Re: [xwiki-users] Help with LDAP
AD requires* an authenticated bind.
*unless anonymous bind has been specifically enabled
Cheers
Sent on the move
On 30 Jan 2013, at 17:04, Jeremie BOUSQUET wrote:
> Hi,
>
> Are you sure you need to authenticate for ldap bind, and if yes, of the
> user/pwd ?
> During my little experience, I've encountered ldap bind with anonymous
> access, or with specific admin account.
> (binding is not authentication)
>
> "provided user is null" seems a bit strange.
> But I'm no ldap expert...
> Le 30 janv. 2013 17:47, "Pape, Barry" a écrit :
>
>> Greetings Xwiki Gurus,
>>
>> I've been trying to get our installation authenticating with LDAP and am
>> having no luck. We are running XWiki 4.3 in Tomcat 7.0.34 on Windows
>> Server 2008 R2 Standard. I have installed the LDAP Application Extension
>> and tried configuring it both through the web interface and xwiki.config
>> with no success. Every time I attempt to login I receive an Invalid
>> Credentials error (stack trace below,) and the LDAP section from
>> xwiki.config file is below that. I've tried a number of different values
>> for the server, bind DN, and the base DN, but nothing works. Any
>> suggestions are greatly appreciated? Is there any additional logging that
>> I can add for more information?
>>
>> Thanks,
>> Barry
>>
>>
>>
>>
>> 2013-01-30 10:12:55,825 [
>> http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X
>> Wiki/XWikiLogin] TRACE u.i.L.XWikiLDAPAuthServiceImpl - Starting LDAP
>> authentica
>> tion
>> 2013-01-30 10:12:55,825 [
>> http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X
>> Wiki/XWikiLogin] DEBUG u.i.L.XWikiLDAPAuthServiceImpl - The provided user
>> is nul
>> l. We don't try to authenticate, it probably means the user is in non
>> logged mod
>> e.
>> 2013-01-30 10:12:55,825 [
>> http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X
>> Wiki/XWikiLogin] TRACE u.i.L.XWikiLDAPAuthServiceImpl - Starting LDAP
>> authentica
>> tion
>> 2013-01-30 10:12:55,840 [
>> http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X
>> Wiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConfig -
>> ldap_group_classes: [gro
>> upofnames, groupwisedistributionlist, dynamicgroup, dynamicgroupaux,
>> groupofuniq
>> uenames, group]
>> 2013-01-30 10:12:55,840 [
>> http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X
>> Wiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConfig -
>> ldap_group_memberfields:
>> [member, uniquemember]
>> 2013-01-30 10:12:55,857 [
>> http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X
>> Wiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConnection - Connection to
>> LDAP serve
>> r [ldap.nov.com:389]
>> 2013-01-30 10:12:55,868 [
>> http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X
>> Wiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConnection - Binding to LDAP
>> server w
>> ith credentials login=[cn=papeb,dc=nov,dc=com]
>> 2013-01-30 10:12:55,928 [
>> http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X
>> Wiki/XWikiLogin] DEBUG u.i.L.XWikiLDAPAuthServiceImpl - Local LDAP
>> authenticatio
>> n failed.
>> com.xpn.xwiki.plugin.ldap.XWikiLDAPException: Error number 0 in 5: LDAP
>> bind fai
>> led with LDAPException.
>> Wrapped Exception: Invalid Credentials
>>at
>> com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnectio
>> n.java:184) ~[xwiki-platform-legacy-oldcore-4.4.jar:na]
>>at
>> com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnectio
>> n.java:113) ~[xwiki-platform-legacy-oldcore-4.4.jar:na]
>>at
>> com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticat
>> eInContext(XWikiLDAPAuthServiceImpl.java:305)
>> [xwiki-platform-legacy-oldcore-4.4
>> .jar:na]
>>
>>
>>
>>
>>
>> #-
>> # LDAP
>>
>> #-
>>
>> #-# LDAP authentication service
>>
>> xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl
>>
>> #-# Turn LDAP authentication on - otherwise only XWiki authentication
>> #-# - 0: disable
>> #-# - 1: enable
>> #-# The default is 0
>> xwiki.authentication.ldap=1
>>
>> #-# LDAP Server (Active Directory, eDirectory, OpenLDAP, etc.)
>> xwiki.authentication.ldap.server=ldap.nov.com
>> xwiki.authentication.ldap.port=389
>>
>> #-# LDAP login, empty = anonymous access, otherwise specify full dn
>> #-# {0} is replaced with the user name, {1} with the password
>> xwiki.authentication.ldap.bind_DN= cn={0},dc=nov,dc=com
>> xwiki.authentication.ldap.bind_pass={1}
>>
>> #-# The Base DN used in LDAP searches
>> xwiki.authentication.ldap.base_DN=dc=nov,dc=com
>>
>> #-# LDAP query to search the user in the LDAP database (in case a static
>> admin user is provided in
>> #-# xwiki.authentication.ldap.bind_DN)
>> #-# {0} is replaced with the user uid field name and {1} with the user name
>> #-# The default is ({0}={1})
>> # xwiki.authentication.ldap.user_search_fmt=({0
Re: [xwiki-users] Help with LDAP
Hi,
Are you sure you need to authenticate for ldap bind, and if yes, of the
user/pwd ?
During my little experience, I've encountered ldap bind with anonymous
access, or with specific admin account.
(binding is not authentication)
"provided user is null" seems a bit strange.
But I'm no ldap expert...
Le 30 janv. 2013 17:47, "Pape, Barry" a écrit :
> Greetings Xwiki Gurus,
>
> I've been trying to get our installation authenticating with LDAP and am
> having no luck. We are running XWiki 4.3 in Tomcat 7.0.34 on Windows
> Server 2008 R2 Standard. I have installed the LDAP Application Extension
> and tried configuring it both through the web interface and xwiki.config
> with no success. Every time I attempt to login I receive an Invalid
> Credentials error (stack trace below,) and the LDAP section from
> xwiki.config file is below that. I've tried a number of different values
> for the server, bind DN, and the base DN, but nothing works. Any
> suggestions are greatly appreciated? Is there any additional logging that
> I can add for more information?
>
> Thanks,
> Barry
>
>
>
>
> 2013-01-30 10:12:55,825 [
> http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X
> Wiki/XWikiLogin] TRACE u.i.L.XWikiLDAPAuthServiceImpl - Starting LDAP
> authentica
> tion
> 2013-01-30 10:12:55,825 [
> http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X
> Wiki/XWikiLogin] DEBUG u.i.L.XWikiLDAPAuthServiceImpl - The provided user
> is nul
> l. We don't try to authenticate, it probably means the user is in non
> logged mod
> e.
> 2013-01-30 10:12:55,825 [
> http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X
> Wiki/XWikiLogin] TRACE u.i.L.XWikiLDAPAuthServiceImpl - Starting LDAP
> authentica
> tion
> 2013-01-30 10:12:55,840 [
> http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X
> Wiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConfig -
> ldap_group_classes: [gro
> upofnames, groupwisedistributionlist, dynamicgroup, dynamicgroupaux,
> groupofuniq
> uenames, group]
> 2013-01-30 10:12:55,840 [
> http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X
> Wiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConfig -
> ldap_group_memberfields:
> [member, uniquemember]
> 2013-01-30 10:12:55,857 [
> http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X
> Wiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConnection - Connection to
> LDAP serve
> r [ldap.nov.com:389]
> 2013-01-30 10:12:55,868 [
> http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X
> Wiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConnection - Binding to LDAP
> server w
> ith credentials login=[cn=papeb,dc=nov,dc=com]
> 2013-01-30 10:12:55,928 [
> http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X
> Wiki/XWikiLogin] DEBUG u.i.L.XWikiLDAPAuthServiceImpl - Local LDAP
> authenticatio
> n failed.
> com.xpn.xwiki.plugin.ldap.XWikiLDAPException: Error number 0 in 5: LDAP
> bind fai
> led with LDAPException.
> Wrapped Exception: Invalid Credentials
> at
> com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnectio
> n.java:184) ~[xwiki-platform-legacy-oldcore-4.4.jar:na]
> at
> com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnectio
> n.java:113) ~[xwiki-platform-legacy-oldcore-4.4.jar:na]
> at
> com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticat
> eInContext(XWikiLDAPAuthServiceImpl.java:305)
> [xwiki-platform-legacy-oldcore-4.4
> .jar:na]
>
>
>
>
>
> #-
> # LDAP
>
> #-
>
> #-# LDAP authentication service
>
> xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl
>
> #-# Turn LDAP authentication on - otherwise only XWiki authentication
> #-# - 0: disable
> #-# - 1: enable
> #-# The default is 0
> xwiki.authentication.ldap=1
>
> #-# LDAP Server (Active Directory, eDirectory, OpenLDAP, etc.)
> xwiki.authentication.ldap.server=ldap.nov.com
> xwiki.authentication.ldap.port=389
>
> #-# LDAP login, empty = anonymous access, otherwise specify full dn
> #-# {0} is replaced with the user name, {1} with the password
> xwiki.authentication.ldap.bind_DN= cn={0},dc=nov,dc=com
> xwiki.authentication.ldap.bind_pass={1}
>
> #-# The Base DN used in LDAP searches
> xwiki.authentication.ldap.base_DN=dc=nov,dc=com
>
> #-# LDAP query to search the user in the LDAP database (in case a static
> admin user is provided in
> #-# xwiki.authentication.ldap.bind_DN)
> #-# {0} is replaced with the user uid field name and {1} with the user name
> #-# The default is ({0}={1})
> # xwiki.authentication.ldap.user_search_fmt=({0}={1})
>
> #-# Only members of the following group will be verified in the LDAP
> #-# otherwise only users that are found after searching starting from the
> base_DN
> #
> xwiki.authentication.ldap.user_group=cn=developers,ou=groups,o=MegaNova,c=US
>
> #-# [Since 1.5RC1, XWikiLDAPAuthServiceImpl]
> #-# Only users not member
Re: [xwiki-users] Help with LDAP
All I can say is that XWiki is able to access server ldap.nov.com with
port 389 and then try to authenticate with user DN
"cn=papeb,dc=nov,dc=com" and whatever password you typed on the login
page but fail.
The possible causes I can think of:
* there is no user with DN "cn=papeb,dc=nov,dc=com" on LDAP server
"ldap.nov.com". You can check with one of the clients listed on
http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication.
* you type the wrong password
On Wed, Jan 30, 2013 at 5:47 PM, Pape, Barry wrote:
> Greetings Xwiki Gurus,
>
> I've been trying to get our installation authenticating with LDAP and am
> having no luck. We are running XWiki 4.3 in Tomcat 7.0.34 on Windows Server
> 2008 R2 Standard. I have installed the LDAP Application Extension and tried
> configuring it both through the web interface and xwiki.config with no
> success. Every time I attempt to login I receive an Invalid Credentials
> error (stack trace below,) and the LDAP section from xwiki.config file is
> below that. I've tried a number of different values for the server, bind DN,
> and the base DN, but nothing works. Any suggestions are greatly appreciated?
> Is there any additional logging that I can add for more information?
>
> Thanks,
> Barry
>
>
>
>
> 2013-01-30 10:12:55,825
> [http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X
> Wiki/XWikiLogin] TRACE u.i.L.XWikiLDAPAuthServiceImpl - Starting LDAP
> authentica
> tion
> 2013-01-30 10:12:55,825
> [http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X
> Wiki/XWikiLogin] DEBUG u.i.L.XWikiLDAPAuthServiceImpl - The provided user is
> nul
> l. We don't try to authenticate, it probably means the user is in non logged
> mod
> e.
> 2013-01-30 10:12:55,825
> [http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X
> Wiki/XWikiLogin] TRACE u.i.L.XWikiLDAPAuthServiceImpl - Starting LDAP
> authentica
> tion
> 2013-01-30 10:12:55,840
> [http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X
> Wiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConfig - ldap_group_classes:
> [gro
> upofnames, groupwisedistributionlist, dynamicgroup, dynamicgroupaux,
> groupofuniq
> uenames, group]
> 2013-01-30 10:12:55,840
> [http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X
> Wiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConfig -
> ldap_group_memberfields:
> [member, uniquemember]
> 2013-01-30 10:12:55,857
> [http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X
> Wiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConnection - Connection to LDAP
> serve
> r [ldap.nov.com:389]
> 2013-01-30 10:12:55,868
> [http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X
> Wiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConnection - Binding to LDAP
> server w
> ith credentials login=[cn=papeb,dc=nov,dc=com]
> 2013-01-30 10:12:55,928
> [http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X
> Wiki/XWikiLogin] DEBUG u.i.L.XWikiLDAPAuthServiceImpl - Local LDAP
> authenticatio
> n failed.
> com.xpn.xwiki.plugin.ldap.XWikiLDAPException: Error number 0 in 5: LDAP bind
> fai
> led with LDAPException.
> Wrapped Exception: Invalid Credentials
> at
> com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnectio
> n.java:184) ~[xwiki-platform-legacy-oldcore-4.4.jar:na]
> at
> com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnectio
> n.java:113) ~[xwiki-platform-legacy-oldcore-4.4.jar:na]
> at
> com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticat
> eInContext(XWikiLDAPAuthServiceImpl.java:305)
> [xwiki-platform-legacy-oldcore-4.4
> .jar:na]
>
>
>
>
> #-
> # LDAP
> #-
>
> #-# LDAP authentication service
> xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl
>
> #-# Turn LDAP authentication on - otherwise only XWiki authentication
> #-# - 0: disable
> #-# - 1: enable
> #-# The default is 0
> xwiki.authentication.ldap=1
>
> #-# LDAP Server (Active Directory, eDirectory, OpenLDAP, etc.)
> xwiki.authentication.ldap.server=ldap.nov.com
> xwiki.authentication.ldap.port=389
>
> #-# LDAP login, empty = anonymous access, otherwise specify full dn
> #-# {0} is replaced with the user name, {1} with the password
> xwiki.authentication.ldap.bind_DN= cn={0},dc=nov,dc=com
> xwiki.authentication.ldap.bind_pass={1}
>
> #-# The Base DN used in LDAP searches
> xwiki.authentication.ldap.base_DN=dc=nov,dc=com
>
> #-# LDAP query to search the user in the LDAP database (in case a static
> admin user is provided in
> #-# xwiki.authentication.ldap.bind_DN)
> #-# {0} is replaced with the user uid field name and {1} with the user name
> #-# The default is ({0}={1})
> # xwiki.authentication.ldap.user_search_fmt=({0}={1})
>
> #-# Only members of the following group will be verified in the LDAP
> #-# otherwise only users that are found after search
[xwiki-users] Help with LDAP
Greetings Xwiki Gurus,
I've been trying to get our installation authenticating with LDAP and am having
no luck. We are running XWiki 4.3 in Tomcat 7.0.34 on Windows Server 2008 R2
Standard. I have installed the LDAP Application Extension and tried
configuring it both through the web interface and xwiki.config with no success.
Every time I attempt to login I receive an Invalid Credentials error (stack
trace below,) and the LDAP section from xwiki.config file is below that. I've
tried a number of different values for the server, bind DN, and the base DN,
but nothing works. Any suggestions are greatly appreciated? Is there any
additional logging that I can add for more information?
Thanks,
Barry
2013-01-30 10:12:55,825 [http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X
Wiki/XWikiLogin] TRACE u.i.L.XWikiLDAPAuthServiceImpl - Starting LDAP authentica
tion
2013-01-30 10:12:55,825 [http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X
Wiki/XWikiLogin] DEBUG u.i.L.XWikiLDAPAuthServiceImpl - The provided user is nul
l. We don't try to authenticate, it probably means the user is in non logged mod
e.
2013-01-30 10:12:55,825 [http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X
Wiki/XWikiLogin] TRACE u.i.L.XWikiLDAPAuthServiceImpl - Starting LDAP authentica
tion
2013-01-30 10:12:55,840 [http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X
Wiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConfig - ldap_group_classes: [gro
upofnames, groupwisedistributionlist, dynamicgroup, dynamicgroupaux, groupofuniq
uenames, group]
2013-01-30 10:12:55,840 [http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X
Wiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConfig - ldap_group_memberfields:
[member, uniquemember]
2013-01-30 10:12:55,857 [http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X
Wiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConnection - Connection to LDAP serve
r [ldap.nov.com:389]
2013-01-30 10:12:55,868 [http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X
Wiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConnection - Binding to LDAP server w
ith credentials login=[cn=papeb,dc=nov,dc=com]
2013-01-30 10:12:55,928 [http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X
Wiki/XWikiLogin] DEBUG u.i.L.XWikiLDAPAuthServiceImpl - Local LDAP authenticatio
n failed.
com.xpn.xwiki.plugin.ldap.XWikiLDAPException: Error number 0 in 5: LDAP bind fai
led with LDAPException.
Wrapped Exception: Invalid Credentials
at com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnectio
n.java:184) ~[xwiki-platform-legacy-oldcore-4.4.jar:na]
at com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnectio
n.java:113) ~[xwiki-platform-legacy-oldcore-4.4.jar:na]
at com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticat
eInContext(XWikiLDAPAuthServiceImpl.java:305) [xwiki-platform-legacy-oldcore-4.4
.jar:na]
#-
# LDAP
#-
#-# LDAP authentication service
xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl
#-# Turn LDAP authentication on - otherwise only XWiki authentication
#-# - 0: disable
#-# - 1: enable
#-# The default is 0
xwiki.authentication.ldap=1
#-# LDAP Server (Active Directory, eDirectory, OpenLDAP, etc.)
xwiki.authentication.ldap.server=ldap.nov.com
xwiki.authentication.ldap.port=389
#-# LDAP login, empty = anonymous access, otherwise specify full dn
#-# {0} is replaced with the user name, {1} with the password
xwiki.authentication.ldap.bind_DN= cn={0},dc=nov,dc=com
xwiki.authentication.ldap.bind_pass={1}
#-# The Base DN used in LDAP searches
xwiki.authentication.ldap.base_DN=dc=nov,dc=com
#-# LDAP query to search the user in the LDAP database (in case a static admin
user is provided in
#-# xwiki.authentication.ldap.bind_DN)
#-# {0} is replaced with the user uid field name and {1} with the user name
#-# The default is ({0}={1})
# xwiki.authentication.ldap.user_search_fmt=({0}={1})
#-# Only members of the following group will be verified in the LDAP
#-# otherwise only users that are found after searching starting from the
base_DN
# xwiki.authentication.ldap.user_group=cn=developers,ou=groups,o=MegaNova,c=US
#-# [Since 1.5RC1, XWikiLDAPAuthServiceImpl]
#-# Only users not member of the following group can autheticate
# xwiki.authentication.ldap.exclude_group=cn=admin,ou=groups,o=MegaNova,c=US
#-# Specifies the LDAP attribute containing the identifier to be used as the
XWiki name
#-# The default is cn
# xwiki.authentication.ldap.UID_attr=sAMAccountName
#-# [Since 1.5M1, XWikiLDAPAuthServiceImpl]
#-# The potential LDAP groups classes. Separated by commas.
#
xwiki.authentication.ldap.group_classes=group,groupOfNames,groupOfUniqueNames,dynamicGroup,dynamicGroupAux,groupWiseDistributionList
#-# [Since 1.5M1, XWikiLDAPAuthServiceImpl]
#-# The potentia
