Hi Thomas, I think xwiki-authentication-trusted-ldap is exactly what I need. But I'm not that experienced to compiling java. Can I download it somewhere as a .jar file? Or can you point me the way to extract this from git and compile it myself?
Thanks, Mark On Fri, Mar 8, 2013 at 1:53 PM, Mark Jas <m...@nieuwenborg.nl> wrote: > Hi Thomas, > > Thanks for your reply. I should have given you some more info. > I'm using the default authenticator, because if I use the > com.xpn.xwiki.user.impl.xwiki.AppServerTrustedKerberosAuthServiceImpl, my > ldap stops working. > > If I use > com.xpn.xwiki.user.impl.xwiki.AppServerTrustedKerberosAuthServiceImpl > Kerberos works fine, but new users aren't created, and group sync isn't > working etc etc... com.xpn.xwiki.user.impl.xwiki.AppServerTrustedKerberosAuthServiceImpl only know about remote user and just create the user page, it's not connecting to LDAP to update informations or group membership like the LDAP authenticator do. There is no such authenticator by default but you can look at https://github.com/xwiki-contrib/sandbox/tree/master/authenticators/xwiki-authentication-trusted-ldap. > > Maybe my question should be: How do I get LDAP working with the Kerberos > authenticator? > > Mark > > > On Tue, Mar 5, 2013 at 4:35 PM, Mark Jas <m...@nieuwenborg.nl> wrote: >> Hi all, >> >> >> I have configured xwiki with LDAP authentication and kerberos SSO. >> >> When I use a browser without automatic Kerberos SSO, I get a keberos login >> page. When I fill in username and password manually it works great. >> >> But when I set the browser to use automatic logon, I get the xwiki >> login page! (at least in FireFox, IE says “cannot show page”) >> >> I get the same results when I manually login with “username@DOMAIN” >> and “password”. So I think the domain part is used in the automatic >> logon. (and is the actual problem…) >> >> >> I see there is java code that strips the @DOMAIN part from the username. But >> I have no idea how or where to implement this. I hope some can help me! > > I never used it myself but from what I see in the code it's supposed to do > that all the time. Maybe there is a bug. > > You can try to enable debug log[1] for class > com.xpn.xwiki.user.impl.xwiki.AppServerTrustedKerberosAuthServiceImpl > (that's the authenticator you are using, right ?) to see what's going on. At > least ou should get what remote user XWiki is getting if any. > > [1] http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Logging > >> >> >> Mark >> >> >> _______________________________________________ >> users mailing list >> users@xwiki.org >> http://lists.xwiki.org/mailman/listinfo/users > > > > -- > Thomas Mortagne > _______________________________________________ > users mailing list > users@xwiki.org > http://lists.xwiki.org/mailman/listinfo/users > > _______________________________________________ > users mailing list > users@xwiki.org > http://lists.xwiki.org/mailman/listinfo/users -- Thomas Mortagne _______________________________________________ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users _______________________________________________ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
