New subject: [xwiki-users] XWiki + OpenLDAP Invalid credentials problem

14 Jun 2012

...
  You sure it's exactly the same ? I don't see
how you can get "Binding
 to LDAP server with credentials login=[cn=xwiki]" with this
 configuration. It should indeicate
 "login=[uid=xwiki,ou=People,dc=debuntu,dc=local]". 

...
  Maybe you have some configuration set in
XWiki.XWikiPreferences page
 which override what you have in xwiki.cfg, did you tried the LDAP UI
 before seting xwiki.cfg ? 
You're right, I've tried the LDAP UI before setting the xwiki.cfg. I
removed it, but it seems that XWiki still stores those settings
somewhere. I uninstalled it earlier in web interface and even removed
directories such as
/var/lib/xwiki/data/extension/repository/org.xwiki.platform%3Axwiki-platform-ldap-ui/
and
/var/lib/xwiki/data/extension/repository/org.xwiki.platform%3Axwiki-platform-ldap-api/.
LDAP UI extension disappeared in web administration. But still I could
see in catalina.out that message "Binding to LDAP server with
credentials login=[cn=xwiki]", despite the fact my xwiki.cfg was
different.

I did 'locate ldap | grep xwiki' on serrver to find where it may be.
The only things it found are:
/usr/lib/xwiki/WEB-INF/lib/jldap-4.3.jar
/var/cache/tomcat6/Catalina/localhost/xwiki/aether-repository/com/novell/ldap
/var/cache/tomcat6/Catalina/localhost/xwiki/aether-repository/com/novell/ldap/jldap
/var/cache/tomcat6/Catalina/localhost/xwiki/aether-repository/com/novell/ldap/jldap/4.3
/var/cache/tomcat6/Catalina/localhost/xwiki/aether-repository/com/novell/ldap/jldap/4.3/_maven.repositories
/var/cache/tomcat6/Catalina/localhost/xwiki/aether-repository/com/novell/ldap/jldap/4.3/jldap-4.3.pom
/var/cache/tomcat6/Catalina/localhost/xwiki/aether-repository/com/novell/ldap/jldap/4.3/jldap-4.3.pom.sha1

I have no idea where does LDAP UI store its configuration.

Anyway, after your response, I've tried to install and configure XWiki
UI again (since I'm unable to fully remove its configuration),
according to your proposals. I got different output in catalina.out,
but still no luck:

2012-06-14 14:54:21,163
[http://10.1.0.220:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] TRACE
u.i.L.XWikiLDAPAuthServiceImpl - Starting LDAP authentication
2012-06-14 14:54:21,173
[http://10.1.0.220:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG
c.x.x.p.l.XWikiLDAPConfig      - ldap_group_classes: [groupofnames,
groupwisedistributionlist, dynamicgroup, dynamicgroupaux,
groupofuniquenames, group]
2012-06-14 14:54:21,173
[http://10.1.0.220:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG
c.x.x.p.l.XWikiLDAPConfig      - ldap_group_memberfields: [member,
uniquemember]
2012-06-14 14:54:21,200
[http://10.1.0.220:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG
c.x.x.p.l.XWikiLDAPConnection  - Connection to LDAP server
[127.0.0.1:389]
2012-06-14 14:54:21,209
[http://10.1.0.220:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG
c.x.x.p.l.XWikiLDAPConnection  - Binding to LDAP server with
credentials login=[uid=xwiki,ou=People,dc=debuntu,dc=local]
2012-06-14 14:54:21,244
[http://10.1.0.220:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG
u.i.L.XWikiLDAPAuthServiceImpl - Local LDAP authentication failed.
com.xpn.xwiki.plugin.ldap.XWikiLDAPException: Error number 0 in 5:
LDAP bind failed with LDAPException.
Wrapped Exception: Invalid Credentials
        at
com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:172)
~[xwiki-platform-legacy-oldcore-4.0.jar:na]
        at
com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:101)
~[xwiki-platform-legacy-oldcore-4.0.jar:na]
        at
com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticateInContext(XWikiLDAPAuthServiceImpl.java:305)
[xwiki-platform-legacy-oldcore-4.0.jar:na]
(exception same as before)
2012-06-14 14:54:21,245
[http://10.1.0.220:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG
u.i.L.XWikiLDAPAuthServiceImpl - Trying authentication against XWiki
DB
2012-06-14 14:54:21,276
[http://10.1.0.220:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG
u.i.L.XWikiLDAPAuthServiceImpl - LDAP authentication failed for user
[xwiki]
2012-06-14 14:54:21,356
[http://10.1.0.220:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] WARN
o.x.v.i.DefaultVelocityEngine  - Deprecated usage of method
[com.xpn.xwiki.api.XWiki.parseMessage] in /templates/login.vm@29,33

And here's my detailed configuration in XWiki's LDAP UI, as (like I
said) I didn't manage to remove it fully (and use xwiki.cfg instead):

LDAP
Yes

LDAP SERVER ADDRESS
127.0.0.1

LDAP SERVER PORT
389

LDAP LOGIN MATCHING
uid={0},ou=People,dc=debuntu,dc=local

LDAP PASSWORD MATCHING
{1}

RESTRICT TO GROUP

LDAP GROUP TO EXCLUDE

LDAP BASE DN
ou=People,dc=debuntu,dc=local

LDAP UID ATTRIBUTE NAME
uid

TRY LOCAL LOGIN
Yes

UPDATE USER FROM LDAP AFTER LOGIN
Yes

LDAP USER FIELDS MAPPING
name -> uid
last_name -> uid
first_name -> uid
fullname -> uid

LDAP GROUPS MAPPING

LDAP GROUPS CACHE EXPIRATION

WHEN TO SYNCHRONIZE LDAP GROUPS
At each authentication of a user

Is this wrong, or perhaps should I use only xwiki.cfg? If so, do you
know where can I find Xwiki's LDAP UI configuration files?

Thanks

Patricia

Re: [xwiki-users] XWiki + OpenLDAP Invalid credentials problem