Did you properly set xwiki.authentication.authclass property in xwiki.cfg file ? Are you sure you are looking at the right log file ? Do you have anything related to xwiki in those logs ? On Fri, Jul 11, 2014 at 6:11 PM, Markus Adler <madler(a)outlook.com> wrote: -- Thomas Mortagne

On Fri, Jul 11, 2014 at 6:59 PM, Markus Adler <madler(a)outlook.com> wrote: If you enabled debug log it should be somwhere. When XWiki initialize it prints logs about SOLR server and other stuff, do you have any file with it ? Yes. -- Thomas Mortagne

On Fri, Jul 11, 2014 at 9:10 PM, Markus Adler <madler(a)outlook.com> wrote: I have no idea what application server you are using so I can't really tell you that, this is not an XWiki decision. -- Thomas Mortagne

Ah, sorry. It's the stand alone version running on a windows platform. Also, I think I got it. The debug info shows up on the command prompt screen which gave me some idea of what was failing. It appears to not like binding with the login account. I've resolved the issue by binding to LDAP with a dedicated service account as I have with other systems and it appears to work now. Thanks for your help.

I am having issues getting the ldap to work as well with the same stand alone install with Windows. I know I have all the settings because we use it on another system, but I am just unsure how they should be formatted. I need to do the bind account and have that info listed but still it isn't working. Here is what I have. My inputs are in bold. I also have had no luck turning on logging for the ldap. I tried Lilith, but as soon as I attempt to log into the system, it disconnects. Any help would be greatly appreciated. #-# LDAP authentication service # xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl #-# Turn LDAP authentication on - otherwise only XWiki authentication #-# - 0: disable #-# - 1: enable #-# The default is 0 xwiki.authentication.ldap=1 #-# LDAP Server (Active Directory, eDirectory, OpenLDAP, etc.) xwiki.authentication.ldap.server=*(I have the IP here)* xwiki.authentication.ldap.port=389 #-# LDAP login, empty = anonymous access, otherwise specify full dn #-# {0} is replaced with the user name, {1} with the password xwiki.authentication.ldap.bind_DN=cn=*(the bind account username only here)* xwiki.authentication.ldap.bind_pass=*(bind account password only)* #-# The Base DN used in LDAP searches xwiki.authentication.ldap.base_DN=*OU=_USERS,DC=na,DC=nice,DC=com* #-# LDAP query to search the user in the LDAP database (in case a static admin user is provided in #-# xwiki.authentication.ldap.bind_DN) #-# {0} is replaced with the user uid field name and {1} with the user name #-# The default is ({0}={1}) xwiki.authentication.ldap.user_search_fmt=({0}={1}) #-# Only members of the following group can authenticate. #-# The following kind of groups are supported: #-# * LDAP static groups (users/subgroups are listed statically in the group object) #-# * [Since 3.3M1] LDAP organization units (users/subgroups are sub object of the provided organization unit) #-# * [Since 3.3M1] LDAP filter (users/groups are object found in a search with the provided filter) # #xwiki.authentication.ldap.user_group=cn=developers,ou=groups,o=MegaNova,c=US #-# [Since 1.5RC1, XWikiLDAPAuthServiceImpl] #-# Only users not member of the following group can authenticate. #-# The following kind of groups are supported: #-# * LDAP static groups (users/subgroups are listed statically in the group object) #-# * [Since 3.3M1] LDAP organization units (users/subgroups are sub object of the provided organization unit) #-# * [Since 3.3M1] LDAP filter (users/groups are object found in a search with the provided filter) # xwiki.authentication.ldap.exclude_group=cn=admin,ou=groups,o=MegaNova,c=US #-# Specifies the LDAP attribute containing the identifier to be used as the XWiki name #-# The default is cn xwiki.authentication.ldap.UID_attr=*samAccountName* #-# [Since 1.5M1, XWikiLDAPAuthServiceImpl] #-# The potential LDAP groups classes. Separated by commas. # xwiki.authentication.ldap.group_classes=group,groupOfNames,groupOfUniqueNames,dynamicGroup,dynamicGroupAux,groupWiseDistributionList,posixGroup,apple-group #-# [Since 1.5M1, XWikiLDAPAuthServiceImpl] #-# The potential names of the LDAP groups fields containings the members. Separated by commas. # xwiki.authentication.ldap.group_memberfields=member,uniqueMember,memberUid #-# retrieve the following fields from LDAP and store them in the XWiki user object (xwiki-attribute=ldap-attribute) xwiki.authentication.ldap.fields_mapping=last_name=sn,first_name=givenName,email=mail #-# [Since 1.3M2, XWikiLDAPAuthServiceImpl] #-# On every login update the mapped attributes from LDAP to XWiki otherwise this happens only once when the XWiki #-# account is created. #-# - 0: only when creating user #-# - 1: at each authentication #-# The default is 0 xwiki.authentication.ldap.update_user=*1* #-# [Since 1.3M2, XWikiLDAPAuthServiceImpl] #-# Maps XWiki groups to LDAP groups, separator is "|". #-# The following kind of groups are supported: #-# * LDAP static groups (users/subgroups are listed statically in the group object) #-# * [Since 3.3M1] LDAP organization units (users/subgroups are sub object of the provided organization unit) #-# * [Since 3.3M1] LDAP filter (users/groups are object found in a search with the provided filter), #-# | character in the filter need to be escaped with backslash (\). #-# -- View this message in context: http://xwiki.475771.n2.nabble.com/xWiki-6-1-LDAP-Issues-tp7591284p7591496.h… Sent from the XWiki- Users mailing list archive at Nabble.com.

Thanks for the response Clemens. I tried adjusting the setting per your suggestions with no help. One setting I am seeing I am not seeing in the xwiki settings is for security level. On the other server we have a security setting for Starttls that I am not seeing a place for in the xwiki.cfg. That could be the problem, but I am not positive. Do you think I am on the right track and if so, where would I put that? Thanks again Ron -- View this message in context: http://xwiki.475771.n2.nabble.com/xWiki-6-1-LDAP-Issues-tp7591284p7591501.h… Sent from the XWiki- Users mailing list archive at Nabble.com.

Well the port is definitely 389 but I did tried enabling the ssl to no avail. Hehe, it should be this hard. I am missing something entirely evidently....I will keep banging it. I will find the combination eventually. Thank for the help Clemens. Let me know if you can think of anything else. Ron -- View this message in context: http://xwiki.475771.n2.nabble.com/xWiki-6-1-LDAP-Issues-tp7591284p7591505.h… Sent from the XWiki- Users mailing list archive at Nabble.com.

You can enable the log you need in the Logging section of the administration page (bin/admin/XWiki/XWikiPreferences?editor=globaladmin&section=Logging). Set TRACE for the packages listed in http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication#HEnableL… (I really need to update that page), no need to restart. Then you need to know where your application server is writing the log. Once you have the log it's usually very clear what is wrong exactly. On Thu, Jul 31, 2014 at 3:20 PM, Pascal BASTIEN <pbasnews-xwiki(a)yahoo.fr> wrote: -- Thomas Mortagne