Re: [xwiki-users] LDAP Autentication do not work anymore
Thank you for your response, I will do that but I have a question: Do I have to enable the logging in XWiki. I found this page: http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Logging There it is said that the logging is already enabled at xwiki. But where does XWi,ki store the logging file? I uses Tomcat 5 with mod_jk to apache, and both packages are installed with the rpm manager. Is it possible to tell XWiki where the logging file should be stored? I am not familiar with common logging. Thanks, Florian -Ursprüngliche Nachricht- Von: users-boun...@xwiki.org [mailto:users-boun...@xwiki.org] Im Auftrag von Thomas Mortagne Gesendet: Freitag, 07. Mai 2010 15:31 An: XWiki Users Betreff: Re: [xwiki-users] LDAP Autentication do not work anymore Again, could you try to enable debug log and see what you have in the log, it should tel you exactly why authentication partly failed. BTW what version of XWiki is it ? On Fri, May 7, 2010 at 14:05, Florian Rhomberg florian.rhomb...@nettania.at wrote: Hello! It exactly the same version I only copied the whole XWiki folder from one server to the other server. The only difference can be that we installed the current Service Pack on our Windows 2008 server. But as I already said on the first logon (the user don not exist in XWiki) all datas like the Surname, Firstname, E-Mail address are transferred correctly from the Active Directory. I tried with Softerra LDAP if an anonymous access to the LDAP is possible but it is not possible. So XWiki can only get the user-data if the connection to the LDAP works. On the server we also have Ilias which also uses LDAP and it works without problems. I will post the xwiki.cfg settings beneath. Greetings, Florian Xwiki.cfg: #- # LDAP #- #-# new LDAP authentication service xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl #-# Turn LDAP authentication on - otherwise only XWiki authentication #-# 0: disable #-# 1: enable xwiki.authentication.ldap=1 #-# LDAP Server (Active Directory, eDirectory, OpenLDAP, etc.) xwiki.authentication.ldap.server=AD1.edv.domain.at xwiki.authentication.ldap.port=389 #-# LDAP login, empty = anonymous access, otherwise specify full dn #-# {0} is replaced with the username, {1} with the password #xwiki.authentication.ldap.bind_DN=cn={0},department=USER,department=INFORMATIK,department=1230,o=MP #xwiki.authentication.ldap.bind_pass={1} xwiki.authentication.ldap.bind_DN=edv\\{0} xwiki.authentication.ldap.bind_pass={1} #-# Force to check password after LDAP connection #-# 0: disable #-# 1: enable xwiki.authentication.ldap.validate_password=0 #-# only members of the following group will be verified in the LDAP #-# otherwise only users that are found after searching starting from the base_DN # xwiki.authentication.ldap.user_group=cn=developers,ou=groups,o=MegaNova,c=US #-# [Since 1.5RC1, XWikiLDAPAuthServiceImpl] #-# only users not member of the following group can autheticate # xwiki.authentication.ldap.exclude_group=cn=admin,ou=groups,o=MegaNova,c=US #-# base DN for searches xwiki.authentication.ldap.base_DN=dc=edv,dc=domain=at #-# Specifies the LDAP attribute containing the identifier to be used as the XWiki name (default=cn) # xwiki.authentication.ldap.UID_attr=cn xwiki.authentication.ldap.UID_attr=sAMAccountName #-# [Since 1.5M1, XWikiLDAPAuthServiceImpl] #-# Specifies the LDAP attribute containing the password to be used when xwiki.authentication.ldap.validate_password is set to 1 # xwiki.authentication.ldap.password_field=userPassword #-# [Since 1.5M1, XWikiLDAPAuthServiceImpl] #-# The potential LDAP groups classes. Separated by commas. # xwiki.authentication.ldap.group_classes=group,groupOfNames,groupOfUniqueNames,dynamicGroup,dynamicGroupAux,groupWiseDistributionList #-# [Since 1.5M1, XWikiLDAPAuthServiceImpl] #-# The potential names of the LDAP groups fields containings the members. Separated by commas. # xwiki.authentication.ldap.group_memberfields=member,uniqueMember xwiki.authentication.ldap.group_memberfields=HTL-Lehrer #-# retrieve the following fields from LDAP and store them in the XWiki user object (xwiki-attribute=ldap-attribute) #xwiki.authentication.ldap.fields_mapping=last_name=sn,first_name=givenName,email=mail xwiki.authentication.ldap.fields_mapping=name=sAMAccountName,last_name=sn,first_name=givenName,fullname=displayName,email=mail,ldap_dn=dn #-# [Since 1.3M2, XWikiLDAPAuthServiceImpl] #-# on every login update the mapped attributes from LDAP to XWiki otherwise this happens only once when the XWiki account is created. xwiki.authentication.ldap.update_user=1 #-# [Since 1.3M2, XWikiLDAPAuthServiceImpl] #-# mapps XWiki groups to LDAP groups, separator is | #
Re: [xwiki-users] LDAP Autentication do not work anymore
Hi Florian, Where the log is stored is dictated by the line: log4j.appender.file.File=xwiki.log I found a copy of the log on my machine at /usr/local/jetty-6.1.3/xwiki.log so it looks like the default path is the jetty/tomcat main directory. you might be able to specify a path in the line: (I haven't tested.) log4j.appender.file.File=/home/user/Desktop/xwiki.log just make sure the user the container is running as has write access in the folder. Another option would be to log everything to the console (stdout) and start with a command line like java -jar start.jar /var/log/xwiki/xwiki.log (starting jetty in unix) Caleb Florian Rhomberg wrote: Thank you for your response, I will do that but I have a question: Do I have to enable the logging in XWiki. I found this page: http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Logging There it is said that the logging is already enabled at xwiki. But where does XWi,ki store the logging file? I uses Tomcat 5 with mod_jk to apache, and both packages are installed with the rpm manager. Is it possible to tell XWiki where the logging file should be stored? I am not familiar with common logging. Thanks, Florian -Ursprüngliche Nachricht- Von: users-boun...@xwiki.org [mailto:users-boun...@xwiki.org] Im Auftrag von Thomas Mortagne Gesendet: Freitag, 07. Mai 2010 15:31 An: XWiki Users Betreff: Re: [xwiki-users] LDAP Autentication do not work anymore Again, could you try to enable debug log and see what you have in the log, it should tel you exactly why authentication partly failed. BTW what version of XWiki is it ? On Fri, May 7, 2010 at 14:05, Florian Rhomberg florian.rhomb...@nettania.at wrote: Hello! It exactly the same version I only copied the whole XWiki folder from one server to the other server. The only difference can be that we installed the current Service Pack on our Windows 2008 server. But as I already said on the first logon (the user don not exist in XWiki) all datas like the Surname, Firstname, E-Mail address are transferred correctly from the Active Directory. I tried with Softerra LDAP if an anonymous access to the LDAP is possible but it is not possible. So XWiki can only get the user-data if the connection to the LDAP works. On the server we also have Ilias which also uses LDAP and it works without problems. I will post the xwiki.cfg settings beneath. Greetings, Florian Xwiki.cfg: #- # LDAP #- #-# new LDAP authentication service xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl #-# Turn LDAP authentication on - otherwise only XWiki authentication #-# 0: disable #-# 1: enable xwiki.authentication.ldap=1 #-# LDAP Server (Active Directory, eDirectory, OpenLDAP, etc.) xwiki.authentication.ldap.server=AD1.edv.domain.at xwiki.authentication.ldap.port=389 #-# LDAP login, empty = anonymous access, otherwise specify full dn #-# {0} is replaced with the username, {1} with the password #xwiki.authentication.ldap.bind_DN=cn={0},department=USER,department=INFORMATIK,department=1230,o=MP #xwiki.authentication.ldap.bind_pass={1} xwiki.authentication.ldap.bind_DN=edv\\{0} xwiki.authentication.ldap.bind_pass={1} #-# Force to check password after LDAP connection #-# 0: disable #-# 1: enable xwiki.authentication.ldap.validate_password=0 #-# only members of the following group will be verified in the LDAP #-# otherwise only users that are found after searching starting from the base_DN # xwiki.authentication.ldap.user_group=cn=developers,ou=groups,o=MegaNova,c=US #-# [Since 1.5RC1, XWikiLDAPAuthServiceImpl] #-# only users not member of the following group can autheticate # xwiki.authentication.ldap.exclude_group=cn=admin,ou=groups,o=MegaNova,c=US #-# base DN for searches xwiki.authentication.ldap.base_DN=dc=edv,dc=domain=at #-# Specifies the LDAP attribute containing the identifier to be used as the XWiki name (default=cn) # xwiki.authentication.ldap.UID_attr=cn xwiki.authentication.ldap.UID_attr=sAMAccountName #-# [Since 1.5M1, XWikiLDAPAuthServiceImpl] #-# Specifies the LDAP attribute containing the password to be used when xwiki.authentication.ldap.validate_password is set to 1 # xwiki.authentication.ldap.password_field=userPassword #-# [Since 1.5M1, XWikiLDAPAuthServiceImpl] #-# The potential LDAP groups classes. Separated by commas. # xwiki.authentication.ldap.group_classes=group,groupOfNames,groupOfUniqueNames,dynamicGroup,dynamicGroupAux,groupWiseDistributionList #-# [Since 1.5M1, XWikiLDAPAuthServiceImpl] #-# The potential names of the LDAP groups fields containings the members. Separated by commas. # xwiki.authentication.ldap.group_memberfields=member,uniqueMember
Re: [xwiki-users] Configuring Open Office server
Hi Ben, For the following code, I didn't understand where I can test it... I would like to solve this problem with IE... Since you did not respond to my last email, I'll blindly propose a solution that might fix the problem you are experiencing on IE. 1. Open up XWiki/OfficeImporterResults wiki page and go to wiki editing mode, you should see the following code snippet at the top of the page: code #set($fileUpload=$xwiki.fileupload) #set($fileName=$fileUpload.getFileName(filePath)) #if(! $fileName) {{error}}$msg.get(xe.officeimporter.results.missingfile, [$goBack]){{/error}} #else #set($void=$fileUpload.loadFileList()) #set($officeFileStream=$fileUpload.fileItems.get(0).inputStream) #end /code Now you need add two code lines (wait for it) just under the line: #set($fileName=$fileUpload.getFileName(filePath)) New code lines to be added are: #set($tempIndex = $fileName.lastIndexOf('/') + 1) #set($fileName=$fileName.substring($tempIndex)) So, at the end your code snippet should look like: #set($fileUpload=$xwiki.fileupload) #set($fileName=$fileUpload.getFileName(filePath)) #set($tempIndex = $fileName.lastIndexOf('/') + 1) #set($fileName=$fileName.substring($tempIndex)) #if(! $fileName) {{error}}$msg.get(xe.officeimporter.results.missingfile, [$goBack]){{/error}} #else #set($void=$fileUpload.loadFileList()) #set($officeFileStream=$fileUpload.fileItems.get(0).inputStream) #end I'm not 100% sure if this will solve the problem (since I did not get a response for my last email). If above code fixes your problem, please let us know. Thanks. - Asiri ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] Can't disable registration in version 2.2
On 05/07/2010 04:30 PM, Gabriel Corrêa de Oliveira wrote: Hi everybody I'm using XWiki Enterprise, version 2.2.6.28645, out of the box with the HSQLDB. I've enabled LDAP authentication, and I want it to be the only means for a user to edit content in the Wiki. Therefore, I want to disable the Register link, so that users that are not in the LDAP can't register themselves. I've already removed the Register right from XWikiAllGroup, but the Register link is still there and everybody can use it. Is there another approach for this? I can't find any useful information in the documentation regarding this. You should disable registration for guests. To do this, in the global rights administration switch from Groups to Users and deny the right for Unauthenticated users. -- Sergiu Dumitriu http://purl.org/net/sergiu/ ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] LDAP Autentication do not work anymore
Thank you! This has helped me, I found the reason, there was something wrong with the group mapping, I think we have changed something in the AD and then the group could not be found anymore. But one problem is left. I thought that the group mapping ensures that the groupmembership of a user can be used to add this user to a created XWiki Usergroup. If this is right I do not know why the AD users are not correctly mapped to the XWiki user group. I have created two XWiki Groups: - XWikiLehrer - XWikiSchueler Now I did the following mapping, for test purpose: xwiki.authentication.ldap.group_mapping=XWiki.XWikiLehrer=CN=HTL-Lehrer,OU=HTL-Lehrer,OU=Users,OU=HTL,DC=edv,DC=mydomain,DC=at Now members of this AD group can login on XWiki but they are only members of the XWikiAllGroup group and not member of the XWikiLehrer group, what they should be. Now my question: Is this syntax right do I have to add the XWiki. before the group name, or without it? Do I have to give the complete AD path including the domain (DC=edv,DC=mydomain,DV=at) or without it? Last question: What is the right syntax to of log4j that only the LDAP is set to debug. At the moment I have this settings: log4j.logger.org.xwiki=debug log4j.logger.com.xpn.xwiki=debug log4j.logger.com.xpn.xwiki.render.XWikiRadeoxRenderEngine=debug log4j.logger.com.xpn.xwiki.store.migration=debug Therefor I have a giant log file. I Think this maybe right: log4j.logger.org.xwiki=info log4j.logger.com.xpn.xwiki=warn log4j.logger.com.xpn.xwiki.render.XWikiRadeoxRenderEngine=warn log4j.logger.com.xpn.xwiki.store.migration=info Would that be right for the LDAP log: log4j.logger.com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl=debug ?? Thanks, Florian -Ursprüngliche Nachricht- Von: users-boun...@xwiki.org [mailto:users-boun...@xwiki.org] Im Auftrag von Caleb James DeLisle Gesendet: Samstag, 08. Mai 2010 10:17 An: XWiki Users Betreff: Re: [xwiki-users] LDAP Autentication do not work anymore Hi Florian, Where the log is stored is dictated by the line: log4j.appender.file.File=xwiki.log I found a copy of the log on my machine at /usr/local/jetty-6.1.3/xwiki.log so it looks like the default path is the jetty/tomcat main directory. you might be able to specify a path in the line: (I haven't tested.) log4j.appender.file.File=/home/user/Desktop/xwiki.log just make sure the user the container is running as has write access in the folder. Another option would be to log everything to the console (stdout) and start with a command line like java -jar start.jar /var/log/xwiki/xwiki.log (starting jetty in unix) Caleb Florian Rhomberg wrote: Thank you for your response, I will do that but I have a question: Do I have to enable the logging in XWiki. I found this page: http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Logging There it is said that the logging is already enabled at xwiki. But where does XWi,ki store the logging file? I uses Tomcat 5 with mod_jk to apache, and both packages are installed with the rpm manager. Is it possible to tell XWiki where the logging file should be stored? I am not familiar with common logging. Thanks, Florian -Ursprüngliche Nachricht- Von: users-boun...@xwiki.org [mailto:users-boun...@xwiki.org] Im Auftrag von Thomas Mortagne Gesendet: Freitag, 07. Mai 2010 15:31 An: XWiki Users Betreff: Re: [xwiki-users] LDAP Autentication do not work anymore Again, could you try to enable debug log and see what you have in the log, it should tel you exactly why authentication partly failed. BTW what version of XWiki is it ? On Fri, May 7, 2010 at 14:05, Florian Rhomberg florian.rhomb...@nettania.at wrote: Hello! It exactly the same version I only copied the whole XWiki folder from one server to the other server. The only difference can be that we installed the current Service Pack on our Windows 2008 server. But as I already said on the first logon (the user don not exist in XWiki) all datas like the Surname, Firstname, E-Mail address are transferred correctly from the Active Directory. I tried with Softerra LDAP if an anonymous access to the LDAP is possible but it is not possible. So XWiki can only get the user-data if the connection to the LDAP works. On the server we also have Ilias which also uses LDAP and it works without problems. I will post the xwiki.cfg settings beneath. Greetings, Florian Xwiki.cfg: # - # LDAP # - #-# new LDAP authentication service xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAP AuthServiceImpl #-# Turn LDAP authentication on - otherwise only XWiki authentication #-# 0: disable #-# 1: enable xwiki.authentication.ldap=1 #-# LDAP Server (Active Directory, eDirectory, OpenLDAP, etc.)