Hi,
I don't know if this will help, but here is below my xwiki.cfg configuration
file that enable me to bind.
I still do not reach the field mapping step though, I get a
"LDAPReferralException: Automatic referral following not enabled (10)
Referral LDAPReferralException: Server Message: 0000202B: RefErr:
DSID-0310063C, data 0, 1 access points Iref 1: 'ad.toto.com'"
------8<-----------------------8<-------------------------
#-------------------------------------------------------------------------------------
# LDAP
#-------------------------------------------------------------------------------------
#-# new LDAP authentication service
xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl
#-# Turn LDAP authentication on - otherwise only XWiki authentication
#-# 0 : disable
#-# 1 : enable
xwiki.authentication.ldap=1
#-# LDAP Server (Active Directory, eDirectory, OpenLDAP, etc.)
xwiki.authentication.ldap.server=frvilsidc01.ad2.ad.toto.com
xwiki.authentication.ldap.port=389
#-# LDAP login, empty = anonymous access, otherwise specify full dn
#-# {0} is replaced with the username, {1} with the password
xwiki.authentication.ldap.bind_DN=ad2\\{0}
xwiki.authentication.ldap.bind_pass={1}
#-# only members of the following group will be verified in the LDAP
# otherwise only users that are found after searching starting from the
base_DN
#xwiki.authentication.ldap.user_group=cn=developers,ou=groups,o=MegaNova,c=US
#-# base DN for searches
xwiki.authentication.ldap.base_DN=dc=ad,dc=toto,dc=com
#-# specifies the LDAP attribute containing the identifier to be used as the
XWiki name (default=cn)
xwiki.authentication.ldap.UID_attr=sAMAccountName
#-# retrieve the following fields from LDAP and store them in the XWiki user
object (xwiki-attribute=ldap-attribute)
#-# ldap_dn=dn -- dn is set by class, caches dn in XWiki.user object for
faster access
xwiki.authentication.ldap.fields_mapping=name=sAMAccountName,last_name=sn,first_name=givenName,fullname=displayName,mail=mail
#-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl]
#-# on every login update the mapped attributes from LDAP to XWiki otherwise
this happens only once when the XWiki account is created.
xwiki.authentication.ldap.update_user=1
On Fri, May 16, 2008 at 10:44 AM, werner mueller <[EMAIL PROTECTED]>
wrote:
> Hallo
>
> yep, that was the first attempt. no matter what variation i try i get
> bind errors or invalid credentials (depending on what user i try to
> login). xwiki shows an 'internal error' on the login dialog.
>
> its very weird. he mediawiki configuration is alost exactly the same
> (using that domain\\user syntax rather than ldap)
>
> hard to tell what i'm doing wrong :)
>
> i'll do another attempt on a different server next week to make sure its
> nothing too stupid.
>
> thanks!
>
> regards
>
> werner
>
>
>
>
> Thomas Mortagne schrieb:
> > Hi,
> >
> > Did you tryed the suggested AD configuration at
> >
> http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication#HLDAPConfigurationforActiveDirectory
> > ?
> >
> > On Mon, May 12, 2008 at 12:38 PM, Mihails Agafonovs <[EMAIL PROTECTED]>
> wrote:
> >> Try LDAP Browser to find the correct configuration.
> >>
> >> I've succeeded in connecting to AD, using the CN attribute, so in
> >> config it would be:
> >>
> >> bind_DN={0} /// here the user will type his cn
> >> UID_attr=cn
> >> Quoting werner mueller : hallo
> >>
> >> well i am a little stuck. i cant make it work although i copied the
> >> settings from a working example (well another tool but the same
> >> servers). i can only get to 'invalid credentials'
> >> does the server need to be in the same domain as the active
> >> directory to
> >> use the bind_DN=subdomain\{0} bind schema? the server is a linux
> >> machine and is not added to the windows domain.
> >> is there a unit test or little tool or something one could use for
> >> testing? its a little weird its not working.
> >> thanks for any ideas :)
> >> regards
> >> werner
> >> Thomas Mortagne schrieb:
> >> > You can enable "debug" logging, see
> >> > http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Logging
> >> >
> >> > On Wed, Apr 30, 2008 at 1:54 PM, werner mueller
> >>
> >>
> >> > wrote:
> >> >> Hallo
> >> >>
> >> >> thanks for the quick reply.
> >> >>
> >> >> well the config should work then :/
> >> >> i compared it with the bugzilla / subversion config which uses
> >> the same
> >> >> ldap / active directory auth. the only difference is that they
> >> >> distinguish the bind user with the user to be authenticated. but
> >> in my
> >> >> case even the bind user cannot login.
> >> >>
> >> >>
> >> >> 2008-04-30 13:44:34,891
> >> >>
> >> [http://dev.edoras.ch:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin]
> >> >> [http-8080-Processor24] WARN LDAP.XWikiLDAPAuthServiceImpl -
> >> LDAP
> >> >> authentication failed.
> >> >>
> >> >> com.xpn.xwiki.plugin.ldap.XWikiLDAPException: Error number 0 in
> >> 5: LDAP
> >> >> bind failed with LDAPException.
> >> >> Wrapped Exception: Invalid Credentials
> >> >> at
> >> >>
> >>
>
> com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:178)
> >> >> at
> >> >>
> >>
>
> com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:109)
> >> >> at
> >> >>
> >>
>
> com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWikiLDAPAuthServiceImpl.java:194)
> >> >> at
> >> >>
> >> >>
> >>
>
> com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.authenticate(XWikiLDAPAuthServiceImpl.java:107)
> >> >> .........
> >> >>
> >> >> Wrapped Exception:
> >> >>
> >> >>
> >> >> LDAPException: Invalid Credentials (49) Invalid Credentials
> >> >> LDAPException: Server Message: 80090308: LdapErr: DSID-0C090334,
> >> >> comment: AcceptSecurityContext error, data 525, vece
> >> >> LDAPException: Matched DN:
> >> >> at
> >> com.novell.ldap.LDAPResponse.getResultException(Unknown Source)
> >> >> at com.novell.ldap.LDAPResponse.chkResultCode(Unknown
> >> Source)
> >> >> at com.novell.ldap.LDAPConnection.chkResultCode(Unknown
> >> Source)
> >> >> at com.novell.ldap.LDAPConnection.bind(Unknown Source)
> >> >> at com.novell.ldap.LDAPConnection.bind(Unknown Source)
> >> >> at
> >> >>
> >>
>
> com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:170)
> >> >> at
> >> >>
> >>
>
> com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:109)
> >> >> at
> >> >>
> >>
>
> com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWikiLDAPAuthServiceImpl.java:194)
> >> >>
> >> >>
> >> >>
> >> >>
> >> >> is there some debug feature i can turn on to get some more
> >> information?
> >> >> or some small test-class to verify the settings? it seems it
> >> uses the
> >> >> login name from the login form but then authentication fails.
> >> >>
> >> >>
> >> >>
> >> >> thanks a lot :)
> >> >> regards
> >> >>
> >> >> werner
> >> >>
> >> >>
> >> >>
> >> >>
> >> >> Thomas Mortagne schrieb:
> >> >> > On Wed, Apr 30, 2008 at 11:55 AM, werner mueller
> >>
> >>
> >> >> > wrote:
> >> >> >> Hallo
> >> >> >>
> >> >> >> thanks for the reply.
> >> >> >> back to stupid questions:
> >> >> >>
> >> >> >> > #-# LDAP login, empty = anonymous access, otherwise
> >> specify full dn
> >> >> >> > #-# {0} is replaced with the username, {1} with the
> >> password
> >> >> >> >
> >> #xwiki.authentication.ldap.bind_DN=cn={0},department=USER,o=MP
> >> >> >>
> >> >> >> > #xwiki.authentication.ldap.bind_pass={1}
> >> >> >>
> >> >> >> {0} is the username from the login form in xwiki?
> >> >> >> {1} is the password from the login form in xwiki?
> >> >> >
> >> >> > Yes, you really write "{0}" and "{1}" in the configuration and
> >> it will
> >> >> > be replaced at runtime by user/pass provided by user in the
> >> login
> >> >> > form.
> >> >> >
> >> >> >> or are these documentation placeholders to be filled in the
> >> config file
> >> >> >> directly?
> >> >> >>
> >> >> >> thanks :)
> >> >> >>
> >> >> >>
> >> >> >>
> >> >> >> regards
> >> >> >>
> >> >> >> werner
> >> >> >>
> >> >> >>
> >> >> >>
> >> >> >>
> >> >> >> Thomas Mortagne schrieb:
> >> >> >> > On Tue, Apr 29, 2008 at 1:30 PM, werner mueller
> >>
> >> >> >> > wrote:
> >> >> >> >> Hallo
> >> >> >> >>
> >> >> >> >> thanks for the hints.
> >> >> >> >>
> >> >> >> >> i tried some other configurations but with no luck. it
> >> seems not every
> >> >> >> >> user is allowed to query the ldap structure. i have to
> >> use a special
> >> >> >> >> user/password to bind xwiki to the active directory.
> >> that user can login
> >> >> >> >> but thats not a solution. aloow everyone to query the ad
> >> is not an
> >> >> >> >> option for us.
> >> >> >> >>
> >> >> >> >> has anyone a working active directory config he or she
> >> could share?
> >> >> >> >>
> >> >> >> >> is it possible to trick xwiki to use a different user to
> >> bind to the AD
> >> >> >> >> and then use username/password from login to process the
> >> login?
> >> >> >> >> i've been doing similar things for bugzilla/ldap using
> >> LDAPbinddn =
> >> >> >> >> cn=,cn=Users,dc=domain,dc=com:
> >>
> >>
> >> >> >> >
> >> >> >> > Yes and it's the default way to work for LDAP
> >> authenticator. You can
> >> >> >> > see in default xwiki.cfg :
> >> >> >> >
> >> >> >> > #-# LDAP login, empty = anonymous access, otherwise
> >> specify full dn
> >> >> >> > #-# {0} is replaced with the username, {1} with the
> >> password
> >> >> >> >
> >>
>
> #xwiki.authentication.ldap.bind_DN=cn={0},department=USER,department=INFORMATIK,department=1230,o=MP
> >> >> >> > #xwiki.authentication.ldap.bind_pass={1}
> >> >> >> >
> >> >> >> > So in your case it would be :
> >> >> >> >
> >> xwiki.authentication.ldap.bind_DN=cn={0},cn=Users,dc=domain,dc=com
> >> >> >> > xwiki.authentication.ldap.bind_pass={1}
> >> >> >> >
> >> >> >> >> btw: yes i am sure its version 1.3.2.9174. its the one
> >> copy pasted from
> >> >> >> >> xwiki. unless its not correct there but that would be
> >> weird.
> >> >> >> >>
> >> >> >> >>
> >> >> >> >> any hints or examples would be cool :)
> >> >> >> >> thanks a lot
> >> >> >> >>
> >> >> >> >> regards
> >> >> >> >>
> >> >> >> >> werner
> >> >> >> >>
> >> >> >> >>
> >> >> >> >>
> >> >> >> >> Thomas Mortagne schrieb:
> >> >> >> >> > Also I think
> >>
> http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication#HLDAPConfigurationforActiveDirectory
> >> >> >> >> > is based in old LDAP authenticator (see
> >> >> >> >> >
> >>
> http://platform.xwiki.org/xwiki/bin/view/AdminGuide/AuthenticationLdapOld
> ).
> >> >> >> >> >
> >> >> >> >> > On Thu, Apr 17, 2008 at 7:35 PM, Thomas Mortagne
> >>
> >> >> >> >> > wrote:
> >> >> >> >> >> Hi,
> >> >> >> >> >>
> >> >> >> >> >>
> >> >> >> >> >>
> >> >> >> >> >> On Thu, Apr 17, 2008 at 7:02 PM, werner mueller
> >>
> >>
> >> >> >> >> >> wrote:
> >> >> >> >> >> > hallo
> >> >> >> >> >> >
> >> >> >> >> >> > i am currently trying to setup xwiki on taomcat
> >> 5.5/mysql. until now its
> >> >> >> >> >> > doing quite well :)
> >> >> >> >> >> >
> >> >> >> >> >> > my next step is to get ldap authentication
> >> against an active directory
> >> >> >> >> >> > working. i followed
> >> >> >> >> >> >
> >>
> http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication#HLDAPConfigurationforActiveDirectory
> >> >> >> >> >> > and some postings on the mailing list but i cant
> >> get it to work.
> >> >> >> >> >> >
> >> >> >> >> >> > i either end up with:
> >> >> >> >> >> > com.xpn.xwiki.plugin.ldap.XWikiLDAPException:
> >> Error number 0 in 5: LDAP
> >> >> >> >> >> > bind failed with LDAPException.
> >> >> >> >> >> > Wrapped Exception: Invalid Credentials
> >> >> >> >> >> >
> >> >> >> >> >> > or worse (with in my eyes the propper config):
> >> >> >> >> >> > WARN LDAP.XWikiLDAPAuthS
> >> >> >> >> >> > erviceImpl - LDAP authentication failed.
> >> >> >> >> >> > java.lang.NullPointerException
> >> >> >> >> >> > at
> >> >> >> >> >> >
> >>
>
> com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWikiLDAPAuthServiceImpl.java:256)
> >> >> >> >> >> > at
> >> >> >> >> >> >
> >>
>
> com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.authenticate(XWikiLDAPAuthServiceImpl.java:107)
> >> >> >> >> >> > at
> >> >> >> >> >> >
> >>
>
> com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.authenticate(MyFormAuthenticator.java:194)
> >> >> >> >> >> > at
> >> >> >> >> >> >
> >>
>
> com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:127)
> >> >> >> >> >> > at
> >> >> >> >> >> >
> >>
>
> com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:112)
> >> >> >> >> >> > at
> >> >> >> >> >> >
> >>
>
> com.xpn.xwiki.user.impl.xwiki.XWikiAuthServiceImpl.checkAuth(XWikiAuthServiceImpl.java:214)
> >> >> >> >> >> > at
> >> com.xpn.xwiki.XWiki.checkAuth(XWiki.java:3307)
> >> >> >> >> >> > at
> >> >> >> >> >> >
> >>
>
> com.xpn.xwiki.user.impl.xwiki.XWikiRightServiceImpl.checkAccess(XWikiRightServiceImpl.java:136)
> >> >> >> >> >> > at
> >> com.xpn.xwiki.XWiki.checkAccess(XWiki.java:3315)
> >> >> >> >> >> > at
> >> com.xpn.xwiki.XWiki.prepareDocuments(XWiki.java:4259)
> >> >> >> >> >> > at
> >> com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:173)
> >> >> >> >> >> > ...
> >> >> >> >> >>
> >> >> >> >> >> Could you copy/paste your configuration.
> >> >> >> >> >>
> >> >> >> >> >>
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> > i've done ldap auth on several other tools
> >> (apache/subversion,
> >> >> >> >> >> > bugzilla). there i used two accounts: one allowed
> >> to bind to the active
> >> >> >> >> >> > directory and do searches and the useraccount
> >> itself.
> >> >> >> >> >> >
> >> >> >> >> >> > in the xwiki config i can only see the user
> >> logging in is used to bind
> >> >> >> >> >> > to the ldap server?
> >> >> >> >> >>
> >> >> >> >> >> You can define a user able to bind to the active
> >> directory using
> >> >> >> >> >> "bind_DN" and "bind_pass" properties and it will
> >> search for provided
> >> >> >> >> >> login in ldap based on "UID_attr" property
> >> >> >> >> >>
> >> >> >> >> >>
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> > is the documentation current for xwiki
> >> 1.3.2.9174? or can someone give
> >> >> >> >> >> > me a hint to make this work?
> >> >> >> >> >>
> >> >> >> >> >> Are you sure you use xwiki-core 1.3.2 version, I
> >> can't find in the
> >> >> >> >> >> code what could make NullPointerException at
> >> >> >> >> >> XWikiLDAPAuthServiceImpl.java:256
> >> >> >> >> >>
> >> >> >> >> >>
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> > thanks a lot
> >> >> >> >> >> > regards
> >> >> >> >> >> >
> >> >> >> >> >> > werner
> >> >> >> >> >> >
> >> >> >> >> >> > _______________________________________________
> >> >> >> >> >> > users mailing list
> >> >> >> >> >> > [email protected]
> >> >> >> >> >> > http://lists.xwiki.org/mailman/listinfo/users
> >> >> >> >> >> >
> >> >> >> >> >>
> >> >> >> >> >>
> >> >> >> >> >>
> >> >> >> >> >> --
> >> >> >> >> >> Thomas Mortagne
> >> >> >> >> >>
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >>
> >> >> >> >> _______________________________________________
> >> >> >> >> users mailing list
> >> >> >> >> [email protected]
> >> >> >> >> http://lists.xwiki.org/mailman/listinfo/users
> >> >> >> >>
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >>
> >> >> >> _______________________________________________
> >> >> >> users mailing list
> >> >> >> [email protected]
> >> >> >> http://lists.xwiki.org/mailman/listinfo/users
> >> >> >>
> >> >> >
> >> >> >
> >> >> >
> >> >>
> >> >> _______________________________________________
> >> >> users mailing list
> >> >> [email protected]
> >> >> http://lists.xwiki.org/mailman/listinfo/users
> >> >>
> >> >
> >> >
> >> >
> >> _______________________________________________
> >> users mailing list
> >> [email protected]
> >> http://lists.xwiki.org/mailman/listinfo/users
> >> Ar cieņu, Mihails
> >>
> >> Links:
> >> ------
> >> [1] mailto:[EMAIL PROTECTED]
> >>
> >>
> >> _______________________________________________
> >> users mailing list
> >> [email protected]
> >> http://lists.xwiki.org/mailman/listinfo/users
> >>
> >
> >
> >
>
> _______________________________________________
> users mailing list
> [email protected]
> http://lists.xwiki.org/mailman/listinfo/users
>
_______________________________________________
users mailing list
[email protected]
http://lists.xwiki.org/mailman/listinfo/users
