1 Apr
2010
1 Apr
'10
1:23 p.m.
HiThomas,
I did read the link that you provided before I posted the first time on the
mailing list.
Well, as I said, I am not a networking guy so I have been doing a lot of
trial and error.
You mentioned that this does not look like AD...which part are you referring
to - The Active Directory Setup or the configuration changes I made to
xwiki.cfg LDAP properties.
I've tried many combinations that I could using internet & some help from
people who know networking.
I am stuck with the bind_dn username, bind_dn password & base_dn.
Also, as I previously mentioned, I don't know if {0} is just a symbolic
representation where I need to insert my own username or it has to be left
as it is & XWiki will do the conversion of {0} to a valid username.
I have not created an OU. Do I have to create one or is the default "Users"
an OU.
I replaced CN with sAMAccountName but that too didn't help.
I am so new to this concept, I probably don't know even the right questions
to ask.
Any help, as always, would be much appreciated.
Thanks Thomas.
Message: 5
Date: Thu, 1 Apr 2010 11:00:56 +0200
From: Thomas Mortagne <thomas.mortagne(a)xwiki.com>
Subject: Re: [xwiki-users] LDAP Configuration Help Needed
To: XWiki Users <users(a)xwiki.org>
Message-ID:
<p2ua8e97d9c1004010200r5e1ad934id41849e096ab523(a)mail.gmail.com>
Content-Type: text/plain; charset=UTF-8
(Sorry for the previous message, gmail shortcuts...)
On Thu, Apr 1, 2010 at 10:58, Thomas Mortagne <thomas.mortagne(a)xwiki.com>
wrote:
This eally doe snot looks like AD. Did you looked at
http://platform.xwiki.org/xwiki/bin/view/AdminGuide/LDAPAuthenticationUseCas
es#HActive20Directory
?
That should be your first read, not the mailing list...
On Thu, Apr 1, 2010 at 05:46, Dilipkumar Jadhav
<jadhav.dilipkumar(a)gmail.com> wrote:
> Hello folks,
>
> I need some help with a topic that has been discussed very often on the
> mailing list - LDAP.
>
> I've tried going through most of the posts on the mailing list but since
I
> am not a networking guy, I've had lot of
trouble understanding the basic
> terminology involved with LDAP & AD.
>
>
>
> The AD that we've on production environment is available only through SSL
> which I know will be a bigger challenge to configure with XWiki. Hence,
to
> start with, I would like to connect my XWiki with
the MS Active Directory
I
> setup on my test machine.
>
>
>
> With some help, I managed to create a Active Directory. Also, I am able
to
> connect to this AD using Apache Directory Browser.
So this confirms that
the
> AD is working fine.
>
> Both the AD and XWiki are installed on the same machine.
>
>
>
> Now, I tried changing the xwiki.cfg LDAP properties but I am unable to
login
using any of
the users I created in AD. Moreover, I lost my default Admin
credentials for the Wiki (UN:Admin & PW:admin doesn't work anymore).
The configuration is as follows:
xwiki.authentication.ldap=1
xwiki.authentication.ldap.server=127.0.0.1
xwiki.authentication.ldap.port=389
xwiki.authentication.ldap.base_DN=dc=dilip,dc=com
xwiki.authentication.ldap.bind_DN=cn={0},dc=dilip,dc=com
>
> xwiki.authentication.ldap.bind_pass={1}
>
> xwiki.authentication.ldap.UID_attr=cn
Again, nothing to do with AD here.
>
>
xwiki.authentication.ldap.fields_mapping=name=cn,last_name=sn,first_name=giv
>> enName,fullname=displayName,mail=cn,ldap_dn=dn
>
>
>>
>> And the AD structure can be loosely described as follows:
>
>
>>
>> dilip.com
>>
>> ? ? ? ?-----Builtin
>>
>> ? ? ? ?-----Computers
>>
>> ? ? ? ?-----Domain Controllers
>>
>> ? ? ? ?-----ForeignSecurityPrincipals
>>
>> ? ? ? ?-----Users
>>
>> All my users are listed under the "Users" node including Windows
>> administrator called "Administrator" with password "redhat".
>
>
>>
>> Does the {0} need to be replaced with an actual username & {1} replaced
with
>> actual password. Could someone please have a look at my configuration
>> settings & probably suggest some changes. I am sure I've missed
something
>> somewhere.
>
>
>>
>> Thank you for your valuable time.
>>
>> _______________________________________________
>> users mailing list
>> users(a)xwiki.org
>> http://lists.xwiki.org/mailman/listinfo/users
>>
>
>
>
> --
> Thomas Mortagne
>
--
Thomas Mortagne
------------------------------
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
End of users Digest, Vol 33, Issue 1
************************************
1 Apr
1 Apr
2:08 p.m.
New subject: [xwiki-users] LDAP Configuration Help Needed
On Thu, Apr 1, 2010 at 13:23, Dilipkumar Jadhav
<jadhav.dilipkumar(a)gmail.com> wrote:
HiThomas,
I did read the link that you provided before I posted the first time on the
mailing list.
Well, as I said, I am not a networking guy so I have been doing a lot of
trial and error.
You mentioned that this does not look like AD...which part are you referring
to - The Active Directory Setup or the configuration changes I made to
xwiki.cfg LDAP properties.
I'm referring to what was just before my comment, xwiki.cfg
configuration and the link i mentioned contains only xwiki.cfg
configuration. I have no idea how to configure an AD server.
If you look at it you will see
xwiki.authentication.ldap.bind_DN=subdomain\\{0}
xwiki.authentication.ldap.UID_attr=sAMAccountName
which both are very different than what you written in the
configuration you posted in the mail. The configuration you can find
in the link is the one I always seen people use with standard AD.
Did you put the right "subdomain" ? That part depends on the domain
you configured AD with. Same thing for base_DN, each resource in an
LDAP have a DN and base_DN is usually the common part between all
theses DNs and it should lokk like what you can find on the
documentation: dc=<some subdomain>,dc=<some domain>,dc=<some suffix>
for example dc=ldap, dc=xwiki,dc=org
I have no idea where to find theses on Active Directoy UI because i
never used AD itself myself, just configured LDAP authenticator for it
with information someone gave me.
If you don't have any special configuration in your AD I think you
should use the exact same configuration you can find in
http://platform.xwiki.org/xwiki/bin/view/AdminGuide/LDAPAuthenticationUseCa…
and just chance informations related to the domain to set up for your
AD (AD domain, and the root DN).
I've tried many combinations that I could using
internet & some help from
people who know networking.
I am stuck with the bind_dn username, bind_dn password & base_dn.
Also, as I previously mentioned, I don't know if {0} is just a symbolic
representation where I need to insert my own username or it has to be left
as it is & XWiki will do the conversion of {0} to a valid username.
In the documentation you can find
"ad{0} where {0} will be replaced by username during validation" which
is pretty clear to me that {0} is dynamically replaced by the
authentication module and not by you. Same thing for the password
part.
I have not created an OU. Do I have to create one or
is the default "Users"
an OU.
I don't see any OU used in the documentation, just the dc part and
only in the base_DN, as you can see bind_DN contains the AD special
syntaxe with just the AD domain of the user and {0} to insert the
login the type in the login form.
I replaced CN with sAMAccountName but that too
didn't help.
I am so new to this concept, I probably don't know even the right questions
to ask.
Any help, as always, would be much appreciated.
You can also enable debug logging to know what exactly happen suring
LDAP authentication to know what is the issue (faild to connect to
LDAP server, unable to find user, ...). See
http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication#HEnableL…
Thanks Thomas.
Message: 5
Date: Thu, 1 Apr 2010 11:00:56 +0200
From: Thomas Mortagne <thomas.mortagne(a)xwiki.com>
Subject: Re: [xwiki-users] LDAP Configuration Help Needed
To: XWiki Users <users(a)xwiki.org>
Message-ID:
<p2ua8e97d9c1004010200r5e1ad934id41849e096ab523(a)mail.gmail.com>
Content-Type: text/plain; charset=UTF-8
(Sorry for the previous message, gmail shortcuts...)
On Thu, Apr 1, 2010 at 10:58, Thomas Mortagne <thomas.mortagne(a)xwiki.com>
wrote:
This eally doe snot looks like AD. Did you looked at
http://platform.xwiki.org/xwiki/bin/view/AdminGuide/LDAPAuthenticationUseCas
es#HActive20Directory
?
That should be your first read, not the mailing list...
--
Thomas Mortagne
On Thu, Apr 1, 2010 at 05:46, Dilipkumar Jadhav
<jadhav.dilipkumar(a)gmail.com> wrote:
> Hello folks,
>
> I need some help with a topic that has been discussed very often on the
> mailing list - LDAP.
>
> I've tried going through most of the posts on the mailing list but since
I
> am not a networking guy, I've had lot of
trouble understanding the basic
> terminology involved with LDAP & AD.
>
>
>
> The AD that we've on production environment is available only through SSL
> which I know will be a bigger challenge to configure with XWiki. Hence,
to
> start with, I would like to connect my XWiki
with the MS Active Directory
I
> setup on my test machine.
>
>
>
> With some help, I managed to create a Active Directory. Also, I am able
to
> connect to this AD using Apache Directory
Browser. So this confirms that
the
> AD is working fine.
>
> Both the AD and XWiki are installed on the same machine.
>
>
>
> Now, I tried changing the xwiki.cfg LDAP properties but I am unable to
login
using any
of the users I created in AD. Moreover, I lost my default Admin
credentials for the Wiki (UN:Admin & PW:admin doesn't work anymore).
The configuration is as follows:
xwiki.authentication.ldap=1
xwiki.authentication.ldap.server=127.0.0.1
xwiki.authentication.ldap.port=389
xwiki.authentication.ldap.base_DN=dc=dilip,dc=com
xwiki.authentication.ldap.bind_DN=cn={0},dc=dilip,dc=com
>
> xwiki.authentication.ldap.bind_pass={1}
>
> xwiki.authentication.ldap.UID_attr=cn
Again, nothing to do with AD here.
>
>
xwiki.authentication.ldap.fields_mapping=name=cn,last_name=sn,first_name=giv
>> enName,fullname=displayName,mail=cn,ldap_dn=dn
>
>
>>
>> And the AD structure can be loosely described as follows:
>
>
>>
>> dilip.com
>>
>> ? ? ? ?-----Builtin
>>
>> ? ? ? ?-----Computers
>>
>> ? ? ? ?-----Domain Controllers
>>
>> ? ? ? ?-----ForeignSecurityPrincipals
>>
>> ? ? ? ?-----Users
>>
>> All my users are listed under the "Users" node including Windows
>> administrator called "Administrator" with password "redhat".
>
>
>>
>> Does the {0} need to be replaced with an actual username & {1} replaced
with
>> actual password. Could someone please have a look at my configuration
>> settings & probably suggest some changes. I am sure I've missed
something
>> somewhere.
>
>
>>
>> Thank you for your valuable time.
>>
>> _______________________________________________
>> users mailing list
>> users(a)xwiki.org
>> http://lists.xwiki.org/mailman/listinfo/users
>>
>
>
>
> --
> Thomas Mortagne
>
--
Thomas Mortagne
------------------------------
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
End of users Digest, Vol 33, Issue 1
************************************
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
5335
days inactive
5335
days old
1 comments
2 participants
participants (2)
-
Dilipkumar Jadhav -
Thomas Mortagne