Hi, I hope someone can help me. I'm experiencing some trouble with the configuration of XWiki against our Active Directory server. Unfortunately LDAP is not something I am very familiar with and it seems a little unusual to my way of thinking!
I have an Active Directory in the following format that I am trying to get working with XWiki: - Root - OU=Staff - CN=Bill Bailey - sAMAccountName=bb - CN=Fred Bloggs - sAMAccountName=fb I've configured the following, but I can't get past the login screen. xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl xwiki.authentication.ldap=1 xwiki.authentication.ldap.server=servername xwiki.authentication.ldap.port=389 xwiki.authentication.ldap.bind_DN=subdomain\\{0} xwiki.authentication.ldap.bind_pass={1} xwiki.authentication.ldap.base_DN=DC=subdomain,DC=domain,DC=com xwiki.authentication.ldap.user_group=OU=Staff xwiki.authentication.ldap.UID_attr=sAMAccountName xwiki.authentication.ldap.group_classes=group,groupOfNames,groupOfUniqueNames,dynamicGroup,dynamicGroupAux,groupWiseDistributionList xwiki.authentication.ldap.fields_mapping=name=sAMAccountName,last_name=sn,first_name=givenName,fullname=displayName,email=mail,ldap_dn=dn xwiki.authentication.ldap.update_user=1 These are my logs... 2013-03-18 15:08:18,924 [http://tidevute:9080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] TRACE u.i.L.XWikiLDAPAuthServiceImpl - Starting LDAP authentication 2013-03-18 15:08:18,924 [http://tidevute:9080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG u.i.L.XWikiLDAPAuthServiceImpl - The provided user is null. We don't try to authenticate, it probably means the user is in non logged mode. 2013-03-18 15:08:18,924 [http://tidevute:9080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] TRACE u.i.L.XWikiLDAPAuthServiceImpl - Starting LDAP authentication 2013-03-18 15:08:18,924 [http://tidevute:9080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConfig - ldap_group_classes: [groupofnames, groupwisedistributionlist, dynamicgroup, dynamicgroupaux, groupofuniquenames, group] 2013-03-18 15:08:18,924 [http://tidevute:9080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConfig - ldap_group_memberfields: [member, uniquemember] 2013-03-18 15:08:18,971 [http://tidevute:9080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConnection - Connection to LDAP server [tidc:389] 2013-03-18 15:08:19,002 [http://tidevute:9080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConnection - Binding to LDAP server with credentials login=[subdomain\username] 2013-03-18 15:08:19,236 [http://tidevute:9080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG u.i.L.XWikiLDAPAuthServiceImpl - Checking if the user belongs to the user group: OU=Staff 2013-03-18 15:08:19,252 [http://tidevute:9080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPUtils - Retrieving Members of the group [OU=Staff] 2013-03-18 15:08:19,252 [http://tidevute:9080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPUtils - [OU=Staff] is a valid DN, lets try to get corresponding entry. 2013-03-18 15:08:19,252 [http://tidevute:9080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConnection - LDAP search: baseDN=[OU=Staff] query=[null] attr=[[objectClass, member, uniquemember, sAMAccountName]] ldapScope=[2] 2013-03-18 15:08:19,299 [http://tidevute:9080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPUtils - Failed to get group members com.novell.ldap.LDAPException: Operations Error at com.novell.ldap.LDAPResponse.getResultException(Unknown Source) ~[jldap-4.3.jar:na] at com.novell.ldap.LDAPResponse.chkResultCode(Unknown Source) ~[jldap-4.3.jar:na] at com.novell.ldap.LDAPSearchResults.next(Unknown Source) ~[jldap-4.3.jar:na] at com.xpn.xwiki.plugin.ldap.XWikiLDAPUtils.getGroupMembersSearchResult(XWikiLDAPUtils.java:676) [xwiki-platform-legacy-oldcore-5.0-milestone-1.jar:na] at com.xpn.xwiki.plugin.ldap.XWikiLDAPUtils.getGroupMembersFromDN(XWikiLDAPUtils.java:603) [xwiki-platform-legacy-oldcore-5.0-milestone-1.jar:na] at com.xpn.xwiki.plugin.ldap.XWikiLDAPUtils.getGroupMembers(XWikiLDAPUtils.java:543) [xwiki-platform-legacy-oldcore-5.0-milestone-1.jar:na] at com.xpn.xwiki.plugin.ldap.XWikiLDAPUtils.getGroupMembers(XWikiLDAPUtils.java:721) [xwiki-platform-legacy-oldcore-5.0-milestone-1.jar:na] at com.xpn.xwiki.plugin.ldap.XWikiLDAPUtils.isUidInGroup(XWikiLDAPUtils.java:843) [xwiki-platform-legacy-oldcore-5.0-milestone-1.jar:na] at com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticateInContext(XWikiLDAPAuthServiceImpl.java:328) [xwiki-platform-legacy-oldcore-5.0-milestone-1.jar:na] at com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWikiLDAPAuthServiceImpl.java:182) [xwiki-platform-legacy-oldcore-5.0-milestone-1.jar:na] at com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.authenticate(XWikiLDAPAuthServiceImpl.java:129) [xwiki-platform-legacy-oldcore-5.0-milestone-1.jar:na] at com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.authenticate(MyFormAuthenticator.java:273) [xwiki-platform-legacy-oldcore-5.0-milestone-1.jar:na] at com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:193) [xwiki-platform-legacy-oldcore-5.0-milestone-1.jar:na] at com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:175) [xwiki-platform-legacy-oldcore-5.0-milestone-1.jar:na] at com.xpn.xwiki.user.impl.xwiki.XWikiAuthServiceImpl.checkAuth(XWikiAuthServiceImpl.java:240) [xwiki-platform-legacy-oldcore-5.0-milestone-1.jar:na] at com.xpn.xwiki.XWiki.checkAuth(XWiki.java:3631) [xwiki-platform-legacy-oldcore-5.0-milestone-1.jar:na] at com.xpn.xwiki.user.impl.xwiki.XWikiRightServiceImpl.checkAccess(XWikiRightServiceImpl.java:171) [xwiki-platform-legacy-oldcore-5.0-milestone-1.jar:na] at com.xpn.xwiki.XWiki.checkAccess(XWiki.java:3644) [xwiki-platform-legacy-oldcore-5.0-milestone-1.jar:na] at com.xpn.xwiki.XWiki.prepareDocuments(XWiki.java:4690) [xwiki-platform-legacy-oldcore-5.0-milestone-1.jar:na] at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:179) [xwiki-platform-legacy-oldcore-5.0-milestone-1.jar:na] at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:116) [xwiki-platform-legacy-oldcore-5.0-milestone-1.jar:na] at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:431) [struts-1.2.9.jar:1.2.9] at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:236) [struts-1.2.9.jar:1.2.9] at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1196) [struts-1.2.9.jar:1.2.9] at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:432) [struts-1.2.9.jar:1.2.9] at javax.servlet.http.HttpServlet.service(HttpServlet.java:647) [servlet-api.jar:na] at javax.servlet.http.HttpServlet.service(HttpServlet.java:728) [servlet-api.jar:na] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305) [catalina.jar:7.0.37] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) [catalina.jar:7.0.37] at com.xpn.xwiki.web.ActionFilter.doFilter(ActionFilter.java:120) [xwiki-platform-legacy-oldcore-5.0-milestone-1.jar:na] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) [catalina.jar:7.0.37] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) [catalina.jar:7.0.37] at org.xwiki.wysiwyg.server.filter.ConversionFilter.doFilter(ConversionFilter.java:144) [xwiki-platform-wysiwyg-server-5.0-milestone-1.jar:na] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) [catalina.jar:7.0.37] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) [catalina.jar:7.0.37] at com.xpn.xwiki.plugin.webdav.XWikiDavFilter.doFilter(XWikiDavFilter.java:66) [xwiki-platform-webdav-server-5.0-milestone-1.jar:na] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) [catalina.jar:7.0.37] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) [catalina.jar:7.0.37] at org.xwiki.container.servlet.filters.internal.SavedRequestRestorerFilter.doFilter(SavedRequestRestorerFilter.java:208) [xwiki-platform-container-servlet-5.0-milestone-1.jar:na] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) [catalina.jar:7.0.37] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) [catalina.jar:7.0.37] at org.xwiki.container.servlet.filters.internal.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:111) [xwiki-platform-container-servlet-5.0-milestone-1.jar:na] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) [catalina.jar:7.0.37] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) [catalina.jar:7.0.37] at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222) [catalina.jar:7.0.37] at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123) [catalina.jar:7.0.37] at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472) [catalina.jar:7.0.37] at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171) [catalina.jar:7.0.37] at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99) [catalina.jar:7.0.37] at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:936) [catalina.jar:7.0.37] at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) [catalina.jar:7.0.37] at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407) [catalina.jar:7.0.37] at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1004) [tomcat-coyote.jar:7.0.37] at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589) [tomcat-coyote.jar:7.0.37] at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.run(AprEndpoint.java:1852) [tomcat-coyote.jar:7.0.37] at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source) [na:1.6.0_26] at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) [na:1.6.0_26] at java.lang.Thread.run(Unknown Source) [na:1.6.0_26] 2013-03-18 15:08:19,299 [http://tidevute:9080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPUtils - Looks like [OU=Staff] is not a DN, lets try filter or id 2013-03-18 15:08:19,299 [http://tidevute:9080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConnection - LDAP search: baseDN=[DC=subdomain,DC=domain,DC=com] query=[OU=Staff] attr=[[objectClass, member, uniquemember, sAMAccountName]] ldapScope=[2] 2013-03-18 15:08:19,314 [http://tidevute:9080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPUtils - Probably a organization unit or a search 2013-03-18 15:08:19,346 [http://tidevute:9080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG .p.l.LDAPPluginReferralHandler - Looking for auth for referral to DomainDnsZones.subdomain.domain.com:389 2013-03-18 15:08:19,377 [http://tidevute:9080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPUtils - Found group [OU=Staff] members [null] 2013-03-18 15:08:19,377 [http://tidevute:9080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG u.i.L.XWikiLDAPAuthServiceImpl - Local LDAP authentication failed. com.xpn.xwiki.XWikiException: Error number 8001 in 8: LDAP user username does not belong to LDAP group OU=Staff. at com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticateInContext(XWikiLDAPAuthServiceImpl.java:331) [xwiki-platform-legacy-oldcore-5.0-milestone-1.jar:na] at com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWikiLDAPAuthServiceImpl.java:182) [xwiki-platform-legacy-oldcore-5.0-milestone-1.jar:na] at com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.authenticate(XWikiLDAPAuthServiceImpl.java:129) [xwiki-platform-legacy-oldcore-5.0-milestone-1.jar:na] at com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.authenticate(MyFormAuthenticator.java:273) [xwiki-platform-legacy-oldcore-5.0-milestone-1.jar:na] at com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:193) [xwiki-platform-legacy-oldcore-5.0-milestone-1.jar:na] at com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:175) [xwiki-platform-legacy-oldcore-5.0-milestone-1.jar:na] at com.xpn.xwiki.user.impl.xwiki.XWikiAuthServiceImpl.checkAuth(XWikiAuthServiceImpl.java:240) [xwiki-platform-legacy-oldcore-5.0-milestone-1.jar:na] at com.xpn.xwiki.XWiki.checkAuth(XWiki.java:3631) [xwiki-platform-legacy-oldcore-5.0-milestone-1.jar:na] at com.xpn.xwiki.user.impl.xwiki.XWikiRightServiceImpl.checkAccess(XWikiRightServiceImpl.java:171) [xwiki-platform-legacy-oldcore-5.0-milestone-1.jar:na] at com.xpn.xwiki.XWiki.checkAccess(XWiki.java:3644) [xwiki-platform-legacy-oldcore-5.0-milestone-1.jar:na] at com.xpn.xwiki.XWiki.prepareDocuments(XWiki.java:4690) [xwiki-platform-legacy-oldcore-5.0-milestone-1.jar:na] at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:179) [xwiki-platform-legacy-oldcore-5.0-milestone-1.jar:na] at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:116) [xwiki-platform-legacy-oldcore-5.0-milestone-1.jar:na] at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:431) [struts-1.2.9.jar:1.2.9] at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:236) [struts-1.2.9.jar:1.2.9] at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1196) [struts-1.2.9.jar:1.2.9] at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:432) [struts-1.2.9.jar:1.2.9] at javax.servlet.http.HttpServlet.service(HttpServlet.java:647) [servlet-api.jar:na] at javax.servlet.http.HttpServlet.service(HttpServlet.java:728) [servlet-api.jar:na] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305) [catalina.jar:7.0.37] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) [catalina.jar:7.0.37] at com.xpn.xwiki.web.ActionFilter.doFilter(ActionFilter.java:120) [xwiki-platform-legacy-oldcore-5.0-milestone-1.jar:na] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) [catalina.jar:7.0.37] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) [catalina.jar:7.0.37] at org.xwiki.wysiwyg.server.filter.ConversionFilter.doFilter(ConversionFilter.java:144) [xwiki-platform-wysiwyg-server-5.0-milestone-1.jar:na] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) [catalina.jar:7.0.37] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) [catalina.jar:7.0.37] at com.xpn.xwiki.plugin.webdav.XWikiDavFilter.doFilter(XWikiDavFilter.java:66) [xwiki-platform-webdav-server-5.0-milestone-1.jar:na] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) [catalina.jar:7.0.37] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) [catalina.jar:7.0.37] at org.xwiki.container.servlet.filters.internal.SavedRequestRestorerFilter.doFilter(SavedRequestRestorerFilter.java:208) [xwiki-platform-container-servlet-5.0-milestone-1.jar:na] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) [catalina.jar:7.0.37] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) [catalina.jar:7.0.37] at org.xwiki.container.servlet.filters.internal.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:111) [xwiki-platform-container-servlet-5.0-milestone-1.jar:na] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) [catalina.jar:7.0.37] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) [catalina.jar:7.0.37] at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222) [catalina.jar:7.0.37] at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123) [catalina.jar:7.0.37] at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472) [catalina.jar:7.0.37] at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171) [catalina.jar:7.0.37] at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99) [catalina.jar:7.0.37] at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:936) [catalina.jar:7.0.37] at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) [catalina.jar:7.0.37] at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407) [catalina.jar:7.0.37] at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1004) [tomcat-coyote.jar:7.0.37] at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589) [tomcat-coyote.jar:7.0.37] at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.run(AprEndpoint.java:1852) [tomcat-coyote.jar:7.0.37] at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source) [na:1.6.0_26] at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) [na:1.6.0_26] at java.lang.Thread.run(Unknown Source) [na:1.6.0_26] 2013-03-18 15:08:19,377 [http://tidevute:9080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG u.i.L.XWikiLDAPAuthServiceImpl - Trying authentication against XWiki DB 2013-03-18 15:08:19,392 [http://tidevute:9080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG u.i.L.XWikiLDAPAuthServiceImpl - LDAP authentication failed for user [username] Thanks for any help! -- View this message in context: http://xwiki.475771.n2.nabble.com/Trouble-with-XWiki-Active-Directory-LDAP-Configuration-tp7584331.html Sent from the XWiki- Users mailing list archive at Nabble.com. _______________________________________________ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users