[xwiki-users] XWiki + OpenLDAP Invalid credentials problem
Hello, I'm quite new to XWiki. I have a problem with making its log-in work with OpenLDAP. I'm running Ubuntu server 11.10, my Xwiki version is 4.0, OpenLDAP (slapd) shows version 2.4.25-1.1ubuntu4.1. I've followed instructions from XWiki documentation here http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication#HLDAPAuthentication I have user named 'xwiki' in ldap. When I try to log in from my Xwiki, I get the 'Invalid credentials' message. catalina.out shows this error: 2012-06-14 10:02:16,919 [http://10.1.0.220:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] TRACE u.i.L.XWikiLDAPAuthServiceImpl - Starting LDAP authentication 2012-06-14 10:02:16,919 [http://10.1.0.220:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConfig - ldap_group_classes: [groupofnames, groupwisedistributionlist, dynamicgroup, dynamicgroupaux, groupofuniquenames, group] 2012-06-14 10:02:16,919 [http://10.1.0.220:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConfig - ldap_group_memberfields: [member, uniquemember] 2012-06-14 10:02:16,919 [http://10.1.0.220:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConnection - Connection to LDAP server [127.0.0.1:389] 2012-06-14 10:02:16,925 [http://10.1.0.220:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConnection - Binding to LDAP server with credentials login=[cn=xwiki] 2012-06-14 10:02:16,930 [http://10.1.0.220:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG u.i.L.XWikiLDAPAuthServiceImpl - Local LDAP authentication failed. com.xpn.xwiki.plugin.ldap.XWikiLDAPException: Error number 0 in 5: LDAP bind failed with LDAPException. Wrapped Exception: Invalid Credentials at com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:172) ~[xwiki-platform-legacy-oldcore-4.0.jar:na] at com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:101) ~[xwiki-platform-legacy-oldcore-4.0.jar:na] at com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticateInContext(XWikiLDAPAuthServiceImpl.java:305) [xwiki-platform-legacy-oldcore-4.0.jar:na] at com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWikiLDAPAuthServiceImpl.java:182) [xwiki-platform-legacy-oldcore-4.0.jar:na] at com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.authenticate(XWikiLDAPAuthServiceImpl.java:129) [xwiki-platform-legacy-oldcore-4.0.jar:na] at com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.authenticate(MyFormAuthenticator.java:273) [xwiki-platform-legacy-oldcore-4.0.jar:na] at com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:193) [xwiki-platform-legacy-oldcore-4.0.jar:na] at com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:175) [xwiki-platform-legacy-oldcore-4.0.jar:na] at com.xpn.xwiki.user.impl.xwiki.XWikiAuthServiceImpl.checkAuth(XWikiAuthServiceImpl.java:242) [xwiki-platform-legacy-oldcore-4.0.jar:na] at com.xpn.xwiki.XWiki.checkAuth(XWiki.java:4070) [xwiki-platform-legacy-oldcore-4.0.jar:na] at com.xpn.xwiki.user.impl.xwiki.XWikiRightServiceImpl.checkAccess(XWikiRightServiceImpl.java:172) [xwiki-platform-legacy-oldcore-4.0.jar:na] at com.xpn.xwiki.XWiki.checkAccess(XWiki.java:4083) [xwiki-platform-legacy-oldcore-4.0.jar:na] at com.xpn.xwiki.XWiki.prepareDocuments(XWiki.java:5245) [xwiki-platform-legacy-oldcore-4.0.jar:na] at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:179) [xwiki-platform-legacy-oldcore-4.0.jar:na] at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:116) [xwiki-platform-legacy-oldcore-4.0.jar:na] at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:431) [struts-1.2.9.jar:1.2.9] at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:236) [struts-1.2.9.jar:1.2.9] at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1196) [struts-1.2.9.jar:1.2.9] at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:432) [struts-1.2.9.jar:1.2.9] at javax.servlet.http.HttpServlet.service(HttpServlet.java:637) [servlet-api-2.5.jar:na] at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) [servlet-api-2.5.jar:na] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) [catalina-6.0.32.jar:6.0.32] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina-6.0.32.jar:6.0.32] at com.xpn.xwiki.web.ActionFilter.doFilter(ActionFilter.java:120) [xwiki-platform-legacy-oldcore-4.0.jar:na] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) [catalina-6.0.32.jar:6.0.32] at
Re: [xwiki-users] XWiki + OpenLDAP Invalid credentials problem
On Thu, Jun 14, 2012 at 10:52 AM, Patrycja Suchomska szablowska.patry...@gmail.com wrote: Hello, I'm quite new to XWiki. I have a problem with making its log-in work with OpenLDAP. I'm running Ubuntu server 11.10, my Xwiki version is 4.0, OpenLDAP (slapd) shows version 2.4.25-1.1ubuntu4.1. I've followed instructions from XWiki documentation here http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication#HLDAPAuthentication I have user named 'xwiki' in ldap. When I try to log in from my Xwiki, I get the 'Invalid credentials' message. catalina.out shows this error: 2012-06-14 10:02:16,919 [http://10.1.0.220:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] TRACE u.i.L.XWikiLDAPAuthServiceImpl - Starting LDAP authentication 2012-06-14 10:02:16,919 [http://10.1.0.220:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConfig - ldap_group_classes: [groupofnames, groupwisedistributionlist, dynamicgroup, dynamicgroupaux, groupofuniquenames, group] 2012-06-14 10:02:16,919 [http://10.1.0.220:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConfig - ldap_group_memberfields: [member, uniquemember] 2012-06-14 10:02:16,919 [http://10.1.0.220:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConnection - Connection to LDAP server [127.0.0.1:389] 2012-06-14 10:02:16,925 [http://10.1.0.220:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConnection - Binding to LDAP server with credentials login=[cn=xwiki] 2012-06-14 10:02:16,930 [http://10.1.0.220:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG u.i.L.XWikiLDAPAuthServiceImpl - Local LDAP authentication failed. com.xpn.xwiki.plugin.ldap.XWikiLDAPException: Error number 0 in 5: LDAP bind failed with LDAPException. Wrapped Exception: Invalid Credentials at com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:172) ~[xwiki-platform-legacy-oldcore-4.0.jar:na] at com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:101) ~[xwiki-platform-legacy-oldcore-4.0.jar:na] at com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticateInContext(XWikiLDAPAuthServiceImpl.java:305) [xwiki-platform-legacy-oldcore-4.0.jar:na] at com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWikiLDAPAuthServiceImpl.java:182) [xwiki-platform-legacy-oldcore-4.0.jar:na] at com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.authenticate(XWikiLDAPAuthServiceImpl.java:129) [xwiki-platform-legacy-oldcore-4.0.jar:na] at com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.authenticate(MyFormAuthenticator.java:273) [xwiki-platform-legacy-oldcore-4.0.jar:na] at com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:193) [xwiki-platform-legacy-oldcore-4.0.jar:na] at com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:175) [xwiki-platform-legacy-oldcore-4.0.jar:na] at com.xpn.xwiki.user.impl.xwiki.XWikiAuthServiceImpl.checkAuth(XWikiAuthServiceImpl.java:242) [xwiki-platform-legacy-oldcore-4.0.jar:na] at com.xpn.xwiki.XWiki.checkAuth(XWiki.java:4070) [xwiki-platform-legacy-oldcore-4.0.jar:na] at com.xpn.xwiki.user.impl.xwiki.XWikiRightServiceImpl.checkAccess(XWikiRightServiceImpl.java:172) [xwiki-platform-legacy-oldcore-4.0.jar:na] at com.xpn.xwiki.XWiki.checkAccess(XWiki.java:4083) [xwiki-platform-legacy-oldcore-4.0.jar:na] at com.xpn.xwiki.XWiki.prepareDocuments(XWiki.java:5245) [xwiki-platform-legacy-oldcore-4.0.jar:na] at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:179) [xwiki-platform-legacy-oldcore-4.0.jar:na] at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:116) [xwiki-platform-legacy-oldcore-4.0.jar:na] at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:431) [struts-1.2.9.jar:1.2.9] at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:236) [struts-1.2.9.jar:1.2.9] at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1196) [struts-1.2.9.jar:1.2.9] at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:432) [struts-1.2.9.jar:1.2.9] at javax.servlet.http.HttpServlet.service(HttpServlet.java:637) [servlet-api-2.5.jar:na] at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) [servlet-api-2.5.jar:na] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) [catalina-6.0.32.jar:6.0.32] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina-6.0.32.jar:6.0.32] at com.xpn.xwiki.web.ActionFilter.doFilter(ActionFilter.java:120) [xwiki-platform-legacy-oldcore-4.0.jar:na] at
Re: [xwiki-users] Panels backward compatibility
On 06/13/2012 06:09 PM, Sergiu Dumitriu wrote:
On 06/13/2012 09:17 AM, Vincent Massol wrote:
On Jun 13, 2012, at 2:52 PM, Anca Luca wrote:
On 06/13/2012 02:44 PM, Vincent Massol wrote:
On Jun 13, 2012, at 2:39 PM, Anca Luca wrote:
On 06/13/2012 01:52 PM, Raluca Stavro wrote:
Hi,
On Wed, Jun 13, 2012 at 2:15 PM, Vincent
Massolvinc...@massol.net wrote:
On Jun 13, 2012, at 12:44 PM, Raluca Stavro wrote:
I'm resending this mail by using the right subject pattern.
Hello,
I am trying to upgrade an old XEM to 3.5.1.
In this XEM there are some custom panels which have been
converted to 2.0
syntax and contain code like this:
{{velocity}}
{{html}}
#panelheader(...)
...
#panelfooter()
{{/html}}
{{/velocity}}
Do the panels really need the {{html}} wrapper?
If no, then you must remove it.
If yes, then you should consider rewriting them using wiki syntax
only, then remove the {{html}} wrapper.
If you can't do that, then just move the wrapper inside the
panelheader/footer.
You can do that automatically with a script.
Because since 2.7.2 panel macros were converted to 2.0 syntax,
because
panel macros from inside macros.vm were modified by calling
{{html}} wiki
macro and because we can't use nested {{html}} macros without
wiki=true
parameter, I don't know how to fix this issue besides modifying
panel
code.
I don't understand this. Are you saying that in macros.vm #panelheader
uses {{html}}? That's not true, the panelheader/footer macros only use
wiki syntax, not {{html}}. The problem isn't that nested {{html}}
macros don't work, but that wiki syntax doesn't work in {{html}}
without wiki=true.
This XEM has more than 70 wikis and this I can't just modify
all custom
(converted to 2.0 syntax) panels manually.
Is there a nice solution to this problem ?
Idea 1:
==
Add a new #panelheaderold macro in macros.vm and replace all
calls of
#panelheader to #panelheaderold in your panels (easy to do with
a XWQL
query and 3 lines of scripts).
Slowy migrate panels to new syntax.
Note:
=
Actually in the future we need to add a new {{panel}} macro,
something
like:
{{panel style=.. title=…}}
… content here …
{{/panel}}
Idea 2:
==
Create a custom Panel wiki macro (give it a name other than
panel!),
search for:
{{velocity}}{{html}}#panelheader….#panelfooter{{/html}}{{/velocity}}
(use
a regex)
Replace with your panel macro.
Should I open an issue on Jira ?
Nope
So this means that none of the macros in macros.vm are API?
Which means that there is no API to make a panel header consistent
with the panel headers of the default panels?
Good point. Macros in macros.vm are supposed to be APIs and it
means we broke the backward compatibility at some point in the past
(2.7 as suggested by Raluca).
The macros still work for both xwiki/1.0 and xwiki/2.x panels. What
doesn't work is putting the whole panel content inside a {{html}}
block, without any wiki parsing.
The problem was that there was a misunderstanding of the macros
behavior. The macros were supposed to work well in wiki syntax.
Initially, that meant the only xwiki syntax, which did mix HTML with
the rest of the wiki and velocity syntax. When new wiki syntaxes were
introduced and the macros were updated, the behavior remained the
same: the #panelheader/footer macros work well in both xwiki/1.0 and
xwiki/2.x syntaxes. But pure HTML isn't really a wiki syntax. The fact
that for a few releases the macros worked in pure HTML embedded in an
xwiki/2.0 document, but not directly in a xwiki/2.0 document, was a
bug, not a contract.
Unfortunately some developers did rely on this bug.
I wouldn't call it a bug, because if we do so, then we can argue that
it's a bug that has been there for at least one major cycle, and that
macros.vm is still not stable according to
http://jira.xwiki.org/browse/XWIKI-6062 so we might still have bugs
about it (and that is for about 2.5 major cycles, which is a bit too
much from my point of view).
What I would say about this is that apparently we don't know / have a
convention about how should the macros in macros.vm be used: with syntax
interpreted or not, in an html macro or not. This is where the confusion
comes from: while the old panelheader macro _needed_ html macro
(potentially with syntax activated), the current one needs _only wiki
syntax_ (potentially in an html macro). There is a context which
satisfies both (html macro with wiki syntax activated) but it was not
documented anywhere, I'm not even sure it is _the rule_ for macros in
macros.vm, so people used what it worked, in this case a plain simple
html macro whose wiki parameter defaults to false.
The wysiwyg macros in macros.vm, for example, I would say they need to
be called in a html macro with syntax switched off, but it's just a
guess, looking at the code.
I think we need to:
1/ make a decision about what is API from macros.vm
2/ make a decision about what _was_ API from
Re: [xwiki-users] XWiki + OpenLDAP Invalid credentials problem
Thank you for your rapid reply.
Seems to me that ut should be uid and not cn here according to
what you found in your LDAP server.
I've tried uid in this part before, but it didn't help. Changed xwiki.cfg to:
xwiki.authentication.ldap.bind_DN=uid={0},ou=People,dc=debuntu,dc=local
xwiki.authentication.ldap.UID_attr=uid
Checked now again - unfortunately, result is the same.
Patricia
___
users mailing list
users@xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] Error -You are not allowed to view this document or perform this action.
On Wed, Jun 13, 2012 at 8:02 PM, Gerritjan Koekkoek gerritjankoekk...@gmail.com wrote: I've created an app with app within minutes. A normal user gets the following error: Error You are not allowed to view this document or perform this action. On which page and which action? URL? (you can strip the domain part). What can cause this error, the space has the right rights set. (View, Comment and Edit; no Delete or Admin) No document level security. Other documents in the space can be seen… The page CdLSATEPrivat/WebHome is generated by app within minutes, but I have modified the documentsheetbinding The LiveTableViewSheet has been copied from app within minutes space into CdLSATEPrivat space Is there any groovy scripts that can not be used by normal users? If the Groovy script is in the sheet and the last sheet content author has programming rights then a simple user shouldn't have any problem viewing the page with that sheet applied. But, afaik, the message you get is not related to programming rights. If the document on which you get this message has a sheet you can try to bind the document to itself, sheet='', and see if the message remains. Hope this helps, Marius Gerritjan ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] Error -You are not allowed to view this document or perform this action.
Op 14 jun. 2012, om 13:58 heeft Marius Dumitru Florea het volgende geschreven:
On Wed, Jun 13, 2012 at 8:02 PM, Gerritjan Koekkoek
gerritjankoekk...@gmail.com wrote:
I've created an app with app within minutes.
A normal user gets the following error:
Error
You are not allowed to view this document or perform this action.
On which page and which action? URL? (you can strip the domain part).
xwiki/bin/view/CdLSATEPrivat/WebHome
What can cause this error, the space has the right rights set. (View,
Comment and Edit; no Delete or Admin)
No document level security. Other documents in the space can be seen…
The page CdLSATEPrivat/WebHome is generated by app within minutes, but I
have modified the documentsheetbinding
The LiveTableViewSheet has been copied from app within minutes space into
CdLSATEPrivat space
Is there any groovy scripts that can not be used by normal users?
If the Groovy script is in the sheet and the last sheet content author
has programming rights then a simple user shouldn't have any problem
viewing the page with that sheet applied. But, afaik, the message you
get is not related to programming rights.
If the document on which you get this message has a sheet you can try
to bind the document to itself, sheet='', and see if the message
remains.
Still the same error:
Content of page:
{{velocity}}
#set($originalMsg = $msg)
#set($msg = $services.dynamicMessageToolFactory.createDynamicMessageTool($msg, {
'cdlsateprivat.livetable.doc.date':
$msg.get('platform.appwithinminutes.liveTableEditorDocDateColumnName'),
'cdlsateprivat.livetable.doc.author':
$msg.get('platform.appwithinminutes.liveTableEditorDocAuthorColumnName'),
'cdlsateprivat.livetable._actions.edit':
$msg.get('platform.appwithinminutes.appLiveTableEditEntryActionName'),
'cdlsateprivat.livetable._actions.delete':
$msg.get('platform.appwithinminutes.appLiveTableDeleteEntryActionName'),
'cdlsateprivat.livetable._actions':
$msg.get('platform.appwithinminutes.liveTableEditorActionsColumnName')
}))
#set($columnsProperties = {
'squestioner': {'type': 'text', 'size': 10, 'filterable': true, 'sortable':
true, 'html': false},
'emailQuestioner': {'type': 'text', 'size': 10, 'filterable': true,
'sortable': true, 'html': false},
'subject': {'type': 'text', 'link': 'view', 'size': 10, 'filterable': true,
'sortable': true, 'html': false},
'cdlsPerson': {'type': 'text', 'size': 10, 'filterable': true, 'sortable':
true, 'html': false},
'status': {'type': 'list', 'size': 10, 'filterable': true, 'sortable': true,
'html': false},
'doc.date': {'type': 'text', 'link': 'view', 'size': 10, 'filterable': true,
'sortable': true},
'doc.author': {'type': 'text', 'link': 'author', 'size': 10, 'filterable':
true, 'sortable': true},
'_actions': {'html': true, 'sortable': false, 'actions': ['edit', 'delete']}
})
#set($options = {
'className': 'CdLSATEPrivat.CdLSATEPrivatClass',
'resultPage' : 'CdLSATEPrivat.LiveTableGenerator',
'translationPrefix': 'cdlsateprivat.livetable.',
'tagCloud': true,
'rowCount': 15,
'maxPages': 10,
'selectedColumn': 'doc.author',
'defaultOrder': 'asc'
})
#set($columns = ['squestioner', 'emailQuestioner', 'subject', 'cdlsPerson',
'status', 'doc.date', 'doc.author', '_actions'])
#livetable('cdlsateprivat' $columns $columnsProperties $options)
#set($msg = $originalMsg)
{{/velocity}}
It is having three objects:
LiveTableClass 0: CdLSATEPrivat.CdLSATEPrivatClass
DocumentSheetBinding 0: CdLSATEPrivat.LiveTableEditSheet
XWikiRights 0: XWiki.User
Hope this helps,
Marius
Gerritjan
___
users mailing list
users@xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
___
users mailing list
users@xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
___
users mailing list
users@xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] XWiki + OpenLDAP Invalid credentials problem
You sure it's exactly the same ? I don't see how you can get Binding
to LDAP server with credentials login=[cn=xwiki] with this
configuration. It should indeicate
login=[uid=xwiki,ou=People,dc=debuntu,dc=local].
Maybe you have some configuration set in XWiki.XWikiPreferences page
which override what you have in xwiki.cfg, did you tried the LDAP UI
before seting xwiki.cfg ?
You're right, I've tried the LDAP UI before setting the xwiki.cfg. I
removed it, but it seems that XWiki still stores those settings
somewhere. I uninstalled it earlier in web interface and even removed
directories such as
/var/lib/xwiki/data/extension/repository/org.xwiki.platform%3Axwiki-platform-ldap-ui/
and
/var/lib/xwiki/data/extension/repository/org.xwiki.platform%3Axwiki-platform-ldap-api/.
LDAP UI extension disappeared in web administration. But still I could
see in catalina.out that message Binding to LDAP server with
credentials login=[cn=xwiki], despite the fact my xwiki.cfg was
different.
I did 'locate ldap | grep xwiki' on serrver to find where it may be.
The only things it found are:
/usr/lib/xwiki/WEB-INF/lib/jldap-4.3.jar
/var/cache/tomcat6/Catalina/localhost/xwiki/aether-repository/com/novell/ldap
/var/cache/tomcat6/Catalina/localhost/xwiki/aether-repository/com/novell/ldap/jldap
/var/cache/tomcat6/Catalina/localhost/xwiki/aether-repository/com/novell/ldap/jldap/4.3
/var/cache/tomcat6/Catalina/localhost/xwiki/aether-repository/com/novell/ldap/jldap/4.3/_maven.repositories
/var/cache/tomcat6/Catalina/localhost/xwiki/aether-repository/com/novell/ldap/jldap/4.3/jldap-4.3.pom
/var/cache/tomcat6/Catalina/localhost/xwiki/aether-repository/com/novell/ldap/jldap/4.3/jldap-4.3.pom.sha1
I have no idea where does LDAP UI store its configuration.
Anyway, after your response, I've tried to install and configure XWiki
UI again (since I'm unable to fully remove its configuration),
according to your proposals. I got different output in catalina.out,
but still no luck:
2012-06-14 14:54:21,163
[http://10.1.0.220:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] TRACE
u.i.L.XWikiLDAPAuthServiceImpl - Starting LDAP authentication
2012-06-14 14:54:21,173
[http://10.1.0.220:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG
c.x.x.p.l.XWikiLDAPConfig - ldap_group_classes: [groupofnames,
groupwisedistributionlist, dynamicgroup, dynamicgroupaux,
groupofuniquenames, group]
2012-06-14 14:54:21,173
[http://10.1.0.220:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG
c.x.x.p.l.XWikiLDAPConfig - ldap_group_memberfields: [member,
uniquemember]
2012-06-14 14:54:21,200
[http://10.1.0.220:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG
c.x.x.p.l.XWikiLDAPConnection - Connection to LDAP server
[127.0.0.1:389]
2012-06-14 14:54:21,209
[http://10.1.0.220:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG
c.x.x.p.l.XWikiLDAPConnection - Binding to LDAP server with
credentials login=[uid=xwiki,ou=People,dc=debuntu,dc=local]
2012-06-14 14:54:21,244
[http://10.1.0.220:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG
u.i.L.XWikiLDAPAuthServiceImpl - Local LDAP authentication failed.
com.xpn.xwiki.plugin.ldap.XWikiLDAPException: Error number 0 in 5:
LDAP bind failed with LDAPException.
Wrapped Exception: Invalid Credentials
at
com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:172)
~[xwiki-platform-legacy-oldcore-4.0.jar:na]
at
com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:101)
~[xwiki-platform-legacy-oldcore-4.0.jar:na]
at
com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticateInContext(XWikiLDAPAuthServiceImpl.java:305)
[xwiki-platform-legacy-oldcore-4.0.jar:na]
(exception same as before)
2012-06-14 14:54:21,245
[http://10.1.0.220:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG
u.i.L.XWikiLDAPAuthServiceImpl - Trying authentication against XWiki
DB
2012-06-14 14:54:21,276
[http://10.1.0.220:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG
u.i.L.XWikiLDAPAuthServiceImpl - LDAP authentication failed for user
[xwiki]
2012-06-14 14:54:21,356
[http://10.1.0.220:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] WARN
o.x.v.i.DefaultVelocityEngine - Deprecated usage of method
[com.xpn.xwiki.api.XWiki.parseMessage] in /templates/login.vm@29,33
And here's my detailed configuration in XWiki's LDAP UI, as (like I
said) I didn't manage to remove it fully (and use xwiki.cfg instead):
LDAP
Yes
LDAP SERVER ADDRESS
127.0.0.1
LDAP SERVER PORT
389
LDAP LOGIN MATCHING
uid={0},ou=People,dc=debuntu,dc=local
LDAP PASSWORD MATCHING
{1}
RESTRICT TO GROUP
LDAP GROUP TO EXCLUDE
LDAP BASE DN
ou=People,dc=debuntu,dc=local
LDAP UID ATTRIBUTE NAME
uid
TRY LOCAL LOGIN
Yes
UPDATE USER FROM LDAP AFTER LOGIN
Yes
LDAP USER FIELDS MAPPING
name - uid
last_name - uid
first_name - uid
fullname - uid
LDAP GROUPS MAPPING
LDAP GROUPS CACHE EXPIRATION
WHEN TO SYNCHRONIZE LDAP GROUPS
At each authentication of a user
Is this wrong, or perhaps should I use only
Re: [xwiki-users] XWiki + OpenLDAP Invalid credentials problem
On Thu, Jun 14, 2012 at 3:18 PM, Patrycja Suchomska
szablowska.patry...@gmail.com wrote:
You sure it's exactly the same ? I don't see how you can get Binding
to LDAP server with credentials login=[cn=xwiki] with this
configuration. It should indeicate
login=[uid=xwiki,ou=People,dc=debuntu,dc=local].
Maybe you have some configuration set in XWiki.XWikiPreferences page
which override what you have in xwiki.cfg, did you tried the LDAP UI
before seting xwiki.cfg ?
You're right, I've tried the LDAP UI before setting the xwiki.cfg. I
removed it, but it seems that XWiki still stores those settings
somewhere. I uninstalled it earlier in web interface and even removed
directories such as
/var/lib/xwiki/data/extension/repository/org.xwiki.platform%3Axwiki-platform-ldap-ui/
and
/var/lib/xwiki/data/extension/repository/org.xwiki.platform%3Axwiki-platform-ldap-api/.
LDAP UI extension disappeared in web administration. But still I could
see in catalina.out that message Binding to LDAP server with
credentials login=[cn=xwiki], despite the fact my xwiki.cfg was
different.
I did 'locate ldap | grep xwiki' on serrver to find where it may be.
The only things it found are:
/usr/lib/xwiki/WEB-INF/lib/jldap-4.3.jar
/var/cache/tomcat6/Catalina/localhost/xwiki/aether-repository/com/novell/ldap
/var/cache/tomcat6/Catalina/localhost/xwiki/aether-repository/com/novell/ldap/jldap
/var/cache/tomcat6/Catalina/localhost/xwiki/aether-repository/com/novell/ldap/jldap/4.3
/var/cache/tomcat6/Catalina/localhost/xwiki/aether-repository/com/novell/ldap/jldap/4.3/_maven.repositories
/var/cache/tomcat6/Catalina/localhost/xwiki/aether-repository/com/novell/ldap/jldap/4.3/jldap-4.3.pom
/var/cache/tomcat6/Catalina/localhost/xwiki/aether-repository/com/novell/ldap/jldap/4.3/jldap-4.3.pom.sha1
I have no idea where does LDAP UI store its configuration.
As I said, it's in the XWiki.XWikiPreferences page. Go to
http://yourdomain/xwiki/bin/edit/XWiki/XWikiPreferences?editor=object,
you should find some LDAP properties at the end of the
XWikiPreferences object.
Anyway, after your response, I've tried to install and configure XWiki
UI again (since I'm unable to fully remove its configuration),
according to your proposals. I got different output in catalina.out,
but still no luck:
2012-06-14 14:54:21,163
[http://10.1.0.220:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] TRACE
u.i.L.XWikiLDAPAuthServiceImpl - Starting LDAP authentication
2012-06-14 14:54:21,173
[http://10.1.0.220:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG
c.x.x.p.l.XWikiLDAPConfig - ldap_group_classes: [groupofnames,
groupwisedistributionlist, dynamicgroup, dynamicgroupaux,
groupofuniquenames, group]
2012-06-14 14:54:21,173
[http://10.1.0.220:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG
c.x.x.p.l.XWikiLDAPConfig - ldap_group_memberfields: [member,
uniquemember]
2012-06-14 14:54:21,200
[http://10.1.0.220:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG
c.x.x.p.l.XWikiLDAPConnection - Connection to LDAP server
[127.0.0.1:389]
2012-06-14 14:54:21,209
[http://10.1.0.220:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG
c.x.x.p.l.XWikiLDAPConnection - Binding to LDAP server with
credentials login=[uid=xwiki,ou=People,dc=debuntu,dc=local]
2012-06-14 14:54:21,244
[http://10.1.0.220:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG
u.i.L.XWikiLDAPAuthServiceImpl - Local LDAP authentication failed.
com.xpn.xwiki.plugin.ldap.XWikiLDAPException: Error number 0 in 5:
LDAP bind failed with LDAPException.
Wrapped Exception: Invalid Credentials
at
com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:172)
~[xwiki-platform-legacy-oldcore-4.0.jar:na]
at
com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:101)
~[xwiki-platform-legacy-oldcore-4.0.jar:na]
at
com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticateInContext(XWikiLDAPAuthServiceImpl.java:305)
[xwiki-platform-legacy-oldcore-4.0.jar:na]
(exception same as before)
2012-06-14 14:54:21,245
[http://10.1.0.220:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG
u.i.L.XWikiLDAPAuthServiceImpl - Trying authentication against XWiki
DB
2012-06-14 14:54:21,276
[http://10.1.0.220:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG
u.i.L.XWikiLDAPAuthServiceImpl - LDAP authentication failed for user
[xwiki]
2012-06-14 14:54:21,356
[http://10.1.0.220:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] WARN
o.x.v.i.DefaultVelocityEngine - Deprecated usage of method
[com.xpn.xwiki.api.XWiki.parseMessage] in /templates/login.vm@29,33
And here's my detailed configuration in XWiki's LDAP UI, as (like I
said) I didn't manage to remove it fully (and use xwiki.cfg instead):
LDAP
Yes
LDAP SERVER ADDRESS
127.0.0.1
LDAP SERVER PORT
389
LDAP LOGIN MATCHING
uid={0},ou=People,dc=debuntu,dc=local
LDAP PASSWORD MATCHING
{1}
RESTRICT TO GROUP
LDAP GROUP TO
Re: [xwiki-users] Error -You are not allowed to view this document or perform this action.
On Thu, Jun 14, 2012 at 4:02 PM, Gerritjan Koekkoek
gerritjankoekk...@gmail.com wrote:
Op 14 jun. 2012, om 13:58 heeft Marius Dumitru Florea het volgende geschreven:
On Wed, Jun 13, 2012 at 8:02 PM, Gerritjan Koekkoek
gerritjankoekk...@gmail.com wrote:
I've created an app with app within minutes.
A normal user gets the following error:
Error
You are not allowed to view this document or perform this action.
On which page and which action? URL? (you can strip the domain part).
xwiki/bin/view/CdLSATEPrivat/WebHome
What can cause this error, the space has the right rights set. (View,
Comment and Edit; no Delete or Admin)
No document level security. Other documents in the space can be seen…
The page CdLSATEPrivat/WebHome is generated by app within minutes, but I
have modified the documentsheetbinding
The LiveTableViewSheet has been copied from app within minutes space into
CdLSATEPrivat space
Is there any groovy scripts that can not be used by normal users?
If the Groovy script is in the sheet and the last sheet content author
has programming rights then a simple user shouldn't have any problem
viewing the page with that sheet applied. But, afaik, the message you
get is not related to programming rights.
If the document on which you get this message has a sheet you can try
to bind the document to itself, sheet='', and see if the message
remains.
Still the same error:
Content of page:
{{velocity}}
#set($originalMsg = $msg)
#set($msg =
$services.dynamicMessageToolFactory.createDynamicMessageTool($msg, {
'cdlsateprivat.livetable.doc.date':
$msg.get('platform.appwithinminutes.liveTableEditorDocDateColumnName'),
'cdlsateprivat.livetable.doc.author':
$msg.get('platform.appwithinminutes.liveTableEditorDocAuthorColumnName'),
'cdlsateprivat.livetable._actions.edit':
$msg.get('platform.appwithinminutes.appLiveTableEditEntryActionName'),
'cdlsateprivat.livetable._actions.delete':
$msg.get('platform.appwithinminutes.appLiveTableDeleteEntryActionName'),
'cdlsateprivat.livetable._actions':
$msg.get('platform.appwithinminutes.liveTableEditorActionsColumnName')
}))
#set($columnsProperties = {
'squestioner': {'type': 'text', 'size': 10, 'filterable': true, 'sortable':
true, 'html': false},
'emailQuestioner': {'type': 'text', 'size': 10, 'filterable': true,
'sortable': true, 'html': false},
'subject': {'type': 'text', 'link': 'view', 'size': 10, 'filterable': true,
'sortable': true, 'html': false},
'cdlsPerson': {'type': 'text', 'size': 10, 'filterable': true, 'sortable':
true, 'html': false},
'status': {'type': 'list', 'size': 10, 'filterable': true, 'sortable': true,
'html': false},
'doc.date': {'type': 'text', 'link': 'view', 'size': 10, 'filterable': true,
'sortable': true},
'doc.author': {'type': 'text', 'link': 'author', 'size': 10, 'filterable':
true, 'sortable': true},
'_actions': {'html': true, 'sortable': false, 'actions': ['edit', 'delete']}
})
#set($options = {
'className': 'CdLSATEPrivat.CdLSATEPrivatClass',
'resultPage' : 'CdLSATEPrivat.LiveTableGenerator',
'translationPrefix': 'cdlsateprivat.livetable.',
'tagCloud': true,
'rowCount': 15,
'maxPages': 10,
'selectedColumn': 'doc.author',
'defaultOrder': 'asc'
})
#set($columns = ['squestioner', 'emailQuestioner', 'subject', 'cdlsPerson',
'status', 'doc.date', 'doc.author', '_actions'])
#livetable('cdlsateprivat' $columns $columnsProperties $options)
#set($msg = $originalMsg)
{{/velocity}}
It is having three objects:
LiveTableClass 0: CdLSATEPrivat.CdLSATEPrivatClass
DocumentSheetBinding 0: CdLSATEPrivat.LiveTableEditSheet
XWikiRights 0: XWiki.User
Then it's clearly a rights setting issue. I'd double check the rights
set on the app home page, and app space (WebPreferences page). I don't
have other ideas.
Hope this helps,
Marius
Hope this helps,
Marius
Gerritjan
___
users mailing list
users@xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
___
users mailing list
users@xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
___
users mailing list
users@xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
___
users mailing list
users@xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
[xwiki-users] [myxwiki] new wiki request
Hi, I am a physician (with an engineering background) in Seattle, Washington, USA. I am interested in using myxwiki to develop a personal knowledge management system, particularly for studying anthroposophic medicine. my username is drmartin1 I request a myxwiki name of coalesce. Thanks, David Martin ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
