[xwiki-users] Trouble with XWiki Active Directory LDAP Configuration
Hi, I hope someone can help me. I'm experiencing some trouble with the configuration of XWiki against our Active Directory server. Unfortunately LDAP is not something I am very familiar with and it seems a little unusual to my way of thinking! I have an Active Directory in the following format that I am trying to get working with XWiki: - Root - OU=Staff - CN=Bill Bailey - sAMAccountName=bb - CN=Fred Bloggs - sAMAccountName=fb I've configured the following, but I can't get past the login screen. xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl xwiki.authentication.ldap=1 xwiki.authentication.ldap.server=servername xwiki.authentication.ldap.port=389 xwiki.authentication.ldap.bind_DN=subdomain\\{0} xwiki.authentication.ldap.bind_pass={1} xwiki.authentication.ldap.base_DN=DC=subdomain,DC=domain,DC=com xwiki.authentication.ldap.user_group=OU=Staff xwiki.authentication.ldap.UID_attr=sAMAccountName xwiki.authentication.ldap.group_classes=group,groupOfNames,groupOfUniqueNames,dynamicGroup,dynamicGroupAux,groupWiseDistributionList xwiki.authentication.ldap.fields_mapping=name=sAMAccountName,last_name=sn,first_name=givenName,fullname=displayName,email=mail,ldap_dn=dn xwiki.authentication.ldap.update_user=1 These are my logs... 2013-03-18 15:08:18,924 [http://tidevute:9080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] TRACE u.i.L.XWikiLDAPAuthServiceImpl - Starting LDAP authentication 2013-03-18 15:08:18,924 [http://tidevute:9080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG u.i.L.XWikiLDAPAuthServiceImpl - The provided user is null. We don't try to authenticate, it probably means the user is in non logged mode. 2013-03-18 15:08:18,924 [http://tidevute:9080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] TRACE u.i.L.XWikiLDAPAuthServiceImpl - Starting LDAP authentication 2013-03-18 15:08:18,924 [http://tidevute:9080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConfig - ldap_group_classes: [groupofnames, groupwisedistributionlist, dynamicgroup, dynamicgroupaux, groupofuniquenames, group] 2013-03-18 15:08:18,924 [http://tidevute:9080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConfig - ldap_group_memberfields: [member, uniquemember] 2013-03-18 15:08:18,971 [http://tidevute:9080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConnection - Connection to LDAP server [tidc:389] 2013-03-18 15:08:19,002 [http://tidevute:9080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConnection - Binding to LDAP server with credentials login=[subdomain\username] 2013-03-18 15:08:19,236 [http://tidevute:9080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG u.i.L.XWikiLDAPAuthServiceImpl - Checking if the user belongs to the user group: OU=Staff 2013-03-18 15:08:19,252 [http://tidevute:9080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPUtils - Retrieving Members of the group [OU=Staff] 2013-03-18 15:08:19,252 [http://tidevute:9080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPUtils - [OU=Staff] is a valid DN, lets try to get corresponding entry. 2013-03-18 15:08:19,252 [http://tidevute:9080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConnection - LDAP search: baseDN=[OU=Staff] query=[null] attr=[[objectClass, member, uniquemember, sAMAccountName]] ldapScope=[2] 2013-03-18 15:08:19,299 [http://tidevute:9080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPUtils - Failed to get group members com.novell.ldap.LDAPException: Operations Error at com.novell.ldap.LDAPResponse.getResultException(Unknown Source) ~[jldap-4.3.jar:na] at com.novell.ldap.LDAPResponse.chkResultCode(Unknown Source) ~[jldap-4.3.jar:na] at com.novell.ldap.LDAPSearchResults.next(Unknown Source) ~[jldap-4.3.jar:na] at com.xpn.xwiki.plugin.ldap.XWikiLDAPUtils.getGroupMembersSearchResult(XWikiLDAPUtils.java:676) [xwiki-platform-legacy-oldcore-5.0-milestone-1.jar:na] at com.xpn.xwiki.plugin.ldap.XWikiLDAPUtils.getGroupMembersFromDN(XWikiLDAPUtils.java:603) [xwiki-platform-legacy-oldcore-5.0-milestone-1.jar:na] at com.xpn.xwiki.plugin.ldap.XWikiLDAPUtils.getGroupMembers(XWikiLDAPUtils.java:543) [xwiki-platform-legacy-oldcore-5.0-milestone-1.jar:na] at com.xpn.xwiki.plugin.ldap.XWikiLDAPUtils.getGroupMembers(XWikiLDAPUtils.java:721) [xwiki-platform-legacy-oldcore-5.0-milestone-1.jar:na] at com.xpn.xwiki.plugin.ldap.XWikiLDAPUtils.isUidInGroup(XWikiLDAPUtils.java:843) [xwiki-platform-legacy-oldcore-5.0-milestone-1.jar:na] at com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticateInContext(XWikiLDAPAuthServiceImpl.java:328) [xwiki-platform-legacy-oldcore-5.0-milestone-1.jar:na] at com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWikiLDAPAuthServiceImpl.java:182) [xwiki-platform-legacy-oldcore-5.0-milestone-1.jar:na] at
Re: [xwiki-users] Trouble with XWiki Active Directory LDAP Configuration
Hello, What are you using for Base_DN variable in xwiki? It seems you've replaced the configuration with something else, but this detail is important. You should try using a conf like this: xwiki.authentication.ldap.base_DN=OU=Staff,DC=yourdomain,DC=TLD Replace that with your complete DN to this OU you're trying it access. and comment the xwiki.authentication.ldap.user_group parameter. Rest of the conf looks OK, so that's the first step to understand what's happening there. 2013/3/18 mrswadge stuart.step...@tracegroup.com Hi, I hope someone can help me. I'm experiencing some trouble with the configuration of XWiki against our Active Directory server. Unfortunately LDAP is not something I am very familiar with and it seems a little unusual to my way of thinking! I have an Active Directory in the following format that I am trying to get working with XWiki: - Root - OU=Staff - CN=Bill Bailey - sAMAccountName=bb - CN=Fred Bloggs - sAMAccountName=fb I've configured the following, but I can't get past the login screen. xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl xwiki.authentication.ldap=1 xwiki.authentication.ldap.server=servername xwiki.authentication.ldap.port=389 xwiki.authentication.ldap.bind_DN=subdomain\\{0} xwiki.authentication.ldap.bind_pass={1} xwiki.authentication.ldap.base_DN=DC=subdomain,DC=domain,DC=com xwiki.authentication.ldap.user_group=OU=Staff xwiki.authentication.ldap.UID_attr=sAMAccountName xwiki.authentication.ldap.group_classes=group,groupOfNames,groupOfUniqueNames,dynamicGroup,dynamicGroupAux,groupWiseDistributionList xwiki.authentication.ldap.fields_mapping=name=sAMAccountName,last_name=sn,first_name=givenName,fullname=displayName,email=mail,ldap_dn=dn xwiki.authentication.ldap.update_user=1 These are my logs... 2013-03-18 15:08:18,924 [http://tidevute:9080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] TRACE u.i.L.XWikiLDAPAuthServiceImpl - Starting LDAP authentication 2013-03-18 15:08:18,924 [http://tidevute:9080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG u.i.L.XWikiLDAPAuthServiceImpl - The provided user is null. We don't try to authenticate, it probably means the user is in non logged mode. 2013-03-18 15:08:18,924 [http://tidevute:9080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] TRACE u.i.L.XWikiLDAPAuthServiceImpl - Starting LDAP authentication 2013-03-18 15:08:18,924 [http://tidevute:9080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConfig - ldap_group_classes: [groupofnames, groupwisedistributionlist, dynamicgroup, dynamicgroupaux, groupofuniquenames, group] 2013-03-18 15:08:18,924 [http://tidevute:9080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConfig - ldap_group_memberfields: [member, uniquemember] 2013-03-18 15:08:18,971 [http://tidevute:9080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConnection - Connection to LDAP server [tidc:389] 2013-03-18 15:08:19,002 [http://tidevute:9080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConnection - Binding to LDAP server with credentials login=[subdomain\username] 2013-03-18 15:08:19,236 [http://tidevute:9080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG u.i.L.XWikiLDAPAuthServiceImpl - Checking if the user belongs to the user group: OU=Staff 2013-03-18 15:08:19,252 [http://tidevute:9080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPUtils - Retrieving Members of the group [OU=Staff] 2013-03-18 15:08:19,252 [http://tidevute:9080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPUtils - [OU=Staff] is a valid DN, lets try to get corresponding entry. 2013-03-18 15:08:19,252 [http://tidevute:9080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConnection - LDAP search: baseDN=[OU=Staff] query=[null] attr=[[objectClass, member, uniquemember, sAMAccountName]] ldapScope=[2] 2013-03-18 15:08:19,299 [http://tidevute:9080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPUtils - Failed to get group members com.novell.ldap.LDAPException: Operations Error at com.novell.ldap.LDAPResponse.getResultException(Unknown Source) ~[jldap-4.3.jar:na] at com.novell.ldap.LDAPResponse.chkResultCode(Unknown Source) ~[jldap-4.3.jar:na] at com.novell.ldap.LDAPSearchResults.next(Unknown Source) ~[jldap-4.3.jar:na] at com.xpn.xwiki.plugin.ldap.XWikiLDAPUtils.getGroupMembersSearchResult(XWikiLDAPUtils.java:676) [xwiki-platform-legacy-oldcore-5.0-milestone-1.jar:na] at com.xpn.xwiki.plugin.ldap.XWikiLDAPUtils.getGroupMembersFromDN(XWikiLDAPUtils.java:603) [xwiki-platform-legacy-oldcore-5.0-milestone-1.jar:na] at com.xpn.xwiki.plugin.ldap.XWikiLDAPUtils.getGroupMembers(XWikiLDAPUtils.java:543) [xwiki-platform-legacy-oldcore-5.0-milestone-1.jar:na] at
Re: [xwiki-users] Trouble with XWiki Active Directory LDAP Configuration
Guillaume, Thanks for the reply, you solved my issue. I did as you suggested: Changed: xwiki.authentication.ldap.base_DN=DC=subdomain,DC=domain,DC=com xwiki.authentication.ldap.user_group=OU=Staff To: xwiki.authentication.ldap.base_DN=OU=Staff,DC=subdomain,DC=domain,DC=com # xwiki.authentication.ldap.user_group=OU=Staff - i.e. commented out. It now works like a charm. Thank you once again. Stuart -- View this message in context: http://xwiki.475771.n2.nabble.com/Trouble-with-XWiki-Active-Directory-LDAP-Configuration-tp7584331p7584333.html Sent from the XWiki- Users mailing list archive at Nabble.com. ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users