Re: [xwiki-users] XWiki Docker in Prod

[Thomas Mortagne]

You have various examples
http://extensions.xwiki.org/xwiki/bin/view/Extension/LDAP/Authenticator/UseCases/.

On Thu, May 11, 2017 at 7:03 PM, Thomas Mortagne
 wrote:
> XWiki tried to find an entry in the LDAP server with the field "cn"
> having the value "lmdizon-itx". Either this uid does not exist or you
> need to set a different field using the property
> xwiki.authentication.ldap.UID_attr (cn is the default).
>
> On Thu, May 11, 2017 at 6:20 PM, Lester Marc Dizon (ITX)
>  wrote:
>> @Thomas Froehlich thanks it works and I see LDAP debug logs! @Vincent Massol 
>> , with Thomas way, I find the LDAP logs in "/var/lib/tomcat8/logs/xwiki.log" 
>> .
>>
>> I added the following configuration in xwiki.cfg but it still doesn't work:
>> xwiki.authentication.authclass=org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl
>> xwiki.authentication.ldap.trylocal=1
>> xwiki.authentication.ldap=1
>> xwiki.authentication.ldap.server=10.50.0.26
>> xwiki.authentication.ldap.port=389
>> xwiki.authentication.ldap.base_DN=OU=Standards,OU=Accounts,OU=_ITX,DC=itx,DC=local
>> xwiki.authentication.ldap.bind_DN=CN=Lester Marc Dizon 
>> (ITX),OU=Standards,OU=Accounts,OU=_ITX,DC=itx,DC=local
>> xwiki.authentication.ldap.bind_pass=mypassword
>>
>> I have the following errors:
>> 81954 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] TRACE 
>> o.x.c.ldap.XWikiLDAPAuthServiceImpl - Starting LDAP authentication
>> 81955 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG 
>> o.x.c.ldap.XWikiLDAPAuthServiceImpl - The provided user is null. We don't 
>> try to authenticate, it probably means the user is in non logged mode.
>> 81955 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] TRACE 
>> o.x.c.ldap.XWikiLDAPAuthServiceImpl - Starting LDAP authentication
>> 81956 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG 
>> o.x.contrib.ldap.XWikiLDAPConfig - remoteUserParser: null
>> 82020 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG 
>> o.x.contrib.ldap.XWikiLDAPConfig - ldap_group_classes: [groupofnames, 
>> posixgroup, apple-group, groupofuniquenames, dynamicgroup, 
>> groupwisedistributionlist, group, dynamicgroupaux]
>> 82021 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG 
>> o.x.contrib.ldap.XWikiLDAPConfig - ldap_group_memberfields: [uniquemember, 
>> memberuid, member]
>> 82201 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG 
>> o.x.c.ldap.XWikiLDAPConnection - Connection to LDAP server [10.50.0.26:389]
>> 82217 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG 
>> o.x.c.ldap.XWikiLDAPConnection - Binding to LDAP server with credentials 
>> login=[CN=Lester Marc Dizon 
>> (ITX),OU=Standards,OU=Accounts,OU=_ITX,DC=itx,DC=local]
>> 83172 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG 
>> o.xwiki.contrib.ldap.XWikiLDAPUtils - Searching for the user in LDAP: user 
>> [lmdizon-itx] base [OU=Standards,OU=Accounts,OU=_ITX,DC=itx,DC=local] query 
>> [(cn=lmdizon-itx)] uid [cn]
>> 83180 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG 
>> o.x.c.ldap.XWikiLDAPConnection - LDAP search: 
>> baseDN=[OU=Standards,OU=Accounts,OU=_ITX,DC=itx,DC=local] 
>> query=[(cn=lmdizon-itx)] attr=[null] ldapScope=[2]
>> 83253 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG 
>> o.x.c.ldap.XWikiLDAPAuthServiceImpl - Local LDAP authentication failed.
>> com.xpn.xwiki.XWikiException: Error number 8001 in 8: Can't find LDAP user 
>> DN for input [lmdizon-itx]
>> at 
>> org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl.ldapAuthenticateInContext(XWikiLDAPAuthServiceImpl.java:608)
>> at 
>> org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWikiLDAPAuthServiceImpl.java:334)
>> at 
>> org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl.authenticate(XWikiLDAPAuthServiceImpl.java:268)
>> at 
>> com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.authenticate(MyFormAuthenticator.java:272)
>> at 
>> com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:192)
>> at 
>> com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:174)
>> at 
>> com.xpn.xwiki.user.impl.xwiki.XWikiAuthServiceImpl.checkAuth(XWikiAuthServiceImpl.java:239)
>> at 
>> org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl.checkAuth(XWikiLDAPAuthServiceImpl.java:163)
>> at com.xpn.xwiki.XWiki.checkAuth(XWiki.java:3782)
>> at 
>> org.xwiki.security.authorization.internal.XWikiCachingRightService.authenticateUser(XWikiCachingRightService.java:242)
>> at 
>> org.xwiki.security.authorization.internal.XWikiCachingRightService.checkAccess(XWikiCachingRightService.java:272)
>> at com.xpn.xwiki.XWiki.checkAccess(XWiki.java:3800)
>> at com.xpn.xwiki.XWiki.prepareDocuments(XWiki.java:4850)
>> at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:364)
>> at com.xpn.xwiki.web.XWikiAction.execute(

Re: [xwiki-users] XWiki Docker in Prod

[Thomas Mortagne]

XWiki tried to find an entry in the LDAP server with the field "cn"
having the value "lmdizon-itx". Either this uid does not exist or you
need to set a different field using the property
xwiki.authentication.ldap.UID_attr (cn is the default).

On Thu, May 11, 2017 at 6:20 PM, Lester Marc Dizon (ITX)
 wrote:
> @Thomas Froehlich thanks it works and I see LDAP debug logs! @Vincent Massol 
> , with Thomas way, I find the LDAP logs in "/var/lib/tomcat8/logs/xwiki.log" .
>
> I added the following configuration in xwiki.cfg but it still doesn't work:
> xwiki.authentication.authclass=org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl
> xwiki.authentication.ldap.trylocal=1
> xwiki.authentication.ldap=1
> xwiki.authentication.ldap.server=10.50.0.26
> xwiki.authentication.ldap.port=389
> xwiki.authentication.ldap.base_DN=OU=Standards,OU=Accounts,OU=_ITX,DC=itx,DC=local
> xwiki.authentication.ldap.bind_DN=CN=Lester Marc Dizon 
> (ITX),OU=Standards,OU=Accounts,OU=_ITX,DC=itx,DC=local
> xwiki.authentication.ldap.bind_pass=mypassword
>
> I have the following errors:
> 81954 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] TRACE 
> o.x.c.ldap.XWikiLDAPAuthServiceImpl - Starting LDAP authentication
> 81955 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG 
> o.x.c.ldap.XWikiLDAPAuthServiceImpl - The provided user is null. We don't try 
> to authenticate, it probably means the user is in non logged mode.
> 81955 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] TRACE 
> o.x.c.ldap.XWikiLDAPAuthServiceImpl - Starting LDAP authentication
> 81956 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG 
> o.x.contrib.ldap.XWikiLDAPConfig - remoteUserParser: null
> 82020 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG 
> o.x.contrib.ldap.XWikiLDAPConfig - ldap_group_classes: [groupofnames, 
> posixgroup, apple-group, groupofuniquenames, dynamicgroup, 
> groupwisedistributionlist, group, dynamicgroupaux]
> 82021 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG 
> o.x.contrib.ldap.XWikiLDAPConfig - ldap_group_memberfields: [uniquemember, 
> memberuid, member]
> 82201 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG 
> o.x.c.ldap.XWikiLDAPConnection - Connection to LDAP server [10.50.0.26:389]
> 82217 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG 
> o.x.c.ldap.XWikiLDAPConnection - Binding to LDAP server with credentials 
> login=[CN=Lester Marc Dizon 
> (ITX),OU=Standards,OU=Accounts,OU=_ITX,DC=itx,DC=local]
> 83172 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG 
> o.xwiki.contrib.ldap.XWikiLDAPUtils - Searching for the user in LDAP: user 
> [lmdizon-itx] base [OU=Standards,OU=Accounts,OU=_ITX,DC=itx,DC=local] query 
> [(cn=lmdizon-itx)] uid [cn]
> 83180 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG 
> o.x.c.ldap.XWikiLDAPConnection - LDAP search: 
> baseDN=[OU=Standards,OU=Accounts,OU=_ITX,DC=itx,DC=local] 
> query=[(cn=lmdizon-itx)] attr=[null] ldapScope=[2]
> 83253 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG 
> o.x.c.ldap.XWikiLDAPAuthServiceImpl - Local LDAP authentication failed.
> com.xpn.xwiki.XWikiException: Error number 8001 in 8: Can't find LDAP user DN 
> for input [lmdizon-itx]
> at 
> org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl.ldapAuthenticateInContext(XWikiLDAPAuthServiceImpl.java:608)
> at 
> org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWikiLDAPAuthServiceImpl.java:334)
> at 
> org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl.authenticate(XWikiLDAPAuthServiceImpl.java:268)
> at 
> com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.authenticate(MyFormAuthenticator.java:272)
> at 
> com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:192)
> at 
> com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:174)
> at 
> com.xpn.xwiki.user.impl.xwiki.XWikiAuthServiceImpl.checkAuth(XWikiAuthServiceImpl.java:239)
> at 
> org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl.checkAuth(XWikiLDAPAuthServiceImpl.java:163)
> at com.xpn.xwiki.XWiki.checkAuth(XWiki.java:3782)
> at 
> org.xwiki.security.authorization.internal.XWikiCachingRightService.authenticateUser(XWikiCachingRightService.java:242)
> at 
> org.xwiki.security.authorization.internal.XWikiCachingRightService.checkAccess(XWikiCachingRightService.java:272)
> at com.xpn.xwiki.XWiki.checkAccess(XWiki.java:3800)
> at com.xpn.xwiki.XWiki.prepareDocuments(XWiki.java:4850)
> at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:364)
> at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:210)
> at 
> org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:425)
> at 
> org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:228)
> at 
> org.apache.struts.act

Re: [xwiki-users] XWiki Docker in Prod

[Lester Marc Dizon (ITX)]

@Thomas Froehlich thanks it works and I see LDAP debug logs! @Vincent Massol , 
with Thomas way, I find the LDAP logs in "/var/lib/tomcat8/logs/xwiki.log" .

I added the following configuration in xwiki.cfg but it still doesn't work:
xwiki.authentication.authclass=org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl
xwiki.authentication.ldap.trylocal=1
xwiki.authentication.ldap=1
xwiki.authentication.ldap.server=10.50.0.26
xwiki.authentication.ldap.port=389
xwiki.authentication.ldap.base_DN=OU=Standards,OU=Accounts,OU=_ITX,DC=itx,DC=local
xwiki.authentication.ldap.bind_DN=CN=Lester Marc Dizon 
(ITX),OU=Standards,OU=Accounts,OU=_ITX,DC=itx,DC=local
xwiki.authentication.ldap.bind_pass=mypassword

I have the following errors:
81954 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] TRACE 
o.x.c.ldap.XWikiLDAPAuthServiceImpl - Starting LDAP authentication
81955 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG 
o.x.c.ldap.XWikiLDAPAuthServiceImpl - The provided user is null. We don't try 
to authenticate, it probably means the user is in non logged mode.
81955 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] TRACE 
o.x.c.ldap.XWikiLDAPAuthServiceImpl - Starting LDAP authentication
81956 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG 
o.x.contrib.ldap.XWikiLDAPConfig - remoteUserParser: null
82020 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG 
o.x.contrib.ldap.XWikiLDAPConfig - ldap_group_classes: [groupofnames, 
posixgroup, apple-group, groupofuniquenames, dynamicgroup, 
groupwisedistributionlist, group, dynamicgroupaux]
82021 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG 
o.x.contrib.ldap.XWikiLDAPConfig - ldap_group_memberfields: [uniquemember, 
memberuid, member]
82201 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG 
o.x.c.ldap.XWikiLDAPConnection - Connection to LDAP server [10.50.0.26:389]
82217 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG 
o.x.c.ldap.XWikiLDAPConnection - Binding to LDAP server with credentials 
login=[CN=Lester Marc Dizon 
(ITX),OU=Standards,OU=Accounts,OU=_ITX,DC=itx,DC=local]
83172 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG 
o.xwiki.contrib.ldap.XWikiLDAPUtils - Searching for the user in LDAP: user 
[lmdizon-itx] base [OU=Standards,OU=Accounts,OU=_ITX,DC=itx,DC=local] query 
[(cn=lmdizon-itx)] uid [cn]
83180 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG 
o.x.c.ldap.XWikiLDAPConnection - LDAP search: 
baseDN=[OU=Standards,OU=Accounts,OU=_ITX,DC=itx,DC=local] 
query=[(cn=lmdizon-itx)] attr=[null] ldapScope=[2]
83253 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG 
o.x.c.ldap.XWikiLDAPAuthServiceImpl - Local LDAP authentication failed.
com.xpn.xwiki.XWikiException: Error number 8001 in 8: Can't find LDAP user DN 
for input [lmdizon-itx]
at 
org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl.ldapAuthenticateInContext(XWikiLDAPAuthServiceImpl.java:608)
at 
org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWikiLDAPAuthServiceImpl.java:334)
at 
org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl.authenticate(XWikiLDAPAuthServiceImpl.java:268)
at 
com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.authenticate(MyFormAuthenticator.java:272)
at 
com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:192)
at 
com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:174)
at 
com.xpn.xwiki.user.impl.xwiki.XWikiAuthServiceImpl.checkAuth(XWikiAuthServiceImpl.java:239)
at 
org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl.checkAuth(XWikiLDAPAuthServiceImpl.java:163)
at com.xpn.xwiki.XWiki.checkAuth(XWiki.java:3782)
at 
org.xwiki.security.authorization.internal.XWikiCachingRightService.authenticateUser(XWikiCachingRightService.java:242)
at 
org.xwiki.security.authorization.internal.XWikiCachingRightService.checkAccess(XWikiCachingRightService.java:272)
at com.xpn.xwiki.XWiki.checkAccess(XWiki.java:3800)
at com.xpn.xwiki.XWiki.prepareDocuments(XWiki.java:4850)
at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:364)
at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:210)
at 
org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:425)
at 
org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:228)
at 
org.apache.struts.action.ActionServlet.process(ActionServlet.java:1913)
at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:462)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:661)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:742)
at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF

Re: [xwiki-users] XWiki Docker in Prod

[Vincent Massol]

Hi,

> On 10 May 2017, at 18:44, Lester Marc Dizon (ITX)  wrote:
> 
> Works better with xwiki.authentication.ldap.trylocal=1, thanks . However I 
> don't see any LDAP debug logs. I have the following logs in 
> /usr/local/tomcat/logs/*:
> - catalina.2017-05-10.log

^^ I guess it’s this one then.

Seems this Tomcat is configured to use log4j: 
https://tomcat.apache.org/tomcat-6.0-doc/logging.html#Using_Log4j

# Define all the appenders
log4j.appender.CATALINA=org.apache.log4j.DailyRollingFileAppender
log4j.appender.CATALINA.File=${catalina.base}/logs/catalina.
log4j.appender.CATALINA.Append=true
log4j.appender.CATALINA.Encoding=UTF-8
# Roll-over the log once per day
log4j.appender.CATALINA.DatePattern='.'-MM-dd'.log'
log4j.appender.CATALINA.layout = org.apache.log4j.PatternLayout
log4j.appender.CATALINA.layout.ConversionPattern = %d [%t] %-5p %c- %m%n

Thanks
-Vincent


> - host-manager.2017-05-10.log
> - localhost.2017-05-10.log
> - localhost_access_log.2017-05-10.txt
> - manager.2017-05-10.log
> 
> http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Logging states that 
> Tomcat on unix will capture stdout and add logs to the 
> tomcat/logs/catalina.out file. However made a find on "catalina.out" but 
> nothing. Any clues where to find those LDAP logs?
> 
> Thanks,
> Lester
> 
> -Original Message-
> From: users [mailto:users-boun...@xwiki.org] On Behalf Of Thomas Mortagne
> Sent: mercredi 10 mai 2017 17:38
> To: XWiki Users 
> Subject: Re: [xwiki-users] XWiki Docker in Prod
> 
> On Wed, May 10, 2017 at 5:25 PM, Lester Marc Dizon (ITX)  
> wrote:
>> Thank you for your responses. I'm new to this community and happy to see you 
>> guys are very responsive.
>> 
>> @Thomas,  I have followed your wiki pages. The moment I add 
>> "xwiki.authentication.authclass=org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl"
>>  in xwiki.cfg ,  I can't login anymore even with the local admin account. I 
>> get a 401 http status code in 
>> "/usr/local/tomcat/logs/localhost_access_log.2017-05-10.txt".
> 
> This is because by default the LDAP authenticator does not fallback on 
> standard XWiki auth. See xwiki.authentication.ldap.trylocal property in the 
> documentation.
> 
>> Can you tell me where and which logfile I should check when I've added 
>>  in 
>> "WEB-INF/classes/logback.xml"?
> 
> Whatever is the application server log file in the docker image.
> Vincent should know better.
> 
>> 
>> @Vincent, running with Docker seems to work very well except for my issues 
>> with LDAP. Also, I can ping the LDAP Server inside the XWiki container. I 
>> really need to check a logfile to know where it is failing but I don't know 
>> where to find it.
>> 
>> Thanks,
>> Lester
>>