On Fri, Jun 4, 2010 at 13:09, Martin Kunze <kunze.mar...@yahoo.de> wrote: > Hey, > > there are some good news and some not so good ones. > > After I upgraded xwiki to Version 2.3.1 and reconfigured xwiki.cfg the > ActiveDirectory-Authentication works. User now can login. But has no rights. > Now of course, I have to set some groupmapping. I did it like that: > xwiki.authentication.ldap.group_mapping=XWiki.GruppeA=cn=Standort,ou=Standortgruppen,ou=Gruppen,ou=Another > Group > > So now, that doesn't work. There are three things I want to know: > 1. do I have to add the "dc=domain,dc=suffix" string at the end?
The LDAP side has to be the full DN, so yes. > 2. the last group contains a space - can that be a problem? No, the DN can contains anything. > 3. are there any other things that can be wrong? No, it looks ok. Did you checked if the user is added to the group ? If not then you should look at the debug log. > > By the way, "GruppeA" exists in the wiki. I created it and granted some > rights. > > Best Regards :-) > Martin > > > > ________________________________ > Von: Thomas Mortagne <thomas.morta...@xwiki.com> > An: XWiki Users <users@xwiki.org> > Gesendet: Mittwoch, den 2. Juni 2010, 16:52:41 Uhr > Betreff: Re: [xwiki-users] log4j doesn't log information about LDAP connection > > On Wed, Jun 2, 2010 at 13:26, Martin Kunze <kunze.mar...@yahoo.de> wrote: >> Hello Thomas, >> >> this morning I had the possibility to restart the whole server on >> which xwiki and tomcat are running. >> You won't beleave me but now there is some Logging and the "Starting LDAP >> authentication" string in the xwiki.log. crazy. >> >> But authentication fails. ("Invalid credentials"). xwiki.log sais the >> following: >> "The provided User is null. We don't try to authenticate, it probably means >> the user is in non logged mode." > > This log is because when you access XWiki the authenticator is called > with no user for SSO based authenticators. > > You should have another "Starting LDAP authentication" with different > logs after this one, just look at the time when you try to > authenticate and takes the logs from this time and send them here so > that i can look at them. > >> >> Any idea what that means here and what to do??? >> >> Thanks for your help!!! >> >> -- >> Martin >> >>>Try setting "trace" level instead of "debug" and see if you have >>>"Starting LDAP authentication" to really make sure you don't have log >>>because of some very magical authenticator bug, that way we will at >>>least know we have to focus in logging. >> >> >>> xwiki.authentication.ldap=1 >>> xwiki.authentication.ldap.server=IP-Adress >>> xwiki.authentication.ldap.port=389 >>> xwiki.authentication.ldap.base_DN=dc=domain,dc=suffix >>> xwiki.authentication.ldap.bind_DN=domain\{0} >>> xwiki.authentication.ldap.bind_pass={1} >>> xwiki.authentication.ldap.UID_attr=sAMAccountName >> >> >> _______________________________________________ >> users mailing list >> users@xwiki.org >> http://lists.xwiki.org/mailman/listinfo/users >> > > > > -- > Thomas Mortagne > _______________________________________________ > users mailing list > users@xwiki.org > http://lists.xwiki.org/mailman/listinfo/users > > > _______________________________________________ > users mailing list > users@xwiki.org > http://lists.xwiki.org/mailman/listinfo/users > -- Thomas Mortagne _______________________________________________ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users