On Fri, May 7, 2010 at 12:56, Florian Rhomberg <florian.rhomberg(a)nettania.at> wrote: Did you changed anythings ? It's exactly the same version ? Try to enable debug log (http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication#HEnableL…) and see what you get. -- Thomas Mortagne

Again, could you try to enable debug log and see what you have in the log, it should tel you exactly why authentication partly failed. BTW what version of XWiki is it ? On Fri, May 7, 2010 at 14:05, Florian Rhomberg <florian.rhomberg(a)nettania.at> wrote: -- Thomas Mortagne

Hi Florian, Where the log is stored is dictated by the line: log4j.appender.file.File=xwiki.log I found a copy of the log on my machine at /usr/local/jetty-6.1.3/xwiki.log so it looks like the default path is the jetty/tomcat main directory. you might be able to specify a path in the line: (I haven't tested.) log4j.appender.file.File=/home/user/Desktop/xwiki.log just make sure the user the container is running as has write access in the folder. Another option would be to log everything to the console (stdout) and start with a command line like java -jar start.jar > /var/log/xwiki/xwiki.log (starting jetty in unix) Caleb Florian Rhomberg wrote:

On Sun, May 9, 2010 at 00:12, Florian Rhomberg &lt;florian.rhomberg(a)nettania.at Whatever the issue with group mapping it's not supposed to fail the authentication. What version of XWiki are you using ? left. I thought that the group mapping ensures that the groupmembership of a You should be able to find everything you need to understand what exactly happen during an authentication. Send it here if you like and i will look at it. If the name of your group is "Lehrer" no need to search more what is your issue. You have to put the full XWiki group name, i.e the name of the page: XWiki.<name of the page containing the group> You have to put the full LDAP DN. Look at the link i gave you which point to http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Logging where you can find a proper XWiki log4j configuration. As you can see in the link i gave you , to get LDAP debug log you can put: log4j.logger.com.xpn.xwiki.plugin.ldap=debug log4j.logger.com.xpn.xwiki.user.impl.LDAP=debug > Thanks, > Florian > > -----Ursprüngliche Nachricht----- > Von: users-bounces(a)xwiki.org [mailto:users-bounces@xwiki.org] Im Auftrag > von Caleb James DeLisle > Gesendet: Samstag, 08. Mai 2010 10:17 > An: XWiki Users > Betreff: Re: [xwiki-users] LDAP Autentication do not work anymore > > Hi Florian, > Where the log is stored is dictated by the line: > log4j.appender.file.File=xwiki.log > I found a copy of the log on my machine at /usr/local/jetty-6.1.3/xwiki.log > so it looks like the default path is the jetty/tomcat main directory. > you might be able to specify a path in the line: (I haven't tested.) > log4j.appender.file.File=/home/user/Desktop/xwiki.log > just make sure the user the container is running as has write access in the > folder. > > Another option would be to log everything to the console (stdout) and start > with a command line like java -jar start.jar > /var/log/xwiki/xwiki.log > (starting jetty in unix) > > Caleb > > > > Florian Rhomberg wrote: > > Thank you for your response, I will do that but I have a question: Do I > have to enable the logging in XWiki. I found this page: > http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Logging There it is > said that the logging is already enabled at xwiki. But where does XWi,ki > store the logging file? I uses Tomcat 5 with mod_jk to apache, and both > packages are installed with the rpm manager. Is it possible to "tell" XWiki > where the logging file should be stored? I am not familiar with common > logging. > > > > Thanks, > > Florian > > > > -----Ursprüngliche Nachricht----- > > Von: users-bounces(a)xwiki.org [mailto:users-bounces@xwiki.org] Im > > Auftrag von Thomas Mortagne > > Gesendet: Freitag, 07. Mai 2010 15:31 > > An: XWiki Users > > Betreff: Re: [xwiki-users] LDAP Autentication do not work anymore > > > > Again, could you try to enable debug log and see what you have in the > > log, it should tel you exactly why authentication partly failed. > > > > BTW what version of XWiki is it ? > > > > On Fri, May 7, 2010 at 14:05, Florian Rhomberg > > &lt;florian.rhomberg(a)nettania.at> >> Hello! > >> It exactly the same version I only copied the whole XWiki folder from > one server to the other server. The only difference can be that we installed > the current Service Pack on our Windows 2008 server. But as I already said > on the first logon (the user don not exist in XWiki) all datas like the > Surname, Firstname, E-Mail address are transferred correctly from the Active > Directory. I tried with Softerra LDAP if an anonymous access to the LDAP is > possible but it is not possible. So XWiki can only get the user-data if the > connection to the LDAP works. On the server we also have Ilias which also > uses LDAP and it works without problems. > >> > >> I will post the xwiki.cfg settings beneath. > >> > >> Greetings, > >> Florian > >> > >> Xwiki.cfg: > >> > >> #-------------------------------------------------------------------- > >> ----------------- > >> # LDAP > >> #-------------------------------------------------------------------- > >> ----------------- > >> > >> #-# new LDAP authentication service > >> xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAP > >> AuthServiceImpl > >> > >> #-# Turn LDAP authentication on - otherwise only XWiki authentication > >> #-# 0: disable #-# 1: enable > >> xwiki.authentication.ldap=1 > >> > >> #-# LDAP Server (Active Directory, eDirectory, OpenLDAP, etc.) > >> xwiki.authentication.ldap.server=AD1.edv.domain.at > >> xwiki.authentication.ldap.port=389 > >> > >> #-# LDAP login, empty = anonymous access, otherwise specify full dn > >> #-# {0} is replaced with the username, {1} with the password > >> #xwiki.authentication.ldap.bind_DN=cn={0},department=USER,department= > >> INFORMATIK,department=1230,o=MP > >> #xwiki.authentication.ldap.bind_pass={1} > >> > >> xwiki.authentication.ldap.bind_DN=edv\\{0} > >> xwiki.authentication.ldap.bind_pass={1} > >> > >> > >> #-# Force to check password after LDAP connection #-# 0: disable #-# > >> 1: enable > >> xwiki.authentication.ldap.validate_password=0 > >> > >> #-# only members of the following group will be verified in the LDAP > >> #-# otherwise only users that are found after searching starting from > >> the base_DN # > >> xwiki.authentication.ldap.user_group=cn=developers,ou=groups,o=MegaNo > >> va,c=US > >> > >> #-# [Since 1.5RC1, XWikiLDAPAuthServiceImpl] #-# only users not > >> member of the following group can autheticate # > >> xwiki.authentication.ldap.exclude_group=cn=admin,ou=groups,o=MegaNova > >> ,c=US > >> > >> #-# base DN for searches > >> xwiki.authentication.ldap.base_DN=dc=edv,dc=domain=at > >> > >> #-# Specifies the LDAP attribute containing the identifier to be used > >> as the XWiki name (default=cn) # > >> xwiki.authentication.ldap.UID_attr=cn > >> > >> xwiki.authentication.ldap.UID_attr=sAMAccountName > >> > >> #-# [Since 1.5M1, XWikiLDAPAuthServiceImpl] #-# Specifies the LDAP > >> attribute containing the password to be used "when > >> xwiki.authentication.ldap.validate_password" is set to 1 # > >> xwiki.authentication.ldap.password_field=userPassword > >> > >> #-# [Since 1.5M1, XWikiLDAPAuthServiceImpl] #-# The potential LDAP > >> groups classes. Separated by commas. > >> # > >> xwiki.authentication.ldap.group_classes=group,groupOfNames,groupOfUni > >> queNames,dynamicGroup,dynamicGroupAux,groupWiseDistributionList > >> > >> #-# [Since 1.5M1, XWikiLDAPAuthServiceImpl] #-# The potential names > >> of the LDAP groups fields containings the members. Separated by commas. > >> # xwiki.authentication.ldap.group_memberfields=member,uniqueMember > >> > >> xwiki.authentication.ldap.group_memberfields=HTL-Lehrer > >> > >> #-# retrieve the following fields from LDAP and store them in the > >> XWiki user object (xwiki-attribute=ldap-attribute) > >> #xwiki.authentication.ldap.fields_mapping=last_name=sn,first_name=giv > >> enName,email=mail > >> > >> xwiki.authentication.ldap.fields_mapping=name=sAMAccountName,last_nam > >> e=sn,first_name=givenName,fullname=displayName,email=mail,ldap_dn=dn > >> > >> #-# [Since 1.3M2, XWikiLDAPAuthServiceImpl] #-# on every login update > >> the mapped attributes from LDAP to XWiki otherwise this happens only > once when the XWiki account is created. > >> xwiki.authentication.ldap.update_user=1 > >> > >> #-# [Since 1.3M2, XWikiLDAPAuthServiceImpl] #-# mapps XWiki groups to > >> LDAP groups, separator is "|" > >> # > xwiki.authentication.ldap.group_mapping=XWiki.XWikiAdminGroup=cn=AdminRole,ou=groups,o=MegaNova,c=US|\ > >> # > XWiki.Organisation=cn=testers,ou=groups,o=MegaNova,c=US > >> > >> #-# [Since 1.3M2, XWikiLDAPAuthServiceImpl] #-# time in s after which > >> the list of members in a group is refreshed from LDAP > >> (default=3600*6) > >> xwiki.authentication.ldap.groupcache_expiration=21800 > >> > >> #-# [Since 1.3M2, XWikiLDAPAuthServiceImpl] #-# - create : > >> synchronize group membership only when the user is first created #-# > >> - always: synchronize on every login > >> xwiki.authentication.ldap.mode_group_sync=always > >> > >> #-# [Since 1.3M2, XWikiLDAPAuthServiceImpl] #-# if ldap > >> authentication fails for any reason, try XWiki DB authentication with > >> the same credentials > >> xwiki.authentication.ldap.trylocal=1 > >> > >> -----Ursprüngliche Nachricht----- > >> Von: users-bounces(a)xwiki.org [mailto:users-bounces@xwiki.org] Im > >> Auftrag von Thomas Mortagne > >> Gesendet: Freitag, 07. Mai 2010 13:07 > >> An: XWiki Users > >> Betreff: Re: [xwiki-users] LDAP Autentication do not work anymore > >> > >> On Fri, May 7, 2010 at 12:56, Florian Rhomberg > >> &lt;florian.rhomberg(a)nettania.at> >>> Hello! > >>> Last week I was able to configure the XWiki authentication against an > Windows 2008 AD. Everything worked. Now I transferred the wiki from the test > system to the working environment and now the authentication do not work > anymore. If I try to log in with an AD User I get the message "invalid > Credentials". The strange thing is that if I use a user which has not ever > entered the XWiki I get the same message. But if I log in with the admin > account and look on the user list the user exists and all datas a correctly > transferred from the AD, therefore the connection works but I cannot enter. > What can be the reason for that, I do not understand this! > >> Did you changed anythings ? It's exactly the same version ? > >> > >> Try to enable debug log > >> (http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication#H > >> EnableLDAPdebuglog) > >> and see what you get. > >> > >>> Thanks, > >>> Florian > >>> _______________________________________________ > >>> users mailing list > >>> users(a)xwiki.org > >>> http://lists.xwiki.org/mailman/listinfo/users > >>> > >> > >> > >> -- > >> Thomas Mortagne > >> _______________________________________________ > >> users mailing list > >> users(a)xwiki.org > >> http://lists.xwiki.org/mailman/listinfo/users > >> _______________________________________________ > >> users mailing list > >> users(a)xwiki.org > >> http://lists.xwiki.org/mailman/listinfo/users > >> > > > > > > > > _______________________________________________ > users mailing list > users(a)xwiki.org > http://lists.xwiki.org/mailman/listinfo/users > _______________________________________________ > users mailing list > users(a)xwiki.org > http://lists.xwiki.org/mailman/listinfo/users > -- Thomas Mortagne