Re: [xwiki-users] XWiki Docker in Prod
Hi guys, Thanks alot for all the help. I have logs and ldap running! @Thomas Mortagne, for ldap I had this config missing (I actually thought that sAMAccountName should be replaced by the user to authenticate with the windows AD) : xwiki.authentication.ldap.UID_attr=sAMAccountName Thanks and have a nice weekend! Lester -Original Message- From: users [mailto:users-boun...@xwiki.org] On Behalf Of Thomas Mortagne Sent: jeudi 11 mai 2017 19:05 To: XWiki Users <users@xwiki.org> Subject: Re: [xwiki-users] XWiki Docker in Prod You have various examples http://extensions.xwiki.org/xwiki/bin/view/Extension/LDAP/Authenticator/UseCases/. On Thu, May 11, 2017 at 7:03 PM, Thomas Mortagne <thomas.morta...@xwiki.com> wrote: > XWiki tried to find an entry in the LDAP server with the field "cn" > having the value "lmdizon-itx". Either this uid does not exist or you > need to set a different field using the property > xwiki.authentication.ldap.UID_attr (cn is the default). > > On Thu, May 11, 2017 at 6:20 PM, Lester Marc Dizon (ITX) > <lmdi...@itx-ge.com> wrote: >> @Thomas Froehlich thanks it works and I see LDAP debug logs! @Vincent Massol >> , with Thomas way, I find the LDAP logs in "/var/lib/tomcat8/logs/xwiki.log" >> . >> >> I added the following configuration in xwiki.cfg but it still doesn't work: >> xwiki.authentication.authclass=org.xwiki.contrib.ldap.XWikiLDAPAuthSe >> rviceImpl >> xwiki.authentication.ldap.trylocal=1 >> xwiki.authentication.ldap=1 >> xwiki.authentication.ldap.server=10.50.0.26 >> xwiki.authentication.ldap.port=389 >> xwiki.authentication.ldap.base_DN=OU=Standards,OU=Accounts,OU=_ITX,DC >> =itx,DC=local xwiki.authentication.ldap.bind_DN=CN=Lester Marc Dizon >> (ITX),OU=Standards,OU=Accounts,OU=_ITX,DC=itx,DC=local >> xwiki.authentication.ldap.bind_pass=mypassword >> >> I have the following errors: >> 81954 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] TRACE >> o.x.c.ldap.XWikiLDAPAuthServiceImpl - Starting LDAP authentication >> 81955 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG >> o.x.c.ldap.XWikiLDAPAuthServiceImpl - The provided user is null. We don't >> try to authenticate, it probably means the user is in non logged mode. >> 81955 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] TRACE >> o.x.c.ldap.XWikiLDAPAuthServiceImpl - Starting LDAP authentication >> 81956 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG >> o.x.contrib.ldap.XWikiLDAPConfig - remoteUserParser: null >> 82020 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG >> o.x.contrib.ldap.XWikiLDAPConfig - ldap_group_classes: [groupofnames, >> posixgroup, apple-group, groupofuniquenames, dynamicgroup, >> groupwisedistributionlist, group, dynamicgroupaux] >> 82021 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG >> o.x.contrib.ldap.XWikiLDAPConfig - ldap_group_memberfields: >> [uniquemember, memberuid, member] >> 82201 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG >> o.x.c.ldap.XWikiLDAPConnection - Connection to LDAP server >> [10.50.0.26:389] >> 82217 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG >> o.x.c.ldap.XWikiLDAPConnection - Binding to LDAP server with >> credentials login=[CN=Lester Marc Dizon >> (ITX),OU=Standards,OU=Accounts,OU=_ITX,DC=itx,DC=local] >> 83172 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG >> o.xwiki.contrib.ldap.XWikiLDAPUtils - Searching for the user in LDAP: >> user [lmdizon-itx] base >> [OU=Standards,OU=Accounts,OU=_ITX,DC=itx,DC=local] query >> [(cn=lmdizon-itx)] uid [cn] >> 83180 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG >> o.x.c.ldap.XWikiLDAPConnection - LDAP search: >> baseDN=[OU=Standards,OU=Accounts,OU=_ITX,DC=itx,DC=local] >> query=[(cn=lmdizon-itx)] attr=[null] ldapScope=[2] >> 83253 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG >> o.x.c.ldap.XWikiLDAPAuthServiceImpl - Local LDAP authentication failed. >> com.xpn.xwiki.XWikiException: Error number 8001 in 8: Can't find LDAP user >> DN for input [lmdizon-itx] >> at >> org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl.ldapAuthenticateInContext(XWikiLDAPAuthServiceImpl.java:608) >> at >> org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWikiLDAPAuthServiceImpl.java:334) >> at >> org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl.authenticate(XWikiLDAPAuthServiceImpl.java:268) >> at >> com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.authenticate(My
Re: [xwiki-users] XWiki Docker in Prod
@Thomas Froehlich thanks it works and I see LDAP debug logs! @Vincent Massol , with Thomas way, I find the LDAP logs in "/var/lib/tomcat8/logs/xwiki.log" . I added the following configuration in xwiki.cfg but it still doesn't work: xwiki.authentication.authclass=org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl xwiki.authentication.ldap.trylocal=1 xwiki.authentication.ldap=1 xwiki.authentication.ldap.server=10.50.0.26 xwiki.authentication.ldap.port=389 xwiki.authentication.ldap.base_DN=OU=Standards,OU=Accounts,OU=_ITX,DC=itx,DC=local xwiki.authentication.ldap.bind_DN=CN=Lester Marc Dizon (ITX),OU=Standards,OU=Accounts,OU=_ITX,DC=itx,DC=local xwiki.authentication.ldap.bind_pass=mypassword I have the following errors: 81954 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] TRACE o.x.c.ldap.XWikiLDAPAuthServiceImpl - Starting LDAP authentication 81955 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.ldap.XWikiLDAPAuthServiceImpl - The provided user is null. We don't try to authenticate, it probably means the user is in non logged mode. 81955 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] TRACE o.x.c.ldap.XWikiLDAPAuthServiceImpl - Starting LDAP authentication 81956 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.contrib.ldap.XWikiLDAPConfig - remoteUserParser: null 82020 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.contrib.ldap.XWikiLDAPConfig - ldap_group_classes: [groupofnames, posixgroup, apple-group, groupofuniquenames, dynamicgroup, groupwisedistributionlist, group, dynamicgroupaux] 82021 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.contrib.ldap.XWikiLDAPConfig - ldap_group_memberfields: [uniquemember, memberuid, member] 82201 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.ldap.XWikiLDAPConnection - Connection to LDAP server [10.50.0.26:389] 82217 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.ldap.XWikiLDAPConnection - Binding to LDAP server with credentials login=[CN=Lester Marc Dizon (ITX),OU=Standards,OU=Accounts,OU=_ITX,DC=itx,DC=local] 83172 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.xwiki.contrib.ldap.XWikiLDAPUtils - Searching for the user in LDAP: user [lmdizon-itx] base [OU=Standards,OU=Accounts,OU=_ITX,DC=itx,DC=local] query [(cn=lmdizon-itx)] uid [cn] 83180 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.ldap.XWikiLDAPConnection - LDAP search: baseDN=[OU=Standards,OU=Accounts,OU=_ITX,DC=itx,DC=local] query=[(cn=lmdizon-itx)] attr=[null] ldapScope=[2] 83253 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.ldap.XWikiLDAPAuthServiceImpl - Local LDAP authentication failed. com.xpn.xwiki.XWikiException: Error number 8001 in 8: Can't find LDAP user DN for input [lmdizon-itx] at org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl.ldapAuthenticateInContext(XWikiLDAPAuthServiceImpl.java:608) at org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWikiLDAPAuthServiceImpl.java:334) at org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl.authenticate(XWikiLDAPAuthServiceImpl.java:268) at com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.authenticate(MyFormAuthenticator.java:272) at com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:192) at com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:174) at com.xpn.xwiki.user.impl.xwiki.XWikiAuthServiceImpl.checkAuth(XWikiAuthServiceImpl.java:239) at org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl.checkAuth(XWikiLDAPAuthServiceImpl.java:163) at com.xpn.xwiki.XWiki.checkAuth(XWiki.java:3782) at org.xwiki.security.authorization.internal.XWikiCachingRightService.authenticateUser(XWikiCachingRightService.java:242) at org.xwiki.security.authorization.internal.XWikiCachingRightService.checkAccess(XWikiCachingRightService.java:272) at com.xpn.xwiki.XWiki.checkAccess(XWiki.java:3800) at com.xpn.xwiki.XWiki.prepareDocuments(XWiki.java:4850) at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:364) at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:210) at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:425) at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:228) at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1913) at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:462) at javax.servlet.http.HttpServlet.service(HttpServlet.java:661) at javax.servlet.http.HttpServlet.service(HttpServlet.java:742) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231) at org.apache.catalina.core.ApplicationFilterChai
Re: [xwiki-users] XWiki Docker in Prod
Works better with xwiki.authentication.ldap.trylocal=1, thanks . However I don't see any LDAP debug logs. I have the following logs in /usr/local/tomcat/logs/*: - catalina.2017-05-10.log - host-manager.2017-05-10.log - localhost.2017-05-10.log - localhost_access_log.2017-05-10.txt - manager.2017-05-10.log http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Logging states that Tomcat on unix will capture stdout and add logs to the tomcat/logs/catalina.out file. However made a find on "catalina.out" but nothing. Any clues where to find those LDAP logs? Thanks, Lester -Original Message- From: users [mailto:users-boun...@xwiki.org] On Behalf Of Thomas Mortagne Sent: mercredi 10 mai 2017 17:38 To: XWiki Users <users@xwiki.org> Subject: Re: [xwiki-users] XWiki Docker in Prod On Wed, May 10, 2017 at 5:25 PM, Lester Marc Dizon (ITX) <lmdi...@itx-ge.com> wrote: > Thank you for your responses. I'm new to this community and happy to see you > guys are very responsive. > > @Thomas, I have followed your wiki pages. The moment I add > "xwiki.authentication.authclass=org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl" > in xwiki.cfg , I can't login anymore even with the local admin account. I > get a 401 http status code in > "/usr/local/tomcat/logs/localhost_access_log.2017-05-10.txt". This is because by default the LDAP authenticator does not fallback on standard XWiki auth. See xwiki.authentication.ldap.trylocal property in the documentation. > Can you tell me where and which logfile I should check when I've added > in > "WEB-INF/classes/logback.xml"? Whatever is the application server log file in the docker image. Vincent should know better. > > @Vincent, running with Docker seems to work very well except for my issues > with LDAP. Also, I can ping the LDAP Server inside the XWiki container. I > really need to check a logfile to know where it is failing but I don't know > where to find it. > > Thanks, > Lester >
Re: [xwiki-users] XWiki Docker in Prod
Thank you for your responses. I'm new to this community and happy to see you guys are very responsive. @Thomas, I have followed your wiki pages. The moment I add "xwiki.authentication.authclass=org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl" in xwiki.cfg , I can't login anymore even with the local admin account. I get a 401 http status code in "/usr/local/tomcat/logs/localhost_access_log.2017-05-10.txt". Can you tell me where and which logfile I should check when I've added in "WEB-INF/classes/logback.xml"? @Vincent, running with Docker seems to work very well except for my issues with LDAP. Also, I can ping the LDAP Server inside the XWiki container. I really need to check a logfile to know where it is failing but I don't know where to find it. Thanks, Lester -Original Message- From: users [mailto:users-boun...@xwiki.org] On Behalf Of Vincent Massol Sent: mercredi 10 mai 2017 16:54 To: XWiki Users <users@xwiki.org> Subject: Re: [xwiki-users] XWiki Docker in Prod > On 10 May 2017, at 16:27, Thomas Mortagne <thomas.morta...@xwiki.com> wrote: > > I don't know much about Docker but I can maybe help with the LDAP > authenticator. > > After you installed the extension you will also need to modify the > property xwiki.authentication.authclass in file xwiki.cfg in the > application server as indicated on > http://extensions.xwiki.org/xwiki/bin/view/Extension/LDAP/Authenticator/#HGenericLDAPconfiguration. > I have no idea if the Docker package let you modify this file Yes it does, but it could be simpler, see https://jira.xwiki.org/browse/XDOCKER-20 Thanks -Vincent > but if > you managed to do that then a good thing to do usually to understand > what's wrong with your LDAP setup is enabled debug log (see > http://extensions.xwiki.org/xwiki/bin/view/Extension/LDAP/Authenticator/#HEnableLDAPdebuglog). > > On Wed, May 10, 2017 at 4:13 PM, Lester Marc Dizon (ITX) > <lmdi...@itx-ge.com> wrote: >> Hi, >> >> We are currently testing XWiki. I have a test environment for XWiki running >> in Docker. I would like to know if it's ok to run it as is in Prod >> (intranet)? >> >> Also, I'm trying to connect it to LDAP with no success (tried with >> http://extensions.xwiki.org/xwiki/bin/view/Extension/LDAP/Authenticator/ and >> http://extensions.xwiki.org/xwiki/bin/view/Extension/LDAP/Application/ ). Is >> it because I'm running it in Docker? Is there a log where I can check what's >> wrong? >> >> Any help is appreciated. >> >> Thanks, >> Lester > > > > -- > Thomas Mortagne
[xwiki-users] XWiki Docker in Prod
Hi, We are currently testing XWiki. I have a test environment for XWiki running in Docker. I would like to know if it's ok to run it as is in Prod (intranet)? Also, I'm trying to connect it to LDAP with no success (tried with http://extensions.xwiki.org/xwiki/bin/view/Extension/LDAP/Authenticator/ and http://extensions.xwiki.org/xwiki/bin/view/Extension/LDAP/Application/ ). Is it because I'm running it in Docker? Is there a log where I can check what's wrong? Any help is appreciated. Thanks, Lester
