No other way. If all in empty in the LDAP form that shoud be ok (at least on this side).
On Mon, Apr 10, 2017 at 5:43 PM, Thomas Froehlich <thomas.froehl...@technoteam.de> wrote: >> Also make sure you did not set some LDAP properties with LDAP Application at >> some point and forgot to reset them (yes even if you uninstalled the >> application). > > How else to reset them except to change the settings in the XWIKi > Administration at "Global Administration: LDAP"? > > > -----Ursprüngliche Nachricht----- > Von: users [mailto:users-boun...@xwiki.org] Im Auftrag von Thomas Mortagne > Gesendet: Montag, 10. April 2017 15:51 > An: XWiki Users <users@xwiki.org> > Betreff: Re: [xwiki-users] XWKI and AD DS authentication trouble > > On Mon, Apr 10, 2017 at 3:10 PM, Thomas Froehlich > <thomas.froehl...@technoteam.de> wrote: >> Hi Thomas Mortagne, >> >> ty for your response. >> >>>* a wrong password (make sure you don't have some white space before >>>or after for example) >>>* wrong server host/port which lead to an LDAP server but not the >>>expected one >> >> >> I checked all settings again: there are no white spaces. And the server ip >> and port are the right ones. Till now I found no solution for thisAD DS bind >> problem. > > I was not talking about the setting, {0} means "use the password the user put > in the login form". > > Also make sure you did not set some LDAP properties with LDAP Application at > some point and forgot to reset them (yes even if you uninstalled the > application). > >> >> What about the following log file DEBUG messages: >> >>> o.x.contrib.ldap.XWikiLDAPConfig - ldap_group_classes: [groupofnames, >>> posixgroup, apple-group, groupofuniquenames, dynamicgroup, >>> groupwisedistributionlist, group, dynamicgroupaux] >>> o.x.contrib.ldap.XWikiLDAPConfig - ldap_group_memberfields: >>> [uniquemember, memberuid, member] >> >> I never configured group attributes / fields or such things. These messages >> are normal and not an indication of some missing configuration? > > Those are the default. > > Anyway it does not matter since the authenticator can not even bind to the > LDAP server. > >> >> Kind regards >> Thomas >> >> >> -----Ursprüngliche Nachricht----- >> Von: users [mailto:users-boun...@xwiki.org] Im Auftrag von Thomas >> Mortagne >> Gesendet: Freitag, 7. April 2017 13:35 >> An: XWiki Users <users@xwiki.org> >> Betreff: Re: [xwiki-users] XWKI and AD DS authentication trouble >> >> On Fri, Apr 7, 2017 at 12:33 PM, Thomas Froehlich >> <thomas.froehl...@technoteam.de> wrote: >>> Hi @all >>> >>> I have some trouble to connect a new blank XWIKI installation to a MS AD DS >>> Server. >>> >>> This is my XWIKI installation: >>> >>> XWIKI Enterprise 9.2 >>> LDAP relecant Extensions: >>> - LDAP Application 9.2.4 >>> - LDAP Class Libraries for Java (JLDAP) 4.3 >>> - LDAP API 9.2.4 >>> - LDAP Authenticator 9.2.4 >>> >>> The only LDAP related settings in xwiki.cfg are: >>> >>> xwiki.authentication.authclass=org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl >>> xwiki.authentication.ldap.trylocal=1 >>> >>> These are the most important AD DS connection settings done in the XWIKI >>> "LDAP Application" UI interface: >>> Ldap login matching: CN={0},OU=Benutzer,OU=TTBV,DC=ttbv,DC=local >>> Ldap password matching: {1} >>> Restrict to group: CN=xwiki,OU=Gruppen,OU=TTBV,DC=ttbv,DC=local >>> Ldap base DN: DC=ttbv,DC=local >>> Ldap UID attribute name: CN >>> >>> >>> Unfortunately, the bind to the AD DS server doesn't work. In the XWIKI log >>> file with LDAP logging set to "debug" I get the following exception: >>> >>> TRACE o.x.c.ldap.XWikiLDAPAuthServiceImpl - Starting LDAP >>> authentication DEBUG o.x.c.ldap.XWikiLDAPAuthServiceImpl - The provided >>> user is null. We don't try to authenticate, it probably means the user is >>> in non logged mode. >>> TRACE o.x.c.ldap.XWikiLDAPAuthServiceImpl - Starting LDAP >>> authentication DEBUG o.x.contrib.ldap.XWikiLDAPConfig - >>> remoteUserParser: null DEBUG o.x.contrib.ldap.XWikiLDAPConfig - >>> ldap_group_classes: [groupofnames, posixgroup, apple-group, >>> groupofuniquenames, dynamicgroup, groupwisedistributionlist, group, >>> dynamicgroupaux] DEBUG o.x.contrib.ldap.XWikiLDAPConfig - >>> ldap_group_memberfields: [uniquemember, memberuid, member] DEBUG >>> o.x.c.ldap.XWikiLDAPConnection - Connection to LDAP server >>> [xxx.xx.xxx.x:xxx] DEBUG o.x.c.ldap.XWikiLDAPConnection - Binding to >>> LDAP server with credentials login=[CN=Thomas >>> Froehlich,OU=Benutzer,OU=TTBV,DC=ttbv,DC=local] >>> DEBUG o.x.c.ldap.XWikiLDAPAuthServiceImpl - Local LDAP authentication >>> failed. >>> org.xwiki.contrib.ldap.XWikiLDAPException: Error number 0 in 5: LDAP bind >>> failed with LDAPException. >>> at >>> org.xwiki.contrib.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:227) >>> at >>> org.xwiki.contrib.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:155) >>> at >>> org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl.ldapAuthenticateInContext(XWikiLDAPAuthServiceImpl.java:518) >>> at >>> org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWikiLDAPAuthServiceImpl.java:334) >>> at >>> org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl.authenticate(XWikiLDAPAuthServiceImpl.java:268) >>> at >>> com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.authenticate(MyFormAuthenticator.java:272) >>> at >>> com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:192) >>> at >>> com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:174) >>> at >>> com.xpn.xwiki.user.impl.xwiki.XWikiAuthServiceImpl.checkAuth(XWikiAuthServiceImpl.java:239) >>> at >>> org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl.checkAuth(XWikiLDAPAuthServiceImpl.java:163) >>> at com.xpn.xwiki.XWiki.checkAuth(XWiki.java:3788) >>> >>> The same exception occurs if I use the following subdomain setting (found >>> on the Internet): >>> Ldap login matching: ttbv\\{0} >>> >>> I tested the connection settings from above using another LDAP client like >>> "SOFTERRA LDAP Browser 4.5" and the settings worked fine: Using this LDAP >>> browser with login credentials "CN=Thomas >>> Froehlich,OU=Benutzer,OU=TTBV,DC=ttbv,DC=local" (plus pwd) I was able to >>> connect to the AD DS server and I was able to browse to the group >>> "CN=xwiki,OU=Gruppen,OU=TTBV,DC=ttbv,DC=local" (so there are no >>> restrictions for this user to browse the directory from base DN down to any >>> group). >> >> If the DN we see in the debug log ("Binding to LDAP server with >> credentials...") is right then all I can think of are: >> * a wrong password (make sure you don't have some white space before >> or after for example) >> * wrong server host/port which lead to an LDAP server but not the >> expected one >> >>> >>> I have no more ideas what else to do or what else to test. Any kind of >>> help is welcome. >>> >>> With kind regards >>> Thomas >> >> >> >> -- >> Thomas Mortagne > > > > -- > Thomas Mortagne -- Thomas Mortagne
