Re: [xwiki-users] log4j doesn't log information about LDAP connection
On Fri, Jun 4, 2010 at 16:30, Martin Kunze wrote: > On Fri, Jun 4, 2010 at 14:21, Thomas Mortagne wrote: > >>On Fri, Jun 4, 2010 at 13:09, Martin Kunze wrote: >>> Hey, >>> >>> there are some good news and some not so good ones. >>> >>> After I upgraded xwiki to Version 2.3.1 and reconfigured xwiki.cfg the >>> ActiveDirectory-Authentication works. User now can login. But has no rights. >>> Now of course, I have to set some groupmapping. I did it like that: >>> xwiki.authentication.ldap.group_mapping=XWiki.GruppeA=cn=Standort,ou=Standortgruppen,ou=Gruppen,ou=Another >>> Group >>> >>> So now, that doesn't work. There are three things I want to know: >>> 1. do I have to add the "dc=domain,dc=suffix" string at the end? >> >>The LDAP side has to be the full DN, so yes. > > Hey yeah! That's it! Now it works! Great job. Thanks a lot!!! > > Now to go on in topic I have two more general questions. Maybe you could > answer. > According to my colleague it would be useful if the user will be logged-in > into xwiki automaticly by using the windows-logon-credential. Is this > possible? Yep it's possible. That would be NTLM authenticator, you can find one on http://svn.xwiki.org/svnroot/xwiki/contrib/sandbox/xwiki-authentication-ntlm/ (it's the source, you will have to build it using maven, see http://dev.xwiki.org/xwiki/bin/view/Community/Building) which is working pretty well. The authenticator is documented in the README.txt file. > > And second: It would be extreamly helpful for our admins when there will be a > possibility to manually map LDAP groups to xwiki groups by an graphical UI in > the browser. > e.g. xwiki lists all (sub)groups of an AD and the admin can map them to > existing xwiki groups by clicking. (a bit like the assignment of a user to a > group in xwiki.) > - Is there any activity planed to implement sth. like that? No one is assigned on it right now or even planned in a near future sorry. But contributions are welcomed ;) > > Regards > Martin. > > ___ > users mailing list > users@xwiki.org > http://lists.xwiki.org/mailman/listinfo/users > -- Thomas Mortagne ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] log4j doesn't log information about LDAP connection
On Fri, Jun 4, 2010 at 14:21, Thomas Mortagne wrote: >On Fri, Jun 4, 2010 at 13:09, Martin Kunze wrote: >> Hey, >> >> there are some good news and some not so good ones. >> >> After I upgraded xwiki to Version 2.3.1 and reconfigured xwiki.cfg the >> ActiveDirectory-Authentication works. User now can login. But has no rights. >> Now of course, I have to set some groupmapping. I did it like that: >> xwiki.authentication.ldap.group_mapping=XWiki.GruppeA=cn=Standort,ou=Standortgruppen,ou=Gruppen,ou=Another >> Group >> >> So now, that doesn't work. There are three things I want to know: >> 1. do I have to add the "dc=domain,dc=suffix" string at the end? > >The LDAP side has to be the full DN, so yes. Hey yeah! That's it! Now it works! Great job. Thanks a lot!!! Now to go on in topic I have two more general questions. Maybe you could answer. According to my colleague it would be useful if the user will be logged-in into xwiki automaticly by using the windows-logon-credential. Is this possible? And second: It would be extreamly helpful for our admins when there will be a possibility to manually map LDAP groups to xwiki groups by an graphical UI in the browser. e.g. xwiki lists all (sub)groups of an AD and the admin can map them to existing xwiki groups by clicking. (a bit like the assignment of a user to a group in xwiki.) - Is there any activity planed to implement sth. like that? Regards Martin. ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] log4j doesn't log information about LDAP connection
On Fri, Jun 4, 2010 at 13:09, Martin Kunze wrote: > Hey, > > there are some good news and some not so good ones. > > After I upgraded xwiki to Version 2.3.1 and reconfigured xwiki.cfg the > ActiveDirectory-Authentication works. User now can login. But has no rights. > Now of course, I have to set some groupmapping. I did it like that: > xwiki.authentication.ldap.group_mapping=XWiki.GruppeA=cn=Standort,ou=Standortgruppen,ou=Gruppen,ou=Another > Group > > So now, that doesn't work. There are three things I want to know: > 1. do I have to add the "dc=domain,dc=suffix" string at the end? The LDAP side has to be the full DN, so yes. > 2. the last group contains a space - can that be a problem? No, the DN can contains anything. > 3. are there any other things that can be wrong? No, it looks ok. Did you checked if the user is added to the group ? If not then you should look at the debug log. > > By the way, "GruppeA" exists in the wiki. I created it and granted some > rights. > > Best Regards :-) > Martin > > > > > Von: Thomas Mortagne > An: XWiki Users > Gesendet: Mittwoch, den 2. Juni 2010, 16:52:41 Uhr > Betreff: Re: [xwiki-users] log4j doesn't log information about LDAP connection > > On Wed, Jun 2, 2010 at 13:26, Martin Kunze wrote: >> Hello Thomas, >> >> this morning I had the possibility to restart the whole server on >> which xwiki and tomcat are running. >> You won't beleave me but now there is some Logging and the "Starting LDAP >> authentication" string in the xwiki.log. crazy. >> >> But authentication fails. ("Invalid credentials"). xwiki.log sais the >> following: >> "The provided User is null. We don't try to authenticate, it probably means >> the user is in non logged mode." > > This log is because when you access XWiki the authenticator is called > with no user for SSO based authenticators. > > You should have another "Starting LDAP authentication" with different > logs after this one, just look at the time when you try to > authenticate and takes the logs from this time and send them here so > that i can look at them. > >> >> Any idea what that means here and what to do??? >> >> Thanks for your help!!! >> >> -- >> Martin >> >>>Try setting "trace" level instead of "debug" and see if you have >>>"Starting LDAP authentication" to really make sure you don't have log >>>because of some very magical authenticator bug, that way we will at >>>least know we have to focus in logging. >> >> >>> xwiki.authentication.ldap=1 >>> xwiki.authentication.ldap.server=IP-Adress >>> xwiki.authentication.ldap.port=389 >>> xwiki.authentication.ldap.base_DN=dc=domain,dc=suffix >>> xwiki.authentication.ldap.bind_DN=domain\{0} >>> xwiki.authentication.ldap.bind_pass={1} >>> xwiki.authentication.ldap.UID_attr=sAMAccountName >> >> >> ___ >> users mailing list >> users@xwiki.org >> http://lists.xwiki.org/mailman/listinfo/users >> > > > > -- > Thomas Mortagne > ___ > users mailing list > users@xwiki.org > http://lists.xwiki.org/mailman/listinfo/users > > > ___ > users mailing list > users@xwiki.org > http://lists.xwiki.org/mailman/listinfo/users > -- Thomas Mortagne ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] log4j doesn't log information about LDAP connection
Hey, there are some good news and some not so good ones. After I upgraded xwiki to Version 2.3.1 and reconfigured xwiki.cfg the ActiveDirectory-Authentication works. User now can login. But has no rights. Now of course, I have to set some groupmapping. I did it like that: xwiki.authentication.ldap.group_mapping=XWiki.GruppeA=cn=Standort,ou=Standortgruppen,ou=Gruppen,ou=Another Group So now, that doesn't work. There are three things I want to know: 1. do I have to add the "dc=domain,dc=suffix" string at the end? 2. the last group contains a space - can that be a problem? 3. are there any other things that can be wrong? By the way, "GruppeA" exists in the wiki. I created it and granted some rights. Best Regards :-) Martin Von: Thomas Mortagne An: XWiki Users Gesendet: Mittwoch, den 2. Juni 2010, 16:52:41 Uhr Betreff: Re: [xwiki-users] log4j doesn't log information about LDAP connection On Wed, Jun 2, 2010 at 13:26, Martin Kunze wrote: > Hello Thomas, > > this morning I had the possibility to restart the whole server on which xwiki > and tomcat are running. > You won't beleave me but now there is some Logging and the "Starting LDAP > authentication" string in the xwiki.log. crazy. > > But authentication fails. ("Invalid credentials"). xwiki.log sais the > following: > "The provided User is null. We don't try to authenticate, it probably means > the user is in non logged mode." This log is because when you access XWiki the authenticator is called with no user for SSO based authenticators. You should have another "Starting LDAP authentication" with different logs after this one, just look at the time when you try to authenticate and takes the logs from this time and send them here so that i can look at them. > > Any idea what that means here and what to do??? > > Thanks for your help!!! > > -- > Martin > >>Try setting "trace" level instead of "debug" and see if you have >>"Starting LDAP authentication" to really make sure you don't have log >>because of some very magical authenticator bug, that way we will at >>least know we have to focus in logging. > > >> xwiki.authentication.ldap=1 >> xwiki.authentication.ldap.server=IP-Adress >> xwiki.authentication.ldap.port=389 >> xwiki.authentication.ldap.base_DN=dc=domain,dc=suffix >> xwiki.authentication.ldap.bind_DN=domain\{0} >> xwiki.authentication.ldap.bind_pass={1} >> xwiki.authentication.ldap.UID_attr=sAMAccountName > > > ___ > users mailing list > users@xwiki.org > http://lists.xwiki.org/mailman/listinfo/users > -- Thomas Mortagne ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] log4j doesn't log information about LDAP connection
On Wed, Jun 2, 2010 at 13:26, Martin Kunze wrote: > Hello Thomas, > > this morning I had the possibility to restart the whole server on which xwiki > and tomcat are running. > You won't beleave me but now there is some Logging and the "Starting LDAP > authentication" string in the xwiki.log. crazy. > > But authentication fails. ("Invalid credentials"). xwiki.log sais the > following: > "The provided User is null. We don't try to authenticate, it probably means > the user is in non logged mode." This log is because when you access XWiki the authenticator is called with no user for SSO based authenticators. You should have another "Starting LDAP authentication" with different logs after this one, just look at the time when you try to authenticate and takes the logs from this time and send them here so that i can look at them. > > Any idea what that means here and what to do??? > > Thanks for your help!!! > > -- > Martin > >>Try setting "trace" level instead of "debug" and see if you have >>"Starting LDAP authentication" to really make sure you don't have log >>because of some very magical authenticator bug, that way we will at >>least know we have to focus in logging. > > >> xwiki.authentication.ldap=1 >> xwiki.authentication.ldap.server=IP-Adress >> xwiki.authentication.ldap.port=389 >> xwiki.authentication.ldap.base_DN=dc=domain,dc=suffix >> xwiki.authentication.ldap.bind_DN=domain\{0} >> xwiki.authentication.ldap.bind_pass={1} >> xwiki.authentication.ldap.UID_attr=sAMAccountName > > > ___ > users mailing list > users@xwiki.org > http://lists.xwiki.org/mailman/listinfo/users > -- Thomas Mortagne ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] log4j doesn't log information about LDAP connection
Hello Thomas, this morning I had the possibility to restart the whole server on which xwiki and tomcat are running. You won't beleave me but now there is some Logging and the "Starting LDAP authentication" string in the xwiki.log. crazy. But authentication fails. ("Invalid credentials"). xwiki.log sais the following: "The provided User is null. We don't try to authenticate, it probably means the user is in non logged mode." Any idea what that means here and what to do??? Thanks for your help!!! -- Martin >Try setting "trace" level instead of "debug" and see if you have >"Starting LDAP authentication" to really make sure you don't have log >because of some very magical authenticator bug, that way we will at >least know we have to focus in logging. > xwiki.authentication.ldap=1 > xwiki.authentication.ldap.server=IP-Adress > xwiki.authentication.ldap.port=389 > xwiki.authentication.ldap.base_DN=dc=domain,dc=suffix > xwiki.authentication.ldap.bind_DN=domain\{0} > xwiki.authentication.ldap.bind_pass={1} > xwiki.authentication.ldap.UID_attr=sAMAccountName ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] log4j doesn't log information about LDAP connection
On Tue, Jun 1, 2010 at 13:47, Martin Kunze wrote: > > >>Dumb question: did you restarted XWiki since you modified configuration files >>? > I usually only restart Tomcat after I've modified a configuration file. Yep that means restating XWiki :) So it looks like you did all needed things o i don't have more idea right now. Maybe someone else ? > > -- > Martin > > On Tue, Jun 1, 2010 at 12:26, Martin Kunze wrote: >> Thomas wrote: >>>Make sure the xwiki.authentication.authclass proparty is not set >>>anywhere else in the xwiki.cfg file. >> >> done. ;-) (All the others ar commented with an "#" at the beginning) >> >>>Try setting "trace" level instead of "debug" and see if you have >>>"Starting LDAP authentication" to really make sure you don't have log >>>because of some very magical authenticator bug, that way we will at >>>east know we have to focus in logging. >> >> Good idea, but there's no "Starting LDAP authentication" or anything like >> that in the whole file. >> For me that looks like xwiki does not try to connect to the AD at the moment. >> >> -- >> Martin >> >> ___ >> users mailing list >> users@xwiki.org >> http://lists.xwiki.org/mailman/listinfo/users >> > > > > -- > Thomas Mortagne > ___ > users mailing list > users@xwiki.org > http://lists.xwiki.org/mailman/listinfo/users > > > ___ > users mailing list > users@xwiki.org > http://lists.xwiki.org/mailman/listinfo/users > -- Thomas Mortagne ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] log4j doesn't log information about LDAP connection
>Dumb question: did you restarted XWiki since you modified configuration files ? I usually only restart Tomcat after I've modified a configuration file. -- Martin On Tue, Jun 1, 2010 at 12:26, Martin Kunze wrote: > Thomas wrote: >>Make sure the xwiki.authentication.authclass proparty is not set >>anywhere else in the xwiki.cfg file. > > done. ;-) (All the others ar commented with an "#" at the beginning) > >>Try setting "trace" level instead of "debug" and see if you have >>"Starting LDAP authentication" to really make sure you don't have log >>because of some very magical authenticator bug, that way we will at >>east know we have to focus in logging. > > Good idea, but there's no "Starting LDAP authentication" or anything like > that in the whole file. > For me that looks like xwiki does not try to connect to the AD at the moment. > > -- > Martin > > ___ > users mailing list > users@xwiki.org > http://lists.xwiki.org/mailman/listinfo/users > -- Thomas Mortagne ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] log4j doesn't log information about LDAP connection
Dumb question: did you restarted XWiki since you modified configuration files ? On Tue, Jun 1, 2010 at 12:26, Martin Kunze wrote: > Thomas wrote: >>Make sure the xwiki.authentication.authclass proparty is not set >>anywhere else in the xwiki.cfg file. > > done. ;-) (All the others ar commented with an "#" at the beginning) > >>Try setting "trace" level instead of "debug" and see if you have >>"Starting LDAP authentication" to really make sure you don't have log >>because of some very magical authenticator bug, that way we will at >>east know we have to focus in logging. > > Good idea, but there's no "Starting LDAP authentication" or anything like > that in the whole file. > For me that looks like xwiki does not try to connect to the AD at the moment. > > -- > Martin > > ___ > users mailing list > users@xwiki.org > http://lists.xwiki.org/mailman/listinfo/users > -- Thomas Mortagne ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] log4j doesn't log information about LDAP connection
Thomas wrote: >Make sure the xwiki.authentication.authclass proparty is not set >anywhere else in the xwiki.cfg file. done. ;-) (All the others ar commented with an "#" at the beginning) >Try setting "trace" level instead of "debug" and see if you have >"Starting LDAP authentication" to really make sure you don't have log >because of some very magical authenticator bug, that way we will at >east know we have to focus in logging. Good idea, but there's no "Starting LDAP authentication" or anything like that in the whole file. For me that looks like xwiki does not try to connect to the AD at the moment. -- Martin ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] log4j doesn't log information about LDAP connection
On Tue, Jun 1, 2010 at 11:22, Martin Kunze wrote: > Hello Thomas, > >>Where did you put the log4j.properties file ? > > I put the log4j.properties file in the '/WEB-INF/classes/' directory. > The xwiki.log also isn't empty and shows e.g. all *.jar files which are used > by running xwiki and loaded on startup of tomcat. > Try setting "trace" level instead of "debug" and see if you have "Starting LDAP authentication" to really make sure you don't have log because of some very magical authenticator bug, that way we will at least know we have to focus in logging. >>Did you properly enabled LDAP ayhenticator (with property >>xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl)? > > Yes, I did it like that and also set the following properties in xwiki: > > xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl Make sure the xwiki.authentication.authclass proparty is not set anywhere else in the xwiki.cfg file. > xwiki.authentication.ldap=1 > xwiki.authentication.ldap.server=IP-Adress > xwiki.authentication.ldap.port=389 > xwiki.authentication.ldap.base_DN=dc=domain,dc=suffix > xwiki.authentication.ldap.bind_DN=domain\{0} > xwiki.authentication.ldap.bind_pass={1} > xwiki.authentication.ldap.UID_attr=sAMAccountName > xwiki.authentication.ldap.fields_mapping=name=sAMAccountName,last_name=sn,first_name=givenName,fullname=displayName,email=mail,ldap_dn=dn > > But our xwiki server seems not to connect to the AD-Server... > -- > Martin > > ___ > users mailing list > users@xwiki.org > http://lists.xwiki.org/mailman/listinfo/users > -- Thomas Mortagne ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] log4j doesn't log information about LDAP connection
Sorry to jump into this discussion, but I do have a suggestion: Currently (in version 2.3), the log4j.properties are in the archive xwiki-core-2.3.jar. If I want to change the setting, I have to un-jar the archive, change the log4j.properties, re-jar the archive, but it back in place and restart the server. I believe that this is quite a hazzle, esp. since XWiki logs even INFO: In a production-environment you would not want this to create a multi-MEG-file of logging-stuff. So why not simply remove that log4j.properties from the jar-archive and put it into WEB-INF/classes? That would make life a whole lot easier for all of us. Cheers Gregor -- just because you're paranoid, don't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 @ http://pgp.mit.edu:11371/ skype:rc46fi ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] log4j doesn't log information about LDAP connection
Hello Thomas, >Where did you put the log4j.properties file ? I put the log4j.properties file in the '/WEB-INF/classes/' directory. The xwiki.log also isn't empty and shows e.g. all *.jar files which are used by running xwiki and loaded on startup of tomcat. >Did you properly enabled LDAP ayhenticator (with property >xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl)? Yes, I did it like that and also set the following properties in xwiki: xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl xwiki.authentication.ldap=1 xwiki.authentication.ldap.server=IP-Adress xwiki.authentication.ldap.port=389 xwiki.authentication.ldap.base_DN=dc=domain,dc=suffix xwiki.authentication.ldap.bind_DN=domain\{0} xwiki.authentication.ldap.bind_pass={1} xwiki.authentication.ldap.UID_attr=sAMAccountName xwiki.authentication.ldap.fields_mapping=name=sAMAccountName,last_name=sn,first_name=givenName,fullname=displayName,email=mail,ldap_dn=dn But our xwiki server seems not to connect to the AD-Server... -- Martin ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] log4j doesn't log information about LDAP connection
On Tue, Jun 1, 2010 at 09:43, kumart wrote: > > Hi, > > we tried to connect our xwiki (version 2.2.2.) to our ActiveDirectory Server > (LDAP). > That failed. So we wanted to use log4j for logging the activities. We > configured it as described in the xwiki documentation. (Adding an > log4j.properties and the debug strings for LDAP.) But there are no > information about the LDAP connection or failures in the xwiki.log. > > Did we forget something important? Where did you put the log4j.properties file ? Did you properly enabled LDAP ayhenticator (with property xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl) ? > > Hoping for your help. > Martin > > PS: We use Xwiki 2.2.2., tomcat 5.5 and MySQL > -- > View this message in context: > http://xwiki.475771.n2.nabble.com/log4j-doesn-t-log-information-about-LDAP-connection-tp5124868p5124868.html > Sent from the XWiki- Users mailing list archive at Nabble.com. > ___ > users mailing list > users@xwiki.org > http://lists.xwiki.org/mailman/listinfo/users > -- Thomas Mortagne ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
[xwiki-users] log4j doesn't log information about LDAP connection
Hi, we tried to connect our xwiki (version 2.2.2.) to our ActiveDirectory Server (LDAP). That failed. So we wanted to use log4j for logging the activities. We configured it as described in the xwiki documentation. (Adding an log4j.properties and the debug strings for LDAP.) But there are no information about the LDAP connection or failures in the xwiki.log. Did we forget something important? Hoping for your help. Martin PS: We use Xwiki 2.2.2., tomcat 5.5 and MySQL -- View this message in context: http://xwiki.475771.n2.nabble.com/log4j-doesn-t-log-information-about-LDAP-connection-tp5124868p5124868.html Sent from the XWiki- Users mailing list archive at Nabble.com. ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users