Dear all we're having problems here with authenticating users against a Windows 2003 active directory. Our users are located in different OU (organisational units) in the active directory So i followed the instructions in http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication unfortunatelly without success. My searchuser as all rights and is perfectly working with OTRS (www.otrs.org) Here in xWiki, only users in one organisational unit are found?! For all other users I'm getting the errormessage: user not found Please find the config attached Who can help please? Greetings Wolfgang Fürtbauer #------------------------------------------------------------------------------------- # LDAP #------------------------------------------------------------------------------------- #-# new LDAP authentication service xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl #-# Turn LDAP authentication on - otherwise only XWiki authentication #-# 0: disable #-# 1: enable xwiki.authentication.ldap=1 #-# LDAP Server (Active Directory, eDirectory, OpenLDAP, etc.) #-# Kann zur Not auf eine fixe IP gesetzt werden xwiki.authentication.ldap.server=aohdc03.asamer.holding.ah #xwiki.authentication.ldap.server=asamer.holding.ah xwiki.authentication.ldap.port=389 xwiki.authentication.ldap.check_level=2 #-# LDAP login, empty = anonymous access, otherwise specify full dn #-# {0} is replaced with the username, {1} with the password #xwiki.authentication.ldap.bind_DN=CN=xWiKi,OU=ServicesAccounts,DC=asamer,DC=holding,DC=ah #xwiki.authentication.ldap.bind_pass=xwiki4ldap1 xwiki.authentication.ldap.bind_DN=CN=otrs,OU=ServicesAccounts,DC=asamer,DC=holding,DC=ah xwiki.authentication.ldap.bind_pass=xxxyyy #-# Force to check password after LDAP connection #-# 0: disable #-# 1: enable xwiki.authentication.ldap.validate_password=0 #-# only members of the following group will be verified in the LDAP #-# otherwise only users that are found after searching starting from the base_DN # xwiki.authentication.ldap.user_group=cn=developers,ou=groups,o=MegaNova,c=US #-# [Since 1.5RC1, XWikiLDAPAuthServiceImpl] #-# only users not member of the following group can autheticate # xwiki.authentication.ldap.exclude_group=cn=admin,ou=groups,o=MegaNova,c=US #-# base DN for searches # xwiki.authentication.ldap.base_DN=DC=asamer,DC=holding,DC=ah xwiki.authentication.ldap.base_DN=DC=holding,DC=ah #-# Specifies the LDAP attribute containing the identifier to be used as the XWiki name (default=cn) xwiki.authentication.ldap.UID_attr=sAMAccountName #-# [Since 1.5M1, XWikiLDAPAuthServiceImpl] #-# Specifies the LDAP attribute containing the password to be used "when xwiki.authentication.ldap.validate_password" is set to 1 # xwiki.authentication.ldap.password_field=userPassword #-# [Since 1.5M1, XWikiLDAPAuthServiceImpl] #-# The potential LDAP groups classes. Separated by commas. # xwiki.authentication.ldap.group_classes=group,groupOfNames,groupOfUniqueNames,dynamicGroup,dynamicGroupAux,groupWiseDistributionList #-# [Since 1.5M1, XWikiLDAPAuthServiceImpl] #-# The potential names of the LDAP groups fields containings the members. Separated by commas. # xwiki.authentication.ldap.group_memberfields=member,uniqueMember #-# retrieve the following fields from LDAP and store them in the XWiki user object (xwiki-attribute=ldap-attribute) # xwiki.authentication.ldap.fields_mapping=name=sAMAccountName,last_name=sn,first_name=givenName,fullname=fullName,email=mail,ldap_dn=dn xwiki.authentication.ldap.fields_mapping=name=sAMAccountName,last_name=sn,first_name=givenName,fullname=fullName,email=mail #-# [Since 1.3M2, XWikiLDAPAuthServiceImpl] #-# on every login update the mapped attributes from LDAP to XWiki otherwise this happens only once when the XWiki account is created. xwiki.authentication.ldap.update_user=1 #-# [Since 1.3M2, XWikiLDAPAuthServiceImpl] #-# mapps XWiki groups to LDAP groups, separator is "|" xwiki.authentication.ldap.group_mapping=XWiki.XWikiAdminGroup=CN=xwiki_Admin,OU=xWiki Groups,DC=asamer,DC=holding,DC=ah|\ XWiki.ViewAllGroup=CN=xwiki_ViewAll,OU=xWiki Groups,DC=asamer,DC=holding,DC=ah|\ XWiki.ACGroup=CN=xwiki_AC,OU=xWiki Groups,DC=asamer,DC=holding,DC=ah|\ XWiki.CEGroup=CN=xwiki_CE,OU=xWiki Groups,DC=asamer,DC=holding,DC=ah|\ XWiki.FNGroup=CN=xwiki_FN,OU=xWiki Groups,DC=asamer,DC=holding,DC=ah|\ XWiki.HRGroup=CN=xwiki_HR,OU=xWiki Groups,DC=asamer,DC=holding,DC=ah|\ XWiki.IMGroup=CN=xwiki_IM,OU=xWiki Groups,DC=asamer,DC=holding,DC=ah|\ XWiki.INGroup=CN=xwiki_IN,OU=xWiki Groups,DC=asamer,DC=holding,DC=ah|\ XWiki.ITGroup=CN=xwiki_IT,OU=xWiki Groups,DC=asamer,DC=holding,DC=ah|\ XWiki.ITsecureGroup=CN=xwiki_ITsecure,OU=xWiki Groups,DC=asamer,DC=holding,DC=ah|\ XWiki.JSGroup=CN=xwiki_JS,OU=xWiki Groups,DC=asamer,DC=holding,DC=ah|\ XWiki.LDGroup=CN=xwiki_LD,OU=xWiki Groups,DC=asamer,DC=holding,DC=ah|\ XWiki.PDGroup=CN=xwiki_PD,OU=xWiki Groups,DC=asamer,DC=holding,DC=ah|\ XWiki.PDsecureGroup=CN=xwiki_PDsecure,OU=xWiki Groups,DC=asamer,DC=holding,DC=ah|\ XWiki.PRGroup=CN=xwiki_PR,OU=xWiki Groups,DC=asamer,DC=holding,DC=ah|\ XWiki.PTGroup=CN=xwiki_PT,OU=xWiki Groups,DC=asamer,DC=holding,DC=ah|\ XWiki.QAGroup=CN=xwiki_QA,OU=xWiki Groups,DC=asamer,DC=holding,DC=ah #-# [Since 1.3M2, XWikiLDAPAuthServiceImpl] #-# time in s after which the list of members in a group is refreshed from LDAP (default=3600*6) xwiki.authentication.ldap.groupcache_expiration=21800 #-# [Since 1.3M2, XWikiLDAPAuthServiceImpl] #-# - create : synchronize group membership only when the user is first created #-# - always: synchronize on every login xwiki.authentication.ldap.mode_group_sync=always #-# [Since 1.3M2, XWikiLDAPAuthServiceImpl] #-# if ldap authentication fails for any reason, try XWiki DB authentication with the same credentials xwiki.authentication.ldap.trylocal=1 #-# [Since 1.3M2, XWikiLDAPAuthServiceImpl] #-# SSL connection to LDAP server #-# 0: normal #-# 1: SSL # xwiki.authentication.ldap.ssl=0 #-# [Since 1.3M2, XWikiLDAPAuthServiceImpl] #-# The keystore file to use in SSL connection # xwiki.authentication.ldap.ssl.keystore= #-# [Since 1.5M1, XWikiLDAPAuthServiceImpl] #-# The java secure provider used in SSL connection # xwiki.authentication.ldap.ssl.secure_provider=com.sun.net.ssl.internal.ssl.Provider