Myself, I try to add LDAP authentication without succeed. How could I setup log to display LDAP request and response? I've update log4j.properties with: log4j.logger.com.xpn.plugin.ldap=debug log4j.lo.com.xpn.xwiki.user.impl.LDAP=debug
Arnaud. 2008/8/21 Thomas Mortagne <[EMAIL PROTECTED]> > If it does not work you should try to enable debug log (see > http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Logging) to see > mre details on what append during the LDAP authentication. > > On Thu, Aug 21, 2008 at 10:59 AM, Thomas Mortagne > <[EMAIL PROTECTED]> wrote: > > Hi, > > > > Your configuration seems correct to me (except the > > XWiki.XWikiAllGroup=cn=users,ou=xwiki,ou=Groups,dc=mydomain in > > group_mapping which is useless). > > > > Could you try the last 1.5 snapshot at > > > http://maven.xwiki.org/snapshots/com/xpn/xwiki/platform/xwiki-core/1.5-SNAPSHOT/ > > (which will be soon the 1.5.1), I fixed some bugs (like ogin with user > > id contaning poits that was broken) on LDAP but not directly related > > to this. With this version it's working for me with OpenLDAP but, not > > with exactly the same LDAP schema but very similar. > > > > On Wed, Aug 20, 2008 at 11:17 PM, Richard V. <[EMAIL PROTECTED]> wrote: > >> > >> > >> Hello XWiki users, > >> > >> I have a problem getting OpenLDAP to work with XWiki 1.5.11446. For some > strange reason i cannot login into xwiki from an account located in OpenLDAP > and no error messages are produced. The login page just refreshes itself and > nothing else happens. This problem started when I migrated Xwiki 1.4 to 1.5. > As solution, I downgraded back to 1.4 and everything seems to work again. Is > the LDAP plugin broken in 1.5? I have copy-pasted a sample ldif of my > OpenLDAP as well as the xwiki.cfg settings so that someone can give me a > hint on where the problem could be. > >> > >> Many thanks in advanced. > >> > >> Richard > >> > >> ------------------------------------------------------ BEGIN > ldif------------------------------------------------------------------- > >> > >> dn: dc=mydomain > >> objectClass: organization > >> objectClass: dcObject > >> dc: mydomain > >> o: mydomain > >> > >> dn: ou=Users,dc=mydomain > >> objectClass: organizationalUnit > >> ou: Users > >> > >> dn: ou=People,ou=Users,dc=mydomain > >> objectClass: organizationalUnit > >> ou: People > >> > >> dn: ou=Groups,dc=mydomain > >> objectClass: organizationalUnit > >> ou: Groups > >> > >> dn: ou=Machines,ou=Users,dc=mydomain > >> objectClass: organizationalUnit > >> ou: Machines > >> > >> dn: ou=Domains,dc=mydomain > >> objectClass: organizationalUnit > >> ou: Domains > >> > >> dn: sambaDomainName=SCRAPPY,ou=Domains,dc=mydomain > >> objectClass: sambaDomain > >> sambaAlgorithmicRidBase: 1000 > >> sambaSID: S-1-5-21-4074884656-2525905897-914379862 > >> sambaDomainName: SCRAPPY > >> sambaMinPwdLength: 8 > >> > >> dn: cn=domainUsers,ou=Groups,dc=mydomain > >> objectClass: sambaGroupMapping > >> objectClass: posixGroup > >> displayName: Domain Users > >> sambaGroupType: 2 > >> sambaSID: S-1-5-21-4074884656-2525905897-914379862-513 > >> description: Domain Users > >> gidNumber: 2001 > >> cn: domainUsers > >> memberUid: richi > >> > >> dn: cn=domainGuests,ou=Groups,dc=mydomain > >> objectClass: sambaGroupMapping > >> objectClass: posixGroobjectClass: posixGroup > >> displayName: Domain Guests > >> sambaGroupType: 2 > >> sambaSID: S-1-5-21-4074884656-2525905897-914379862-514 > >> description: Domain Guests > >> gidNumber: 2002 > >> cn: domainGuests > >> > >> dn: cn=domainComputers,ou=Groups,dc=mydomain > >> objectClass: sambaGroupMapping > >> objectClass: posixGroup > >> displayName: Domain Computers > >> sambaGroupType: 2 > >> sambaSID: S-1-5-21-4074884656-2525905897-914379862-515 > >> description: Domain Computers > >> gidNumber: 2003 > >> cn: domainComputers > >> > >> dn: uid=richi,ou=People,ou=Users,dc=mydomain > >> objectClass: sambaSamAccount > >> objectClass: shadowAccount > >> objectClass: posixAccount > >> objectClass: inetOrgPerson > >> sambaHomeDrive: U: > >> sambaDomainName: SCRAPPY > >> sambaAcctFlags: [XU ] > >> displayName: Richi > >> sambaPrimaryGroupSID: S-1-5-21-4074884656-2525905897-914379862-512 > >> sambaSID: S-1-5-21-4074884656-2525905897-914379862-5000 > >> sambaLMPassword: <hidden> > >> sambaNTPassword: <hidden> > >> sambaPwdLastSet: 1218502167 > >> shadowWarning: 10 > >> shadowInactive: 10 > >> shadowMin: 1 > >> shadowMax: 365 > >> homeDirectory: /home/richi > >> loginShell: /bin/bash > >> uid: richi > >> cn: Richi > >> uidNumber: 2000 > >> gidNumber: 2000 > >> sn: Smith > >> givenName: Richi > >> shadowLastChange: 14105 > >> userPassword: secret > >> > >> dn: cn=domainAdmins,ou=Groups,dc=mydomain > >> cn: domainAdmins > >> description: Domain Admins > >> objectClass: sambaGroupMapping > >> objectClass: posixGroup > >> gidNumber: 2000 > >> sambaSID: S-1-5-21-4074884656-2525905897-914379862-512 > >> sambaGroupType: 2 > >> displayName: Domain Admin > >> > >> dn: ou=xwiki,ou=Groups,dc=mydomain > >> ou: xwiki > >> objectClass: top > >> objectClass: organizationalUnit > >> > >> dn: cn=users,ou=xwiki,ou=Groups,dc=mydomain > >> cn: users > >> member: uid=richi,ou=People,ou=Users,dc=mydomain > >> objectClass: groupOfNames > >> objectClass: top > >> ou: xwiki > >> > >> dn: cn=admins,ou=xwiki,ou=Groups,dc=mydomain > >> cn: admins > >> member: uid=richi,ou=People,ou=Users,dc=mydomain > >> ou: xwiki > >> objectClass: groupOfNames > >> objectClass: top > >> > >> > >> ------------------------------------------------- END ldif > ------------------------------------------------------------ > >> > >> ------------------------------------------------- BEGIN xwiki.cfg > ------------------------------------------------ > >> #-# new LDAP authentication service > >> > xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl > >> > >> #-# Turn LDAP authentication on - otherwise only XWiki authentication > >> #-# 0: disable > >> #-# 1: enable > >> xwiki.authentication.ldap=1 > >> > >> #-# LDAP Server (Active Directory, eDirectory, OpenLDAP, etc.) > >> xwiki.authentication.ldap.server=localhost > >> xwiki.authentication.ldap.port=389 > >> > >> #-# LDAP login, empty = anonymous access, otherwise specify full dn > >> #-# {0} is replaced with the username, {1} with the password > >> xwiki.authentication.ldap.bind_DN=uid={0},ou=People,ou=Users,dc=mydomain > >> xwiki.authentication.ldap.bind_pass={1} > >> > >> #-# Force to check password after LDAP connection > >> #-# 0: disable > >> #-# 1: enable > >> xwiki.authentication.ldap.validate_password=0 > >> > >> #-# only members of the following group will be verified in the LDAP > >> # otherwise only users that are found after searching starting from the > base_DN > >> > xwiki.authentication.ldap.user_group=cn=users,ou=xwiki,ou=Groups,dc=mydomain > >> > >> #-# base DN for searches > >> xwiki.authentication.ldap.base_DN=ou=People,ou=Users,dc=mydomain > >> #-# Specifies the LDAP attribute containing the identifier to be used as > the XWiki name (default=cn) > >> xwiki.authentication.ldap.UID_attr=uid > >> > >> #-# [SINCE 1.5M1, XWikiLDAPAuthServiceImpl] > >> #-# Specifies the LDAP attribute containing the password to be used > "when xwiki.authentication.ldap.validate_password" is set to 1 > >> xwiki.authentication.ldap.password_field=userPassword > >> > >> #-# [SINCE 1.5M1, XWikiLDAPAuthServiceImpl] > >> #-# The potential LDAP groups classes. Separated by commas. > >> > xwiki.authentication.ldap.group_classes=group,groupOfNames,groupOfUniqueNames,dynamicGroup > >> > >> #-# [SINCE 1.5M1, XWikiLDAPAuthServiceImpl] > >> #-# The potential names of the LDAP groups fields containings the > members. Separated by commas. > >> xwiki.authentication.ldap.group_memberfields=member,uniqueMember > >> > >> #-# retrieve the following fields from LDAP and store them in the XWiki > user object (xwiki-attribute=ldap-attribute) > >> #-# ldap_dn=dn -- dn is set by class, caches dn in XWiki.user object > for faster access > >> > xwiki.authentication.ldap.fields_mapping=last_name=sn,first_name=givenName,fullname=displayName,email=mail > >> > >> #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] > >> #-# on every login update the mapped attributes from LDAP to XWiki > otherwise thi > >> s happens only once when the XWiki account is created. > >> xwiki.authentication.ldap.update_user=1 > >> > >> #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] > >> #-# mapps XWiki groups to LDAP groups, separator is "|" > >> xwiki.authentication.ldap.group_mapping=\ > >> XWiki.XWikiAdminGroup=cn=admins,ou=xwiki,ou=Groups,dc=mydomain|\ > >> XWiki.XWikiAllGroup=cn=users,ou=xwiki,ou=Groups,dc=mydomain > >> > >> #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] > >> #-# time in s after which the list of members in a group is refreshed > from LDAP (default=3600*6) > >> #Every half an hour > >> xwiki.authentication.ldap.groupcache_expiration=1800 > >> > >> #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] > >> #-# - create : synchronize group membership only when the user is first > created > >> #-# - always: synchronize on every login > >> xwiki.authentication.ldap.mode_group_sync=always > >> > >> #-# if ldap authentication fails for any reason, try XWiki DB > authentication with the same credentials > >> xwiki.authentication.ldap.trylocal=0 > >> > >> #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] > >> #-# SSL connection to LDAP server > >> #-# 0: normal > >> #-# 1: SSL > >> # xwiki.authentication.ldap.ssl=0 > >> > >> #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] > >> #-# The keystore file to use in SSL connection > >> # xwiki.authentication.ldap.ssl.keystore= > >> > >> #-# [SINCE 1.5M1, XWikiLDAPAuthServiceImpl] > >> #-# The java secure provider used in SSL connection > >> # > xwiki.authentication.ldap.ssl.secure_provider=com.sun.net.ssl.internal.ssl.Provider > >> > >> --------------------------------------------------- END xwiki.cfg > --------------------------------------------------------- > >> > >> _________________________________________________________________ > >> Get ideas on sharing photos from people like you. Find new ways to > share. > >> > http://www.windowslive.com/explore/photogallery/posts?ocid=TXT_TAGLM_WL_Photo_Gallery_082008 > >> _______________________________________________ > >> users mailing list > >> users@xwiki.org > >> http://lists.xwiki.org/mailman/listinfo/users > >> > > > > > > > > -- > > Thomas Mortagne > > > > > > -- > Thomas Mortagne > _______________________________________________ > users mailing list > users@xwiki.org > http://lists.xwiki.org/mailman/listinfo/users > _______________________________________________ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
