hallo
well i am a little stuck. i cant make it work although i copied the
settings from a working example (well another tool but the same
servers). i can only get to 'invalid credentials'
does the server need to be in the same domain as the active directory to
use the bind_DN=subdomain\\{0} bind schema? the server is a linux
machine and is not added to the windows domain.
is there a unit test or little tool or something one could use for
testing? its a little weird its not working.
thanks for any ideas :)
regards
werner
Thomas Mortagne schrieb:
> You can enable "debug" logging, see
> http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Logging
>
> On Wed, Apr 30, 2008 at 1:54 PM, werner mueller
> <[EMAIL PROTECTED]> wrote:
>> Hallo
>>
>> thanks for the quick reply.
>>
>> well the config should work then :/
>> i compared it with the bugzilla / subversion config which uses the same
>> ldap / active directory auth. the only difference is that they
>> distinguish the bind user with the user to be authenticated. but in my
>> case even the bind user cannot login.
>>
>>
>> 2008-04-30 13:44:34,891
>> [http://dev.edoras.ch:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin]
>> [http-8080-Processor24] WARN LDAP.XWikiLDAPAuthServiceImpl - LDAP
>> authentication failed.
>>
>> com.xpn.xwiki.plugin.ldap.XWikiLDAPException: Error number 0 in 5: LDAP
>> bind failed with LDAPException.
>> Wrapped Exception: Invalid Credentials
>> at
>>
>> com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:178)
>> at
>>
>> com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:109)
>> at
>>
>> com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWikiLDAPAuthServiceImpl.java:194)
>> at
>>
>> com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.authenticate(XWikiLDAPAuthServiceImpl.java:107)
>> .........
>>
>> Wrapped Exception:
>>
>>
>> LDAPException: Invalid Credentials (49) Invalid Credentials
>> LDAPException: Server Message: 80090308: LdapErr: DSID-0C090334,
>> comment: AcceptSecurityContext error, data 525, vece
>> LDAPException: Matched DN:
>> at com.novell.ldap.LDAPResponse.getResultException(Unknown Source)
>> at com.novell.ldap.LDAPResponse.chkResultCode(Unknown Source)
>> at com.novell.ldap.LDAPConnection.chkResultCode(Unknown Source)
>> at com.novell.ldap.LDAPConnection.bind(Unknown Source)
>> at com.novell.ldap.LDAPConnection.bind(Unknown Source)
>> at
>>
>> com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:170)
>> at
>>
>> com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:109)
>> at
>>
>> com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWikiLDAPAuthServiceImpl.java:194)
>>
>>
>>
>>
>> is there some debug feature i can turn on to get some more information?
>> or some small test-class to verify the settings? it seems it uses the
>> login name from the login form but then authentication fails.
>>
>>
>>
>> thanks a lot :)
>> regards
>>
>> werner
>>
>>
>>
>>
>> Thomas Mortagne schrieb:
>> > On Wed, Apr 30, 2008 at 11:55 AM, werner mueller
>> > <[EMAIL PROTECTED]> wrote:
>> >> Hallo
>> >>
>> >> thanks for the reply.
>> >> back to stupid questions:
>> >>
>> >> > #-# LDAP login, empty = anonymous access, otherwise specify full dn
>> >> > #-# {0} is replaced with the username, {1} with the password
>> >> > #xwiki.authentication.ldap.bind_DN=cn={0},department=USER,o=MP
>> >>
>> >> > #xwiki.authentication.ldap.bind_pass={1}
>> >>
>> >> {0} is the username from the login form in xwiki?
>> >> {1} is the password from the login form in xwiki?
>> >
>> > Yes, you really write "{0}" and "{1}" in the configuration and it will
>> > be replaced at runtime by user/pass provided by user in the login
>> > form.
>> >
>> >> or are these documentation placeholders to be filled in the config file
>> >> directly?
>> >>
>> >> thanks :)
>> >>
>> >>
>> >>
>> >> regards
>> >>
>> >> werner
>> >>
>> >>
>> >>
>> >>
>> >> Thomas Mortagne schrieb:
>> >> > On Tue, Apr 29, 2008 at 1:30 PM, werner mueller
>> >> > <[EMAIL PROTECTED]> wrote:
>> >> >> Hallo
>> >> >>
>> >> >> thanks for the hints.
>> >> >>
>> >> >> i tried some other configurations but with no luck. it seems not
>> every
>> >> >> user is allowed to query the ldap structure. i have to use a special
>> >> >> user/password to bind xwiki to the active directory. that user can
>> login
>> >> >> but thats not a solution. aloow everyone to query the ad is not an
>> >> >> option for us.
>> >> >>
>> >> >> has anyone a working active directory config he or she could share?
>> >> >>
>> >> >> is it possible to trick xwiki to use a different user to bind to
>> the AD
>> >> >> and then use username/password from login to process the login?
>> >> >> i've been doing similar things for bugzilla/ldap using LDAPbinddn =
>> >> >> cn=<LDAPQUERYUSERNAME>,cn=Users,dc=domain,dc=com:<LDAPQUERYPASSWORD>
>> >> >
>> >> > Yes and it's the default way to work for LDAP authenticator. You can
>> >> > see in default xwiki.cfg :
>> >> >
>> >> > #-# LDAP login, empty = anonymous access, otherwise specify full dn
>> >> > #-# {0} is replaced with the username, {1} with the password
>> >> >
>> #xwiki.authentication.ldap.bind_DN=cn={0},department=USER,department=INFORMATIK,department=1230,o=MP
>> >> > #xwiki.authentication.ldap.bind_pass={1}
>> >> >
>> >> > So in your case it would be :
>> >> > xwiki.authentication.ldap.bind_DN=cn={0},cn=Users,dc=domain,dc=com
>> >> > xwiki.authentication.ldap.bind_pass={1}
>> >> >
>> >> >> btw: yes i am sure its version 1.3.2.9174. its the one copy pasted
>> from
>> >> >> xwiki. unless its not correct there but that would be weird.
>> >> >>
>> >> >>
>> >> >> any hints or examples would be cool :)
>> >> >> thanks a lot
>> >> >>
>> >> >> regards
>> >> >>
>> >> >> werner
>> >> >>
>> >> >>
>> >> >>
>> >> >> Thomas Mortagne schrieb:
>> >> >> > Also I think
>> http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication#HLDAPConfigurationforActiveDirectory
>> >> >> > is based in old LDAP authenticator (see
>> >> >> >
>> http://platform.xwiki.org/xwiki/bin/view/AdminGuide/AuthenticationLdapOld).
>> >> >> >
>> >> >> > On Thu, Apr 17, 2008 at 7:35 PM, Thomas Mortagne
>> >> >> > <[EMAIL PROTECTED]> wrote:
>> >> >> >> Hi,
>> >> >> >>
>> >> >> >>
>> >> >> >>
>> >> >> >> On Thu, Apr 17, 2008 at 7:02 PM, werner mueller
>> >> >> >> <[EMAIL PROTECTED]> wrote:
>> >> >> >> > hallo
>> >> >> >> >
>> >> >> >> > i am currently trying to setup xwiki on taomcat 5.5/mysql.
>> until now its
>> >> >> >> > doing quite well :)
>> >> >> >> >
>> >> >> >> > my next step is to get ldap authentication against an active
>> directory
>> >> >> >> > working. i followed
>> >> >> >> >
>> http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication#HLDAPConfigurationforActiveDirectory
>> >> >> >> > and some postings on the mailing list but i cant get it to
>> work.
>> >> >> >> >
>> >> >> >> > i either end up with:
>> >> >> >> > com.xpn.xwiki.plugin.ldap.XWikiLDAPException: Error number 0
>> in 5: LDAP
>> >> >> >> > bind failed with LDAPException.
>> >> >> >> > Wrapped Exception: Invalid Credentials
>> >> >> >> >
>> >> >> >> > or worse (with in my eyes the propper config):
>> >> >> >> > WARN LDAP.XWikiLDAPAuthS
>> >> >> >> > erviceImpl - LDAP authentication failed.
>> >> >> >> > java.lang.NullPointerException
>> >> >> >> > at
>> >> >> >> >
>> com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWikiLDAPAuthServiceImpl.java:256)
>> >> >> >> > at
>> >> >> >> >
>> com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.authenticate(XWikiLDAPAuthServiceImpl.java:107)
>> >> >> >> > at
>> >> >> >> >
>> com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.authenticate(MyFormAuthenticator.java:194)
>> >> >> >> > at
>> >> >> >> >
>> com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:127)
>> >> >> >> > at
>> >> >> >> >
>> com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:112)
>> >> >> >> > at
>> >> >> >> >
>> com.xpn.xwiki.user.impl.xwiki.XWikiAuthServiceImpl.checkAuth(XWikiAuthServiceImpl.java:214)
>> >> >> >> > at com.xpn.xwiki.XWiki.checkAuth(XWiki.java:3307)
>> >> >> >> > at
>> >> >> >> >
>> com.xpn.xwiki.user.impl.xwiki.XWikiRightServiceImpl.checkAccess(XWikiRightServiceImpl.java:136)
>> >> >> >> > at com.xpn.xwiki.XWiki.checkAccess(XWiki.java:3315)
>> >> >> >> > at
>> com.xpn.xwiki.XWiki.prepareDocuments(XWiki.java:4259)
>> >> >> >> > at
>> com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:173)
>> >> >> >> > ...
>> >> >> >>
>> >> >> >> Could you copy/paste your configuration.
>> >> >> >>
>> >> >> >>
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > i've done ldap auth on several other tools
>> (apache/subversion,
>> >> >> >> > bugzilla). there i used two accounts: one allowed to bind to
>> the active
>> >> >> >> > directory and do searches and the useraccount itself.
>> >> >> >> >
>> >> >> >> > in the xwiki config i can only see the user logging in is
>> used to bind
>> >> >> >> > to the ldap server?
>> >> >> >>
>> >> >> >> You can define a user able to bind to the active directory using
>> >> >> >> "bind_DN" and "bind_pass" properties and it will search for
>> provided
>> >> >> >> login in ldap based on "UID_attr" property
>> >> >> >>
>> >> >> >>
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > is the documentation current for xwiki 1.3.2.9174? or can
>> someone give
>> >> >> >> > me a hint to make this work?
>> >> >> >>
>> >> >> >> Are you sure you use xwiki-core 1.3.2 version, I can't find in
>> the
>> >> >> >> code what could make NullPointerException at
>> >> >> >> XWikiLDAPAuthServiceImpl.java:256
>> >> >> >>
>> >> >> >>
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > thanks a lot
>> >> >> >> > regards
>> >> >> >> >
>> >> >> >> > werner
>> >> >> >> >
>> >> >> >> > _______________________________________________
>> >> >> >> > users mailing list
>> >> >> >> > [email protected]
>> >> >> >> > http://lists.xwiki.org/mailman/listinfo/users
>> >> >> >> >
>> >> >> >>
>> >> >> >>
>> >> >> >>
>> >> >> >> --
>> >> >> >> Thomas Mortagne
>> >> >> >>
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >>
>> >> >> _______________________________________________
>> >> >> users mailing list
>> >> >> [email protected]
>> >> >> http://lists.xwiki.org/mailman/listinfo/users
>> >> >>
>> >> >
>> >> >
>> >> >
>> >>
>> >> _______________________________________________
>> >> users mailing list
>> >> [email protected]
>> >> http://lists.xwiki.org/mailman/listinfo/users
>> >>
>> >
>> >
>> >
>>
>> _______________________________________________
>> users mailing list
>> [email protected]
>> http://lists.xwiki.org/mailman/listinfo/users
>>
>
>
>
_______________________________________________
users mailing list
[email protected]
http://lists.xwiki.org/mailman/listinfo/users
