You can try to specify the base_DN (for me it worked). //
base_DN=dc=domain,dc=com
You're also using sAMAccountName. What format does it have?
name.surname?
In our company our sAMAccountName is like name.surname, and it
doesn't work with XWiki. So I've changed UID_attr to cn.
P.S. I still use version 1.1.2, because it's the only version working
properly with AD (user is created in XWikiAllGroup). No other version
is working in my case :)
Quoting Frantisek Kall :
/**/
A month ago we tested 1.2 ver. XWiki and there wasn't problem to set
up Active Directory authentication. Now we are going to start XWiki
for enterprise use and we had a problem to setup AD authentication
with 1.3 ver. Can anybody help us? Frantisek Kall
Our System info:
=========================================================================
JBoss Bootstrap Environment
JBOSS_HOME: /JBoss
JAVA: /usr/java/jdk1.5.0_11/bin/java
JAVA_OPTS: -Dprogram.name=run.sh -server -Xms128m -Xmx1024m
-XX:PermSize=64m -XX:MaxPermSize=256m
-Dsun.rmi.dgc.client.gcInterval=3600000
-Dsun.rmi.dgc.server.gcInterval=3600000
-Djava.net.preferIPv4Stack=true
CLASSPATH: /JBoss/bin/run.jar:/usr/java/jdk1.5.0_11/lib/tools.jar
=========================================================================
08:02:48,641 INFO [Server] Starting JBoss (MX MicroKernel)...
08:02:48,644 INFO [Server] Release ID: JBoss [Trinity] 4.2.2.GA
(build: SVNTag=JBoss_4_2_2_GA date=200710221139)
08:02:48,648 INFO [Server] Home Dir: /JBoss
08:02:48,649 INFO [Server] Home URL: file:/JBoss/
08:02:48,652 INFO [Server] Patch URL: null
08:02:48,652 INFO [Server] Server Name: default
xwiki.cfg:
xwiki.base=../../
xwiki.store.class=com.xpn.xwiki.store.XWikiHibernateStore
xwiki.store.hibernate.path=/WEB-INF/hibernate.cfg.xml
xwiki.store.hibernate.updateschema=1
xwiki.store.hibernate.custommapping=1
xwiki.store.cache=1
xwiki.store.cache.capacity=100
xwiki.store.migration=1
xwiki.monitor=1
# List of active plugins.
xwiki.plugins=
com.xpn.xwiki.monitor.api.MonitorPlugin,
com.xpn.xwiki.plugin.calendar.CalendarPlugin,
com.xpn.xwiki.plugin.feed.FeedPlugin,
com.xpn.xwiki.plugin.ldap.LDAPPlugin,
com.xpn.xwiki.plugin.google.GooglePlugin,
com.xpn.xwiki.plugin.flickr.FlickrPlugin,
com.xpn.xwiki.plugin.mail.MailPlugin,
com.xpn.xwiki.plugin.packaging.PackagePlugin,
com.xpn.xwiki.plugin.query.QueryPlugin,
com.xpn.xwiki.plugin.svg.SVGPlugin,
com.xpn.xwiki.plugin.charts.ChartingPlugin,
com.xpn.xwiki.plugin.fileupload.FileUploadPlugin,
com.xpn.xwiki.plugin.image.ImagePlugin,
com.xpn.xwiki.plugin.captcha.CaptchaPlugin,
com.xpn.xwiki.plugin.userdirectory.UserDirectoryPlugin,
com.xpn.xwiki.plugin.usertools.XWikiUserManagementToolsImpl,
com.xpn.xwiki.plugin.zipexplorer.ZipExplorerPlugin,
com.xpn.xwiki.plugin.autotag.AutoTagPlugin,
com.xpn.xwiki.plugin.lucene.LucenePlugin,
com.xpn.xwiki.plugin.diff.DiffPlugin,
com.xpn.xwiki.plugin.rightsmanager.RightsManagerPlugin,
com.xpn.xwiki.plugin.jodatime.JodaTimePlugin,
com.xpn.xwiki.plugin.scheduler.SchedulerPlugin,
com.xpn.xwiki.plugin.mailsender.MailSenderPlugin,
com.xpn.xwiki.plugin.watchlist.WatchListPlugin
# This parameter allows XWiki to operate in Hosting mode allowing to
create
# multiple wikis having their own database and responding to
different URLs
xwiki.virtual=0
xwiki.virtual.redirect=http://127.0.0.1:9080/xwiki/bin/Main/ThisWikiDoesNotExist
# This parameter will activate the eXo Platform integration
xwiki.exo=0
xwiki.authentication=form
xwiki.authentication.validationKey=totototototototototototototototo
xwiki.authentication.encryptionKey=titititititititititititititititi
xwiki.authentication.cookiedomains=xwiki.com,wiki.fr
# Comment if you want to enable logout only for
/bin/logout/XWiki/XWikiLogout
xwiki.authentication.logoutpage=/[^/]+/logout/*
# Stats configuration allows to globally activate/deactivate stats
module
# It is also possible to choose a different stats service to record
# statistics separately from XWiki.
# Note: Statistics are disabled by default for improved
performances.
xwiki.stats=0
xwiki.stats.default=1
xwiki.stats.class=com.xpn.xwiki.stats.impl.XWikiStatsServiceImpl
xwiki.encoding=UTF-8
xwiki.backlinks=1
xwiki.tags=1
# Use edit comments
xwiki.editcomment=1
# Hide editcomment field and only use Javascript
xwiki.editcomment.hidden=0
# Make edit comment mandatory
xwiki.editcomment.mandatory=0
# Make edit comment suggested (asks 1 time if the comment is empty.
# 1 shows one popup if comment is empty.
# 0 means there is no popup.
# This setting is ignored if mandatory is set
xwiki.editcomment.suggested=0
# GraphViz plugin configuration. The GraphViz plugin is not
configured by default.
# To enable it, add "com.xpn.xwiki.plugin.graphviz.GraphVizPlugin"
to the list of plugins
# in the xwiki.plugins property.
# Uncomment and set the locations of the Dot and Neato executables
#xwiki.plugin.graphviz.dotpath=c:/Program
Files/ATT/GraphViz/bin/dot.exe
#xwiki.plugin.graphviz.neatopath=c:/Program
Files/ATT/GraphViz/bin/neato.exe
xwiki.plugin.laszlo.baseurl=/openlaszlo/xwiki/
xwiki.plugin.laszlo.path=c:/Program Files/Apache Software
Foundation/Tomcat 5.0/webapps/openlaszlo/xwiki/
xwiki.plugin.image.cache.capacity=30
xwiki.plugin.captcha=0
# Enable to allow superadmin. It is disabled by default as this
could be a security breach if
# it were set and you forgot about it.
xwiki.superadminpassword=system
#-------------------------------------------------------------------------------------
# LDAP
#-------------------------------------------------------------------------------------
#-# new LDAP authentication service
xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl
#-# Turn LDAP authentication on - otherwise only XWiki
authentication
#-# 0: disable
#-# 1: enable
xwiki.authentication.ldap=1
#-# LDAP Server (Active Directory, eDirectory, OpenLDAP, etc.)
xwiki.authentication.ldap.server=10.0.1.2
xwiki.authentication.ldap.port=389
xwiki.authentication.ldap.check_level=1
xwiki.authentication.ldap.bind_DN=CHEMOSVIT\{0}
xwiki.authentication.ldap.bind_pass={1}
authentication.ldap.UID_attr=sAMAccountName
authentication.ldap.fields_mapping=name=sAMAccountName,last_name=sn,first_name=givenName,fullname=displayName,mail=mail,ldap_dn=dn
xwiki.authentication.ldap.base_DN=dc=chemosvit,dc=sk
#-# LDAP login, empty = anonymous access, otherwise specify full dn
#-# {0} is replaced with the username, {1} with the password
#xwiki.authentication.ldap.bind_DN=cn={0},department=USER,department=INFORMATIK,department=1230,o=MP
#xwiki.authentication.ldap.bind_pass={1}
#-# Force to check password after LDAP connection
#-# 0: disable
#-# 1: enable
xwiki.authentication.ldap.validate_password=0
#-# only members of the following group will be verified in the LDAP
# otherwise only users that are found after searching starting from
the base_DN
#xwiki.authentication.ldap.user_group=cn=developers,ou=groups,o=MegaNova,c=US
#-# base DN for searches
#xwiki.authentication.ldap.base_DN=
#-# specifies the LDAP attribute containing the identifier to be
used as the XWiki name (default=cn)
#xwiki.authentication.ldap.UID_attr=cn
#-# retrieve the following fields from LDAP and store them in the
XWiki user object (xwiki-attribute=ldap-attribute)
#-# ldap_dn=dn -- dn is set by class, caches dn in XWiki.user object
for faster access
#xwiki.authentication.ldap.fields_mapping=last_name=sn,first_name=givenName,fullname=fullName,email=mail,ldap_dn=dn
#-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl]
#-# on every login update the mapped attributes from LDAP to XWiki
otherwise this happens only once when the XWiki account is created.
xwiki.authentication.ldap.update_user=1
#-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl]
#-# mapps XWiki groups to LDAP groups, separator is "|"
xwiki.authentication.ldap.group_mapping=XWiki.XWikiAdminGroup=cn=XWikiAdmin,ou=XWikiGroups,ou=groups,dc=chemosvit,dc=sk|
#
XWiki.Organisation=cn=XWikiUsers,ou=XWikiGroups,ou=groups,o=MegaNova,c=US
#-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl]
#-# time in s after which the list of members in a group is
refreshed from LDAP (default=3600*6)
# xwiki.authentication.ldap.groupcache_expiration=21800
#-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl]
#-# - create : synchronize group membership only when the user is
first created
#-# - always: synchronize on every login
# xwiki.authentication.ldap.mode_group_sync=always
#-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl]
#-# if ldap authentication fails for any reason, try XWiki DB
authentication with the same credentials
xwiki.authentication.ldap.trylocal=0
#-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl]
#-# SSL connection to LDAP server
#-# 0: normal
#-# 1: SSL
xwiki.authentication.ldap.ssl=0
#-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl]
#-# The keystore file to use in SSL connection
# xwiki.authentication.ldap.ssl.keystore=
#-------------------------------------------------------------------------------------
xwiki.authentication.unauthorized_code=200
# This parameter will activate the sectional editing
xwiki.section.edit=1
# Uncomment if you want to ignore requests for unmapped actions, and
simply display the document
# xwiki.unknownActionResponse=view
# You can configure the toolbars you wish to see in the WYSIWYG
editor by defining the
# xwiki.wysiwyg.toolbars property.
# When not defined it defaults to:
# xwiki.wysiwyg.toolbars=texttoolbar, listtoolbar, indenttoolbar,
undotoolbar, titletoolbar,
# styletoolbar, horizontaltoolbar, attachmenttoolbar, macrostoolbar,
# tabletoolbar, tablerowtoolbar, tablecoltoolbar, linktoolbar
# The full list of toolbars includes the one defined above and the
following ones:
# subtoolbar, findtoolbar, symboltoolbar
xwiki.defaultskin=toucan
xwiki.defaultbaseskin=albatross
xwiki.temp.dir=/tmp/xwiki
# xwiki.work.dir=/usr/local/xwiki
# xwiki.plugins.lucene.indexdir=/usr/local/xwiki/lucene
#
xwiki.plugins.lucene.analyzer=org.apache.lucene.analysis.standard.StandardAnalyzer
# xwiki.plugins.lucene.indexinterval=20
xwiki.work.dir=/docudata/xwiki
Authentication Error message:
08:05:46,657 INFO [STDOUT] 2008-03-17 08:05:46,642
[http://dokument.chemosvit.sk:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin]
[http-10.0.1.17-8080-1] WARN LDAP.XWikiLDAPAuthServiceImpl - LDAP
authentication failed.
com.xpn.xwiki.XWikiException: Error number 8001 in 8: Can't find
LDAP user DN.
at
com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWikiLDAPAuthServiceImpl.java:268)
at
com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.authenticate(XWikiLDAPAuthServiceImpl.java:107)
at
com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.authenticate(MyFormAuthenticator.java:195)
at
com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:128)
at
com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:113)
at
com.xpn.xwiki.user.impl.xwiki.XWikiAuthServiceImpl.checkAuth(XWikiAuthServiceImpl.java:211)
at com.xpn.xwiki.XWiki.checkAuth(XWiki.java:3258)
at
com.xpn.xwiki.user.impl.xwiki.XWikiRightServiceImpl.checkAccess(XWikiRightServiceImpl.java:136)
at com.xpn.xwiki.XWiki.checkAccess(XWiki.java:3266)
at com.xpn.xwiki.XWiki.prepareDocuments(XWiki.java:4210)
at
com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:164)
at
org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:431)
at
org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:236)
at
org.apache.struts.action.ActionServlet.process(ActionServlet.java:1196)
at
org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:432)
at
javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
at
javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
com.xpn.xwiki.web.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:117)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
at
org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:179)
at
org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at
org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
at
org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
at java.lang.Thread.run(Thread.java:595)
Ar cieņu, Mihails
Links:
------
[1] mailto:[EMAIL PROTECTED]
_______________________________________________
users mailing list
users@xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
