errorMessage: 0000203D: LdapErr: DSID-0C090C7D, comment: Unknown
extended request OID, data 0, vece
 Quoting Thomas Mortagne : On Thu, May 8, 2008 at 4:49 PM, Mihails
Agafonovs  wrote:
 > You were right - I was using the old authenticator. Thanks!
 >
 > Now I can log in, but I'm not created in any group. Also, if I
enable
 > extended search (when only users of the specified AD group will be
 > verified), the LDAP throws error.
 Which error exactly ?
 >  Quoting Thomas Mortagne : Which LDAP authenticator
 > (xwiki.authentication.ldap.authclass) do you
 >  use ? If it's com.xpn.xwiki.user.impl.LDAP.LDAPAuthServiceImpl or
if
 >  you did not configured xwiki.authentication.ldap.authclass forgot
 >  pretty much all I said as I spoke about the new (since 1.3) LDAP
 >  authenticator
 >
(xwiki.authentication.ldap.authclass=com.xpn.xwiki.ldap.authentication.XWikiLDAPAuthServiceImpl)...
 >  2008/5/8 Mihails Agafonovs <[EMAIL PROTECTED]>:
 >  > Uncommenting xwiki.authentication.ldap.validate_password=0
did
 >  >  nothing.
 >  >
 >  >  About ".".
 >  >
 >  >  In version 1.1.2, there was no problem connecting to AD
using
 > CN
 >  >  attribute (name surname), and user was automatically
created
 > in
 >  >  XWikiAllGroup. So this is strange that in the newer version
 > that
 >  >  doesn't work.
 >  >
 >  >  Also, nothing changed in our AD. I still can login in XWiki
 > 1.1.2 and
 >  >  LDAP browser, for example, in both cases using my CN.
 >  >   Quoting Thomas Mortagne : Try to uncomment
 >  >
 >  > xwiki.authentication.ldap.validate_password=0
 >  >   You should not have 5 as this is used to force login/pass
 > validation
 >  >   when you don't connect to LDAP with provided user/pass
 > (bind_DN and
 >  >   bind_pass set to an existing ldap user/pass)
 >  >   Another thing, in your example you seem to test with a
user
 > name
 >  >   containing a ".", the LDAP authenticator does
not
 > support it yet,
 >  >  see
 >  >   http://jira.xwiki.org/jira/browse/XWIKI-2264
 >  >   2008/5/8 Mihails Agafonovs :
 >  >
 >  >
 >  >  > Here's a pice from xwiki.log:
 >  >   >  -----------------------------------------------
 >  >   >  java.lang.NullPointerException
 >  >   >   at
 >  >   >
 >  >
 >
com.xpn.xwiki.plugin.lucene.IndexUpdater.run(IndexUpdater.java:209)
 >  >   >   at java.lang.Thread.run(Thread.java:619)
 >  >   >  2008-05-07 14:11:31,078 [index updating thread]
 > [Thread-20] ERROR
 >  >   >  lucene.IndexUpdater             - Writer not open
and
 > closeWriter
 >  >   >  called
 >  >   >  2008-05-07 14:15:49,735
 >  >  [http://192.168.220.128/xwiki/bin/view/Main]
 >  >   >  [TP-Processor3] INFO  .AbstractXWikiMigrationManager
 -
 > No
 >  >  storage
 >  >   >  migration required since current version is [7351]
 >  >   >  2008-05-07 14:17:37,228
 >  >   >
 > [http://192.168.220.128/xwiki/bin/loginsubmit/XWiki/XWikiLogin]
 >  >   >  [TP-Processor3] ERROR LDAP.LDAPAuthServiceImpl      
 -
 > LDAP Bind
 >  >   >  failed with Exception Invalid Credentials
 >  >   >  2008-05-07 14:20:29,787
 >  >  [http://192.168.220.128/xwiki/bin/view/Main]
 >  >   >  [TP-Processor3] INFO  .AbstractXWikiMigrationManager
 -
 > No
 >  >  storage
 >  >   >  migration required since current version is [7351]
 >  >   >  2008-05-07 14:25:32,020 [index updating thread]
 > [Thread-20] ERROR
 >  >   >  lucene.IndexUpdater             - IOException when
 > opening Lucene
 >  >   >  Index for writing at
 >  >   >  /var/lib/tomcat5/webapps/xwiki/WEB-INF/work/lucene
 >  >   >
 >  >
 >
-------------------------------------------------------------------------------------
 >  >   >
 >  >   >  And from Wireshark it's the same I pasted in a
previous
 > mail. I
 >  >  can
 >  >   >  add the function sequence watched via Wireshark:
 >  >   >  1) bindRequest() with domainname.surname
 >  >   >  2) bindresponse() - success
 >  >   >  3) searchRequest() with dc=domain, dc=com,
 >  >   >  sAMAccountName=name.surname
 >  >   >  4) searchResEntry() - returns my full correct dn
 >  >   >  5) compareRequest() with my full dn and
 > userPassword=mypass
 >  >   >  6) LDAP error about no such attribute userPassword
 >  >   >  7) unbindRequest()
 >  >   >
 >  >   >   Quoting Thomas Mortagne : Could be you paste the
whole
 > error log
 >  >  ?
 >  >   >   2008/5/8 Mihails Agafonovs :
 >  >   >
 >  >   >
 >  >   >  > Again, the same error from LDAP:
 >  >   >   >
 >  >   >   >  LDAPMessage compareResponse(7)
noSuchAttribute
 > (00002080:
 >  >  AtrErr:
 >  >   >   >
 >  >   >   > DSID-03080139, #1:
 >  >   >   >   0: 00002080: DSID-03080139, problem 1001
 >  >  (NO_ATTRIBUTE_OR_VAL),
 >  >   >  data
 >  >   >   >  0, Att 23 (userPassword)
 >  >   >   >  )
 >  >   >   >
 >  >   >   >   Quoting Thomas Mortagne : 2008/5/7 Mihails
 > Agafonovs
 >  >   >   >  <[EMAIL PROTECTED]>:
 >  >   >   >   > Hi!
 >  >   >   >   >
 >  >   >   >   >  I've been trying to setup LDAP
 > connection on XWiki
 >  >  1.3.2.
 >  >   >   >  Using
 >  >   >   >   >  Wireshark, I've discovered, that
LDAP
 > performs
 >  >   >  unbindRequest()
 >  >   >   >  after
 >  >   >   >   >  the following error:
 >  >   >   >   >
 >  >   >   >   >  LDAPMessage compareResponse(3)
 > noSuchAttribute
 >  >  (00002080:
 >  >   >   >  AtrErr:
 >  >   >   >   >  DSID-03080139, #1:
 >  >   >   >   >   0: 00002080: DSID-03080139,
problem
 > 1001
 >  >   >   >
 >  >   >   > (NO_ATTRIBUTE_OR_VAL), data
 >  >   >   >   >  0, Att 23 (userPassword)
 >  >   >   >   >  )
 >  >   >   >   >  Here is the configuration:
 >  >   >   >   >
 >  >   >   >   >
 > ----------------------------------------------
 >  >   >   >   >  xwiki.authentication.ldap=1
 >  >   >   >   >
 > xwiki.authentication.ldap.server=my.domain.com
 >  >   >   >   >  xwiki.authentication.ldap.port=389
 >  >   >   >   > 
xwiki.authentication.ldap.bind_DN={0}
 >  >   >   >   >
 > xwiki.authentication.ldap.bind_pass={1}
 >  >   >   >   >  #
 > xwiki.authentication.ldap.validate_password=0
 >  >   >   >   >
 >  >   >   >
 >  >   >   >
 >  >   >
 >  >
 >
xwiki.authentication.ldap.user_group=ou=Riga,ou=LAT,dc=domain,dc=com
 >  >   >   >   >
 > xwiki.authentication.ldap.base_DN=dc=domain,dc=com
 >  >   >   >   > 
xwiki.authentication.ldap.UID_attr=cn
 >  >   >   >   >
 >  >   >   >
 >  >   >   >
 >  >   >
 >  >
 >
xwiki.authentication.ldap.fields_mapping=name=cn,last_name=sn,first_name=givenName,fullname=fullName,email=mail,ldap_dn=dn
 >  >   >   >   >  #
 > xwiki.authentication.ldap.update_user=1
 >  >   >   >   >
 >  >   >   >
 >  >   >   >
 >  >   >
 >  >
 >
xwiki.authentication.ldap.group_mapping=XWiki.XWikiAdminGroup=ou=Riga,ou=LAT,dc=GDNEurope,dc=com|
 >  >   >   >   >
 >  >   >   >   >
 >  >  XWiki.Organisation=cn=testers,ou=groups,o=MegaNova,c=US
 >  >   >   >   >  #
 >  >  xwiki.authentication.ldap.groupcache_expiration=21800
 >  >   >   >   >  #
 > xwiki.authentication.ldap.mode_group_sync=always
 >  >   >   >   > 
xwiki.authentication.ldap.trylocal=1
 >  >   >   >
 >  >   >   >  I don't know AD very well but,according to
 >  >   >   >
 >  >   >
 >  >
 >
http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication,
 >  >   >   >   should't be:
 >  >   >   >  
xwiki.authentication.ldap.bind_DN=subdomain{0}
 >  >   >   >
 > xwiki.authentication.ldap.UID_attr=sAMAccountName
 >  >   >   >
 >  >   >   >
 >  >   >
 >  >
 >
xwiki.authentication.ldap.fields_mapping=name=sAMAccountName,last_name=sn,first_name=givenName,fullname=displayName,mail=mail,ldap_dn=dn
 >  >   >   >   ?
 >  >   >   >   >
 > ------------------------------------------------------
 >  >   >   >   >
 >  >   >   >   >  Any ideas?
 >  >   >   >   >
 >  >   >   >   >  P.S. If I use in the login form
 >  >  [EMAIL PROTECTED] or
 >  >   >   >   >  domainname.surname as a username,
I
 > can login, but
 >  >  without
 >  >   >  any
 >  >   >   >   >  rights.
 >  >   >   >   >
 >  >   >   >   >   Ar cieņu, Mihails
 >  >   >   >   >
 > _______________________________________________
 >  >   >   >   >  users mailing list
 >  >   >   >   >  users@xwiki.org
 >  >   >   >   >
 > http://lists.xwiki.org/mailman/listinfo/users
 >  >   >   >   >
 >  >   >   >   --
 >  >   >   >   Thomas Mortagne
 >  >   >   >
 >  >   >   > 
_______________________________________________
 >  >   >   >   users mailing list
 >  >   >   >   users@xwiki.org
 >  >   >   >  
http://lists.xwiki.org/mailman/listinfo/users
 >  >   >   >   Ar cieņu, Mihails
 >  >   >   >
 >  >   >   >  Links:
 >  >   >   >  ------
 >  >   >   >  [1] mailto:[EMAIL PROTECTED]
 >  >   >   >
 >  >   >   >
 >  >   >   >
_______________________________________________
 >  >   >   >  users mailing list
 >  >   >   >  users@xwiki.org
 >  >   >   >  http://lists.xwiki.org/mailman/listinfo/users
 >  >   >   >
 >  >   >   --
 >  >   >   Thomas Mortagne
 >  >   >   _______________________________________________
 >  >   >   users mailing list
 >  >   >   users@xwiki.org
 >  >   >   http://lists.xwiki.org/mailman/listinfo/users
 >  >   >   Ar cieņu, Mihails
 >  >   >
 >  >   >  Links:
 >  >   >  ------
 >  >   >  [1] mailto:[EMAIL PROTECTED]
 >  >   >  _______________________________________________
 >  >   >  users mailing list
 >  >   >  users@xwiki.org
 >  >   >  http://lists.xwiki.org/mailman/listinfo/users
 >  >   >
 >  >   --
 >  >   Thomas Mortagne
 >  >   _______________________________________________
 >  >   users mailing list
 >  >   users@xwiki.org
 >  >   http://lists.xwiki.org/mailman/listinfo/users
 >  >   Ar cieņu, Mihails
 >  >
 >  >  Links:
 >  >  ------
 >  >  [1] mailto:[EMAIL PROTECTED]
 >  >  _______________________________________________
 >  >  users mailing list
 >  >  users@xwiki.org
 >  >  http://lists.xwiki.org/mailman/listinfo/users
 >  >
 >  --
 >  Thomas Mortagne
 >  _______________________________________________
 >  users mailing list
 >  users@xwiki.org
 >  http://lists.xwiki.org/mailman/listinfo/users
 >  Ar cieņu, Mihails
 >
 > Links:
 > ------
 > [1] mailto:[EMAIL PROTECTED]
 > _______________________________________________
 > users mailing list
 > users@xwiki.org
 > http://lists.xwiki.org/mailman/listinfo/users
 >
 -- 
 Thomas Mortagne
 _______________________________________________
 users mailing list
 users@xwiki.org
 http://lists.xwiki.org/mailman/listinfo/users
 Ar cieņu, Mihails

Links:
------
[1] mailto:[EMAIL PROTECTED]

Advertisement:

prasi mammai!
www.mama.lv
_______________________________________________
users mailing list
users@xwiki.org
http://lists.xwiki.org/mailman/listinfo/users

Reply via email to