Hallo thanks for the quick reply.
well the config should work then :/ i compared it with the bugzilla / subversion config which uses the same ldap / active directory auth. the only difference is that they distinguish the bind user with the user to be authenticated. but in my case even the bind user cannot login. 2008-04-30 13:44:34,891 [http://dev.edoras.ch:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] [http-8080-Processor24] WARN LDAP.XWikiLDAPAuthServiceImpl - LDAP authentication failed. com.xpn.xwiki.plugin.ldap.XWikiLDAPException: Error number 0 in 5: LDAP bind failed with LDAPException. Wrapped Exception: Invalid Credentials at com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:178) at com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:109) at com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWikiLDAPAuthServiceImpl.java:194) at com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.authenticate(XWikiLDAPAuthServiceImpl.java:107) ......... Wrapped Exception: LDAPException: Invalid Credentials (49) Invalid Credentials LDAPException: Server Message: 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece LDAPException: Matched DN: at com.novell.ldap.LDAPResponse.getResultException(Unknown Source) at com.novell.ldap.LDAPResponse.chkResultCode(Unknown Source) at com.novell.ldap.LDAPConnection.chkResultCode(Unknown Source) at com.novell.ldap.LDAPConnection.bind(Unknown Source) at com.novell.ldap.LDAPConnection.bind(Unknown Source) at com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:170) at com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:109) at com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWikiLDAPAuthServiceImpl.java:194) is there some debug feature i can turn on to get some more information? or some small test-class to verify the settings? it seems it uses the login name from the login form but then authentication fails. thanks a lot :) regards werner Thomas Mortagne schrieb: > On Wed, Apr 30, 2008 at 11:55 AM, werner mueller > <[EMAIL PROTECTED]> wrote: >> Hallo >> >> thanks for the reply. >> back to stupid questions: >> >> > #-# LDAP login, empty = anonymous access, otherwise specify full dn >> > #-# {0} is replaced with the username, {1} with the password >> > #xwiki.authentication.ldap.bind_DN=cn={0},department=USER,o=MP >> >> > #xwiki.authentication.ldap.bind_pass={1} >> >> {0} is the username from the login form in xwiki? >> {1} is the password from the login form in xwiki? > > Yes, you really write "{0}" and "{1}" in the configuration and it will > be replaced at runtime by user/pass provided by user in the login > form. > >> or are these documentation placeholders to be filled in the config file >> directly? >> >> thanks :) >> >> >> >> regards >> >> werner >> >> >> >> >> Thomas Mortagne schrieb: >> > On Tue, Apr 29, 2008 at 1:30 PM, werner mueller >> > <[EMAIL PROTECTED]> wrote: >> >> Hallo >> >> >> >> thanks for the hints. >> >> >> >> i tried some other configurations but with no luck. it seems not every >> >> user is allowed to query the ldap structure. i have to use a special >> >> user/password to bind xwiki to the active directory. that user can login >> >> but thats not a solution. aloow everyone to query the ad is not an >> >> option for us. >> >> >> >> has anyone a working active directory config he or she could share? >> >> >> >> is it possible to trick xwiki to use a different user to bind to the AD >> >> and then use username/password from login to process the login? >> >> i've been doing similar things for bugzilla/ldap using LDAPbinddn = >> >> cn=<LDAPQUERYUSERNAME>,cn=Users,dc=domain,dc=com:<LDAPQUERYPASSWORD> >> > >> > Yes and it's the default way to work for LDAP authenticator. You can >> > see in default xwiki.cfg : >> > >> > #-# LDAP login, empty = anonymous access, otherwise specify full dn >> > #-# {0} is replaced with the username, {1} with the password >> > >> #xwiki.authentication.ldap.bind_DN=cn={0},department=USER,department=INFORMATIK,department=1230,o=MP >> > #xwiki.authentication.ldap.bind_pass={1} >> > >> > So in your case it would be : >> > xwiki.authentication.ldap.bind_DN=cn={0},cn=Users,dc=domain,dc=com >> > xwiki.authentication.ldap.bind_pass={1} >> > >> >> btw: yes i am sure its version 1.3.2.9174. its the one copy pasted from >> >> xwiki. unless its not correct there but that would be weird. >> >> >> >> >> >> any hints or examples would be cool :) >> >> thanks a lot >> >> >> >> regards >> >> >> >> werner >> >> >> >> >> >> >> >> Thomas Mortagne schrieb: >> >> > Also I think >> http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication#HLDAPConfigurationforActiveDirectory >> >> > is based in old LDAP authenticator (see >> >> > >> http://platform.xwiki.org/xwiki/bin/view/AdminGuide/AuthenticationLdapOld). >> >> > >> >> > On Thu, Apr 17, 2008 at 7:35 PM, Thomas Mortagne >> >> > <[EMAIL PROTECTED]> wrote: >> >> >> Hi, >> >> >> >> >> >> >> >> >> >> >> >> On Thu, Apr 17, 2008 at 7:02 PM, werner mueller >> >> >> <[EMAIL PROTECTED]> wrote: >> >> >> > hallo >> >> >> > >> >> >> > i am currently trying to setup xwiki on taomcat 5.5/mysql. until >> now its >> >> >> > doing quite well :) >> >> >> > >> >> >> > my next step is to get ldap authentication against an active >> directory >> >> >> > working. i followed >> >> >> > >> http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication#HLDAPConfigurationforActiveDirectory >> >> >> > and some postings on the mailing list but i cant get it to work. >> >> >> > >> >> >> > i either end up with: >> >> >> > com.xpn.xwiki.plugin.ldap.XWikiLDAPException: Error number 0 in >> 5: LDAP >> >> >> > bind failed with LDAPException. >> >> >> > Wrapped Exception: Invalid Credentials >> >> >> > >> >> >> > or worse (with in my eyes the propper config): >> >> >> > WARN LDAP.XWikiLDAPAuthS >> >> >> > erviceImpl - LDAP authentication failed. >> >> >> > java.lang.NullPointerException >> >> >> > at >> >> >> > >> com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWikiLDAPAuthServiceImpl.java:256) >> >> >> > at >> >> >> > >> com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.authenticate(XWikiLDAPAuthServiceImpl.java:107) >> >> >> > at >> >> >> > >> com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.authenticate(MyFormAuthenticator.java:194) >> >> >> > at >> >> >> > >> com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:127) >> >> >> > at >> >> >> > >> com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:112) >> >> >> > at >> >> >> > >> com.xpn.xwiki.user.impl.xwiki.XWikiAuthServiceImpl.checkAuth(XWikiAuthServiceImpl.java:214) >> >> >> > at com.xpn.xwiki.XWiki.checkAuth(XWiki.java:3307) >> >> >> > at >> >> >> > >> com.xpn.xwiki.user.impl.xwiki.XWikiRightServiceImpl.checkAccess(XWikiRightServiceImpl.java:136) >> >> >> > at com.xpn.xwiki.XWiki.checkAccess(XWiki.java:3315) >> >> >> > at com.xpn.xwiki.XWiki.prepareDocuments(XWiki.java:4259) >> >> >> > at >> com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:173) >> >> >> > ... >> >> >> >> >> >> Could you copy/paste your configuration. >> >> >> >> >> >> >> >> >> > >> >> >> > >> >> >> > i've done ldap auth on several other tools (apache/subversion, >> >> >> > bugzilla). there i used two accounts: one allowed to bind to the >> active >> >> >> > directory and do searches and the useraccount itself. >> >> >> > >> >> >> > in the xwiki config i can only see the user logging in is used >> to bind >> >> >> > to the ldap server? >> >> >> >> >> >> You can define a user able to bind to the active directory using >> >> >> "bind_DN" and "bind_pass" properties and it will search for provided >> >> >> login in ldap based on "UID_attr" property >> >> >> >> >> >> >> >> >> > >> >> >> > >> >> >> > is the documentation current for xwiki 1.3.2.9174? or can >> someone give >> >> >> > me a hint to make this work? >> >> >> >> >> >> Are you sure you use xwiki-core 1.3.2 version, I can't find in the >> >> >> code what could make NullPointerException at >> >> >> XWikiLDAPAuthServiceImpl.java:256 >> >> >> >> >> >> >> >> >> > >> >> >> > >> >> >> > thanks a lot >> >> >> > regards >> >> >> > >> >> >> > werner >> >> >> > >> >> >> > _______________________________________________ >> >> >> > users mailing list >> >> >> > users@xwiki.org >> >> >> > http://lists.xwiki.org/mailman/listinfo/users >> >> >> > >> >> >> >> >> >> >> >> >> >> >> >> -- >> >> >> Thomas Mortagne >> >> >> >> >> > >> >> > >> >> > >> >> >> >> _______________________________________________ >> >> users mailing list >> >> users@xwiki.org >> >> http://lists.xwiki.org/mailman/listinfo/users >> >> >> > >> > >> > >> >> _______________________________________________ >> users mailing list >> users@xwiki.org >> http://lists.xwiki.org/mailman/listinfo/users >> > > > _______________________________________________ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users