Re: [xwiki-users] xwiki LDAP configuration
Looks like you enabled debug log only for XWikiLDAPAuthServiceImpl class, you should also enable it for com.xpn.xwiki.plugin.ldap package as indicated on http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication#HEnableLDAPdebuglog The root cause is "Invalid Credentials" which means that the user cn={0},ou=people,dc=info,dc=uaic,dc=ro with {0} being the name you entered in the login form and the password you gave don't have the right to authenticate on that server. You should maybe try some LDAP client (a few are listed on http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication#HGenericLDAPconfiguration) to validate the information you entered in the configuration and especially the bind DN. On Thu, Apr 9, 2015 at 3:30 PM, Alex Moruz wrote: > Hello, > > I am trying to connect to an LDAP server using the LDAP Admin Application > and failing. The settings I have configured are as follows: > > - LDAP - enabled > - LDAP SERVER ADDRESS - server IP address > - LDAP SERVER PORT - 389 > - LDAP LOGIN MATCHING - cn={0},ou=people,dc=info,dc=uaic,dc=ro > - LDAP PASSWORD MATCHING - {1} > - TRY LOCAL LOGIN - yes > - UPDATE USER FROM LDAP AFTER LOGIN - yes > - LDAP USER FIELDS MAPPING - last_name=sn,first_name=givenName,email=mail > > Everything else is left blank, and in the xwiki.cfg file, the only > uncommented line is > xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl > > Every time I try to log in using LDAP credentials the attempt fails with the > log entry given at the end of the message. I have also tried the exact same > settings in the xwiki.cfg file, with the same error message. > > The server I am using is Tomcat, and the xwiki version is 6.4. > > Best regards, > Alex Moruz > > > 2015-04-09 16:28:13,172 > [http://127.0.0.1:8080/xwiki-enterprise-web-6.4/bin/loginsubmit/XWiki/XWikiLogin] > TRACE u.i.L.XWikiLDAPAuthServiceImpl - Starting LDAP authentication > 2015-04-09 16:28:13,185 > [http://127.0.0.1:8080/xwiki-enterprise-web-6.4/bin/loginsubmit/XWiki/XWikiLogin] > DEBUG u.i.L.XWikiLDAPAuthServiceImpl - The provided user is null. We don't > try to authenticate, it probably means the user is in non logged mode. > 2015-04-09 16:28:13,185 > [http://127.0.0.1:8080/xwiki-enterprise-web-6.4/bin/loginsubmit/XWiki/XWikiLogin] > TRACE u.i.L.XWikiLDAPAuthServiceImpl - Starting LDAP authentication > 2015-04-09 16:28:13,229 > [http://127.0.0.1:8080/xwiki-enterprise-web-6.4/bin/loginsubmit/XWiki/XWikiLogin] > DEBUG u.i.L.XWikiLDAPAuthServiceImpl - Local LDAP authentication failed. > com.xpn.xwiki.plugin.ldap.XWikiLDAPException: Error number 0 in 5: LDAP bind > failed with LDAPException. > at > com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:197) > ~[xwiki-platform-ldap-authenticator-6.4.jar:na] > at > com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:125) > ~[xwiki-platform-ldap-authenticator-6.4.jar:na] > at > com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticateInContext(XWikiLDAPAuthServiceImpl.java:305) > [xwiki-platform-ldap-authenticator-6.4.jar:na] > at > com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWikiLDAPAuthServiceImpl.java:182) > [xwiki-platform-ldap-authenticator-6.4.jar:na] > at > com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.authenticate(XWikiLDAPAuthServiceImpl.java:129) > [xwiki-platform-ldap-authenticator-6.4.jar:na] > at > com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.authenticate(MyFormAuthenticator.java:272) > [xwiki-platform-legacy-oldcore-6.4.jar:na] > at > com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:192) > [xwiki-platform-legacy-oldcore-6.4.jar:na] > at > com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:174) > [xwiki-platform-legacy-oldcore-6.4.jar:na] > at > com.xpn.xwiki.user.impl.xwiki.XWikiAuthServiceImpl.checkAuth(XWikiAuthServiceImpl.java:239) > [xwiki-platform-legacy-oldcore-6.4.jar:na] > at com.xpn.xwiki.XWiki.checkAuth(XWiki.java:3293) > [xwiki-platform-legacy-oldcore-6.4.jar:na] > at > org.xwiki.security.authorization.internal.XWikiCachingRightService.authenticateUser(XWikiCachingRightService.java:241) > [xwiki-platform-security-bridge-6.4.jar:na] > at > org.xwiki.security.authorization.internal.XWikiCachingRightService.checkAccess(XWikiCachingRightService.java:271) > [xwiki-platform-security-bridge-6.4.jar:na] > at com.xpn.xwiki.XWiki.checkAccess(XWiki.java:3306) > [xwiki-platform-legacy-oldcore-6.4.jar:na] > at com.xpn.xwiki.XWiki.prepareDocuments(XWiki.java:4299) > [xwiki-platform-legacy-oldcore-6.4.jar:na] > at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:269) > [xwiki-platform-legacy-oldcore-6.4.jar:na] > at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:146) > [xwiki-platform-legacy-oldcore-6.4.jar:na] > at > org.apache.struts.action.RequestProcessor.
Re: [xwiki-users] xwiki LDAP configuration
Hi alex I think that you use an Active Directory LDAP Server. For this case, we have created a technical user called "LDAPBrowser" that has the right to search in the whole AD server The parameter "xwiki.authentication.ldap.bind_DN" is filled with the full DN, and " xwiki.authentication.ldap.bind_pass" contains the password of this user. Then "xwiki.authentication.ldap.base_DN" points to the branch of our LDAP So the LDAP section of our xwifi.cfg file looks like this : xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl xwiki.authentication.ldap=1 xwiki.authentication.ldap.server=10.69.1.1 xwiki.authentication.ldap.port=389 xwiki.authentication.ldap.bind_DN=CN=LDAPBrowser,OU=XXX,OU=YYY,DC=ZZZ,DC=lan xwiki.authentication.ldap.bind_pass=X xwiki.authentication.ldap.base_DN=OU=YYY,DC=ZZZ,DC=lan xwiki.authentication.ldap.UID_attr=sAMAccountName xwiki.authentication.ldap.fields_mapping=name=sAMAccountName,last_name=sn,first_name=givenName,fullname=displayName,email=mail,ldap_dn=dn xwiki.authentication.ldap.update_user=1 Hope it helps, Laurent -Message d'origine- De : users [mailto:users-boun...@xwiki.org] De la part de Alex Moruz Envoyé : jeudi 9 avril 2015 15:31 À : users@xwiki.org Objet : [xwiki-users] xwiki LDAP configuration Hello, I am trying to connect to an LDAP server using the LDAP Admin Application and failing. The settings I have configured are as follows: - LDAP - enabled - LDAP SERVER ADDRESS - server IP address - LDAP SERVER PORT - 389 - LDAP LOGIN MATCHING - cn={0},ou=people,dc=info,dc=uaic,dc=ro - LDAP PASSWORD MATCHING - {1} - TRY LOCAL LOGIN - yes - UPDATE USER FROM LDAP AFTER LOGIN - yes - LDAP USER FIELDS MAPPING - last_name=sn,first_name=givenName,email=mail Everything else is left blank, and in the xwiki.cfg file, the only uncommented line is xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl Every time I try to log in using LDAP credentials the attempt fails with the log entry given at the end of the message. I have also tried the exact same settings in the xwiki.cfg file, with the same error message. The server I am using is Tomcat, and the xwiki version is 6.4. Best regards, Alex Moruz 2015-04-09 16:28:13,172 [http://127.0.0.1:8080/xwiki-enterprise-web-6.4/bin/loginsubmit/XWiki/XWikiLogin] TRACE u.i.L.XWikiLDAPAuthServiceImpl - Starting LDAP authentication 2015-04-09 16:28:13,185 [http://127.0.0.1:8080/xwiki-enterprise-web-6.4/bin/loginsubmit/XWiki/XWikiLogin] DEBUG u.i.L.XWikiLDAPAuthServiceImpl - The provided user is null. We don't try to authenticate, it probably means the user is in non logged mode. 2015-04-09 16:28:13,185 [http://127.0.0.1:8080/xwiki-enterprise-web-6.4/bin/loginsubmit/XWiki/XWikiLogin] TRACE u.i.L.XWikiLDAPAuthServiceImpl - Starting LDAP authentication 2015-04-09 16:28:13,229 [http://127.0.0.1:8080/xwiki-enterprise-web-6.4/bin/loginsubmit/XWiki/XWikiLogin] DEBUG u.i.L.XWikiLDAPAuthServiceImpl - Local LDAP authentication failed. com.xpn.xwiki.plugin.ldap.XWikiLDAPException: Error number 0 in 5: LDAP bind failed with LDAPException. at com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:197) ~[xwiki-platform-ldap-authenticator-6.4.jar:na] at com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:125) ~[xwiki-platform-ldap-authenticator-6.4.jar:na] at com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticateInContext(XWikiLDAPAuthServiceImpl.java:305) [xwiki-platform-ldap-authenticator-6.4.jar:na] at com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWikiLDAPAuthServiceImpl.java:182) [xwiki-platform-ldap-authenticator-6.4.jar:na] at com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.authenticate(XWikiLDAPAuthServiceImpl.java:129) [xwiki-platform-ldap-authenticator-6.4.jar:na] at com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.authenticate(MyFormAuthenticator.java:272) [xwiki-platform-legacy-oldcore-6.4.jar:na] at com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:192) [xwiki-platform-legacy-oldcore-6.4.jar:na] at com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:174) [xwiki-platform-legacy-oldcore-6.4.jar:na] at com.xpn.xwiki.user.impl.xwiki.XWikiAuthServiceImpl.checkAuth(XWikiAuthServiceImpl.java:239) [xwiki-platform-legacy-oldcore-6.4.jar:na] at com.xpn.xwiki.XWiki.checkAuth(XWiki.java:3293) [xwiki-platform-legacy-oldcore-6.4.jar:na] at org.xwiki.security.authorization.internal.XWikiCachingRightService.authenticateUser(XWikiCachingRightService.java:241) [xwiki-platform-security-bridge-6.4.jar:na] at org.xwiki.security.authorization.internal.XWikiCachingRightService.checkAccess(XWikiCachingRightService.java:271) [xwiki-platform-security-bridge-6.4.jar:na] at com.xpn.xwiki.XWiki.checkAccess(X
[xwiki-users] xwiki LDAP configuration
Hello, I am trying to connect to an LDAP server using the LDAP Admin Application and failing. The settings I have configured are as follows: - LDAP - enabled - LDAP SERVER ADDRESS - server IP address - LDAP SERVER PORT - 389 - LDAP LOGIN MATCHING - cn={0},ou=people,dc=info,dc=uaic,dc=ro - LDAP PASSWORD MATCHING - {1} - TRY LOCAL LOGIN - yes - UPDATE USER FROM LDAP AFTER LOGIN - yes - LDAP USER FIELDS MAPPING - last_name=sn,first_name=givenName,email=mail Everything else is left blank, and in the xwiki.cfg file, the only uncommented line is xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl Every time I try to log in using LDAP credentials the attempt fails with the log entry given at the end of the message. I have also tried the exact same settings in the xwiki.cfg file, with the same error message. The server I am using is Tomcat, and the xwiki version is 6.4. Best regards, Alex Moruz 2015-04-09 16:28:13,172 [http://127.0.0.1:8080/xwiki-enterprise-web-6.4/bin/loginsubmit/XWiki/XWikiLogin] TRACE u.i.L.XWikiLDAPAuthServiceImpl - Starting LDAP authentication 2015-04-09 16:28:13,185 [http://127.0.0.1:8080/xwiki-enterprise-web-6.4/bin/loginsubmit/XWiki/XWikiLogin] DEBUG u.i.L.XWikiLDAPAuthServiceImpl - The provided user is null. We don't try to authenticate, it probably means the user is in non logged mode. 2015-04-09 16:28:13,185 [http://127.0.0.1:8080/xwiki-enterprise-web-6.4/bin/loginsubmit/XWiki/XWikiLogin] TRACE u.i.L.XWikiLDAPAuthServiceImpl - Starting LDAP authentication 2015-04-09 16:28:13,229 [http://127.0.0.1:8080/xwiki-enterprise-web-6.4/bin/loginsubmit/XWiki/XWikiLogin] DEBUG u.i.L.XWikiLDAPAuthServiceImpl - Local LDAP authentication failed. com.xpn.xwiki.plugin.ldap.XWikiLDAPException: Error number 0 in 5: LDAP bind failed with LDAPException. at com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:197) ~[xwiki-platform-ldap-authenticator-6.4.jar:na] at com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:125) ~[xwiki-platform-ldap-authenticator-6.4.jar:na] at com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticateInContext(XWikiLDAPAuthServiceImpl.java:305) [xwiki-platform-ldap-authenticator-6.4.jar:na] at com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWikiLDAPAuthServiceImpl.java:182) [xwiki-platform-ldap-authenticator-6.4.jar:na] at com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.authenticate(XWikiLDAPAuthServiceImpl.java:129) [xwiki-platform-ldap-authenticator-6.4.jar:na] at com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.authenticate(MyFormAuthenticator.java:272) [xwiki-platform-legacy-oldcore-6.4.jar:na] at com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:192) [xwiki-platform-legacy-oldcore-6.4.jar:na] at com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:174) [xwiki-platform-legacy-oldcore-6.4.jar:na] at com.xpn.xwiki.user.impl.xwiki.XWikiAuthServiceImpl.checkAuth(XWikiAuthServiceImpl.java:239) [xwiki-platform-legacy-oldcore-6.4.jar:na] at com.xpn.xwiki.XWiki.checkAuth(XWiki.java:3293) [xwiki-platform-legacy-oldcore-6.4.jar:na] at org.xwiki.security.authorization.internal.XWikiCachingRightService.authenticateUser(XWikiCachingRightService.java:241) [xwiki-platform-security-bridge-6.4.jar:na] at org.xwiki.security.authorization.internal.XWikiCachingRightService.checkAccess(XWikiCachingRightService.java:271) [xwiki-platform-security-bridge-6.4.jar:na] at com.xpn.xwiki.XWiki.checkAccess(XWiki.java:3306) [xwiki-platform-legacy-oldcore-6.4.jar:na] at com.xpn.xwiki.XWiki.prepareDocuments(XWiki.java:4299) [xwiki-platform-legacy-oldcore-6.4.jar:na] at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:269) [xwiki-platform-legacy-oldcore-6.4.jar:na] at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:146) [xwiki-platform-legacy-oldcore-6.4.jar:na] at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:425) [struts-core-1.3.10.jar:1.3.10] at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:228) [struts-core-1.3.10.jar:1.3.10] at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1913) [struts-core-1.3.10.jar:1.3.10] at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:462) [struts-core-1.3.10.jar:1.3.10] at javax.servlet.http.HttpServlet.service(HttpServlet.java:643) [servlet-api.jar:na] at javax.servlet.http.HttpServlet.service(HttpServlet.java:723) [servlet-api.jar:na] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) [catalina.jar:6.0.43] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:6.0.43] at com.xpn.xwiki.web.ActionFilter.doFi
Re: [xwiki-users] Xwiki LDAP Configuration - multiple LDAP Base question
On Tue, Nov 20, 2012 at 10:00 AM, Csaba wrote: > Hi, > > I would like to configure the XWIKI LDAP and I encountered a specific issue > defining more than one base_DN. Is this possible at all? No, its not officially supported yet. Should be part of http://jira.xwiki.org/browse/XWIKI-2577 but nobody is assigned to work on it anytime soon (contribution welcomed ;)). That said there is the hack explained on http://platform.xwiki.org/xwiki/bin/view/AdminGuide/LDAPAuthenticationUseCases#HMyusersarenotlocatedonthesameserverbut I never tried it myself and you are not guaranty that this will work forever. > I have 2 types of Users: > 1. o=org1, c=c1, dc=company > 2. o=org2, c=c2, dc=company > > These Users also have a common Group: > > xwiki.authentication.ldap.user_group=cn=APP-SYTA- > EMPLOYEES,cn=appgroups,cn=groups,dc=company > > My question is: how do I configure the LDAP in this case, so that both > types of > users have access to xwiki? Should I use only the group configuration?? > > Now is configured as follows and it works for one type of users (the ones > belonging in org1, c1 in LDAP): > > xwiki.authentication.ldap.base_DN=o=org1,c=c1,dc=company > > xwiki.authentication.ldap.bind_DN=uid={0},o=org1,c=c1,dc=company > xwiki.authentication.ldap.bind_pass={1} > > xwiki.authentication.ldap.user_group=cn=APP-SYTA- > EMPLOYEES,cn=appgroups,cn=groups,dc=company > > I would appreciate some help. Thanks a lot in advance! > > Best regards! > > ___ > users mailing list > users@xwiki.org > http://lists.xwiki.org/mailman/listinfo/users > -- Thomas Mortagne ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
[xwiki-users] Xwiki LDAP Configuration - multiple LDAP Base question
Hi, I would like to configure the XWIKI LDAP and I encountered a specific issue defining more than one base_DN. Is this possible at all? I have 2 types of Users: 1. o=org1, c=c1, dc=company 2. o=org2, c=c2, dc=company These Users also have a common Group: xwiki.authentication.ldap.user_group=cn=APP-SYTA- EMPLOYEES,cn=appgroups,cn=groups,dc=company My question is: how do I configure the LDAP in this case, so that both types of users have access to xwiki? Should I use only the group configuration?? Now is configured as follows and it works for one type of users (the ones belonging in org1, c1 in LDAP): xwiki.authentication.ldap.base_DN=o=org1,c=c1,dc=company xwiki.authentication.ldap.bind_DN=uid={0},o=org1,c=c1,dc=company xwiki.authentication.ldap.bind_pass={1} xwiki.authentication.ldap.user_group=cn=APP-SYTA- EMPLOYEES,cn=appgroups,cn=groups,dc=company I would appreciate some help. Thanks a lot in advance! Best regards! ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users