You can try to specify the base_DN (for me it worked). // base_DN=dc=domain,dc=com
You're also using sAMAccountName. What format does it have? name.surname? In our company our sAMAccountName is like name.surname, and it doesn't work with XWiki. So I've changed UID_attr to cn. P.S. I still use version 1.1.2, because it's the only version working properly with AD (user is created in XWikiAllGroup). No other version is working in my case :) Quoting Frantisek Kall : /**/ A month ago we tested 1.2 ver. XWiki and there wasn't problem to set up Active Directory authentication. Now we are going to start XWiki for enterprise use and we had a problem to setup AD authentication with 1.3 ver. Can anybody help us? Frantisek Kall Our System info: ========================================================================= JBoss Bootstrap Environment JBOSS_HOME: /JBoss JAVA: /usr/java/jdk1.5.0_11/bin/java JAVA_OPTS: -Dprogram.name=run.sh -server -Xms128m -Xmx1024m -XX:PermSize=64m -XX:MaxPermSize=256m -Dsun.rmi.dgc.client.gcInterval=3600000 -Dsun.rmi.dgc.server.gcInterval=3600000 -Djava.net.preferIPv4Stack=true CLASSPATH: /JBoss/bin/run.jar:/usr/java/jdk1.5.0_11/lib/tools.jar ========================================================================= 08:02:48,641 INFO [Server] Starting JBoss (MX MicroKernel)... 08:02:48,644 INFO [Server] Release ID: JBoss [Trinity] 4.2.2.GA (build: SVNTag=JBoss_4_2_2_GA date=200710221139) 08:02:48,648 INFO [Server] Home Dir: /JBoss 08:02:48,649 INFO [Server] Home URL: file:/JBoss/ 08:02:48,652 INFO [Server] Patch URL: null 08:02:48,652 INFO [Server] Server Name: default xwiki.cfg: xwiki.base=../../ xwiki.store.class=com.xpn.xwiki.store.XWikiHibernateStore xwiki.store.hibernate.path=/WEB-INF/hibernate.cfg.xml xwiki.store.hibernate.updateschema=1 xwiki.store.hibernate.custommapping=1 xwiki.store.cache=1 xwiki.store.cache.capacity=100 xwiki.store.migration=1 xwiki.monitor=1 # List of active plugins. xwiki.plugins= com.xpn.xwiki.monitor.api.MonitorPlugin, com.xpn.xwiki.plugin.calendar.CalendarPlugin, com.xpn.xwiki.plugin.feed.FeedPlugin, com.xpn.xwiki.plugin.ldap.LDAPPlugin, com.xpn.xwiki.plugin.google.GooglePlugin, com.xpn.xwiki.plugin.flickr.FlickrPlugin, com.xpn.xwiki.plugin.mail.MailPlugin, com.xpn.xwiki.plugin.packaging.PackagePlugin, com.xpn.xwiki.plugin.query.QueryPlugin, com.xpn.xwiki.plugin.svg.SVGPlugin, com.xpn.xwiki.plugin.charts.ChartingPlugin, com.xpn.xwiki.plugin.fileupload.FileUploadPlugin, com.xpn.xwiki.plugin.image.ImagePlugin, com.xpn.xwiki.plugin.captcha.CaptchaPlugin, com.xpn.xwiki.plugin.userdirectory.UserDirectoryPlugin, com.xpn.xwiki.plugin.usertools.XWikiUserManagementToolsImpl, com.xpn.xwiki.plugin.zipexplorer.ZipExplorerPlugin, com.xpn.xwiki.plugin.autotag.AutoTagPlugin, com.xpn.xwiki.plugin.lucene.LucenePlugin, com.xpn.xwiki.plugin.diff.DiffPlugin, com.xpn.xwiki.plugin.rightsmanager.RightsManagerPlugin, com.xpn.xwiki.plugin.jodatime.JodaTimePlugin, com.xpn.xwiki.plugin.scheduler.SchedulerPlugin, com.xpn.xwiki.plugin.mailsender.MailSenderPlugin, com.xpn.xwiki.plugin.watchlist.WatchListPlugin # This parameter allows XWiki to operate in Hosting mode allowing to create # multiple wikis having their own database and responding to different URLs xwiki.virtual=0 xwiki.virtual.redirect=http://127.0.0.1:9080/xwiki/bin/Main/ThisWikiDoesNotExist # This parameter will activate the eXo Platform integration xwiki.exo=0 xwiki.authentication=form xwiki.authentication.validationKey=totototototototototototototototo xwiki.authentication.encryptionKey=titititititititititititititititi xwiki.authentication.cookiedomains=xwiki.com,wiki.fr # Comment if you want to enable logout only for /bin/logout/XWiki/XWikiLogout xwiki.authentication.logoutpage=/[^/]+/logout/* # Stats configuration allows to globally activate/deactivate stats module # It is also possible to choose a different stats service to record # statistics separately from XWiki. # Note: Statistics are disabled by default for improved performances. xwiki.stats=0 xwiki.stats.default=1 xwiki.stats.class=com.xpn.xwiki.stats.impl.XWikiStatsServiceImpl xwiki.encoding=UTF-8 xwiki.backlinks=1 xwiki.tags=1 # Use edit comments xwiki.editcomment=1 # Hide editcomment field and only use Javascript xwiki.editcomment.hidden=0 # Make edit comment mandatory xwiki.editcomment.mandatory=0 # Make edit comment suggested (asks 1 time if the comment is empty. # 1 shows one popup if comment is empty. # 0 means there is no popup. # This setting is ignored if mandatory is set xwiki.editcomment.suggested=0 # GraphViz plugin configuration. The GraphViz plugin is not configured by default. # To enable it, add "com.xpn.xwiki.plugin.graphviz.GraphVizPlugin" to the list of plugins # in the xwiki.plugins property. # Uncomment and set the locations of the Dot and Neato executables #xwiki.plugin.graphviz.dotpath=c:/Program Files/ATT/GraphViz/bin/dot.exe #xwiki.plugin.graphviz.neatopath=c:/Program Files/ATT/GraphViz/bin/neato.exe xwiki.plugin.laszlo.baseurl=/openlaszlo/xwiki/ xwiki.plugin.laszlo.path=c:/Program Files/Apache Software Foundation/Tomcat 5.0/webapps/openlaszlo/xwiki/ xwiki.plugin.image.cache.capacity=30 xwiki.plugin.captcha=0 # Enable to allow superadmin. It is disabled by default as this could be a security breach if # it were set and you forgot about it. xwiki.superadminpassword=system #------------------------------------------------------------------------------------- # LDAP #------------------------------------------------------------------------------------- #-# new LDAP authentication service xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl #-# Turn LDAP authentication on - otherwise only XWiki authentication #-# 0: disable #-# 1: enable xwiki.authentication.ldap=1 #-# LDAP Server (Active Directory, eDirectory, OpenLDAP, etc.) xwiki.authentication.ldap.server=10.0.1.2 xwiki.authentication.ldap.port=389 xwiki.authentication.ldap.check_level=1 xwiki.authentication.ldap.bind_DN=CHEMOSVIT\{0} xwiki.authentication.ldap.bind_pass={1} authentication.ldap.UID_attr=sAMAccountName authentication.ldap.fields_mapping=name=sAMAccountName,last_name=sn,first_name=givenName,fullname=displayName,mail=mail,ldap_dn=dn xwiki.authentication.ldap.base_DN=dc=chemosvit,dc=sk #-# LDAP login, empty = anonymous access, otherwise specify full dn #-# {0} is replaced with the username, {1} with the password #xwiki.authentication.ldap.bind_DN=cn={0},department=USER,department=INFORMATIK,department=1230,o=MP #xwiki.authentication.ldap.bind_pass={1} #-# Force to check password after LDAP connection #-# 0: disable #-# 1: enable xwiki.authentication.ldap.validate_password=0 #-# only members of the following group will be verified in the LDAP # otherwise only users that are found after searching starting from the base_DN #xwiki.authentication.ldap.user_group=cn=developers,ou=groups,o=MegaNova,c=US #-# base DN for searches #xwiki.authentication.ldap.base_DN= #-# specifies the LDAP attribute containing the identifier to be used as the XWiki name (default=cn) #xwiki.authentication.ldap.UID_attr=cn #-# retrieve the following fields from LDAP and store them in the XWiki user object (xwiki-attribute=ldap-attribute) #-# ldap_dn=dn -- dn is set by class, caches dn in XWiki.user object for faster access #xwiki.authentication.ldap.fields_mapping=last_name=sn,first_name=givenName,fullname=fullName,email=mail,ldap_dn=dn #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] #-# on every login update the mapped attributes from LDAP to XWiki otherwise this happens only once when the XWiki account is created. xwiki.authentication.ldap.update_user=1 #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] #-# mapps XWiki groups to LDAP groups, separator is "|" xwiki.authentication.ldap.group_mapping=XWiki.XWikiAdminGroup=cn=XWikiAdmin,ou=XWikiGroups,ou=groups,dc=chemosvit,dc=sk| # XWiki.Organisation=cn=XWikiUsers,ou=XWikiGroups,ou=groups,o=MegaNova,c=US #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] #-# time in s after which the list of members in a group is refreshed from LDAP (default=3600*6) # xwiki.authentication.ldap.groupcache_expiration=21800 #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] #-# - create : synchronize group membership only when the user is first created #-# - always: synchronize on every login # xwiki.authentication.ldap.mode_group_sync=always #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] #-# if ldap authentication fails for any reason, try XWiki DB authentication with the same credentials xwiki.authentication.ldap.trylocal=0 #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] #-# SSL connection to LDAP server #-# 0: normal #-# 1: SSL xwiki.authentication.ldap.ssl=0 #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] #-# The keystore file to use in SSL connection # xwiki.authentication.ldap.ssl.keystore= #------------------------------------------------------------------------------------- xwiki.authentication.unauthorized_code=200 # This parameter will activate the sectional editing xwiki.section.edit=1 # Uncomment if you want to ignore requests for unmapped actions, and simply display the document # xwiki.unknownActionResponse=view # You can configure the toolbars you wish to see in the WYSIWYG editor by defining the # xwiki.wysiwyg.toolbars property. # When not defined it defaults to: # xwiki.wysiwyg.toolbars=texttoolbar, listtoolbar, indenttoolbar, undotoolbar, titletoolbar, # styletoolbar, horizontaltoolbar, attachmenttoolbar, macrostoolbar, # tabletoolbar, tablerowtoolbar, tablecoltoolbar, linktoolbar # The full list of toolbars includes the one defined above and the following ones: # subtoolbar, findtoolbar, symboltoolbar xwiki.defaultskin=toucan xwiki.defaultbaseskin=albatross xwiki.temp.dir=/tmp/xwiki # xwiki.work.dir=/usr/local/xwiki # xwiki.plugins.lucene.indexdir=/usr/local/xwiki/lucene # xwiki.plugins.lucene.analyzer=org.apache.lucene.analysis.standard.StandardAnalyzer # xwiki.plugins.lucene.indexinterval=20 xwiki.work.dir=/docudata/xwiki Authentication Error message: 08:05:46,657 INFO [STDOUT] 2008-03-17 08:05:46,642 [http://dokument.chemosvit.sk:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] [http-10.0.1.17-8080-1] WARN LDAP.XWikiLDAPAuthServiceImpl - LDAP authentication failed. com.xpn.xwiki.XWikiException: Error number 8001 in 8: Can't find LDAP user DN. at com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWikiLDAPAuthServiceImpl.java:268) at com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.authenticate(XWikiLDAPAuthServiceImpl.java:107) at com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.authenticate(MyFormAuthenticator.java:195) at com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:128) at com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:113) at com.xpn.xwiki.user.impl.xwiki.XWikiAuthServiceImpl.checkAuth(XWikiAuthServiceImpl.java:211) at com.xpn.xwiki.XWiki.checkAuth(XWiki.java:3258) at com.xpn.xwiki.user.impl.xwiki.XWikiRightServiceImpl.checkAccess(XWikiRightServiceImpl.java:136) at com.xpn.xwiki.XWiki.checkAccess(XWiki.java:3266) at com.xpn.xwiki.XWiki.prepareDocuments(XWiki.java:4210) at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:164) at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:431) at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:236) at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1196) at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:432) at javax.servlet.http.HttpServlet.service(HttpServlet.java:710) at javax.servlet.http.HttpServlet.service(HttpServlet.java:803) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at com.xpn.xwiki.web.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:117) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:179) at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446) at java.lang.Thread.run(Thread.java:595) Ar cieņu, Mihails Links: ------ [1] mailto:[EMAIL PROTECTED]
_______________________________________________ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users