Hi Arnaud, On Thu, Aug 21, 2008 at 3:23 PM, Arnaud bourree <[EMAIL PROTECTED]> wrote: > Myself, I try to add LDAP authentication without succeed. > How could I setup log to display LDAP request and response? > I've update log4j.properties with: > log4j.logger.com.xpn.plugin.ldap=debug > log4j.lo.com.xpn.xwiki.user.impl.LDAP=debug
I thik you can have more log with log4j.logger.com.xpn.plugin.ldap=info log4j.lo.com.xpn.xwiki.user.impl.LDAP=info But AFAIK the LDAP authenticatioin does not log precisely all the LDAP queries. You can get it from LDAP server log think. > > Arnaud. > > 2008/8/21 Thomas Mortagne <[EMAIL PROTECTED]> > >> If it does not work you should try to enable debug log (see >> http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Logging) to see >> mre details on what append during the LDAP authentication. >> >> On Thu, Aug 21, 2008 at 10:59 AM, Thomas Mortagne >> <[EMAIL PROTECTED]> wrote: >> > Hi, >> > >> > Your configuration seems correct to me (except the >> > XWiki.XWikiAllGroup=cn=users,ou=xwiki,ou=Groups,dc=mydomain in >> > group_mapping which is useless). >> > >> > Could you try the last 1.5 snapshot at >> > >> http://maven.xwiki.org/snapshots/com/xpn/xwiki/platform/xwiki-core/1.5-SNAPSHOT/ >> > (which will be soon the 1.5.1), I fixed some bugs (like ogin with user >> > id contaning poits that was broken) on LDAP but not directly related >> > to this. With this version it's working for me with OpenLDAP but, not >> > with exactly the same LDAP schema but very similar. >> > >> > On Wed, Aug 20, 2008 at 11:17 PM, Richard V. <[EMAIL PROTECTED]> wrote: >> >> >> >> >> >> Hello XWiki users, >> >> >> >> I have a problem getting OpenLDAP to work with XWiki 1.5.11446. For some >> strange reason i cannot login into xwiki from an account located in OpenLDAP >> and no error messages are produced. The login page just refreshes itself and >> nothing else happens. This problem started when I migrated Xwiki 1.4 to 1.5. >> As solution, I downgraded back to 1.4 and everything seems to work again. Is >> the LDAP plugin broken in 1.5? I have copy-pasted a sample ldif of my >> OpenLDAP as well as the xwiki.cfg settings so that someone can give me a >> hint on where the problem could be. >> >> >> >> Many thanks in advanced. >> >> >> >> Richard >> >> >> >> ------------------------------------------------------ BEGIN >> ldif------------------------------------------------------------------- >> >> >> >> dn: dc=mydomain >> >> objectClass: organization >> >> objectClass: dcObject >> >> dc: mydomain >> >> o: mydomain >> >> >> >> dn: ou=Users,dc=mydomain >> >> objectClass: organizationalUnit >> >> ou: Users >> >> >> >> dn: ou=People,ou=Users,dc=mydomain >> >> objectClass: organizationalUnit >> >> ou: People >> >> >> >> dn: ou=Groups,dc=mydomain >> >> objectClass: organizationalUnit >> >> ou: Groups >> >> >> >> dn: ou=Machines,ou=Users,dc=mydomain >> >> objectClass: organizationalUnit >> >> ou: Machines >> >> >> >> dn: ou=Domains,dc=mydomain >> >> objectClass: organizationalUnit >> >> ou: Domains >> >> >> >> dn: sambaDomainName=SCRAPPY,ou=Domains,dc=mydomain >> >> objectClass: sambaDomain >> >> sambaAlgorithmicRidBase: 1000 >> >> sambaSID: S-1-5-21-4074884656-2525905897-914379862 >> >> sambaDomainName: SCRAPPY >> >> sambaMinPwdLength: 8 >> >> >> >> dn: cn=domainUsers,ou=Groups,dc=mydomain >> >> objectClass: sambaGroupMapping >> >> objectClass: posixGroup >> >> displayName: Domain Users >> >> sambaGroupType: 2 >> >> sambaSID: S-1-5-21-4074884656-2525905897-914379862-513 >> >> description: Domain Users >> >> gidNumber: 2001 >> >> cn: domainUsers >> >> memberUid: richi >> >> >> >> dn: cn=domainGuests,ou=Groups,dc=mydomain >> >> objectClass: sambaGroupMapping >> >> objectClass: posixGroobjectClass: posixGroup >> >> displayName: Domain Guests >> >> sambaGroupType: 2 >> >> sambaSID: S-1-5-21-4074884656-2525905897-914379862-514 >> >> description: Domain Guests >> >> gidNumber: 2002 >> >> cn: domainGuests >> >> >> >> dn: cn=domainComputers,ou=Groups,dc=mydomain >> >> objectClass: sambaGroupMapping >> >> objectClass: posixGroup >> >> displayName: Domain Computers >> >> sambaGroupType: 2 >> >> sambaSID: S-1-5-21-4074884656-2525905897-914379862-515 >> >> description: Domain Computers >> >> gidNumber: 2003 >> >> cn: domainComputers >> >> >> >> dn: uid=richi,ou=People,ou=Users,dc=mydomain >> >> objectClass: sambaSamAccount >> >> objectClass: shadowAccount >> >> objectClass: posixAccount >> >> objectClass: inetOrgPerson >> >> sambaHomeDrive: U: >> >> sambaDomainName: SCRAPPY >> >> sambaAcctFlags: [XU ] >> >> displayName: Richi >> >> sambaPrimaryGroupSID: S-1-5-21-4074884656-2525905897-914379862-512 >> >> sambaSID: S-1-5-21-4074884656-2525905897-914379862-5000 >> >> sambaLMPassword: <hidden> >> >> sambaNTPassword: <hidden> >> >> sambaPwdLastSet: 1218502167 >> >> shadowWarning: 10 >> >> shadowInactive: 10 >> >> shadowMin: 1 >> >> shadowMax: 365 >> >> homeDirectory: /home/richi >> >> loginShell: /bin/bash >> >> uid: richi >> >> cn: Richi >> >> uidNumber: 2000 >> >> gidNumber: 2000 >> >> sn: Smith >> >> givenName: Richi >> >> shadowLastChange: 14105 >> >> userPassword: secret >> >> >> >> dn: cn=domainAdmins,ou=Groups,dc=mydomain >> >> cn: domainAdmins >> >> description: Domain Admins >> >> objectClass: sambaGroupMapping >> >> objectClass: posixGroup >> >> gidNumber: 2000 >> >> sambaSID: S-1-5-21-4074884656-2525905897-914379862-512 >> >> sambaGroupType: 2 >> >> displayName: Domain Admin >> >> >> >> dn: ou=xwiki,ou=Groups,dc=mydomain >> >> ou: xwiki >> >> objectClass: top >> >> objectClass: organizationalUnit >> >> >> >> dn: cn=users,ou=xwiki,ou=Groups,dc=mydomain >> >> cn: users >> >> member: uid=richi,ou=People,ou=Users,dc=mydomain >> >> objectClass: groupOfNames >> >> objectClass: top >> >> ou: xwiki >> >> >> >> dn: cn=admins,ou=xwiki,ou=Groups,dc=mydomain >> >> cn: admins >> >> member: uid=richi,ou=People,ou=Users,dc=mydomain >> >> ou: xwiki >> >> objectClass: groupOfNames >> >> objectClass: top >> >> >> >> >> >> ------------------------------------------------- END ldif >> ------------------------------------------------------------ >> >> >> >> ------------------------------------------------- BEGIN xwiki.cfg >> ------------------------------------------------ >> >> #-# new LDAP authentication service >> >> >> xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl >> >> >> >> #-# Turn LDAP authentication on - otherwise only XWiki authentication >> >> #-# 0: disable >> >> #-# 1: enable >> >> xwiki.authentication.ldap=1 >> >> >> >> #-# LDAP Server (Active Directory, eDirectory, OpenLDAP, etc.) >> >> xwiki.authentication.ldap.server=localhost >> >> xwiki.authentication.ldap.port=389 >> >> >> >> #-# LDAP login, empty = anonymous access, otherwise specify full dn >> >> #-# {0} is replaced with the username, {1} with the password >> >> xwiki.authentication.ldap.bind_DN=uid={0},ou=People,ou=Users,dc=mydomain >> >> xwiki.authentication.ldap.bind_pass={1} >> >> >> >> #-# Force to check password after LDAP connection >> >> #-# 0: disable >> >> #-# 1: enable >> >> xwiki.authentication.ldap.validate_password=0 >> >> >> >> #-# only members of the following group will be verified in the LDAP >> >> # otherwise only users that are found after searching starting from the >> base_DN >> >> >> xwiki.authentication.ldap.user_group=cn=users,ou=xwiki,ou=Groups,dc=mydomain >> >> >> >> #-# base DN for searches >> >> xwiki.authentication.ldap.base_DN=ou=People,ou=Users,dc=mydomain >> >> #-# Specifies the LDAP attribute containing the identifier to be used as >> the XWiki name (default=cn) >> >> xwiki.authentication.ldap.UID_attr=uid >> >> >> >> #-# [SINCE 1.5M1, XWikiLDAPAuthServiceImpl] >> >> #-# Specifies the LDAP attribute containing the password to be used >> "when xwiki.authentication.ldap.validate_password" is set to 1 >> >> xwiki.authentication.ldap.password_field=userPassword >> >> >> >> #-# [SINCE 1.5M1, XWikiLDAPAuthServiceImpl] >> >> #-# The potential LDAP groups classes. Separated by commas. >> >> >> xwiki.authentication.ldap.group_classes=group,groupOfNames,groupOfUniqueNames,dynamicGroup >> >> >> >> #-# [SINCE 1.5M1, XWikiLDAPAuthServiceImpl] >> >> #-# The potential names of the LDAP groups fields containings the >> members. Separated by commas. >> >> xwiki.authentication.ldap.group_memberfields=member,uniqueMember >> >> >> >> #-# retrieve the following fields from LDAP and store them in the XWiki >> user object (xwiki-attribute=ldap-attribute) >> >> #-# ldap_dn=dn -- dn is set by class, caches dn in XWiki.user object >> for faster access >> >> >> xwiki.authentication.ldap.fields_mapping=last_name=sn,first_name=givenName,fullname=displayName,email=mail >> >> >> >> #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] >> >> #-# on every login update the mapped attributes from LDAP to XWiki >> otherwise thi >> >> s happens only once when the XWiki account is created. >> >> xwiki.authentication.ldap.update_user=1 >> >> >> >> #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] >> >> #-# mapps XWiki groups to LDAP groups, separator is "|" >> >> xwiki.authentication.ldap.group_mapping=\ >> >> XWiki.XWikiAdminGroup=cn=admins,ou=xwiki,ou=Groups,dc=mydomain|\ >> >> XWiki.XWikiAllGroup=cn=users,ou=xwiki,ou=Groups,dc=mydomain >> >> >> >> #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] >> >> #-# time in s after which the list of members in a group is refreshed >> from LDAP (default=3600*6) >> >> #Every half an hour >> >> xwiki.authentication.ldap.groupcache_expiration=1800 >> >> >> >> #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] >> >> #-# - create : synchronize group membership only when the user is first >> created >> >> #-# - always: synchronize on every login >> >> xwiki.authentication.ldap.mode_group_sync=always >> >> >> >> #-# if ldap authentication fails for any reason, try XWiki DB >> authentication with the same credentials >> >> xwiki.authentication.ldap.trylocal=0 >> >> >> >> #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] >> >> #-# SSL connection to LDAP server >> >> #-# 0: normal >> >> #-# 1: SSL >> >> # xwiki.authentication.ldap.ssl=0 >> >> >> >> #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] >> >> #-# The keystore file to use in SSL connection >> >> # xwiki.authentication.ldap.ssl.keystore= >> >> >> >> #-# [SINCE 1.5M1, XWikiLDAPAuthServiceImpl] >> >> #-# The java secure provider used in SSL connection >> >> # >> xwiki.authentication.ldap.ssl.secure_provider=com.sun.net.ssl.internal.ssl.Provider >> >> >> >> --------------------------------------------------- END xwiki.cfg >> --------------------------------------------------------- >> >> >> >> _________________________________________________________________ >> >> Get ideas on sharing photos from people like you. Find new ways to >> share. >> >> >> http://www.windowslive.com/explore/photogallery/posts?ocid=TXT_TAGLM_WL_Photo_Gallery_082008 >> >> _______________________________________________ >> >> users mailing list >> >> users@xwiki.org >> >> http://lists.xwiki.org/mailman/listinfo/users >> >> >> > >> > >> > >> > -- >> > Thomas Mortagne >> > >> >> >> >> -- >> Thomas Mortagne >> _______________________________________________ >> users mailing list >> users@xwiki.org >> http://lists.xwiki.org/mailman/listinfo/users >> > _______________________________________________ > users mailing list > users@xwiki.org > http://lists.xwiki.org/mailman/listinfo/users > -- Thomas Mortagne _______________________________________________ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users