13 Aug
2008
13 Aug
'08
8:44 p.m.
We are trying to setup XWiki to work with LDAP via Active Directory. I
have the authentication working, but group_mapping seems to fail. I
cannot figure out the correct settings for the group mappings. Could
somebody help? Our cfg:
#
Kind regards,
Todd Getz
System Support Analyst
MTS Travel
124 East Main Street, 4th floor
Ephrata, PA 17522
800: 800-233-0157 x81352
Tel: 717-721-7352
Fax: 717-733-1009
Email: toddg(a)mtstravel.com
<http://www.mtstravel.com>
-----------------------------------------------------------------------
--------------
# LDAP
#-----------------------------------------------------------------------
--------------
#-# new LDAP authentication service
xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.LDAPAuthServ
iceImpl
#-# Turn LDAP authentication on - otherwise only XWiki authentication
#-# 0: disable
#-# 1: enable
xwiki.authentication.ldap=1
#-# LDAP Server (Active Directory, eDirectory, OpenLDAP, etc.)
xwiki.authentication.ldap.server=10.1.1.186
xwiki.authentication.ldap.port=389
#-# LDAP login, empty = anonymous access, otherwise specify full dn
#-# {0} is replaced with the username, {1} with the password
xwiki.authentication.ldap.bind_DN=mts\\{0}
xwiki.authentication.ldap.bind_pass={1}
#-# Force to check password after LDAP connection
#-# 0: disable
#-# 1: enable
xwiki.authentication.ldap.validate_password=0
#-# only members of the following group will be verified in the LDAP
# otherwise only users that are found after searching starting from the
base_DN
xwiki.authentication.ldap.user_group=cn=WebAllMTS,ou=ChatGroups,ou=accou
nts,dc=mtstravel,dc=com
#-# base DN for searches
xwiki.authentication.ldap.base_DN=dc=ad,dc=mtstravel,dc=com
#-# Specifies the LDAP attribute containing the identifier to be used as
the XWiki name (default=cn)
# xwiki.authentication.ldap.UID_attr=sAMAccountName
#-# [SINCE 1.5M1, XWikiLDAPAuthServiceImpl]
#-# Specifies the LDAP attribute containing the password to be used
"when xwiki.authentication.ldap.validate_password" is set to 1
# xwiki.authentication.ldap.password_field=userPassword
#-# [SINCE 1.5M1, XWikiLDAPAuthServiceImpl]
#-# The potential LDAP groups classes. Separated by commas.
xwiki.authentication.ldap.group_classes=group,groupOfNames,groupOfUnique
Names,dynamicGroup,dynamicGroupAux,groupWiseDistributionList
#-# [SINCE 1.5M1, XWikiLDAPAuthServiceImpl]
#-# The potential names of the LDAP groups fields containings the
members. Separated by commas.
xwiki.authentication.ldap.group_memberfields=member,uniqueMember
#-# retrieve the following fields from LDAP and store them in the XWiki
user object (xwiki-attribute=ldap-attribute)
#-# ldap_dn=dn -- dn is set by class, caches dn in XWiki.user object
for faster access
xwiki.authentication.ldap.fields_mapping=name=sAMAccountName,last_name=s
n,first_name=givenName,fullname=displayName,mail=mail,ldap_dn=dn
#-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl]
#-# on every login update the mapped attributes from LDAP to XWiki
otherwise this happens only once when the XWiki account is created.
xwiki.authentication.ldap.update_user=1
#-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl]
#-# mapps XWiki groups to LDAP groups, separator is "|"
xwiki.authentication.ldap.group_mapping=XWiki.XWikiAdminGroup=cn=WebISte
am,ou=ChatGroups,ou=accounts,dc=mtstravel,dc=com|XWiki.XWikiAllGroup=cn=
WebAllMTS,ou=ChatGroups,ou=accounts,dc=mtstravel,dc=com
#-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl]
#-# time in s after which the list of members in a group is refreshed
from LDAP (default=3600*6)
xwiki.authentication.ldap.groupcache_expiration=21800
#-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl]
#-# - create : synchronize group membership only when the user is first
created
#-# - always: synchronize on every login
xwiki.authentication.ldap.mode_group_sync=always
#-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl]
#-# if ldap authentication fails for any reason, try XWiki DB
authentication with the same credentials
xwiki.authentication.ldap.trylocal=1
#-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl]
#-# SSL connection to LDAP server
#-# 0: normal
#-# 1: SSL
# xwiki.authentication.ldap.ssl=0
#-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl]
#-# The keystore file to use in SSL connection
# xwiki.authentication.ldap.ssl.keystore=
#-# [SINCE 1.5M1, XWikiLDAPAuthServiceImpl]
#-# The java secure provider used in SSL connection
#
xwiki.authentication.ldap.ssl.secure_provider=com.sun.net.ssl.internal.s
sl.Provider
13 Aug
13 Aug
9:04 p.m.
Hi,
"XWiki.XWikiAllGroup=cn=WebAllMTS,ou=ChatGroups,ou=accounts,dc=mtstravel,dc=com"
is useless because all LDAP users are automatically added to
"XWiki.XWikiAllGroup" when created (the first time it logs in) like
any "normal" XWiki user.
What exactly means "group_mapping seems to fail" ? The user from LDAP
group "cn=WebISteam,ou=ChatGroups,ou=accounts,dc=mtstravel,dc=com" are
not added to XWiki group "XWiki.XWikiAdminGroup" ?
Don't you have anything in the xwiki log ?
On Wed, Aug 13, 2008 at 8:44 PM, Todd Getz <toddg(a)mtstravel.com> wrote:
We are trying to setup XWiki to work with LDAP via
Active Directory. I
have the authentication working, but group_mapping seems to fail. I
cannot figure out the correct settings for the group mappings. Could
somebody help? Our cfg:
#
Kind regards,
Todd Getz
System Support Analyst
MTS Travel
124 East Main Street, 4th floor
Ephrata, PA 17522
800: 800-233-0157 x81352
Tel: 717-721-7352
Fax: 717-733-1009
Email: toddg(a)mtstravel.com
<http://www.mtstravel.com>
-----------------------------------------------------------------------
--------------
# LDAP
#-----------------------------------------------------------------------
--------------
#-# new LDAP authentication service
xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.LDAPAuthServ
iceImpl
#-# Turn LDAP authentication on - otherwise only XWiki authentication
#-# 0: disable
#-# 1: enable
xwiki.authentication.ldap=1
#-# LDAP Server (Active Directory, eDirectory, OpenLDAP, etc.)
xwiki.authentication.ldap.server=10.1.1.186
xwiki.authentication.ldap.port=389
#-# LDAP login, empty = anonymous access, otherwise specify full dn
#-# {0} is replaced with the username, {1} with the password
xwiki.authentication.ldap.bind_DN=mts\\{0}
xwiki.authentication.ldap.bind_pass={1}
#-# Force to check password after LDAP connection
#-# 0: disable
#-# 1: enable
xwiki.authentication.ldap.validate_password=0
#-# only members of the following group will be verified in the LDAP
# otherwise only users that are found after searching starting from the
base_DN
xwiki.authentication.ldap.user_group=cn=WebAllMTS,ou=ChatGroups,ou=accou
nts,dc=mtstravel,dc=com
#-# base DN for searches
xwiki.authentication.ldap.base_DN=dc=ad,dc=mtstravel,dc=com
#-# Specifies the LDAP attribute containing the identifier to be used as
the XWiki name (default=cn)
# xwiki.authentication.ldap.UID_attr=sAMAccountName
#-# [SINCE 1.5M1, XWikiLDAPAuthServiceImpl]
#-# Specifies the LDAP attribute containing the password to be used
"when xwiki.authentication.ldap.validate_password" is set to 1
# xwiki.authentication.ldap.password_field=userPassword
#-# [SINCE 1.5M1, XWikiLDAPAuthServiceImpl]
#-# The potential LDAP groups classes. Separated by commas.
xwiki.authentication.ldap.group_classes=group,groupOfNames,groupOfUnique
Names,dynamicGroup,dynamicGroupAux,groupWiseDistributionList
#-# [SINCE 1.5M1, XWikiLDAPAuthServiceImpl]
#-# The potential names of the LDAP groups fields containings the
members. Separated by commas.
xwiki.authentication.ldap.group_memberfields=member,uniqueMember
#-# retrieve the following fields from LDAP and store them in the XWiki
user object (xwiki-attribute=ldap-attribute)
#-# ldap_dn=dn -- dn is set by class, caches dn in XWiki.user object
for faster access
xwiki.authentication.ldap.fields_mapping=name=sAMAccountName,last_name=s
n,first_name=givenName,fullname=displayName,mail=mail,ldap_dn=dn
#-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl]
#-# on every login update the mapped attributes from LDAP to XWiki
otherwise this happens only once when the XWiki account is created.
xwiki.authentication.ldap.update_user=1
#-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl]
#-# mapps XWiki groups to LDAP groups, separator is "|"
xwiki.authentication.ldap.group_mapping=XWiki.XWikiAdminGroup=cn=WebISte
am,ou=ChatGroups,ou=accounts,dc=mtstravel,dc=com|XWiki.XWikiAllGroup=cn=
WebAllMTS,ou=ChatGroups,ou=accounts,dc=mtstravel,dc=com
#-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl]
#-# time in s after which the list of members in a group is refreshed
from LDAP (default=3600*6)
xwiki.authentication.ldap.groupcache_expiration=21800
#-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl]
#-# - create : synchronize group membership only when the user is first
created
#-# - always: synchronize on every login
xwiki.authentication.ldap.mode_group_sync=always
#-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl]
#-# if ldap authentication fails for any reason, try XWiki DB
authentication with the same credentials
xwiki.authentication.ldap.trylocal=1
#-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl]
#-# SSL connection to LDAP server
#-# 0: normal
#-# 1: SSL
# xwiki.authentication.ldap.ssl=0
#-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl]
#-# The keystore file to use in SSL connection
# xwiki.authentication.ldap.ssl.keystore=
#-# [SINCE 1.5M1, XWikiLDAPAuthServiceImpl]
#-# The java secure provider used in SSL connection
#
xwiki.authentication.ldap.ssl.secure_provider=com.sun.net.ssl.internal.s
sl.Provider
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
--
Thomas Mortagne
9:14 p.m.
I am trying to make an AD group (all IT department) members of the
XWikiAdminGroup.
Here are my logs:
2008-08-13 15:02:51,906
[http://testbed.mtstravel.com:8080/xwiki/bin/view/Main/] [P1-19] INFO
.AbstractXWikiMigrationManager - Current storage version = [0]
2008-08-13 15:02:51,922
[http://testbed.mtstravel.com:8080/xwiki/bin/view/Main/] [P1-19] INFO
.AbstractXWikiMigrationManager - List of migrations that will be
executed:
2008-08-13 15:02:51,922
[http://testbed.mtstravel.com:8080/xwiki/bin/view/Main/] [P1-19] INFO
.AbstractXWikiMigrationManager - R4340XWIKI883 - See
http://jira.xwiki.org/jira/browse/XWIKI-883
2008-08-13 15:02:51,922
[http://testbed.mtstravel.com:8080/xwiki/bin/view/Main/] [P1-19] INFO
.AbstractXWikiMigrationManager - R4359XWIKI1459 - See
http://jira.xwiki.org/jira/browse/XWIKI-1459
2008-08-13 15:02:51,922
[http://testbed.mtstravel.com:8080/xwiki/bin/view/Main/] [P1-19] INFO
.AbstractXWikiMigrationManager - R7345XWIKI2079 - See
http://jira.xwiki.org/jira/browse/XWIKI-2079
2008-08-13 15:02:51,922
[http://testbed.mtstravel.com:8080/xwiki/bin/view/Main/] [P1-19] INFO
.AbstractXWikiMigrationManager - Running migration [R4340XWIKI883] with
version [4340]
2008-08-13 15:02:52,391
[http://testbed.mtstravel.com:8080/xwiki/bin/view/Main/] [P1-19] INFO
.AbstractXWikiMigrationManager - New storage version is now [4341]
2008-08-13 15:02:52,391
[http://testbed.mtstravel.com:8080/xwiki/bin/view/Main/] [P1-19] INFO
.AbstractXWikiMigrationManager - Running migration [R4359XWIKI1459]
with version [4359]
2008-08-13 15:02:52,406
[http://testbed.mtstravel.com:8080/xwiki/bin/view/Main/] [P1-19] INFO
.AbstractXWikiMigrationManager - New storage version is now [4360]
2008-08-13 15:02:52,406
[http://testbed.mtstravel.com:8080/xwiki/bin/view/Main/] [P1-19] INFO
.AbstractXWikiMigrationManager - Skipping unneeded migration
[R6079XWIKI1878] with version [6079]
2008-08-13 15:02:52,406
[http://testbed.mtstravel.com:8080/xwiki/bin/view/Main/] [P1-19] INFO
.AbstractXWikiMigrationManager - New storage version is now [6080]
2008-08-13 15:02:52,406
[http://testbed.mtstravel.com:8080/xwiki/bin/view/Main/] [P1-19] INFO
.AbstractXWikiMigrationManager - Skipping unneeded migration
[R6405XWIKI1933] with version [6405]
2008-08-13 15:02:52,406
[http://testbed.mtstravel.com:8080/xwiki/bin/view/Main/] [P1-19] INFO
.AbstractXWikiMigrationManager - New storage version is now [6406]
2008-08-13 15:02:52,406
[http://testbed.mtstravel.com:8080/xwiki/bin/view/Main/] [P1-19] INFO
.AbstractXWikiMigrationManager - Running migration [R7345XWIKI2079]
with version [7350]
2008-08-13 15:02:52,422
[http://testbed.mtstravel.com:8080/xwiki/bin/view/Main/] [P1-19] INFO
.AbstractXWikiMigrationManager - New storage version is now [7351]
2008-08-13 15:02:54,094 [Lucene index rebuilder thread] [Lucene Index
Rebuilder] ERROR lucene.IndexUpdater - IOException when
opening Lucene Index for writing at C:\Program Files\XWiki
Enterprise\jetty\work\Jetty__8080__xwiki\lucene
org.apache.lucene.index.CorruptIndexException: failed to locate current
segments_N file
at
org.apache.lucene.index.IndexFileDeleter.<init>(IndexFileDeleter.java:20
7)
at
org.apache.lucene.index.IndexWriter.init(IndexWriter.java:722)
at
org.apache.lucene.index.IndexWriter.<init>(IndexWriter.java:502)
at
com.xpn.xwiki.plugin.lucene.IndexUpdater.openWriter(IndexUpdater.java:33
7)
at
com.xpn.xwiki.plugin.lucene.IndexUpdater.cleanIndex(IndexUpdater.java:46
6)
at
com.xpn.xwiki.plugin.lucene.IndexRebuilder.rebuildIndex(IndexRebuilder.j
ava:187)
at
com.xpn.xwiki.plugin.lucene.IndexRebuilder.run(IndexRebuilder.java:160)
at java.lang.Thread.run(Unknown Source)
2008-08-13 15:02:54,109 [Lucene index rebuilder thread] [Lucene Index
Rebuilder] ERROR lucene.IndexUpdater - Writer not open and
closeWriter called
10:43 p.m.
AD users can login but they go to an error page that says: You are not
allowed to view this document or perform this action.
5931
days inactive
5931
days old
3 comments
2 participants
participants (2)
-
Thomas Mortagne -
Todd Getz