I understand, that it searches for cn... But seems it doesn't work for the ou attribute. Hopefully, in our company we have also a group with cn attribute, so I've fixed that already. Quoting Thomas Mortagne : On Mon, May 12, 2008 at 12:34 PM, Mihails Agafonovs wrote: > Here's the log: > > 2008-05-12 13:27:05,076 [http://localhost/xwiki/bin/view/Main] > [TP-Processor3] INFO .AbstractXWikiMigrationManager - No storage > > migration required since current version is [7351] > 2008-05-12 13:27:31,563 > [http://localhost/xwiki/bin/loginsubmit/XWiki/XWikiLogin] > [TP-Processor1] ERROR ldap.XWikiLDAPUtils - Could not find > attribute cn for LDAP dn > ou=Enterprise,ou=Users,ou=RRR,ou=LAT,dc=domain,dc=com This error is returned by LDAP serveur saying that you try to use "cn" attribute which does not exists in the targetted object (ou=Enterprise,ou=Users,ou=RRR,ou=LAT,dc=domain,dc=com). I don't have Active Directory so I can't check this... > 2008-05-12 13:27:31,630 > [http://localhost/xwiki/bin/loginsubmit/XWiki/XWikiLogin] > [TP-Processor1] WARN LDAP.XWikiLDAPAuthServiceImpl - LDAP > authentication failed. > Quoting Thomas Mortagne : I means what to you have in the log, the > stack trace etc... > > > On Fri, May 9, 2008 at 12:22 PM, Mihails Agafonovs wrote: > > errorMessage: 0000203D: LdapErr: DSID-0C090C7D, comment: Unknown > > extended request OID, data 0, vece > > Quoting Thomas Mortagne : On Thu, May 8, 2008 at 4:49 PM, Mihails > > Agafonovs wrote: > > > You were right - I was using the old authenticator. Thanks! > > > > > > Now I can log in, but I'm not created in any group. Also, if I > > enable > > > extended search (when only users of the specified AD group will > be > > > verified), the LDAP throws error. > > Which error exactly ? > > > Quoting Thomas Mortagne : Which LDAP authenticator > > > (xwiki.authentication.ldap.authclass) do you > > > use ? If it's com.xpn.xwiki.user.impl.LDAP.LDAPAuthServiceImpl > or > > if > > > you did not configured xwiki.authentication.ldap.authclass > forgot > > > pretty much all I said as I spoke about the new (since 1.3) > LDAP > > > authenticator > > > > > > (xwiki.authentication.ldap.authclass=com.xpn.xwiki.ldap.authentication.XWikiLDAPAuthServiceImpl)... > > > 2008/5/8 Mihails Agafonovs <[EMAIL PROTECTED]>: > > > > Uncommenting > xwiki.authentication.ldap.validate_password=0 > > did > > > > nothing. > > > > > > > > About ".". > > > > > > > > In version 1.1.2, there was no problem connecting to AD > > using > > > CN > > > > attribute (name surname), and user was automatically > > created > > > in > > > > XWikiAllGroup. So this is strange that in the newer > version > > > that > > > > doesn't work. > > > > > > > > Also, nothing changed in our AD. I still can login in > XWiki > > > 1.1.2 and > > > > LDAP browser, for example, in both cases using my CN. > > > > Quoting Thomas Mortagne : Try to uncomment > > > > > > > > xwiki.authentication.ldap.validate_password=0 > > > > You should not have 5 as this is used to force > login/pass > > > validation > > > > when you don't connect to LDAP with provided user/pass > > > (bind_DN and > > > > bind_pass set to an existing ldap user/pass) > > > > Another thing, in your example you seem to test with a > > user > > > name > > > > containing a ".", the LDAP authenticator does > > not > > > support it yet, > > > > see > > > > http://jira.xwiki.org/jira/browse/XWIKI-2264 > > > > 2008/5/8 Mihails Agafonovs : > > > > > > > > > > > > > Here's a pice from xwiki.log: > > > > > ----------------------------------------------- > > > > > java.lang.NullPointerException > > > > > at > > > > > > > > > > > > > > > com.xpn.xwiki.plugin.lucene.IndexUpdater.run(IndexUpdater.java:209) > > > > > at java.lang.Thread.run(Thread.java:619) > > > > > 2008-05-07 14:11:31,078 [index updating thread] > > > [Thread-20] ERROR > > > > > lucene.IndexUpdater - Writer not open > > and > > > closeWriter > > > > > called > > > > > 2008-05-07 14:15:49,735 > > > > [http://192.168.220.128/xwiki/bin/view/Main] > > > > > [TP-Processor3] INFO > .AbstractXWikiMigrationManager > > - > > > No > > > > storage > > > > > migration required since current version is > [7351] > > > > > 2008-05-07 14:17:37,228 > > > > > > > > [http://192.168.220.128/xwiki/bin/loginsubmit/XWiki/XWikiLogin] > > > > > [TP-Processor3] ERROR LDAP.LDAPAuthServiceImpl > > - > > > LDAP Bind > > > > > failed with Exception Invalid Credentials > > > > > 2008-05-07 14:20:29,787 > > > > [http://192.168.220.128/xwiki/bin/view/Main] > > > > > [TP-Processor3] INFO > .AbstractXWikiMigrationManager > > - > > > No > > > > storage > > > > > migration required since current version is > [7351] > > > > > 2008-05-07 14:25:32,020 [index updating thread] > > > [Thread-20] ERROR > > > > > lucene.IndexUpdater - IOException > when > > > opening Lucene > > > > > Index for writing at > > > > > > /var/lib/tomcat5/webapps/xwiki/WEB-INF/work/lucene > > > > > > > > > > > > > > > ------------------------------------------------------------------------------------- > > > > > > > > > > And from Wireshark it's the same I pasted in a > > previous > > > mail. I > > > > can > > > > > add the function sequence watched via Wireshark: > > > > > 1) bindRequest() with domainname.surname > > > > > 2) bindresponse() - success > > > > > 3) searchRequest() with dc=domain, dc=com, > > > > > sAMAccountName=name.surname > > > > > 4) searchResEntry() - returns my full correct dn > > > > > 5) compareRequest() with my full dn and > > > userPassword=mypass > > > > > 6) LDAP error about no such attribute > userPassword > > > > > 7) unbindRequest() > > > > > > > > > > Quoting Thomas Mortagne : Could be you paste the > > whole > > > error log > > > > ? > > > > > 2008/5/8 Mihails Agafonovs : > > > > > > > > > > > > > > > > Again, the same error from LDAP: > > > > > > > > > > > > LDAPMessage compareResponse(7) > > noSuchAttribute > > > (00002080: > > > > AtrErr: > > > > > > > > > > > > DSID-03080139, #1: > > > > > > 0: 00002080: DSID-03080139, problem 1001 > > > > (NO_ATTRIBUTE_OR_VAL), > > > > > data > > > > > > 0, Att 23 (userPassword) > > > > > > ) > > > > > > > > > > > > Quoting Thomas Mortagne : 2008/5/7 > Mihails > > > Agafonovs > > > > > > &lt;[EMAIL PROTECTED]&gt;: > > > > > > &gt; Hi! > > > > > > &gt; > > > > > > &gt; I've been trying to setup LDAP > > > connection on XWiki > > > > 1.3.2. > > > > > > Using > > > > > > &gt; Wireshark, I've discovered, > that > > LDAP > > > performs > > > > > unbindRequest() > > > > > > after > > > > > > &gt; the following error: > > > > > > &gt; > > > > > > &gt; LDAPMessage compareResponse(3) > > > noSuchAttribute > > > > (00002080: > > > > > > AtrErr: > > > > > > &gt; DSID-03080139, #1: > > > > > > &gt; 0: 00002080: DSID-03080139, > > problem > > > 1001 > > > > > > > > > > > > (NO_ATTRIBUTE_OR_VAL), data > > > > > > &gt; 0, Att 23 (userPassword) > > > > > > &gt; ) > > > > > > &gt; Here is the configuration: > > > > > > &gt; > > > > > > &gt; > > > ---------------------------------------------- > > > > > > &gt; xwiki.authentication.ldap=1 > > > > > > &gt; > > > xwiki.authentication.ldap.server=my.domain.com > > > > > > &gt; > xwiki.authentication.ldap.port=389 > > > > > > &gt; > > xwiki.authentication.ldap.bind_DN={0} > > > > > > &gt; > > > xwiki.authentication.ldap.bind_pass={1} > > > > > > &gt; # > > > xwiki.authentication.ldap.validate_password=0 > > > > > > &gt; > > > > > > > > > > > > > > > > > > > > > > > > > > > xwiki.authentication.ldap.user_group=ou=Riga,ou=LAT,dc=domain,dc=com > > > > > > &gt; > > > xwiki.authentication.ldap.base_DN=dc=domain,dc=com > > > > > > &gt; > > xwiki.authentication.ldap.UID_attr=cn > > > > > > &gt; > > > > > > > > > > > > > > > > > > > > > > > > > > > xwiki.authentication.ldap.fields_mapping=name=cn,last_name=sn,first_name=givenName,fullname=fullName,email=mail,ldap_dn=dn > > > > > > &gt; # > > > xwiki.authentication.ldap.update_user=1 > > > > > > &gt; > > > > > > > > > > > > > > > > > > > > > > > > > > > xwiki.authentication.ldap.group_mapping=XWiki.XWikiAdminGroup=ou=Riga,ou=LAT,dc=GDNEurope,dc=com| > > > > > > &gt; > > > > > > &gt; > > > > XWiki.Organisation=cn=testers,ou=groups,o=MegaNova,c=US > > > > > > &gt; # > > > > xwiki.authentication.ldap.groupcache_expiration=21800 > > > > > > &gt; # > > > xwiki.authentication.ldap.mode_group_sync=always > > > > > > &gt; > > xwiki.authentication.ldap.trylocal=1 > > > > > > > > > > > > I don't know AD very well but,according to > > > > > > > > > > > > > > > > > > > > > http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication, > > > > > > should't be: > > > > > > > > xwiki.authentication.ldap.bind_DN=subdomain{0} > > > > > > > > > xwiki.authentication.ldap.UID_attr=sAMAccountName > > > > > > > > > > > > > > > > > > > > > > > > > > > xwiki.authentication.ldap.fields_mapping=name=sAMAccountName,last_name=sn,first_name=givenName,fullname=displayName,mail=mail,ldap_dn=dn > > > > > > ? > > > > > > &gt; > > > ------------------------------------------------------ > > > > > > &gt; > > > > > > &gt; Any ideas? > > > > > > &gt; > > > > > > &gt; P.S. If I use in the login form > > > > [EMAIL PROTECTED] or > > > > > > &gt; domainname.surname as a > username, > > I > > > can login, but > > > > without > > > > > any > > > > > > &gt; rights. > > > > > > &gt; > > > > > > &gt; Ar cie&#326;u, Mihails > > > > > > &gt; > > > _______________________________________________ > > > > > > &gt; users mailing list > > > > > > &gt; [email protected] > > > > > > &gt; > > > http://lists.xwiki.org/mailman/listinfo/users > > > > > > &gt; > > > > > > -- > > > > > > Thomas Mortagne > > > > > > > > > > > > > > _______________________________________________ > > > > > > users mailing list > > > > > > [email protected] > > > > > > > > http://lists.xwiki.org/mailman/listinfo/users > > > > > > Ar cieņu, Mihails > > > > > > > > > > > > Links: > > > > > > ------ > > > > > > [1] mailto:[EMAIL PROTECTED] > > > > > > > > > > > > > > > > > > > > _______________________________________________ > > > > > > users mailing list > > > > > > [email protected] > > > > > > > http://lists.xwiki.org/mailman/listinfo/users > > > > > > > > > > > -- > > > > > Thomas Mortagne > > > > > _______________________________________________ > > > > > users mailing list > > > > > [email protected] > > > > > http://lists.xwiki.org/mailman/listinfo/users > > > > > Ar cieņu, Mihails > > > > > > > > > > Links: > > > > > ------ > > > > > [1] mailto:[EMAIL PROTECTED] > > > > > _______________________________________________ > > > > > users mailing list > > > > > [email protected] > > > > > http://lists.xwiki.org/mailman/listinfo/users > > > > > > > > > -- > > > > Thomas Mortagne > > > > _______________________________________________ > > > > users mailing list > > > > [email protected] > > > > http://lists.xwiki.org/mailman/listinfo/users > > > > Ar cieņu, Mihails > > > > > > > > Links: > > > > ------ > > > > [1] mailto:[EMAIL PROTECTED] > > > > _______________________________________________ > > > > users mailing list > > > > [email protected] > > > > http://lists.xwiki.org/mailman/listinfo/users > > > > > > > -- > > > Thomas Mortagne > > > _______________________________________________ > > > users mailing list > > > [email protected] > > > http://lists.xwiki.org/mailman/listinfo/users > > > Ar cieņu, Mihails > > > > > > Links: > > > ------ > > > [1] mailto:[EMAIL PROTECTED] > > > _______________________________________________ > > > users mailing list > > > [email protected] > > > http://lists.xwiki.org/mailman/listinfo/users > > > > > -- > > Thomas Mortagne > > _______________________________________________ > > users mailing list > > [email protected] > > http://lists.xwiki.org/mailman/listinfo/users > > Ar cieņu, Mihails > > > > Links: > > ------ > > [1] mailto:[EMAIL PROTECTED] > > > > Advertisement: > > > > prasi mammai! > > www.mama.lv > > _______________________________________________ > > users mailing list > > [email protected] > > http://lists.xwiki.org/mailman/listinfo/users > > > -- > Thomas Mortagne > _______________________________________________ > users mailing list > [email protected] > http://lists.xwiki.org/mailman/listinfo/users > Ar cieņu, Mihails > > Links: > ------ > [1] mailto:[EMAIL PROTECTED] > _______________________________________________ > users mailing list > [email protected] > http://lists.xwiki.org/mailman/listinfo/users > -- Thomas Mortagne _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users Ar cieņu, Mihails
Links: ------ [1] mailto:[EMAIL PROTECTED] _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users
