Re: [xwiki-users] XWiki Docker in Prod
You have various examples http://extensions.xwiki.org/xwiki/bin/view/Extension/LDAP/Authenticator/UseCases/. On Thu, May 11, 2017 at 7:03 PM, Thomas Mortagne wrote: > XWiki tried to find an entry in the LDAP server with the field "cn" > having the value "lmdizon-itx". Either this uid does not exist or you > need to set a different field using the property > xwiki.authentication.ldap.UID_attr (cn is the default). > > On Thu, May 11, 2017 at 6:20 PM, Lester Marc Dizon (ITX) > wrote: >> @Thomas Froehlich thanks it works and I see LDAP debug logs! @Vincent Massol >> , with Thomas way, I find the LDAP logs in "/var/lib/tomcat8/logs/xwiki.log" >> . >> >> I added the following configuration in xwiki.cfg but it still doesn't work: >> xwiki.authentication.authclass=org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl >> xwiki.authentication.ldap.trylocal=1 >> xwiki.authentication.ldap=1 >> xwiki.authentication.ldap.server=10.50.0.26 >> xwiki.authentication.ldap.port=389 >> xwiki.authentication.ldap.base_DN=OU=Standards,OU=Accounts,OU=_ITX,DC=itx,DC=local >> xwiki.authentication.ldap.bind_DN=CN=Lester Marc Dizon >> (ITX),OU=Standards,OU=Accounts,OU=_ITX,DC=itx,DC=local >> xwiki.authentication.ldap.bind_pass=mypassword >> >> I have the following errors: >> 81954 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] TRACE >> o.x.c.ldap.XWikiLDAPAuthServiceImpl - Starting LDAP authentication >> 81955 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG >> o.x.c.ldap.XWikiLDAPAuthServiceImpl - The provided user is null. We don't >> try to authenticate, it probably means the user is in non logged mode. >> 81955 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] TRACE >> o.x.c.ldap.XWikiLDAPAuthServiceImpl - Starting LDAP authentication >> 81956 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG >> o.x.contrib.ldap.XWikiLDAPConfig - remoteUserParser: null >> 82020 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG >> o.x.contrib.ldap.XWikiLDAPConfig - ldap_group_classes: [groupofnames, >> posixgroup, apple-group, groupofuniquenames, dynamicgroup, >> groupwisedistributionlist, group, dynamicgroupaux] >> 82021 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG >> o.x.contrib.ldap.XWikiLDAPConfig - ldap_group_memberfields: [uniquemember, >> memberuid, member] >> 82201 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG >> o.x.c.ldap.XWikiLDAPConnection - Connection to LDAP server [10.50.0.26:389] >> 82217 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG >> o.x.c.ldap.XWikiLDAPConnection - Binding to LDAP server with credentials >> login=[CN=Lester Marc Dizon >> (ITX),OU=Standards,OU=Accounts,OU=_ITX,DC=itx,DC=local] >> 83172 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG >> o.xwiki.contrib.ldap.XWikiLDAPUtils - Searching for the user in LDAP: user >> [lmdizon-itx] base [OU=Standards,OU=Accounts,OU=_ITX,DC=itx,DC=local] query >> [(cn=lmdizon-itx)] uid [cn] >> 83180 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG >> o.x.c.ldap.XWikiLDAPConnection - LDAP search: >> baseDN=[OU=Standards,OU=Accounts,OU=_ITX,DC=itx,DC=local] >> query=[(cn=lmdizon-itx)] attr=[null] ldapScope=[2] >> 83253 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG >> o.x.c.ldap.XWikiLDAPAuthServiceImpl - Local LDAP authentication failed. >> com.xpn.xwiki.XWikiException: Error number 8001 in 8: Can't find LDAP user >> DN for input [lmdizon-itx] >> at >> org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl.ldapAuthenticateInContext(XWikiLDAPAuthServiceImpl.java:608) >> at >> org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWikiLDAPAuthServiceImpl.java:334) >> at >> org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl.authenticate(XWikiLDAPAuthServiceImpl.java:268) >> at >> com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.authenticate(MyFormAuthenticator.java:272) >> at >> com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:192) >> at >> com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:174) >> at >> com.xpn.xwiki.user.impl.xwiki.XWikiAuthServiceImpl.checkAuth(XWikiAuthServiceImpl.java:239) >> at >> org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl.checkAuth(XWikiLDAPAuthServiceImpl.java:163) >> at com.xpn.xwiki.XWiki.checkAuth(XWiki.java:3782) >> at >> org.xwiki.security.authorization.internal.XWikiCachingRightService.authenticateUser(XWikiCachingRightService.java:242) >> at >> org.xwiki.security.authorization.internal.XWikiCachingRightService.checkAccess(XWikiCachingRightService.java:272) >> at com.xpn.xwiki.XWiki.checkAccess(XWiki.java:3800) >> at com.xpn.xwiki.XWiki.prepareDocuments(XWiki.java:4850) >> at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:364) >> at com.xpn.xwiki.web.XWikiAction.execute(
Re: [xwiki-users] XWiki Docker in Prod
XWiki tried to find an entry in the LDAP server with the field "cn" having the value "lmdizon-itx". Either this uid does not exist or you need to set a different field using the property xwiki.authentication.ldap.UID_attr (cn is the default). On Thu, May 11, 2017 at 6:20 PM, Lester Marc Dizon (ITX) wrote: > @Thomas Froehlich thanks it works and I see LDAP debug logs! @Vincent Massol > , with Thomas way, I find the LDAP logs in "/var/lib/tomcat8/logs/xwiki.log" . > > I added the following configuration in xwiki.cfg but it still doesn't work: > xwiki.authentication.authclass=org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl > xwiki.authentication.ldap.trylocal=1 > xwiki.authentication.ldap=1 > xwiki.authentication.ldap.server=10.50.0.26 > xwiki.authentication.ldap.port=389 > xwiki.authentication.ldap.base_DN=OU=Standards,OU=Accounts,OU=_ITX,DC=itx,DC=local > xwiki.authentication.ldap.bind_DN=CN=Lester Marc Dizon > (ITX),OU=Standards,OU=Accounts,OU=_ITX,DC=itx,DC=local > xwiki.authentication.ldap.bind_pass=mypassword > > I have the following errors: > 81954 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] TRACE > o.x.c.ldap.XWikiLDAPAuthServiceImpl - Starting LDAP authentication > 81955 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG > o.x.c.ldap.XWikiLDAPAuthServiceImpl - The provided user is null. We don't try > to authenticate, it probably means the user is in non logged mode. > 81955 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] TRACE > o.x.c.ldap.XWikiLDAPAuthServiceImpl - Starting LDAP authentication > 81956 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG > o.x.contrib.ldap.XWikiLDAPConfig - remoteUserParser: null > 82020 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG > o.x.contrib.ldap.XWikiLDAPConfig - ldap_group_classes: [groupofnames, > posixgroup, apple-group, groupofuniquenames, dynamicgroup, > groupwisedistributionlist, group, dynamicgroupaux] > 82021 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG > o.x.contrib.ldap.XWikiLDAPConfig - ldap_group_memberfields: [uniquemember, > memberuid, member] > 82201 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG > o.x.c.ldap.XWikiLDAPConnection - Connection to LDAP server [10.50.0.26:389] > 82217 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG > o.x.c.ldap.XWikiLDAPConnection - Binding to LDAP server with credentials > login=[CN=Lester Marc Dizon > (ITX),OU=Standards,OU=Accounts,OU=_ITX,DC=itx,DC=local] > 83172 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG > o.xwiki.contrib.ldap.XWikiLDAPUtils - Searching for the user in LDAP: user > [lmdizon-itx] base [OU=Standards,OU=Accounts,OU=_ITX,DC=itx,DC=local] query > [(cn=lmdizon-itx)] uid [cn] > 83180 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG > o.x.c.ldap.XWikiLDAPConnection - LDAP search: > baseDN=[OU=Standards,OU=Accounts,OU=_ITX,DC=itx,DC=local] > query=[(cn=lmdizon-itx)] attr=[null] ldapScope=[2] > 83253 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG > o.x.c.ldap.XWikiLDAPAuthServiceImpl - Local LDAP authentication failed. > com.xpn.xwiki.XWikiException: Error number 8001 in 8: Can't find LDAP user DN > for input [lmdizon-itx] > at > org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl.ldapAuthenticateInContext(XWikiLDAPAuthServiceImpl.java:608) > at > org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWikiLDAPAuthServiceImpl.java:334) > at > org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl.authenticate(XWikiLDAPAuthServiceImpl.java:268) > at > com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.authenticate(MyFormAuthenticator.java:272) > at > com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:192) > at > com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:174) > at > com.xpn.xwiki.user.impl.xwiki.XWikiAuthServiceImpl.checkAuth(XWikiAuthServiceImpl.java:239) > at > org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl.checkAuth(XWikiLDAPAuthServiceImpl.java:163) > at com.xpn.xwiki.XWiki.checkAuth(XWiki.java:3782) > at > org.xwiki.security.authorization.internal.XWikiCachingRightService.authenticateUser(XWikiCachingRightService.java:242) > at > org.xwiki.security.authorization.internal.XWikiCachingRightService.checkAccess(XWikiCachingRightService.java:272) > at com.xpn.xwiki.XWiki.checkAccess(XWiki.java:3800) > at com.xpn.xwiki.XWiki.prepareDocuments(XWiki.java:4850) > at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:364) > at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:210) > at > org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:425) > at > org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:228) > at > org.apache.struts.act
Re: [xwiki-users] XWiki Docker in Prod
@Thomas Froehlich thanks it works and I see LDAP debug logs! @Vincent Massol , with Thomas way, I find the LDAP logs in "/var/lib/tomcat8/logs/xwiki.log" . I added the following configuration in xwiki.cfg but it still doesn't work: xwiki.authentication.authclass=org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl xwiki.authentication.ldap.trylocal=1 xwiki.authentication.ldap=1 xwiki.authentication.ldap.server=10.50.0.26 xwiki.authentication.ldap.port=389 xwiki.authentication.ldap.base_DN=OU=Standards,OU=Accounts,OU=_ITX,DC=itx,DC=local xwiki.authentication.ldap.bind_DN=CN=Lester Marc Dizon (ITX),OU=Standards,OU=Accounts,OU=_ITX,DC=itx,DC=local xwiki.authentication.ldap.bind_pass=mypassword I have the following errors: 81954 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] TRACE o.x.c.ldap.XWikiLDAPAuthServiceImpl - Starting LDAP authentication 81955 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.ldap.XWikiLDAPAuthServiceImpl - The provided user is null. We don't try to authenticate, it probably means the user is in non logged mode. 81955 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] TRACE o.x.c.ldap.XWikiLDAPAuthServiceImpl - Starting LDAP authentication 81956 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.contrib.ldap.XWikiLDAPConfig - remoteUserParser: null 82020 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.contrib.ldap.XWikiLDAPConfig - ldap_group_classes: [groupofnames, posixgroup, apple-group, groupofuniquenames, dynamicgroup, groupwisedistributionlist, group, dynamicgroupaux] 82021 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.contrib.ldap.XWikiLDAPConfig - ldap_group_memberfields: [uniquemember, memberuid, member] 82201 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.ldap.XWikiLDAPConnection - Connection to LDAP server [10.50.0.26:389] 82217 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.ldap.XWikiLDAPConnection - Binding to LDAP server with credentials login=[CN=Lester Marc Dizon (ITX),OU=Standards,OU=Accounts,OU=_ITX,DC=itx,DC=local] 83172 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.xwiki.contrib.ldap.XWikiLDAPUtils - Searching for the user in LDAP: user [lmdizon-itx] base [OU=Standards,OU=Accounts,OU=_ITX,DC=itx,DC=local] query [(cn=lmdizon-itx)] uid [cn] 83180 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.ldap.XWikiLDAPConnection - LDAP search: baseDN=[OU=Standards,OU=Accounts,OU=_ITX,DC=itx,DC=local] query=[(cn=lmdizon-itx)] attr=[null] ldapScope=[2] 83253 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.ldap.XWikiLDAPAuthServiceImpl - Local LDAP authentication failed. com.xpn.xwiki.XWikiException: Error number 8001 in 8: Can't find LDAP user DN for input [lmdizon-itx] at org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl.ldapAuthenticateInContext(XWikiLDAPAuthServiceImpl.java:608) at org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWikiLDAPAuthServiceImpl.java:334) at org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl.authenticate(XWikiLDAPAuthServiceImpl.java:268) at com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.authenticate(MyFormAuthenticator.java:272) at com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:192) at com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:174) at com.xpn.xwiki.user.impl.xwiki.XWikiAuthServiceImpl.checkAuth(XWikiAuthServiceImpl.java:239) at org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl.checkAuth(XWikiLDAPAuthServiceImpl.java:163) at com.xpn.xwiki.XWiki.checkAuth(XWiki.java:3782) at org.xwiki.security.authorization.internal.XWikiCachingRightService.authenticateUser(XWikiCachingRightService.java:242) at org.xwiki.security.authorization.internal.XWikiCachingRightService.checkAccess(XWikiCachingRightService.java:272) at com.xpn.xwiki.XWiki.checkAccess(XWiki.java:3800) at com.xpn.xwiki.XWiki.prepareDocuments(XWiki.java:4850) at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:364) at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:210) at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:425) at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:228) at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1913) at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:462) at javax.servlet.http.HttpServlet.service(HttpServlet.java:661) at javax.servlet.http.HttpServlet.service(HttpServlet.java:742) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
Re: [xwiki-users] XWiki Docker in Prod
Hi, > On 10 May 2017, at 18:44, Lester Marc Dizon (ITX) wrote: > > Works better with xwiki.authentication.ldap.trylocal=1, thanks . However I > don't see any LDAP debug logs. I have the following logs in > /usr/local/tomcat/logs/*: > - catalina.2017-05-10.log ^^ I guess it’s this one then. Seems this Tomcat is configured to use log4j: https://tomcat.apache.org/tomcat-6.0-doc/logging.html#Using_Log4j # Define all the appenders log4j.appender.CATALINA=org.apache.log4j.DailyRollingFileAppender log4j.appender.CATALINA.File=${catalina.base}/logs/catalina. log4j.appender.CATALINA.Append=true log4j.appender.CATALINA.Encoding=UTF-8 # Roll-over the log once per day log4j.appender.CATALINA.DatePattern='.'-MM-dd'.log' log4j.appender.CATALINA.layout = org.apache.log4j.PatternLayout log4j.appender.CATALINA.layout.ConversionPattern = %d [%t] %-5p %c- %m%n Thanks -Vincent > - host-manager.2017-05-10.log > - localhost.2017-05-10.log > - localhost_access_log.2017-05-10.txt > - manager.2017-05-10.log > > http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Logging states that > Tomcat on unix will capture stdout and add logs to the > tomcat/logs/catalina.out file. However made a find on "catalina.out" but > nothing. Any clues where to find those LDAP logs? > > Thanks, > Lester > > -Original Message- > From: users [mailto:users-boun...@xwiki.org] On Behalf Of Thomas Mortagne > Sent: mercredi 10 mai 2017 17:38 > To: XWiki Users > Subject: Re: [xwiki-users] XWiki Docker in Prod > > On Wed, May 10, 2017 at 5:25 PM, Lester Marc Dizon (ITX) > wrote: >> Thank you for your responses. I'm new to this community and happy to see you >> guys are very responsive. >> >> @Thomas, I have followed your wiki pages. The moment I add >> "xwiki.authentication.authclass=org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl" >> in xwiki.cfg , I can't login anymore even with the local admin account. I >> get a 401 http status code in >> "/usr/local/tomcat/logs/localhost_access_log.2017-05-10.txt". > > This is because by default the LDAP authenticator does not fallback on > standard XWiki auth. See xwiki.authentication.ldap.trylocal property in the > documentation. > >> Can you tell me where and which logfile I should check when I've added >> in >> "WEB-INF/classes/logback.xml"? > > Whatever is the application server log file in the docker image. > Vincent should know better. > >> >> @Vincent, running with Docker seems to work very well except for my issues >> with LDAP. Also, I can ping the LDAP Server inside the XWiki container. I >> really need to check a logfile to know where it is failing but I don't know >> where to find it. >> >> Thanks, >> Lester >>