Try LDAP Browser to find the correct configuration.
I've succeeded in connecting to AD, using the CN attribute, so in
config it would be:
bind_DN={0} /// here the user will type his cn
UID_attr=cn
Quoting werner mueller : hallo
well i am a little stuck. i cant make it work although i copied the
settings from a working example (well another tool but the same
servers). i can only get to 'invalid credentials'
does the server need to be in the same domain as the active
directory to
use the bind_DN=subdomain\{0} bind schema? the server is a linux
machine and is not added to the windows domain.
is there a unit test or little tool or something one could use for
testing? its a little weird its not working.
thanks for any ideas :)
regards
werner
Thomas Mortagne schrieb:
> You can enable "debug" logging, see
> http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Logging
>
> On Wed, Apr 30, 2008 at 1:54 PM, werner mueller
> wrote:
>> Hallo
>>
>> thanks for the quick reply.
>>
>> well the config should work then :/
>> i compared it with the bugzilla / subversion config which uses
the same
>> ldap / active directory auth. the only difference is that they
>> distinguish the bind user with the user to be authenticated. but
in my
>> case even the bind user cannot login.
>>
>>
>> 2008-04-30 13:44:34,891
>>
[http://dev.edoras.ch:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin]
>> [http-8080-Processor24] WARN LDAP.XWikiLDAPAuthServiceImpl -
LDAP
>> authentication failed.
>>
>> com.xpn.xwiki.plugin.ldap.XWikiLDAPException: Error number 0 in
5: LDAP
>> bind failed with LDAPException.
>> Wrapped Exception: Invalid Credentials
>> at
>>
com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:178)
>> at
>>
com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:109)
>> at
>>
com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWikiLDAPAuthServiceImpl.java:194)
>> at
>>
>>
com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.authenticate(XWikiLDAPAuthServiceImpl.java:107)
>> .........
>>
>> Wrapped Exception:
>>
>>
>> LDAPException: Invalid Credentials (49) Invalid Credentials
>> LDAPException: Server Message: 80090308: LdapErr: DSID-0C090334,
>> comment: AcceptSecurityContext error, data 525, vece
>> LDAPException: Matched DN:
>> at
com.novell.ldap.LDAPResponse.getResultException(Unknown Source)
>> at com.novell.ldap.LDAPResponse.chkResultCode(Unknown
Source)
>> at com.novell.ldap.LDAPConnection.chkResultCode(Unknown
Source)
>> at com.novell.ldap.LDAPConnection.bind(Unknown Source)
>> at com.novell.ldap.LDAPConnection.bind(Unknown Source)
>> at
>>
com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:170)
>> at
>>
com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:109)
>> at
>>
com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWikiLDAPAuthServiceImpl.java:194)
>>
>>
>>
>>
>> is there some debug feature i can turn on to get some more
information?
>> or some small test-class to verify the settings? it seems it
uses the
>> login name from the login form but then authentication fails.
>>
>>
>>
>> thanks a lot :)
>> regards
>>
>> werner
>>
>>
>>
>>
>> Thomas Mortagne schrieb:
>> > On Wed, Apr 30, 2008 at 11:55 AM, werner mueller
>> > wrote:
>> >> Hallo
>> >>
>> >> thanks for the reply.
>> >> back to stupid questions:
>> >>
>> >> > #-# LDAP login, empty = anonymous access, otherwise
specify full dn
>> >> > #-# {0} is replaced with the username, {1} with the
password
>> >> >
#xwiki.authentication.ldap.bind_DN=cn={0},department=USER,o=MP
>> >>
>> >> > #xwiki.authentication.ldap.bind_pass={1}
>> >>
>> >> {0} is the username from the login form in xwiki?
>> >> {1} is the password from the login form in xwiki?
>> >
>> > Yes, you really write "{0}" and "{1}" in the configuration and
it will
>> > be replaced at runtime by user/pass provided by user in the
login
>> > form.
>> >
>> >> or are these documentation placeholders to be filled in the
config file
>> >> directly?
>> >>
>> >> thanks :)
>> >>
>> >>
>> >>
>> >> regards
>> >>
>> >> werner
>> >>
>> >>
>> >>
>> >>
>> >> Thomas Mortagne schrieb:
>> >> > On Tue, Apr 29, 2008 at 1:30 PM, werner mueller
>> >> > wrote:
>> >> >> Hallo
>> >> >>
>> >> >> thanks for the hints.
>> >> >>
>> >> >> i tried some other configurations but with no luck. it
seems not every
>> >> >> user is allowed to query the ldap structure. i have to
use a special
>> >> >> user/password to bind xwiki to the active directory.
that user can login
>> >> >> but thats not a solution. aloow everyone to query the ad
is not an
>> >> >> option for us.
>> >> >>
>> >> >> has anyone a working active directory config he or she
could share?
>> >> >>
>> >> >> is it possible to trick xwiki to use a different user to
bind to the AD
>> >> >> and then use username/password from login to process the
login?
>> >> >> i've been doing similar things for bugzilla/ldap using
LDAPbinddn =
>> >> >> cn=,cn=Users,dc=domain,dc=com:
>> >> >
>> >> > Yes and it's the default way to work for LDAP
authenticator. You can
>> >> > see in default xwiki.cfg :
>> >> >
>> >> > #-# LDAP login, empty = anonymous access, otherwise
specify full dn
>> >> > #-# {0} is replaced with the username, {1} with the
password
>> >> >
#xwiki.authentication.ldap.bind_DN=cn={0},department=USER,department=INFORMATIK,department=1230,o=MP
>> >> > #xwiki.authentication.ldap.bind_pass={1}
>> >> >
>> >> > So in your case it would be :
>> >> >
xwiki.authentication.ldap.bind_DN=cn={0},cn=Users,dc=domain,dc=com
>> >> > xwiki.authentication.ldap.bind_pass={1}
>> >> >
>> >> >> btw: yes i am sure its version 1.3.2.9174. its the one
copy pasted from
>> >> >> xwiki. unless its not correct there but that would be
weird.
>> >> >>
>> >> >>
>> >> >> any hints or examples would be cool :)
>> >> >> thanks a lot
>> >> >>
>> >> >> regards
>> >> >>
>> >> >> werner
>> >> >>
>> >> >>
>> >> >>
>> >> >> Thomas Mortagne schrieb:
>> >> >> > Also I think
http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication#HLDAPConfigurationforActiveDirectory
>> >> >> > is based in old LDAP authenticator (see
>> >> >> >
http://platform.xwiki.org/xwiki/bin/view/AdminGuide/AuthenticationLdapOld).
>> >> >> >
>> >> >> > On Thu, Apr 17, 2008 at 7:35 PM, Thomas Mortagne
>> >> >> > wrote:
>> >> >> >> Hi,
>> >> >> >>
>> >> >> >>
>> >> >> >>
>> >> >> >> On Thu, Apr 17, 2008 at 7:02 PM, werner mueller
>> >> >> >> wrote:
>> >> >> >> > hallo
>> >> >> >> >
>> >> >> >> > i am currently trying to setup xwiki on taomcat
5.5/mysql. until now its
>> >> >> >> > doing quite well :)
>> >> >> >> >
>> >> >> >> > my next step is to get ldap authentication
against an active directory
>> >> >> >> > working. i followed
>> >> >> >> >
http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication#HLDAPConfigurationforActiveDirectory
>> >> >> >> > and some postings on the mailing list but i cant
get it to work.
>> >> >> >> >
>> >> >> >> > i either end up with:
>> >> >> >> > com.xpn.xwiki.plugin.ldap.XWikiLDAPException:
Error number 0 in 5: LDAP
>> >> >> >> > bind failed with LDAPException.
>> >> >> >> > Wrapped Exception: Invalid Credentials
>> >> >> >> >
>> >> >> >> > or worse (with in my eyes the propper config):
>> >> >> >> > WARN LDAP.XWikiLDAPAuthS
>> >> >> >> > erviceImpl - LDAP authentication failed.
>> >> >> >> > java.lang.NullPointerException
>> >> >> >> > at
>> >> >> >> >
com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWikiLDAPAuthServiceImpl.java:256)
>> >> >> >> > at
>> >> >> >> >
com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.authenticate(XWikiLDAPAuthServiceImpl.java:107)
>> >> >> >> > at
>> >> >> >> >
com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.authenticate(MyFormAuthenticator.java:194)
>> >> >> >> > at
>> >> >> >> >
com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:127)
>> >> >> >> > at
>> >> >> >> >
com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:112)
>> >> >> >> > at
>> >> >> >> >
com.xpn.xwiki.user.impl.xwiki.XWikiAuthServiceImpl.checkAuth(XWikiAuthServiceImpl.java:214)
>> >> >> >> > at
com.xpn.xwiki.XWiki.checkAuth(XWiki.java:3307)
>> >> >> >> > at
>> >> >> >> >
com.xpn.xwiki.user.impl.xwiki.XWikiRightServiceImpl.checkAccess(XWikiRightServiceImpl.java:136)
>> >> >> >> > at
com.xpn.xwiki.XWiki.checkAccess(XWiki.java:3315)
>> >> >> >> > at
com.xpn.xwiki.XWiki.prepareDocuments(XWiki.java:4259)
>> >> >> >> > at
com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:173)
>> >> >> >> > ...
>> >> >> >>
>> >> >> >> Could you copy/paste your configuration.
>> >> >> >>
>> >> >> >>
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > i've done ldap auth on several other tools
(apache/subversion,
>> >> >> >> > bugzilla). there i used two accounts: one allowed
to bind to the active
>> >> >> >> > directory and do searches and the useraccount
itself.
>> >> >> >> >
>> >> >> >> > in the xwiki config i can only see the user
logging in is used to bind
>> >> >> >> > to the ldap server?
>> >> >> >>
>> >> >> >> You can define a user able to bind to the active
directory using
>> >> >> >> "bind_DN" and "bind_pass" properties and it will
search for provided
>> >> >> >> login in ldap based on "UID_attr" property
>> >> >> >>
>> >> >> >>
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > is the documentation current for xwiki
1.3.2.9174? or can someone give
>> >> >> >> > me a hint to make this work?
>> >> >> >>
>> >> >> >> Are you sure you use xwiki-core 1.3.2 version, I
can't find in the
>> >> >> >> code what could make NullPointerException at
>> >> >> >> XWikiLDAPAuthServiceImpl.java:256
>> >> >> >>
>> >> >> >>
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > thanks a lot
>> >> >> >> > regards
>> >> >> >> >
>> >> >> >> > werner
>> >> >> >> >
>> >> >> >> > _______________________________________________
>> >> >> >> > users mailing list
>> >> >> >> > [email protected]
>> >> >> >> > http://lists.xwiki.org/mailman/listinfo/users
>> >> >> >> >
>> >> >> >>
>> >> >> >>
>> >> >> >>
>> >> >> >> --
>> >> >> >> Thomas Mortagne
>> >> >> >>
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >>
>> >> >> _______________________________________________
>> >> >> users mailing list
>> >> >> [email protected]
>> >> >> http://lists.xwiki.org/mailman/listinfo/users
>> >> >>
>> >> >
>> >> >
>> >> >
>> >>
>> >> _______________________________________________
>> >> users mailing list
>> >> [email protected]
>> >> http://lists.xwiki.org/mailman/listinfo/users
>> >>
>> >
>> >
>> >
>>
>> _______________________________________________
>> users mailing list
>> [email protected]
>> http://lists.xwiki.org/mailman/listinfo/users
>>
>
>
>
_______________________________________________
users mailing list
[email protected]
http://lists.xwiki.org/mailman/listinfo/users
Ar cieņu, Mihails
Links:
------
[1] mailto:[EMAIL PROTECTED]
_______________________________________________
users mailing list
[email protected]
http://lists.xwiki.org/mailman/listinfo/users
