Re: [xwiki-users] xwiki LDAP configuration
Looks like you enabled debug log only for XWikiLDAPAuthServiceImpl
class, you should also enable it for com.xpn.xwiki.plugin.ldap package
as indicated on
http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication#HEnableLDAPdebuglog
The root cause is "Invalid Credentials" which means that the user
cn={0},ou=people,dc=info,dc=uaic,dc=ro with {0} being the name you
entered in the login form and the password you gave don't have the
right to authenticate on that server.
You should maybe try some LDAP client (a few are listed on
http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication#HGenericLDAPconfiguration)
to validate the information you entered in the configuration and
especially the bind DN.
On Thu, Apr 9, 2015 at 3:30 PM, Alex Moruz wrote:
> Hello,
>
> I am trying to connect to an LDAP server using the LDAP Admin Application
> and failing. The settings I have configured are as follows:
>
> - LDAP - enabled
> - LDAP SERVER ADDRESS - server IP address
> - LDAP SERVER PORT - 389
> - LDAP LOGIN MATCHING - cn={0},ou=people,dc=info,dc=uaic,dc=ro
> - LDAP PASSWORD MATCHING - {1}
> - TRY LOCAL LOGIN - yes
> - UPDATE USER FROM LDAP AFTER LOGIN - yes
> - LDAP USER FIELDS MAPPING - last_name=sn,first_name=givenName,email=mail
>
> Everything else is left blank, and in the xwiki.cfg file, the only
> uncommented line is
> xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl
>
> Every time I try to log in using LDAP credentials the attempt fails with the
> log entry given at the end of the message. I have also tried the exact same
> settings in the xwiki.cfg file, with the same error message.
>
> The server I am using is Tomcat, and the xwiki version is 6.4.
>
> Best regards,
> Alex Moruz
>
>
> 2015-04-09 16:28:13,172
> [http://127.0.0.1:8080/xwiki-enterprise-web-6.4/bin/loginsubmit/XWiki/XWikiLogin]
> TRACE u.i.L.XWikiLDAPAuthServiceImpl - Starting LDAP authentication
> 2015-04-09 16:28:13,185
> [http://127.0.0.1:8080/xwiki-enterprise-web-6.4/bin/loginsubmit/XWiki/XWikiLogin]
> DEBUG u.i.L.XWikiLDAPAuthServiceImpl - The provided user is null. We don't
> try to authenticate, it probably means the user is in non logged mode.
> 2015-04-09 16:28:13,185
> [http://127.0.0.1:8080/xwiki-enterprise-web-6.4/bin/loginsubmit/XWiki/XWikiLogin]
> TRACE u.i.L.XWikiLDAPAuthServiceImpl - Starting LDAP authentication
> 2015-04-09 16:28:13,229
> [http://127.0.0.1:8080/xwiki-enterprise-web-6.4/bin/loginsubmit/XWiki/XWikiLogin]
> DEBUG u.i.L.XWikiLDAPAuthServiceImpl - Local LDAP authentication failed.
> com.xpn.xwiki.plugin.ldap.XWikiLDAPException: Error number 0 in 5: LDAP bind
> failed with LDAPException.
> at
> com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:197)
> ~[xwiki-platform-ldap-authenticator-6.4.jar:na]
> at
> com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:125)
> ~[xwiki-platform-ldap-authenticator-6.4.jar:na]
> at
> com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticateInContext(XWikiLDAPAuthServiceImpl.java:305)
> [xwiki-platform-ldap-authenticator-6.4.jar:na]
> at
> com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWikiLDAPAuthServiceImpl.java:182)
> [xwiki-platform-ldap-authenticator-6.4.jar:na]
> at
> com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.authenticate(XWikiLDAPAuthServiceImpl.java:129)
> [xwiki-platform-ldap-authenticator-6.4.jar:na]
> at
> com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.authenticate(MyFormAuthenticator.java:272)
> [xwiki-platform-legacy-oldcore-6.4.jar:na]
> at
> com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:192)
> [xwiki-platform-legacy-oldcore-6.4.jar:na]
> at
> com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:174)
> [xwiki-platform-legacy-oldcore-6.4.jar:na]
> at
> com.xpn.xwiki.user.impl.xwiki.XWikiAuthServiceImpl.checkAuth(XWikiAuthServiceImpl.java:239)
> [xwiki-platform-legacy-oldcore-6.4.jar:na]
> at com.xpn.xwiki.XWiki.checkAuth(XWiki.java:3293)
> [xwiki-platform-legacy-oldcore-6.4.jar:na]
> at
> org.xwiki.security.authorization.internal.XWikiCachingRightService.authenticateUser(XWikiCachingRightService.java:241)
> [xwiki-platform-security-bridge-6.4.jar:na]
> at
> org.xwiki.security.authorization.internal.XWikiCachingRightService.checkAccess(XWikiCachingRightService.java:271)
> [xwiki-platform-security-bridge-6.4.jar:na]
> at com.xpn.xwiki.XWiki.checkAccess(XWiki.java:3306)
> [xwiki-platform-legacy-oldcore-6.4.jar:na]
> at com.xpn.xwiki.XWiki.prepareDocuments(XWiki.java:4299)
> [xwiki-platform-legacy-oldcore-6.4.jar:na]
> at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:269)
> [xwiki-platform-legacy-oldcore-6.4.jar:na]
> at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:146)
> [xwiki-platform-legacy-oldcore-6.4.jar:na]
> at
> org.apache.struts.action.RequestProcessor.
Re: [xwiki-users] xwiki LDAP configuration
Hi alex
I think that you use an Active Directory LDAP Server.
For this case, we have created a technical user called "LDAPBrowser" that has
the right to search in the whole AD server
The parameter "xwiki.authentication.ldap.bind_DN" is filled with the full DN,
and " xwiki.authentication.ldap.bind_pass" contains the password of this user.
Then "xwiki.authentication.ldap.base_DN" points to the branch of our LDAP
So the LDAP section of our xwifi.cfg file looks like this :
xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl
xwiki.authentication.ldap=1
xwiki.authentication.ldap.server=10.69.1.1
xwiki.authentication.ldap.port=389
xwiki.authentication.ldap.bind_DN=CN=LDAPBrowser,OU=XXX,OU=YYY,DC=ZZZ,DC=lan
xwiki.authentication.ldap.bind_pass=X
xwiki.authentication.ldap.base_DN=OU=YYY,DC=ZZZ,DC=lan
xwiki.authentication.ldap.UID_attr=sAMAccountName
xwiki.authentication.ldap.fields_mapping=name=sAMAccountName,last_name=sn,first_name=givenName,fullname=displayName,email=mail,ldap_dn=dn
xwiki.authentication.ldap.update_user=1
Hope it helps,
Laurent
-Message d'origine-
De : users [mailto:users-boun...@xwiki.org] De la part de Alex Moruz
Envoyé : jeudi 9 avril 2015 15:31
À : users@xwiki.org
Objet : [xwiki-users] xwiki LDAP configuration
Hello,
I am trying to connect to an LDAP server using the LDAP Admin Application and
failing. The settings I have configured are as follows:
- LDAP - enabled
- LDAP SERVER ADDRESS - server IP address
- LDAP SERVER PORT - 389
- LDAP LOGIN MATCHING - cn={0},ou=people,dc=info,dc=uaic,dc=ro
- LDAP PASSWORD MATCHING - {1}
- TRY LOCAL LOGIN - yes
- UPDATE USER FROM LDAP AFTER LOGIN - yes
- LDAP USER FIELDS MAPPING - last_name=sn,first_name=givenName,email=mail
Everything else is left blank, and in the xwiki.cfg file, the only uncommented
line is
xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl
Every time I try to log in using LDAP credentials the attempt fails with the
log entry given at the end of the message. I have also tried the exact same
settings in the xwiki.cfg file, with the same error message.
The server I am using is Tomcat, and the xwiki version is 6.4.
Best regards,
Alex Moruz
2015-04-09 16:28:13,172
[http://127.0.0.1:8080/xwiki-enterprise-web-6.4/bin/loginsubmit/XWiki/XWikiLogin]
TRACE u.i.L.XWikiLDAPAuthServiceImpl - Starting LDAP authentication
2015-04-09 16:28:13,185
[http://127.0.0.1:8080/xwiki-enterprise-web-6.4/bin/loginsubmit/XWiki/XWikiLogin]
DEBUG u.i.L.XWikiLDAPAuthServiceImpl - The provided user is null. We don't try
to authenticate, it probably means the user is in non logged mode.
2015-04-09 16:28:13,185
[http://127.0.0.1:8080/xwiki-enterprise-web-6.4/bin/loginsubmit/XWiki/XWikiLogin]
TRACE u.i.L.XWikiLDAPAuthServiceImpl - Starting LDAP authentication
2015-04-09 16:28:13,229
[http://127.0.0.1:8080/xwiki-enterprise-web-6.4/bin/loginsubmit/XWiki/XWikiLogin]
DEBUG u.i.L.XWikiLDAPAuthServiceImpl - Local LDAP authentication failed.
com.xpn.xwiki.plugin.ldap.XWikiLDAPException: Error number 0 in 5: LDAP bind
failed with LDAPException.
at
com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:197)
~[xwiki-platform-ldap-authenticator-6.4.jar:na]
at
com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:125)
~[xwiki-platform-ldap-authenticator-6.4.jar:na]
at
com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticateInContext(XWikiLDAPAuthServiceImpl.java:305)
[xwiki-platform-ldap-authenticator-6.4.jar:na]
at
com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWikiLDAPAuthServiceImpl.java:182)
[xwiki-platform-ldap-authenticator-6.4.jar:na]
at
com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.authenticate(XWikiLDAPAuthServiceImpl.java:129)
[xwiki-platform-ldap-authenticator-6.4.jar:na]
at
com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.authenticate(MyFormAuthenticator.java:272)
[xwiki-platform-legacy-oldcore-6.4.jar:na]
at
com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:192)
[xwiki-platform-legacy-oldcore-6.4.jar:na]
at
com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:174)
[xwiki-platform-legacy-oldcore-6.4.jar:na]
at
com.xpn.xwiki.user.impl.xwiki.XWikiAuthServiceImpl.checkAuth(XWikiAuthServiceImpl.java:239)
[xwiki-platform-legacy-oldcore-6.4.jar:na]
at com.xpn.xwiki.XWiki.checkAuth(XWiki.java:3293)
[xwiki-platform-legacy-oldcore-6.4.jar:na]
at
org.xwiki.security.authorization.internal.XWikiCachingRightService.authenticateUser(XWikiCachingRightService.java:241)
[xwiki-platform-security-bridge-6.4.jar:na]
at
org.xwiki.security.authorization.internal.XWikiCachingRightService.checkAccess(XWikiCachingRightService.java:271)
[xwiki-platform-security-bridge-6.4.jar:na]
at com.xpn.xwiki.XWiki.checkAccess(X
[xwiki-users] xwiki LDAP configuration
Hello,
I am trying to connect to an LDAP server using the LDAP Admin
Application and failing. The settings I have configured are as follows:
- LDAP - enabled
- LDAP SERVER ADDRESS - server IP address
- LDAP SERVER PORT - 389
- LDAP LOGIN MATCHING - cn={0},ou=people,dc=info,dc=uaic,dc=ro
- LDAP PASSWORD MATCHING - {1}
- TRY LOCAL LOGIN - yes
- UPDATE USER FROM LDAP AFTER LOGIN - yes
- LDAP USER FIELDS MAPPING - last_name=sn,first_name=givenName,email=mail
Everything else is left blank, and in the xwiki.cfg file, the only
uncommented line is
xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl
Every time I try to log in using LDAP credentials the attempt fails with
the log entry given at the end of the message. I have also tried the
exact same settings in the xwiki.cfg file, with the same error message.
The server I am using is Tomcat, and the xwiki version is 6.4.
Best regards,
Alex Moruz
2015-04-09 16:28:13,172
[http://127.0.0.1:8080/xwiki-enterprise-web-6.4/bin/loginsubmit/XWiki/XWikiLogin]
TRACE u.i.L.XWikiLDAPAuthServiceImpl - Starting LDAP authentication
2015-04-09 16:28:13,185
[http://127.0.0.1:8080/xwiki-enterprise-web-6.4/bin/loginsubmit/XWiki/XWikiLogin]
DEBUG u.i.L.XWikiLDAPAuthServiceImpl - The provided user is null. We
don't try to authenticate, it probably means the user is in non logged
mode.
2015-04-09 16:28:13,185
[http://127.0.0.1:8080/xwiki-enterprise-web-6.4/bin/loginsubmit/XWiki/XWikiLogin]
TRACE u.i.L.XWikiLDAPAuthServiceImpl - Starting LDAP authentication
2015-04-09 16:28:13,229
[http://127.0.0.1:8080/xwiki-enterprise-web-6.4/bin/loginsubmit/XWiki/XWikiLogin]
DEBUG u.i.L.XWikiLDAPAuthServiceImpl - Local LDAP authentication failed.
com.xpn.xwiki.plugin.ldap.XWikiLDAPException: Error number 0 in 5: LDAP
bind failed with LDAPException.
at
com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:197)
~[xwiki-platform-ldap-authenticator-6.4.jar:na]
at
com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:125)
~[xwiki-platform-ldap-authenticator-6.4.jar:na]
at
com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticateInContext(XWikiLDAPAuthServiceImpl.java:305)
[xwiki-platform-ldap-authenticator-6.4.jar:na]
at
com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWikiLDAPAuthServiceImpl.java:182)
[xwiki-platform-ldap-authenticator-6.4.jar:na]
at
com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.authenticate(XWikiLDAPAuthServiceImpl.java:129)
[xwiki-platform-ldap-authenticator-6.4.jar:na]
at
com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.authenticate(MyFormAuthenticator.java:272)
[xwiki-platform-legacy-oldcore-6.4.jar:na]
at
com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:192)
[xwiki-platform-legacy-oldcore-6.4.jar:na]
at
com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:174)
[xwiki-platform-legacy-oldcore-6.4.jar:na]
at
com.xpn.xwiki.user.impl.xwiki.XWikiAuthServiceImpl.checkAuth(XWikiAuthServiceImpl.java:239)
[xwiki-platform-legacy-oldcore-6.4.jar:na]
at com.xpn.xwiki.XWiki.checkAuth(XWiki.java:3293)
[xwiki-platform-legacy-oldcore-6.4.jar:na]
at
org.xwiki.security.authorization.internal.XWikiCachingRightService.authenticateUser(XWikiCachingRightService.java:241)
[xwiki-platform-security-bridge-6.4.jar:na]
at
org.xwiki.security.authorization.internal.XWikiCachingRightService.checkAccess(XWikiCachingRightService.java:271)
[xwiki-platform-security-bridge-6.4.jar:na]
at com.xpn.xwiki.XWiki.checkAccess(XWiki.java:3306)
[xwiki-platform-legacy-oldcore-6.4.jar:na]
at com.xpn.xwiki.XWiki.prepareDocuments(XWiki.java:4299)
[xwiki-platform-legacy-oldcore-6.4.jar:na]
at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:269)
[xwiki-platform-legacy-oldcore-6.4.jar:na]
at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:146)
[xwiki-platform-legacy-oldcore-6.4.jar:na]
at
org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:425)
[struts-core-1.3.10.jar:1.3.10]
at
org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:228)
[struts-core-1.3.10.jar:1.3.10]
at
org.apache.struts.action.ActionServlet.process(ActionServlet.java:1913)
[struts-core-1.3.10.jar:1.3.10]
at
org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:462)
[struts-core-1.3.10.jar:1.3.10]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:643)
[servlet-api.jar:na]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:723)
[servlet-api.jar:na]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
[catalina.jar:6.0.43]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
[catalina.jar:6.0.43]
at com.xpn.xwiki.web.ActionFilter.doFi
Re: [xwiki-users] Xwiki LDAP Configuration - multiple LDAP Base question
On Tue, Nov 20, 2012 at 10:00 AM, Csaba wrote:
> Hi,
>
> I would like to configure the XWIKI LDAP and I encountered a specific issue
> defining more than one base_DN. Is this possible at all?
No, its not officially supported yet. Should be part of
http://jira.xwiki.org/browse/XWIKI-2577 but nobody is assigned to work on
it anytime soon (contribution welcomed ;)).
That said there is the hack explained on
http://platform.xwiki.org/xwiki/bin/view/AdminGuide/LDAPAuthenticationUseCases#HMyusersarenotlocatedonthesameserverbut
I never tried it myself and you are not guaranty that this will work
forever.
> I have 2 types of Users:
> 1. o=org1, c=c1, dc=company
> 2. o=org2, c=c2, dc=company
>
> These Users also have a common Group:
>
> xwiki.authentication.ldap.user_group=cn=APP-SYTA-
> EMPLOYEES,cn=appgroups,cn=groups,dc=company
>
> My question is: how do I configure the LDAP in this case, so that both
> types of
> users have access to xwiki? Should I use only the group configuration??
>
> Now is configured as follows and it works for one type of users (the ones
> belonging in org1, c1 in LDAP):
>
> xwiki.authentication.ldap.base_DN=o=org1,c=c1,dc=company
>
> xwiki.authentication.ldap.bind_DN=uid={0},o=org1,c=c1,dc=company
> xwiki.authentication.ldap.bind_pass={1}
>
> xwiki.authentication.ldap.user_group=cn=APP-SYTA-
> EMPLOYEES,cn=appgroups,cn=groups,dc=company
>
> I would appreciate some help. Thanks a lot in advance!
>
> Best regards!
>
> ___
> users mailing list
> users@xwiki.org
> http://lists.xwiki.org/mailman/listinfo/users
>
--
Thomas Mortagne
___
users mailing list
users@xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
[xwiki-users] Xwiki LDAP Configuration - multiple LDAP Base question
Hi,
I would like to configure the XWIKI LDAP and I encountered a specific issue
defining more than one base_DN. Is this possible at all? I have 2 types of
Users:
1. o=org1, c=c1, dc=company
2. o=org2, c=c2, dc=company
These Users also have a common Group:
xwiki.authentication.ldap.user_group=cn=APP-SYTA-
EMPLOYEES,cn=appgroups,cn=groups,dc=company
My question is: how do I configure the LDAP in this case, so that both types of
users have access to xwiki? Should I use only the group configuration??
Now is configured as follows and it works for one type of users (the ones
belonging in org1, c1 in LDAP):
xwiki.authentication.ldap.base_DN=o=org1,c=c1,dc=company
xwiki.authentication.ldap.bind_DN=uid={0},o=org1,c=c1,dc=company
xwiki.authentication.ldap.bind_pass={1}
xwiki.authentication.ldap.user_group=cn=APP-SYTA-
EMPLOYEES,cn=appgroups,cn=groups,dc=company
I would appreciate some help. Thanks a lot in advance!
Best regards!
___
users mailing list
users@xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
