup LDAP.XWikiLDAPAuthServiceImpl - XWiki.XWikiAllGroup ldap.XWikiLDAPUtils - Retrieving Members of the group: cn=MSOE,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore ldap.XWikiLDAPConnection - LDAP search:

query=[null] attr=[[objectClass, uid, equivalenttome, member]] ldapScope=[0] ldap.XWikiLDAPConnection - LDAP search found attributes:

query=[null] attr=[[objectClass, uid, equivalenttome, member]] ldapScope=[0] ldap.XWikiLDAPConnection - LDAP search found attributes:

query=[null] attr=[[objectClass, uid, equivalenttome, member]] ldapScope=[0] ldap.XWikiLDAPConnection - LDAP search found attributes:

query=[null] attr=[[objectClass, uid, equivalenttome, member]] ldapScope=[0] ldap.XWikiLDAPConnection - LDAP search found attributes:

>>>>> equivalentToMe: cn=a12345,ou=associates,ou=users,o=wlgore >>>>> objectClass: groupOfNames >>>>> objectClass: Top >>>>> member: cn=a12345,ou=associates,ou=users,o=wlgore >>>>> description: XWiki Admin Group >>>>> cn: Admin >>>>> >>>>> So I see no reason for it not finding the members. In regards to

refreshed XWiki XWiki.AllGroup whole >>> log >>>>> ? >>>>> >>>>> In your log I only see "Found group" which should means the group >>>>> cache already contains the group members. >>>>> >>>>>> This are the logs: >>>>>> >>>>>> DEBUG LDAP.XWikiLDAPAuthServiceImpl - Updating existing user

authentication LDAP >>>>>> # otherwise only users that are found after searching starting

used >>> as >>>>>> the XWiki name (default=cn) >>>>>> xwiki.authentication.ldap.UID_attr=uid >>>>>> >>>>>> #-# [SINCE 1.5M1, XWikiLDAPAuthServiceImpl] >>>>>> #-# Specifies the LDAP attribute containing the password to be

>>>>>> >>>>>> #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] >>>>>> #-# on every login update the mapped attributes from LDAP to XWiki >>>>>> otherwise this happens only once when the XWiki account is

refreshed -- Thomas Mortagne _______________________________________________ users mailing list users(a)xwiki.org http://lists.xwiki.org/mailman/listinfo/users _______________________________________________ users mailing list users(a)xwiki.org http://lists.xwiki.org/mailman/listinfo/users

I tweaked the test class a bit to conform the settings I have in my "normal" wiki setup: LDAP search:

query=[null] attr=[[objectClass, uid, member, uniquemember]]

{name=dn

{name=member value=cn=a12345,ou=associates,ou=users,o=wlgore} {name=member value=cn=a12341,ou=associates,ou=users,o=wlgore} {name=member value=cn=a12342,ou=associates,ou=users,o=wlgore} {name=member value=cn=a12343,ou=partners,ou=non-associates,ou=users,o=wlgore} {name=member value=cn=a12344,ou=associates,ou=users,o=wlgore} {name=objectClass value=groupOfNames} {name=objectClass value=Top} I does now exactly the same LDAP search as printed out and it is still

returning anything. Which methods are called when performing the group-fetch? Maybe I used the wrong ones? Did you have a chance to look into your code?

Thanks! Thomas "Thomas Mortagne" <thomas.mortagne(a)xwiki.com> Sent by: users-bounces(a)xwiki.org 19.11.2008 14:14 Please respond to XWiki Users <users(a)xwiki.org> To "XWiki Users" <users(a)xwiki.org> cc Subject Re: [xwiki-users] LDAP Groupmembers not updated to XWiki-Groups On Wed, Nov 19, 2008 at 1:22 PM, Thomas Zwitanowitsch <tzwitano(a)wlgore.com> wrote: attribute > is all lowercase - only "equivalentToMe" is mixed case. And I just

Right you should get "name" at least. It's weird than you get the "objectClass" attributes and not the "name". I don't have more ideas of what can be the problem yet. Do the LDAP user have right to list LDAP groups ? credentials null

[{name=dn > value=cn=a12345,ou=associates,ou=users,o=wlgore}, {name=sn > value=Zwitanowitsch}, {name=mail value=tzwitano(a)wlgore.com}, > {name=givenName value=Thomas}, {name=fullName value=Thomas

> }] > LDAP.XWikiLDAPAuthServiceImpl - LDAP attributes will be used to

> ldap.XWikiLDAPConfig - Groupmapping found: > XWiki.XWikiAdminGroup >

user:

[{name=dn

> members :{} > ldap.XWikiLDAPUtils - Retrieving Members of the group: >

[{name=dn

[{name=dn

[{name=dn

>>>> I also tried this configuration >>>>

>>>> xwiki.authentication.ldap.group_memberfields=member,equivalentToMe >>>> >>>> and this again, is the group in LDAP >>>> >>>> dn: >>>> >

>>>> equivalentToMe: cn=a22094,ou=associates,ou=users,o=wlgore >>>> objectClass: groupOfNames >>>> objectClass: Top >>>> member: cn=a22094,ou=associates,ou=users,o=wlgore >>>> description: XWiki Admin Group >>>> cn: Admin >>>> >>>> Not sure if I understand your last mail in regards to you adding

cn=MSOE,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore

>>>>>> members :{} >>>>>> ldap.XWikiLDAPUtils - Retrieving Members of the group: >>>>>> >>>> >

>>>>>> members :{} >>>>>> >>>>>> >>>>>> The Admin-group in LDAP looks like this: >>>>>> >>>>>> dn: >>>>>> >>>> >

the >>>> group >>>>>> cache, I already set it to 60s just to make sure it's being > refreshed >>> - >>>>>> with no effect. >>>>> >>>>> Ok them let me add some more log for your particular case and

with

>>>>>>> DEBUG ldap.XWikiLDAPConfig - Groupmapping found: >>>>>>> XWiki.XWikiAdminGroup >>>>>>> >>>> >

from used

>>>>>>> >>>

>>>>>>> >>>>>>> #-# [SINCE 1.5M1, XWikiLDAPAuthServiceImpl] >>>>>>> #-# The potential names of the LDAP groups fields containings the >>>>>> members. >>>>>>> Separated by commas. >>>>>>>

>>>>>>> >>>>>>> #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] >>>>>>> #-# on every login update the mapped attributes from LDAP to

created.

-- Thomas Mortagne _______________________________________________ users mailing list users(a)xwiki.org http://lists.xwiki.org/mailman/listinfo/users _______________________________________________ users mailing list users(a)xwiki.org http://lists.xwiki.org/mailman/listinfo/users

Actually I am not setting the GroupMemberFields at all - it's using the defaults 'member' and 'unqiuemember'. The user is the same as in wiki

has read-access to everywhere. I found another problem. Since the upgrade from 1.5.2 to 1.6.1 I cannot access or see any members in any group anymore. Tried to delet and re-create with no effect. Maybe this is related?

Thanks! Thomas "Thomas Mortagne" <thomas.mortagne(a)xwiki.com> Sent by: users-bounces(a)xwiki.org 20.11.2008 20:06 Please respond to XWiki Users <users(a)xwiki.org> To "XWiki Users" <users(a)xwiki.org> cc Subject Re: [xwiki-users] LDAP Groupmembers not updated to XWiki-Groups On Thu, Nov 20, 2008 at 3:08 PM, Thomas Zwitanowitsch <tzwitano(a)wlgore.com> wrote:

ldapScope=[0]

not LDAP Authenticator use exactly the same method. The only things I see that could be different here are: - the user which is used to access the LDAP server - the case of the group members fields names. Are you using lower case ?

tried

Zwitanowitsch update

cn=Admin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore >> ldap.XWikiLDAPConfig - Groupmapping found: XWiki.MSOEGroup >>

>> LDAP.XWikiLDAPAuthServiceImpl - Updating group membership for the > user: >> tzwitano >> LDAP.XWikiLDAPAuthServiceImpl - The user belongs to following XWiki >> groups: >> LDAP.XWikiLDAPAuthServiceImpl - XWiki.XWikiAllGroup >> LDAP.XWikiLDAPAuthServiceImpl - All defined XWiki groups: >> LDAP.XWikiLDAPAuthServiceImpl - XWiki.MSOEGroup >> LDAP.XWikiLDAPAuthServiceImpl - XWiki.MedicalFabricsAdmGroup >> LDAP.XWikiLDAPAuthServiceImpl - XWiki.MedicalFabricsGroup >> LDAP.XWikiLDAPAuthServiceImpl - XWiki.TrillrAdmin >> LDAP.XWikiLDAPAuthServiceImpl - XWiki.TrillrUser >> LDAP.XWikiLDAPAuthServiceImpl - XWiki.XWikiAdminGroup >> LDAP.XWikiLDAPAuthServiceImpl - XWiki.XWikiAllGroup >> ldap.XWikiLDAPUtils - Retrieving Members of the group: >>

>>>> {name=objectClass value=groupOfNames}, {name=objectClass value=Top}] >>>> >>>> Do you need the other lines as well? >>> >>> I just improved the log to see exactly what attributes names are used >>> in the search (in place of [[Ljava.lang.String;@178f36a]), you try

xwiki.authentication.ldap.group_classes=groupOfNames,Top,groupOfNames cn=Admin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore

some

> >> >>>> . >>>> You should get more informations on what append, this will help us

>>>> see what is the problem. >>>> >>>>> >>>>> Thanks >>>>> Thomas >>>>> >>>>> >>>>> >>>>> >>>>> "Thomas Mortagne" <thomas.mortagne(a)xwiki.com> >>>>> Sent by: users-bounces(a)xwiki.org >>>>> 19.11.2008 10:43 >>>>> Please respond to >>>>> XWiki Users <users(a)xwiki.org> >>>>> >>>>> >>>>> To >>>>> "XWiki Users" <users(a)xwiki.org> >>>>> cc >>>>> >>>>> Subject >>>>> Re: [xwiki-users] LDAP Groupmembers not updated to XWiki-Groups >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> In the meantime, are you sure that group_classes and >>>>> group_memberfields has the right values for your LDAP schema ? >>>>> >>>>> On Wed, Nov 19, 2008 at 10:42 AM, Thomas Mortagne >>>>> <thomas.mortagne(a)xwiki.com> wrote: >>>>>> On Wed, Nov 19, 2008 at 8:44 AM, Thomas Zwitanowitsch >>>>>> <tzwitano(a)wlgore.com> wrote: >>>>>>> Hi Thomas, >>>>>>> >>>>>>> Yes, there is an entry on this, but it looks like it doesn't find >>>>>>> anything. >>>>>>> >>>>>>> ldap.XWikiLDAPUtils - Retrieving Members of the

>>>>>>> members :{} >>>>>>> ldap.XWikiLDAPUtils - Retrieving Members of the

cn=Admin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore

>>>>>>> members :{} >>>>>>> ldap.XWikiLDAPUtils - Retrieving Members of the

>>>>>>> members :{} >>>>>>> ldap.XWikiLDAPUtils - Retrieving Members of the

commit >>>>>> for you to try to find why it can't find any LDAP group's member.. >>>>>> >>>>>>> >>>>>>> Thanks! >>>>>>> Thomas >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> "Thomas Mortagne" <thomas.mortagne(a)xwiki.com> >>>>>>> Sent by: users-bounces(a)xwiki.org >>>>>>> 18.11.2008 18:26 >>>>>>> Please respond to >>>>>>> XWiki Users <users(a)xwiki.org> >>>>>>> >>>>>>> >>>>>>> To >>>>>>> "XWiki Users" <users(a)xwiki.org> >>>>>>> cc >>>>>>> >>>>>>> Subject >>>>>>> Re: [xwiki-users] LDAP Groupmembers not updated to XWiki-Groups >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> Hi, >>>>>>> >>>>>>> On Tue, Nov 18, 2008 at 5:39 PM, Thomas Zwitanowitsch >>>>>>> <tzwitano(a)wlgore.com> wrote: >>>>>>>> Hi, >>>>>>>> >>>>>>>> I've updated from 1.5.2 to 1.6.1. After this, I found all groups >>>>> beeing >>>>>>>> empty - so no users were there anymore. >>>>>>>> >>>>>>>> As result I started mapping LDAP groups to XWiki groups to let >> XWiki >>>>>>>> populate the memberships again - I was planning this anyway. >>>>>>>> >>>>>>>> For some reason XWiki is not able to get the groups members and

>>>>> cannot >>>>>>>> understand why. Also it is not putting my user in the >> XWiki.AllGroup >>>> - >>>>>>>> still my groups do not have any member. >>>>>>>> >>>>>>> >>>>>>> Can you see "Retrieving Members of the group..." anywhere in the >> whole >>>>> log >>>>>>> ? >>>>>>> >>>>>>> In your log I only see "Found group" which should means the group >>>>>>> cache already contains the group members. >>>>>>> >>>>>>>> This are the logs: >>>>>>>> >>>>>>>> DEBUG LDAP.XWikiLDAPAuthServiceImpl - Updating existing user > with >>>>> LDAP >>>>>>>> attribues located at cn=a12345,ou=associates,ou=users,o=wlgore >>>>>>>> DEBUG ldap.XWikiLDAPConfig - Ready to create user

cn=Admin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore >>>>>>>> DEBUG ldap.XWikiLDAPConfig - Groupmapping found: >>>>>>>> XWiki.MSOEGroup >>>>>>>> >>>>> >>

>>>>>>>> DEBUG LDAP.XWikiLDAPAuthServiceImpl - Updating group

>> for >>>>>>> the >>>>>>>> user: tzwitano >>>>>>>> DEBUG LDAP.XWikiLDAPAuthServiceImpl - The user belongs to >> following >>>>>>>> XWiki groups: >>>>>>>> DEBUG LDAP.XWikiLDAPAuthServiceImpl - XWiki.XWikiAllGroup >>>>>>>> DEBUG LDAP.XWikiLDAPAuthServiceImpl - All defined XWiki

>>>>>>>> DEBUG LDAP.XWikiLDAPAuthServiceImpl - XWiki.MSOEGroup >>>>>>>> DEBUG LDAP.XWikiLDAPAuthServiceImpl - >> XWiki.MedicalFabricsAdmGroup >>>>>>>> DEBUG LDAP.XWikiLDAPAuthServiceImpl -

#xwiki.authentication.ldap.group_classes=groupOfNames,Top,groupOfNames >>>>>>>> >>>>>>>> #-# [SINCE 1.5M1, XWikiLDAPAuthServiceImpl] >>>>>>>> #-# The potential names of the LDAP groups fields containings

xwiki.authentication.ldap.group_memberfields=member,equivalentToMe >>>>>>>> >>>>>>>> #-# retrieve the following fields from LDAP and store them in

>>>>>>>> >>>>>>>> #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] >>>>>>>> #-# time in s after which the list of members in a group is >> refreshed >>>>>>> from >>>>>>>> LDAP (default=3600*6) >>>>>>>> xwiki.authentication.ldap.groupcache_expiration=60 >>>>>>>> >>>>>>>> #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] >>>>>>>> #-# - create : synchronize group membership only when the user

-- Thomas Mortagne _______________________________________________ users mailing list users(a)xwiki.org http://lists.xwiki.org/mailman/listinfo/users _______________________________________________ users mailing list users(a)xwiki.org http://lists.xwiki.org/mailman/listinfo/users

When you edit the groups with object editor, do you see the users in it

I am not able to add any user to any group - however I sometimes get an error that the user I try to add already is in the group, but I cannot

it. The groups are all empty, even XWikiAllGroup.

Yes, I see this wouldn't make sense, but wanted to mention it as I am

not even able to grant access with local authorization anymore... Only superadmin works...

Don't have any idea what to do next. Any possibility to reset wiki, without loosing content?

Do you think I should try 1.7M3?

"Thomas Mortagne" <thomas.mortagne(a)xwiki.com> Sent by: users-bounces(a)xwiki.org 21.11.2008 10:48 Please respond to XWiki Users <users(a)xwiki.org> To "XWiki Users" <users(a)xwiki.org> cc Subject Re: [xwiki-users] LDAP Groupmembers not updated to XWiki-Groups On Fri, Nov 21, 2008 at 9:52 AM, Thomas Zwitanowitsch <tzwitano(a)wlgore.com> wrote: and What do you means ? All XWiki groups are empty ? Or the any XWiki group page is blank ? Anyway even if you have some problem on XWiki side it should not break the call to LDAP search.

>>> ldap.XWikiLDAPConfig - Groupmapping found: >>> XWiki.XWikiAdminGroup >>> >

cn=MSOE,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore

cn=MSOE,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore

>>> members :{} >>> ldap.XWikiLDAPUtils - Retrieving Members of the group: >>> >

>>> members :{} >>> >>> >>> >>> >>> "Thomas Mortagne" <thomas.mortagne(a)xwiki.com> >>> Sent by: users-bounces(a)xwiki.org >>> 19.11.2008 13:11 >>> Please respond to >>> XWiki Users <users(a)xwiki.org> >>> >>> >>> To >>> "XWiki Users" <users(a)xwiki.org> >>> cc >>> >>> Subject >>> Re: [xwiki-users] LDAP Groupmembers not updated to XWiki-Groups >>> >>> >>> >>> >>> >>> >>> By the way Maybe your already said it but which LDAP server are you >>> using ? The attributes are lower cased by XWiki to not depends on the >>> case of attributes when manipulating them. It's generaly not a

>>>>> {name=objectClass value=groupOfNames}, {name=objectClass

>>>>> >>>>> Do you need the other lines as well? >>>> >>>> I just improved the log to see exactly what attributes names are

the

>>>>>> I also tried this configuration >>>>>> > xwiki.authentication.ldap.group_classes=groupOfNames,Top,groupOfNames >>>>>> xwiki.authentication.ldap.group_memberfields=member,equivalentToMe >>>>>> >>>>>> and this again, is the group in LDAP >>>>>> >>>>>> dn: >>>>>> >>> >

to >>>>> see what is the problem. >>>>> >>>>>> >>>>>> Thanks >>>>>> Thomas >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> "Thomas Mortagne" <thomas.mortagne(a)xwiki.com> >>>>>> Sent by: users-bounces(a)xwiki.org >>>>>> 19.11.2008 10:43 >>>>>> Please respond to >>>>>> XWiki Users <users(a)xwiki.org> >>>>>> >>>>>> >>>>>> To >>>>>> "XWiki Users" <users(a)xwiki.org> >>>>>> cc >>>>>> >>>>>> Subject >>>>>> Re: [xwiki-users] LDAP Groupmembers not updated to XWiki-Groups >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> In the meantime, are you sure that group_classes and >>>>>> group_memberfields has the right values for your LDAP schema ? >>>>>> >>>>>> On Wed, Nov 19, 2008 at 10:42 AM, Thomas Mortagne >>>>>> <thomas.mortagne(a)xwiki.com> wrote: >>>>>>> On Wed, Nov 19, 2008 at 8:44 AM, Thomas Zwitanowitsch >>>>>>> <tzwitano(a)wlgore.com> wrote: >>>>>>>> Hi Thomas, >>>>>>>> >>>>>>>> Yes, there is an entry on this, but it looks like it doesn't

group: >>>>>>>> >>>>> >>

group: >>>>>>>> >>>>>> >>> >

group:

group:

>>>>>>>> members :{} >>>>>>>> >>>>>>>> >>>>>>>> The Admin-group in LDAP looks like this: >>>>>>>> >>>>>>>> dn: >>>>>>>> >>>>>> >>> >

>>>>>>>> equivalentToMe: cn=a12345,ou=associates,ou=users,o=wlgore >>>>>>>> objectClass: groupOfNames >>>>>>>> objectClass: Top >>>>>>>> member: cn=a12345,ou=associates,ou=users,o=wlgore >>>>>>>> description: XWiki Admin Group >>>>>>>> cn: Admin >>>>>>>> >>>>>>>> So I see no reason for it not finding the members. In regards to >> the >>>>>> group >>>>>>>> cache, I already set it to 60s just to make sure it's being >>> refreshed >>>>> - >>>>>>>> with no effect. >>>>>>> >>>>>>> Ok them let me add some more log for your particular case and > commit >>>>>>> for you to try to find why it can't find any LDAP group's

>>>>>>> >>>>>>>> >>>>>>>> Thanks! >>>>>>>> Thomas >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> "Thomas Mortagne" <thomas.mortagne(a)xwiki.com> >>>>>>>> Sent by: users-bounces(a)xwiki.org >>>>>>>> 18.11.2008 18:26 >>>>>>>> Please respond to >>>>>>>> XWiki Users <users(a)xwiki.org> >>>>>>>> >>>>>>>> >>>>>>>> To >>>>>>>> "XWiki Users" <users(a)xwiki.org> >>>>>>>> cc >>>>>>>> >>>>>>>> Subject >>>>>>>> Re: [xwiki-users] LDAP Groupmembers not updated to XWiki-Groups >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> Hi, >>>>>>>> >>>>>>>> On Tue, Nov 18, 2008 at 5:39 PM, Thomas Zwitanowitsch >>>>>>>> <tzwitano(a)wlgore.com> wrote: >>>>>>>>> Hi, >>>>>>>>> >>>>>>>>> I've updated from 1.5.2 to 1.6.1. After this, I found all

I >>>>>> cannot >>>>>>>>> understand why. Also it is not putting my user in the >>> XWiki.AllGroup >>>>> - >>>>>>>>> still my groups do not have any member. >>>>>>>>> >>>>>>>> >>>>>>>> Can you see "Retrieving Members of the group..." anywhere in the >>> whole >>>>>> log >>>>>>>> ? >>>>>>>> >>>>>>>> In your log I only see "Found group" which should means the

from

>>>>>>>>> DEBUG ldap.XWikiLDAPConfig - Groupmapping found: >>>>>>>>> XWiki.XWikiAdminGroup >>>>>>>>> >>>>>> >>> >

cn=MSOE,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore

membership groups: XWiki.MedicalFabricsGroup

>>>>>>>>> >>>>>>>>> #-# Turn LDAP authentication on - otherwise only XWiki >>> authentication >>>>>>>>> #-# 0: disable >>>>>>>>> #-# 1: enable >>>>>>>>> xwiki.authentication.ldap=1 >>>>>>>>> >>>>>>>>> #-# Force to check password after LDAP connection >>>>>>>>> #-# 0: disable >>>>>>>>> #-# 1: enable >>>>>>>>> xwiki.authentication.ldap.validate_password=0 >>>>>>>>> >>>>>>>>> #-# only members of the following group will be verified in the >>> LDAP >>>>>>>>> # otherwise only users that are found after searching starting >> from >>>>>> the >>>>>>>>> base_DN >>>>>>>>> #xwiki.authentication.ldap.user_group=o=wlgore >>>>>>>>> >>>>>>>>> #-# base DN for searches >>>>>>>>> #xwiki.authentication.ldap.base_DN=o=wlgore >>>>>>>>> >>>>>>>>> #-# Specifies the LDAP attribute containing the identifier to

the the

is -- Thomas Mortagne _______________________________________________ users mailing list users(a)xwiki.org http://lists.xwiki.org/mailman/listinfo/users _______________________________________________ users mailing list users(a)xwiki.org http://lists.xwiki.org/mailman/listinfo/users

The local authorization works now again - however I am still not seeing the users of a group in the "normal" view. Again, is there a way to reset XWiki without loosing content?

I created a local setup of XWiki 1.6.1 with the same configuration and the same issues. It is still not returning the group's members...

"Thomas Mortagne" <thomas.mortagne(a)xwiki.com> Sent by: users-bounces(a)xwiki.org 21.11.2008 11:09 Please respond to XWiki Users <users(a)xwiki.org> To "XWiki Users" <users(a)xwiki.org> cc Subject Re: [xwiki-users] LDAP Groupmembers not updated to XWiki-Groups On Fri, Nov 21, 2008 at 10:55 AM, Thomas Zwitanowitsch <tzwitano(a)wlgore.com> wrote: see When you edit the groups with object editor, do you see the users in it ? now Looks like there is something really wrong here. You can reimport the default XE xar for 1.6.1 (on http://www.xwiki.org/xwiki/bin/view/Main/Download) if you only added content and not modified default one (you can filter the one you modified when importing). 1.7M3 is a little instable right now on some new stuffs that has been added so I can't advise you to use it for production. But you can anyway try the standalone distribution at least to see if you still have LDAP and users/groups problems. Maybe this will help us to understand what is wrong. baseDN=[cn=MedFabAdmin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore] value=cn=MedFabAdmin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore} utils.ldapUtils.setGroupMemberFields(Arrays.asList("member","equivalenttome")) last_name=sn,first_name=givenName,fullname=fullName,email=mail,ldap_dn=dn last_name=sn,first_name=givenName,fullname=fullName,email=mail,ldap_dn=dn cn=Admin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore cn=MedFabAdmin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore cn=MedFabUser,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore baseDN=[cn=MSOE,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore] value=cn=MSOE,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore}, [cn=MSOE,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore] cn=Admin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore baseDN=[cn=Admin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore] value=cn=Admin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore}, [cn=Admin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore] cn=MedFabAdmin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore baseDN=[cn=MedFabAdmin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore] value=cn=MedFabAdmin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore}, [cn=MedFabAdmin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore] cn=MedFabUser,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore baseDN=[cn=MedFabUser,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore] value=cn=MedFabUser,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore}, [cn=MedFabUser,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore] problem [cn=Admin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore] cn=MedFabAdmin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore baseDN=[cn=MedFabAdmin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore] value=cn=MedFabAdmin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore}, value=Top}] used xwiki.authentication.ldap.group_classes=group,groupOfNames,groupOfUniqueNames,dynamicGroup,dynamicGroupAux,groupWiseDistributionList,Top cn=Admin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore cn=AUTH-IDV,cn=DriverSet,ou=IDM,ou=system,o=wlgore#1#{E21DA9D4-FD4F-944c-40BA-E21DA9D4FD4F} http://maven.xwiki.org/snapshots/com/xpn/xwiki/platform/xwiki-core/1.6-SNAP… find cn=MSOE,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore [cn=MSOE,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore] cn=Admin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore [cn=Admin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore] cn=MedFabAdmin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore [cn=MedFabAdmin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore] cn=MedFabUser,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore [cn=MedFabUser,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore] cn=Admin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore cn=AUTH-IDV,cn=DriverSet,ou=IDM,ou=system,o=wlgore#1#{E21DA9D4-FD4F-944c-40BA-E21DA9D4FD4F} member.. groups group last_name=sn,first_name=givenName,fullname=fullName,email=mail,ldap_dn=dn cn=Admin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore cn=MedFabAdmin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore cn=MedFabUser,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore [cn=MSOE,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore] [cn=Admin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore] [cn=MedFabAdmin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore] [cn=MedFabUser,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore] xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl be xwiki.authentication.ldap.group_classes=group,groupOfNames,groupOfUniqueNames,dynamicGroup,dynamicGroupAux,groupWiseDistributionList,Top xwiki.authentication.ldap.fields_mapping=last_name=sn,first_name=givenName,fullname=fullName,email=mail,ldap_dn=dn xwiki.authentication.ldap.group_mapping=XWiki.XWikiAdminGroup=cn=Admin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore|\ XWiki.MSOEGroup=cn=MSOE,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore|\ XWiki.MedicalFabricsAdmGroup=cn=MedFabAdmin,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore|\ XWiki.MedicalFabricsGroup=cn=MedFabUser,ou=XWiki,ou=Corp,ou=Links,ou=extranet_access,ou=groups,o=wlgore -- Thomas Mortagne _______________________________________________ users mailing list users(a)xwiki.org http://lists.xwiki.org/mailman/listinfo/users _______________________________________________ users mailing list users(a)xwiki.org http://lists.xwiki.org/mailman/listinfo/users

The local authorization works now again - however I am still not seeing the users of a group in the "normal" view. Again, is there a way to reset XWiki without loosing content?