I think you get "wrong passowrd" just because LDAP failed to connect for some reason so the authentication tried the XWiki authenticator and obviously it fail since the password is registered on LDAP server and not in XWiki database.
Could you enable LDAP debug log (see http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication#HEnableLDAPdebuglog) and try to reproduce it ? We will see better what append when LDAP fail to connect. On Thu, Feb 5, 2009 at 10:24 AM, Stefan Woehrer <stefan_woeh...@yahoo.de> wrote: > > > thanks a lot. it seems that this was an additional problem with the > firewall(!?) > anyway, the firewall is now configured to let through the whole ldap traffic > from the xwiki machine. the problem hasn't changed: sometimes, users are > randomly logged out with the "wrong passowrd" error message. when they try > to log in, they get the very same error message for a couple of times. a few > minutes later, they can login again and everything works. > this happens spontaniously a couple of times per day. > > does any1 experience the same problem? > > > the next issue is that suddenly no (error/warning) messages are generated > any more. i will try a tomcat restart in the afternoon, but since we did > that a lot of times before i don't think this will help. > > i would very much apprechiate any kind of help! thank you in advance. > > > steve > > > > tmortagne wrote: >> >> Hi, >> >> On Mon, Feb 2, 2009 at 9:48 AM, Stefan Woehrer <stefan_woeh...@yahoo.de> >> wrote: >>> >>> Hi, >>> >>> we just upgraded our XWiki from 1.3.2 to 1.7.1. >>> Right afterwards the firewall registers LDAP-Packages from the XWiki >>> mashine >>> as an attack, saying: >>> >>> "A malicious LDAP packet may indicate a potential attack. An attacker >>> could >>> use a modified LDAP message to cause buffer overflows on defective >>> systems >>> and execute arbitary code. (LDAP message contains malicious data which >>> does >>> not comply with ASN.1)" >>> >>> It seems that it has something to to with the changings made since 1.3.2. >>> Is >>> that possible? >> >> By default 1.7.1 use the new XWiki LDAP authenticator when 1.3.2 use >> the old one. See >> http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication#HLDAPAuthentication >> >> Now on the technical details it's using exactly the same Novell ldap >> client implementation and the differences are more on the XWiki side >> so I don't see why it would suddenly send wrong datas. >> >>> >>> Greetings, >>> Steve >>> -- >>> View this message in context: >>> http://n2.nabble.com/LDAP-Login-changes-in-new-version-tp2257004p2257004.html >>> Sent from the XWiki- Users mailing list archive at Nabble.com. >>> >>> _______________________________________________ >>> users mailing list >>> users@xwiki.org >>> http://lists.xwiki.org/mailman/listinfo/users >>> >> >> >> >> -- >> Thomas Mortagne >> _______________________________________________ >> users mailing list >> users@xwiki.org >> http://lists.xwiki.org/mailman/listinfo/users >> >> > > -- > View this message in context: > http://n2.nabble.com/LDAP-Login-changes-in-new-version-tp2257004p2273948.html > Sent from the XWiki- Users mailing list archive at Nabble.com. > > _______________________________________________ > users mailing list > users@xwiki.org > http://lists.xwiki.org/mailman/listinfo/users > -- Thomas Mortagne _______________________________________________ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
