[xwiki-users] XWiki + OpenLDAP Invalid credentials problem
Hello, I'm quite new to XWiki. I have a problem with making its log-in work with OpenLDAP. I'm running Ubuntu server 11.10, my Xwiki version is 4.0, OpenLDAP (slapd) shows version 2.4.25-1.1ubuntu4.1. I've followed instructions from XWiki documentation here http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication#HLDAPAuthentication I have user named 'xwiki' in ldap. When I try to log in from my Xwiki, I get the 'Invalid credentials' message. catalina.out shows this error: 2012-06-14 10:02:16,919 [http://10.1.0.220:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] TRACE u.i.L.XWikiLDAPAuthServiceImpl - Starting LDAP authentication 2012-06-14 10:02:16,919 [http://10.1.0.220:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConfig - ldap_group_classes: [groupofnames, groupwisedistributionlist, dynamicgroup, dynamicgroupaux, groupofuniquenames, group] 2012-06-14 10:02:16,919 [http://10.1.0.220:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConfig - ldap_group_memberfields: [member, uniquemember] 2012-06-14 10:02:16,919 [http://10.1.0.220:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConnection - Connection to LDAP server [127.0.0.1:389] 2012-06-14 10:02:16,925 [http://10.1.0.220:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConnection - Binding to LDAP server with credentials login=[cn=xwiki] 2012-06-14 10:02:16,930 [http://10.1.0.220:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG u.i.L.XWikiLDAPAuthServiceImpl - Local LDAP authentication failed. com.xpn.xwiki.plugin.ldap.XWikiLDAPException: Error number 0 in 5: LDAP bind failed with LDAPException. Wrapped Exception: Invalid Credentials at com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:172) ~[xwiki-platform-legacy-oldcore-4.0.jar:na] at com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:101) ~[xwiki-platform-legacy-oldcore-4.0.jar:na] at com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticateInContext(XWikiLDAPAuthServiceImpl.java:305) [xwiki-platform-legacy-oldcore-4.0.jar:na] at com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWikiLDAPAuthServiceImpl.java:182) [xwiki-platform-legacy-oldcore-4.0.jar:na] at com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.authenticate(XWikiLDAPAuthServiceImpl.java:129) [xwiki-platform-legacy-oldcore-4.0.jar:na] at com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.authenticate(MyFormAuthenticator.java:273) [xwiki-platform-legacy-oldcore-4.0.jar:na] at com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:193) [xwiki-platform-legacy-oldcore-4.0.jar:na] at com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:175) [xwiki-platform-legacy-oldcore-4.0.jar:na] at com.xpn.xwiki.user.impl.xwiki.XWikiAuthServiceImpl.checkAuth(XWikiAuthServiceImpl.java:242) [xwiki-platform-legacy-oldcore-4.0.jar:na] at com.xpn.xwiki.XWiki.checkAuth(XWiki.java:4070) [xwiki-platform-legacy-oldcore-4.0.jar:na] at com.xpn.xwiki.user.impl.xwiki.XWikiRightServiceImpl.checkAccess(XWikiRightServiceImpl.java:172) [xwiki-platform-legacy-oldcore-4.0.jar:na] at com.xpn.xwiki.XWiki.checkAccess(XWiki.java:4083) [xwiki-platform-legacy-oldcore-4.0.jar:na] at com.xpn.xwiki.XWiki.prepareDocuments(XWiki.java:5245) [xwiki-platform-legacy-oldcore-4.0.jar:na] at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:179) [xwiki-platform-legacy-oldcore-4.0.jar:na] at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:116) [xwiki-platform-legacy-oldcore-4.0.jar:na] at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:431) [struts-1.2.9.jar:1.2.9] at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:236) [struts-1.2.9.jar:1.2.9] at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1196) [struts-1.2.9.jar:1.2.9] at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:432) [struts-1.2.9.jar:1.2.9] at javax.servlet.http.HttpServlet.service(HttpServlet.java:637) [servlet-api-2.5.jar:na] at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) [servlet-api-2.5.jar:na] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) [catalina-6.0.32.jar:6.0.32] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina-6.0.32.jar:6.0.32] at com.xpn.xwiki.web.ActionFilter.doFilter(ActionFilter.java:120) [xwiki-platform-legacy-oldcore-4.0.jar:na] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) [catalina-6.0.32.jar:6.0.32] at
Re: [xwiki-users] XWiki + OpenLDAP Invalid credentials problem
On Thu, Jun 14, 2012 at 10:52 AM, Patrycja Suchomska szablowska.patry...@gmail.com wrote: Hello, I'm quite new to XWiki. I have a problem with making its log-in work with OpenLDAP. I'm running Ubuntu server 11.10, my Xwiki version is 4.0, OpenLDAP (slapd) shows version 2.4.25-1.1ubuntu4.1. I've followed instructions from XWiki documentation here http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication#HLDAPAuthentication I have user named 'xwiki' in ldap. When I try to log in from my Xwiki, I get the 'Invalid credentials' message. catalina.out shows this error: 2012-06-14 10:02:16,919 [http://10.1.0.220:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] TRACE u.i.L.XWikiLDAPAuthServiceImpl - Starting LDAP authentication 2012-06-14 10:02:16,919 [http://10.1.0.220:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConfig - ldap_group_classes: [groupofnames, groupwisedistributionlist, dynamicgroup, dynamicgroupaux, groupofuniquenames, group] 2012-06-14 10:02:16,919 [http://10.1.0.220:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConfig - ldap_group_memberfields: [member, uniquemember] 2012-06-14 10:02:16,919 [http://10.1.0.220:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConnection - Connection to LDAP server [127.0.0.1:389] 2012-06-14 10:02:16,925 [http://10.1.0.220:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConnection - Binding to LDAP server with credentials login=[cn=xwiki] 2012-06-14 10:02:16,930 [http://10.1.0.220:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG u.i.L.XWikiLDAPAuthServiceImpl - Local LDAP authentication failed. com.xpn.xwiki.plugin.ldap.XWikiLDAPException: Error number 0 in 5: LDAP bind failed with LDAPException. Wrapped Exception: Invalid Credentials at com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:172) ~[xwiki-platform-legacy-oldcore-4.0.jar:na] at com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:101) ~[xwiki-platform-legacy-oldcore-4.0.jar:na] at com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticateInContext(XWikiLDAPAuthServiceImpl.java:305) [xwiki-platform-legacy-oldcore-4.0.jar:na] at com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWikiLDAPAuthServiceImpl.java:182) [xwiki-platform-legacy-oldcore-4.0.jar:na] at com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.authenticate(XWikiLDAPAuthServiceImpl.java:129) [xwiki-platform-legacy-oldcore-4.0.jar:na] at com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.authenticate(MyFormAuthenticator.java:273) [xwiki-platform-legacy-oldcore-4.0.jar:na] at com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:193) [xwiki-platform-legacy-oldcore-4.0.jar:na] at com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:175) [xwiki-platform-legacy-oldcore-4.0.jar:na] at com.xpn.xwiki.user.impl.xwiki.XWikiAuthServiceImpl.checkAuth(XWikiAuthServiceImpl.java:242) [xwiki-platform-legacy-oldcore-4.0.jar:na] at com.xpn.xwiki.XWiki.checkAuth(XWiki.java:4070) [xwiki-platform-legacy-oldcore-4.0.jar:na] at com.xpn.xwiki.user.impl.xwiki.XWikiRightServiceImpl.checkAccess(XWikiRightServiceImpl.java:172) [xwiki-platform-legacy-oldcore-4.0.jar:na] at com.xpn.xwiki.XWiki.checkAccess(XWiki.java:4083) [xwiki-platform-legacy-oldcore-4.0.jar:na] at com.xpn.xwiki.XWiki.prepareDocuments(XWiki.java:5245) [xwiki-platform-legacy-oldcore-4.0.jar:na] at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:179) [xwiki-platform-legacy-oldcore-4.0.jar:na] at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:116) [xwiki-platform-legacy-oldcore-4.0.jar:na] at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:431) [struts-1.2.9.jar:1.2.9] at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:236) [struts-1.2.9.jar:1.2.9] at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1196) [struts-1.2.9.jar:1.2.9] at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:432) [struts-1.2.9.jar:1.2.9] at javax.servlet.http.HttpServlet.service(HttpServlet.java:637) [servlet-api-2.5.jar:na] at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) [servlet-api-2.5.jar:na] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) [catalina-6.0.32.jar:6.0.32] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina-6.0.32.jar:6.0.32] at com.xpn.xwiki.web.ActionFilter.doFilter(ActionFilter.java:120) [xwiki-platform-legacy-oldcore-4.0.jar:na] at
Re: [xwiki-users] Panels backward compatibility
On 06/13/2012 06:09 PM, Sergiu Dumitriu wrote: On 06/13/2012 09:17 AM, Vincent Massol wrote: On Jun 13, 2012, at 2:52 PM, Anca Luca wrote: On 06/13/2012 02:44 PM, Vincent Massol wrote: On Jun 13, 2012, at 2:39 PM, Anca Luca wrote: On 06/13/2012 01:52 PM, Raluca Stavro wrote: Hi, On Wed, Jun 13, 2012 at 2:15 PM, Vincent Massolvinc...@massol.net wrote: On Jun 13, 2012, at 12:44 PM, Raluca Stavro wrote: I'm resending this mail by using the right subject pattern. Hello, I am trying to upgrade an old XEM to 3.5.1. In this XEM there are some custom panels which have been converted to 2.0 syntax and contain code like this: {{velocity}} {{html}} #panelheader(...) ... #panelfooter() {{/html}} {{/velocity}} Do the panels really need the {{html}} wrapper? If no, then you must remove it. If yes, then you should consider rewriting them using wiki syntax only, then remove the {{html}} wrapper. If you can't do that, then just move the wrapper inside the panelheader/footer. You can do that automatically with a script. Because since 2.7.2 panel macros were converted to 2.0 syntax, because panel macros from inside macros.vm were modified by calling {{html}} wiki macro and because we can't use nested {{html}} macros without wiki=true parameter, I don't know how to fix this issue besides modifying panel code. I don't understand this. Are you saying that in macros.vm #panelheader uses {{html}}? That's not true, the panelheader/footer macros only use wiki syntax, not {{html}}. The problem isn't that nested {{html}} macros don't work, but that wiki syntax doesn't work in {{html}} without wiki=true. This XEM has more than 70 wikis and this I can't just modify all custom (converted to 2.0 syntax) panels manually. Is there a nice solution to this problem ? Idea 1: == Add a new #panelheaderold macro in macros.vm and replace all calls of #panelheader to #panelheaderold in your panels (easy to do with a XWQL query and 3 lines of scripts). Slowy migrate panels to new syntax. Note: = Actually in the future we need to add a new {{panel}} macro, something like: {{panel style=.. title=…}} … content here … {{/panel}} Idea 2: == Create a custom Panel wiki macro (give it a name other than panel!), search for: {{velocity}}{{html}}#panelheader….#panelfooter{{/html}}{{/velocity}} (use a regex) Replace with your panel macro. Should I open an issue on Jira ? Nope So this means that none of the macros in macros.vm are API? Which means that there is no API to make a panel header consistent with the panel headers of the default panels? Good point. Macros in macros.vm are supposed to be APIs and it means we broke the backward compatibility at some point in the past (2.7 as suggested by Raluca). The macros still work for both xwiki/1.0 and xwiki/2.x panels. What doesn't work is putting the whole panel content inside a {{html}} block, without any wiki parsing. The problem was that there was a misunderstanding of the macros behavior. The macros were supposed to work well in wiki syntax. Initially, that meant the only xwiki syntax, which did mix HTML with the rest of the wiki and velocity syntax. When new wiki syntaxes were introduced and the macros were updated, the behavior remained the same: the #panelheader/footer macros work well in both xwiki/1.0 and xwiki/2.x syntaxes. But pure HTML isn't really a wiki syntax. The fact that for a few releases the macros worked in pure HTML embedded in an xwiki/2.0 document, but not directly in a xwiki/2.0 document, was a bug, not a contract. Unfortunately some developers did rely on this bug. I wouldn't call it a bug, because if we do so, then we can argue that it's a bug that has been there for at least one major cycle, and that macros.vm is still not stable according to http://jira.xwiki.org/browse/XWIKI-6062 so we might still have bugs about it (and that is for about 2.5 major cycles, which is a bit too much from my point of view). What I would say about this is that apparently we don't know / have a convention about how should the macros in macros.vm be used: with syntax interpreted or not, in an html macro or not. This is where the confusion comes from: while the old panelheader macro _needed_ html macro (potentially with syntax activated), the current one needs _only wiki syntax_ (potentially in an html macro). There is a context which satisfies both (html macro with wiki syntax activated) but it was not documented anywhere, I'm not even sure it is _the rule_ for macros in macros.vm, so people used what it worked, in this case a plain simple html macro whose wiki parameter defaults to false. The wysiwyg macros in macros.vm, for example, I would say they need to be called in a html macro with syntax switched off, but it's just a guess, looking at the code. I think we need to: 1/ make a decision about what is API from macros.vm 2/ make a decision about what _was_ API from
Re: [xwiki-users] XWiki + OpenLDAP Invalid credentials problem
Thank you for your rapid reply. Seems to me that ut should be uid and not cn here according to what you found in your LDAP server. I've tried uid in this part before, but it didn't help. Changed xwiki.cfg to: xwiki.authentication.ldap.bind_DN=uid={0},ou=People,dc=debuntu,dc=local xwiki.authentication.ldap.UID_attr=uid Checked now again - unfortunately, result is the same. Patricia ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] Error -You are not allowed to view this document or perform this action.
On Wed, Jun 13, 2012 at 8:02 PM, Gerritjan Koekkoek gerritjankoekk...@gmail.com wrote: I've created an app with app within minutes. A normal user gets the following error: Error You are not allowed to view this document or perform this action. On which page and which action? URL? (you can strip the domain part). What can cause this error, the space has the right rights set. (View, Comment and Edit; no Delete or Admin) No document level security. Other documents in the space can be seen… The page CdLSATEPrivat/WebHome is generated by app within minutes, but I have modified the documentsheetbinding The LiveTableViewSheet has been copied from app within minutes space into CdLSATEPrivat space Is there any groovy scripts that can not be used by normal users? If the Groovy script is in the sheet and the last sheet content author has programming rights then a simple user shouldn't have any problem viewing the page with that sheet applied. But, afaik, the message you get is not related to programming rights. If the document on which you get this message has a sheet you can try to bind the document to itself, sheet='', and see if the message remains. Hope this helps, Marius Gerritjan ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] Error -You are not allowed to view this document or perform this action.
Op 14 jun. 2012, om 13:58 heeft Marius Dumitru Florea het volgende geschreven: On Wed, Jun 13, 2012 at 8:02 PM, Gerritjan Koekkoek gerritjankoekk...@gmail.com wrote: I've created an app with app within minutes. A normal user gets the following error: Error You are not allowed to view this document or perform this action. On which page and which action? URL? (you can strip the domain part). xwiki/bin/view/CdLSATEPrivat/WebHome What can cause this error, the space has the right rights set. (View, Comment and Edit; no Delete or Admin) No document level security. Other documents in the space can be seen… The page CdLSATEPrivat/WebHome is generated by app within minutes, but I have modified the documentsheetbinding The LiveTableViewSheet has been copied from app within minutes space into CdLSATEPrivat space Is there any groovy scripts that can not be used by normal users? If the Groovy script is in the sheet and the last sheet content author has programming rights then a simple user shouldn't have any problem viewing the page with that sheet applied. But, afaik, the message you get is not related to programming rights. If the document on which you get this message has a sheet you can try to bind the document to itself, sheet='', and see if the message remains. Still the same error: Content of page: {{velocity}} #set($originalMsg = $msg) #set($msg = $services.dynamicMessageToolFactory.createDynamicMessageTool($msg, { 'cdlsateprivat.livetable.doc.date': $msg.get('platform.appwithinminutes.liveTableEditorDocDateColumnName'), 'cdlsateprivat.livetable.doc.author': $msg.get('platform.appwithinminutes.liveTableEditorDocAuthorColumnName'), 'cdlsateprivat.livetable._actions.edit': $msg.get('platform.appwithinminutes.appLiveTableEditEntryActionName'), 'cdlsateprivat.livetable._actions.delete': $msg.get('platform.appwithinminutes.appLiveTableDeleteEntryActionName'), 'cdlsateprivat.livetable._actions': $msg.get('platform.appwithinminutes.liveTableEditorActionsColumnName') })) #set($columnsProperties = { 'squestioner': {'type': 'text', 'size': 10, 'filterable': true, 'sortable': true, 'html': false}, 'emailQuestioner': {'type': 'text', 'size': 10, 'filterable': true, 'sortable': true, 'html': false}, 'subject': {'type': 'text', 'link': 'view', 'size': 10, 'filterable': true, 'sortable': true, 'html': false}, 'cdlsPerson': {'type': 'text', 'size': 10, 'filterable': true, 'sortable': true, 'html': false}, 'status': {'type': 'list', 'size': 10, 'filterable': true, 'sortable': true, 'html': false}, 'doc.date': {'type': 'text', 'link': 'view', 'size': 10, 'filterable': true, 'sortable': true}, 'doc.author': {'type': 'text', 'link': 'author', 'size': 10, 'filterable': true, 'sortable': true}, '_actions': {'html': true, 'sortable': false, 'actions': ['edit', 'delete']} }) #set($options = { 'className': 'CdLSATEPrivat.CdLSATEPrivatClass', 'resultPage' : 'CdLSATEPrivat.LiveTableGenerator', 'translationPrefix': 'cdlsateprivat.livetable.', 'tagCloud': true, 'rowCount': 15, 'maxPages': 10, 'selectedColumn': 'doc.author', 'defaultOrder': 'asc' }) #set($columns = ['squestioner', 'emailQuestioner', 'subject', 'cdlsPerson', 'status', 'doc.date', 'doc.author', '_actions']) #livetable('cdlsateprivat' $columns $columnsProperties $options) #set($msg = $originalMsg) {{/velocity}} It is having three objects: LiveTableClass 0: CdLSATEPrivat.CdLSATEPrivatClass DocumentSheetBinding 0: CdLSATEPrivat.LiveTableEditSheet XWikiRights 0: XWiki.User Hope this helps, Marius Gerritjan ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] XWiki + OpenLDAP Invalid credentials problem
You sure it's exactly the same ? I don't see how you can get Binding to LDAP server with credentials login=[cn=xwiki] with this configuration. It should indeicate login=[uid=xwiki,ou=People,dc=debuntu,dc=local]. Maybe you have some configuration set in XWiki.XWikiPreferences page which override what you have in xwiki.cfg, did you tried the LDAP UI before seting xwiki.cfg ? You're right, I've tried the LDAP UI before setting the xwiki.cfg. I removed it, but it seems that XWiki still stores those settings somewhere. I uninstalled it earlier in web interface and even removed directories such as /var/lib/xwiki/data/extension/repository/org.xwiki.platform%3Axwiki-platform-ldap-ui/ and /var/lib/xwiki/data/extension/repository/org.xwiki.platform%3Axwiki-platform-ldap-api/. LDAP UI extension disappeared in web administration. But still I could see in catalina.out that message Binding to LDAP server with credentials login=[cn=xwiki], despite the fact my xwiki.cfg was different. I did 'locate ldap | grep xwiki' on serrver to find where it may be. The only things it found are: /usr/lib/xwiki/WEB-INF/lib/jldap-4.3.jar /var/cache/tomcat6/Catalina/localhost/xwiki/aether-repository/com/novell/ldap /var/cache/tomcat6/Catalina/localhost/xwiki/aether-repository/com/novell/ldap/jldap /var/cache/tomcat6/Catalina/localhost/xwiki/aether-repository/com/novell/ldap/jldap/4.3 /var/cache/tomcat6/Catalina/localhost/xwiki/aether-repository/com/novell/ldap/jldap/4.3/_maven.repositories /var/cache/tomcat6/Catalina/localhost/xwiki/aether-repository/com/novell/ldap/jldap/4.3/jldap-4.3.pom /var/cache/tomcat6/Catalina/localhost/xwiki/aether-repository/com/novell/ldap/jldap/4.3/jldap-4.3.pom.sha1 I have no idea where does LDAP UI store its configuration. Anyway, after your response, I've tried to install and configure XWiki UI again (since I'm unable to fully remove its configuration), according to your proposals. I got different output in catalina.out, but still no luck: 2012-06-14 14:54:21,163 [http://10.1.0.220:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] TRACE u.i.L.XWikiLDAPAuthServiceImpl - Starting LDAP authentication 2012-06-14 14:54:21,173 [http://10.1.0.220:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConfig - ldap_group_classes: [groupofnames, groupwisedistributionlist, dynamicgroup, dynamicgroupaux, groupofuniquenames, group] 2012-06-14 14:54:21,173 [http://10.1.0.220:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConfig - ldap_group_memberfields: [member, uniquemember] 2012-06-14 14:54:21,200 [http://10.1.0.220:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConnection - Connection to LDAP server [127.0.0.1:389] 2012-06-14 14:54:21,209 [http://10.1.0.220:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConnection - Binding to LDAP server with credentials login=[uid=xwiki,ou=People,dc=debuntu,dc=local] 2012-06-14 14:54:21,244 [http://10.1.0.220:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG u.i.L.XWikiLDAPAuthServiceImpl - Local LDAP authentication failed. com.xpn.xwiki.plugin.ldap.XWikiLDAPException: Error number 0 in 5: LDAP bind failed with LDAPException. Wrapped Exception: Invalid Credentials at com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:172) ~[xwiki-platform-legacy-oldcore-4.0.jar:na] at com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:101) ~[xwiki-platform-legacy-oldcore-4.0.jar:na] at com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticateInContext(XWikiLDAPAuthServiceImpl.java:305) [xwiki-platform-legacy-oldcore-4.0.jar:na] (exception same as before) 2012-06-14 14:54:21,245 [http://10.1.0.220:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG u.i.L.XWikiLDAPAuthServiceImpl - Trying authentication against XWiki DB 2012-06-14 14:54:21,276 [http://10.1.0.220:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG u.i.L.XWikiLDAPAuthServiceImpl - LDAP authentication failed for user [xwiki] 2012-06-14 14:54:21,356 [http://10.1.0.220:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] WARN o.x.v.i.DefaultVelocityEngine - Deprecated usage of method [com.xpn.xwiki.api.XWiki.parseMessage] in /templates/login.vm@29,33 And here's my detailed configuration in XWiki's LDAP UI, as (like I said) I didn't manage to remove it fully (and use xwiki.cfg instead): LDAP Yes LDAP SERVER ADDRESS 127.0.0.1 LDAP SERVER PORT 389 LDAP LOGIN MATCHING uid={0},ou=People,dc=debuntu,dc=local LDAP PASSWORD MATCHING {1} RESTRICT TO GROUP LDAP GROUP TO EXCLUDE LDAP BASE DN ou=People,dc=debuntu,dc=local LDAP UID ATTRIBUTE NAME uid TRY LOCAL LOGIN Yes UPDATE USER FROM LDAP AFTER LOGIN Yes LDAP USER FIELDS MAPPING name - uid last_name - uid first_name - uid fullname - uid LDAP GROUPS MAPPING LDAP GROUPS CACHE EXPIRATION WHEN TO SYNCHRONIZE LDAP GROUPS At each authentication of a user Is this wrong, or perhaps should I use only
Re: [xwiki-users] XWiki + OpenLDAP Invalid credentials problem
On Thu, Jun 14, 2012 at 3:18 PM, Patrycja Suchomska szablowska.patry...@gmail.com wrote: You sure it's exactly the same ? I don't see how you can get Binding to LDAP server with credentials login=[cn=xwiki] with this configuration. It should indeicate login=[uid=xwiki,ou=People,dc=debuntu,dc=local]. Maybe you have some configuration set in XWiki.XWikiPreferences page which override what you have in xwiki.cfg, did you tried the LDAP UI before seting xwiki.cfg ? You're right, I've tried the LDAP UI before setting the xwiki.cfg. I removed it, but it seems that XWiki still stores those settings somewhere. I uninstalled it earlier in web interface and even removed directories such as /var/lib/xwiki/data/extension/repository/org.xwiki.platform%3Axwiki-platform-ldap-ui/ and /var/lib/xwiki/data/extension/repository/org.xwiki.platform%3Axwiki-platform-ldap-api/. LDAP UI extension disappeared in web administration. But still I could see in catalina.out that message Binding to LDAP server with credentials login=[cn=xwiki], despite the fact my xwiki.cfg was different. I did 'locate ldap | grep xwiki' on serrver to find where it may be. The only things it found are: /usr/lib/xwiki/WEB-INF/lib/jldap-4.3.jar /var/cache/tomcat6/Catalina/localhost/xwiki/aether-repository/com/novell/ldap /var/cache/tomcat6/Catalina/localhost/xwiki/aether-repository/com/novell/ldap/jldap /var/cache/tomcat6/Catalina/localhost/xwiki/aether-repository/com/novell/ldap/jldap/4.3 /var/cache/tomcat6/Catalina/localhost/xwiki/aether-repository/com/novell/ldap/jldap/4.3/_maven.repositories /var/cache/tomcat6/Catalina/localhost/xwiki/aether-repository/com/novell/ldap/jldap/4.3/jldap-4.3.pom /var/cache/tomcat6/Catalina/localhost/xwiki/aether-repository/com/novell/ldap/jldap/4.3/jldap-4.3.pom.sha1 I have no idea where does LDAP UI store its configuration. As I said, it's in the XWiki.XWikiPreferences page. Go to http://yourdomain/xwiki/bin/edit/XWiki/XWikiPreferences?editor=object, you should find some LDAP properties at the end of the XWikiPreferences object. Anyway, after your response, I've tried to install and configure XWiki UI again (since I'm unable to fully remove its configuration), according to your proposals. I got different output in catalina.out, but still no luck: 2012-06-14 14:54:21,163 [http://10.1.0.220:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] TRACE u.i.L.XWikiLDAPAuthServiceImpl - Starting LDAP authentication 2012-06-14 14:54:21,173 [http://10.1.0.220:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConfig - ldap_group_classes: [groupofnames, groupwisedistributionlist, dynamicgroup, dynamicgroupaux, groupofuniquenames, group] 2012-06-14 14:54:21,173 [http://10.1.0.220:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConfig - ldap_group_memberfields: [member, uniquemember] 2012-06-14 14:54:21,200 [http://10.1.0.220:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConnection - Connection to LDAP server [127.0.0.1:389] 2012-06-14 14:54:21,209 [http://10.1.0.220:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConnection - Binding to LDAP server with credentials login=[uid=xwiki,ou=People,dc=debuntu,dc=local] 2012-06-14 14:54:21,244 [http://10.1.0.220:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG u.i.L.XWikiLDAPAuthServiceImpl - Local LDAP authentication failed. com.xpn.xwiki.plugin.ldap.XWikiLDAPException: Error number 0 in 5: LDAP bind failed with LDAPException. Wrapped Exception: Invalid Credentials at com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:172) ~[xwiki-platform-legacy-oldcore-4.0.jar:na] at com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:101) ~[xwiki-platform-legacy-oldcore-4.0.jar:na] at com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticateInContext(XWikiLDAPAuthServiceImpl.java:305) [xwiki-platform-legacy-oldcore-4.0.jar:na] (exception same as before) 2012-06-14 14:54:21,245 [http://10.1.0.220:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG u.i.L.XWikiLDAPAuthServiceImpl - Trying authentication against XWiki DB 2012-06-14 14:54:21,276 [http://10.1.0.220:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG u.i.L.XWikiLDAPAuthServiceImpl - LDAP authentication failed for user [xwiki] 2012-06-14 14:54:21,356 [http://10.1.0.220:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] WARN o.x.v.i.DefaultVelocityEngine - Deprecated usage of method [com.xpn.xwiki.api.XWiki.parseMessage] in /templates/login.vm@29,33 And here's my detailed configuration in XWiki's LDAP UI, as (like I said) I didn't manage to remove it fully (and use xwiki.cfg instead): LDAP Yes LDAP SERVER ADDRESS 127.0.0.1 LDAP SERVER PORT 389 LDAP LOGIN MATCHING uid={0},ou=People,dc=debuntu,dc=local LDAP PASSWORD MATCHING {1} RESTRICT TO GROUP LDAP GROUP TO
Re: [xwiki-users] Error -You are not allowed to view this document or perform this action.
On Thu, Jun 14, 2012 at 4:02 PM, Gerritjan Koekkoek gerritjankoekk...@gmail.com wrote: Op 14 jun. 2012, om 13:58 heeft Marius Dumitru Florea het volgende geschreven: On Wed, Jun 13, 2012 at 8:02 PM, Gerritjan Koekkoek gerritjankoekk...@gmail.com wrote: I've created an app with app within minutes. A normal user gets the following error: Error You are not allowed to view this document or perform this action. On which page and which action? URL? (you can strip the domain part). xwiki/bin/view/CdLSATEPrivat/WebHome What can cause this error, the space has the right rights set. (View, Comment and Edit; no Delete or Admin) No document level security. Other documents in the space can be seen… The page CdLSATEPrivat/WebHome is generated by app within minutes, but I have modified the documentsheetbinding The LiveTableViewSheet has been copied from app within minutes space into CdLSATEPrivat space Is there any groovy scripts that can not be used by normal users? If the Groovy script is in the sheet and the last sheet content author has programming rights then a simple user shouldn't have any problem viewing the page with that sheet applied. But, afaik, the message you get is not related to programming rights. If the document on which you get this message has a sheet you can try to bind the document to itself, sheet='', and see if the message remains. Still the same error: Content of page: {{velocity}} #set($originalMsg = $msg) #set($msg = $services.dynamicMessageToolFactory.createDynamicMessageTool($msg, { 'cdlsateprivat.livetable.doc.date': $msg.get('platform.appwithinminutes.liveTableEditorDocDateColumnName'), 'cdlsateprivat.livetable.doc.author': $msg.get('platform.appwithinminutes.liveTableEditorDocAuthorColumnName'), 'cdlsateprivat.livetable._actions.edit': $msg.get('platform.appwithinminutes.appLiveTableEditEntryActionName'), 'cdlsateprivat.livetable._actions.delete': $msg.get('platform.appwithinminutes.appLiveTableDeleteEntryActionName'), 'cdlsateprivat.livetable._actions': $msg.get('platform.appwithinminutes.liveTableEditorActionsColumnName') })) #set($columnsProperties = { 'squestioner': {'type': 'text', 'size': 10, 'filterable': true, 'sortable': true, 'html': false}, 'emailQuestioner': {'type': 'text', 'size': 10, 'filterable': true, 'sortable': true, 'html': false}, 'subject': {'type': 'text', 'link': 'view', 'size': 10, 'filterable': true, 'sortable': true, 'html': false}, 'cdlsPerson': {'type': 'text', 'size': 10, 'filterable': true, 'sortable': true, 'html': false}, 'status': {'type': 'list', 'size': 10, 'filterable': true, 'sortable': true, 'html': false}, 'doc.date': {'type': 'text', 'link': 'view', 'size': 10, 'filterable': true, 'sortable': true}, 'doc.author': {'type': 'text', 'link': 'author', 'size': 10, 'filterable': true, 'sortable': true}, '_actions': {'html': true, 'sortable': false, 'actions': ['edit', 'delete']} }) #set($options = { 'className': 'CdLSATEPrivat.CdLSATEPrivatClass', 'resultPage' : 'CdLSATEPrivat.LiveTableGenerator', 'translationPrefix': 'cdlsateprivat.livetable.', 'tagCloud': true, 'rowCount': 15, 'maxPages': 10, 'selectedColumn': 'doc.author', 'defaultOrder': 'asc' }) #set($columns = ['squestioner', 'emailQuestioner', 'subject', 'cdlsPerson', 'status', 'doc.date', 'doc.author', '_actions']) #livetable('cdlsateprivat' $columns $columnsProperties $options) #set($msg = $originalMsg) {{/velocity}} It is having three objects: LiveTableClass 0: CdLSATEPrivat.CdLSATEPrivatClass DocumentSheetBinding 0: CdLSATEPrivat.LiveTableEditSheet XWikiRights 0: XWiki.User Then it's clearly a rights setting issue. I'd double check the rights set on the app home page, and app space (WebPreferences page). I don't have other ideas. Hope this helps, Marius Hope this helps, Marius Gerritjan ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
[xwiki-users] [myxwiki] new wiki request
Hi, I am a physician (with an engineering background) in Seattle, Washington, USA. I am interested in using myxwiki to develop a personal knowledge management system, particularly for studying anthroposophic medicine. my username is drmartin1 I request a myxwiki name of coalesce. Thanks, David Martin ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users