Re: [xwiki-users] Help with LDAP
AD requires* an authenticated bind. *unless anonymous bind has been specifically enabled Cheers Sent on the move On 30 Jan 2013, at 17:04, Jeremie BOUSQUET wrote: > Hi, > > Are you sure you need to authenticate for ldap bind, and if yes, of the > user/pwd ? > During my little experience, I've encountered ldap bind with anonymous > access, or with specific admin account. > (binding is not authentication) > > "provided user is null" seems a bit strange. > But I'm no ldap expert... > Le 30 janv. 2013 17:47, "Pape, Barry" a écrit : > >> Greetings Xwiki Gurus, >> >> I've been trying to get our installation authenticating with LDAP and am >> having no luck. We are running XWiki 4.3 in Tomcat 7.0.34 on Windows >> Server 2008 R2 Standard. I have installed the LDAP Application Extension >> and tried configuring it both through the web interface and xwiki.config >> with no success. Every time I attempt to login I receive an Invalid >> Credentials error (stack trace below,) and the LDAP section from >> xwiki.config file is below that. I've tried a number of different values >> for the server, bind DN, and the base DN, but nothing works. Any >> suggestions are greatly appreciated? Is there any additional logging that >> I can add for more information? >> >> Thanks, >> Barry >> >> >> >> >> 2013-01-30 10:12:55,825 [ >> http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X >> Wiki/XWikiLogin] TRACE u.i.L.XWikiLDAPAuthServiceImpl - Starting LDAP >> authentica >> tion >> 2013-01-30 10:12:55,825 [ >> http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X >> Wiki/XWikiLogin] DEBUG u.i.L.XWikiLDAPAuthServiceImpl - The provided user >> is nul >> l. We don't try to authenticate, it probably means the user is in non >> logged mod >> e. >> 2013-01-30 10:12:55,825 [ >> http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X >> Wiki/XWikiLogin] TRACE u.i.L.XWikiLDAPAuthServiceImpl - Starting LDAP >> authentica >> tion >> 2013-01-30 10:12:55,840 [ >> http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X >> Wiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConfig - >> ldap_group_classes: [gro >> upofnames, groupwisedistributionlist, dynamicgroup, dynamicgroupaux, >> groupofuniq >> uenames, group] >> 2013-01-30 10:12:55,840 [ >> http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X >> Wiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConfig - >> ldap_group_memberfields: >> [member, uniquemember] >> 2013-01-30 10:12:55,857 [ >> http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X >> Wiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConnection - Connection to >> LDAP serve >> r [ldap.nov.com:389] >> 2013-01-30 10:12:55,868 [ >> http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X >> Wiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConnection - Binding to LDAP >> server w >> ith credentials login=[cn=papeb,dc=nov,dc=com] >> 2013-01-30 10:12:55,928 [ >> http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X >> Wiki/XWikiLogin] DEBUG u.i.L.XWikiLDAPAuthServiceImpl - Local LDAP >> authenticatio >> n failed. >> com.xpn.xwiki.plugin.ldap.XWikiLDAPException: Error number 0 in 5: LDAP >> bind fai >> led with LDAPException. >> Wrapped Exception: Invalid Credentials >>at >> com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnectio >> n.java:184) ~[xwiki-platform-legacy-oldcore-4.4.jar:na] >>at >> com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnectio >> n.java:113) ~[xwiki-platform-legacy-oldcore-4.4.jar:na] >>at >> com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticat >> eInContext(XWikiLDAPAuthServiceImpl.java:305) >> [xwiki-platform-legacy-oldcore-4.4 >> .jar:na] >> >> >> >> >> >> #- >> # LDAP >> >> #- >> >> #-# LDAP authentication service >> >> xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl >> >> #-# Turn LDAP authentication on - otherwise only XWiki authentication >> #-# - 0: disable >> #-# - 1: enable >> #-# The default is 0 >> xwiki.authentication.ldap=1 >> >> #-# LDAP Server (Active Directory, eDirectory, OpenLDAP, etc.) >> xwiki.authentication.ldap.server=ldap.nov.com >> xwiki.authentication.ldap.port=389 >> >> #-# LDAP login, empty = anonymous access, otherwise specify full dn >> #-# {0} is replaced with the user name, {1} with the password >> xwiki.authentication.ldap.bind_DN= cn={0},dc=nov,dc=com >> xwiki.authentication.ldap.bind_pass={1} >> >> #-# The Base DN used in LDAP searches >> xwiki.authentication.ldap.base_DN=dc=nov,dc=com >> >> #-# LDAP query to search the user in the LDAP database (in case a static >> admin user is provided in >> #-# xwiki.authentication.ldap.bind_DN) >> #-# {0} is replaced with the user uid field name and {1} with the user name >> #-# The default is ({0}={1}) >> # xwiki.authentication.ldap.user_search_fmt=({0
Re: [xwiki-users] Help with LDAP
Hi, Are you sure you need to authenticate for ldap bind, and if yes, of the user/pwd ? During my little experience, I've encountered ldap bind with anonymous access, or with specific admin account. (binding is not authentication) "provided user is null" seems a bit strange. But I'm no ldap expert... Le 30 janv. 2013 17:47, "Pape, Barry" a écrit : > Greetings Xwiki Gurus, > > I've been trying to get our installation authenticating with LDAP and am > having no luck. We are running XWiki 4.3 in Tomcat 7.0.34 on Windows > Server 2008 R2 Standard. I have installed the LDAP Application Extension > and tried configuring it both through the web interface and xwiki.config > with no success. Every time I attempt to login I receive an Invalid > Credentials error (stack trace below,) and the LDAP section from > xwiki.config file is below that. I've tried a number of different values > for the server, bind DN, and the base DN, but nothing works. Any > suggestions are greatly appreciated? Is there any additional logging that > I can add for more information? > > Thanks, > Barry > > > > > 2013-01-30 10:12:55,825 [ > http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X > Wiki/XWikiLogin] TRACE u.i.L.XWikiLDAPAuthServiceImpl - Starting LDAP > authentica > tion > 2013-01-30 10:12:55,825 [ > http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X > Wiki/XWikiLogin] DEBUG u.i.L.XWikiLDAPAuthServiceImpl - The provided user > is nul > l. We don't try to authenticate, it probably means the user is in non > logged mod > e. > 2013-01-30 10:12:55,825 [ > http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X > Wiki/XWikiLogin] TRACE u.i.L.XWikiLDAPAuthServiceImpl - Starting LDAP > authentica > tion > 2013-01-30 10:12:55,840 [ > http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X > Wiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConfig - > ldap_group_classes: [gro > upofnames, groupwisedistributionlist, dynamicgroup, dynamicgroupaux, > groupofuniq > uenames, group] > 2013-01-30 10:12:55,840 [ > http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X > Wiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConfig - > ldap_group_memberfields: > [member, uniquemember] > 2013-01-30 10:12:55,857 [ > http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X > Wiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConnection - Connection to > LDAP serve > r [ldap.nov.com:389] > 2013-01-30 10:12:55,868 [ > http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X > Wiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConnection - Binding to LDAP > server w > ith credentials login=[cn=papeb,dc=nov,dc=com] > 2013-01-30 10:12:55,928 [ > http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X > Wiki/XWikiLogin] DEBUG u.i.L.XWikiLDAPAuthServiceImpl - Local LDAP > authenticatio > n failed. > com.xpn.xwiki.plugin.ldap.XWikiLDAPException: Error number 0 in 5: LDAP > bind fai > led with LDAPException. > Wrapped Exception: Invalid Credentials > at > com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnectio > n.java:184) ~[xwiki-platform-legacy-oldcore-4.4.jar:na] > at > com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnectio > n.java:113) ~[xwiki-platform-legacy-oldcore-4.4.jar:na] > at > com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticat > eInContext(XWikiLDAPAuthServiceImpl.java:305) > [xwiki-platform-legacy-oldcore-4.4 > .jar:na] > > > > > > #- > # LDAP > > #- > > #-# LDAP authentication service > > xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl > > #-# Turn LDAP authentication on - otherwise only XWiki authentication > #-# - 0: disable > #-# - 1: enable > #-# The default is 0 > xwiki.authentication.ldap=1 > > #-# LDAP Server (Active Directory, eDirectory, OpenLDAP, etc.) > xwiki.authentication.ldap.server=ldap.nov.com > xwiki.authentication.ldap.port=389 > > #-# LDAP login, empty = anonymous access, otherwise specify full dn > #-# {0} is replaced with the user name, {1} with the password > xwiki.authentication.ldap.bind_DN= cn={0},dc=nov,dc=com > xwiki.authentication.ldap.bind_pass={1} > > #-# The Base DN used in LDAP searches > xwiki.authentication.ldap.base_DN=dc=nov,dc=com > > #-# LDAP query to search the user in the LDAP database (in case a static > admin user is provided in > #-# xwiki.authentication.ldap.bind_DN) > #-# {0} is replaced with the user uid field name and {1} with the user name > #-# The default is ({0}={1}) > # xwiki.authentication.ldap.user_search_fmt=({0}={1}) > > #-# Only members of the following group will be verified in the LDAP > #-# otherwise only users that are found after searching starting from the > base_DN > # > xwiki.authentication.ldap.user_group=cn=developers,ou=groups,o=MegaNova,c=US > > #-# [Since 1.5RC1, XWikiLDAPAuthServiceImpl] > #-# Only users not member
Re: [xwiki-users] Help with LDAP
All I can say is that XWiki is able to access server ldap.nov.com with port 389 and then try to authenticate with user DN "cn=papeb,dc=nov,dc=com" and whatever password you typed on the login page but fail. The possible causes I can think of: * there is no user with DN "cn=papeb,dc=nov,dc=com" on LDAP server "ldap.nov.com". You can check with one of the clients listed on http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication. * you type the wrong password On Wed, Jan 30, 2013 at 5:47 PM, Pape, Barry wrote: > Greetings Xwiki Gurus, > > I've been trying to get our installation authenticating with LDAP and am > having no luck. We are running XWiki 4.3 in Tomcat 7.0.34 on Windows Server > 2008 R2 Standard. I have installed the LDAP Application Extension and tried > configuring it both through the web interface and xwiki.config with no > success. Every time I attempt to login I receive an Invalid Credentials > error (stack trace below,) and the LDAP section from xwiki.config file is > below that. I've tried a number of different values for the server, bind DN, > and the base DN, but nothing works. Any suggestions are greatly appreciated? > Is there any additional logging that I can add for more information? > > Thanks, > Barry > > > > > 2013-01-30 10:12:55,825 > [http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X > Wiki/XWikiLogin] TRACE u.i.L.XWikiLDAPAuthServiceImpl - Starting LDAP > authentica > tion > 2013-01-30 10:12:55,825 > [http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X > Wiki/XWikiLogin] DEBUG u.i.L.XWikiLDAPAuthServiceImpl - The provided user is > nul > l. We don't try to authenticate, it probably means the user is in non logged > mod > e. > 2013-01-30 10:12:55,825 > [http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X > Wiki/XWikiLogin] TRACE u.i.L.XWikiLDAPAuthServiceImpl - Starting LDAP > authentica > tion > 2013-01-30 10:12:55,840 > [http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X > Wiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConfig - ldap_group_classes: > [gro > upofnames, groupwisedistributionlist, dynamicgroup, dynamicgroupaux, > groupofuniq > uenames, group] > 2013-01-30 10:12:55,840 > [http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X > Wiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConfig - > ldap_group_memberfields: > [member, uniquemember] > 2013-01-30 10:12:55,857 > [http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X > Wiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConnection - Connection to LDAP > serve > r [ldap.nov.com:389] > 2013-01-30 10:12:55,868 > [http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X > Wiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConnection - Binding to LDAP > server w > ith credentials login=[cn=papeb,dc=nov,dc=com] > 2013-01-30 10:12:55,928 > [http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X > Wiki/XWikiLogin] DEBUG u.i.L.XWikiLDAPAuthServiceImpl - Local LDAP > authenticatio > n failed. > com.xpn.xwiki.plugin.ldap.XWikiLDAPException: Error number 0 in 5: LDAP bind > fai > led with LDAPException. > Wrapped Exception: Invalid Credentials > at > com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnectio > n.java:184) ~[xwiki-platform-legacy-oldcore-4.4.jar:na] > at > com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnectio > n.java:113) ~[xwiki-platform-legacy-oldcore-4.4.jar:na] > at > com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticat > eInContext(XWikiLDAPAuthServiceImpl.java:305) > [xwiki-platform-legacy-oldcore-4.4 > .jar:na] > > > > > #- > # LDAP > #- > > #-# LDAP authentication service > xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl > > #-# Turn LDAP authentication on - otherwise only XWiki authentication > #-# - 0: disable > #-# - 1: enable > #-# The default is 0 > xwiki.authentication.ldap=1 > > #-# LDAP Server (Active Directory, eDirectory, OpenLDAP, etc.) > xwiki.authentication.ldap.server=ldap.nov.com > xwiki.authentication.ldap.port=389 > > #-# LDAP login, empty = anonymous access, otherwise specify full dn > #-# {0} is replaced with the user name, {1} with the password > xwiki.authentication.ldap.bind_DN= cn={0},dc=nov,dc=com > xwiki.authentication.ldap.bind_pass={1} > > #-# The Base DN used in LDAP searches > xwiki.authentication.ldap.base_DN=dc=nov,dc=com > > #-# LDAP query to search the user in the LDAP database (in case a static > admin user is provided in > #-# xwiki.authentication.ldap.bind_DN) > #-# {0} is replaced with the user uid field name and {1} with the user name > #-# The default is ({0}={1}) > # xwiki.authentication.ldap.user_search_fmt=({0}={1}) > > #-# Only members of the following group will be verified in the LDAP > #-# otherwise only users that are found after search
[xwiki-users] Help with LDAP
Greetings Xwiki Gurus, I've been trying to get our installation authenticating with LDAP and am having no luck. We are running XWiki 4.3 in Tomcat 7.0.34 on Windows Server 2008 R2 Standard. I have installed the LDAP Application Extension and tried configuring it both through the web interface and xwiki.config with no success. Every time I attempt to login I receive an Invalid Credentials error (stack trace below,) and the LDAP section from xwiki.config file is below that. I've tried a number of different values for the server, bind DN, and the base DN, but nothing works. Any suggestions are greatly appreciated? Is there any additional logging that I can add for more information? Thanks, Barry 2013-01-30 10:12:55,825 [http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X Wiki/XWikiLogin] TRACE u.i.L.XWikiLDAPAuthServiceImpl - Starting LDAP authentica tion 2013-01-30 10:12:55,825 [http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X Wiki/XWikiLogin] DEBUG u.i.L.XWikiLDAPAuthServiceImpl - The provided user is nul l. We don't try to authenticate, it probably means the user is in non logged mod e. 2013-01-30 10:12:55,825 [http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X Wiki/XWikiLogin] TRACE u.i.L.XWikiLDAPAuthServiceImpl - Starting LDAP authentica tion 2013-01-30 10:12:55,840 [http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X Wiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConfig - ldap_group_classes: [gro upofnames, groupwisedistributionlist, dynamicgroup, dynamicgroupaux, groupofuniq uenames, group] 2013-01-30 10:12:55,840 [http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X Wiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConfig - ldap_group_memberfields: [member, uniquemember] 2013-01-30 10:12:55,857 [http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X Wiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConnection - Connection to LDAP serve r [ldap.nov.com:389] 2013-01-30 10:12:55,868 [http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X Wiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConnection - Binding to LDAP server w ith credentials login=[cn=papeb,dc=nov,dc=com] 2013-01-30 10:12:55,928 [http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X Wiki/XWikiLogin] DEBUG u.i.L.XWikiLDAPAuthServiceImpl - Local LDAP authenticatio n failed. com.xpn.xwiki.plugin.ldap.XWikiLDAPException: Error number 0 in 5: LDAP bind fai led with LDAPException. Wrapped Exception: Invalid Credentials at com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnectio n.java:184) ~[xwiki-platform-legacy-oldcore-4.4.jar:na] at com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnectio n.java:113) ~[xwiki-platform-legacy-oldcore-4.4.jar:na] at com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticat eInContext(XWikiLDAPAuthServiceImpl.java:305) [xwiki-platform-legacy-oldcore-4.4 .jar:na] #- # LDAP #- #-# LDAP authentication service xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl #-# Turn LDAP authentication on - otherwise only XWiki authentication #-# - 0: disable #-# - 1: enable #-# The default is 0 xwiki.authentication.ldap=1 #-# LDAP Server (Active Directory, eDirectory, OpenLDAP, etc.) xwiki.authentication.ldap.server=ldap.nov.com xwiki.authentication.ldap.port=389 #-# LDAP login, empty = anonymous access, otherwise specify full dn #-# {0} is replaced with the user name, {1} with the password xwiki.authentication.ldap.bind_DN= cn={0},dc=nov,dc=com xwiki.authentication.ldap.bind_pass={1} #-# The Base DN used in LDAP searches xwiki.authentication.ldap.base_DN=dc=nov,dc=com #-# LDAP query to search the user in the LDAP database (in case a static admin user is provided in #-# xwiki.authentication.ldap.bind_DN) #-# {0} is replaced with the user uid field name and {1} with the user name #-# The default is ({0}={1}) # xwiki.authentication.ldap.user_search_fmt=({0}={1}) #-# Only members of the following group will be verified in the LDAP #-# otherwise only users that are found after searching starting from the base_DN # xwiki.authentication.ldap.user_group=cn=developers,ou=groups,o=MegaNova,c=US #-# [Since 1.5RC1, XWikiLDAPAuthServiceImpl] #-# Only users not member of the following group can autheticate # xwiki.authentication.ldap.exclude_group=cn=admin,ou=groups,o=MegaNova,c=US #-# Specifies the LDAP attribute containing the identifier to be used as the XWiki name #-# The default is cn # xwiki.authentication.ldap.UID_attr=sAMAccountName #-# [Since 1.5M1, XWikiLDAPAuthServiceImpl] #-# The potential LDAP groups classes. Separated by commas. # xwiki.authentication.ldap.group_classes=group,groupOfNames,groupOfUniqueNames,dynamicGroup,dynamicGroupAux,groupWiseDistributionList #-# [Since 1.5M1, XWikiLDAPAuthServiceImpl] #-# The potentia