If it does not work you should try to enable debug log (see http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Logging) to see mre details on what append during the LDAP authentication.
On Thu, Aug 21, 2008 at 10:59 AM, Thomas Mortagne <[EMAIL PROTECTED]> wrote: > Hi, > > Your configuration seems correct to me (except the > XWiki.XWikiAllGroup=cn=users,ou=xwiki,ou=Groups,dc=mydomain in > group_mapping which is useless). > > Could you try the last 1.5 snapshot at > http://maven.xwiki.org/snapshots/com/xpn/xwiki/platform/xwiki-core/1.5-SNAPSHOT/ > (which will be soon the 1.5.1), I fixed some bugs (like ogin with user > id contaning poits that was broken) on LDAP but not directly related > to this. With this version it's working for me with OpenLDAP but, not > with exactly the same LDAP schema but very similar. > > On Wed, Aug 20, 2008 at 11:17 PM, Richard V. <[EMAIL PROTECTED]> wrote: >> >> >> Hello XWiki users, >> >> I have a problem getting OpenLDAP to work with XWiki 1.5.11446. For some >> strange reason i cannot login into xwiki from an account located in OpenLDAP >> and no error messages are produced. The login page just refreshes itself and >> nothing else happens. This problem started when I migrated Xwiki 1.4 to 1.5. >> As solution, I downgraded back to 1.4 and everything seems to work again. Is >> the LDAP plugin broken in 1.5? I have copy-pasted a sample ldif of my >> OpenLDAP as well as the xwiki.cfg settings so that someone can give me a >> hint on where the problem could be. >> >> Many thanks in advanced. >> >> Richard >> >> ------------------------------------------------------ BEGIN >> ldif------------------------------------------------------------------- >> >> dn: dc=mydomain >> objectClass: organization >> objectClass: dcObject >> dc: mydomain >> o: mydomain >> >> dn: ou=Users,dc=mydomain >> objectClass: organizationalUnit >> ou: Users >> >> dn: ou=People,ou=Users,dc=mydomain >> objectClass: organizationalUnit >> ou: People >> >> dn: ou=Groups,dc=mydomain >> objectClass: organizationalUnit >> ou: Groups >> >> dn: ou=Machines,ou=Users,dc=mydomain >> objectClass: organizationalUnit >> ou: Machines >> >> dn: ou=Domains,dc=mydomain >> objectClass: organizationalUnit >> ou: Domains >> >> dn: sambaDomainName=SCRAPPY,ou=Domains,dc=mydomain >> objectClass: sambaDomain >> sambaAlgorithmicRidBase: 1000 >> sambaSID: S-1-5-21-4074884656-2525905897-914379862 >> sambaDomainName: SCRAPPY >> sambaMinPwdLength: 8 >> >> dn: cn=domainUsers,ou=Groups,dc=mydomain >> objectClass: sambaGroupMapping >> objectClass: posixGroup >> displayName: Domain Users >> sambaGroupType: 2 >> sambaSID: S-1-5-21-4074884656-2525905897-914379862-513 >> description: Domain Users >> gidNumber: 2001 >> cn: domainUsers >> memberUid: richi >> >> dn: cn=domainGuests,ou=Groups,dc=mydomain >> objectClass: sambaGroupMapping >> objectClass: posixGroobjectClass: posixGroup >> displayName: Domain Guests >> sambaGroupType: 2 >> sambaSID: S-1-5-21-4074884656-2525905897-914379862-514 >> description: Domain Guests >> gidNumber: 2002 >> cn: domainGuests >> >> dn: cn=domainComputers,ou=Groups,dc=mydomain >> objectClass: sambaGroupMapping >> objectClass: posixGroup >> displayName: Domain Computers >> sambaGroupType: 2 >> sambaSID: S-1-5-21-4074884656-2525905897-914379862-515 >> description: Domain Computers >> gidNumber: 2003 >> cn: domainComputers >> >> dn: uid=richi,ou=People,ou=Users,dc=mydomain >> objectClass: sambaSamAccount >> objectClass: shadowAccount >> objectClass: posixAccount >> objectClass: inetOrgPerson >> sambaHomeDrive: U: >> sambaDomainName: SCRAPPY >> sambaAcctFlags: [XU ] >> displayName: Richi >> sambaPrimaryGroupSID: S-1-5-21-4074884656-2525905897-914379862-512 >> sambaSID: S-1-5-21-4074884656-2525905897-914379862-5000 >> sambaLMPassword: <hidden> >> sambaNTPassword: <hidden> >> sambaPwdLastSet: 1218502167 >> shadowWarning: 10 >> shadowInactive: 10 >> shadowMin: 1 >> shadowMax: 365 >> homeDirectory: /home/richi >> loginShell: /bin/bash >> uid: richi >> cn: Richi >> uidNumber: 2000 >> gidNumber: 2000 >> sn: Smith >> givenName: Richi >> shadowLastChange: 14105 >> userPassword: secret >> >> dn: cn=domainAdmins,ou=Groups,dc=mydomain >> cn: domainAdmins >> description: Domain Admins >> objectClass: sambaGroupMapping >> objectClass: posixGroup >> gidNumber: 2000 >> sambaSID: S-1-5-21-4074884656-2525905897-914379862-512 >> sambaGroupType: 2 >> displayName: Domain Admin >> >> dn: ou=xwiki,ou=Groups,dc=mydomain >> ou: xwiki >> objectClass: top >> objectClass: organizationalUnit >> >> dn: cn=users,ou=xwiki,ou=Groups,dc=mydomain >> cn: users >> member: uid=richi,ou=People,ou=Users,dc=mydomain >> objectClass: groupOfNames >> objectClass: top >> ou: xwiki >> >> dn: cn=admins,ou=xwiki,ou=Groups,dc=mydomain >> cn: admins >> member: uid=richi,ou=People,ou=Users,dc=mydomain >> ou: xwiki >> objectClass: groupOfNames >> objectClass: top >> >> >> ------------------------------------------------- END ldif >> ------------------------------------------------------------ >> >> ------------------------------------------------- BEGIN xwiki.cfg >> ------------------------------------------------ >> #-# new LDAP authentication service >> xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl >> >> #-# Turn LDAP authentication on - otherwise only XWiki authentication >> #-# 0: disable >> #-# 1: enable >> xwiki.authentication.ldap=1 >> >> #-# LDAP Server (Active Directory, eDirectory, OpenLDAP, etc.) >> xwiki.authentication.ldap.server=localhost >> xwiki.authentication.ldap.port=389 >> >> #-# LDAP login, empty = anonymous access, otherwise specify full dn >> #-# {0} is replaced with the username, {1} with the password >> xwiki.authentication.ldap.bind_DN=uid={0},ou=People,ou=Users,dc=mydomain >> xwiki.authentication.ldap.bind_pass={1} >> >> #-# Force to check password after LDAP connection >> #-# 0: disable >> #-# 1: enable >> xwiki.authentication.ldap.validate_password=0 >> >> #-# only members of the following group will be verified in the LDAP >> # otherwise only users that are found after searching starting from the >> base_DN >> xwiki.authentication.ldap.user_group=cn=users,ou=xwiki,ou=Groups,dc=mydomain >> >> #-# base DN for searches >> xwiki.authentication.ldap.base_DN=ou=People,ou=Users,dc=mydomain >> #-# Specifies the LDAP attribute containing the identifier to be used as the >> XWiki name (default=cn) >> xwiki.authentication.ldap.UID_attr=uid >> >> #-# [SINCE 1.5M1, XWikiLDAPAuthServiceImpl] >> #-# Specifies the LDAP attribute containing the password to be used "when >> xwiki.authentication.ldap.validate_password" is set to 1 >> xwiki.authentication.ldap.password_field=userPassword >> >> #-# [SINCE 1.5M1, XWikiLDAPAuthServiceImpl] >> #-# The potential LDAP groups classes. Separated by commas. >> xwiki.authentication.ldap.group_classes=group,groupOfNames,groupOfUniqueNames,dynamicGroup >> >> #-# [SINCE 1.5M1, XWikiLDAPAuthServiceImpl] >> #-# The potential names of the LDAP groups fields containings the members. >> Separated by commas. >> xwiki.authentication.ldap.group_memberfields=member,uniqueMember >> >> #-# retrieve the following fields from LDAP and store them in the XWiki user >> object (xwiki-attribute=ldap-attribute) >> #-# ldap_dn=dn -- dn is set by class, caches dn in XWiki.user object for >> faster access >> xwiki.authentication.ldap.fields_mapping=last_name=sn,first_name=givenName,fullname=displayName,email=mail >> >> #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] >> #-# on every login update the mapped attributes from LDAP to XWiki otherwise >> thi >> s happens only once when the XWiki account is created. >> xwiki.authentication.ldap.update_user=1 >> >> #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] >> #-# mapps XWiki groups to LDAP groups, separator is "|" >> xwiki.authentication.ldap.group_mapping=\ >> XWiki.XWikiAdminGroup=cn=admins,ou=xwiki,ou=Groups,dc=mydomain|\ >> XWiki.XWikiAllGroup=cn=users,ou=xwiki,ou=Groups,dc=mydomain >> >> #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] >> #-# time in s after which the list of members in a group is refreshed from >> LDAP (default=3600*6) >> #Every half an hour >> xwiki.authentication.ldap.groupcache_expiration=1800 >> >> #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] >> #-# - create : synchronize group membership only when the user is first >> created >> #-# - always: synchronize on every login >> xwiki.authentication.ldap.mode_group_sync=always >> >> #-# if ldap authentication fails for any reason, try XWiki DB authentication >> with the same credentials >> xwiki.authentication.ldap.trylocal=0 >> >> #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] >> #-# SSL connection to LDAP server >> #-# 0: normal >> #-# 1: SSL >> # xwiki.authentication.ldap.ssl=0 >> >> #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] >> #-# The keystore file to use in SSL connection >> # xwiki.authentication.ldap.ssl.keystore= >> >> #-# [SINCE 1.5M1, XWikiLDAPAuthServiceImpl] >> #-# The java secure provider used in SSL connection >> # >> xwiki.authentication.ldap.ssl.secure_provider=com.sun.net.ssl.internal.ssl.Provider >> >> --------------------------------------------------- END xwiki.cfg >> --------------------------------------------------------- >> >> _________________________________________________________________ >> Get ideas on sharing photos from people like you. Find new ways to share. >> http://www.windowslive.com/explore/photogallery/posts?ocid=TXT_TAGLM_WL_Photo_Gallery_082008 >> _______________________________________________ >> users mailing list >> users@xwiki.org >> http://lists.xwiki.org/mailman/listinfo/users >> > > > > -- > Thomas Mortagne > -- Thomas Mortagne _______________________________________________ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
