Hi alex
I think that you use an Active Directory LDAP Server.
For this case, we have created a technical user called "LDAPBrowser" that has
the right to search in the whole AD server
The parameter "xwiki.authentication.ldap.bind_DN" is filled with the full DN,
and " xwiki.authentication.ldap.bind_pass" contains the password of this user.
Then "xwiki.authentication.ldap.base_DN" points to the branch of our LDAP
So the LDAP section of our xwifi.cfg file looks like this :
xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl
xwiki.authentication.ldap=1
xwiki.authentication.ldap.server=10.69.1.1
xwiki.authentication.ldap.port=389
xwiki.authentication.ldap.bind_DN=CN=LDAPBrowser,OU=XXX,OU=YYY,DC=ZZZ,DC=lan
xwiki.authentication.ldap.bind_pass=X
xwiki.authentication.ldap.base_DN=OU=YYY,DC=ZZZ,DC=lan
xwiki.authentication.ldap.UID_attr=sAMAccountName
xwiki.authentication.ldap.fields_mapping=name=sAMAccountName,last_name=sn,first_name=givenName,fullname=displayName,email=mail,ldap_dn=dn
xwiki.authentication.ldap.update_user=1
Hope it helps,
Laurent
-Message d'origine-
De : users [mailto:users-boun...@xwiki.org] De la part de Alex Moruz
Envoyé : jeudi 9 avril 2015 15:31
À : users@xwiki.org
Objet : [xwiki-users] xwiki LDAP configuration
Hello,
I am trying to connect to an LDAP server using the LDAP Admin Application and
failing. The settings I have configured are as follows:
- LDAP - enabled
- LDAP SERVER ADDRESS - server IP address
- LDAP SERVER PORT - 389
- LDAP LOGIN MATCHING - cn={0},ou=people,dc=info,dc=uaic,dc=ro
- LDAP PASSWORD MATCHING - {1}
- TRY LOCAL LOGIN - yes
- UPDATE USER FROM LDAP AFTER LOGIN - yes
- LDAP USER FIELDS MAPPING - last_name=sn,first_name=givenName,email=mail
Everything else is left blank, and in the xwiki.cfg file, the only uncommented
line is
xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl
Every time I try to log in using LDAP credentials the attempt fails with the
log entry given at the end of the message. I have also tried the exact same
settings in the xwiki.cfg file, with the same error message.
The server I am using is Tomcat, and the xwiki version is 6.4.
Best regards,
Alex Moruz
2015-04-09 16:28:13,172
[http://127.0.0.1:8080/xwiki-enterprise-web-6.4/bin/loginsubmit/XWiki/XWikiLogin]
TRACE u.i.L.XWikiLDAPAuthServiceImpl - Starting LDAP authentication
2015-04-09 16:28:13,185
[http://127.0.0.1:8080/xwiki-enterprise-web-6.4/bin/loginsubmit/XWiki/XWikiLogin]
DEBUG u.i.L.XWikiLDAPAuthServiceImpl - The provided user is null. We don't try
to authenticate, it probably means the user is in non logged mode.
2015-04-09 16:28:13,185
[http://127.0.0.1:8080/xwiki-enterprise-web-6.4/bin/loginsubmit/XWiki/XWikiLogin]
TRACE u.i.L.XWikiLDAPAuthServiceImpl - Starting LDAP authentication
2015-04-09 16:28:13,229
[http://127.0.0.1:8080/xwiki-enterprise-web-6.4/bin/loginsubmit/XWiki/XWikiLogin]
DEBUG u.i.L.XWikiLDAPAuthServiceImpl - Local LDAP authentication failed.
com.xpn.xwiki.plugin.ldap.XWikiLDAPException: Error number 0 in 5: LDAP bind
failed with LDAPException.
at
com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:197)
~[xwiki-platform-ldap-authenticator-6.4.jar:na]
at
com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:125)
~[xwiki-platform-ldap-authenticator-6.4.jar:na]
at
com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticateInContext(XWikiLDAPAuthServiceImpl.java:305)
[xwiki-platform-ldap-authenticator-6.4.jar:na]
at
com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWikiLDAPAuthServiceImpl.java:182)
[xwiki-platform-ldap-authenticator-6.4.jar:na]
at
com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.authenticate(XWikiLDAPAuthServiceImpl.java:129)
[xwiki-platform-ldap-authenticator-6.4.jar:na]
at
com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.authenticate(MyFormAuthenticator.java:272)
[xwiki-platform-legacy-oldcore-6.4.jar:na]
at
com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:192)
[xwiki-platform-legacy-oldcore-6.4.jar:na]
at
com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:174)
[xwiki-platform-legacy-oldcore-6.4.jar:na]
at
com.xpn.xwiki.user.impl.xwiki.XWikiAuthServiceImpl.checkAuth(XWikiAuthServiceImpl.java:239)
[xwiki-platform-legacy-oldcore-6.4.jar:na]
at com.xpn.xwiki.XWiki.checkAuth(XWiki.java:3293)
[xwiki-platform-legacy-oldcore-6.4.jar:na]
at
org.xwiki.security.authorization.internal.XWikiCachingRightService.authenticateUser(XWikiCachingRightService.java:241)
[xwiki-platform-security-bridge-6.4.jar:na]
at
org.xwiki.security.authorization.internal.XWikiCachingRightService.checkAccess(XWikiCachingRightService.java:271)
[xwiki-platform-security-bridge-6.4.jar:na]
at com.xpn.xwiki.XWiki.checkAccess(XWiki.java:3306)
[xwiki-platform-legacy-oldcore-6.4.