Re: [xwiki-users] Active Directory

Thu, 08 May 2008 05:26:24 -0700 

Uncommenting xwiki.authentication.ldap.validate_password=0 did
nothing.

About ".".

In version 1.1.2, there was no problem connecting to AD using CN
attribute (name surname), and user was automatically created in
XWikiAllGroup. So this is strange that in the newer version that
doesn't work.

Also, nothing changed in our AD. I still can login in XWiki 1.1.2 and
LDAP browser, for example, in both cases using my CN.
 Quoting Thomas Mortagne : Try to uncomment
xwiki.authentication.ldap.validate_password=0
 You should not have 5 as this is used to force login/pass validation
 when you don't connect to LDAP with provided user/pass (bind_DN and
 bind_pass set to an existing ldap user/pass)
 Another thing, in your example you seem to test with a user name
 containing a ".", the LDAP authenticator does not support it yet,
see
 http://jira.xwiki.org/jira/browse/XWIKI-2264
 2008/5/8 Mihails Agafonovs :
 > Here's a pice from xwiki.log:
 >  -----------------------------------------------
 >  java.lang.NullPointerException
 >   at
 > 
com.xpn.xwiki.plugin.lucene.IndexUpdater.run(IndexUpdater.java:209)
 >   at java.lang.Thread.run(Thread.java:619)
 >  2008-05-07 14:11:31,078 [index updating thread] [Thread-20] ERROR
 >  lucene.IndexUpdater             - Writer not open and closeWriter
 >  called
 >  2008-05-07 14:15:49,735
[http://192.168.220.128/xwiki/bin/view/Main]
 >  [TP-Processor3] INFO  .AbstractXWikiMigrationManager  - No
storage
 >  migration required since current version is [7351]
 >  2008-05-07 14:17:37,228
 >  [http://192.168.220.128/xwiki/bin/loginsubmit/XWiki/XWikiLogin]
 >  [TP-Processor3] ERROR LDAP.LDAPAuthServiceImpl        - LDAP Bind
 >  failed with Exception Invalid Credentials
 >  2008-05-07 14:20:29,787
[http://192.168.220.128/xwiki/bin/view/Main]
 >  [TP-Processor3] INFO  .AbstractXWikiMigrationManager  - No
storage
 >  migration required since current version is [7351]
 >  2008-05-07 14:25:32,020 [index updating thread] [Thread-20] ERROR
 >  lucene.IndexUpdater             - IOException when opening Lucene
 >  Index for writing at
 >  /var/lib/tomcat5/webapps/xwiki/WEB-INF/work/lucene
 > 
-------------------------------------------------------------------------------------
 >
 >  And from Wireshark it's the same I pasted in a previous mail. I
can
 >  add the function sequence watched via Wireshark:
 >  1) bindRequest() with domainname.surname
 >  2) bindresponse() - success
 >  3) searchRequest() with dc=domain, dc=com,
 >  sAMAccountName=name.surname
 >  4) searchResEntry() - returns my full correct dn
 >  5) compareRequest() with my full dn and userPassword=mypass
 >  6) LDAP error about no such attribute userPassword
 >  7) unbindRequest()
 >
 >   Quoting Thomas Mortagne : Could be you paste the whole error log
?
 >   2008/5/8 Mihails Agafonovs :
 >
 >
 >  > Again, the same error from LDAP:
 >   >
 >   >  LDAPMessage compareResponse(7) noSuchAttribute (00002080:
AtrErr:
 >   >
 >   > DSID-03080139, #1:
 >   >   0: 00002080: DSID-03080139, problem 1001
(NO_ATTRIBUTE_OR_VAL),
 >  data
 >   >  0, Att 23 (userPassword)
 >   >  )
 >   >
 >   >   Quoting Thomas Mortagne : 2008/5/7 Mihails Agafonovs
 >   >  <[EMAIL PROTECTED]>:
 >   >   > Hi!
 >   >   >
 >   >   >  I've been trying to setup LDAP connection on XWiki
1.3.2.
 >   >  Using
 >   >   >  Wireshark, I've discovered, that LDAP performs
 >  unbindRequest()
 >   >  after
 >   >   >  the following error:
 >   >   >
 >   >   >  LDAPMessage compareResponse(3) noSuchAttribute
(00002080:
 >   >  AtrErr:
 >   >   >  DSID-03080139, #1:
 >   >   >   0: 00002080: DSID-03080139, problem 1001
 >   >
 >   > (NO_ATTRIBUTE_OR_VAL), data
 >   >   >  0, Att 23 (userPassword)
 >   >   >  )
 >   >   >  Here is the configuration:
 >   >   >
 >   >   >  ----------------------------------------------
 >   >   >  xwiki.authentication.ldap=1
 >   >   >  xwiki.authentication.ldap.server=my.domain.com
 >   >   >  xwiki.authentication.ldap.port=389
 >   >   >  xwiki.authentication.ldap.bind_DN={0}
 >   >   >  xwiki.authentication.ldap.bind_pass={1}
 >   >   >  # xwiki.authentication.ldap.validate_password=0
 >   >   >
 >   >
 >   >
 > 
xwiki.authentication.ldap.user_group=ou=Riga,ou=LAT,dc=domain,dc=com
 >   >   >  xwiki.authentication.ldap.base_DN=dc=domain,dc=com
 >   >   >  xwiki.authentication.ldap.UID_attr=cn
 >   >   >
 >   >
 >   >
 > 
xwiki.authentication.ldap.fields_mapping=name=cn,last_name=sn,first_name=givenName,fullname=fullName,email=mail,ldap_dn=dn
 >   >   >  # xwiki.authentication.ldap.update_user=1
 >   >   >
 >   >
 >   >
 > 
xwiki.authentication.ldap.group_mapping=XWiki.XWikiAdminGroup=ou=Riga,ou=LAT,dc=GDNEurope,dc=com|
 >   >   >
 >   >   > 
XWiki.Organisation=cn=testers,ou=groups,o=MegaNova,c=US
 >   >   >  #
xwiki.authentication.ldap.groupcache_expiration=21800
 >   >   >  # xwiki.authentication.ldap.mode_group_sync=always
 >   >   >  xwiki.authentication.ldap.trylocal=1
 >   >
 >   >  I don't know AD very well but,according to
 >   >
 > 
http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication,
 >   >   should't be:
 >   >   xwiki.authentication.ldap.bind_DN=subdomain{0}
 >   >   xwiki.authentication.ldap.UID_attr=sAMAccountName
 >   >
 >   >
 > 
xwiki.authentication.ldap.fields_mapping=name=sAMAccountName,last_name=sn,first_name=givenName,fullname=displayName,mail=mail,ldap_dn=dn
 >   >   ?
 >   >   >  ------------------------------------------------------
 >   >   >
 >   >   >  Any ideas?
 >   >   >
 >   >   >  P.S. If I use in the login form
[EMAIL PROTECTED] or
 >   >   >  domainname.surname as a username, I can login, but
without
 >  any
 >   >   >  rights.
 >   >   >
 >   >   >   Ar cieņu, Mihails
 >   >   >  _______________________________________________
 >   >   >  users mailing list
 >   >   >  [email protected]
 >   >   >  http://lists.xwiki.org/mailman/listinfo/users
 >   >   >
 >   >   --
 >   >   Thomas Mortagne
 >   >
 >   >  _______________________________________________
 >   >   users mailing list
 >   >   [email protected]
 >   >   http://lists.xwiki.org/mailman/listinfo/users
 >   >   Ar cieņu, Mihails
 >   >
 >   >  Links:
 >   >  ------
 >   >  [1] mailto:[EMAIL PROTECTED]
 >   >
 >   >
 >   > _______________________________________________
 >   >  users mailing list
 >   >  [email protected]
 >   >  http://lists.xwiki.org/mailman/listinfo/users
 >   >
 >   --
 >   Thomas Mortagne
 >   _______________________________________________
 >   users mailing list
 >   [email protected]
 >   http://lists.xwiki.org/mailman/listinfo/users
 >   Ar cieņu, Mihails
 >
 >  Links:
 >  ------
 >  [1] mailto:[EMAIL PROTECTED]
 >  _______________________________________________
 >  users mailing list
 >  [email protected]
 >  http://lists.xwiki.org/mailman/listinfo/users
 >
 -- 
 Thomas Mortagne
 _______________________________________________
 users mailing list
 [email protected]
 http://lists.xwiki.org/mailman/listinfo/users
 Ar cieņu, Mihails

Links:
------
[1] mailto:[EMAIL PROTECTED]
_______________________________________________
users mailing list
[email protected]
http://lists.xwiki.org/mailman/listinfo/users

Reply via email to