Hello XWiki users,
I have a problem getting OpenLDAP to work with XWiki 1.5.11446. For some
strange reason i cannot login into xwiki from an account located in OpenLDAP
and no error messages are produced. The login page just refreshes itself and
nothing else happens. This problem started when I migrated Xwiki 1.4 to 1.5. As
solution, I downgraded back to 1.4 and everything seems to work again. Is the
LDAP plugin broken in 1.5? I have copy-pasted a sample ldif of my OpenLDAP as
well as the xwiki.cfg settings so that someone can give me a hint on where the
problem could be.
Many thanks in advanced.
Richard
------------------------------------------------------ BEGIN
ldif-------------------------------------------------------------------
dn: dc=mydomain
objectClass: organization
objectClass: dcObject
dc: mydomain
o: mydomain
dn: ou=Users,dc=mydomain
objectClass: organizationalUnit
ou: Users
dn: ou=People,ou=Users,dc=mydomain
objectClass: organizationalUnit
ou: People
dn: ou=Groups,dc=mydomain
objectClass: organizationalUnit
ou: Groups
dn: ou=Machines,ou=Users,dc=mydomain
objectClass: organizationalUnit
ou: Machines
dn: ou=Domains,dc=mydomain
objectClass: organizationalUnit
ou: Domains
dn: sambaDomainName=SCRAPPY,ou=Domains,dc=mydomain
objectClass: sambaDomain
sambaAlgorithmicRidBase: 1000
sambaSID: S-1-5-21-4074884656-2525905897-914379862
sambaDomainName: SCRAPPY
sambaMinPwdLength: 8
dn: cn=domainUsers,ou=Groups,dc=mydomain
objectClass: sambaGroupMapping
objectClass: posixGroup
displayName: Domain Users
sambaGroupType: 2
sambaSID: S-1-5-21-4074884656-2525905897-914379862-513
description: Domain Users
gidNumber: 2001
cn: domainUsers
memberUid: richi
dn: cn=domainGuests,ou=Groups,dc=mydomain
objectClass: sambaGroupMapping
objectClass: posixGroobjectClass: posixGroup
displayName: Domain Guests
sambaGroupType: 2
sambaSID: S-1-5-21-4074884656-2525905897-914379862-514
description: Domain Guests
gidNumber: 2002
cn: domainGuests
dn: cn=domainComputers,ou=Groups,dc=mydomain
objectClass: sambaGroupMapping
objectClass: posixGroup
displayName: Domain Computers
sambaGroupType: 2
sambaSID: S-1-5-21-4074884656-2525905897-914379862-515
description: Domain Computers
gidNumber: 2003
cn: domainComputers
dn: uid=richi,ou=People,ou=Users,dc=mydomain
objectClass: sambaSamAccount
objectClass: shadowAccount
objectClass: posixAccount
objectClass: inetOrgPerson
sambaHomeDrive: U:
sambaDomainName: SCRAPPY
sambaAcctFlags: [XU ]
displayName: Richi
sambaPrimaryGroupSID: S-1-5-21-4074884656-2525905897-914379862-512
sambaSID: S-1-5-21-4074884656-2525905897-914379862-5000
sambaLMPassword: <hidden>
sambaNTPassword: <hidden>
sambaPwdLastSet: 1218502167
shadowWarning: 10
shadowInactive: 10
shadowMin: 1
shadowMax: 365
homeDirectory: /home/richi
loginShell: /bin/bash
uid: richi
cn: Richi
uidNumber: 2000
gidNumber: 2000
sn: Smith
givenName: Richi
shadowLastChange: 14105
userPassword: secret
dn: cn=domainAdmins,ou=Groups,dc=mydomain
cn: domainAdmins
description: Domain Admins
objectClass: sambaGroupMapping
objectClass: posixGroup
gidNumber: 2000
sambaSID: S-1-5-21-4074884656-2525905897-914379862-512
sambaGroupType: 2
displayName: Domain Admin
dn: ou=xwiki,ou=Groups,dc=mydomain
ou: xwiki
objectClass: top
objectClass: organizationalUnit
dn: cn=users,ou=xwiki,ou=Groups,dc=mydomain
cn: users
member: uid=richi,ou=People,ou=Users,dc=mydomain
objectClass: groupOfNames
objectClass: top
ou: xwiki
dn: cn=admins,ou=xwiki,ou=Groups,dc=mydomain
cn: admins
member: uid=richi,ou=People,ou=Users,dc=mydomain
ou: xwiki
objectClass: groupOfNames
objectClass: top
------------------------------------------------- END ldif
------------------------------------------------------------
------------------------------------------------- BEGIN xwiki.cfg
------------------------------------------------
#-# new LDAP authentication service
xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl
#-# Turn LDAP authentication on - otherwise only XWiki authentication
#-# 0: disable
#-# 1: enable
xwiki.authentication.ldap=1
#-# LDAP Server (Active Directory, eDirectory, OpenLDAP, etc.)
xwiki.authentication.ldap.server=localhost
xwiki.authentication.ldap.port=389
#-# LDAP login, empty = anonymous access, otherwise specify full dn
#-# {0} is replaced with the username, {1} with the password
xwiki.authentication.ldap.bind_DN=uid={0},ou=People,ou=Users,dc=mydomain
xwiki.authentication.ldap.bind_pass={1}
#-# Force to check password after LDAP connection
#-# 0: disable
#-# 1: enable
xwiki.authentication.ldap.validate_password=0
#-# only members of the following group will be verified in the LDAP
# otherwise only users that are found after searching starting from the base_DN
xwiki.authentication.ldap.user_group=cn=users,ou=xwiki,ou=Groups,dc=mydomain
#-# base DN for searches
xwiki.authentication.ldap.base_DN=ou=People,ou=Users,dc=mydomain
#-# Specifies the LDAP attribute containing the identifier to be used as the
XWiki name (default=cn)
xwiki.authentication.ldap.UID_attr=uid
#-# [SINCE 1.5M1, XWikiLDAPAuthServiceImpl]
#-# Specifies the LDAP attribute containing the password to be used "when
xwiki.authentication.ldap.validate_password" is set to 1
xwiki.authentication.ldap.password_field=userPassword
#-# [SINCE 1.5M1, XWikiLDAPAuthServiceImpl]
#-# The potential LDAP groups classes. Separated by commas.
xwiki.authentication.ldap.group_classes=group,groupOfNames,groupOfUniqueNames,dynamicGroup
#-# [SINCE 1.5M1, XWikiLDAPAuthServiceImpl]
#-# The potential names of the LDAP groups fields containings the members.
Separated by commas.
xwiki.authentication.ldap.group_memberfields=member,uniqueMember
#-# retrieve the following fields from LDAP and store them in the XWiki user
object (xwiki-attribute=ldap-attribute)
#-# ldap_dn=dn -- dn is set by class, caches dn in XWiki.user object for
faster access
xwiki.authentication.ldap.fields_mapping=last_name=sn,first_name=givenName,fullname=displayName,email=mail
#-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl]
#-# on every login update the mapped attributes from LDAP to XWiki otherwise thi
s happens only once when the XWiki account is created.
xwiki.authentication.ldap.update_user=1
#-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl]
#-# mapps XWiki groups to LDAP groups, separator is "|"
xwiki.authentication.ldap.group_mapping=\
XWiki.XWikiAdminGroup=cn=admins,ou=xwiki,ou=Groups,dc=mydomain|\
XWiki.XWikiAllGroup=cn=users,ou=xwiki,ou=Groups,dc=mydomain
#-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl]
#-# time in s after which the list of members in a group is refreshed from LDAP
(default=3600*6)
#Every half an hour
xwiki.authentication.ldap.groupcache_expiration=1800
#-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl]
#-# - create : synchronize group membership only when the user is first created
#-# - always: synchronize on every login
xwiki.authentication.ldap.mode_group_sync=always
#-# if ldap authentication fails for any reason, try XWiki DB authentication
with the same credentials
xwiki.authentication.ldap.trylocal=0
#-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl]
#-# SSL connection to LDAP server
#-# 0: normal
#-# 1: SSL
# xwiki.authentication.ldap.ssl=0
#-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl]
#-# The keystore file to use in SSL connection
# xwiki.authentication.ldap.ssl.keystore=
#-# [SINCE 1.5M1, XWikiLDAPAuthServiceImpl]
#-# The java secure provider used in SSL connection
#
xwiki.authentication.ldap.ssl.secure_provider=com.sun.net.ssl.internal.ssl.Provider
--------------------------------------------------- END xwiki.cfg
---------------------------------------------------------
_________________________________________________________________
Get ideas on sharing photos from people like you. Find new ways to share.
http://www.windowslive.com/explore/photogallery/posts?ocid=TXT_TAGLM_WL_Photo_Gallery_082008
_______________________________________________
users mailing list
users@xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
