Re: [xwiki-users] Help with LDAP

2013-01-30 Thread Thomas Mortagne
All I can say is that XWiki is able to access server ldap.nov.com with
port 389 and then try to authenticate with user DN
cn=papeb,dc=nov,dc=com and whatever password you typed on the login
page but fail.

The possible causes I can think of:
* there is no user with DN cn=papeb,dc=nov,dc=com on LDAP server
ldap.nov.com. You can check with one of the clients listed on
http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication.
* you type the wrong password


On Wed, Jan 30, 2013 at 5:47 PM, Pape, Barry barry.p...@nov.com wrote:
 Greetings Xwiki Gurus,

 I've been trying to get our installation authenticating with LDAP and am 
 having no luck.  We are running XWiki 4.3 in Tomcat 7.0.34 on Windows Server 
 2008 R2 Standard.  I have installed the LDAP Application Extension and tried 
 configuring it both through the web interface and xwiki.config with no 
 success.  Every time I attempt to login I receive an Invalid Credentials 
 error (stack trace below,) and the LDAP section from xwiki.config file is 
 below that.  I've tried a number of different values for the server, bind DN, 
 and the base DN, but nothing works.  Any suggestions are greatly appreciated? 
  Is there any additional logging that I can add for more information?

 Thanks,
 Barry




 2013-01-30 10:12:55,825 
 [http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X
 Wiki/XWikiLogin] TRACE u.i.L.XWikiLDAPAuthServiceImpl - Starting LDAP 
 authentica
 tion
 2013-01-30 10:12:55,825 
 [http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X
 Wiki/XWikiLogin] DEBUG u.i.L.XWikiLDAPAuthServiceImpl - The provided user is 
 nul
 l. We don't try to authenticate, it probably means the user is in non logged 
 mod
 e.
 2013-01-30 10:12:55,825 
 [http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X
 Wiki/XWikiLogin] TRACE u.i.L.XWikiLDAPAuthServiceImpl - Starting LDAP 
 authentica
 tion
 2013-01-30 10:12:55,840 
 [http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X
 Wiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConfig  - ldap_group_classes: 
 [gro
 upofnames, groupwisedistributionlist, dynamicgroup, dynamicgroupaux, 
 groupofuniq
 uenames, group]
 2013-01-30 10:12:55,840 
 [http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X
 Wiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConfig  - 
 ldap_group_memberfields:
 [member, uniquemember]
 2013-01-30 10:12:55,857 
 [http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X
 Wiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConnection  - Connection to LDAP 
 serve
 r [ldap.nov.com:389]
 2013-01-30 10:12:55,868 
 [http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X
 Wiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConnection  - Binding to LDAP 
 server w
 ith credentials login=[cn=papeb,dc=nov,dc=com]
 2013-01-30 10:12:55,928 
 [http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X
 Wiki/XWikiLogin] DEBUG u.i.L.XWikiLDAPAuthServiceImpl - Local LDAP 
 authenticatio
 n failed.
 com.xpn.xwiki.plugin.ldap.XWikiLDAPException: Error number 0 in 5: LDAP bind 
 fai
 led with LDAPException.
 Wrapped Exception: Invalid Credentials
 at 
 com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnectio
 n.java:184) ~[xwiki-platform-legacy-oldcore-4.4.jar:na]
 at 
 com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnectio
 n.java:113) ~[xwiki-platform-legacy-oldcore-4.4.jar:na]
 at 
 com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticat
 eInContext(XWikiLDAPAuthServiceImpl.java:305) 
 [xwiki-platform-legacy-oldcore-4.4
 .jar:na]




 #-
 # LDAP
 #-

 #-# LDAP authentication service
 xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl

 #-# Turn LDAP authentication on - otherwise only XWiki authentication
 #-# - 0: disable
 #-# - 1: enable
 #-# The default is 0
 xwiki.authentication.ldap=1

 #-# LDAP Server (Active Directory, eDirectory, OpenLDAP, etc.)
 xwiki.authentication.ldap.server=ldap.nov.com
 xwiki.authentication.ldap.port=389

 #-# LDAP login, empty = anonymous access, otherwise specify full dn
 #-# {0} is replaced with the user name, {1} with the password
 xwiki.authentication.ldap.bind_DN= cn={0},dc=nov,dc=com
 xwiki.authentication.ldap.bind_pass={1}

 #-# The Base DN used in LDAP searches
 xwiki.authentication.ldap.base_DN=dc=nov,dc=com

 #-# LDAP query to search the user in the LDAP database (in case a static 
 admin user is provided in
 #-# xwiki.authentication.ldap.bind_DN)
 #-# {0} is replaced with the user uid field name and {1} with the user name
 #-# The default is ({0}={1})
 # xwiki.authentication.ldap.user_search_fmt=({0}={1})

 #-# Only members of the following group will be verified in the LDAP
 #-# otherwise only users that are found after searching starting from the 
 base_DN
 # 

Re: [xwiki-users] Help with LDAP

2013-01-30 Thread Jeremie BOUSQUET
Hi,

Are you sure you need to authenticate for ldap bind, and if yes, of the
user/pwd ?
During my little experience, I've encountered ldap bind with anonymous
access, or with specific admin account.
(binding is not authentication)

provided user is null seems a bit strange.
But I'm no ldap expert...
Le 30 janv. 2013 17:47, Pape, Barry barry.p...@nov.com a écrit :

 Greetings Xwiki Gurus,

 I've been trying to get our installation authenticating with LDAP and am
 having no luck.  We are running XWiki 4.3 in Tomcat 7.0.34 on Windows
 Server 2008 R2 Standard.  I have installed the LDAP Application Extension
 and tried configuring it both through the web interface and xwiki.config
 with no success.  Every time I attempt to login I receive an Invalid
 Credentials error (stack trace below,) and the LDAP section from
 xwiki.config file is below that.  I've tried a number of different values
 for the server, bind DN, and the base DN, but nothing works.  Any
 suggestions are greatly appreciated?  Is there any additional logging that
 I can add for more information?

 Thanks,
 Barry




 2013-01-30 10:12:55,825 [
 http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X
 Wiki/XWikiLogin] TRACE u.i.L.XWikiLDAPAuthServiceImpl - Starting LDAP
 authentica
 tion
 2013-01-30 10:12:55,825 [
 http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X
 Wiki/XWikiLogin] DEBUG u.i.L.XWikiLDAPAuthServiceImpl - The provided user
 is nul
 l. We don't try to authenticate, it probably means the user is in non
 logged mod
 e.
 2013-01-30 10:12:55,825 [
 http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X
 Wiki/XWikiLogin] TRACE u.i.L.XWikiLDAPAuthServiceImpl - Starting LDAP
 authentica
 tion
 2013-01-30 10:12:55,840 [
 http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X
 Wiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConfig  -
 ldap_group_classes: [gro
 upofnames, groupwisedistributionlist, dynamicgroup, dynamicgroupaux,
 groupofuniq
 uenames, group]
 2013-01-30 10:12:55,840 [
 http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X
 Wiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConfig  -
 ldap_group_memberfields:
 [member, uniquemember]
 2013-01-30 10:12:55,857 [
 http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X
 Wiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConnection  - Connection to
 LDAP serve
 r [ldap.nov.com:389]
 2013-01-30 10:12:55,868 [
 http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X
 Wiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConnection  - Binding to LDAP
 server w
 ith credentials login=[cn=papeb,dc=nov,dc=com]
 2013-01-30 10:12:55,928 [
 http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X
 Wiki/XWikiLogin] DEBUG u.i.L.XWikiLDAPAuthServiceImpl - Local LDAP
 authenticatio
 n failed.
 com.xpn.xwiki.plugin.ldap.XWikiLDAPException: Error number 0 in 5: LDAP
 bind fai
 led with LDAPException.
 Wrapped Exception: Invalid Credentials
 at
 com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnectio
 n.java:184) ~[xwiki-platform-legacy-oldcore-4.4.jar:na]
 at
 com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnectio
 n.java:113) ~[xwiki-platform-legacy-oldcore-4.4.jar:na]
 at
 com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticat
 eInContext(XWikiLDAPAuthServiceImpl.java:305)
 [xwiki-platform-legacy-oldcore-4.4
 .jar:na]





 #-
 # LDAP

 #-

 #-# LDAP authentication service

 xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl

 #-# Turn LDAP authentication on - otherwise only XWiki authentication
 #-# - 0: disable
 #-# - 1: enable
 #-# The default is 0
 xwiki.authentication.ldap=1

 #-# LDAP Server (Active Directory, eDirectory, OpenLDAP, etc.)
 xwiki.authentication.ldap.server=ldap.nov.com
 xwiki.authentication.ldap.port=389

 #-# LDAP login, empty = anonymous access, otherwise specify full dn
 #-# {0} is replaced with the user name, {1} with the password
 xwiki.authentication.ldap.bind_DN= cn={0},dc=nov,dc=com
 xwiki.authentication.ldap.bind_pass={1}

 #-# The Base DN used in LDAP searches
 xwiki.authentication.ldap.base_DN=dc=nov,dc=com

 #-# LDAP query to search the user in the LDAP database (in case a static
 admin user is provided in
 #-# xwiki.authentication.ldap.bind_DN)
 #-# {0} is replaced with the user uid field name and {1} with the user name
 #-# The default is ({0}={1})
 # xwiki.authentication.ldap.user_search_fmt=({0}={1})

 #-# Only members of the following group will be verified in the LDAP
 #-# otherwise only users that are found after searching starting from the
 base_DN
 #
 xwiki.authentication.ldap.user_group=cn=developers,ou=groups,o=MegaNova,c=US

 #-# [Since 1.5RC1, XWikiLDAPAuthServiceImpl]
 #-# Only users not member of the following group can autheticate
 #
 

Re: [xwiki-users] Help with LDAP

2013-01-30 Thread shouldbeq931
AD requires* an authenticated bind.

*unless anonymous bind has been specifically enabled

Cheers

Sent on the move

On 30 Jan 2013, at 17:04, Jeremie BOUSQUET jeremie.bousq...@gmail.com wrote:

 Hi,
 
 Are you sure you need to authenticate for ldap bind, and if yes, of the
 user/pwd ?
 During my little experience, I've encountered ldap bind with anonymous
 access, or with specific admin account.
 (binding is not authentication)
 
 provided user is null seems a bit strange.
 But I'm no ldap expert...
 Le 30 janv. 2013 17:47, Pape, Barry barry.p...@nov.com a écrit :
 
 Greetings Xwiki Gurus,
 
 I've been trying to get our installation authenticating with LDAP and am
 having no luck.  We are running XWiki 4.3 in Tomcat 7.0.34 on Windows
 Server 2008 R2 Standard.  I have installed the LDAP Application Extension
 and tried configuring it both through the web interface and xwiki.config
 with no success.  Every time I attempt to login I receive an Invalid
 Credentials error (stack trace below,) and the LDAP section from
 xwiki.config file is below that.  I've tried a number of different values
 for the server, bind DN, and the base DN, but nothing works.  Any
 suggestions are greatly appreciated?  Is there any additional logging that
 I can add for more information?
 
 Thanks,
 Barry
 
 
 
 
 2013-01-30 10:12:55,825 [
 http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X
 Wiki/XWikiLogin] TRACE u.i.L.XWikiLDAPAuthServiceImpl - Starting LDAP
 authentica
 tion
 2013-01-30 10:12:55,825 [
 http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X
 Wiki/XWikiLogin] DEBUG u.i.L.XWikiLDAPAuthServiceImpl - The provided user
 is nul
 l. We don't try to authenticate, it probably means the user is in non
 logged mod
 e.
 2013-01-30 10:12:55,825 [
 http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X
 Wiki/XWikiLogin] TRACE u.i.L.XWikiLDAPAuthServiceImpl - Starting LDAP
 authentica
 tion
 2013-01-30 10:12:55,840 [
 http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X
 Wiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConfig  -
 ldap_group_classes: [gro
 upofnames, groupwisedistributionlist, dynamicgroup, dynamicgroupaux,
 groupofuniq
 uenames, group]
 2013-01-30 10:12:55,840 [
 http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X
 Wiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConfig  -
 ldap_group_memberfields:
 [member, uniquemember]
 2013-01-30 10:12:55,857 [
 http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X
 Wiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConnection  - Connection to
 LDAP serve
 r [ldap.nov.com:389]
 2013-01-30 10:12:55,868 [
 http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X
 Wiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConnection  - Binding to LDAP
 server w
 ith credentials login=[cn=papeb,dc=nov,dc=com]
 2013-01-30 10:12:55,928 [
 http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X
 Wiki/XWikiLogin] DEBUG u.i.L.XWikiLDAPAuthServiceImpl - Local LDAP
 authenticatio
 n failed.
 com.xpn.xwiki.plugin.ldap.XWikiLDAPException: Error number 0 in 5: LDAP
 bind fai
 led with LDAPException.
 Wrapped Exception: Invalid Credentials
at
 com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnectio
 n.java:184) ~[xwiki-platform-legacy-oldcore-4.4.jar:na]
at
 com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnectio
 n.java:113) ~[xwiki-platform-legacy-oldcore-4.4.jar:na]
at
 com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticat
 eInContext(XWikiLDAPAuthServiceImpl.java:305)
 [xwiki-platform-legacy-oldcore-4.4
 .jar:na]
 
 
 
 
 
 #-
 # LDAP
 
 #-
 
 #-# LDAP authentication service
 
 xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl
 
 #-# Turn LDAP authentication on - otherwise only XWiki authentication
 #-# - 0: disable
 #-# - 1: enable
 #-# The default is 0
 xwiki.authentication.ldap=1
 
 #-# LDAP Server (Active Directory, eDirectory, OpenLDAP, etc.)
 xwiki.authentication.ldap.server=ldap.nov.com
 xwiki.authentication.ldap.port=389
 
 #-# LDAP login, empty = anonymous access, otherwise specify full dn
 #-# {0} is replaced with the user name, {1} with the password
 xwiki.authentication.ldap.bind_DN= cn={0},dc=nov,dc=com
 xwiki.authentication.ldap.bind_pass={1}
 
 #-# The Base DN used in LDAP searches
 xwiki.authentication.ldap.base_DN=dc=nov,dc=com
 
 #-# LDAP query to search the user in the LDAP database (in case a static
 admin user is provided in
 #-# xwiki.authentication.ldap.bind_DN)
 #-# {0} is replaced with the user uid field name and {1} with the user name
 #-# The default is ({0}={1})
 # xwiki.authentication.ldap.user_search_fmt=({0}={1})
 
 #-# Only members of the following group will be verified in the LDAP
 #-# otherwise only users that are found after searching starting from the
 base_DN
 #