Hallo thanks for the reply. back to stupid questions: > #-# LDAP login, empty = anonymous access, otherwise specify full dn > #-# {0} is replaced with the username, {1} with the password > #xwiki.authentication.ldap.bind_DN=cn={0},department=USER,o=MP > #xwiki.authentication.ldap.bind_pass={1}
{0} is the username from the login form in xwiki? {1} is the password from the login form in xwiki? or are these documentation placeholders to be filled in the config file directly? thanks :) regards werner Thomas Mortagne schrieb: > On Tue, Apr 29, 2008 at 1:30 PM, werner mueller > <[EMAIL PROTECTED]> wrote: >> Hallo >> >> thanks for the hints. >> >> i tried some other configurations but with no luck. it seems not every >> user is allowed to query the ldap structure. i have to use a special >> user/password to bind xwiki to the active directory. that user can login >> but thats not a solution. aloow everyone to query the ad is not an >> option for us. >> >> has anyone a working active directory config he or she could share? >> >> is it possible to trick xwiki to use a different user to bind to the AD >> and then use username/password from login to process the login? >> i've been doing similar things for bugzilla/ldap using LDAPbinddn = >> cn=<LDAPQUERYUSERNAME>,cn=Users,dc=domain,dc=com:<LDAPQUERYPASSWORD> > > Yes and it's the default way to work for LDAP authenticator. You can > see in default xwiki.cfg : > > #-# LDAP login, empty = anonymous access, otherwise specify full dn > #-# {0} is replaced with the username, {1} with the password > #xwiki.authentication.ldap.bind_DN=cn={0},department=USER,department=INFORMATIK,department=1230,o=MP > #xwiki.authentication.ldap.bind_pass={1} > > So in your case it would be : > xwiki.authentication.ldap.bind_DN=cn={0},cn=Users,dc=domain,dc=com > xwiki.authentication.ldap.bind_pass={1} > >> btw: yes i am sure its version 1.3.2.9174. its the one copy pasted from >> xwiki. unless its not correct there but that would be weird. >> >> >> any hints or examples would be cool :) >> thanks a lot >> >> regards >> >> werner >> >> >> >> Thomas Mortagne schrieb: >> > Also I think >> http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication#HLDAPConfigurationforActiveDirectory >> > is based in old LDAP authenticator (see >> > >> http://platform.xwiki.org/xwiki/bin/view/AdminGuide/AuthenticationLdapOld). >> > >> > On Thu, Apr 17, 2008 at 7:35 PM, Thomas Mortagne >> > <[EMAIL PROTECTED]> wrote: >> >> Hi, >> >> >> >> >> >> >> >> On Thu, Apr 17, 2008 at 7:02 PM, werner mueller >> >> <[EMAIL PROTECTED]> wrote: >> >> > hallo >> >> > >> >> > i am currently trying to setup xwiki on taomcat 5.5/mysql. until now >> its >> >> > doing quite well :) >> >> > >> >> > my next step is to get ldap authentication against an active >> directory >> >> > working. i followed >> >> > >> http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication#HLDAPConfigurationforActiveDirectory >> >> > and some postings on the mailing list but i cant get it to work. >> >> > >> >> > i either end up with: >> >> > com.xpn.xwiki.plugin.ldap.XWikiLDAPException: Error number 0 in 5: >> LDAP >> >> > bind failed with LDAPException. >> >> > Wrapped Exception: Invalid Credentials >> >> > >> >> > or worse (with in my eyes the propper config): >> >> > WARN LDAP.XWikiLDAPAuthS >> >> > erviceImpl - LDAP authentication failed. >> >> > java.lang.NullPointerException >> >> > at >> >> > >> com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWikiLDAPAuthServiceImpl.java:256) >> >> > at >> >> > >> com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.authenticate(XWikiLDAPAuthServiceImpl.java:107) >> >> > at >> >> > >> com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.authenticate(MyFormAuthenticator.java:194) >> >> > at >> >> > >> com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:127) >> >> > at >> >> > >> com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:112) >> >> > at >> >> > >> com.xpn.xwiki.user.impl.xwiki.XWikiAuthServiceImpl.checkAuth(XWikiAuthServiceImpl.java:214) >> >> > at com.xpn.xwiki.XWiki.checkAuth(XWiki.java:3307) >> >> > at >> >> > >> com.xpn.xwiki.user.impl.xwiki.XWikiRightServiceImpl.checkAccess(XWikiRightServiceImpl.java:136) >> >> > at com.xpn.xwiki.XWiki.checkAccess(XWiki.java:3315) >> >> > at com.xpn.xwiki.XWiki.prepareDocuments(XWiki.java:4259) >> >> > at >> com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:173) >> >> > ... >> >> >> >> Could you copy/paste your configuration. >> >> >> >> >> >> > >> >> > >> >> > i've done ldap auth on several other tools (apache/subversion, >> >> > bugzilla). there i used two accounts: one allowed to bind to the >> active >> >> > directory and do searches and the useraccount itself. >> >> > >> >> > in the xwiki config i can only see the user logging in is used to >> bind >> >> > to the ldap server? >> >> >> >> You can define a user able to bind to the active directory using >> >> "bind_DN" and "bind_pass" properties and it will search for provided >> >> login in ldap based on "UID_attr" property >> >> >> >> >> >> > >> >> > >> >> > is the documentation current for xwiki 1.3.2.9174? or can someone >> give >> >> > me a hint to make this work? >> >> >> >> Are you sure you use xwiki-core 1.3.2 version, I can't find in the >> >> code what could make NullPointerException at >> >> XWikiLDAPAuthServiceImpl.java:256 >> >> >> >> >> >> > >> >> > >> >> > thanks a lot >> >> > regards >> >> > >> >> > werner >> >> > >> >> > _______________________________________________ >> >> > users mailing list >> >> > users@xwiki.org >> >> > http://lists.xwiki.org/mailman/listinfo/users >> >> > >> >> >> >> >> >> >> >> -- >> >> Thomas Mortagne >> >> >> > >> > >> > >> >> _______________________________________________ >> users mailing list >> users@xwiki.org >> http://lists.xwiki.org/mailman/listinfo/users >> > > > _______________________________________________ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users