Re: [xwiki-users] XWiki Ldap authentication

2016-09-13 Thread Thomas Mortagne 
No it's not expected. Maybe you unselected the admin UI page when
asked by Extension Manager when you uninstalled it.

On Tue, Sep 13, 2016 at 7:03 PM, Dibyendu Das  wrote:
> I was able to get the LDAP working using the GUI of ldap application
> finally. However, if I uninstall both the LDAP Authenticator and the LDAP
> Application extensions from the extensions manager, the LDAP application
> still remains in the XWiki Administration page, and I am able to use the
> GUI to set the values. Is this expected?
>
> Thanks
>
> On Sat, Sep 10, 2016 at 2:53 AM, Thomas Mortagne 
> wrote:
>
>> On Fri, Sep 9, 2016 at 10:22 PM, Dibyendu Das 
>> wrote:
>> > Hi,
>> >
>> > I am trying to set up Ldap integration, and have installed both LDAP
>> > Authenticator and LDAP Application.
>> > I am using XWiki 8.2.1.
>> >
>> > In my xwiki.cfg file I have the following settings in the LDAP section:
>> >
>> > #-# LDAP authentication service
>> >
>> > xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.
>> XWikiLDAPAuthServiceImpl
>> > xwiki.authentication.ldap=1
>> > xwiki.authentication.ldap.server=the.ldap.server
>> > xwiki.authentication.ldap.port=389
>> > xwiki.authentication.ldap.bind_DN=cn={0},ou=something1,
>> ou=something2,ou=something3,dc=something4,dc=something5,
>> dc=something6,dc=something7
>> > xwiki.authentication.ldap.bind_pass={1}
>> > xwiki.authentication.ldap.base_DN=
>> > xwiki.authentication.ldap.fields_mapping=last_name=sn,
>> first_name=givenName,email=mail
>> > xwiki.authentication.ldap.update_user=1
>> > xwiki.authentication.ldap.trylocal=1
>>
>> If you plan to setup LDAP using xwiki.cfg, you can get rid of the
>> "LDAP Application" which only job is to help set fields in
>> XWikiPreferences. If you remove the application empty all the fields
>> you set with it since they overwrite xwiki.cfg.
>>
>> Also you are using core LDAP authentication configuration here so you
>> don't need to install "LDAP Authenticator" extension. See
>> http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication#
>> HLDAPAuthentication.
>>
>> >
>> > Rest of the lines are commented. Note that there's nothing in base_DN
>> > field. I have provided the same values
>> > in bin/admin/XWiki/XWikiPreferences?editor=globaladmin=LDAP&
>> space=XWiki.
>>
>> > But the page shows ldap.missingLdapService at the top of the page.
>>
>> There seems to be an issue with the translation associated to key
>> "ldap.missingLdapService" which should display: "LDAP service is not
>> available. Please verify your installation." which mean the
>> application cannot find the LDAP script service (used by the
>> application to retrieve values from the LDAP server). It has nothing
>> do to with whatever field you set and have nothing to do with the
>> authentication itself, it just reduce a bit the features of the UI
>> which become the static form you see.
>>
>> >
>> > Any ideas why this is happening?
>> >
>> > Thanks
>> > ___
>> > users mailing list
>> > users@xwiki.org
>> > http://lists.xwiki.org/mailman/listinfo/users
>>
>>
>>
>> --
>> Thomas Mortagne
>> ___
>> users mailing list
>> users@xwiki.org
>> http://lists.xwiki.org/mailman/listinfo/users
>>
> ___
> users mailing list
> users@xwiki.org
> http://lists.xwiki.org/mailman/listinfo/users



-- 
Thomas Mortagne
___
users mailing list
users@xwiki.org
http://lists.xwiki.org/mailman/listinfo/users

Re: [xwiki-users] XWiki Ldap authentication

2016-09-13 Thread Dibyendu Das 
I was able to get the LDAP working using the GUI of ldap application
finally. However, if I uninstall both the LDAP Authenticator and the LDAP
Application extensions from the extensions manager, the LDAP application
still remains in the XWiki Administration page, and I am able to use the
GUI to set the values. Is this expected?

Thanks

On Sat, Sep 10, 2016 at 2:53 AM, Thomas Mortagne 
wrote:

> On Fri, Sep 9, 2016 at 10:22 PM, Dibyendu Das 
> wrote:
> > Hi,
> >
> > I am trying to set up Ldap integration, and have installed both LDAP
> > Authenticator and LDAP Application.
> > I am using XWiki 8.2.1.
> >
> > In my xwiki.cfg file I have the following settings in the LDAP section:
> >
> > #-# LDAP authentication service
> >
> > xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.
> XWikiLDAPAuthServiceImpl
> > xwiki.authentication.ldap=1
> > xwiki.authentication.ldap.server=the.ldap.server
> > xwiki.authentication.ldap.port=389
> > xwiki.authentication.ldap.bind_DN=cn={0},ou=something1,
> ou=something2,ou=something3,dc=something4,dc=something5,
> dc=something6,dc=something7
> > xwiki.authentication.ldap.bind_pass={1}
> > xwiki.authentication.ldap.base_DN=
> > xwiki.authentication.ldap.fields_mapping=last_name=sn,
> first_name=givenName,email=mail
> > xwiki.authentication.ldap.update_user=1
> > xwiki.authentication.ldap.trylocal=1
>
> If you plan to setup LDAP using xwiki.cfg, you can get rid of the
> "LDAP Application" which only job is to help set fields in
> XWikiPreferences. If you remove the application empty all the fields
> you set with it since they overwrite xwiki.cfg.
>
> Also you are using core LDAP authentication configuration here so you
> don't need to install "LDAP Authenticator" extension. See
> http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication#
> HLDAPAuthentication.
>
> >
> > Rest of the lines are commented. Note that there's nothing in base_DN
> > field. I have provided the same values
> > in bin/admin/XWiki/XWikiPreferences?editor=globaladmin=LDAP&
> space=XWiki.
>
> > But the page shows ldap.missingLdapService at the top of the page.
>
> There seems to be an issue with the translation associated to key
> "ldap.missingLdapService" which should display: "LDAP service is not
> available. Please verify your installation." which mean the
> application cannot find the LDAP script service (used by the
> application to retrieve values from the LDAP server). It has nothing
> do to with whatever field you set and have nothing to do with the
> authentication itself, it just reduce a bit the features of the UI
> which become the static form you see.
>
> >
> > Any ideas why this is happening?
> >
> > Thanks
> > ___
> > users mailing list
> > users@xwiki.org
> > http://lists.xwiki.org/mailman/listinfo/users
>
>
>
> --
> Thomas Mortagne
> ___
> users mailing list
> users@xwiki.org
> http://lists.xwiki.org/mailman/listinfo/users
>
___
users mailing list
users@xwiki.org
http://lists.xwiki.org/mailman/listinfo/users

Re: [xwiki-users] XWiki Ldap authentication

2016-09-10 Thread Thomas Mortagne 
On Fri, Sep 9, 2016 at 10:22 PM, Dibyendu Das  wrote:
> Hi,
>
> I am trying to set up Ldap integration, and have installed both LDAP
> Authenticator and LDAP Application.
> I am using XWiki 8.2.1.
>
> In my xwiki.cfg file I have the following settings in the LDAP section:
>
> #-# LDAP authentication service
>
> xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl
> xwiki.authentication.ldap=1
> xwiki.authentication.ldap.server=the.ldap.server
> xwiki.authentication.ldap.port=389
> xwiki.authentication.ldap.bind_DN=cn={0},ou=something1,ou=something2,ou=something3,dc=something4,dc=something5,dc=something6,dc=something7
> xwiki.authentication.ldap.bind_pass={1}
> xwiki.authentication.ldap.base_DN=
> xwiki.authentication.ldap.fields_mapping=last_name=sn,first_name=givenName,email=mail
> xwiki.authentication.ldap.update_user=1
> xwiki.authentication.ldap.trylocal=1

If you plan to setup LDAP using xwiki.cfg, you can get rid of the
"LDAP Application" which only job is to help set fields in
XWikiPreferences. If you remove the application empty all the fields
you set with it since they overwrite xwiki.cfg.

Also you are using core LDAP authentication configuration here so you
don't need to install "LDAP Authenticator" extension. See
http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication#HLDAPAuthentication.

>
> Rest of the lines are commented. Note that there's nothing in base_DN
> field. I have provided the same values
> in 
> bin/admin/XWiki/XWikiPreferences?editor=globaladmin=LDAP=XWiki.

> But the page shows ldap.missingLdapService at the top of the page.

There seems to be an issue with the translation associated to key
"ldap.missingLdapService" which should display: "LDAP service is not
available. Please verify your installation." which mean the
application cannot find the LDAP script service (used by the
application to retrieve values from the LDAP server). It has nothing
do to with whatever field you set and have nothing to do with the
authentication itself, it just reduce a bit the features of the UI
which become the static form you see.

>
> Any ideas why this is happening?
>
> Thanks
> ___
> users mailing list
> users@xwiki.org
> http://lists.xwiki.org/mailman/listinfo/users



-- 
Thomas Mortagne
___
users mailing list
users@xwiki.org
http://lists.xwiki.org/mailman/listinfo/users

[xwiki-users] XWiki Ldap authentication

2016-09-09 Thread Dibyendu Das 
Hi,

I am trying to set up Ldap integration, and have installed both LDAP
Authenticator and LDAP Application.
I am using XWiki 8.2.1.

In my xwiki.cfg file I have the following settings in the LDAP section:

#-# LDAP authentication service

xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl
xwiki.authentication.ldap=1
xwiki.authentication.ldap.server=the.ldap.server
xwiki.authentication.ldap.port=389
xwiki.authentication.ldap.bind_DN=cn={0},ou=something1,ou=something2,ou=something3,dc=something4,dc=something5,dc=something6,dc=something7
xwiki.authentication.ldap.bind_pass={1}
xwiki.authentication.ldap.base_DN=
xwiki.authentication.ldap.fields_mapping=last_name=sn,first_name=givenName,email=mail
xwiki.authentication.ldap.update_user=1
xwiki.authentication.ldap.trylocal=1

Rest of the lines are commented. Note that there's nothing in base_DN
field. I have provided the same values
in bin/admin/XWiki/XWikiPreferences?editor=globaladmin=LDAP=XWiki.
But the page shows ldap.missingLdapService at the top of the page.

Any ideas why this is happening?

Thanks
___
users mailing list
users@xwiki.org
http://lists.xwiki.org/mailman/listinfo/users

Re: [xwiki-users] Xwiki LDAP Authentication doesn't work when you move a user to a different OU in Active Directory

2008-08-07 Thread lukweb 

Hi again,

My version is XWiki Enterprise 1.5.11446.

I have tested the cleaning of the ldap_dn value in order to allow a login in
a different OU of my Active Directory and no bug for me...
-- 
View this message in context: 
http://n2.nabble.com/Xwiki-LDAP-Authentication-doesn%27t-work-when-you-move-a-user-to-a-different-OU-in-Active-Directory-tp663821p677732.html
Sent from the XWiki- Users mailing list archive at Nabble.com.

___
users mailing list
users@xwiki.org
http://lists.xwiki.org/mailman/listinfo/users

Re: [xwiki-users] Xwiki LDAP Authentication doesn't work when you move a user to a different OU in Active Directory

2008-08-06 Thread Thomas Mortagne 
On Wed, Aug 6, 2008 at 11:03 AM, lukweb [EMAIL PROTECTED] wrote:

 Hi Thomas,

 Forget my last message, i made several tests and as far as i know, xwiki
 ldap auth can't do group mapping and allow logons from differents OU in
 Active Directory at the same time...

 So for now, i choosed to keep group mapping on and if i want to move a user
 to a different OU, i will modify its ldap_dn value in its xwiki profile
 (it's working).

 Thanks for your help and maybe if you've got a solution/evolution to that,
 please tell me.

First I will fix the potential problem with ldab_dn emptied by hand,
maybe it's not just by hand...

What XWiki version do you use ? (you surely already said that but I
can't find it in this long conversation ;))


 Have a nice day.
 --
 View this message in context: 
 http://n2.nabble.com/Xwiki-LDAP-Authentication-doesn%27t-work-when-you-move-a-user-to-a-different-OU-in-Active-Directory-tp663821p675429.html
 Sent from the XWiki- Users mailing list archive at Nabble.com.

 ___
 users mailing list
 users@xwiki.org
 http://lists.xwiki.org/mailman/listinfo/users




-- 
Thomas Mortagne
___
users mailing list
users@xwiki.org
http://lists.xwiki.org/mailman/listinfo/users

Re: [xwiki-users] Xwiki LDAP Authentication doesn't work when you move a user to a different OU in Active Directory

2008-08-05 Thread lukweb 

Hi Thomas,

By activating the parameter 

xwiki.authentication.ldap.group_memberfields=member,uniqueMember

Now the error login is logged in the xwiki.cfg

It failed with the error :

2008-08-05 09:57:44,496
[http://srv-web:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] [P1-19] ERROR
ldap.XWikiLDAPUtils - Could not find attribute sAMAccountName
for LDAP dn CN=Administrateurs Wiki,CN=Users,DC=zl,DC=masociete,DC=com 
2008-08-05 09:57:44,669
[http://srv-web:8080/xwiki/bin/view/Main/?srid=JYeDhARA] [P1-19] ERROR
ldap.XWikiLDAPUtils - Could not find attribute sAMAccountName
for LDAP dn CN=Administrateurs Wiki,CN=Users,DC=zl,DC=masociete,DC=com 
-- 
View this message in context: 
http://n2.nabble.com/Xwiki-LDAP-Authentication-doesn%27t-work-when-you-move-a-user-to-a-different-OU-in-Active-Directory-tp663821p670150.html
Sent from the XWiki- Users mailing list archive at Nabble.com.

___
users mailing list
users@xwiki.org
http://lists.xwiki.org/mailman/listinfo/users

Re: [xwiki-users] Xwiki LDAP Authentication doesn't work when you move a user to a different OU in Active Directory

2008-08-04 Thread lukweb 

I already tried to restart but it's the same thing.

The parameter groupcache was commented so now it's on : 
xwiki.authentication.ldap.groupcache_expiration=21800

I have restarted but no mapping is done.
-- 
View this message in context: 
http://n2.nabble.com/Xwiki-LDAP-Authentication-doesn%27t-work-when-you-move-a-user-to-a-different-OU-in-Active-Directory-tp663821p668076.html
Sent from the XWiki- Users mailing list archive at Nabble.com.

___
users mailing list
users@xwiki.org
http://lists.xwiki.org/mailman/listinfo/users

Re: [xwiki-users] Xwiki LDAP Authentication doesn't work when you move a user to a different OU in Active Directory

2008-08-04 Thread Thomas Mortagne 
On Mon, Aug 4, 2008 at 11:05 AM, lukweb [EMAIL PROTECTED] wrote:

 I already tried to restart but it's the same thing.

 The parameter groupcache was commented so now it's on :
 xwiki.authentication.ldap.groupcache_expiration=21800

 I have restarted but no mapping is done.

If it does not work after restarting XWiki then it's not cache. But I
don't see what can be the problem here.

Does it work if you set the new user LDAP DN in its profile ?

Could you enable debug log (see
http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Logging) and
copy/paste what you have in the log when authenticating ?

 --
 View this message in context: 
 http://n2.nabble.com/Xwiki-LDAP-Authentication-doesn%27t-work-when-you-move-a-user-to-a-different-OU-in-Active-Directory-tp663821p668076.html
 Sent from the XWiki- Users mailing list archive at Nabble.com.

 ___
 users mailing list
 users@xwiki.org
 http://lists.xwiki.org/mailman/listinfo/users




-- 
Thomas Mortagne
___
users mailing list
users@xwiki.org
http://lists.xwiki.org/mailman/listinfo/users

Re: [xwiki-users] Xwiki LDAP Authentication doesn't work when you move a user to a different OU in Active Directory

2008-08-04 Thread Thomas Mortagne 
On Mon, Aug 4, 2008 at 10:25 AM, lukweb [EMAIL PROTECTED] wrote:

 Hi Thomas,

 Ok it's working, when i move the user in a different OU, the login is ok
 BUT

 ...The groups mapping doesn't work anymore

 I tested it with another new user and it's not good, no more group mapping
 between the LDAP and Xwiki.

There is a cache for the LDAP group. You can change it using property
xwiki.authentication.ldap.groupcache_expiration (the value is in
sec) or simply restart (the cache is reinitialized when XWiki starts).


 Any idea ?
 --
 View this message in context: 
 http://n2.nabble.com/Xwiki-LDAP-Authentication-doesn%27t-work-when-you-move-a-user-to-a-different-OU-in-Active-Directory-tp663821p668021.html
 Sent from the XWiki- Users mailing list archive at Nabble.com.

 ___
 users mailing list
 users@xwiki.org
 http://lists.xwiki.org/mailman/listinfo/users




-- 
Thomas Mortagne
___
users mailing list
users@xwiki.org
http://lists.xwiki.org/mailman/listinfo/users

Re: [xwiki-users] Xwiki LDAP Authentication doesn't work when you move a user to a different OU in Active Directory

2008-08-02 Thread Thomas Mortagne 
On Fri, Aug 1, 2008 at 7:54 PM, Vincent Massol [EMAIL PROTECTED] wrote:

 On Aug 1, 2008, at 7:46 PM, Thomas Mortagne wrote:

 On Fri, Aug 1, 2008 at 6:22 PM, Vincent Massol [EMAIL PROTECTED]
 wrote:

 On Aug 1, 2008, at 6:17 PM, Thomas Mortagne wrote:

 [snip]

 I found what is the problem: It's not your configuration, by default
 XWiki store the DN in the user's profile (with the ldap_dn=dn in
 xwiki.authentication.ldap.fields_mapping property) to speed up the
 DN
 search. The problem is that it will always use the first DN used
 for a
 user even the user moved in LDAP server.

 So what you can do to fix it:

 - for existing users in XWiki: edit the user's profile page using
 object editor and change the value of the property ldap_dn (LDAP
 DN).
 Set the new DN or just blank it to let XWiki update it.
 - if you plan to move LDAP users regularely: remove the ldap_dn=dn
 from xwiki.authentication.ldap.fields_mapping property to avoid LDAP
 user DN storage.

 This looks like an important XWiki limitation isn't it?

 I guess moving users in LDAP is a pretty common thing and we should
 probably not request admins to edit related XWiki users objects. That
 doesn't sound right.

 It's not a limitation, just configuration. As I said, If you don't
 have ldap_dn=dn in xwiki.authentication.ldap.fields_mapping the DN
 is never stored so you don't have the problem. But maybe the default
 value of wiki.authentication.ldap.fields_mapping has to be changed.

 I understand but cannot we do better? It looks a bit like magic and
 the parameter name doesn't reflect the behavior and the dangerousness
 associated with it.

This work like that since the first old LDAP authenticator and it's
the first time someone report that it's an issue AFAIK...
Anyway maybe a new parameter userDN_constant=true/false or something
like that would be better. Or we completely remove this way to get the
DN.


 Also I don't see the use cases where this parameter could be used?
 (unless your LDAP is read only which is probably pretty rare).

You are maybe right, I really don't know as I pretty much never used
LDAP for personal needs.


 Thanks
 -Vincent
 ___
 users mailing list
 users@xwiki.org
 http://lists.xwiki.org/mailman/listinfo/users




-- 
Thomas Mortagne
___
users mailing list
users@xwiki.org
http://lists.xwiki.org/mailman/listinfo/users

Re: [xwiki-users] Xwiki LDAP Authentication doesn't work when you move a user to a different OU in Active Directory

2008-08-02 Thread Thomas Mortagne 
On Fri, Aug 1, 2008 at 10:42 PM, lukweb [EMAIL PROTECTED] wrote:

 GREAT !!!

 I can't test it now because i'm not at work but i'm sure you're right about
 the ldap_dn because i was testing the first login of a new user anywhere in
 the Active Directory and it works until i move it into another OU...

 I will test it on next Monday and i'll give you a feedback about it.

Hmm, I looked into the code and it's possible that there is a bug with
LDAP DN field of user profile that someone removed by hand (but there
should not be any problem with user profile that never has LDAP DN
inserted). Let me know if you have problem and I will look more into
it.


 Thanks for your quick answers.

 P.S. : I love Xwiki but i'm sure it can be a more popular wiki if it was
 more documented...
 The standalone package (multiplatformed) is amazing.
 The good point is this great forum with you the great experts, thanks
 buddies !!!
 --
 View this message in context: 
 http://n2.nabble.com/Xwiki-LDAP-Authentication-doesn%27t-work-when-you-move-a-user-to-a-different-OU-in-Active-Directory-tp663821p665028.html
 Sent from the XWiki- Users mailing list archive at Nabble.com.

 ___
 users mailing list
 users@xwiki.org
 http://lists.xwiki.org/mailman/listinfo/users




-- 
Thomas Mortagne
___
users mailing list
users@xwiki.org
http://lists.xwiki.org/mailman/listinfo/users

[xwiki-users] Xwiki LDAP Authentication doesn't work when you move a user to a different OU in Active Directory

2008-08-01 Thread lukweb 

Hello all,

I'm working with the last version of XE and i get the LDAP authentication on
my Active Directory Domain.

My problem is when i move a user to a different OU in the Active Directory,
the user can't login in Xwiki anymore...(Error : Wrong password).

Is there a way to configure the xwiki.cfg in order the authentication could
browse the all Active Directory to find the user and allow him to login ?

Thanks in advance.
-- 
View this message in context: 
http://n2.nabble.com/Xwiki-LDAP-Authentication-doesn%27t-work-when-you-move-a-user-to-a-different-OU-in-Active-Directory-tp663821p663821.html
Sent from the XWiki- Users mailing list archive at Nabble.com.

___
users mailing list
users@xwiki.org
http://lists.xwiki.org/mailman/listinfo/users

Re: [xwiki-users] Xwiki LDAP Authentication doesn't work when you move a user to a different OU in Active Directory

2008-08-01 Thread Thomas Mortagne 
On Fri, Aug 1, 2008 at 11:01 AM, Thomas Mortagne
[EMAIL PROTECTED] wrote:
 On Fri, Aug 1, 2008 at 9:14 AM, lukweb [EMAIL PROTECTED] wrote:

 Hello all,

 I'm working with the last version of XE and i get the LDAP authentication on
 my Active Directory Domain.

 My problem is when i move a user to a different OU in the Active Directory,
 the user can't login in Xwiki anymore...(Error : Wrong password).

 Is there a way to configure the xwiki.cfg in order the authentication could
 browse the all Active Directory to find the user and allow him to login ?

 Yes LDAP authentication already do this automatically but you have to
 change xwiki.authentication.ldap.bind_DN and
 xwiki.authentication.ldap.bind_pass values to set an existing user
 that can read the whole LDAP (like ) instead of a pattern

(like a administrator user)



 Thanks in advance.
 --
 View this message in context: 
 http://n2.nabble.com/Xwiki-LDAP-Authentication-doesn%27t-work-when-you-move-a-user-to-a-different-OU-in-Active-Directory-tp663821p663821.html
 Sent from the XWiki- Users mailing list archive at Nabble.com.

 ___
 users mailing list
 users@xwiki.org
 http://lists.xwiki.org/mailman/listinfo/users




 --
 Thomas Mortagne




-- 
Thomas Mortagne
___
users mailing list
users@xwiki.org
http://lists.xwiki.org/mailman/listinfo/users

Re: [xwiki-users] Xwiki LDAP Authentication doesn't work when you move a user to a different OU in Active Directory

2008-08-01 Thread lukweb 

OK Great,

Can you just give me an example of these config parameters ?

Thanks in advance.

Je continue à écrire en anglais mais je devine vu ton nom que tu parles bien
la France ;-))
Ce sera pour rendre service à un maximum de gens qui rencontreront le même
problème...
-- 
View this message in context: 
http://n2.nabble.com/Xwiki-LDAP-Authentication-doesn%27t-work-when-you-move-a-user-to-a-different-OU-in-Active-Directory-tp663821p663993.html
Sent from the XWiki- Users mailing list archive at Nabble.com.

___
users mailing list
users@xwiki.org
http://lists.xwiki.org/mailman/listinfo/users

Re: [xwiki-users] Xwiki LDAP Authentication doesn't work when you move a user to a different OU in Active Directory

2008-08-01 Thread lukweb 

Ok i tried to put this config in my xwiki.cfg but it doesn't work anymore
when i move the user in another OU in the Active Directory :

xwiki.authentication.ldap.base_DN=DC=agence,DC=masociete,DC=com
xwiki.authentication.ldap.bind_DN=MASOCIETE\\wikildapuser
xwiki.authentication.ldap.bind_pass=password
xwiki.authentication.ldap.UID_attr=sAMAccountName
xwiki.authentication.ldap.fields_mapping=name=sAMAccountName,last_name=sn,first_name=givenName,fullname=displayName,mail=mail,ldap_dn=dn

Any idea ?
-- 
View this message in context: 
http://n2.nabble.com/Xwiki-LDAP-Authentication-doesn%27t-work-when-you-move-a-user-to-a-different-OU-in-Active-Directory-tp663821p664210.html
Sent from the XWiki- Users mailing list archive at Nabble.com.

___
users mailing list
users@xwiki.org
http://lists.xwiki.org/mailman/listinfo/users

Re: [xwiki-users] Xwiki LDAP Authentication doesn't work when you move a user to a different OU in Active Directory

2008-08-01 Thread Thomas Mortagne 
2008/8/1 lukweb [EMAIL PROTECTED]:

 OK Great,

 Can you just give me an example of these config parameters ?

For example if you have in your LDAP a admin user with DN
cn=Administrator,dc=mydomain,dc=org and password pass simply set:
xwiki.authentication.ldap.bind_DN=cn=Administrator,dc=mydomain,dc=org
xwiki.authentication.ldap.bind_pass=pass

LDAP authentication will use it to connect to LDAP server then it will
search provided login trying to match with field sAMAccountName (if
you configured xwiki.authentication.ldap.UID_attr=sAMAccountName
) value. Then it try to execute a bind with the found user and
provided password to validate it.


 Thanks in advance.

 Je continue à écrire en anglais mais je devine vu ton nom que tu parles bien
 la France ;-))
 Ce sera pour rendre service à un maximum de gens qui rencontreront le même
 problème...
 --
 View this message in context: 
 http://n2.nabble.com/Xwiki-LDAP-Authentication-doesn%27t-work-when-you-move-a-user-to-a-different-OU-in-Active-Directory-tp663821p663993.html
 Sent from the XWiki- Users mailing list archive at Nabble.com.

 ___
 users mailing list
 users@xwiki.org
 http://lists.xwiki.org/mailman/listinfo/users




-- 
Thomas Mortagne
___
users mailing list
users@xwiki.org
http://lists.xwiki.org/mailman/listinfo/users

Re: [xwiki-users] Xwiki LDAP Authentication doesn't work when you move a user to a different OU in Active Directory

2008-08-01 Thread Thomas Mortagne 
I just added the use case in
http://platform.xwiki.org/xwiki/bin/view/AdminGuide/LDAPAuthenticationUseCases,
could you complete it if needed when you will be able to find the
configuration that works for you ?

On Fri, Aug 1, 2008 at 2:37 PM, Thomas Mortagne
[EMAIL PROTECTED] wrote:
 2008/8/1 lukweb [EMAIL PROTECTED]:

 OK Great,

 Can you just give me an example of these config parameters ?

 For example if you have in your LDAP a admin user with DN
 cn=Administrator,dc=mydomain,dc=org and password pass simply set:
 xwiki.authentication.ldap.bind_DN=cn=Administrator,dc=mydomain,dc=org
 xwiki.authentication.ldap.bind_pass=pass

 LDAP authentication will use it to connect to LDAP server then it will
 search provided login trying to match with field sAMAccountName (if
 you configured xwiki.authentication.ldap.UID_attr=sAMAccountName
 ) value. Then it try to execute a bind with the found user and
 provided password to validate it.


 Thanks in advance.

 Je continue à écrire en anglais mais je devine vu ton nom que tu parles bien
 la France ;-))
 Ce sera pour rendre service à un maximum de gens qui rencontreront le même
 problème...
 --
 View this message in context: 
 http://n2.nabble.com/Xwiki-LDAP-Authentication-doesn%27t-work-when-you-move-a-user-to-a-different-OU-in-Active-Directory-tp663821p663993.html
 Sent from the XWiki- Users mailing list archive at Nabble.com.

 ___
 users mailing list
 users@xwiki.org
 http://lists.xwiki.org/mailman/listinfo/users




 --
 Thomas Mortagne




-- 
Thomas Mortagne
___
users mailing list
users@xwiki.org
http://lists.xwiki.org/mailman/listinfo/users

Re: [xwiki-users] Xwiki LDAP Authentication doesn't work when you move a user to a different OU in Active Directory

2008-08-01 Thread lukweb 

Here is the results :

When i activate this config parameter
xwiki.authentication.ldap.password_field=userPassword, i can connect with an
account that i moved in another OU. But when i move again this account, i
can't connect from another different OU : Wrong password...


-- 
View this message in context: 
http://n2.nabble.com/Xwiki-LDAP-Authentication-doesn%27t-work-when-you-move-a-user-to-a-different-OU-in-Active-Directory-tp663821p664258.html
Sent from the XWiki- Users mailing list archive at Nabble.com.

___
users mailing list
users@xwiki.org
http://lists.xwiki.org/mailman/listinfo/users

Re: [xwiki-users] Xwiki LDAP Authentication doesn't work when you move a user to a different OU in Active Directory

2008-08-01 Thread Thomas Mortagne 
On Fri, Aug 1, 2008 at 3:05 PM, lukweb [EMAIL PROTECTED] wrote:

 Here is the results :

 When i activate this config parameter
 xwiki.authentication.ldap.password_field=userPassword, i can connect with an

Why do you configure
xwiki.authentication.ldap.password_field=userPassword ? it should not
be needed if you have validate_password=0

Can you copy past your entire auth configuration ?

 account that i moved in another OU. But when i move again this account, i
 can't connect from another different OU : Wrong password...


 --
 View this message in context: 
 http://n2.nabble.com/Xwiki-LDAP-Authentication-doesn%27t-work-when-you-move-a-user-to-a-different-OU-in-Active-Directory-tp663821p664258.html
 Sent from the XWiki- Users mailing list archive at Nabble.com.

 ___
 users mailing list
 users@xwiki.org
 http://lists.xwiki.org/mailman/listinfo/users




-- 
Thomas Mortagne
___
users mailing list
users@xwiki.org
http://lists.xwiki.org/mailman/listinfo/users

Re: [xwiki-users] Xwiki LDAP Authentication doesn't work when you move a user to a different OU in Active Directory

2008-08-01 Thread lukweb 

Here is my xwiki.cfg :

xwiki.base=../../

xwiki.store.class=com.xpn.xwiki.store.XWikiHibernateStore
xwiki.store.hibernate.path=/WEB-INF/hibernate.cfg.xml
xwiki.store.hibernate.updateschema=1
xwiki.store.hibernate.custommapping=1
xwiki.store.cache=1
xwiki.store.cache.capacity=100
xwiki.store.migration=1

xwiki.monitor=1

# List of active plugins.
xwiki.plugins=\
com.xpn.xwiki.monitor.api.MonitorPlugin,\
com.xpn.xwiki.plugin.calendar.CalendarPlugin,\
com.xpn.xwiki.plugin.skinx.JsSkinExtensionPlugin,\
com.xpn.xwiki.plugin.skinx.CssSkinExtensionPlugin,\
com.xpn.xwiki.plugin.feed.FeedPlugin,\
com.xpn.xwiki.plugin.ldap.LDAPPlugin,\
com.xpn.xwiki.plugin.google.GooglePlugin,\
com.xpn.xwiki.plugin.flickr.FlickrPlugin,\
com.xpn.xwiki.plugin.mail.MailPlugin,\
com.xpn.xwiki.plugin.packaging.PackagePlugin,\
com.xpn.xwiki.plugin.query.QueryPlugin,\
com.xpn.xwiki.plugin.svg.SVGPlugin,\
com.xpn.xwiki.plugin.charts.ChartingPlugin,\
com.xpn.xwiki.plugin.fileupload.FileUploadPlugin,\
com.xpn.xwiki.plugin.image.ImagePlugin,\
com.xpn.xwiki.plugin.captcha.CaptchaPlugin,\
com.xpn.xwiki.plugin.userdirectory.UserDirectoryPlugin,\
   
com.xpn.xwiki.plugin.usertools.XWikiUserManagementToolsImpl,\
com.xpn.xwiki.plugin.zipexplorer.ZipExplorerPlugin,\
com.xpn.xwiki.plugin.autotag.AutoTagPlugin,\
com.xpn.xwiki.plugin.lucene.LucenePlugin,\
com.xpn.xwiki.plugin.diff.DiffPlugin,\
com.xpn.xwiki.plugin.rightsmanager.RightsManagerPlugin,\
com.xpn.xwiki.plugin.jodatime.JodaTimePlugin,\
com.xpn.xwiki.plugin.scheduler.SchedulerPlugin,\
com.xpn.xwiki.plugin.mailsender.MailSenderPlugin,\
com.xpn.xwiki.plugin.watchlist.WatchListPlugin

# This parameter allows XWiki to operate in Hosting mode allowing to create
# multiple wikis having their own database and responding to different URLs
xwiki.virtual=0

xwiki.virtual.redirect=http://127.0.0.1:9080/xwiki/bin/Main/ThisWikiDoesNotExist

# This parameter will activate the eXo Platform integration
xwiki.exo=0

xwiki.authentication=form
xwiki.authentication.validationKey=totototototototototototototototo
xwiki.authentication.encryptionKey=titititititititititititititititi
xwiki.authentication.cookiedomains=xwiki.com,wiki.fr

# This allows logout to happen for any page going through the /logout/
action, regardless of the document or the servlet.
# Comment-out if you want to enable logout only for
/bin/logout/XWiki/XWikiLogout
xwiki.authentication.logoutpage=(/[^/]+/|/)logout/*

# Stats configuration allows to globally activate/deactivate stats module
(launch storage thread, register events...)
xwiki.stats=1
# When statistics are globally enabled, storage can be enabled/disabled by
wiki using the XWikiPreference property statistics.
# Note: Statistics are disabled by default for improved performances/space.
xwiki.stats.default=0
# It is also possible to choose a different stats service to record
statistics separately from XWiki.
xwiki.stats.class=com.xpn.xwiki.stats.impl.XWikiStatsServiceImpl

xwiki.encoding=ISO-8859-1

xwiki.backlinks=1

xwiki.tags=1

# Use edit comments
xwiki.editcomment=1

# Hide editcomment field and only use Javascript
xwiki.editcomment.hidden=0

# Make edit comment mandatory
xwiki.editcomment.mandatory=0

# Make edit comment suggested (asks 1 time if the comment is empty.
# 1 shows one popup if comment is empty.
# 0 means there is no popup.
# This setting is ignored if mandatory is set
xwiki.editcomment.suggested=0

# GraphViz plugin configuration. The GraphViz plugin is not configured by
default.
# To enable it, add com.xpn.xwiki.plugin.graphviz.GraphVizPlugin to the
list of plugins
# in the xwiki.plugins property.
# Uncomment and set the locations of the Dot and Neato executables
#xwiki.plugin.graphviz.dotpath=c:/Program Files/ATT/GraphViz/bin/dot.exe
#xwiki.plugin.graphviz.neatopath=c:/Program Files/ATT/GraphViz/bin/neato.exe

xwiki.plugin.laszlo.baseurl=/openlaszlo/xwiki/
xwiki.plugin.laszlo.path=c:/Program Files/Apache Software Foundation/Tomcat
5.0/webapps/openlaszlo/xwiki/

xwiki.plugin.image.cache.capacity=30

xwiki.plugin.captcha=0


# Enable to allow superadmin. It is disabled by default as this could be a
security breach if
# it were set and you forgot about it.
xwiki.superadminpassword=system

#-
# LDAP
#-

#-# new LDAP authentication service

Re: [xwiki-users] Xwiki LDAP Authentication doesn't work when you move a user to a different OU in Active Directory

2008-08-01 Thread Thomas Mortagne 
On Fri, Aug 1, 2008 at 5:10 PM, lukweb [EMAIL PROTECTED] wrote:

 Here is my xwiki.cfg :

 xwiki.base=../../

 xwiki.store.class=com.xpn.xwiki.store.XWikiHibernateStore
 xwiki.store.hibernate.path=/WEB-INF/hibernate.cfg.xml
 xwiki.store.hibernate.updateschema=1
 xwiki.store.hibernate.custommapping=1
 xwiki.store.cache=1
 xwiki.store.cache.capacity=100
 xwiki.store.migration=1

 xwiki.monitor=1

 # List of active plugins.
 xwiki.plugins=\
com.xpn.xwiki.monitor.api.MonitorPlugin,\
com.xpn.xwiki.plugin.calendar.CalendarPlugin,\
com.xpn.xwiki.plugin.skinx.JsSkinExtensionPlugin,\
com.xpn.xwiki.plugin.skinx.CssSkinExtensionPlugin,\
com.xpn.xwiki.plugin.feed.FeedPlugin,\
com.xpn.xwiki.plugin.ldap.LDAPPlugin,\
com.xpn.xwiki.plugin.google.GooglePlugin,\
com.xpn.xwiki.plugin.flickr.FlickrPlugin,\
com.xpn.xwiki.plugin.mail.MailPlugin,\
com.xpn.xwiki.plugin.packaging.PackagePlugin,\
com.xpn.xwiki.plugin.query.QueryPlugin,\
com.xpn.xwiki.plugin.svg.SVGPlugin,\
com.xpn.xwiki.plugin.charts.ChartingPlugin,\
com.xpn.xwiki.plugin.fileupload.FileUploadPlugin,\
com.xpn.xwiki.plugin.image.ImagePlugin,\
com.xpn.xwiki.plugin.captcha.CaptchaPlugin,\
com.xpn.xwiki.plugin.userdirectory.UserDirectoryPlugin,\

 com.xpn.xwiki.plugin.usertools.XWikiUserManagementToolsImpl,\
com.xpn.xwiki.plugin.zipexplorer.ZipExplorerPlugin,\
com.xpn.xwiki.plugin.autotag.AutoTagPlugin,\
com.xpn.xwiki.plugin.lucene.LucenePlugin,\
com.xpn.xwiki.plugin.diff.DiffPlugin,\
com.xpn.xwiki.plugin.rightsmanager.RightsManagerPlugin,\
com.xpn.xwiki.plugin.jodatime.JodaTimePlugin,\
com.xpn.xwiki.plugin.scheduler.SchedulerPlugin,\
com.xpn.xwiki.plugin.mailsender.MailSenderPlugin,\
com.xpn.xwiki.plugin.watchlist.WatchListPlugin

 # This parameter allows XWiki to operate in Hosting mode allowing to create
 # multiple wikis having their own database and responding to different URLs
 xwiki.virtual=0

 xwiki.virtual.redirect=http://127.0.0.1:9080/xwiki/bin/Main/ThisWikiDoesNotExist

 # This parameter will activate the eXo Platform integration
 xwiki.exo=0

 xwiki.authentication=form
 xwiki.authentication.validationKey=totototototototototototototototo
 xwiki.authentication.encryptionKey=titititititititititititititititi
 xwiki.authentication.cookiedomains=xwiki.com,wiki.fr

 # This allows logout to happen for any page going through the /logout/
 action, regardless of the document or the servlet.
 # Comment-out if you want to enable logout only for
 /bin/logout/XWiki/XWikiLogout
 xwiki.authentication.logoutpage=(/[^/]+/|/)logout/*

 # Stats configuration allows to globally activate/deactivate stats module
 (launch storage thread, register events...)
 xwiki.stats=1
 # When statistics are globally enabled, storage can be enabled/disabled by
 wiki using the XWikiPreference property statistics.
 # Note: Statistics are disabled by default for improved performances/space.
 xwiki.stats.default=0
 # It is also possible to choose a different stats service to record
 statistics separately from XWiki.
 xwiki.stats.class=com.xpn.xwiki.stats.impl.XWikiStatsServiceImpl

 xwiki.encoding=ISO-8859-1

 xwiki.backlinks=1

 xwiki.tags=1

 # Use edit comments
 xwiki.editcomment=1

 # Hide editcomment field and only use Javascript
 xwiki.editcomment.hidden=0

 # Make edit comment mandatory
 xwiki.editcomment.mandatory=0

 # Make edit comment suggested (asks 1 time if the comment is empty.
 # 1 shows one popup if comment is empty.
 # 0 means there is no popup.
 # This setting is ignored if mandatory is set
 xwiki.editcomment.suggested=0

 # GraphViz plugin configuration. The GraphViz plugin is not configured by
 default.
 # To enable it, add com.xpn.xwiki.plugin.graphviz.GraphVizPlugin to the
 list of plugins
 # in the xwiki.plugins property.
 # Uncomment and set the locations of the Dot and Neato executables
 #xwiki.plugin.graphviz.dotpath=c:/Program Files/ATT/GraphViz/bin/dot.exe
 #xwiki.plugin.graphviz.neatopath=c:/Program Files/ATT/GraphViz/bin/neato.exe

 xwiki.plugin.laszlo.baseurl=/openlaszlo/xwiki/
 xwiki.plugin.laszlo.path=c:/Program Files/Apache Software Foundation/Tomcat
 5.0/webapps/openlaszlo/xwiki/

 xwiki.plugin.image.cache.capacity=30

 xwiki.plugin.captcha=0


 # Enable to allow superadmin. It is disabled by default as this could be a
 security breach if
 # it were set and you forgot about it.
 xwiki.superadminpassword=system

 #-
 # LDAP

Re: [xwiki-users] Xwiki LDAP Authentication doesn't work when you move a user to a different OU in Active Directory

2008-08-01 Thread Vincent Massol 

On Aug 1, 2008, at 6:17 PM, Thomas Mortagne wrote:

[snip]

 I found what is the problem: It's not your configuration, by default
 XWiki store the DN in the user's profile (with the ldap_dn=dn in
 xwiki.authentication.ldap.fields_mapping property) to speed up the DN
 search. The problem is that it will always use the first DN used for a
 user even the user moved in LDAP server.

 So what you can do to fix it:

 - for existing users in XWiki: edit the user's profile page using
 object editor and change the value of the property ldap_dn (LDAP DN).
 Set the new DN or just blank it to let XWiki update it.
 - if you plan to move LDAP users regularely: remove the ldap_dn=dn
 from xwiki.authentication.ldap.fields_mapping property to avoid LDAP
 user DN storage.

This looks like an important XWiki limitation isn't it?

I guess moving users in LDAP is a pretty common thing and we should  
probably not request admins to edit related XWiki users objects. That  
doesn't sound right.

WDYT?

Thanks
-Vincent
___
users mailing list
users@xwiki.org
http://lists.xwiki.org/mailman/listinfo/users

Re: [xwiki-users] Xwiki LDAP Authentication doesn't work when you move a user to a different OU in Active Directory

2008-08-01 Thread Thomas Mortagne 
On Fri, Aug 1, 2008 at 6:22 PM, Vincent Massol [EMAIL PROTECTED] wrote:

 On Aug 1, 2008, at 6:17 PM, Thomas Mortagne wrote:

 [snip]

 I found what is the problem: It's not your configuration, by default
 XWiki store the DN in the user's profile (with the ldap_dn=dn in
 xwiki.authentication.ldap.fields_mapping property) to speed up the DN
 search. The problem is that it will always use the first DN used for a
 user even the user moved in LDAP server.

 So what you can do to fix it:

 - for existing users in XWiki: edit the user's profile page using
 object editor and change the value of the property ldap_dn (LDAP DN).
 Set the new DN or just blank it to let XWiki update it.
 - if you plan to move LDAP users regularely: remove the ldap_dn=dn
 from xwiki.authentication.ldap.fields_mapping property to avoid LDAP
 user DN storage.

 This looks like an important XWiki limitation isn't it?

 I guess moving users in LDAP is a pretty common thing and we should
 probably not request admins to edit related XWiki users objects. That
 doesn't sound right.

It's not a limitation, just configuration. As I said, If you don't
have ldap_dn=dn in xwiki.authentication.ldap.fields_mapping the DN
is never stored so you don't have the problem. But maybe the default
value of wiki.authentication.ldap.fields_mapping has to be changed.


 WDYT?

 Thanks
 -Vincent
 ___
 users mailing list
 users@xwiki.org
 http://lists.xwiki.org/mailman/listinfo/users




-- 
Thomas Mortagne
___
users mailing list
users@xwiki.org
http://lists.xwiki.org/mailman/listinfo/users

Re: [xwiki-users] Xwiki LDAP Authentication doesn't work when you move a user to a different OU in Active Directory

2008-08-01 Thread Vincent Massol 

On Aug 1, 2008, at 7:46 PM, Thomas Mortagne wrote:

 On Fri, Aug 1, 2008 at 6:22 PM, Vincent Massol [EMAIL PROTECTED]  
 wrote:

 On Aug 1, 2008, at 6:17 PM, Thomas Mortagne wrote:

 [snip]

 I found what is the problem: It's not your configuration, by default
 XWiki store the DN in the user's profile (with the ldap_dn=dn in
 xwiki.authentication.ldap.fields_mapping property) to speed up the  
 DN
 search. The problem is that it will always use the first DN used  
 for a
 user even the user moved in LDAP server.

 So what you can do to fix it:

 - for existing users in XWiki: edit the user's profile page using
 object editor and change the value of the property ldap_dn (LDAP  
 DN).
 Set the new DN or just blank it to let XWiki update it.
 - if you plan to move LDAP users regularely: remove the ldap_dn=dn
 from xwiki.authentication.ldap.fields_mapping property to avoid LDAP
 user DN storage.

 This looks like an important XWiki limitation isn't it?

 I guess moving users in LDAP is a pretty common thing and we should
 probably not request admins to edit related XWiki users objects. That
 doesn't sound right.

 It's not a limitation, just configuration. As I said, If you don't
 have ldap_dn=dn in xwiki.authentication.ldap.fields_mapping the DN
 is never stored so you don't have the problem. But maybe the default
 value of wiki.authentication.ldap.fields_mapping has to be changed.

I understand but cannot we do better? It looks a bit like magic and  
the parameter name doesn't reflect the behavior and the dangerousness  
associated with it.

Also I don't see the use cases where this parameter could be used?  
(unless your LDAP is read only which is probably pretty rare).

Thanks
-Vincent
___
users mailing list
users@xwiki.org
http://lists.xwiki.org/mailman/listinfo/users