All I can say is that XWiki is able to access server ldap.nov.com with port 389 and then try to authenticate with user DN "cn=papeb,dc=nov,dc=com" and whatever password you typed on the login page but fail.
The possible causes I can think of: * there is no user with DN "cn=papeb,dc=nov,dc=com" on LDAP server "ldap.nov.com". You can check with one of the clients listed on http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication. * you type the wrong password On Wed, Jan 30, 2013 at 5:47 PM, Pape, Barry <[email protected]> wrote: > Greetings Xwiki Gurus, > > I've been trying to get our installation authenticating with LDAP and am > having no luck. We are running XWiki 4.3 in Tomcat 7.0.34 on Windows Server > 2008 R2 Standard. I have installed the LDAP Application Extension and tried > configuring it both through the web interface and xwiki.config with no > success. Every time I attempt to login I receive an Invalid Credentials > error (stack trace below,) and the LDAP section from xwiki.config file is > below that. I've tried a number of different values for the server, bind DN, > and the base DN, but nothing works. Any suggestions are greatly appreciated? > Is there any additional logging that I can add for more information? > > Thanks, > Barry > > > > > 2013-01-30 10:12:55,825 > [http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X > Wiki/XWikiLogin] TRACE u.i.L.XWikiLDAPAuthServiceImpl - Starting LDAP > authentica > tion > 2013-01-30 10:12:55,825 > [http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X > Wiki/XWikiLogin] DEBUG u.i.L.XWikiLDAPAuthServiceImpl - The provided user is > nul > l. We don't try to authenticate, it probably means the user is in non logged > mod > e. > 2013-01-30 10:12:55,825 > [http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X > Wiki/XWikiLogin] TRACE u.i.L.XWikiLDAPAuthServiceImpl - Starting LDAP > authentica > tion > 2013-01-30 10:12:55,840 > [http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X > Wiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConfig - ldap_group_classes: > [gro > upofnames, groupwisedistributionlist, dynamicgroup, dynamicgroupaux, > groupofuniq > uenames, group] > 2013-01-30 10:12:55,840 > [http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X > Wiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConfig - > ldap_group_memberfields: > [member, uniquemember] > 2013-01-30 10:12:55,857 > [http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X > Wiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConnection - Connection to LDAP > serve > r [ldap.nov.com:389] > 2013-01-30 10:12:55,868 > [http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X > Wiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConnection - Binding to LDAP > server w > ith credentials login=[cn=papeb,dc=nov,dc=com] > 2013-01-30 10:12:55,928 > [http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X > Wiki/XWikiLogin] DEBUG u.i.L.XWikiLDAPAuthServiceImpl - Local LDAP > authenticatio > n failed. > com.xpn.xwiki.plugin.ldap.XWikiLDAPException: Error number 0 in 5: LDAP bind > fai > led with LDAPException. > Wrapped Exception: Invalid Credentials > at > com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnectio > n.java:184) ~[xwiki-platform-legacy-oldcore-4.4.jar:na] > at > com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnectio > n.java:113) ~[xwiki-platform-legacy-oldcore-4.4.jar:na] > at > com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticat > eInContext(XWikiLDAPAuthServiceImpl.java:305) > [xwiki-platform-legacy-oldcore-4.4 > .jar:na] > > > > > #------------------------------------------------------------------------------------- > # LDAP > #------------------------------------------------------------------------------------- > > #-# LDAP authentication service > xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl > > #-# Turn LDAP authentication on - otherwise only XWiki authentication > #-# - 0: disable > #-# - 1: enable > #-# The default is 0 > xwiki.authentication.ldap=1 > > #-# LDAP Server (Active Directory, eDirectory, OpenLDAP, etc.) > xwiki.authentication.ldap.server=ldap.nov.com > xwiki.authentication.ldap.port=389 > > #-# LDAP login, empty = anonymous access, otherwise specify full dn > #-# {0} is replaced with the user name, {1} with the password > xwiki.authentication.ldap.bind_DN= cn={0},dc=nov,dc=com > xwiki.authentication.ldap.bind_pass={1} > > #-# The Base DN used in LDAP searches > xwiki.authentication.ldap.base_DN=dc=nov,dc=com > > #-# LDAP query to search the user in the LDAP database (in case a static > admin user is provided in > #-# xwiki.authentication.ldap.bind_DN) > #-# {0} is replaced with the user uid field name and {1} with the user name > #-# The default is ({0}={1}) > # xwiki.authentication.ldap.user_search_fmt=({0}={1}) > > #-# Only members of the following group will be verified in the LDAP > #-# otherwise only users that are found after searching starting from the > base_DN > # xwiki.authentication.ldap.user_group=cn=developers,ou=groups,o=MegaNova,c=US > > #-# [Since 1.5RC1, XWikiLDAPAuthServiceImpl] > #-# Only users not member of the following group can autheticate > # xwiki.authentication.ldap.exclude_group=cn=admin,ou=groups,o=MegaNova,c=US > > #-# Specifies the LDAP attribute containing the identifier to be used as the > XWiki name > #-# The default is cn > # xwiki.authentication.ldap.UID_attr=sAMAccountName > > #-# [Since 1.5M1, XWikiLDAPAuthServiceImpl] > #-# The potential LDAP groups classes. Separated by commas. > # > xwiki.authentication.ldap.group_classes=group,groupOfNames,groupOfUniqueNames,dynamicGroup,dynamicGroupAux,groupWiseDistributionList > > #-# [Since 1.5M1, XWikiLDAPAuthServiceImpl] > #-# The potential names of the LDAP groups fields containings the members. > Separated by commas. > # xwiki.authentication.ldap.group_memberfields=member,uniqueMember > > #-# retrieve the following fields from LDAP and store them in the XWiki user > object (xwiki-attribute=ldap-attribute) > #xwiki.authentication.ldap.fields_mapping=last_name=sn,first_name=givenName,email=mail > > #-# [Since 1.3M2, XWikiLDAPAuthServiceImpl] > #-# On every login update the mapped attributes from LDAP to XWiki otherwise > this happens only once when the XWiki > #-# account is created. > #-# - 0: only when creating user > #-# - 1: at each authentication > #-# The default is 0 > #xwiki.authentication.ldap.update_user=1 > > #-# [Since 1.3M2, XWikiLDAPAuthServiceImpl] > #-# Maps XWiki groups to LDAP groups, separator is "|". The following kind of > groups are supported: > #-# * LDAP static groups (users/subgroups are listed statically in the group > object) > #-# * [Since 3.3M1] LDAP organization units (users/subgroups are sub object > of the provided organization unit) > #-# * [Since 3.3M1] LDAP filter (users/groups are object found in a search > with the provided filter), > #-# | character in the filter need to be escaped with backslash (\). > #-# > #-# Here is an example: > # > xwiki.authentication.ldap.group_mapping=XWiki.XWikiAdminGroup=cn=AdminRole,ou=groups,o=domain,c=com|\ > # > XWiki.LDAPUsers=ou=groups,o=domain,c=com|\ > # XWiki.Organisation=(cn=testers) > > #-# [Since 1.3M2, XWikiLDAPAuthServiceImpl] > #-# Time in s after which the list of members in a group is refreshed from > LDAP > #-# The default is 21600 (6 hours) > # xwiki.authentication.ldap.groupcache_expiration=21600 > > #-# [Since 1.3M2, XWikiLDAPAuthServiceImpl] > #-# - create : synchronize group membership only when the user is first > created > #-# - always: synchronize on every login > #-# The default is always > # xwiki.authentication.ldap.mode_group_sync=always > > #-# [Since 1.3M2, XWikiLDAPAuthServiceImpl] > #-# If ldap authentication fails for any reason, try XWiki DB authentication > with the same credentials > #-# - 0: disable > #-# - 1: enable > #-# The default is 0 > xwiki.authentication.ldap.trylocal=1 > > #-# [Since 1.3M2, XWikiLDAPAuthServiceImpl] > #-# SSL connection to LDAP server > #-# - 0: normal > #-# - 1: SSL > #-# The default is 0 > # xwiki.authentication.ldap.ssl=0 > > #-# [Since 1.3M2, XWikiLDAPAuthServiceImpl] > #-# The keystore file to use in SSL connection > # xwiki.authentication.ldap.ssl.keystore= > > #-# [Since 1.5M1, XWikiLDAPAuthServiceImpl] > #-# The java secure provider used in SSL connection > #-# The default is com.sun.net.ssl.internal.ssl.Provider > # > xwiki.authentication.ldap.ssl.secure_provider=com.sun.net.ssl.internal.ssl.Provider > > #-# Bypass standard LDAP bind validation by doing a direct password > comparison. > #-# If you don't know what you do, don't use that. It's covering very rare > and bad use cases. > #-# - 0: disable > #-# - 1: enable > #-# The default is 0 > # xwiki.authentication.ldap.validate_password=0 > > #-# [Since 1.5M1, XWikiLDAPAuthServiceImpl] > #-# Specifies the LDAP attribute containing the password to be used "when > xwiki.authentication.ldap.validate_password" > #-# is set to 1 > # xwiki.authentication.ldap.password_field=userPassword > > #-# [Since 4.3M1, XWikiLDAPAuthServiceImpl] > #-# The maximum number of milliseconds the client waits for any operation > under these constraints to complete. > #-# The default is 1000 > # xwiki.authentication.ldap.timeout=1000 > _______________________________________________ > users mailing list > [email protected] > http://lists.xwiki.org/mailman/listinfo/users -- Thomas Mortagne _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users
