Re: [xwiki-users] [xwiki-devs] LDAP Authentication
Hi Sharan, Thanks for the reminder ;) See below On Mon, Sep 8, 2008 at 11:09 PM, <[email protected]> wrote:
Hi!
Could anyone point to any additonal resources for LDAP Authentication. The XWiki doc http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication does not deal in complete detail on all the possible attributes that can be configured in xwiki.cfg. I have configured LDAP authentication for XWik but have Some questions that I could not find answers to from the docs.
1) How can the LDAP configuration be debugged for any issues. I followed the log4j settings from http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Logging . There is no LDAP related logging in the xwiki log. The xwiki log shows that the user was Authenticatied with Xwiki.FormAuthenticator e.g this is the message in the log " [P1-19] INFO xwiki.MyFormAuthenticator - User xwiki:XWiki.testuser5 has been logged-in" (not sure if this would internally call the LDAP class). However, since only the ldap users are being authenticated, I think the .XWikiLDAPAuthServiceImpl is being used.
I found on the web that com.xpn.xwiki.user.impl.LDAP=debug log seeting could be used for setting the LDAP loglevel to debug. However, this setting still does not log anything LDAP. Is this a valid setting for XWikiLDAPAuthServiceImpl? How can I conclusively say the authentication is done through LDAP?
Just added in http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication The specific targets for LDAP authentication are: log4j.logger.com.xpn.xwiki.plugin.ldap=debug log4j.logger.com.xpn.xwiki.user.impl.LDAP=debug The first line is for XWiki LDAP tools and the second is for authentitication process itself.
2)Is it possible to replicate the groups in LDAP to groups in XWIKI and replicate the corresponding groupmemberships for a user during login so that the authorization is done through XWiki based on the user's group association in LDAP?
Just added in http://platform.xwiki.org/xwiki/bin/view/AdminGuide/LDAPAuthenticationUseCas... You can use xwiki."authentication.ldap.group_mapping" to link LDAP groups to existing XWiki groups. The membership is updated when the user log in.
Thanks. Sharan.
----------------------------------------- This communication is for informational purposes only. It is not intended as an offer or solicitation for the purchase or sale of any financial instrument or as an official confirmation of any transaction. All market prices, data and other information are not warranted as to completeness or accuracy and are subject to change without notice. Any comments or statements made herein do not necessarily reflect those of JPMorgan Chase & Co., its subsidiaries and affiliates.
This transmission may contain information that is privileged, confidential, legally privileged, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. Although this transmission and any attachments are believed to be free of any virus or other defect that might affect any computer system into which it is received and opened, it is the responsibility of the recipient to ensure that it is virus free and no responsibility is accepted by JPMorgan Chase & Co., its subsidiaries and affiliates, as applicable, for any loss or damage arising in any way from its use. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you.
Please refer to http://www.jpmorgan.com/pages/disclosures for disclosures relating to UK legal entities. _______________________________________________ devs mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/devs
-- Thomas Mortagne
Sharan, you can use Wireshark for traversing any traffic, including LDAP. It's really good and is better than logging in that case. Quoting Thomas Mortagne : Hi Sharan, Thanks for the reminder ;) See below On Mon, Sep 8, 2008 at 11:09 PM, <[email protected]> wrote: > Hi! > > Could anyone point to any additonal resources for LDAP Authentication. The > XWiki doc > http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication does > not deal in complete detail on all the possible attributes that can be > configured in xwiki.cfg. I have configured LDAP authentication for XWik > but have Some questions that I could not find answers to from the docs. > > 1) How can the LDAP configuration be debugged for any issues. I > followed the log4j settings from > http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Logging . There is no > LDAP related logging in the xwiki log. The xwiki log shows that the > user was Authenticatied with Xwiki.FormAuthenticator e.g this is the > message in the log " [P1-19] INFO xwiki.MyFormAuthenticator - User > xwiki:XWiki.testuser5 has been logged-in" (not sure if this would > internally call the LDAP class). However, since only the ldap users are > being authenticated, I think the .XWikiLDAPAuthServiceImpl is being used. > > I found on the web that > com.xpn.xwiki.user.impl.LDAP=debug log seeting could be used for setting > the LDAP loglevel to debug. However, this setting still does not log > anything LDAP. Is this a valid setting for XWikiLDAPAuthServiceImpl? > How can I conclusively say the authentication is done through LDAP? Just added in http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication The specific targets for LDAP authentication are: log4j.logger.com.xpn.xwiki.plugin.ldap=debug log4j.logger.com.xpn.xwiki.user.impl.LDAP=debug The first line is for XWiki LDAP tools and the second is for authentitication process itself. > > 2)Is it possible to replicate the groups in LDAP to groups in XWIKI and > replicate the corresponding groupmemberships for a user during login so > that the authorization is done through XWiki based on the user's group > association in LDAP? Just added in http://platform.xwiki.org/xwiki/bin/view/AdminGuide/LDAPAuthenticationUseCas... You can use xwiki."authentication.ldap.group_mapping" to link LDAP groups to existing XWiki groups. The membership is updated when the user log in. > > Thanks. > Sharan. > > > ----------------------------------------- > This communication is for informational purposes only. It is not > intended as an offer or solicitation for the purchase or sale of > any financial instrument or as an official confirmation of any > transaction. All market prices, data and other information are not > warranted as to completeness or accuracy and are subject to change > without notice. Any comments or statements made herein do not > necessarily reflect those of JPMorgan Chase & Co., its subsidiaries > and affiliates. > > This transmission may contain information that is privileged, > confidential, legally privileged, and/or exempt from disclosure > under applicable law. If you are not the intended recipient, you > are hereby notified that any disclosure, copying, distribution, or > use of the information contained herein (including any reliance > thereon) is STRICTLY PROHIBITED. Although this transmission and any > attachments are believed to be free of any virus or other defect > that might affect any computer system into which it is received and > opened, it is the responsibility of the recipient to ensure that it > is virus free and no responsibility is accepted by JPMorgan Chase & > Co., its subsidiaries and affiliates, as applicable, for any loss > or damage arising in any way from its use. If you received this > transmission in error, please immediately contact the sender and > destroy the material in its entirety, whether in electronic or hard > copy format. Thank you. > > Please refer to http://www.jpmorgan.com/pages/disclosures for > disclosures relating to UK legal entities. > _______________________________________________ > devs mailing list > [email protected] > http://lists.xwiki.org/mailman/listinfo/devs > -- Thomas Mortagne _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users Ar cieņu, Mihails Links: ------ [1] mailto:[email protected]
Hi Mihails, I did not know Wireshark but it seems a good idea. Would be great if you could add something about it in http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication ;) 2008/9/10 Mihails Agafonovs <[email protected]>:
Sharan, you can use Wireshark for traversing any traffic, including LDAP. It's really good and is better than logging in that case. Quoting Thomas Mortagne : Hi Sharan, Thanks for the reminder ;) See below On Mon, Sep 8, 2008 at 11:09 PM, <[email protected]> wrote: > Hi! > > Could anyone point to any additonal resources for LDAP Authentication. The > XWiki doc > http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication does > not deal in complete detail on all the possible attributes that can be > configured in xwiki.cfg. I have configured LDAP authentication for XWik > but have Some questions that I could not find answers to from the docs. > > 1) How can the LDAP configuration be debugged for any issues. I > followed the log4j settings from > http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Logging . There is no > LDAP related logging in the xwiki log. The xwiki log shows that the > user was Authenticatied with Xwiki.FormAuthenticator e.g this is the > message in the log " [P1-19] INFO xwiki.MyFormAuthenticator - User > xwiki:XWiki.testuser5 has been logged-in" (not sure if this would > internally call the LDAP class). However, since only the ldap users are > being authenticated, I think the .XWikiLDAPAuthServiceImpl is being used. > > I found on the web that > com.xpn.xwiki.user.impl.LDAP=debug log seeting could be used for setting > the LDAP loglevel to debug. However, this setting still does not log > anything LDAP. Is this a valid setting for XWikiLDAPAuthServiceImpl? > How can I conclusively say the authentication is done through LDAP? Just added in http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication The specific targets for LDAP authentication are: log4j.logger.com.xpn.xwiki.plugin.ldap=debug log4j.logger.com.xpn.xwiki.user.impl.LDAP=debug The first line is for XWiki LDAP tools and the second is for authentitication process itself. > > 2)Is it possible to replicate the groups in LDAP to groups in XWIKI and > replicate the corresponding groupmemberships for a user during login so > that the authorization is done through XWiki based on the user's group > association in LDAP? Just added in http://platform.xwiki.org/xwiki/bin/view/AdminGuide/LDAPAuthenticationUseCas... You can use xwiki."authentication.ldap.group_mapping" to link LDAP groups to existing XWiki groups. The membership is updated when the user log in. > > Thanks. > Sharan. > > > ----------------------------------------- > This communication is for informational purposes only. It is not > intended as an offer or solicitation for the purchase or sale of > any financial instrument or as an official confirmation of any > transaction. All market prices, data and other information are not > warranted as to completeness or accuracy and are subject to change > without notice. Any comments or statements made herein do not > necessarily reflect those of JPMorgan Chase & Co., its subsidiaries > and affiliates. > > This transmission may contain information that is privileged, > confidential, legally privileged, and/or exempt from disclosure > under applicable law. If you are not the intended recipient, you > are hereby notified that any disclosure, copying, distribution, or > use of the information contained herein (including any reliance > thereon) is STRICTLY PROHIBITED. Although this transmission and any > attachments are believed to be free of any virus or other defect > that might affect any computer system into which it is received and > opened, it is the responsibility of the recipient to ensure that it > is virus free and no responsibility is accepted by JPMorgan Chase & > Co., its subsidiaries and affiliates, as applicable, for any loss > or damage arising in any way from its use. If you received this > transmission in error, please immediately contact the sender and > destroy the material in its entirety, whether in electronic or hard > copy format. Thank you. > > Please refer to http://www.jpmorgan.com/pages/disclosures for > disclosures relating to UK legal entities. > _______________________________________________ > devs mailing list > [email protected] > http://lists.xwiki.org/mailman/listinfo/devs > -- Thomas Mortagne _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users Ar cieņu, Mihails
Links: ------ [1] mailto:[email protected] _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users
-- Thomas Mortagne
Hi! Thomas, Just wanted to check if the LDAP Authenticator makes call to LDAP for authentication every time a page is accessed. When you turn the debug option for ldap on, it appears from the log that the ldap call is being made every time a page is accessed..Should not the call be made only during login? Is this the default behaviour? If so, is there a way this can be changed to do authentication only once.. otherwise, it can slow the site down to a great extent.. please advise Thanks. Sharan. "Thomas Mortagne" <[email protected]> Sent by: [email protected] 09/10/2008 04:55 AM Please respond to XWiki Users <[email protected]> To "XWiki Users" <[email protected]> cc Subject Re: [xwiki-users] [xwiki-devs] LDAP Authentication Hi Mihails, I did not know Wireshark but it seems a good idea. Would be great if you could add something about it in http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication ;) 2008/9/10 Mihails Agafonovs <[email protected]>:
Sharan, you can use Wireshark for traversing any traffic, including LDAP. It's really good and is better than logging in that case. Quoting Thomas Mortagne : Hi Sharan, Thanks for the reminder ;) See below On Mon, Sep 8, 2008 at 11:09 PM, <[email protected]> wrote: > Hi! > > Could anyone point to any additonal resources for LDAP Authentication. The > XWiki doc > http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication does > not deal in complete detail on all the possible attributes that can be > configured in xwiki.cfg. I have configured LDAP authentication for XWik > but have Some questions that I could not find answers to from the docs. > > 1) How can the LDAP configuration be debugged for any issues. I > followed the log4j settings from > http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Logging . There is no > LDAP related logging in the xwiki log. The xwiki log shows that the > user was Authenticatied with Xwiki.FormAuthenticator e.g this is the > message in the log " [P1-19] INFO xwiki.MyFormAuthenticator - User > xwiki:XWiki.testuser5 has been logged-in" (not sure if this would > internally call the LDAP class). However, since only the ldap users are > being authenticated, I think the .XWikiLDAPAuthServiceImpl is being used. > > I found on the web that > com.xpn.xwiki.user.impl.LDAP=debug log seeting could be used for setting > the LDAP loglevel to debug. However, this setting still does not log > anything LDAP. Is this a valid setting for XWikiLDAPAuthServiceImpl? > How can I conclusively say the authentication is done through LDAP? Just added in http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication The specific targets for LDAP authentication are: log4j.logger.com.xpn.xwiki.plugin.ldap=debug log4j.logger.com.xpn.xwiki.user.impl.LDAP=debug The first line is for XWiki LDAP tools and the second is for authentitication process itself. > > 2)Is it possible to replicate the groups in LDAP to groups in XWIKI and > replicate the corresponding groupmemberships for a user during login so > that the authorization is done through XWiki based on the user's group > association in LDAP? Just added in
http://platform.xwiki.org/xwiki/bin/view/AdminGuide/LDAPAuthenticationUseCas...
You can use xwiki."authentication.ldap.group_mapping" to link LDAP groups to existing XWiki groups. The membership is updated when the user log in. > > Thanks. > Sharan. > > > ----------------------------------------- > This communication is for informational purposes only. It is not > intended as an offer or solicitation for the purchase or sale of > any financial instrument or as an official confirmation of any > transaction. All market prices, data and other information are not > warranted as to completeness or accuracy and are subject to change > without notice. Any comments or statements made herein do not > necessarily reflect those of JPMorgan Chase & Co., its subsidiaries > and affiliates. > > This transmission may contain information that is privileged, > confidential, legally privileged, and/or exempt from disclosure > under applicable law. If you are not the intended recipient, you > are hereby notified that any disclosure, copying, distribution, or > use of the information contained herein (including any reliance > thereon) is STRICTLY PROHIBITED. Although this transmission and any > attachments are believed to be free of any virus or other defect > that might affect any computer system into which it is received and > opened, it is the responsibility of the recipient to ensure that it > is virus free and no responsibility is accepted by JPMorgan Chase & > Co., its subsidiaries and affiliates, as applicable, for any loss > or damage arising in any way from its use. If you received this > transmission in error, please immediately contact the sender and > destroy the material in its entirety, whether in electronic or hard > copy format. Thank you. > > Please refer to http://www.jpmorgan.com/pages/disclosures for > disclosures relating to UK legal entities. > _______________________________________________ > devs mailing list > [email protected] > http://lists.xwiki.org/mailman/listinfo/devs > -- Thomas Mortagne _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users Ar cieņu, Mihails
Links: ------ [1] mailto:[email protected] _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users
-- Thomas Mortagne _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users ----------------------------------------- This communication is for informational purposes only. It is not intended as an offer or solicitation for the purchase or sale of any financial instrument or as an official confirmation of any transaction. All market prices, data and other information are not warranted as to completeness or accuracy and are subject to change without notice. Any comments or statements made herein do not necessarily reflect those of JPMorgan Chase & Co., its subsidiaries and affiliates. This transmission may contain information that is privileged, confidential, legally privileged, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. Although this transmission and any attachments are believed to be free of any virus or other defect that might affect any computer system into which it is received and opened, it is the responsibility of the recipient to ensure that it is virus free and no responsibility is accepted by JPMorgan Chase & Co., its subsidiaries and affiliates, as applicable, for any loss or damage arising in any way from its use. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. Please refer to http://www.jpmorgan.com/pages/disclosures for disclosures relating to UK legal entities.
HI, Yes the authentication is checked for each page. In fact it's the default behavior of XWiki authentication in general. See http://jira.xwiki.org/jira/browse/XWIKI-2516 On Tue, Oct 7, 2008 at 1:55 AM, <[email protected]> wrote:
Hi! Thomas,
Just wanted to check if the LDAP Authenticator makes call to LDAP for authentication every time a page is accessed. When you turn the debug option for ldap on, it appears from the log that the ldap call is being made every time a page is accessed..Should not the call be made only during login? Is this the default behaviour? If so, is there a way this can be changed to do authentication only once.. otherwise, it can slow the site down to a great extent.. please advise Thanks. Sharan.
"Thomas Mortagne" <[email protected]> Sent by: [email protected] 09/10/2008 04:55 AM Please respond to XWiki Users <[email protected]>
To "XWiki Users" <[email protected]> cc
Subject Re: [xwiki-users] [xwiki-devs] LDAP Authentication
Hi Mihails,
I did not know Wireshark but it seems a good idea.
Would be great if you could add something about it in http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication ;)
2008/9/10 Mihails Agafonovs <[email protected]>:
Sharan, you can use Wireshark for traversing any traffic, including LDAP. It's really good and is better than logging in that case. Quoting Thomas Mortagne : Hi Sharan, Thanks for the reminder ;) See below On Mon, Sep 8, 2008 at 11:09 PM, <[email protected]> wrote: > Hi! > > Could anyone point to any additonal resources for LDAP Authentication. The > XWiki doc > http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication does > not deal in complete detail on all the possible attributes that can be > configured in xwiki.cfg. I have configured LDAP authentication for XWik > but have Some questions that I could not find answers to from the docs. > > 1) How can the LDAP configuration be debugged for any issues. I > followed the log4j settings from > http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Logging . There is no > LDAP related logging in the xwiki log. The xwiki log shows that the > user was Authenticatied with Xwiki.FormAuthenticator e.g this is the > message in the log " [P1-19] INFO xwiki.MyFormAuthenticator - User > xwiki:XWiki.testuser5 has been logged-in" (not sure if this would > internally call the LDAP class). However, since only the ldap users are > being authenticated, I think the .XWikiLDAPAuthServiceImpl is being used. > > I found on the web that > com.xpn.xwiki.user.impl.LDAP=debug log seeting could be used for setting > the LDAP loglevel to debug. However, this setting still does not log > anything LDAP. Is this a valid setting for XWikiLDAPAuthServiceImpl? > How can I conclusively say the authentication is done through LDAP? Just added in http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication The specific targets for LDAP authentication are: log4j.logger.com.xpn.xwiki.plugin.ldap=debug log4j.logger.com.xpn.xwiki.user.impl.LDAP=debug The first line is for XWiki LDAP tools and the second is for authentitication process itself. > > 2)Is it possible to replicate the groups in LDAP to groups in XWIKI and > replicate the corresponding groupmemberships for a user during login so > that the authorization is done through XWiki based on the user's group > association in LDAP? Just added in
http://platform.xwiki.org/xwiki/bin/view/AdminGuide/LDAPAuthenticationUseCas...
You can use xwiki."authentication.ldap.group_mapping" to link LDAP groups to existing XWiki groups. The membership is updated when the user log in. > > Thanks. > Sharan. > > > ----------------------------------------- > This communication is for informational purposes only. It is not > intended as an offer or solicitation for the purchase or sale of > any financial instrument or as an official confirmation of any > transaction. All market prices, data and other information are not > warranted as to completeness or accuracy and are subject to change > without notice. Any comments or statements made herein do not > necessarily reflect those of JPMorgan Chase & Co., its subsidiaries > and affiliates. > > This transmission may contain information that is privileged, > confidential, legally privileged, and/or exempt from disclosure > under applicable law. If you are not the intended recipient, you > are hereby notified that any disclosure, copying, distribution, or > use of the information contained herein (including any reliance > thereon) is STRICTLY PROHIBITED. Although this transmission and any > attachments are believed to be free of any virus or other defect > that might affect any computer system into which it is received and > opened, it is the responsibility of the recipient to ensure that it > is virus free and no responsibility is accepted by JPMorgan Chase & > Co., its subsidiaries and affiliates, as applicable, for any loss > or damage arising in any way from its use. If you received this > transmission in error, please immediately contact the sender and > destroy the material in its entirety, whether in electronic or hard > copy format. Thank you. > > Please refer to http://www.jpmorgan.com/pages/disclosures for > disclosures relating to UK legal entities. > _______________________________________________ > devs mailing list > [email protected] > http://lists.xwiki.org/mailman/listinfo/devs > -- Thomas Mortagne _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users Ar cieņu, Mihails
Links: ------ [1] mailto:[email protected] _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users
-- Thomas Mortagne _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users
----------------------------------------- This communication is for informational purposes only. It is not intended as an offer or solicitation for the purchase or sale of any financial instrument or as an official confirmation of any transaction. All market prices, data and other information are not warranted as to completeness or accuracy and are subject to change without notice. Any comments or statements made herein do not necessarily reflect those of JPMorgan Chase & Co., its subsidiaries and affiliates.
This transmission may contain information that is privileged, confidential, legally privileged, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. Although this transmission and any attachments are believed to be free of any virus or other defect that might affect any computer system into which it is received and opened, it is the responsibility of the recipient to ensure that it is virus free and no responsibility is accepted by JPMorgan Chase & Co., its subsidiaries and affiliates, as applicable, for any loss or damage arising in any way from its use. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you.
Please refer to http://www.jpmorgan.com/pages/disclosures for disclosures relating to UK legal entities. _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users
-- Thomas Mortagne
participants (3)
-
Mihails Agafonovs -
sharanabasavaraj.x.mudgal@jpmchase.com -
Thomas Mortagne