29 Jun
2009
29 Jun
'09
12:04 p.m.
Hi all
I have recently installed Xwiki and have had difficulty with the above
mentioned topics. I have already searched through the site for solutions to
LDAP/Active directory issues but can't seem to find a solution.
I have turned on the logging for LDAP and it is telling me that I am
supplying Invalid Credentials, I don't see how this can be true seeing as I
have tried it with our server administrator account and received the same
error.
Does XWiki offer Admin approval for a new change to a page? We would like
to check the changes before they are put up on the Wiki.
Thanks
--
View this message in context:
http://n2.nabble.com/LDAP-Authentication-and-Admin-Approval-tp3173539p31735…
Sent from the XWiki- Users mailing list archive at Nabble.com.
29 Jun
29 Jun
1:15 p.m.
New subject: [xwiki-users] LDAP Authentication and Admin Approval
Le 29 juin 09 à 12:04, Reapepr a écrit :
Invalid credential : your bind to the ldap server failed (but invalid
credential error don't provide the explanation by itself).
Are you storing plain text password or hash values within your ldap
server ?
I suspect xwiki to send clear text password (over a secure channel
would you enable ldaps) so if you store hash values, the ldap server
compare the plain text password to the hash version, resulting in
invalid credential (password string being different).
HTH and sorry would this be not relevant to your referred issue (I'm
just a user ;-)).
30 Jun
30 Jun
9:49 a.m.
New subject: [xwiki-users] LDAP Authentication and Admin Approval
The server does hash the passwords so that could be the issue, though I had
thought the server would hash the incoming password request and then compare
it.
What does HTH mean?
--
View this message in context:
http://n2.nabble.com/LDAP-Authentication-and-Admin-Approval-tp3173539p31799…
Sent from the XWiki- Users mailing list archive at Nabble.com.
10:06 a.m.
New subject: [xwiki-users] LDAP Authentication and Admin Approval
Le 30 juin 09 à 09:49, Reapepr a écrit :
Try to add another "uniquePassword" attribute with a plain text
password for a user in the directiry, and retry authentication. If the
auth work, we identified the problem. Else the issue is elsewhere. You
need to test it.
I am experiencing the same issue (hash pwd in directory, and xwiki
sending plain text password). I guess the only way (without much work
around on the application itself) would be to add SASL mechanism in
front end to your directory (SASL would hash the password for the
directoiry, if I'm correct !). I couldn't test this idea however
(time :/) and therefore I am stuck at the very same point in xwiki
adoption.
What does HTH mean?
Hope This Helps ;-)
11:13 a.m.
New subject: [xwiki-users] LDAP Authentication and Admin Approval
On Tue, Jun 30, 2009 at 09:49, Reapepr<pbarnett(a)worth.org.uk> wrote:
Yes it's supposed to be LDAP server job to hash it before testing
except if you have a very specific server configuration, I always had
hashed paswords in openldap, apachds or activedirectory and never had
an issue. The clenat can't know which knd of hash the LDAP server is
using internally.
--
Thomas Mortagne
11:34 a.m.
New subject: [xwiki-users] LDAP Authentication and Admin Approval
Le 30 juin 09 à 11:13, Thomas Mortagne a écrit :
Yes I understand the architecture choice to lead to plain text pwd in
secured channels, and that's fine (clenat can't provide all past and
future hash mechanisms, neither the one to use with the connected
directory).
Nevertheless, I am using OpenLdap (slapd 2.4.11) with no specific
configuration, and nevertheless the ldap directiry does not hash the
plain text password sent :/
Would you have an idea on which specific option may prevent this
behavior, I can make some tests !
5726
days inactive
5727
days old
6 comments
3 participants
participants (3)
-
Christophe GRAVIER -
Reapepr -
Thomas Mortagne