On Thu, Apr 1, 2010 at 13:23, Dilipkumar Jadhav
<jadhav.dilipku...@gmail.com> wrote:
> HiThomas,
> I did read the link that you provided before I posted the first time on the
> mailing list.
> Well, as I said, I am not a networking guy so I have been doing a lot of
> trial and error.
> You mentioned that this does not look like AD...which part are you referring
> to - The Active Directory Setup or the configuration changes I made to
> xwiki.cfg LDAP properties.
I'm referring to what was just before my comment, xwiki.cfg
configuration and the link i mentioned contains only xwiki.cfg
configuration. I have no idea how to configure an AD server.
If you look at it you will see
xwiki.authentication.ldap.bind_DN=subdomain\\{0}
xwiki.authentication.ldap.UID_attr=sAMAccountName
which both are very different than what you written in the
configuration you posted in the mail. The configuration you can find
in the link is the one I always seen people use with standard AD.
Did you put the right "subdomain" ? That part depends on the domain
you configured AD with. Same thing for base_DN, each resource in an
LDAP have a DN and base_DN is usually the common part between all
theses DNs and it should lokk like what you can find on the
documentation: dc=<some subdomain>,dc=<some domain>,dc=<some suffix>
for example dc=ldap, dc=xwiki,dc=org
I have no idea where to find theses on Active Directoy UI because i
never used AD itself myself, just configured LDAP authenticator for it
with information someone gave me.
If you don't have any special configuration in your AD I think you
should use the exact same configuration you can find in
http://platform.xwiki.org/xwiki/bin/view/AdminGuide/LDAPAuthenticationUseCases#HActive20Directory
and just chance informations related to the domain to set up for your
AD (AD domain, and the root DN).
> I've tried many combinations that I could using internet & some help from
> people who know networking.
> I am stuck with the bind_dn username, bind_dn password & base_dn.
> Also, as I previously mentioned, I don't know if {0} is just a symbolic
> representation where I need to insert my own username or it has to be left
> as it is & XWiki will do the conversion of {0} to a valid username.
In the documentation you can find
"ad{0} where {0} will be replaced by username during validation" which
is pretty clear to me that {0} is dynamically replaced by the
authentication module and not by you. Same thing for the password
part.
> I have not created an OU. Do I have to create one or is the default "Users"
> an OU.
I don't see any OU used in the documentation, just the dc part and
only in the base_DN, as you can see bind_DN contains the AD special
syntaxe with just the AD domain of the user and {0} to insert the
login the type in the login form.
> I replaced CN with sAMAccountName but that too didn't help.
>
> I am so new to this concept, I probably don't know even the right questions
> to ask.
> Any help, as always, would be much appreciated.
You can also enable debug logging to know what exactly happen suring
LDAP authentication to know what is the issue (faild to connect to
LDAP server, unable to find user, ...). See
http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication#HEnableLDAPdebuglog
> Thanks Thomas.
>
> Message: 5
> Date: Thu, 1 Apr 2010 11:00:56 +0200
> From: Thomas Mortagne <thomas.morta...@xwiki.com>
> Subject: Re: [xwiki-users] LDAP Configuration Help Needed
> To: XWiki Users <users@xwiki.org>
> Message-ID:
> <p2ua8e97d9c1004010200r5e1ad934id41849e096ab...@mail.gmail.com>
> Content-Type: text/plain; charset=UTF-8
>
> (Sorry for the previous message, gmail shortcuts...)
>
> On Thu, Apr 1, 2010 at 10:58, Thomas Mortagne <thomas.morta...@xwiki.com>
> wrote:
>> On Thu, Apr 1, 2010 at 05:46, Dilipkumar Jadhav
>> <jadhav.dilipku...@gmail.com> wrote:
>>> Hello folks,
>>>
>>> I need some help with a topic that has been discussed very often on the
>>> mailing list - LDAP.
>>>
>>> I've tried going through most of the posts on the mailing list but since
> I
>>> am not a networking guy, I've had lot of trouble understanding the basic
>>> terminology involved with LDAP & AD.
>>>
>>>
>>>
>>> The AD that we've on production environment is available only through SSL
>>> which I know will be a bigger challenge to configure with XWiki. Hence,
> to
>>> start with, I would like to connect my XWiki with the MS Active Directory
> I
>>> setup on my test machine.
>>>
>>>
>>>
>>> With some help, I managed to create a Active Directory. Also, I am able
> to
>>> connect to this AD using Apache Directory Browser. So this confirms that
> the
>>> AD is working fine.
>>>
>>> Both the AD and XWiki are installed on the same machine.
>>>
>>>
>>>
>>> Now, I tried changing the xwiki.cfg LDAP properties but I am unable to
> login
>>> using any of the users I created in AD. Moreover, I lost my default Admin
>>> credentials for the Wiki (UN:Admin & PW:admin doesn't work anymore).
>>>
>>>
>>>
>>> The configuration is as follows:
>>>
>>>
>>>
>>> xwiki.authentication.ldap=1
>>>
>>> xwiki.authentication.ldap.server=127.0.0.1
>>>
>>> xwiki.authentication.ldap.port=389
>>>
>>> xwiki.authentication.ldap.base_DN=dc=dilip,dc=com
>>>
>>> xwiki.authentication.ldap.bind_DN=cn={0},dc=dilip,dc=com
>>
>
> This eally doe snot looks like AD. Did you looked at
> http://platform.xwiki.org/xwiki/bin/view/AdminGuide/LDAPAuthenticationUseCas
> es#HActive20Directory
> ?
>
> That should be your first read, not the mailing list...
>
>>
>>>
>>> xwiki.authentication.ldap.bind_pass={1}
>>>
>>> xwiki.authentication.ldap.UID_attr=cn
>
> Again, nothing to do with AD here.
>
>>>
>>>
> xwiki.authentication.ldap.fields_mapping=name=cn,last_name=sn,first_name=giv
>>> enName,fullname=displayName,mail=cn,ldap_dn=dn
>>>
>>>
>>>
>>> And the AD structure can be loosely described as follows:
>>>
>>>
>>>
>>> dilip.com
>>>
>>> ? ? ? ?-----Builtin
>>>
>>> ? ? ? ?-----Computers
>>>
>>> ? ? ? ?-----Domain Controllers
>>>
>>> ? ? ? ?-----ForeignSecurityPrincipals
>>>
>>> ? ? ? ?-----Users
>>>
>>> All my users are listed under the "Users" node including Windows
>>> administrator called "Administrator" with password "redhat".
>>>
>>>
>>>
>>> Does the {0} need to be replaced with an actual username & {1} replaced
> with
>>> actual password. Could someone please have a look at my configuration
>>> settings & probably suggest some changes. I am sure I've missed something
>>> somewhere.
>>>
>>>
>>>
>>> Thank you for your valuable time.
>>>
>>> _______________________________________________
>>> users mailing list
>>> users@xwiki.org
>>> http://lists.xwiki.org/mailman/listinfo/users
>>>
>>
>>
>>
>> --
>> Thomas Mortagne
>>
>
>
>
> --
> Thomas Mortagne
>
>
> ------------------------------
>
> _______________________________________________
> users mailing list
> users@xwiki.org
> http://lists.xwiki.org/mailman/listinfo/users
>
>
> End of users Digest, Vol 33, Issue 1
> ************************************
>
> _______________________________________________
> users mailing list
> users@xwiki.org
> http://lists.xwiki.org/mailman/listinfo/users
>
--
Thomas Mortagne
_______________________________________________
users mailing list
users@xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
