3 Oct
2007
3 Oct
'07
8:48 p.m.
I read up on JIRA about this issue. Since I configured the LDAP (which
works great), I now need it to be over SSL. I am not sure if it is
available in the current version or not (I downloaded the latest which is
1.1.1?) - and if not, how can I add in this patch? Did anybody do this
successfully?
Sheila
4 Oct
4 Oct
12:31 a.m.
Sheila Hobeck wrote:
I read up on JIRA about this issue. Since I
configured the LDAP
(which works great), I now need it to be over SSL. I am not sure if
it is available in the current version or not (I downloaded the latest
which is 1.1.1?) - and if not, how can I add in this patch? Did
anybody do this successfully?
Sheila
Hi, Sheila,
Have you tried any of the classes available at
http://jira.xwiki.org/jira/browse/XWIKI-1079? XWiki.zip contents a well
documented xwiki.cfg, but it seems that ssl support was only added in a
newer release. Thus, I have not a clear idea about what classes could we
try.
I swear I've been working with this
http://mire.environmentalchange.net/~webmaster/software/classesFromMire.zip
conectiong to an eDirectory server. But after a XWiki upgrade, I keep
geeting an expectable LDAPException: Confidentiality Required (13)
Confidentiality Required error.
Please, what LDAP server are you trying to connect with? Thanks.
--
Ricardo Rodríguez
Your XEN ICT Team
11:31 a.m.
New subject: [xwiki-users] Antw: Re: support for LDAP over SSL
Hi Sheila and Ricardo
The authentication classes JIRA-1079 can use SSL for the connection to
the LDAP repository. This component has no way to switch XWiki to use
SSL.
It would be great if XWiki could be configured to use SSL just for the
authentication.
Regards,
Gunter
>> Your XEN ICT Team - Ricardo Rodriguez
<webmaster(a)xen.net>
04.10.2007 00:31 >>>
Sheila Hobeck wrote:
I read up on JIRA about this issue. Since I
configured the LDAP
(which works great), I now need it to be over SSL. I am not sure if
it is available in the current version or not (I
downloaded the
latest
which is 1.1.1?) - and if not, how can I add in this
patch? Did
anybody do this successfully?
Sheila
Hi, Sheila,
Have you tried any of the classes available at
http://jira.xwiki.org/jira/browse/XWIKI-1079? XWiki.zip contents a well
documented xwiki.cfg, but it seems that ssl support was only added in a
newer release. Thus, I have not a clear idea about what classes could
we
try.
I swear I've been working with this
http://mire.environmentalchange.net/~webmaster/software/classesFromMire.zip
conectiong to an eDirectory server. But after a XWiki upgrade, I keep
geeting an expectable LDAPException: Confidentiality Required (13)
Confidentiality Required error.
Please, what LDAP server are you trying to connect with? Thanks.
--
Ricardo Rodríguez
Your XEN ICT Team
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
-------------------------------------------------------------------------------
Diese E-Mail enthaelt vertrauliche und/oder rechtlich geschuetzte
Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail
irrtuemlich erhalten haben, informieren Sie bitte sofort den Absender und
vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte
Weitergabe dieser Mail ist nicht gestattet.
The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material. Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited. If you received
this in error, please contact the sender and delete the material from any
computer.
-------------------------------------------------------------------------------
4:38 p.m.
New subject: [xwiki-users] Antw: Re: support for LDAP over SSL
Gunter Leeb wrote:
Hi Sheila and Ricardo
The authentication classes JIRA-1079 can use SSL for the connection to
the LDAP repository. This component has no way to switch XWiki to use
SSL.
It would be great if XWiki could be configured to use SSL just for the
authentication.
Regards,
Gunter
Hi Gunter,
Thanks for jumping in here!
Please, let me sum up what I am understanding while dealing with ldap
authentication.
1. XE includes a ldap authentication class (ldap-UNKNOWN.jar) which
we can not use simultaneously with XWiki DB. If I activate ldap
authentication (xwiki.authentication.ldap=1), XWiki DB won't be
asked for the existence of a given user.
2. With JIRA-1079 classes it is possible to use ldap authentication
and XWiki DB: if ldap fails to authenticate an user, XWiki will
check its database before rejecting the login.
3. JIRA-1079 classes support SSL binding with ldap servers.
From here, please, *what is the JIRA-1079 class **most updated release
**supporting SSL binding? *Is it
http://jira.xwiki.org/jira/secure/attachment/11160/LDAPAuthenticater.java
date on June 18th, 2007?
Please, what do we need to compile it?
I've gone ahead and updated to 1.2M1. I am not able to bind to our
eDirectory server. I've not used SSL before, so I don't remember how
could I connect to an eDirectory server without confidenciality until
now. But it worked. Please, do you know if this is possible and how? Thanks.
Sorry if I have not skills enough as to follow the JIRA-1079 issue.
Mainly I don't understand how it relates with the "regular" XWiki
development process. Any help will be welcome!
All the best,
Ricardo
--
Ricardo Rodríguez
Your XEN ICT Team
5:05 p.m.
New subject: [xwiki-users] exporting xwiki data to another wiki format ?
People:
Is there any possibility to export xwiki data to another
wiki format, like:
* TWiki
* DokuWiki
* PmWiki
* Mediawiki
* TikiWiki
* JotSpot
* MoinMoin
* Jspwiki to
Maybe there is some plug in available to perform this kind of operations
or a procedure to export data to another wiki.
Thanks in advance!
Nicolas
5 Oct
5 Oct
12:10 a.m.
New subject: [xwiki-users] Antw: Re: support for LDAP over SSL
Gunter Leeb wrote:
Hi Sheila and Ricardo
The authentication classes JIRA-1079 can use SSL for the connection to
the LDAP repository. This component has no way to switch XWiki to use
SSL.
It would be great if XWiki could be configured to use SSL just for the
authentication.
Regards,
Gunter
Gunter,
In Jire XWIKI-1079 you said the authentication library was tested
against Novell eDirectory.
Please, could you be so kind as for posting a xwiki.cfg sample with the
parameters you have used to do that? Thanks!
Best regards,
Ricardo
--
Ricardo Rodríguez
Your XEN ICT Team
7 Oct
7 Oct
9:27 a.m.
New subject: [xwiki-users] Antw: Re: support for LDAP over SSL
Hi Ricardo,
Yes, 1-3. is correct. One of the features that I am proposing in
JIRA-1079 is the (configurable) fallback authentication using the XWiki
DB.
My library was developed based on code of the ldap authentication
plug-in from XWiki pre-1.0. I have not followed any changes in XWiki's
ldap plug-in since then.
I have added SSL binding to the LDAP Server later and added the code to
the JIRA issue.
The code checked in the JIRA issue is a suggestion for improvement of
XWiki coming out of the community. It is a plug-in and therefore is
fairly independent from the regular XWiki development and build process.
By referencing xwiki.jar (and novell's ldap jar) you should be able to
compile the sources that I provided. I have also added the class files.
You are corret the last bug fixes I checked in in the mentioned
attachment.
If you haven't done before, before you go thorough compiling the
plug-in try out the classes. See if you can handle the configuration.
Regards,
Gunter
>> Your XEN ICT Team - Ricardo Rodriguez
<webmaster(a)xen.net>
04.10.2007 16:38 >>>
Gunter Leeb wrote:
Hi Sheila and Ricardo
The authentication classes JIRA-1079 can use SSL for the connection
to
the LDAP repository. This component has no way to
switch XWiki to
use
SSL.
It would be great if XWiki could be configured to use SSL just for
the
authentication.
Regards,
Gunter
Hi Gunter,
Thanks for jumping in here!
Please, let me sum up what I am understanding while dealing with ldap
authentication.
1. XE includes a ldap authentication class (ldap-UNKNOWN.jar) which
we can not use simultaneously with XWiki DB. If I activate ldap
authentication (xwiki.authentication.ldap=1), XWiki DB won't be
asked for the existence of a given user.
2. With JIRA-1079 classes it is possible to use ldap authentication
and XWiki DB: if ldap fails to authenticate an user, XWiki will
check its database before rejecting the login.
3. JIRA-1079 classes support SSL binding with ldap servers.
From here, please, *what is the JIRA-1079 class **most updated release
**supporting SSL binding? *Is it
http://jira.xwiki.org/jira/secure/attachment/11160/LDAPAuthenticater.java
date on June 18th, 2007?
Please, what do we need to compile it?
I've gone ahead and updated to 1.2M1. I am not able to bind to our
eDirectory server. I've not used SSL before, so I don't remember how
could I connect to an eDirectory server without confidenciality until
now. But it worked. Please, do you know if this is possible and how?
Thanks.
Sorry if I have not skills enough as to follow the JIRA-1079 issue.
Mainly I don't understand how it relates with the "regular" XWiki
development process. Any help will be welcome!
All the best,
Ricardo
--
Ricardo Rodríguez
Your XEN ICT Team
-------------------------------------------------------------------------------
Diese E-Mail enthaelt vertrauliche und/oder rechtlich geschuetzte
Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail
irrtuemlich erhalten haben, informieren Sie bitte sofort den Absender und
vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte
Weitergabe dieser Mail ist nicht gestattet.
The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material. Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited. If you received
this in error, please contact the sender and delete the material from any
computer.
-------------------------------------------------------------------------------
12:46 p.m.
New subject: [xwiki-users] Antw: Re: support for LDAP over SSL
Gunter Leeb wrote:
Hi Ricardo,
Yes, 1-3. is correct. One of the features that I am proposing in
JIRA-1079 is the (configurable) fallback authentication using the XWiki
DB.
Fallback authentication works great. Here a typical sequence registered
in xwiki.log
12:02:24,625 [http-193.144.34.240-80-1] ERROR
thentication.LDAPAuthenticater - Bind to LDAP server failed.
12:02:24,625 [http-193.144.34.240-80-1] DEBUG
thentication.LDAPAuthenticater - Trying authentication against XWiki DB
12:02:24,651 [http-193.144.34.240-80-1] DEBUG
thentication.LDAPAuthenticater - Finding user egarciarodeja
12:02:24,652 [http-193.144.34.240-80-1] DEBUG
thentication.LDAPAuthenticater - Found user egarciarodeja
12:02:24,653 [http-193.144.34.240-80-1] DEBUG
thentication.LDAPAuthenticater - XWiki DB login succeeded
My library was developed based on code of the ldap
authentication
plug-in from XWiki pre-1.0. I have not followed any changes in XWiki's
ldap plug-in since then.
I am afraid I am not devoting time enough to follow XWiki development,
so I am a bit lost. Must I be able to find a LDAP authentication plug-in
in XWiki Code Zone? I guess it is bundled in the XWiki distribution?
I have added SSL binding to the LDAP Server later and
added the code to
the JIRA issue.
I am using the classes included in ldap.zip dated on May the 29th, 2007.
I think the errors I am getting are related with the value of
xwiki.authentication.ldap.ssl.keystore parameter. Does this make any
sense for you?
mire:/home/webmaster/bin # tail -200 xwiki.log | grep SSLException
javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected
error: java.security.InvalidAlgorithmParameterException: the
trustAnchors parameter must be non-empty
Caused by: javax.net.ssl.SSLException: java.lang.RuntimeException:
Unexpected error: java.security.InvalidAlgorithmParameterException: the
trustAnchors parameter must be non-empty
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown
Source)
I read in XWIKI-1079 issue:
# keystore for certificates / root certificates (default is .keystore in
the xwiki-process-users homedirectory)
xwiki.authentication.ldap.ssl.keystore=<path_to_ssl_keystore>
Please what is the xwiki-process-users homedirectory?
The code checked in the JIRA issue is a suggestion for
improvement of
XWiki coming out of the community. It is a plug-in and therefore is
fairly independent from the regular XWiki development and build process.
By referencing xwiki.jar (and novell's ldap jar) you should be able to
compile the sources that I provided.
JIRA issue XWIKI-1079 is related with XWIKI-865 by Philippe Marzouk.
There is a xwiki-ldap-ssl.patch attached there, but no comments or any
further information. I understand this proposal has not been considered
and never added to the main distribution. And that your classes keep
also out of the main distribution and are only available from the JIRA
issue, am I right?
Please, Gunter, when a suggestion from the community does become part of
the official distribution?
Just trying to understand how things are done...
I have also added the class files.
You are corret the last bug fixes I checked in in the mentioned
attachment.
If you haven't done before, before you go thorough compiling the
plug-in try out the classes. See if you can handle the configuration.
Regards,
Gunter
I will try to use your classes, then moved ahead and try to compile the
last version.
Cheers,
Ricardo
--
Ricardo Rodríguez
Your XEN ICT Team
6221
days inactive
6225
days old
7 comments
4 participants
participants (4)
-
Gunter Leeb -
Nicolas Grossi -
Sheila Hobeck -
Your XEN ICT Team - Ricardo Rodriguez