Re: [xwiki-users] XWiki Ldap authentication
No it's not expected. Maybe you unselected the admin UI page when asked by Extension Manager when you uninstalled it. On Tue, Sep 13, 2016 at 7:03 PM, Dibyendu Daswrote: > I was able to get the LDAP working using the GUI of ldap application > finally. However, if I uninstall both the LDAP Authenticator and the LDAP > Application extensions from the extensions manager, the LDAP application > still remains in the XWiki Administration page, and I am able to use the > GUI to set the values. Is this expected? > > Thanks > > On Sat, Sep 10, 2016 at 2:53 AM, Thomas Mortagne > wrote: > >> On Fri, Sep 9, 2016 at 10:22 PM, Dibyendu Das >> wrote: >> > Hi, >> > >> > I am trying to set up Ldap integration, and have installed both LDAP >> > Authenticator and LDAP Application. >> > I am using XWiki 8.2.1. >> > >> > In my xwiki.cfg file I have the following settings in the LDAP section: >> > >> > #-# LDAP authentication service >> > >> > xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP. >> XWikiLDAPAuthServiceImpl >> > xwiki.authentication.ldap=1 >> > xwiki.authentication.ldap.server=the.ldap.server >> > xwiki.authentication.ldap.port=389 >> > xwiki.authentication.ldap.bind_DN=cn={0},ou=something1, >> ou=something2,ou=something3,dc=something4,dc=something5, >> dc=something6,dc=something7 >> > xwiki.authentication.ldap.bind_pass={1} >> > xwiki.authentication.ldap.base_DN= >> > xwiki.authentication.ldap.fields_mapping=last_name=sn, >> first_name=givenName,email=mail >> > xwiki.authentication.ldap.update_user=1 >> > xwiki.authentication.ldap.trylocal=1 >> >> If you plan to setup LDAP using xwiki.cfg, you can get rid of the >> "LDAP Application" which only job is to help set fields in >> XWikiPreferences. If you remove the application empty all the fields >> you set with it since they overwrite xwiki.cfg. >> >> Also you are using core LDAP authentication configuration here so you >> don't need to install "LDAP Authenticator" extension. See >> http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication# >> HLDAPAuthentication. >> >> > >> > Rest of the lines are commented. Note that there's nothing in base_DN >> > field. I have provided the same values >> > in bin/admin/XWiki/XWikiPreferences?editor=globaladmin=LDAP& >> space=XWiki. >> >> > But the page shows ldap.missingLdapService at the top of the page. >> >> There seems to be an issue with the translation associated to key >> "ldap.missingLdapService" which should display: "LDAP service is not >> available. Please verify your installation." which mean the >> application cannot find the LDAP script service (used by the >> application to retrieve values from the LDAP server). It has nothing >> do to with whatever field you set and have nothing to do with the >> authentication itself, it just reduce a bit the features of the UI >> which become the static form you see. >> >> > >> > Any ideas why this is happening? >> > >> > Thanks >> > ___ >> > users mailing list >> > users@xwiki.org >> > http://lists.xwiki.org/mailman/listinfo/users >> >> >> >> -- >> Thomas Mortagne >> ___ >> users mailing list >> users@xwiki.org >> http://lists.xwiki.org/mailman/listinfo/users >> > ___ > users mailing list > users@xwiki.org > http://lists.xwiki.org/mailman/listinfo/users -- Thomas Mortagne ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] XWiki Ldap authentication
I was able to get the LDAP working using the GUI of ldap application finally. However, if I uninstall both the LDAP Authenticator and the LDAP Application extensions from the extensions manager, the LDAP application still remains in the XWiki Administration page, and I am able to use the GUI to set the values. Is this expected? Thanks On Sat, Sep 10, 2016 at 2:53 AM, Thomas Mortagnewrote: > On Fri, Sep 9, 2016 at 10:22 PM, Dibyendu Das > wrote: > > Hi, > > > > I am trying to set up Ldap integration, and have installed both LDAP > > Authenticator and LDAP Application. > > I am using XWiki 8.2.1. > > > > In my xwiki.cfg file I have the following settings in the LDAP section: > > > > #-# LDAP authentication service > > > > xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP. > XWikiLDAPAuthServiceImpl > > xwiki.authentication.ldap=1 > > xwiki.authentication.ldap.server=the.ldap.server > > xwiki.authentication.ldap.port=389 > > xwiki.authentication.ldap.bind_DN=cn={0},ou=something1, > ou=something2,ou=something3,dc=something4,dc=something5, > dc=something6,dc=something7 > > xwiki.authentication.ldap.bind_pass={1} > > xwiki.authentication.ldap.base_DN= > > xwiki.authentication.ldap.fields_mapping=last_name=sn, > first_name=givenName,email=mail > > xwiki.authentication.ldap.update_user=1 > > xwiki.authentication.ldap.trylocal=1 > > If you plan to setup LDAP using xwiki.cfg, you can get rid of the > "LDAP Application" which only job is to help set fields in > XWikiPreferences. If you remove the application empty all the fields > you set with it since they overwrite xwiki.cfg. > > Also you are using core LDAP authentication configuration here so you > don't need to install "LDAP Authenticator" extension. See > http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication# > HLDAPAuthentication. > > > > > Rest of the lines are commented. Note that there's nothing in base_DN > > field. I have provided the same values > > in bin/admin/XWiki/XWikiPreferences?editor=globaladmin=LDAP& > space=XWiki. > > > But the page shows ldap.missingLdapService at the top of the page. > > There seems to be an issue with the translation associated to key > "ldap.missingLdapService" which should display: "LDAP service is not > available. Please verify your installation." which mean the > application cannot find the LDAP script service (used by the > application to retrieve values from the LDAP server). It has nothing > do to with whatever field you set and have nothing to do with the > authentication itself, it just reduce a bit the features of the UI > which become the static form you see. > > > > > Any ideas why this is happening? > > > > Thanks > > ___ > > users mailing list > > users@xwiki.org > > http://lists.xwiki.org/mailman/listinfo/users > > > > -- > Thomas Mortagne > ___ > users mailing list > users@xwiki.org > http://lists.xwiki.org/mailman/listinfo/users > ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] XWiki Ldap authentication
On Fri, Sep 9, 2016 at 10:22 PM, Dibyendu Daswrote: > Hi, > > I am trying to set up Ldap integration, and have installed both LDAP > Authenticator and LDAP Application. > I am using XWiki 8.2.1. > > In my xwiki.cfg file I have the following settings in the LDAP section: > > #-# LDAP authentication service > > xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl > xwiki.authentication.ldap=1 > xwiki.authentication.ldap.server=the.ldap.server > xwiki.authentication.ldap.port=389 > xwiki.authentication.ldap.bind_DN=cn={0},ou=something1,ou=something2,ou=something3,dc=something4,dc=something5,dc=something6,dc=something7 > xwiki.authentication.ldap.bind_pass={1} > xwiki.authentication.ldap.base_DN= > xwiki.authentication.ldap.fields_mapping=last_name=sn,first_name=givenName,email=mail > xwiki.authentication.ldap.update_user=1 > xwiki.authentication.ldap.trylocal=1 If you plan to setup LDAP using xwiki.cfg, you can get rid of the "LDAP Application" which only job is to help set fields in XWikiPreferences. If you remove the application empty all the fields you set with it since they overwrite xwiki.cfg. Also you are using core LDAP authentication configuration here so you don't need to install "LDAP Authenticator" extension. See http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication#HLDAPAuthentication. > > Rest of the lines are commented. Note that there's nothing in base_DN > field. I have provided the same values > in > bin/admin/XWiki/XWikiPreferences?editor=globaladmin=LDAP=XWiki. > But the page shows ldap.missingLdapService at the top of the page. There seems to be an issue with the translation associated to key "ldap.missingLdapService" which should display: "LDAP service is not available. Please verify your installation." which mean the application cannot find the LDAP script service (used by the application to retrieve values from the LDAP server). It has nothing do to with whatever field you set and have nothing to do with the authentication itself, it just reduce a bit the features of the UI which become the static form you see. > > Any ideas why this is happening? > > Thanks > ___ > users mailing list > users@xwiki.org > http://lists.xwiki.org/mailman/listinfo/users -- Thomas Mortagne ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
[xwiki-users] XWiki Ldap authentication
Hi, I am trying to set up Ldap integration, and have installed both LDAP Authenticator and LDAP Application. I am using XWiki 8.2.1. In my xwiki.cfg file I have the following settings in the LDAP section: #-# LDAP authentication service xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl xwiki.authentication.ldap=1 xwiki.authentication.ldap.server=the.ldap.server xwiki.authentication.ldap.port=389 xwiki.authentication.ldap.bind_DN=cn={0},ou=something1,ou=something2,ou=something3,dc=something4,dc=something5,dc=something6,dc=something7 xwiki.authentication.ldap.bind_pass={1} xwiki.authentication.ldap.base_DN= xwiki.authentication.ldap.fields_mapping=last_name=sn,first_name=givenName,email=mail xwiki.authentication.ldap.update_user=1 xwiki.authentication.ldap.trylocal=1 Rest of the lines are commented. Note that there's nothing in base_DN field. I have provided the same values in bin/admin/XWiki/XWikiPreferences?editor=globaladmin=LDAP=XWiki. But the page shows ldap.missingLdapService at the top of the page. Any ideas why this is happening? Thanks ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] Xwiki LDAP Authentication doesn't work when you move a user to a different OU in Active Directory
Hi again, My version is XWiki Enterprise 1.5.11446. I have tested the cleaning of the ldap_dn value in order to allow a login in a different OU of my Active Directory and no bug for me... -- View this message in context: http://n2.nabble.com/Xwiki-LDAP-Authentication-doesn%27t-work-when-you-move-a-user-to-a-different-OU-in-Active-Directory-tp663821p677732.html Sent from the XWiki- Users mailing list archive at Nabble.com. ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] Xwiki LDAP Authentication doesn't work when you move a user to a different OU in Active Directory
On Wed, Aug 6, 2008 at 11:03 AM, lukweb [EMAIL PROTECTED] wrote: Hi Thomas, Forget my last message, i made several tests and as far as i know, xwiki ldap auth can't do group mapping and allow logons from differents OU in Active Directory at the same time... So for now, i choosed to keep group mapping on and if i want to move a user to a different OU, i will modify its ldap_dn value in its xwiki profile (it's working). Thanks for your help and maybe if you've got a solution/evolution to that, please tell me. First I will fix the potential problem with ldab_dn emptied by hand, maybe it's not just by hand... What XWiki version do you use ? (you surely already said that but I can't find it in this long conversation ;)) Have a nice day. -- View this message in context: http://n2.nabble.com/Xwiki-LDAP-Authentication-doesn%27t-work-when-you-move-a-user-to-a-different-OU-in-Active-Directory-tp663821p675429.html Sent from the XWiki- Users mailing list archive at Nabble.com. ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users -- Thomas Mortagne ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] Xwiki LDAP Authentication doesn't work when you move a user to a different OU in Active Directory
Hi Thomas, By activating the parameter xwiki.authentication.ldap.group_memberfields=member,uniqueMember Now the error login is logged in the xwiki.cfg It failed with the error : 2008-08-05 09:57:44,496 [http://srv-web:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] [P1-19] ERROR ldap.XWikiLDAPUtils - Could not find attribute sAMAccountName for LDAP dn CN=Administrateurs Wiki,CN=Users,DC=zl,DC=masociete,DC=com 2008-08-05 09:57:44,669 [http://srv-web:8080/xwiki/bin/view/Main/?srid=JYeDhARA] [P1-19] ERROR ldap.XWikiLDAPUtils - Could not find attribute sAMAccountName for LDAP dn CN=Administrateurs Wiki,CN=Users,DC=zl,DC=masociete,DC=com -- View this message in context: http://n2.nabble.com/Xwiki-LDAP-Authentication-doesn%27t-work-when-you-move-a-user-to-a-different-OU-in-Active-Directory-tp663821p670150.html Sent from the XWiki- Users mailing list archive at Nabble.com. ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] Xwiki LDAP Authentication doesn't work when you move a user to a different OU in Active Directory
I already tried to restart but it's the same thing. The parameter groupcache was commented so now it's on : xwiki.authentication.ldap.groupcache_expiration=21800 I have restarted but no mapping is done. -- View this message in context: http://n2.nabble.com/Xwiki-LDAP-Authentication-doesn%27t-work-when-you-move-a-user-to-a-different-OU-in-Active-Directory-tp663821p668076.html Sent from the XWiki- Users mailing list archive at Nabble.com. ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] Xwiki LDAP Authentication doesn't work when you move a user to a different OU in Active Directory
On Mon, Aug 4, 2008 at 11:05 AM, lukweb [EMAIL PROTECTED] wrote: I already tried to restart but it's the same thing. The parameter groupcache was commented so now it's on : xwiki.authentication.ldap.groupcache_expiration=21800 I have restarted but no mapping is done. If it does not work after restarting XWiki then it's not cache. But I don't see what can be the problem here. Does it work if you set the new user LDAP DN in its profile ? Could you enable debug log (see http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Logging) and copy/paste what you have in the log when authenticating ? -- View this message in context: http://n2.nabble.com/Xwiki-LDAP-Authentication-doesn%27t-work-when-you-move-a-user-to-a-different-OU-in-Active-Directory-tp663821p668076.html Sent from the XWiki- Users mailing list archive at Nabble.com. ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users -- Thomas Mortagne ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] Xwiki LDAP Authentication doesn't work when you move a user to a different OU in Active Directory
On Mon, Aug 4, 2008 at 10:25 AM, lukweb [EMAIL PROTECTED] wrote: Hi Thomas, Ok it's working, when i move the user in a different OU, the login is ok BUT ...The groups mapping doesn't work anymore I tested it with another new user and it's not good, no more group mapping between the LDAP and Xwiki. There is a cache for the LDAP group. You can change it using property xwiki.authentication.ldap.groupcache_expiration (the value is in sec) or simply restart (the cache is reinitialized when XWiki starts). Any idea ? -- View this message in context: http://n2.nabble.com/Xwiki-LDAP-Authentication-doesn%27t-work-when-you-move-a-user-to-a-different-OU-in-Active-Directory-tp663821p668021.html Sent from the XWiki- Users mailing list archive at Nabble.com. ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users -- Thomas Mortagne ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] Xwiki LDAP Authentication doesn't work when you move a user to a different OU in Active Directory
On Fri, Aug 1, 2008 at 7:54 PM, Vincent Massol [EMAIL PROTECTED] wrote: On Aug 1, 2008, at 7:46 PM, Thomas Mortagne wrote: On Fri, Aug 1, 2008 at 6:22 PM, Vincent Massol [EMAIL PROTECTED] wrote: On Aug 1, 2008, at 6:17 PM, Thomas Mortagne wrote: [snip] I found what is the problem: It's not your configuration, by default XWiki store the DN in the user's profile (with the ldap_dn=dn in xwiki.authentication.ldap.fields_mapping property) to speed up the DN search. The problem is that it will always use the first DN used for a user even the user moved in LDAP server. So what you can do to fix it: - for existing users in XWiki: edit the user's profile page using object editor and change the value of the property ldap_dn (LDAP DN). Set the new DN or just blank it to let XWiki update it. - if you plan to move LDAP users regularely: remove the ldap_dn=dn from xwiki.authentication.ldap.fields_mapping property to avoid LDAP user DN storage. This looks like an important XWiki limitation isn't it? I guess moving users in LDAP is a pretty common thing and we should probably not request admins to edit related XWiki users objects. That doesn't sound right. It's not a limitation, just configuration. As I said, If you don't have ldap_dn=dn in xwiki.authentication.ldap.fields_mapping the DN is never stored so you don't have the problem. But maybe the default value of wiki.authentication.ldap.fields_mapping has to be changed. I understand but cannot we do better? It looks a bit like magic and the parameter name doesn't reflect the behavior and the dangerousness associated with it. This work like that since the first old LDAP authenticator and it's the first time someone report that it's an issue AFAIK... Anyway maybe a new parameter userDN_constant=true/false or something like that would be better. Or we completely remove this way to get the DN. Also I don't see the use cases where this parameter could be used? (unless your LDAP is read only which is probably pretty rare). You are maybe right, I really don't know as I pretty much never used LDAP for personal needs. Thanks -Vincent ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users -- Thomas Mortagne ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] Xwiki LDAP Authentication doesn't work when you move a user to a different OU in Active Directory
On Fri, Aug 1, 2008 at 10:42 PM, lukweb [EMAIL PROTECTED] wrote: GREAT !!! I can't test it now because i'm not at work but i'm sure you're right about the ldap_dn because i was testing the first login of a new user anywhere in the Active Directory and it works until i move it into another OU... I will test it on next Monday and i'll give you a feedback about it. Hmm, I looked into the code and it's possible that there is a bug with LDAP DN field of user profile that someone removed by hand (but there should not be any problem with user profile that never has LDAP DN inserted). Let me know if you have problem and I will look more into it. Thanks for your quick answers. P.S. : I love Xwiki but i'm sure it can be a more popular wiki if it was more documented... The standalone package (multiplatformed) is amazing. The good point is this great forum with you the great experts, thanks buddies !!! -- View this message in context: http://n2.nabble.com/Xwiki-LDAP-Authentication-doesn%27t-work-when-you-move-a-user-to-a-different-OU-in-Active-Directory-tp663821p665028.html Sent from the XWiki- Users mailing list archive at Nabble.com. ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users -- Thomas Mortagne ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
[xwiki-users] Xwiki LDAP Authentication doesn't work when you move a user to a different OU in Active Directory
Hello all, I'm working with the last version of XE and i get the LDAP authentication on my Active Directory Domain. My problem is when i move a user to a different OU in the Active Directory, the user can't login in Xwiki anymore...(Error : Wrong password). Is there a way to configure the xwiki.cfg in order the authentication could browse the all Active Directory to find the user and allow him to login ? Thanks in advance. -- View this message in context: http://n2.nabble.com/Xwiki-LDAP-Authentication-doesn%27t-work-when-you-move-a-user-to-a-different-OU-in-Active-Directory-tp663821p663821.html Sent from the XWiki- Users mailing list archive at Nabble.com. ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] Xwiki LDAP Authentication doesn't work when you move a user to a different OU in Active Directory
On Fri, Aug 1, 2008 at 11:01 AM, Thomas Mortagne [EMAIL PROTECTED] wrote: On Fri, Aug 1, 2008 at 9:14 AM, lukweb [EMAIL PROTECTED] wrote: Hello all, I'm working with the last version of XE and i get the LDAP authentication on my Active Directory Domain. My problem is when i move a user to a different OU in the Active Directory, the user can't login in Xwiki anymore...(Error : Wrong password). Is there a way to configure the xwiki.cfg in order the authentication could browse the all Active Directory to find the user and allow him to login ? Yes LDAP authentication already do this automatically but you have to change xwiki.authentication.ldap.bind_DN and xwiki.authentication.ldap.bind_pass values to set an existing user that can read the whole LDAP (like ) instead of a pattern (like a administrator user) Thanks in advance. -- View this message in context: http://n2.nabble.com/Xwiki-LDAP-Authentication-doesn%27t-work-when-you-move-a-user-to-a-different-OU-in-Active-Directory-tp663821p663821.html Sent from the XWiki- Users mailing list archive at Nabble.com. ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users -- Thomas Mortagne -- Thomas Mortagne ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] Xwiki LDAP Authentication doesn't work when you move a user to a different OU in Active Directory
OK Great, Can you just give me an example of these config parameters ? Thanks in advance. Je continue à écrire en anglais mais je devine vu ton nom que tu parles bien la France ;-)) Ce sera pour rendre service à un maximum de gens qui rencontreront le même problème... -- View this message in context: http://n2.nabble.com/Xwiki-LDAP-Authentication-doesn%27t-work-when-you-move-a-user-to-a-different-OU-in-Active-Directory-tp663821p663993.html Sent from the XWiki- Users mailing list archive at Nabble.com. ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] Xwiki LDAP Authentication doesn't work when you move a user to a different OU in Active Directory
Ok i tried to put this config in my xwiki.cfg but it doesn't work anymore when i move the user in another OU in the Active Directory : xwiki.authentication.ldap.base_DN=DC=agence,DC=masociete,DC=com xwiki.authentication.ldap.bind_DN=MASOCIETE\\wikildapuser xwiki.authentication.ldap.bind_pass=password xwiki.authentication.ldap.UID_attr=sAMAccountName xwiki.authentication.ldap.fields_mapping=name=sAMAccountName,last_name=sn,first_name=givenName,fullname=displayName,mail=mail,ldap_dn=dn Any idea ? -- View this message in context: http://n2.nabble.com/Xwiki-LDAP-Authentication-doesn%27t-work-when-you-move-a-user-to-a-different-OU-in-Active-Directory-tp663821p664210.html Sent from the XWiki- Users mailing list archive at Nabble.com. ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] Xwiki LDAP Authentication doesn't work when you move a user to a different OU in Active Directory
2008/8/1 lukweb [EMAIL PROTECTED]: OK Great, Can you just give me an example of these config parameters ? For example if you have in your LDAP a admin user with DN cn=Administrator,dc=mydomain,dc=org and password pass simply set: xwiki.authentication.ldap.bind_DN=cn=Administrator,dc=mydomain,dc=org xwiki.authentication.ldap.bind_pass=pass LDAP authentication will use it to connect to LDAP server then it will search provided login trying to match with field sAMAccountName (if you configured xwiki.authentication.ldap.UID_attr=sAMAccountName ) value. Then it try to execute a bind with the found user and provided password to validate it. Thanks in advance. Je continue à écrire en anglais mais je devine vu ton nom que tu parles bien la France ;-)) Ce sera pour rendre service à un maximum de gens qui rencontreront le même problème... -- View this message in context: http://n2.nabble.com/Xwiki-LDAP-Authentication-doesn%27t-work-when-you-move-a-user-to-a-different-OU-in-Active-Directory-tp663821p663993.html Sent from the XWiki- Users mailing list archive at Nabble.com. ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users -- Thomas Mortagne ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] Xwiki LDAP Authentication doesn't work when you move a user to a different OU in Active Directory
I just added the use case in http://platform.xwiki.org/xwiki/bin/view/AdminGuide/LDAPAuthenticationUseCases, could you complete it if needed when you will be able to find the configuration that works for you ? On Fri, Aug 1, 2008 at 2:37 PM, Thomas Mortagne [EMAIL PROTECTED] wrote: 2008/8/1 lukweb [EMAIL PROTECTED]: OK Great, Can you just give me an example of these config parameters ? For example if you have in your LDAP a admin user with DN cn=Administrator,dc=mydomain,dc=org and password pass simply set: xwiki.authentication.ldap.bind_DN=cn=Administrator,dc=mydomain,dc=org xwiki.authentication.ldap.bind_pass=pass LDAP authentication will use it to connect to LDAP server then it will search provided login trying to match with field sAMAccountName (if you configured xwiki.authentication.ldap.UID_attr=sAMAccountName ) value. Then it try to execute a bind with the found user and provided password to validate it. Thanks in advance. Je continue à écrire en anglais mais je devine vu ton nom que tu parles bien la France ;-)) Ce sera pour rendre service à un maximum de gens qui rencontreront le même problème... -- View this message in context: http://n2.nabble.com/Xwiki-LDAP-Authentication-doesn%27t-work-when-you-move-a-user-to-a-different-OU-in-Active-Directory-tp663821p663993.html Sent from the XWiki- Users mailing list archive at Nabble.com. ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users -- Thomas Mortagne -- Thomas Mortagne ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] Xwiki LDAP Authentication doesn't work when you move a user to a different OU in Active Directory
Here is the results : When i activate this config parameter xwiki.authentication.ldap.password_field=userPassword, i can connect with an account that i moved in another OU. But when i move again this account, i can't connect from another different OU : Wrong password... -- View this message in context: http://n2.nabble.com/Xwiki-LDAP-Authentication-doesn%27t-work-when-you-move-a-user-to-a-different-OU-in-Active-Directory-tp663821p664258.html Sent from the XWiki- Users mailing list archive at Nabble.com. ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] Xwiki LDAP Authentication doesn't work when you move a user to a different OU in Active Directory
On Fri, Aug 1, 2008 at 3:05 PM, lukweb [EMAIL PROTECTED] wrote: Here is the results : When i activate this config parameter xwiki.authentication.ldap.password_field=userPassword, i can connect with an Why do you configure xwiki.authentication.ldap.password_field=userPassword ? it should not be needed if you have validate_password=0 Can you copy past your entire auth configuration ? account that i moved in another OU. But when i move again this account, i can't connect from another different OU : Wrong password... -- View this message in context: http://n2.nabble.com/Xwiki-LDAP-Authentication-doesn%27t-work-when-you-move-a-user-to-a-different-OU-in-Active-Directory-tp663821p664258.html Sent from the XWiki- Users mailing list archive at Nabble.com. ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users -- Thomas Mortagne ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] Xwiki LDAP Authentication doesn't work when you move a user to a different OU in Active Directory
Here is my xwiki.cfg : xwiki.base=../../ xwiki.store.class=com.xpn.xwiki.store.XWikiHibernateStore xwiki.store.hibernate.path=/WEB-INF/hibernate.cfg.xml xwiki.store.hibernate.updateschema=1 xwiki.store.hibernate.custommapping=1 xwiki.store.cache=1 xwiki.store.cache.capacity=100 xwiki.store.migration=1 xwiki.monitor=1 # List of active plugins. xwiki.plugins=\ com.xpn.xwiki.monitor.api.MonitorPlugin,\ com.xpn.xwiki.plugin.calendar.CalendarPlugin,\ com.xpn.xwiki.plugin.skinx.JsSkinExtensionPlugin,\ com.xpn.xwiki.plugin.skinx.CssSkinExtensionPlugin,\ com.xpn.xwiki.plugin.feed.FeedPlugin,\ com.xpn.xwiki.plugin.ldap.LDAPPlugin,\ com.xpn.xwiki.plugin.google.GooglePlugin,\ com.xpn.xwiki.plugin.flickr.FlickrPlugin,\ com.xpn.xwiki.plugin.mail.MailPlugin,\ com.xpn.xwiki.plugin.packaging.PackagePlugin,\ com.xpn.xwiki.plugin.query.QueryPlugin,\ com.xpn.xwiki.plugin.svg.SVGPlugin,\ com.xpn.xwiki.plugin.charts.ChartingPlugin,\ com.xpn.xwiki.plugin.fileupload.FileUploadPlugin,\ com.xpn.xwiki.plugin.image.ImagePlugin,\ com.xpn.xwiki.plugin.captcha.CaptchaPlugin,\ com.xpn.xwiki.plugin.userdirectory.UserDirectoryPlugin,\ com.xpn.xwiki.plugin.usertools.XWikiUserManagementToolsImpl,\ com.xpn.xwiki.plugin.zipexplorer.ZipExplorerPlugin,\ com.xpn.xwiki.plugin.autotag.AutoTagPlugin,\ com.xpn.xwiki.plugin.lucene.LucenePlugin,\ com.xpn.xwiki.plugin.diff.DiffPlugin,\ com.xpn.xwiki.plugin.rightsmanager.RightsManagerPlugin,\ com.xpn.xwiki.plugin.jodatime.JodaTimePlugin,\ com.xpn.xwiki.plugin.scheduler.SchedulerPlugin,\ com.xpn.xwiki.plugin.mailsender.MailSenderPlugin,\ com.xpn.xwiki.plugin.watchlist.WatchListPlugin # This parameter allows XWiki to operate in Hosting mode allowing to create # multiple wikis having their own database and responding to different URLs xwiki.virtual=0 xwiki.virtual.redirect=http://127.0.0.1:9080/xwiki/bin/Main/ThisWikiDoesNotExist # This parameter will activate the eXo Platform integration xwiki.exo=0 xwiki.authentication=form xwiki.authentication.validationKey=totototototototototototototototo xwiki.authentication.encryptionKey=titititititititititititititititi xwiki.authentication.cookiedomains=xwiki.com,wiki.fr # This allows logout to happen for any page going through the /logout/ action, regardless of the document or the servlet. # Comment-out if you want to enable logout only for /bin/logout/XWiki/XWikiLogout xwiki.authentication.logoutpage=(/[^/]+/|/)logout/* # Stats configuration allows to globally activate/deactivate stats module (launch storage thread, register events...) xwiki.stats=1 # When statistics are globally enabled, storage can be enabled/disabled by wiki using the XWikiPreference property statistics. # Note: Statistics are disabled by default for improved performances/space. xwiki.stats.default=0 # It is also possible to choose a different stats service to record statistics separately from XWiki. xwiki.stats.class=com.xpn.xwiki.stats.impl.XWikiStatsServiceImpl xwiki.encoding=ISO-8859-1 xwiki.backlinks=1 xwiki.tags=1 # Use edit comments xwiki.editcomment=1 # Hide editcomment field and only use Javascript xwiki.editcomment.hidden=0 # Make edit comment mandatory xwiki.editcomment.mandatory=0 # Make edit comment suggested (asks 1 time if the comment is empty. # 1 shows one popup if comment is empty. # 0 means there is no popup. # This setting is ignored if mandatory is set xwiki.editcomment.suggested=0 # GraphViz plugin configuration. The GraphViz plugin is not configured by default. # To enable it, add com.xpn.xwiki.plugin.graphviz.GraphVizPlugin to the list of plugins # in the xwiki.plugins property. # Uncomment and set the locations of the Dot and Neato executables #xwiki.plugin.graphviz.dotpath=c:/Program Files/ATT/GraphViz/bin/dot.exe #xwiki.plugin.graphviz.neatopath=c:/Program Files/ATT/GraphViz/bin/neato.exe xwiki.plugin.laszlo.baseurl=/openlaszlo/xwiki/ xwiki.plugin.laszlo.path=c:/Program Files/Apache Software Foundation/Tomcat 5.0/webapps/openlaszlo/xwiki/ xwiki.plugin.image.cache.capacity=30 xwiki.plugin.captcha=0 # Enable to allow superadmin. It is disabled by default as this could be a security breach if # it were set and you forgot about it. xwiki.superadminpassword=system #- # LDAP #- #-# new LDAP authentication service
Re: [xwiki-users] Xwiki LDAP Authentication doesn't work when you move a user to a different OU in Active Directory
On Fri, Aug 1, 2008 at 5:10 PM, lukweb [EMAIL PROTECTED] wrote: Here is my xwiki.cfg : xwiki.base=../../ xwiki.store.class=com.xpn.xwiki.store.XWikiHibernateStore xwiki.store.hibernate.path=/WEB-INF/hibernate.cfg.xml xwiki.store.hibernate.updateschema=1 xwiki.store.hibernate.custommapping=1 xwiki.store.cache=1 xwiki.store.cache.capacity=100 xwiki.store.migration=1 xwiki.monitor=1 # List of active plugins. xwiki.plugins=\ com.xpn.xwiki.monitor.api.MonitorPlugin,\ com.xpn.xwiki.plugin.calendar.CalendarPlugin,\ com.xpn.xwiki.plugin.skinx.JsSkinExtensionPlugin,\ com.xpn.xwiki.plugin.skinx.CssSkinExtensionPlugin,\ com.xpn.xwiki.plugin.feed.FeedPlugin,\ com.xpn.xwiki.plugin.ldap.LDAPPlugin,\ com.xpn.xwiki.plugin.google.GooglePlugin,\ com.xpn.xwiki.plugin.flickr.FlickrPlugin,\ com.xpn.xwiki.plugin.mail.MailPlugin,\ com.xpn.xwiki.plugin.packaging.PackagePlugin,\ com.xpn.xwiki.plugin.query.QueryPlugin,\ com.xpn.xwiki.plugin.svg.SVGPlugin,\ com.xpn.xwiki.plugin.charts.ChartingPlugin,\ com.xpn.xwiki.plugin.fileupload.FileUploadPlugin,\ com.xpn.xwiki.plugin.image.ImagePlugin,\ com.xpn.xwiki.plugin.captcha.CaptchaPlugin,\ com.xpn.xwiki.plugin.userdirectory.UserDirectoryPlugin,\ com.xpn.xwiki.plugin.usertools.XWikiUserManagementToolsImpl,\ com.xpn.xwiki.plugin.zipexplorer.ZipExplorerPlugin,\ com.xpn.xwiki.plugin.autotag.AutoTagPlugin,\ com.xpn.xwiki.plugin.lucene.LucenePlugin,\ com.xpn.xwiki.plugin.diff.DiffPlugin,\ com.xpn.xwiki.plugin.rightsmanager.RightsManagerPlugin,\ com.xpn.xwiki.plugin.jodatime.JodaTimePlugin,\ com.xpn.xwiki.plugin.scheduler.SchedulerPlugin,\ com.xpn.xwiki.plugin.mailsender.MailSenderPlugin,\ com.xpn.xwiki.plugin.watchlist.WatchListPlugin # This parameter allows XWiki to operate in Hosting mode allowing to create # multiple wikis having their own database and responding to different URLs xwiki.virtual=0 xwiki.virtual.redirect=http://127.0.0.1:9080/xwiki/bin/Main/ThisWikiDoesNotExist # This parameter will activate the eXo Platform integration xwiki.exo=0 xwiki.authentication=form xwiki.authentication.validationKey=totototototototototototototototo xwiki.authentication.encryptionKey=titititititititititititititititi xwiki.authentication.cookiedomains=xwiki.com,wiki.fr # This allows logout to happen for any page going through the /logout/ action, regardless of the document or the servlet. # Comment-out if you want to enable logout only for /bin/logout/XWiki/XWikiLogout xwiki.authentication.logoutpage=(/[^/]+/|/)logout/* # Stats configuration allows to globally activate/deactivate stats module (launch storage thread, register events...) xwiki.stats=1 # When statistics are globally enabled, storage can be enabled/disabled by wiki using the XWikiPreference property statistics. # Note: Statistics are disabled by default for improved performances/space. xwiki.stats.default=0 # It is also possible to choose a different stats service to record statistics separately from XWiki. xwiki.stats.class=com.xpn.xwiki.stats.impl.XWikiStatsServiceImpl xwiki.encoding=ISO-8859-1 xwiki.backlinks=1 xwiki.tags=1 # Use edit comments xwiki.editcomment=1 # Hide editcomment field and only use Javascript xwiki.editcomment.hidden=0 # Make edit comment mandatory xwiki.editcomment.mandatory=0 # Make edit comment suggested (asks 1 time if the comment is empty. # 1 shows one popup if comment is empty. # 0 means there is no popup. # This setting is ignored if mandatory is set xwiki.editcomment.suggested=0 # GraphViz plugin configuration. The GraphViz plugin is not configured by default. # To enable it, add com.xpn.xwiki.plugin.graphviz.GraphVizPlugin to the list of plugins # in the xwiki.plugins property. # Uncomment and set the locations of the Dot and Neato executables #xwiki.plugin.graphviz.dotpath=c:/Program Files/ATT/GraphViz/bin/dot.exe #xwiki.plugin.graphviz.neatopath=c:/Program Files/ATT/GraphViz/bin/neato.exe xwiki.plugin.laszlo.baseurl=/openlaszlo/xwiki/ xwiki.plugin.laszlo.path=c:/Program Files/Apache Software Foundation/Tomcat 5.0/webapps/openlaszlo/xwiki/ xwiki.plugin.image.cache.capacity=30 xwiki.plugin.captcha=0 # Enable to allow superadmin. It is disabled by default as this could be a security breach if # it were set and you forgot about it. xwiki.superadminpassword=system #- # LDAP
Re: [xwiki-users] Xwiki LDAP Authentication doesn't work when you move a user to a different OU in Active Directory
On Aug 1, 2008, at 6:17 PM, Thomas Mortagne wrote: [snip] I found what is the problem: It's not your configuration, by default XWiki store the DN in the user's profile (with the ldap_dn=dn in xwiki.authentication.ldap.fields_mapping property) to speed up the DN search. The problem is that it will always use the first DN used for a user even the user moved in LDAP server. So what you can do to fix it: - for existing users in XWiki: edit the user's profile page using object editor and change the value of the property ldap_dn (LDAP DN). Set the new DN or just blank it to let XWiki update it. - if you plan to move LDAP users regularely: remove the ldap_dn=dn from xwiki.authentication.ldap.fields_mapping property to avoid LDAP user DN storage. This looks like an important XWiki limitation isn't it? I guess moving users in LDAP is a pretty common thing and we should probably not request admins to edit related XWiki users objects. That doesn't sound right. WDYT? Thanks -Vincent ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] Xwiki LDAP Authentication doesn't work when you move a user to a different OU in Active Directory
On Fri, Aug 1, 2008 at 6:22 PM, Vincent Massol [EMAIL PROTECTED] wrote: On Aug 1, 2008, at 6:17 PM, Thomas Mortagne wrote: [snip] I found what is the problem: It's not your configuration, by default XWiki store the DN in the user's profile (with the ldap_dn=dn in xwiki.authentication.ldap.fields_mapping property) to speed up the DN search. The problem is that it will always use the first DN used for a user even the user moved in LDAP server. So what you can do to fix it: - for existing users in XWiki: edit the user's profile page using object editor and change the value of the property ldap_dn (LDAP DN). Set the new DN or just blank it to let XWiki update it. - if you plan to move LDAP users regularely: remove the ldap_dn=dn from xwiki.authentication.ldap.fields_mapping property to avoid LDAP user DN storage. This looks like an important XWiki limitation isn't it? I guess moving users in LDAP is a pretty common thing and we should probably not request admins to edit related XWiki users objects. That doesn't sound right. It's not a limitation, just configuration. As I said, If you don't have ldap_dn=dn in xwiki.authentication.ldap.fields_mapping the DN is never stored so you don't have the problem. But maybe the default value of wiki.authentication.ldap.fields_mapping has to be changed. WDYT? Thanks -Vincent ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users -- Thomas Mortagne ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] Xwiki LDAP Authentication doesn't work when you move a user to a different OU in Active Directory
On Aug 1, 2008, at 7:46 PM, Thomas Mortagne wrote: On Fri, Aug 1, 2008 at 6:22 PM, Vincent Massol [EMAIL PROTECTED] wrote: On Aug 1, 2008, at 6:17 PM, Thomas Mortagne wrote: [snip] I found what is the problem: It's not your configuration, by default XWiki store the DN in the user's profile (with the ldap_dn=dn in xwiki.authentication.ldap.fields_mapping property) to speed up the DN search. The problem is that it will always use the first DN used for a user even the user moved in LDAP server. So what you can do to fix it: - for existing users in XWiki: edit the user's profile page using object editor and change the value of the property ldap_dn (LDAP DN). Set the new DN or just blank it to let XWiki update it. - if you plan to move LDAP users regularely: remove the ldap_dn=dn from xwiki.authentication.ldap.fields_mapping property to avoid LDAP user DN storage. This looks like an important XWiki limitation isn't it? I guess moving users in LDAP is a pretty common thing and we should probably not request admins to edit related XWiki users objects. That doesn't sound right. It's not a limitation, just configuration. As I said, If you don't have ldap_dn=dn in xwiki.authentication.ldap.fields_mapping the DN is never stored so you don't have the problem. But maybe the default value of wiki.authentication.ldap.fields_mapping has to be changed. I understand but cannot we do better? It looks a bit like magic and the parameter name doesn't reflect the behavior and the dangerousness associated with it. Also I don't see the use cases where this parameter could be used? (unless your LDAP is read only which is probably pretty rare). Thanks -Vincent ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users