Re: [xwiki-users] log4j doesn't log information about LDAP connection
On Fri, Jun 4, 2010 at 14:21, Thomas Mortagne wrote: >On Fri, Jun 4, 2010 at 13:09, Martin Kunze wrote: >> Hey, >> >> there are some good news and some not so good ones. >> >> After I upgraded xwiki to Version 2.3.1 and reconfigured xwiki.cfg the >> ActiveDirectory-Authentication works. User now can login. But has no rights. >> Now of course, I have to set some groupmapping. I did it like that: >> xwiki.authentication.ldap.group_mapping=XWiki.GruppeA=cn=Standort,ou=Standortgruppen,ou=Gruppen,ou=Another >> Group >> >> So now, that doesn't work. There are three things I want to know: >> 1. do I have to add the "dc=domain,dc=suffix" string at the end? > >The LDAP side has to be the full DN, so yes. Hey yeah! That's it! Now it works! Great job. Thanks a lot!!! Now to go on in topic I have two more general questions. Maybe you could answer. According to my colleague it would be useful if the user will be logged-in into xwiki automaticly by using the windows-logon-credential. Is this possible? And second: It would be extreamly helpful for our admins when there will be a possibility to manually map LDAP groups to xwiki groups by an graphical UI in the browser. e.g. xwiki lists all (sub)groups of an AD and the admin can map them to existing xwiki groups by clicking. (a bit like the assignment of a user to a group in xwiki.) - Is there any activity planed to implement sth. like that? Regards Martin. ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] log4j doesn't log information about LDAP connection
Hey, there are some good news and some not so good ones. After I upgraded xwiki to Version 2.3.1 and reconfigured xwiki.cfg the ActiveDirectory-Authentication works. User now can login. But has no rights. Now of course, I have to set some groupmapping. I did it like that: xwiki.authentication.ldap.group_mapping=XWiki.GruppeA=cn=Standort,ou=Standortgruppen,ou=Gruppen,ou=Another Group So now, that doesn't work. There are three things I want to know: 1. do I have to add the "dc=domain,dc=suffix" string at the end? 2. the last group contains a space - can that be a problem? 3. are there any other things that can be wrong? By the way, "GruppeA" exists in the wiki. I created it and granted some rights. Best Regards :-) Martin Von: Thomas Mortagne An: XWiki Users Gesendet: Mittwoch, den 2. Juni 2010, 16:52:41 Uhr Betreff: Re: [xwiki-users] log4j doesn't log information about LDAP connection On Wed, Jun 2, 2010 at 13:26, Martin Kunze wrote: > Hello Thomas, > > this morning I had the possibility to restart the whole server on which xwiki > and tomcat are running. > You won't beleave me but now there is some Logging and the "Starting LDAP > authentication" string in the xwiki.log. crazy. > > But authentication fails. ("Invalid credentials"). xwiki.log sais the > following: > "The provided User is null. We don't try to authenticate, it probably means > the user is in non logged mode." This log is because when you access XWiki the authenticator is called with no user for SSO based authenticators. You should have another "Starting LDAP authentication" with different logs after this one, just look at the time when you try to authenticate and takes the logs from this time and send them here so that i can look at them. > > Any idea what that means here and what to do??? > > Thanks for your help!!! > > -- > Martin > >>Try setting "trace" level instead of "debug" and see if you have >>"Starting LDAP authentication" to really make sure you don't have log >>because of some very magical authenticator bug, that way we will at >>least know we have to focus in logging. > > >> xwiki.authentication.ldap=1 >> xwiki.authentication.ldap.server=IP-Adress >> xwiki.authentication.ldap.port=389 >> xwiki.authentication.ldap.base_DN=dc=domain,dc=suffix >> xwiki.authentication.ldap.bind_DN=domain\{0} >> xwiki.authentication.ldap.bind_pass={1} >> xwiki.authentication.ldap.UID_attr=sAMAccountName > > > ___ > users mailing list > users@xwiki.org > http://lists.xwiki.org/mailman/listinfo/users > -- Thomas Mortagne ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] log4j doesn't log information about LDAP connection
Hello Thomas, this morning I had the possibility to restart the whole server on which xwiki and tomcat are running. You won't beleave me but now there is some Logging and the "Starting LDAP authentication" string in the xwiki.log. crazy. But authentication fails. ("Invalid credentials"). xwiki.log sais the following: "The provided User is null. We don't try to authenticate, it probably means the user is in non logged mode." Any idea what that means here and what to do??? Thanks for your help!!! -- Martin >Try setting "trace" level instead of "debug" and see if you have >"Starting LDAP authentication" to really make sure you don't have log >because of some very magical authenticator bug, that way we will at >least know we have to focus in logging. > xwiki.authentication.ldap=1 > xwiki.authentication.ldap.server=IP-Adress > xwiki.authentication.ldap.port=389 > xwiki.authentication.ldap.base_DN=dc=domain,dc=suffix > xwiki.authentication.ldap.bind_DN=domain\{0} > xwiki.authentication.ldap.bind_pass={1} > xwiki.authentication.ldap.UID_attr=sAMAccountName ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] log4j doesn't log information about LDAP connection
>Dumb question: did you restarted XWiki since you modified configuration files ? I usually only restart Tomcat after I've modified a configuration file. -- Martin On Tue, Jun 1, 2010 at 12:26, Martin Kunze wrote: > Thomas wrote: >>Make sure the xwiki.authentication.authclass proparty is not set >>anywhere else in the xwiki.cfg file. > > done. ;-) (All the others ar commented with an "#" at the beginning) > >>Try setting "trace" level instead of "debug" and see if you have >>"Starting LDAP authentication" to really make sure you don't have log >>because of some very magical authenticator bug, that way we will at >>east know we have to focus in logging. > > Good idea, but there's no "Starting LDAP authentication" or anything like > that in the whole file. > For me that looks like xwiki does not try to connect to the AD at the moment. > > -- > Martin > > ___ > users mailing list > users@xwiki.org > http://lists.xwiki.org/mailman/listinfo/users > -- Thomas Mortagne ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] log4j doesn't log information about LDAP connection
Thomas wrote: >Make sure the xwiki.authentication.authclass proparty is not set >anywhere else in the xwiki.cfg file. done. ;-) (All the others ar commented with an "#" at the beginning) >Try setting "trace" level instead of "debug" and see if you have >"Starting LDAP authentication" to really make sure you don't have log >because of some very magical authenticator bug, that way we will at >east know we have to focus in logging. Good idea, but there's no "Starting LDAP authentication" or anything like that in the whole file. For me that looks like xwiki does not try to connect to the AD at the moment. -- Martin ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] log4j doesn't log information about LDAP connection
Hello Thomas, >Where did you put the log4j.properties file ? I put the log4j.properties file in the '/WEB-INF/classes/' directory. The xwiki.log also isn't empty and shows e.g. all *.jar files which are used by running xwiki and loaded on startup of tomcat. >Did you properly enabled LDAP ayhenticator (with property >xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl)? Yes, I did it like that and also set the following properties in xwiki: xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl xwiki.authentication.ldap=1 xwiki.authentication.ldap.server=IP-Adress xwiki.authentication.ldap.port=389 xwiki.authentication.ldap.base_DN=dc=domain,dc=suffix xwiki.authentication.ldap.bind_DN=domain\{0} xwiki.authentication.ldap.bind_pass={1} xwiki.authentication.ldap.UID_attr=sAMAccountName xwiki.authentication.ldap.fields_mapping=name=sAMAccountName,last_name=sn,first_name=givenName,fullname=displayName,email=mail,ldap_dn=dn But our xwiki server seems not to connect to the AD-Server... -- Martin ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users