Re: [xwiki-users] LDAP Auth again

2017-03-16 Thread Thomas Mortagne 
It means it will be replaced at runtime and it's usually the safest
(avoid putting clear password in a file) if the users are allowed to
search in the LDAP repository.

Note that you have various example for more precise use cases in
http://extensions.xwiki.org/xwiki/bin/view/Extension/LDAP/Authenticator/UseCases/.

On Wed, Mar 15, 2017 at 10:07 PM, Douglas Landau
<dougl...@westmarine.com> wrote:
> What does this mean?
> #-# LDAP credentials, empty = anonymous access, otherwise specify full dn
> #-# {0} is replaced with the user name, {1} with the password
> #xwiki.authentication.ldap.bind_DN=cn={0},department=USER,department=INFORMATIK,department=1230,o=MP
> #xwiki.authentication.ldap.bind_pass={1}
>
> Does this mean that {0} is going to be replaced at runtime, or that I should 
> replace it?
>
> Thanks
>
>
> -Original Message-
> From: users [mailto:users-boun...@xwiki.org] On Behalf Of Douglas Landau
> Sent: Wednesday, March 15, 2017 1:44 PM
> To: XWiki Users
> Subject: Re: [xwiki-users] LDAP Auth again
>
> Hmm.  I've set these two lines to:
>
> xwiki.authentication.ldap.bind_DN=cn={0},dc=westmarine,dc=net
> xwiki.authentication.ldap.bind_pass={1}
>
> ... and still get a Java stacktrace surrounded by these:
>
> 2017-03-15 13:39:12,357 
> [http://dwswiki9.westmarine.net:8080/xwiki/bin/get/TourCode/TourJson?xpage=plain=plain=XWiki.XWikiLogin]
>  DEBUG x.c.l.XWikiLDAPAuthServiceImpl - The provided user is null. We don't 
> try to authenticate, it probably means the user is in non logged mode.
> 2017-03-15 13:39:12,357 
> [http://dwswiki9.westmarine.net:8080/xwiki/bin/get/TourCode/TourJson?xpage=plain=plain=XWiki.XWikiLogin]
>  DEBUG x.c.l.XWikiLDAPAuthServiceImpl - XWikiUser: null
>
> I don't understand why the provided user is null.
>
> Does Anybody?  I apologize for the dumb question.  But I have no idea where 
> to go from here.
>
> Thanks
> Doug
>
>
> The information contained in this transmission may contain West Marine 
> proprietary, confidential and/or privileged information.  It is intended only 
> for the use of the person(s) named above. If you are not the intended 
> recipient, you are hereby notified that any review, dissemination, 
> distribution or duplication of this communication is strictly prohibited.
> If you are not the intended recipient, please contact the sender by reply 
> email and destroy all copies of the original message. To reply to our email 
> administrator directly, please send an email to netad...@westmarine.com.
>
> The information contained in this transmission may contain West Marine 
> proprietary, confidential and/or privileged
> information.  It is intended only for the use of the person(s) named above. 
> If you are not the intended recipient, you are
> hereby notified that any review, dissemination, distribution or duplication 
> of this communication is strictly prohibited.
> If you are not the intended recipient, please contact the sender by reply 
> email and destroy all copies of the original
> message. To reply to our email administrator directly, please send an email 
> to netad...@westmarine.com.



-- 
Thomas Mortagne

Re: [xwiki-users] LDAP Auth again

2017-03-16 Thread Thomas Mortagne 
On Wed, Mar 15, 2017 at 8:56 PM, Douglas Landau  wrote:
> That's it, the LDAP authenticator is used as authenticator and you have what 
> is described on 
> http://extensions.xwiki.org/xwiki/bin/view/Extension/LDAP/Application/
> when you do to the administration -> LDAP.
>
>>If you think you configured LDAP authenticator with the right values and 
>>login still fail then you should do what is explained on 
>>>http://extensions.xwiki.org/xwiki/bin/view/Extension/LDAP/Authenticator/#HEnableLDAPdebuglog
>>and you will have all the details to see why it fails.
>
> Great!  Thanks.  Did so.  Now I get a whole lot of copies of the 1st message 
> below:  " The provided user is null. We don't try to authenticate, it 
> probably means the user is in non logged mode."

You are not look in the right place. Authenticators are always called
even when you are not yet logged so you get this message when you
access the login page. LDAP authenticator just indicate that there is
not much it can do here.

Look at the big message below:

> 2017-03-15 12:42:30,422 
> [http://dwswiki9.westmarine.net:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] 
> DEBUG o.x.c.l.XWikiLDAPConnection- Binding to LDAP server with 
> credentials login=[cn=sa-douglasl,ou=SystemsEngineering,dc=westmarine,dc=net]
> Caused by: com.novell.ldap.LDAPException: Invalid Credentials

Looks like the password you indicated in
xwiki.authentication.ldap.bind_pass is wrong (since you explicitly
indicated a bind_DN you need the corresponding password).

>
> But I did provide a user, in this line:
> xwiki.authentication.ldap.bind_DN=cn=sa-douglasl,ou=SystemsEngineering,dc=westmarine,dc=net
>
> ...and I see that that line has been seen:
> 2017-03-15 12:42:30,422 
> [http://dwswiki9.westmarine.net:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] 
> DEBUG o.x.c.l.XWikiLDAPConnection- Binding to LDAP server with 
> credentials login=[cn=sa-douglasl,ou=SystemsEngineering,dc=westmarine,dc=net]
> 2017-03-15 12:42:30,537 
> [http://dwswiki9.westmarine.net:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] 
> DEBUG x.c.l.XWikiLDAPAuthServiceImpl - Local LDAP authentication failed.
>
>
> Was I suppose to specifiy the/a user on some other line?
> Thanks
>
> -
> 2017-03-15 12:42:30,231 
> [http://dwswiki9.westmarine.net:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] 
> DEBUG x.c.l.XWikiLDAPAuthServiceImpl - The provided user is null. We don't 
> try to authenticate, it probably means the user is in non logged mode.
> 2017-03-15 12:42:30,231 
> [http://dwswiki9.westmarine.net:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] 
> TRACE x.c.l.XWikiLDAPAuthServiceImpl - Starting LDAP authentication
> 2017-03-15 12:42:30,232 
> [http://dwswiki9.westmarine.net:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] 
> DEBUG o.x.c.l.XWikiLDAPConfig- remoteUserParser: null
> 2017-03-15 12:42:30,271 
> [http://dwswiki9.westmarine.net:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] 
> DEBUG o.x.c.l.XWikiLDAPConfig- ldap_group_classes: [groupofnames, 
> posixgroup, apple-group, groupofuniquenames, dynamicgroup, 
> groupwisedistributionlist, group, dynamicgroupaux]
> 2017-03-15 12:42:30,271 
> [http://dwswiki9.westmarine.net:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] 
> DEBUG o.x.c.l.XWikiLDAPConfig- ldap_group_memberfields: 
> [uniquemember, memberuid, member]
> 2017-03-15 12:42:30,382 
> [http://dwswiki9.westmarine.net:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] 
> DEBUG o.x.c.l.XWikiLDAPConnection- Connection to LDAP server 
> [pwsdc03.westmarine.net:389]
> 2017-03-15 12:42:30,422 
> [http://dwswiki9.westmarine.net:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] 
> DEBUG o.x.c.l.XWikiLDAPConnection- Binding to LDAP server with 
> credentials login=[cn=sa-douglasl,ou=SystemsEngineering,dc=westmarine,dc=net]
> 2017-03-15 12:42:30,537 
> [http://dwswiki9.westmarine.net:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] 
> DEBUG x.c.l.XWikiLDAPAuthServiceImpl - Local LDAP authentication failed.
> org.xwiki.contrib.ldap.XWikiLDAPException: Error number 0 in 5: LDAP bind 
> failed with LDAPException.
> at 
> org.xwiki.contrib.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:227)
> at 
> org.xwiki.contrib.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:155)
> at 
> org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl.ldapAuthenticateInContext(XWikiLDAPAuthServiceImpl.java:515)
> at 
> org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWikiLDAPAuthServiceImpl.java:331)
> at 
> org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl.authenticate(XWikiLDAPAuthServiceImpl.java:267)
> at 
> com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.authenticate(MyFormAuthenticator.java:272)
> at 
> com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:192)
> at 
>

Re: [xwiki-users] LDAP Auth again

2017-03-15 Thread Douglas Landau 
What does this mean?
#-# LDAP credentials, empty = anonymous access, otherwise specify full dn
#-# {0} is replaced with the user name, {1} with the password
#xwiki.authentication.ldap.bind_DN=cn={0},department=USER,department=INFORMATIK,department=1230,o=MP
#xwiki.authentication.ldap.bind_pass={1}

Does this mean that {0} is going to be replaced at runtime, or that I should 
replace it?

Thanks


-Original Message-
From: users [mailto:users-boun...@xwiki.org] On Behalf Of Douglas Landau
Sent: Wednesday, March 15, 2017 1:44 PM
To: XWiki Users
Subject: Re: [xwiki-users] LDAP Auth again

Hmm.  I've set these two lines to:

xwiki.authentication.ldap.bind_DN=cn={0},dc=westmarine,dc=net
xwiki.authentication.ldap.bind_pass={1}

... and still get a Java stacktrace surrounded by these:

2017-03-15 13:39:12,357 
[http://dwswiki9.westmarine.net:8080/xwiki/bin/get/TourCode/TourJson?xpage=plain=plain=XWiki.XWikiLogin]
 DEBUG x.c.l.XWikiLDAPAuthServiceImpl - The provided user is null. We don't try 
to authenticate, it probably means the user is in non logged mode.
2017-03-15 13:39:12,357 
[http://dwswiki9.westmarine.net:8080/xwiki/bin/get/TourCode/TourJson?xpage=plain=plain=XWiki.XWikiLogin]
 DEBUG x.c.l.XWikiLDAPAuthServiceImpl - XWikiUser: null

I don't understand why the provided user is null. 

Does Anybody?  I apologize for the dumb question.  But I have no idea where to 
go from here.

Thanks
Doug


The information contained in this transmission may contain West Marine 
proprietary, confidential and/or privileged information.  It is intended only 
for the use of the person(s) named above. If you are not the intended 
recipient, you are hereby notified that any review, dissemination, distribution 
or duplication of this communication is strictly prohibited. 
If you are not the intended recipient, please contact the sender by reply email 
and destroy all copies of the original message. To reply to our email 
administrator directly, please send an email to netad...@westmarine.com.

The information contained in this transmission may contain West Marine 
proprietary, confidential and/or privileged 
information.  It is intended only for the use of the person(s) named above. If 
you are not the intended recipient, you are 
hereby notified that any review, dissemination, distribution or duplication of 
this communication is strictly prohibited. 
If you are not the intended recipient, please contact the sender by reply email 
and destroy all copies of the original 
message. To reply to our email administrator directly, please send an email to 
netad...@westmarine.com.

Re: [xwiki-users] LDAP Auth again

2017-03-15 Thread Douglas Landau 
Hmm.  I've set these two lines to:

xwiki.authentication.ldap.bind_DN=cn={0},dc=westmarine,dc=net
xwiki.authentication.ldap.bind_pass={1}

... and still get a Java stacktrace surrounded by these:

2017-03-15 13:39:12,357 
[http://dwswiki9.westmarine.net:8080/xwiki/bin/get/TourCode/TourJson?xpage=plain=plain=XWiki.XWikiLogin]
 DEBUG x.c.l.XWikiLDAPAuthServiceImpl - The provided user is null. We don't try 
to authenticate, it probably means the user is in non logged mode.
2017-03-15 13:39:12,357 
[http://dwswiki9.westmarine.net:8080/xwiki/bin/get/TourCode/TourJson?xpage=plain=plain=XWiki.XWikiLogin]
 DEBUG x.c.l.XWikiLDAPAuthServiceImpl - XWikiUser: null

I don't understand why the provided user is null. 

Does Anybody?  I apologize for the dumb question.  But I have no idea where to 
go from here.

Thanks
Doug


The information contained in this transmission may contain West Marine 
proprietary, confidential and/or privileged 
information.  It is intended only for the use of the person(s) named above. If 
you are not the intended recipient, you are 
hereby notified that any review, dissemination, distribution or duplication of 
this communication is strictly prohibited. 
If you are not the intended recipient, please contact the sender by reply email 
and destroy all copies of the original 
message. To reply to our email administrator directly, please send an email to 
netad...@westmarine.com.

Re: [xwiki-users] LDAP Auth again

2017-03-15 Thread Douglas Landau 
Greets,

I am getting the same results no matter what I set as the value for:
xwiki.authentication.ldap.bind_DN=cn=sa-douglasl

I see it says that LDAP auth failed for douglasl, which I don’t understand yet, 
but whu then is the XWikiUser null?

Thanks


2017-03-15 13:13:03,767 
[http://dwswiki9.westmarine.net:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] 
DEBUG x.c.l.XWikiLDAPAuthServiceImpl - Trying authentication against XWiki DB
2017-03-15 13:13:03,775 
[http://dwswiki9.westmarine.net:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] 
DEBUG x.c.l.XWikiLDAPAuthServiceImpl - LDAP authentication failed for user 
[douglasl]
2017-03-15 13:13:03,775 
[http://dwswiki9.westmarine.net:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] 
DEBUG x.c.l.XWikiLDAPAuthServiceImpl - XWikiUser: null
2017-03-15 13:13:04,304 
[http://dwswiki9.westmarine.net:8080/xwiki/bin/get/TourCode/TourJson?xpage=plain=plain=XWiki.XWikiLogin]
 TRACE x.c.l.XWikiLDAPAuthServiceImpl - Starting LDAP authentication
2017-03-15 13:13:04,304 
[http://dwswiki9.westmarine.net:8080/xwiki/bin/get/TourCode/TourJson?xpage=plain=plain=XWiki.XWikiLogin]
 DEBUG x.c.l.XWikiLDAPAuthServiceImpl - The provided user is null. We don't try 
to authenticate, it probably means the user is in non logged mode.
2017-03-15 13:13:04,304 
[http://dwswiki9.westmarine.net:8080/xwiki/bin/get/TourCode/TourJson?xpage=plain=plain=XWiki.XWikiLogin]
 DEBUG x.c.l.XWikiLDAPAuthServiceImpl - XWikiUser: null


Am I setting the wrong thing?   Thanks


The information contained in this transmission may contain West Marine 
proprietary, confidential and/or privileged 
information.  It is intended only for the use of the person(s) named above. If 
you are not the intended recipient, you are 
hereby notified that any review, dissemination, distribution or duplication of 
this communication is strictly prohibited. 
If you are not the intended recipient, please contact the sender by reply email 
and destroy all copies of the original 
message. To reply to our email administrator directly, please send an email to 
netad...@westmarine.com.

Re: [xwiki-users] LDAP Auth again

2017-03-15 Thread Douglas Landau 
That's it, the LDAP authenticator is used as authenticator and you have what is 
described on 
http://extensions.xwiki.org/xwiki/bin/view/Extension/LDAP/Application/
when you do to the administration -> LDAP.

>If you think you configured LDAP authenticator with the right values and login 
>still fail then you should do what is explained on 
>>http://extensions.xwiki.org/xwiki/bin/view/Extension/LDAP/Authenticator/#HEnableLDAPdebuglog
>and you will have all the details to see why it fails.

Great!  Thanks.  Did so.  Now I get a whole lot of copies of the 1st message 
below:  " The provided user is null. We don't try to authenticate, it probably 
means the user is in non logged mode."

But I did provide a user, in this line: 
xwiki.authentication.ldap.bind_DN=cn=sa-douglasl,ou=SystemsEngineering,dc=westmarine,dc=net

...and I see that that line has been seen:
2017-03-15 12:42:30,422 
[http://dwswiki9.westmarine.net:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] 
DEBUG o.x.c.l.XWikiLDAPConnection- Binding to LDAP server with credentials 
login=[cn=sa-douglasl,ou=SystemsEngineering,dc=westmarine,dc=net]
2017-03-15 12:42:30,537 
[http://dwswiki9.westmarine.net:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] 
DEBUG x.c.l.XWikiLDAPAuthServiceImpl - Local LDAP authentication failed.


Was I suppose to specifiy the/a user on some other line?  
Thanks

-
2017-03-15 12:42:30,231 
[http://dwswiki9.westmarine.net:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] 
DEBUG x.c.l.XWikiLDAPAuthServiceImpl - The provided user is null. We don't try 
to authenticate, it probably means the user is in non logged mode.
2017-03-15 12:42:30,231 
[http://dwswiki9.westmarine.net:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] 
TRACE x.c.l.XWikiLDAPAuthServiceImpl - Starting LDAP authentication
2017-03-15 12:42:30,232 
[http://dwswiki9.westmarine.net:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] 
DEBUG o.x.c.l.XWikiLDAPConfig- remoteUserParser: null
2017-03-15 12:42:30,271 
[http://dwswiki9.westmarine.net:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] 
DEBUG o.x.c.l.XWikiLDAPConfig- ldap_group_classes: [groupofnames, 
posixgroup, apple-group, groupofuniquenames, dynamicgroup, 
groupwisedistributionlist, group, dynamicgroupaux]
2017-03-15 12:42:30,271 
[http://dwswiki9.westmarine.net:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] 
DEBUG o.x.c.l.XWikiLDAPConfig- ldap_group_memberfields: [uniquemember, 
memberuid, member]
2017-03-15 12:42:30,382 
[http://dwswiki9.westmarine.net:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] 
DEBUG o.x.c.l.XWikiLDAPConnection- Connection to LDAP server 
[pwsdc03.westmarine.net:389]
2017-03-15 12:42:30,422 
[http://dwswiki9.westmarine.net:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] 
DEBUG o.x.c.l.XWikiLDAPConnection- Binding to LDAP server with credentials 
login=[cn=sa-douglasl,ou=SystemsEngineering,dc=westmarine,dc=net]
2017-03-15 12:42:30,537 
[http://dwswiki9.westmarine.net:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] 
DEBUG x.c.l.XWikiLDAPAuthServiceImpl - Local LDAP authentication failed.
org.xwiki.contrib.ldap.XWikiLDAPException: Error number 0 in 5: LDAP bind 
failed with LDAPException.
at 
org.xwiki.contrib.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:227)
at 
org.xwiki.contrib.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:155)
at 
org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl.ldapAuthenticateInContext(XWikiLDAPAuthServiceImpl.java:515)
at 
org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWikiLDAPAuthServiceImpl.java:331)
at 
org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl.authenticate(XWikiLDAPAuthServiceImpl.java:267)
at 
com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.authenticate(MyFormAuthenticator.java:272)
at 
com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:192)
at 
com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:174)
at 
com.xpn.xwiki.user.impl.xwiki.XWikiAuthServiceImpl.checkAuth(XWikiAuthServiceImpl.java:239)
at 
org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl.checkAuth(XWikiLDAPAuthServiceImpl.java:163)
at com.xpn.xwiki.XWiki.checkAuth(XWiki.java:3776)
at 
org.xwiki.security.authorization.internal.XWikiCachingRightService.authenticateUser(XWikiCachingRightService.java:242)
at 
org.xwiki.security.authorization.internal.XWikiCachingRightService.checkAccess(XWikiCachingRightService.java:272)
at com.xpn.xwiki.XWiki.checkAccess(XWiki.java:3794)
at com.xpn.xwiki.XWiki.prepareDocuments(XWiki.java:4844)
at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:364)
at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:210)
at 
org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:425)
at

Re: [xwiki-users] LDAP Auth again

2017-03-15 Thread Thomas Mortagne 
I never use the LDAP application myself but here is what I would do:

* start XWiki
* go to the admin and install "LDAP Application" (it's possible you
have to click the "All remote extensions" blue button to see this
extension)
* modify the xwiki.cfg and copy/paste everything that can be found on
http://extensions.xwiki.org/xwiki/bin/view/Extension/LDAP/Authenticator/
among which you can find the following important parts:

#-# LDAP authentication service
xwiki.authentication.authclass=org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl

and

#-# If ldap authentication fails for any reason, try XWiki DB
authentication with the same credentials
#-# - 0: disable
#-# - 1: enable
#-# The default is 0
xwiki.authentication.ldap.trylocal=1

since I want to access the administration even when the LDAP
authenticator is not properly configured.

* restart XWiki

That's it, the LDAP authenticator is used as authenticator and you
have what is described on
http://extensions.xwiki.org/xwiki/bin/view/Extension/LDAP/Application/
when you do to the administration -> LDAP.

If you think you configured LDAP authenticator with the right values
and login still fail then you should do what is explained on
http://extensions.xwiki.org/xwiki/bin/view/Extension/LDAP/Authenticator/#HEnableLDAPdebuglog
and you will have all the details to see why it fails.

On Wed, Mar 15, 2017 at 4:20 AM, Douglas Landau  wrote:
> OK, now I'm -totally- confused.  :-) I am looking for the LDAP 
> Application form.
>
> I started over with the standalone installer.
> I installed the LDAP Authenticator using the built-in (pre-installed?) admin 
> application
> I tried adding the LDAP settings found here to xwiki.cfg: 
> http://extensions.xwiki.org/xwiki/bin/view/Extension/LDAP/Authenticator/
> Therefore I have "xwiki.authentication.ldap=1"
> I also set a value/server-hostname for "xwiki.authentication.ldap.server="
> I left these two lines uncommented, hoping for anonymous LDAP binding, which 
> I am told we offer.
>
> xwiki.authentication.ldap.bind_DN=cn={0},department=USER,department=INFORMATIK,department=1230,o=MP
> xwiki.authentication.ldap.bind_pass={1}
>
> I have a value for "xwiki.authentication.ldap.base_DN="
> I stopped XWiki by pressing Control-C twice in the window in which I started 
> it using start_xwiki.sh, since I never got a prompt back.
> I modified my xwiki.cfg but am not able to log in using LDAP.
> I saw where it says "if you are not using the LDAP application, you will have 
> to redeploy".   But I don’t know what that means or see it explained anywhere.
> So I installed the LDAP Application.  Version 9.2.3.   The version of the 
> LDAP Authenticator is also 9.2.3.  I installed XWiki 8.4.4.
> I finally got to a known point!   PHEW!   I go to 
> here, from the LDAP Application page:
> ---
> Enabling LDAP authentication on a wiki
> The LDAP application assumes LDAP is enabled as the main authenticator via 
> the bundled XWiki LDAP authenticator. If it's not the case, you will be 
> "welcomed" with the following warning message:
>
> ldap-authenticator-warning.png
>
> In the event you encounter this message, please report to Authenticator 
> documentation in order to enable the LDAP authenticator on your wiki.
>
> You need to make sure you have have the following in your xwiki.cfg file:
>
> xwiki.authentication.authclass=org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl
> since LDAP Application 8.3 or if you are using older version of the 
> application:
>
> xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl
> Uncomment it and then restart XWiki.
> -
>
> Okay  Right ON.   Now, it says "Since LDAP Application 8.3 or if you are 
> using an older version of the application."
> This is confusing to me.  Since 8.3 I ought to use that line, and also if I 
> am using an older version?!?   OK, I'll try that, since I am using 9.2.3, and 
> it sounds like I ought be using that ever since 8.3.  And I got Java errors 
> when I tried to start xwiki again.
> Okay.  I guess that is not going to work.  I'll try the other line, the first 
> one suggested.  That time I got no Java errors.
> Now I have this: 
> xwiki.authentication.authclass=org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl
>
> Okay.  After setting that to that, I was able to start xwiki again.   I 
> logged in as Admin and went to the LDAP Application.  The page is titled 
> "LDAP Admin sheet".   There is some whitespace.  The in large font is the 
> work "Configuration".  There is a pencil on the far right.  Below that is the 
> word "Miscellaneous".  Another pencil on the far right.  Below that is a 
> button "Reset group cache".  I pressed it.  I then clicked the pencil to the 
> right of "Configuration".  There is

[xwiki-users] LDAP Auth again

2017-03-14 Thread Douglas Landau 
OK, now I'm -totally- confused.  :-) I am looking for the LDAP Application 
form.

I started over with the standalone installer.
I installed the LDAP Authenticator using the built-in (pre-installed?) admin 
application
I tried adding the LDAP settings found here to xwiki.cfg: 
http://extensions.xwiki.org/xwiki/bin/view/Extension/LDAP/Authenticator/
Therefore I have "xwiki.authentication.ldap=1"
I also set a value/server-hostname for "xwiki.authentication.ldap.server="
I left these two lines uncommented, hoping for anonymous LDAP binding, which I 
am told we offer.

xwiki.authentication.ldap.bind_DN=cn={0},department=USER,department=INFORMATIK,department=1230,o=MP
xwiki.authentication.ldap.bind_pass={1}

I have a value for "xwiki.authentication.ldap.base_DN="
I stopped XWiki by pressing Control-C twice in the window in which I started it 
using start_xwiki.sh, since I never got a prompt back.
I modified my xwiki.cfg but am not able to log in using LDAP.
I saw where it says "if you are not using the LDAP application, you will have 
to redeploy".   But I don’t know what that means or see it explained anywhere.
So I installed the LDAP Application.  Version 9.2.3.   The version of the LDAP 
Authenticator is also 9.2.3.  I installed XWiki 8.4.4.
I finally got to a known point!   PHEW!   I go to here, 
from the LDAP Application page:
---
Enabling LDAP authentication on a wiki
The LDAP application assumes LDAP is enabled as the main authenticator via the 
bundled XWiki LDAP authenticator. If it's not the case, you will be "welcomed" 
with the following warning message:

ldap-authenticator-warning.png

In the event you encounter this message, please report to Authenticator 
documentation in order to enable the LDAP authenticator on your wiki.

You need to make sure you have have the following in your xwiki.cfg file:

xwiki.authentication.authclass=org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl
since LDAP Application 8.3 or if you are using older version of the application:

xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl
Uncomment it and then restart XWiki.
-

Okay  Right ON.   Now, it says "Since LDAP Application 8.3 or if you are 
using an older version of the application."
This is confusing to me.  Since 8.3 I ought to use that line, and also if I am 
using an older version?!?   OK, I'll try that, since I am using 9.2.3, and it 
sounds like I ought be using that ever since 8.3.  And I got Java errors when I 
tried to start xwiki again. 
Okay.  I guess that is not going to work.  I'll try the other line, the first 
one suggested.  That time I got no Java errors.
Now I have this: 
xwiki.authentication.authclass=org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl

Okay.  After setting that to that, I was able to start xwiki again.   I logged 
in as Admin and went to the LDAP Application.  The page is titled "LDAP Admin 
sheet".   There is some whitespace.  The in large font is the work 
"Configuration".  There is a pencil on the far right.  Below that is the word 
"Miscellaneous".  Another pencil on the far right.  Below that is a button 
"Reset group cache".  I pressed it.  I then clicked the pencil to the right of 
"Configuration".  There is nothing there.

Where is the form I see on this page: 
http://extensions.xwiki.org/xwiki/bin/view/Extension/LDAP/Application/   ???
I see no error msgs or guidance of any sort going to the window in which I 
started xwiki.
I still can't log in using LDAP credentials.

OK Now I've uncommeted out these two lines and removed their values:
xwiki.authentication.ldap.bind_DN=
xwiki.authentication.ldap.bind_pass=

Same story.  Maybe I'll give up on anonymous binding.  OK, now I've filled 
those in.  I've restarted and same story - cant auth using LDAP and can't find 
the form, just a pencil on the LDAP Admin sheet.  Not sure what to do next 
except start over with XWiki 9.  Guess I'll get that going in another VM.

Help?

Thanks.  



The information contained in this transmission may contain West Marine 
proprietary, confidential and/or privileged 
information.  It is intended only for the use of the person(s) named above. If 
you are not the intended recipient, you are 
hereby notified that any review, dissemination, distribution or duplication of 
this communication is strictly prohibited. 
If you are not the intended recipient, please contact the sender by reply email 
and destroy all copies of the original 
message. To reply to our email administrator directly, please send an email to 
netad...@westmarine.com.