Re: [xwiki-users] ldap + xwiki.authentication.ldap.user_group
Fixed now.
It was a wrong log in fact:
if (LOG.isDebugEnabled()) {
LOG.debug("LDAP authentication succeed with principal [" +
principal.getName() + "]");
}
was executed even when the auth failed meaning that the principal was
null in this case.
On Wed, Dec 17, 2008 at 2:58 PM, Bartłomiej Radziszewski
wrote:
> Thomas Mortagne wrote:
>> Hi,
>>
>> 2008/12/17 Bartłomiej Radziszewski :
>>
>>> hello,
>>>
>>>
>>> I want to add access to xwiki only for users from special posixGroup in
>>> ldap. So I have added option:
>>>
>>>
>>> #-# only members of the following group will be verified in the LDAP
>>> #-# otherwise only users that are found after searching starting from
>>> the base_DN
>>> xwiki.authentication.ldap.user_group=cn=xwiki,ou=services,dc=xxx,dc=com
>>>
>>>
>>>
>>> all works fine but in logs i get exeption when i dont have some user in
>>> this group:
>>>
>>> com.xpn.xwiki.XWikiException: Error number 8001 in 8: LDAP user usertest
>>> does not belong to LDAP group cn=xwiki,ou=services,dc=xxx,dc=com.
>>>at
>>> com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticateInContext(XWikiLDAPAuthServiceImpl.java:328)
>>>at
>>> com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWikiLDAPAuthServiceImpl.java:198)
>>>at
>>> com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.authenticate(XWikiLDAPAuthServiceImpl.java:149)
>>>at
>>> com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.authenticate(MyFormAuthenticator.java:239)
>>>at
>>> com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:165)
>>>at
>>> com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:148)
>>>at
>>> com.xpn.xwiki.user.impl.xwiki.XWikiAuthServiceImpl.checkAuth(XWikiAuthServiceImpl.java:203)
>>>at com.xpn.xwiki.XWiki.checkAuth(XWiki.java:3578)
>>>at
>>> com.xpn.xwiki.user.impl.xwiki.XWikiRightServiceImpl.checkAccess(XWikiRightServiceImpl.java:139)
>>>at com.xpn.xwiki.XWiki.checkAccess(XWiki.java:3586)
>>>at com.xpn.xwiki.XWiki.prepareDocuments(XWiki.java:4572)
>>>at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:190)
>>>at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:115)
>>>at
>>> org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:431)
>>>at
>>> org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:236)
>>>at
>>> org.apache.struts.action.ActionServlet.process(ActionServlet.java:1196)
>>>at
>>> org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:432)
>>>at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
>>>at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
>>> java.lang.NullPointerException
>>>at
>>> com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.authenticate(XWikiLDAPAuthServiceImpl.java:157)
>>>at
>>> com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.authenticate(MyFormAuthenticator.java:239)
>>>at
>>> com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:165)
>>>at
>>> com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:148)
>>>at
>>> com.xpn.xwiki.user.impl.xwiki.XWikiAuthServiceImpl.checkAuth(XWikiAuthServiceImpl.java:203)
>>>at com.xpn.xwiki.XWiki.checkAuth(XWiki.java:3578)
>>>at
>>> com.xpn.xwiki.user.impl.xwiki.XWikiRightServiceImpl.checkAccess(XWikiRightServiceImpl.java:139)
>>>at com.xpn.xwiki.XWiki.checkAccess(XWiki.java:3586)
>>>at com.xpn.xwiki.XWiki.prepareDocuments(XWiki.java:4572)
>>>at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:190)
>>>at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:115)
>>>at
>>> org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:431)
>>>at
>>> org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:236)
>>>at
>>> org.apache.struts.action.ActionServlet.process(ActionServlet.java:1196)
>>>at
>>> org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:432)
>>>at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
>>>at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
>>>at
>>> org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:502)
>>>at
>>> org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1124)
>>>at com.xpn.xwiki.plugin.webdav.DavFilter.doFilter(DavFilter.java:68)
>>>at
>>> org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1115)
>>>at
>>> com.xpn.xwiki.wysiwyg.server.filter.ConversionFilter.doFilter(ConversionFilter.java:96)
>>>at
>>> org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java
Re: [xwiki-users] ldap + xwiki.authentication.ldap.user_group
Thomas Mortagne wrote: > Hi, > > 2008/12/17 Bartłomiej Radziszewski : > >> hello, >> >> >> I want to add access to xwiki only for users from special posixGroup in >> ldap. So I have added option: >> >> >> #-# only members of the following group will be verified in the LDAP >> #-# otherwise only users that are found after searching starting from >> the base_DN >> xwiki.authentication.ldap.user_group=cn=xwiki,ou=services,dc=xxx,dc=com >> >> >> >> all works fine but in logs i get exeption when i dont have some user in >> this group: >> >> com.xpn.xwiki.XWikiException: Error number 8001 in 8: LDAP user usertest >> does not belong to LDAP group cn=xwiki,ou=services,dc=xxx,dc=com. >>at >> com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticateInContext(XWikiLDAPAuthServiceImpl.java:328) >>at >> com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWikiLDAPAuthServiceImpl.java:198) >>at >> com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.authenticate(XWikiLDAPAuthServiceImpl.java:149) >>at >> com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.authenticate(MyFormAuthenticator.java:239) >>at >> com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:165) >>at >> com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:148) >>at >> com.xpn.xwiki.user.impl.xwiki.XWikiAuthServiceImpl.checkAuth(XWikiAuthServiceImpl.java:203) >>at com.xpn.xwiki.XWiki.checkAuth(XWiki.java:3578) >>at >> com.xpn.xwiki.user.impl.xwiki.XWikiRightServiceImpl.checkAccess(XWikiRightServiceImpl.java:139) >>at com.xpn.xwiki.XWiki.checkAccess(XWiki.java:3586) >>at com.xpn.xwiki.XWiki.prepareDocuments(XWiki.java:4572) >>at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:190) >>at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:115) >>at >> org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:431) >>at >> org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:236) >>at >> org.apache.struts.action.ActionServlet.process(ActionServlet.java:1196) >>at >> org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:432) >>at javax.servlet.http.HttpServlet.service(HttpServlet.java:727) >>at javax.servlet.http.HttpServlet.service(HttpServlet.java:820) >> java.lang.NullPointerException >>at >> com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.authenticate(XWikiLDAPAuthServiceImpl.java:157) >>at >> com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.authenticate(MyFormAuthenticator.java:239) >>at >> com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:165) >>at >> com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:148) >>at >> com.xpn.xwiki.user.impl.xwiki.XWikiAuthServiceImpl.checkAuth(XWikiAuthServiceImpl.java:203) >>at com.xpn.xwiki.XWiki.checkAuth(XWiki.java:3578) >>at >> com.xpn.xwiki.user.impl.xwiki.XWikiRightServiceImpl.checkAccess(XWikiRightServiceImpl.java:139) >>at com.xpn.xwiki.XWiki.checkAccess(XWiki.java:3586) >>at com.xpn.xwiki.XWiki.prepareDocuments(XWiki.java:4572) >>at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:190) >>at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:115) >>at >> org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:431) >>at >> org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:236) >>at >> org.apache.struts.action.ActionServlet.process(ActionServlet.java:1196) >>at >> org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:432) >>at javax.servlet.http.HttpServlet.service(HttpServlet.java:727) >>at javax.servlet.http.HttpServlet.service(HttpServlet.java:820) >>at >> org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:502) >>at >> org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1124) >>at com.xpn.xwiki.plugin.webdav.DavFilter.doFilter(DavFilter.java:68) >>at >> org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1115) >>at >> com.xpn.xwiki.wysiwyg.server.filter.ConversionFilter.doFilter(ConversionFilter.java:96) >>at >> org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1115) >>at >> com.xpn.xwiki.web.SavedRequestRestorerFilter.doFilter(SavedRequestRestorerFilter.java:287) >>at >> org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1115) >>at >> com.xpn.xwiki.web.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:112) >>at >> org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(Servl
Re: [xwiki-users] ldap + xwiki.authentication.ldap.user_group
Hi, 2008/12/17 Bartłomiej Radziszewski : > hello, > > > I want to add access to xwiki only for users from special posixGroup in > ldap. So I have added option: > > > #-# only members of the following group will be verified in the LDAP > #-# otherwise only users that are found after searching starting from > the base_DN > xwiki.authentication.ldap.user_group=cn=xwiki,ou=services,dc=xxx,dc=com > > > > all works fine but in logs i get exeption when i dont have some user in > this group: > > com.xpn.xwiki.XWikiException: Error number 8001 in 8: LDAP user usertest > does not belong to LDAP group cn=xwiki,ou=services,dc=xxx,dc=com. >at > com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticateInContext(XWikiLDAPAuthServiceImpl.java:328) >at > com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWikiLDAPAuthServiceImpl.java:198) >at > com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.authenticate(XWikiLDAPAuthServiceImpl.java:149) >at > com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.authenticate(MyFormAuthenticator.java:239) >at > com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:165) >at > com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:148) >at > com.xpn.xwiki.user.impl.xwiki.XWikiAuthServiceImpl.checkAuth(XWikiAuthServiceImpl.java:203) >at com.xpn.xwiki.XWiki.checkAuth(XWiki.java:3578) >at > com.xpn.xwiki.user.impl.xwiki.XWikiRightServiceImpl.checkAccess(XWikiRightServiceImpl.java:139) >at com.xpn.xwiki.XWiki.checkAccess(XWiki.java:3586) >at com.xpn.xwiki.XWiki.prepareDocuments(XWiki.java:4572) >at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:190) >at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:115) >at > org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:431) >at > org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:236) >at > org.apache.struts.action.ActionServlet.process(ActionServlet.java:1196) >at > org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:432) >at javax.servlet.http.HttpServlet.service(HttpServlet.java:727) >at javax.servlet.http.HttpServlet.service(HttpServlet.java:820) > java.lang.NullPointerException >at > com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.authenticate(XWikiLDAPAuthServiceImpl.java:157) >at > com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.authenticate(MyFormAuthenticator.java:239) >at > com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:165) >at > com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:148) >at > com.xpn.xwiki.user.impl.xwiki.XWikiAuthServiceImpl.checkAuth(XWikiAuthServiceImpl.java:203) >at com.xpn.xwiki.XWiki.checkAuth(XWiki.java:3578) >at > com.xpn.xwiki.user.impl.xwiki.XWikiRightServiceImpl.checkAccess(XWikiRightServiceImpl.java:139) >at com.xpn.xwiki.XWiki.checkAccess(XWiki.java:3586) >at com.xpn.xwiki.XWiki.prepareDocuments(XWiki.java:4572) >at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:190) >at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:115) >at > org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:431) >at > org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:236) >at > org.apache.struts.action.ActionServlet.process(ActionServlet.java:1196) >at > org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:432) >at javax.servlet.http.HttpServlet.service(HttpServlet.java:727) >at javax.servlet.http.HttpServlet.service(HttpServlet.java:820) >at > org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:502) >at > org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1124) >at com.xpn.xwiki.plugin.webdav.DavFilter.doFilter(DavFilter.java:68) >at > org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1115) >at > com.xpn.xwiki.wysiwyg.server.filter.ConversionFilter.doFilter(ConversionFilter.java:96) >at > org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1115) >at > com.xpn.xwiki.web.SavedRequestRestorerFilter.doFilter(SavedRequestRestorerFilter.java:287) >at > org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1115) >at > com.xpn.xwiki.web.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:112) >at > org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1115) >at > org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:361) >at > org.mort
