Hello,
What are you using for Base_DN variable in xwiki? It seems you've replaced
the configuration with something else, but this detail is important.
You should try using a conf like this:
xwiki.authentication.ldap.base_DN=OU=Staff,DC=yourdomain,DC=TLD
Replace that with your complete DN to this OU you're trying it access.
and comment the xwiki.authentication.ldap.user_group parameter.
Rest of the conf looks OK, so that's the first step to understand what's
happening there.
2013/3/18 mrswadge stuart.step...@tracegroup.com
Hi,
I hope someone can help me. I'm experiencing some trouble with the
configuration of XWiki against our Active Directory server. Unfortunately
LDAP is not something I am very familiar with and it seems a little unusual
to my way of thinking!
I have an Active Directory in the following format that I am trying to get
working with XWiki:
- Root
- OU=Staff
- CN=Bill Bailey
- sAMAccountName=bb
- CN=Fred Bloggs
- sAMAccountName=fb
I've configured the following, but I can't get past the login screen.
xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl
xwiki.authentication.ldap=1
xwiki.authentication.ldap.server=servername
xwiki.authentication.ldap.port=389
xwiki.authentication.ldap.bind_DN=subdomain\\{0}
xwiki.authentication.ldap.bind_pass={1}
xwiki.authentication.ldap.base_DN=DC=subdomain,DC=domain,DC=com
xwiki.authentication.ldap.user_group=OU=Staff
xwiki.authentication.ldap.UID_attr=sAMAccountName
xwiki.authentication.ldap.group_classes=group,groupOfNames,groupOfUniqueNames,dynamicGroup,dynamicGroupAux,groupWiseDistributionList
xwiki.authentication.ldap.fields_mapping=name=sAMAccountName,last_name=sn,first_name=givenName,fullname=displayName,email=mail,ldap_dn=dn
xwiki.authentication.ldap.update_user=1
These are my logs...
2013-03-18 15:08:18,924
[http://tidevute:9080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] TRACE
u.i.L.XWikiLDAPAuthServiceImpl - Starting LDAP authentication
2013-03-18 15:08:18,924
[http://tidevute:9080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG
u.i.L.XWikiLDAPAuthServiceImpl - The provided user is null. We don't try to
authenticate, it probably means the user is in non logged mode.
2013-03-18 15:08:18,924
[http://tidevute:9080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] TRACE
u.i.L.XWikiLDAPAuthServiceImpl - Starting LDAP authentication
2013-03-18 15:08:18,924
[http://tidevute:9080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG
c.x.x.p.l.XWikiLDAPConfig - ldap_group_classes: [groupofnames,
groupwisedistributionlist, dynamicgroup, dynamicgroupaux,
groupofuniquenames, group]
2013-03-18 15:08:18,924
[http://tidevute:9080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG
c.x.x.p.l.XWikiLDAPConfig - ldap_group_memberfields: [member,
uniquemember]
2013-03-18 15:08:18,971
[http://tidevute:9080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG
c.x.x.p.l.XWikiLDAPConnection - Connection to LDAP server [tidc:389]
2013-03-18 15:08:19,002
[http://tidevute:9080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG
c.x.x.p.l.XWikiLDAPConnection - Binding to LDAP server with credentials
login=[subdomain\username]
2013-03-18 15:08:19,236
[http://tidevute:9080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG
u.i.L.XWikiLDAPAuthServiceImpl - Checking if the user belongs to the user
group: OU=Staff
2013-03-18 15:08:19,252
[http://tidevute:9080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG
c.x.x.p.l.XWikiLDAPUtils - Retrieving Members of the group [OU=Staff]
2013-03-18 15:08:19,252
[http://tidevute:9080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG
c.x.x.p.l.XWikiLDAPUtils - [OU=Staff] is a valid DN, lets try to get
corresponding entry.
2013-03-18 15:08:19,252
[http://tidevute:9080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG
c.x.x.p.l.XWikiLDAPConnection - LDAP search: baseDN=[OU=Staff]
query=[null]
attr=[[objectClass, member, uniquemember, sAMAccountName]] ldapScope=[2]
2013-03-18 15:08:19,299
[http://tidevute:9080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG
c.x.x.p.l.XWikiLDAPUtils - Failed to get group members
com.novell.ldap.LDAPException: Operations Error
at com.novell.ldap.LDAPResponse.getResultException(Unknown Source)
~[jldap-4.3.jar:na]
at com.novell.ldap.LDAPResponse.chkResultCode(Unknown Source)
~[jldap-4.3.jar:na]
at com.novell.ldap.LDAPSearchResults.next(Unknown Source)
~[jldap-4.3.jar:na]
at
com.xpn.xwiki.plugin.ldap.XWikiLDAPUtils.getGroupMembersSearchResult(XWikiLDAPUtils.java:676)
[xwiki-platform-legacy-oldcore-5.0-milestone-1.jar:na]
at
com.xpn.xwiki.plugin.ldap.XWikiLDAPUtils.getGroupMembersFromDN(XWikiLDAPUtils.java:603)
[xwiki-platform-legacy-oldcore-5.0-milestone-1.jar:na]
at
com.xpn.xwiki.plugin.ldap.XWikiLDAPUtils.getGroupMembers(XWikiLDAPUtils.java:543)
[xwiki-platform-legacy-oldcore-5.0-milestone-1.jar:na]
at