Re: [xwiki-users] log4j doesn't log information about LDAP connection
On Fri, Jun 4, 2010 at 14:21, Thomas Mortagne wrote: >On Fri, Jun 4, 2010 at 13:09, Martin Kunze wrote: >> Hey, >> >> there are some good news and some not so good ones. >> >> After I upgraded xwiki to Version 2.3.1 and reconfigured xwiki.cfg the >> ActiveDirectory-Authentication works. User now can login. But has no rights. >> Now of course, I have to set some groupmapping. I did it like that: >> xwiki.authentication.ldap.group_mapping=XWiki.GruppeA=cn=Standort,ou=Standortgruppen,ou=Gruppen,ou=Another >> Group >> >> So now, that doesn't work. There are three things I want to know: >> 1. do I have to add the "dc=domain,dc=suffix" string at the end? > >The LDAP side has to be the full DN, so yes. Hey yeah! That's it! Now it works! Great job. Thanks a lot!!! Now to go on in topic I have two more general questions. Maybe you could answer. According to my colleague it would be useful if the user will be logged-in into xwiki automaticly by using the windows-logon-credential. Is this possible? And second: It would be extreamly helpful for our admins when there will be a possibility to manually map LDAP groups to xwiki groups by an graphical UI in the browser. e.g. xwiki lists all (sub)groups of an AD and the admin can map them to existing xwiki groups by clicking. (a bit like the assignment of a user to a group in xwiki.) - Is there any activity planed to implement sth. like that? Regards Martin. ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] log4j doesn't log information about LDAP connection
Hey,
there are some good news and some not so good ones.
After I upgraded xwiki to Version 2.3.1 and reconfigured xwiki.cfg the
ActiveDirectory-Authentication works. User now can login. But has no rights.
Now of course, I have to set some groupmapping. I did it like that:
xwiki.authentication.ldap.group_mapping=XWiki.GruppeA=cn=Standort,ou=Standortgruppen,ou=Gruppen,ou=Another
Group
So now, that doesn't work. There are three things I want to know:
1. do I have to add the "dc=domain,dc=suffix" string at the end?
2. the last group contains a space - can that be a problem?
3. are there any other things that can be wrong?
By the way, "GruppeA" exists in the wiki. I created it and granted some rights.
Best Regards :-)
Martin
Von: Thomas Mortagne
An: XWiki Users
Gesendet: Mittwoch, den 2. Juni 2010, 16:52:41 Uhr
Betreff: Re: [xwiki-users] log4j doesn't log information about LDAP connection
On Wed, Jun 2, 2010 at 13:26, Martin Kunze wrote:
> Hello Thomas,
>
> this morning I had the possibility to restart the whole server on which xwiki
> and tomcat are running.
> You won't beleave me but now there is some Logging and the "Starting LDAP
> authentication" string in the xwiki.log. crazy.
>
> But authentication fails. ("Invalid credentials"). xwiki.log sais the
> following:
> "The provided User is null. We don't try to authenticate, it probably means
> the user is in non logged mode."
This log is because when you access XWiki the authenticator is called
with no user for SSO based authenticators.
You should have another "Starting LDAP authentication" with different
logs after this one, just look at the time when you try to
authenticate and takes the logs from this time and send them here so
that i can look at them.
>
> Any idea what that means here and what to do???
>
> Thanks for your help!!!
>
> --
> Martin
>
>>Try setting "trace" level instead of "debug" and see if you have
>>"Starting LDAP authentication" to really make sure you don't have log
>>because of some very magical authenticator bug, that way we will at
>>least know we have to focus in logging.
>
>
>> xwiki.authentication.ldap=1
>> xwiki.authentication.ldap.server=IP-Adress
>> xwiki.authentication.ldap.port=389
>> xwiki.authentication.ldap.base_DN=dc=domain,dc=suffix
>> xwiki.authentication.ldap.bind_DN=domain\{0}
>> xwiki.authentication.ldap.bind_pass={1}
>> xwiki.authentication.ldap.UID_attr=sAMAccountName
>
>
> ___
> users mailing list
> users@xwiki.org
> http://lists.xwiki.org/mailman/listinfo/users
>
--
Thomas Mortagne
___
users mailing list
users@xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
___
users mailing list
users@xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] log4j doesn't log information about LDAP connection
Hello Thomas,
this morning I had the possibility to restart the whole server on which xwiki
and tomcat are running.
You won't beleave me but now there is some Logging and the "Starting LDAP
authentication" string in the xwiki.log. crazy.
But authentication fails. ("Invalid credentials"). xwiki.log sais the following:
"The provided User is null. We don't try to authenticate, it probably means the
user is in non logged mode."
Any idea what that means here and what to do???
Thanks for your help!!!
--
Martin
>Try setting "trace" level instead of "debug" and see if you have
>"Starting LDAP authentication" to really make sure you don't have log
>because of some very magical authenticator bug, that way we will at
>least know we have to focus in logging.
> xwiki.authentication.ldap=1
> xwiki.authentication.ldap.server=IP-Adress
> xwiki.authentication.ldap.port=389
> xwiki.authentication.ldap.base_DN=dc=domain,dc=suffix
> xwiki.authentication.ldap.bind_DN=domain\{0}
> xwiki.authentication.ldap.bind_pass={1}
> xwiki.authentication.ldap.UID_attr=sAMAccountName
___
users mailing list
users@xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] log4j doesn't log information about LDAP connection
>Dumb question: did you restarted XWiki since you modified configuration files ? I usually only restart Tomcat after I've modified a configuration file. -- Martin On Tue, Jun 1, 2010 at 12:26, Martin Kunze wrote: > Thomas wrote: >>Make sure the xwiki.authentication.authclass proparty is not set >>anywhere else in the xwiki.cfg file. > > done. ;-) (All the others ar commented with an "#" at the beginning) > >>Try setting "trace" level instead of "debug" and see if you have >>"Starting LDAP authentication" to really make sure you don't have log >>because of some very magical authenticator bug, that way we will at >>east know we have to focus in logging. > > Good idea, but there's no "Starting LDAP authentication" or anything like > that in the whole file. > For me that looks like xwiki does not try to connect to the AD at the moment. > > -- > Martin > > ___ > users mailing list > users@xwiki.org > http://lists.xwiki.org/mailman/listinfo/users > -- Thomas Mortagne ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] log4j doesn't log information about LDAP connection
Thomas wrote: >Make sure the xwiki.authentication.authclass proparty is not set >anywhere else in the xwiki.cfg file. done. ;-) (All the others ar commented with an "#" at the beginning) >Try setting "trace" level instead of "debug" and see if you have >"Starting LDAP authentication" to really make sure you don't have log >because of some very magical authenticator bug, that way we will at >east know we have to focus in logging. Good idea, but there's no "Starting LDAP authentication" or anything like that in the whole file. For me that looks like xwiki does not try to connect to the AD at the moment. -- Martin ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] log4j doesn't log information about LDAP connection
Hello Thomas,
>Where did you put the log4j.properties file ?
I put the log4j.properties file in the '/WEB-INF/classes/' directory.
The xwiki.log also isn't empty and shows e.g. all *.jar files which are used by
running xwiki and loaded on startup of tomcat.
>Did you properly enabled LDAP ayhenticator (with property
>xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl)?
Yes, I did it like that and also set the following properties in xwiki:
xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl
xwiki.authentication.ldap=1
xwiki.authentication.ldap.server=IP-Adress
xwiki.authentication.ldap.port=389
xwiki.authentication.ldap.base_DN=dc=domain,dc=suffix
xwiki.authentication.ldap.bind_DN=domain\{0}
xwiki.authentication.ldap.bind_pass={1}
xwiki.authentication.ldap.UID_attr=sAMAccountName
xwiki.authentication.ldap.fields_mapping=name=sAMAccountName,last_name=sn,first_name=givenName,fullname=displayName,email=mail,ldap_dn=dn
But our xwiki server seems not to connect to the AD-Server...
--
Martin
___
users mailing list
users@xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
