You can enable "debug" logging, see http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Logging
On Wed, Apr 30, 2008 at 1:54 PM, werner mueller <[EMAIL PROTECTED]> wrote: > Hallo > > thanks for the quick reply. > > well the config should work then :/ > i compared it with the bugzilla / subversion config which uses the same > ldap / active directory auth. the only difference is that they > distinguish the bind user with the user to be authenticated. but in my > case even the bind user cannot login. > > > 2008-04-30 13:44:34,891 > [http://dev.edoras.ch:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] > [http-8080-Processor24] WARN LDAP.XWikiLDAPAuthServiceImpl - LDAP > authentication failed. > > com.xpn.xwiki.plugin.ldap.XWikiLDAPException: Error number 0 in 5: LDAP > bind failed with LDAPException. > Wrapped Exception: Invalid Credentials > at > > com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:178) > at > > com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:109) > at > > com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWikiLDAPAuthServiceImpl.java:194) > at > > com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.authenticate(XWikiLDAPAuthServiceImpl.java:107) > ......... > > Wrapped Exception: > > > LDAPException: Invalid Credentials (49) Invalid Credentials > LDAPException: Server Message: 80090308: LdapErr: DSID-0C090334, > comment: AcceptSecurityContext error, data 525, vece > LDAPException: Matched DN: > at com.novell.ldap.LDAPResponse.getResultException(Unknown Source) > at com.novell.ldap.LDAPResponse.chkResultCode(Unknown Source) > at com.novell.ldap.LDAPConnection.chkResultCode(Unknown Source) > at com.novell.ldap.LDAPConnection.bind(Unknown Source) > at com.novell.ldap.LDAPConnection.bind(Unknown Source) > at > > com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:170) > at > > com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:109) > at > > com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWikiLDAPAuthServiceImpl.java:194) > > > > > is there some debug feature i can turn on to get some more information? > or some small test-class to verify the settings? it seems it uses the > login name from the login form but then authentication fails. > > > > thanks a lot :) > regards > > werner > > > > > Thomas Mortagne schrieb: > > On Wed, Apr 30, 2008 at 11:55 AM, werner mueller > > <[EMAIL PROTECTED]> wrote: > >> Hallo > >> > >> thanks for the reply. > >> back to stupid questions: > >> > >> > #-# LDAP login, empty = anonymous access, otherwise specify full dn > >> > #-# {0} is replaced with the username, {1} with the password > >> > #xwiki.authentication.ldap.bind_DN=cn={0},department=USER,o=MP > >> > >> > #xwiki.authentication.ldap.bind_pass={1} > >> > >> {0} is the username from the login form in xwiki? > >> {1} is the password from the login form in xwiki? > > > > Yes, you really write "{0}" and "{1}" in the configuration and it will > > be replaced at runtime by user/pass provided by user in the login > > form. > > > >> or are these documentation placeholders to be filled in the config file > >> directly? > >> > >> thanks :) > >> > >> > >> > >> regards > >> > >> werner > >> > >> > >> > >> > >> Thomas Mortagne schrieb: > >> > On Tue, Apr 29, 2008 at 1:30 PM, werner mueller > >> > <[EMAIL PROTECTED]> wrote: > >> >> Hallo > >> >> > >> >> thanks for the hints. > >> >> > >> >> i tried some other configurations but with no luck. it seems not > every > >> >> user is allowed to query the ldap structure. i have to use a special > >> >> user/password to bind xwiki to the active directory. that user can > login > >> >> but thats not a solution. aloow everyone to query the ad is not an > >> >> option for us. > >> >> > >> >> has anyone a working active directory config he or she could share? > >> >> > >> >> is it possible to trick xwiki to use a different user to bind to the > AD > >> >> and then use username/password from login to process the login? > >> >> i've been doing similar things for bugzilla/ldap using LDAPbinddn = > >> >> cn=<LDAPQUERYUSERNAME>,cn=Users,dc=domain,dc=com:<LDAPQUERYPASSWORD> > >> > > >> > Yes and it's the default way to work for LDAP authenticator. You can > >> > see in default xwiki.cfg : > >> > > >> > #-# LDAP login, empty = anonymous access, otherwise specify full dn > >> > #-# {0} is replaced with the username, {1} with the password > >> > > #xwiki.authentication.ldap.bind_DN=cn={0},department=USER,department=INFORMATIK,department=1230,o=MP > >> > #xwiki.authentication.ldap.bind_pass={1} > >> > > >> > So in your case it would be : > >> > xwiki.authentication.ldap.bind_DN=cn={0},cn=Users,dc=domain,dc=com > >> > xwiki.authentication.ldap.bind_pass={1} > >> > > >> >> btw: yes i am sure its version 1.3.2.9174. its the one copy pasted > from > >> >> xwiki. unless its not correct there but that would be weird. > >> >> > >> >> > >> >> any hints or examples would be cool :) > >> >> thanks a lot > >> >> > >> >> regards > >> >> > >> >> werner > >> >> > >> >> > >> >> > >> >> Thomas Mortagne schrieb: > >> >> > Also I think > http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication#HLDAPConfigurationforActiveDirectory > >> >> > is based in old LDAP authenticator (see > >> >> > > http://platform.xwiki.org/xwiki/bin/view/AdminGuide/AuthenticationLdapOld). > >> >> > > >> >> > On Thu, Apr 17, 2008 at 7:35 PM, Thomas Mortagne > >> >> > <[EMAIL PROTECTED]> wrote: > >> >> >> Hi, > >> >> >> > >> >> >> > >> >> >> > >> >> >> On Thu, Apr 17, 2008 at 7:02 PM, werner mueller > >> >> >> <[EMAIL PROTECTED]> wrote: > >> >> >> > hallo > >> >> >> > > >> >> >> > i am currently trying to setup xwiki on taomcat 5.5/mysql. > until now its > >> >> >> > doing quite well :) > >> >> >> > > >> >> >> > my next step is to get ldap authentication against an active > directory > >> >> >> > working. i followed > >> >> >> > > http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication#HLDAPConfigurationforActiveDirectory > >> >> >> > and some postings on the mailing list but i cant get it to > work. > >> >> >> > > >> >> >> > i either end up with: > >> >> >> > com.xpn.xwiki.plugin.ldap.XWikiLDAPException: Error number 0 > in 5: LDAP > >> >> >> > bind failed with LDAPException. > >> >> >> > Wrapped Exception: Invalid Credentials > >> >> >> > > >> >> >> > or worse (with in my eyes the propper config): > >> >> >> > WARN LDAP.XWikiLDAPAuthS > >> >> >> > erviceImpl - LDAP authentication failed. > >> >> >> > java.lang.NullPointerException > >> >> >> > at > >> >> >> > > com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWikiLDAPAuthServiceImpl.java:256) > >> >> >> > at > >> >> >> > > com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.authenticate(XWikiLDAPAuthServiceImpl.java:107) > >> >> >> > at > >> >> >> > > com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.authenticate(MyFormAuthenticator.java:194) > >> >> >> > at > >> >> >> > > com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:127) > >> >> >> > at > >> >> >> > > com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:112) > >> >> >> > at > >> >> >> > > com.xpn.xwiki.user.impl.xwiki.XWikiAuthServiceImpl.checkAuth(XWikiAuthServiceImpl.java:214) > >> >> >> > at com.xpn.xwiki.XWiki.checkAuth(XWiki.java:3307) > >> >> >> > at > >> >> >> > > com.xpn.xwiki.user.impl.xwiki.XWikiRightServiceImpl.checkAccess(XWikiRightServiceImpl.java:136) > >> >> >> > at com.xpn.xwiki.XWiki.checkAccess(XWiki.java:3315) > >> >> >> > at > com.xpn.xwiki.XWiki.prepareDocuments(XWiki.java:4259) > >> >> >> > at > com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:173) > >> >> >> > ... > >> >> >> > >> >> >> Could you copy/paste your configuration. > >> >> >> > >> >> >> > >> >> >> > > >> >> >> > > >> >> >> > i've done ldap auth on several other tools (apache/subversion, > >> >> >> > bugzilla). there i used two accounts: one allowed to bind to > the active > >> >> >> > directory and do searches and the useraccount itself. > >> >> >> > > >> >> >> > in the xwiki config i can only see the user logging in is > used to bind > >> >> >> > to the ldap server? > >> >> >> > >> >> >> You can define a user able to bind to the active directory using > >> >> >> "bind_DN" and "bind_pass" properties and it will search for > provided > >> >> >> login in ldap based on "UID_attr" property > >> >> >> > >> >> >> > >> >> >> > > >> >> >> > > >> >> >> > is the documentation current for xwiki 1.3.2.9174? or can > someone give > >> >> >> > me a hint to make this work? > >> >> >> > >> >> >> Are you sure you use xwiki-core 1.3.2 version, I can't find in > the > >> >> >> code what could make NullPointerException at > >> >> >> XWikiLDAPAuthServiceImpl.java:256 > >> >> >> > >> >> >> > >> >> >> > > >> >> >> > > >> >> >> > thanks a lot > >> >> >> > regards > >> >> >> > > >> >> >> > werner > >> >> >> > > >> >> >> > _______________________________________________ > >> >> >> > users mailing list > >> >> >> > [email protected] > >> >> >> > http://lists.xwiki.org/mailman/listinfo/users > >> >> >> > > >> >> >> > >> >> >> > >> >> >> > >> >> >> -- > >> >> >> Thomas Mortagne > >> >> >> > >> >> > > >> >> > > >> >> > > >> >> > >> >> _______________________________________________ > >> >> users mailing list > >> >> [email protected] > >> >> http://lists.xwiki.org/mailman/listinfo/users > >> >> > >> > > >> > > >> > > >> > >> _______________________________________________ > >> users mailing list > >> [email protected] > >> http://lists.xwiki.org/mailman/listinfo/users > >> > > > > > > > > _______________________________________________ > users mailing list > [email protected] > http://lists.xwiki.org/mailman/listinfo/users > -- Thomas Mortagne _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users
