Hi @all
I have some trouble to connect a new blank XWIKI installation to a MS AD DS
Server.
This is my XWIKI installation:
XWIKI Enterprise 9.2
LDAP relecant Extensions:
- LDAP Application 9.2.4
- LDAP Class Libraries for Java (JLDAP) 4.3
- LDAP API 9.2.4
- LDAP Authenticator 9.2.4
The only LDAP related settings in xwiki.cfg are:
xwiki.authentication.authclass=org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl
xwiki.authentication.ldap.trylocal=1
These are the most important AD DS connection settings done in the XWIKI "LDAP
Application" UI interface:
Ldap login matching: CN={0},OU=Benutzer,OU=TTBV,DC=ttbv,DC=local
Ldap password matching: {1}
Restrict to group: CN=xwiki,OU=Gruppen,OU=TTBV,DC=ttbv,DC=local
Ldap base DN: DC=ttbv,DC=local
Ldap UID attribute name: CN
Unfortunately, the bind to the AD DS server doesn't work. In the XWIKI log file
with LDAP logging set to "debug" I get the following exception:
TRACE o.x.c.ldap.XWikiLDAPAuthServiceImpl - Starting LDAP authentication
DEBUG o.x.c.ldap.XWikiLDAPAuthServiceImpl - The provided user is null. We don't
try to authenticate, it probably means the user is in non logged mode.
TRACE o.x.c.ldap.XWikiLDAPAuthServiceImpl - Starting LDAP authentication
DEBUG o.x.contrib.ldap.XWikiLDAPConfig - remoteUserParser: null
DEBUG o.x.contrib.ldap.XWikiLDAPConfig - ldap_group_classes: [groupofnames,
posixgroup, apple-group, groupofuniquenames, dynamicgroup,
groupwisedistributionlist, group, dynamicgroupaux]
DEBUG o.x.contrib.ldap.XWikiLDAPConfig - ldap_group_memberfields:
[uniquemember, memberuid, member]
DEBUG o.x.c.ldap.XWikiLDAPConnection - Connection to LDAP server
[xxx.xx.xxx.x:xxx]
DEBUG o.x.c.ldap.XWikiLDAPConnection - Binding to LDAP server with credentials
login=[CN=Thomas Froehlich,OU=Benutzer,OU=TTBV,DC=ttbv,DC=local]
DEBUG o.x.c.ldap.XWikiLDAPAuthServiceImpl - Local LDAP authentication failed.
org.xwiki.contrib.ldap.XWikiLDAPException: Error number 0 in 5: LDAP bind
failed with LDAPException.
at
org.xwiki.contrib.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:227)
at
org.xwiki.contrib.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:155)
at
org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl.ldapAuthenticateInContext(XWikiLDAPAuthServiceImpl.java:518)
at
org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWikiLDAPAuthServiceImpl.java:334)
at
org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl.authenticate(XWikiLDAPAuthServiceImpl.java:268)
at
com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.authenticate(MyFormAuthenticator.java:272)
at
com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:192)
at
com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:174)
at
com.xpn.xwiki.user.impl.xwiki.XWikiAuthServiceImpl.checkAuth(XWikiAuthServiceImpl.java:239)
at
org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl.checkAuth(XWikiLDAPAuthServiceImpl.java:163)
at com.xpn.xwiki.XWiki.checkAuth(XWiki.java:3788)
The same exception occurs if I use the following subdomain setting (found on
the Internet):
Ldap login matching: ttbv\\{0}
I tested the connection settings from above using another LDAP client like
"SOFTERRA LDAP Browser 4.5" and the settings worked fine: Using this LDAP
browser with login credentials "CN=Thomas
Froehlich,OU=Benutzer,OU=TTBV,DC=ttbv,DC=local" (plus pwd) I was able to
connect to the AD DS server and I was able to browse to the group
"CN=xwiki,OU=Gruppen,OU=TTBV,DC=ttbv,DC=local" (so there are no restrictions
for this user to browse the directory from base DN down to any group).
I have no more ideas what else to do or what else to test. Any kind of help is
welcome.
With kind regards
Thomas
