[xwiki-users] LDAP Authentication does not work for users in different OU's xWiki 1.7.1 - xwiki-users@xwiki.org

11 Sep 2009

Dear all,

i followed all the instructions from the forums 

http://platform.xwiki.org/xwiki/bin/view/AdminGuide/LDAPAuthenticationUseCa…

"My users are not located in the same organization unit"

i set the 
xwiki.authentication.ldap.bind_DN=
xwiki.authentication.ldap.bind_pass=

to a user which is allowed to search everywhere (and this works in another application
fine (OTRS))

Also i read about storing then dn in ldap_dn (and removed it from the config)
xwiki.authentication.ldap.fields_mapping=name=sAMAccountName,last_name=sn,first_name=givenName,fullname=fullName,email=mail

so i have a specific user which is not found in LDAP who is in another OU

here is the log

20:04:35,393 [http://asawida/bin/loginsubmit/XWiki/XWikiLogin] [http-80-1] DEBUG
LDAP.XWikiLDAPAuthServiceImpl   - The provided user is null. We don't try to
authenticate, it probably means the user is in non logged mode. 
20:04:35,393 [http://asawida/bin/loginsubmit/XWiki/XWikiLogin] [http-80-1] DEBUG
ldap.XWikiLDAPConfig            - ldap_group_classes: [groupofnames,
groupwisedistributionlist, dynamicgroup, dynamicgroupaux, groupofuniquenames, group] 
20:04:35,393 [http://asawida/bin/loginsubmit/XWiki/XWikiLogin] [http-80-1] DEBUG
ldap.XWikiLDAPConfig            - ldap_group_memberfields: [member, uniquemember] 
20:04:35,393 [http://asawida/bin/loginsubmit/XWiki/XWikiLogin] [http-80-1] DEBUG
ldap.XWikiLDAPConnection        - Connection to LDAP server
[aohdc03.asamer.holding.ah:389] 
20:04:35,408 [http://asawida/bin/loginsubmit/XWiki/XWikiLogin] [http-80-1] DEBUG
ldap.XWikiLDAPConnection        - Binding to LDAP server with credentials
login=[CN=otrs,OU=ServicesAccounts,DC=asamer,DC=holding,DC=ah] 
20:04:35,440 [http://asawida/bin/loginsubmit/XWiki/XWikiLogin] [http-80-1] DEBUG
ldap.XWikiLDAPUtils             - Searching for the user in LDAP: user:naasal
base:DC=holding,DC=ah query:(sAMAccountName=naasal) uid:sAMAccountName 
20:04:35,440 [http://asawida/bin/loginsubmit/XWiki/XWikiLogin] [http-80-1] DEBUG
ldap.XWikiLDAPConnection        - LDAP search: baseDN=[DC=holding,DC=ah]
query=[(sAMAccountName=naasal)] attr=[[sAMAccountName, sn, givenName, fullName, mail]]
ldapScope=[2] 
20:04:35,455 [http://asawida/bin/loginsubmit/XWiki/XWikiLogin] [http-80-1] DEBUG
ldap.XWikiLDAPConnection        - LDAP Search failed 
LDAPReferralException: Automatic referral following not enabled (10) Referral
LDAPReferralException: Server Message: 0000202B: RefErr: DSID-0310063C, data 0, 1 access
points
 ref 1: 'holding.ah'

LDAPReferralException: Referral: ldap://holding.ah/DC=holding,DC=ah
 at com.novell.ldap.LDAPResponse.getResultException(Unknown Source)
 at com.novell.ldap.LDAPResponse.chkResultCode(Unknown Source)
 at com.novell.ldap.LDAPSearchResults.next(Unknown Source)
 at
com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.searchLDAP(XWikiLDAPConnection.java:306)
 at
com.xpn.xwiki.plugin.ldap.XWikiLDAPUtils.searchUserAttributesByUid(XWikiLDAPUtils.java:548)
 at
com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticateInContext(XWikiLDAPAuthServiceImpl.java:372)
 at
com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWikiLDAPAuthServiceImpl.java:202)
 at
com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.authenticate(XWikiLDAPAuthServiceImpl.java:149)
 at
com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.authenticate(MyFormAuthenticator.java:239)
 at
com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:165)
 at
com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:148)
 at
com.xpn.xwiki.user.impl.xwiki.XWikiAuthServiceImpl.checkAuth(XWikiAuthServiceImpl.java:203)
 at com.xpn.xwiki.XWiki.checkAuth(XWiki.java:3578)
 at
com.xpn.xwiki.user.impl.xwiki.XWikiRightServiceImpl.checkAccess(XWikiRightServiceImpl.java:139)
 at com.xpn.xwiki.XWiki.checkAccess(XWiki.java:3586)
 at com.xpn.xwiki.XWiki.prepareDocuments(XWiki.java:4572)
 at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:190)
 at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:115)
 at
org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:431)
 at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:236)
 at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1196)
 at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:432)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
 at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
 at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
 at com.xpn.xwiki.plugin.webdav.XWikiDavFilter.doFilter(XWikiDavFilter.java:68)
 at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
 at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
 at
com.xpn.xwiki.wysiwyg.server.filter.ConversionFilter.doFilter(ConversionFilter.java:135)
 at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
 at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
 at
com.xpn.xwiki.web.SavedRequestRestorerFilter.doFilter(SavedRequestRestorerFilter.java:287)
 at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
 at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
 at
com.xpn.xwiki.web.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:112)
 at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
 at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
 at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
 at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
 at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
 at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
 at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
 at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
 at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
 at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
 at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
 at java.lang.Thread.run(Unknown Source)
20:04:35,455 [http://asawida/bin/loginsubmit/XWiki/XWikiLogin] [http-80-1] DEBUG
ldap.XWikiLDAPConnection        - LDAP search found attributes: null 
20:04:35,455 [http://asawida/bin/loginsubmit/XWiki/XWikiLogin] [http-80-1] DEBUG
LDAP.XWikiLDAPAuthServiceImpl   - Local LDAP authentication failed. 
com.xpn.xwiki.XWikiException: Error number 8001 in 8: Can't find LDAP user DN for
[naasal]
 at
com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticateInContext(XWikiLDAPAuthServiceImpl.java:386)
 at
com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWikiLDAPAuthServiceImpl.java:202)
 at
com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.authenticate(XWikiLDAPAuthServiceImpl.java:149)
 at
com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.authenticate(MyFormAuthenticator.java:239)
 at
com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:165)
 at
com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:148)
 at
com.xpn.xwiki.user.impl.xwiki.XWikiAuthServiceImpl.checkAuth(XWikiAuthServiceImpl.java:203)
 at com.xpn.xwiki.XWiki.checkAuth(XWiki.java:3578)
 at
com.xpn.xwiki.user.impl.xwiki.XWikiRightServiceImpl.checkAccess(XWikiRightServiceImpl.java:139)
 at com.xpn.xwiki.XWiki.checkAccess(XWiki.java:3586)
 at com.xpn.xwiki.XWiki.prepareDocuments(XWiki.java:4572)
 at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:190)
 at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:115)
 at
org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:431)
 at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:236)
 at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1196)
 at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:432)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
 at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
 at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
 at com.xpn.xwiki.plugin.webdav.XWikiDavFilter.doFilter(XWikiDavFilter.java:68)
 at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
 at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
 at
com.xpn.xwiki.wysiwyg.server.filter.ConversionFilter.doFilter(ConversionFilter.java:135)
 at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
 at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
 at
com.xpn.xwiki.web.SavedRequestRestorerFilter.doFilter(SavedRequestRestorerFilter.java:287)
 at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
 at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
 at
com.xpn.xwiki.web.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:112)
 at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
 at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
 at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
 at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
 at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
 at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
 at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
 at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
 at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
 at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
 at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
 at java.lang.Thread.run(Unknown Source)
20:04:35,455 [http://asawida/bin/loginsubmit/XWiki/XWikiLogin] [http-80-1] DEBUG
LDAP.XWikiLDAPAuthServiceImpl   - Trying authentication against XWiki DB 
20:04:35,471 [http://asawida/bin/loginsubmit/XWiki/XWikiLogin] [http-80-1] DEBUG
LDAP.XWikiLDAPAuthServiceImpl   - LDAP authentication failed for user [naasal] 

while this is a successfull connection

20:36:49,190 [http://asawida/bin/view/Main/] [http-80-1] DEBUG ldap.XWikiLDAPConnection   
    - Connection to LDAP server [aohdc03.asamer.holding.ah:389] 
20:36:49,205 [http://asawida/bin/view/Main/] [http-80-1] DEBUG ldap.XWikiLDAPConnection   
    - Binding to LDAP server with credentials
login=[CN=otrs,OU=ServicesAccounts,DC=asamer,DC=holding,DC=ah] 
20:36:49,205 [http://asawida/bin/view/Main/] [http-80-1] DEBUG
LDAP.XWikiLDAPAuthServiceImpl   - Found user dn with the user object: CN=Fürtbauer
Wolfgang,OU=Poweruser,DC=asamer,DC=holding,DC=ah 
20:36:49,205 [http://asawida/bin/view/Main/] [http-80-1] DEBUG
LDAP.XWikiLDAPAuthServiceImpl   - LDAP attributes will be used to update XWiki attributes.

20:36:49,205 [http://asawida/bin/view/Main/] [http-80-1] DEBUG ldap.XWikiLDAPConnection   
    - LDAP search: baseDN=[CN=Fürtbauer Wolfgang,OU=Poweruser,DC=asamer,DC=holding,DC=ah]
query=[null] attr=[[sAMAccountName, sn, givenName, fullName, mail]] ldapScope=[0] 
20:36:49,205 [http://asawida/bin/view/Main/] [http-80-1] DEBUG ldap.XWikiLDAPConnection   
    -   - values for attribute "givenName" 
20:36:49,205 [http://asawida/bin/view/Main/] [http-80-1] DEBUG ldap.XWikiLDAPConnection   
    -     |- [Wolfgang] 
20:36:49,205 [http://asawida/bin/view/Main/] [http-80-1] DEBUG ldap.XWikiLDAPConnection   
    -   - values for attribute "sn" 
20:36:49,205 [http://asawida/bin/view/Main/] [http-80-1] DEBUG ldap.XWikiLDAPConnection   
    -     |- [Fürtbauer] 
20:36:49,205 [http://asawida/bin/view/Main/] [http-80-1] DEBUG ldap.XWikiLDAPConnection   
    -   - values for attribute "mail" 
20:36:49,205 [http://asawida/bin/view/Main/] [http-80-1] DEBUG ldap.XWikiLDAPConnection   
    -     |- [W.Fuertbauer(a)asamer.at] 
20:36:49,205 [http://asawida/bin/view/Main/] [http-80-1] DEBUG ldap.XWikiLDAPConnection   
    -   - values for attribute "sAMAccountName" 
20:36:49,205 [http://asawida/bin/view/Main/] [http-80-1] DEBUG ldap.XWikiLDAPConnection   
    -     |- [fuewol] 
20:36:49,205 [http://asawida/bin/view/Main/] [http-80-1] DEBUG ldap.XWikiLDAPConnection   
    - LDAP search found attributes: [{name=dn value=CN=Fürtbauer
Wolfgang,OU=Poweruser,DC=asamer,DC=holding,DC=ah}, {name=givenName value=Wolfgang},
{name=sn value=Fürtbauer}, {name=mail value=W.Fuertbauer(a)asamer.at}, {name=sAMAccountName
value=fuewol}] 
20:36:49,205 [http://asawida/bin/view/Main/] [http-80-1] DEBUG
LDAP.XWikiLDAPAuthServiceImpl   - Updating existing user with LDAP attribues located at
CN=Fürtbauer Wolfgang,OU=Poweruser,DC=asamer,DC=holding,DC=ah 
20:36:49,205 [http://asawida/bin/view/Main/] [http-80-1] DEBUG
LDAP.XWikiLDAPAuthServiceImpl   - Start synchronising LDAP profile [[{name=dn
value=CN=Fürtbauer Wolfgang,OU=Poweruser,DC=asamer,DC=holding,DC=ah}, {name=givenName
value=Wolfgang}, {name=sn value=Fürtbauer}, {name=mail value=W.Fuertbauer(a)asamer.at},
{name=sAMAccountName value=fuewol}]] with user profile based on mapping {mail=email,
sn=last_name, givenname=first_name, samaccountname=name, fullname=fullname} 
20:36:49,205 [http://asawida/bin/view/Main/] [http-80-1] DEBUG ldap.XWikiLDAPConfig       
    - Groupmapping found: XWiki.XWikiAdminGroup [CN=xwiki_Admin,OU=xWiki
Groups,DC=asamer,DC=holding,DC=ah] 
20:36:49,205 [http://asawida/bin/view/Main/] [http-80-1] DEBUG ldap.XWikiLDAPConfig       
    - Groupmapping found: XWiki.ViewAllGroup [CN=xwiki_ViewAll,OU=xWiki
Groups,DC=asamer,DC=holding,DC=ah] 
20:36:49,205 [http://asawida/bin/view/Main/] [http-80-1] DEBUG ldap.XWikiLDAPConfig       
    - Groupmapping found: XWiki.ACGroup [CN=xwiki_AC,OU=xWiki
Groups,DC=asamer,DC=holding,DC=ah] 
20:36:49,205 [http://asawida/bin/view/Main/] [http-80-1] DEBUG ldap.XWikiLDAPConfig       
    - Groupmapping found: XWiki.CEGroup [CN=xwiki_CE,OU=xWiki
Groups,DC=asamer,DC=holding,DC=ah] 
20:36:49,205 [http://asawida/bin/view/Main/] [http-80-1] DEBUG ldap.XWikiLDAPConfig       
    - Groupmapping found: XWiki.FNGroup [CN=xwiki_FN,OU=xWiki
Groups,DC=asamer,DC=holding,DC=ah] 
20:36:49,205 [http://asawida/bin/view/Main/] [http-80-1] DEBUG ldap.XWikiLDAPConfig       
    - Groupmapping found: XWiki.HRGroup [CN=xwiki_HR,OU=xWiki
Groups,DC=asamer,DC=holding,DC=ah] 
20:36:49,205 [http://asawida/bin/view/Main/] [http-80-1] DEBUG ldap.XWikiLDAPConfig       
    - Groupmapping found: XWiki.IMGroup [CN=xwiki_IM,OU=xWiki
Groups,DC=asamer,DC=holding,DC=ah] 
20:36:49,205 [http://asawida/bin/view/Main/] [http-80-1] DEBUG ldap.XWikiLDAPConfig       
    - Groupmapping found: XWiki.INGroup [CN=xwiki_IN,OU=xWiki
Groups,DC=asamer,DC=holding,DC=ah] 
20:36:49,205 [http://asawida/bin/view/Main/] [http-80-1] DEBUG ldap.XWikiLDAPConfig       
    - Groupmapping found: XWiki.ITGroup [CN=xwiki_IT,OU=xWiki
Groups,DC=asamer,DC=holding,DC=ah] 
20:36:49,205 [http://asawida/bin/view/Main/] [http-80-1] DEBUG ldap.XWikiLDAPConfig       
    - Groupmapping found: XWiki.ITsecureGroup [CN=xwiki_ITsecure,OU=xWiki
Groups,DC=asamer,DC=holding,DC=ah] 
20:36:49,205 [http://asawida/bin/view/Main/] [http-80-1] DEBUG ldap.XWikiLDAPConfig       
    - Groupmapping found: XWiki.JSGroup [CN=xwiki_JS,OU=xWiki
Groups,DC=asamer,DC=holding,DC=ah] 
20:36:49,205 [http://asawida/bin/view/Main/] [http-80-1] DEBUG ldap.XWikiLDAPConfig       
    - Groupmapping found: XWiki.LDGroup [CN=xwiki_LD,OU=xWiki
Groups,DC=asamer,DC=holding,DC=ah] 
20:36:49,205 [http://asawida/bin/view/Main/] [http-80-1] DEBUG ldap.XWikiLDAPConfig       
    - Groupmapping found: XWiki.PDGroup [CN=xwiki_PD,OU=xWiki
Groups,DC=asamer,DC=holding,DC=ah] 
20:36:49,205 [http://asawida/bin/view/Main/] [http-80-1] DEBUG ldap.XWikiLDAPConfig       
    - Groupmapping found: XWiki.PDsecureGroup [CN=xwiki_PDsecure,OU=xWiki
Groups,DC=asamer,DC=holding,DC=ah] 
20:36:49,205 [http://asawida/bin/view/Main/] [http-80-1] DEBUG ldap.XWikiLDAPConfig       
    - Groupmapping found: XWiki.PRGroup [CN=xwiki_PR,OU=xWiki
Groups,DC=asamer,DC=holding,DC=ah] 
20:36:49,205 [http://asawida/bin/view/Main/] [http-80-1] DEBUG ldap.XWikiLDAPConfig       
    - Groupmapping found: XWiki.PTGroup [CN=xwiki_PT,OU=xWiki
Groups,DC=asamer,DC=holding,DC=ah] 
20:36:49,205 [http://asawida/bin/view/Main/] [http-80-1] DEBUG ldap.XWikiLDAPConfig       
    - Groupmapping found: XWiki.QAGroup [CN=xwiki_QA,OU=xWiki
Groups,DC=asamer,DC=holding,DC=ah] 
20:36:49,205 [http://asawida/bin/view/Main/] [http-80-1] DEBUG
LDAP.XWikiLDAPAuthServiceImpl   - Updating group membership for the user: XWiki.fuewol 
20:36:49,205 [http://asawida/bin/view/Main/] [http-80-1] DEBUG
LDAP.XWikiLDAPAuthServiceImpl   - The user belongs