Re: [xwiki-users] Trouble with XWiki Active Directory LDAP Configuration

2013-03-18 Thread Guillaume Fenollar 
Hello,

What are you using for Base_DN variable in xwiki? It seems you've replaced
the configuration with something else, but this detail is important.
You should try using a conf like this:

 xwiki.authentication.ldap.base_DN=OU=Staff,DC=yourdomain,DC=TLD

Replace that with your complete DN to this OU you're trying it access.
and comment the xwiki.authentication.ldap.user_group parameter.

Rest of the conf looks OK, so that's the first step to understand what's
happening there.


2013/3/18 mrswadge stuart.step...@tracegroup.com

 Hi,

 I hope someone can help me. I'm experiencing some trouble with the
 configuration of XWiki against our Active Directory server. Unfortunately
 LDAP is not something I am very familiar with and it seems a little unusual
 to my way of thinking!

 I have an Active Directory in the following format that I am trying to get
 working with XWiki:

 - Root
   - OU=Staff
 - CN=Bill Bailey
   - sAMAccountName=bb
 - CN=Fred Bloggs
   - sAMAccountName=fb

 I've configured the following, but I can't get past the login screen.


 xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl
 xwiki.authentication.ldap=1
 xwiki.authentication.ldap.server=servername
 xwiki.authentication.ldap.port=389
 xwiki.authentication.ldap.bind_DN=subdomain\\{0}
 xwiki.authentication.ldap.bind_pass={1}
 xwiki.authentication.ldap.base_DN=DC=subdomain,DC=domain,DC=com
 xwiki.authentication.ldap.user_group=OU=Staff
 xwiki.authentication.ldap.UID_attr=sAMAccountName

 xwiki.authentication.ldap.group_classes=group,groupOfNames,groupOfUniqueNames,dynamicGroup,dynamicGroupAux,groupWiseDistributionList

 xwiki.authentication.ldap.fields_mapping=name=sAMAccountName,last_name=sn,first_name=givenName,fullname=displayName,email=mail,ldap_dn=dn
 xwiki.authentication.ldap.update_user=1

 These are my logs...

 2013-03-18 15:08:18,924
 [http://tidevute:9080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] TRACE
 u.i.L.XWikiLDAPAuthServiceImpl - Starting LDAP authentication
 2013-03-18 15:08:18,924
 [http://tidevute:9080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG
 u.i.L.XWikiLDAPAuthServiceImpl - The provided user is null. We don't try to
 authenticate, it probably means the user is in non logged mode.
 2013-03-18 15:08:18,924
 [http://tidevute:9080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] TRACE
 u.i.L.XWikiLDAPAuthServiceImpl - Starting LDAP authentication
 2013-03-18 15:08:18,924
 [http://tidevute:9080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG
 c.x.x.p.l.XWikiLDAPConfig  - ldap_group_classes: [groupofnames,
 groupwisedistributionlist, dynamicgroup, dynamicgroupaux,
 groupofuniquenames, group]
 2013-03-18 15:08:18,924
 [http://tidevute:9080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG
 c.x.x.p.l.XWikiLDAPConfig  - ldap_group_memberfields: [member,
 uniquemember]
 2013-03-18 15:08:18,971
 [http://tidevute:9080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG
 c.x.x.p.l.XWikiLDAPConnection  - Connection to LDAP server [tidc:389]
 2013-03-18 15:08:19,002
 [http://tidevute:9080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG
 c.x.x.p.l.XWikiLDAPConnection  - Binding to LDAP server with credentials
 login=[subdomain\username]
 2013-03-18 15:08:19,236
 [http://tidevute:9080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG
 u.i.L.XWikiLDAPAuthServiceImpl - Checking if the user belongs to the user
 group: OU=Staff
 2013-03-18 15:08:19,252
 [http://tidevute:9080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG
 c.x.x.p.l.XWikiLDAPUtils   - Retrieving Members of the group [OU=Staff]
 2013-03-18 15:08:19,252
 [http://tidevute:9080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG
 c.x.x.p.l.XWikiLDAPUtils   - [OU=Staff] is a valid DN, lets try to get
 corresponding entry.
 2013-03-18 15:08:19,252
 [http://tidevute:9080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG
 c.x.x.p.l.XWikiLDAPConnection  - LDAP search: baseDN=[OU=Staff]
 query=[null]
 attr=[[objectClass, member, uniquemember, sAMAccountName]] ldapScope=[2]
 2013-03-18 15:08:19,299
 [http://tidevute:9080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG
 c.x.x.p.l.XWikiLDAPUtils   - Failed to get group members
 com.novell.ldap.LDAPException: Operations Error
 at com.novell.ldap.LDAPResponse.getResultException(Unknown Source)
 ~[jldap-4.3.jar:na]
 at com.novell.ldap.LDAPResponse.chkResultCode(Unknown Source)
 ~[jldap-4.3.jar:na]
 at com.novell.ldap.LDAPSearchResults.next(Unknown Source)
 ~[jldap-4.3.jar:na]
 at

 com.xpn.xwiki.plugin.ldap.XWikiLDAPUtils.getGroupMembersSearchResult(XWikiLDAPUtils.java:676)
 [xwiki-platform-legacy-oldcore-5.0-milestone-1.jar:na]
 at

 com.xpn.xwiki.plugin.ldap.XWikiLDAPUtils.getGroupMembersFromDN(XWikiLDAPUtils.java:603)
 [xwiki-platform-legacy-oldcore-5.0-milestone-1.jar:na]
 at

 com.xpn.xwiki.plugin.ldap.XWikiLDAPUtils.getGroupMembers(XWikiLDAPUtils.java:543)
 [xwiki-platform-legacy-oldcore-5.0-milestone-1.jar:na]
 at

Re: [xwiki-users] Trouble with XWiki Active Directory LDAP Configuration

2013-03-18 Thread mrswadge 
Guillaume,

Thanks for the reply, you solved my issue.

I did as you suggested:

Changed:
xwiki.authentication.ldap.base_DN=DC=subdomain,DC=domain,DC=com 
xwiki.authentication.ldap.user_group=OU=Staff 

To:
xwiki.authentication.ldap.base_DN=OU=Staff,DC=subdomain,DC=domain,DC=com 
# xwiki.authentication.ldap.user_group=OU=Staff - i.e. commented out.

It now works like a charm.

Thank you once again.
Stuart




--
View this message in context: 
http://xwiki.475771.n2.nabble.com/Trouble-with-XWiki-Active-Directory-LDAP-Configuration-tp7584331p7584333.html
Sent from the XWiki- Users mailing list archive at Nabble.com.
___
users mailing list
users@xwiki.org
http://lists.xwiki.org/mailman/listinfo/users