Good morning. I've configured XWiki 1.1.1 on WebSphere, with LDAP (AD) as my authentication service. I imported the provided XAR file. to log in, I get this message: You are not allowed to view this document or perform this action. I log in as the superadmin, and see that my user shows up in Users and has been added to the XWikiAllGroup three times (not sure why three times). In the xwiki.log, I've turned the debug on for LDAP, and see this message at the bottom "Accept user even without account". What is wrong? Does the user need to have an account on the system before LDAP will work? How do I get it to not add the user to the XWikiAllGroup three times on each login? Patrick Here is the excerpt from xwiki.cfg: xwiki.authentication.ldap=1 xwiki.authentication.ldap.server=DCTWDPUS02.us.dci.discovery.com xwiki.authentication.ldap.check_level=1 xwiki.authentication.ldap.port=389 xwiki.authentication.ldap.base_DN=dc=us,dc=dci,dc=discovery,dc=com xwiki.authentication.ldap.bind_DN=US\\{0} xwiki.authentication.ldap.bind_pass={1} xwiki.authentication.ldap.UID_attr=sAMAccountName xwiki.authentication.ldap.fields_mapping=name=sAMAccountName,last_name=sn,first_name=givenName,fullname=displayName,mail=mail,ldap_dn=dn Here is the output in the xwiki.log file. It's a subset. If you need more, I can post it. 08:21:53,610 [WebContainer : 2] DEBUG LDAP.LDAPAuthServiceImpl - User authenticated successfully 08:21:53,623 [WebContainer : 2] DEBUG LDAP.LDAPAuthServiceImpl - Finding user pgardell 08:21:53,652 [WebContainer : 2] DEBUG LDAP.LDAPAuthServiceImpl - Ready to create user from LDAP 08:21:53,665 [WebContainer : 2] DEBUG LDAP.LDAPAuthServiceImpl - Ready to create user from LDAP with field name=sAMAccountName,last_name=sn,first_name=givenName,fullname=displayName,mail=mail,ldap_dn=dn 08:21:53,767 [WebContainer : 2] DEBUG LDAP.LDAPAuthServiceImpl - Create user from LDAP looking at field name 08:21:53,780 [WebContainer : 2] DEBUG LDAP.LDAPAuthServiceImpl - Create user from LDAP looking at field last_name 08:21:53,793 [WebContainer : 2] DEBUG LDAP.LDAPAuthServiceImpl - Create user from LDAP setting field last_name 08:21:53,809 [WebContainer : 2] DEBUG LDAP.LDAPAuthServiceImpl - Create user from LDAP looking at field first_name 08:21:53,822 [WebContainer : 2] DEBUG LDAP.LDAPAuthServiceImpl - Create user from LDAP setting field first_name 08:21:53,835 [WebContainer : 2] DEBUG LDAP.LDAPAuthServiceImpl - Create user from LDAP looking at field fullname 08:21:53,848 [WebContainer : 2] DEBUG LDAP.LDAPAuthServiceImpl - Create user from LDAP setting field fullname 08:21:53,861 [WebContainer : 2] DEBUG LDAP.LDAPAuthServiceImpl - Create user from LDAP looking at field mail 08:21:53,874 [WebContainer : 2] DEBUG LDAP.LDAPAuthServiceImpl - Create user from LDAP looking at field ldap_dn 08:21:53,890 [WebContainer : 2] DEBUG LDAP.LDAPAuthServiceImpl - Create user from LDAP setting field ldap_dn 08:21:54,084 [WebContainer : 2] DEBUG LDAP.LDAPAuthServiceImpl - Looking for user again pgardell 08:21:54,091 [WebContainer : 2] DEBUG LDAP.LDAPAuthServiceImpl - Finding user pgardell 08:21:54,659 [WebContainer : 2] DEBUG LDAP.LDAPAuthServiceImpl - Accept user even without account