Hi,
Did you tryed the suggested AD configuration at
http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication#HLDAPConfigurationforActiveDirectory
?
On Mon, May 12, 2008 at 12:38 PM, Mihails Agafonovs <[EMAIL PROTECTED]> wrote:
> Try LDAP Browser to find the correct configuration.
>
> I've succeeded in connecting to AD, using the CN attribute, so in
> config it would be:
>
> bind_DN={0} /// here the user will type his cn
> UID_attr=cn
> Quoting werner mueller : hallo
>
> well i am a little stuck. i cant make it work although i copied the
> settings from a working example (well another tool but the same
> servers). i can only get to 'invalid credentials'
> does the server need to be in the same domain as the active
> directory to
> use the bind_DN=subdomain\{0} bind schema? the server is a linux
> machine and is not added to the windows domain.
> is there a unit test or little tool or something one could use for
> testing? its a little weird its not working.
> thanks for any ideas :)
> regards
> werner
> Thomas Mortagne schrieb:
> > You can enable "debug" logging, see
> > http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Logging
> >
> > On Wed, Apr 30, 2008 at 1:54 PM, werner mueller
>
>
> > wrote:
> >> Hallo
> >>
> >> thanks for the quick reply.
> >>
> >> well the config should work then :/
> >> i compared it with the bugzilla / subversion config which uses
> the same
> >> ldap / active directory auth. the only difference is that they
> >> distinguish the bind user with the user to be authenticated. but
> in my
> >> case even the bind user cannot login.
> >>
> >>
> >> 2008-04-30 13:44:34,891
> >>
> [http://dev.edoras.ch:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin]
> >> [http-8080-Processor24] WARN LDAP.XWikiLDAPAuthServiceImpl -
> LDAP
> >> authentication failed.
> >>
> >> com.xpn.xwiki.plugin.ldap.XWikiLDAPException: Error number 0 in
> 5: LDAP
> >> bind failed with LDAPException.
> >> Wrapped Exception: Invalid Credentials
> >> at
> >>
>
> com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:178)
> >> at
> >>
>
> com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:109)
> >> at
> >>
>
> com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWikiLDAPAuthServiceImpl.java:194)
> >> at
> >>
> >>
>
> com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.authenticate(XWikiLDAPAuthServiceImpl.java:107)
> >> .........
> >>
> >> Wrapped Exception:
> >>
> >>
> >> LDAPException: Invalid Credentials (49) Invalid Credentials
> >> LDAPException: Server Message: 80090308: LdapErr: DSID-0C090334,
> >> comment: AcceptSecurityContext error, data 525, vece
> >> LDAPException: Matched DN:
> >> at
> com.novell.ldap.LDAPResponse.getResultException(Unknown Source)
> >> at com.novell.ldap.LDAPResponse.chkResultCode(Unknown
> Source)
> >> at com.novell.ldap.LDAPConnection.chkResultCode(Unknown
> Source)
> >> at com.novell.ldap.LDAPConnection.bind(Unknown Source)
> >> at com.novell.ldap.LDAPConnection.bind(Unknown Source)
> >> at
> >>
>
> com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:170)
> >> at
> >>
>
> com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:109)
> >> at
> >>
>
> com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWikiLDAPAuthServiceImpl.java:194)
> >>
> >>
> >>
> >>
> >> is there some debug feature i can turn on to get some more
> information?
> >> or some small test-class to verify the settings? it seems it
> uses the
> >> login name from the login form but then authentication fails.
> >>
> >>
> >>
> >> thanks a lot :)
> >> regards
> >>
> >> werner
> >>
> >>
> >>
> >>
> >> Thomas Mortagne schrieb:
> >> > On Wed, Apr 30, 2008 at 11:55 AM, werner mueller
>
>
> >> > wrote:
> >> >> Hallo
> >> >>
> >> >> thanks for the reply.
> >> >> back to stupid questions:
> >> >>
> >> >> > #-# LDAP login, empty = anonymous access, otherwise
> specify full dn
> >> >> > #-# {0} is replaced with the username, {1} with the
> password
> >> >> >
> #xwiki.authentication.ldap.bind_DN=cn={0},department=USER,o=MP
> >> >>
> >> >> > #xwiki.authentication.ldap.bind_pass={1}
> >> >>
> >> >> {0} is the username from the login form in xwiki?
> >> >> {1} is the password from the login form in xwiki?
> >> >
> >> > Yes, you really write "{0}" and "{1}" in the configuration and
> it will
> >> > be replaced at runtime by user/pass provided by user in the
> login
> >> > form.
> >> >
> >> >> or are these documentation placeholders to be filled in the
> config file
> >> >> directly?
> >> >>
> >> >> thanks :)
> >> >>
> >> >>
> >> >>
> >> >> regards
> >> >>
> >> >> werner
> >> >>
> >> >>
> >> >>
> >> >>
> >> >> Thomas Mortagne schrieb:
> >> >> > On Tue, Apr 29, 2008 at 1:30 PM, werner mueller
>
> >> >> > wrote:
> >> >> >> Hallo
> >> >> >>
> >> >> >> thanks for the hints.
> >> >> >>
> >> >> >> i tried some other configurations but with no luck. it
> seems not every
> >> >> >> user is allowed to query the ldap structure. i have to
> use a special
> >> >> >> user/password to bind xwiki to the active directory.
> that user can login
> >> >> >> but thats not a solution. aloow everyone to query the ad
> is not an
> >> >> >> option for us.
> >> >> >>
> >> >> >> has anyone a working active directory config he or she
> could share?
> >> >> >>
> >> >> >> is it possible to trick xwiki to use a different user to
> bind to the AD
> >> >> >> and then use username/password from login to process the
> login?
> >> >> >> i've been doing similar things for bugzilla/ldap using
> LDAPbinddn =
> >> >> >> cn=,cn=Users,dc=domain,dc=com:
>
>
> >> >> >
> >> >> > Yes and it's the default way to work for LDAP
> authenticator. You can
> >> >> > see in default xwiki.cfg :
> >> >> >
> >> >> > #-# LDAP login, empty = anonymous access, otherwise
> specify full dn
> >> >> > #-# {0} is replaced with the username, {1} with the
> password
> >> >> >
>
> #xwiki.authentication.ldap.bind_DN=cn={0},department=USER,department=INFORMATIK,department=1230,o=MP
> >> >> > #xwiki.authentication.ldap.bind_pass={1}
> >> >> >
> >> >> > So in your case it would be :
> >> >> >
> xwiki.authentication.ldap.bind_DN=cn={0},cn=Users,dc=domain,dc=com
> >> >> > xwiki.authentication.ldap.bind_pass={1}
> >> >> >
> >> >> >> btw: yes i am sure its version 1.3.2.9174. its the one
> copy pasted from
> >> >> >> xwiki. unless its not correct there but that would be
> weird.
> >> >> >>
> >> >> >>
> >> >> >> any hints or examples would be cool :)
> >> >> >> thanks a lot
> >> >> >>
> >> >> >> regards
> >> >> >>
> >> >> >> werner
> >> >> >>
> >> >> >>
> >> >> >>
> >> >> >> Thomas Mortagne schrieb:
> >> >> >> > Also I think
>
> http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication#HLDAPConfigurationforActiveDirectory
> >> >> >> > is based in old LDAP authenticator (see
> >> >> >> >
> http://platform.xwiki.org/xwiki/bin/view/AdminGuide/AuthenticationLdapOld).
> >> >> >> >
> >> >> >> > On Thu, Apr 17, 2008 at 7:35 PM, Thomas Mortagne
>
> >> >> >> > wrote:
> >> >> >> >> Hi,
> >> >> >> >>
> >> >> >> >>
> >> >> >> >>
> >> >> >> >> On Thu, Apr 17, 2008 at 7:02 PM, werner mueller
>
>
> >> >> >> >> wrote:
> >> >> >> >> > hallo
> >> >> >> >> >
> >> >> >> >> > i am currently trying to setup xwiki on taomcat
> 5.5/mysql. until now its
> >> >> >> >> > doing quite well :)
> >> >> >> >> >
> >> >> >> >> > my next step is to get ldap authentication
> against an active directory
> >> >> >> >> > working. i followed
> >> >> >> >> >
>
> http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication#HLDAPConfigurationforActiveDirectory
> >> >> >> >> > and some postings on the mailing list but i cant
> get it to work.
> >> >> >> >> >
> >> >> >> >> > i either end up with:
> >> >> >> >> > com.xpn.xwiki.plugin.ldap.XWikiLDAPException:
> Error number 0 in 5: LDAP
> >> >> >> >> > bind failed with LDAPException.
> >> >> >> >> > Wrapped Exception: Invalid Credentials
> >> >> >> >> >
> >> >> >> >> > or worse (with in my eyes the propper config):
> >> >> >> >> > WARN LDAP.XWikiLDAPAuthS
> >> >> >> >> > erviceImpl - LDAP authentication failed.
> >> >> >> >> > java.lang.NullPointerException
> >> >> >> >> > at
> >> >> >> >> >
>
> com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWikiLDAPAuthServiceImpl.java:256)
> >> >> >> >> > at
> >> >> >> >> >
>
> com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.authenticate(XWikiLDAPAuthServiceImpl.java:107)
> >> >> >> >> > at
> >> >> >> >> >
>
> com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.authenticate(MyFormAuthenticator.java:194)
> >> >> >> >> > at
> >> >> >> >> >
>
> com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:127)
> >> >> >> >> > at
> >> >> >> >> >
>
> com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:112)
> >> >> >> >> > at
> >> >> >> >> >
>
> com.xpn.xwiki.user.impl.xwiki.XWikiAuthServiceImpl.checkAuth(XWikiAuthServiceImpl.java:214)
> >> >> >> >> > at
> com.xpn.xwiki.XWiki.checkAuth(XWiki.java:3307)
> >> >> >> >> > at
> >> >> >> >> >
>
> com.xpn.xwiki.user.impl.xwiki.XWikiRightServiceImpl.checkAccess(XWikiRightServiceImpl.java:136)
> >> >> >> >> > at
> com.xpn.xwiki.XWiki.checkAccess(XWiki.java:3315)
> >> >> >> >> > at
> com.xpn.xwiki.XWiki.prepareDocuments(XWiki.java:4259)
> >> >> >> >> > at
> com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:173)
> >> >> >> >> > ...
> >> >> >> >>
> >> >> >> >> Could you copy/paste your configuration.
> >> >> >> >>
> >> >> >> >>
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> > i've done ldap auth on several other tools
> (apache/subversion,
> >> >> >> >> > bugzilla). there i used two accounts: one allowed
> to bind to the active
> >> >> >> >> > directory and do searches and the useraccount
> itself.
> >> >> >> >> >
> >> >> >> >> > in the xwiki config i can only see the user
> logging in is used to bind
> >> >> >> >> > to the ldap server?
> >> >> >> >>
> >> >> >> >> You can define a user able to bind to the active
> directory using
> >> >> >> >> "bind_DN" and "bind_pass" properties and it will
> search for provided
> >> >> >> >> login in ldap based on "UID_attr" property
> >> >> >> >>
> >> >> >> >>
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> > is the documentation current for xwiki
> 1.3.2.9174? or can someone give
> >> >> >> >> > me a hint to make this work?
> >> >> >> >>
> >> >> >> >> Are you sure you use xwiki-core 1.3.2 version, I
> can't find in the
> >> >> >> >> code what could make NullPointerException at
> >> >> >> >> XWikiLDAPAuthServiceImpl.java:256
> >> >> >> >>
> >> >> >> >>
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> > thanks a lot
> >> >> >> >> > regards
> >> >> >> >> >
> >> >> >> >> > werner
> >> >> >> >> >
> >> >> >> >> > _______________________________________________
> >> >> >> >> > users mailing list
> >> >> >> >> > [email protected]
> >> >> >> >> > http://lists.xwiki.org/mailman/listinfo/users
> >> >> >> >> >
> >> >> >> >>
> >> >> >> >>
> >> >> >> >>
> >> >> >> >> --
> >> >> >> >> Thomas Mortagne
> >> >> >> >>
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >>
> >> >> >> _______________________________________________
> >> >> >> users mailing list
> >> >> >> [email protected]
> >> >> >> http://lists.xwiki.org/mailman/listinfo/users
> >> >> >>
> >> >> >
> >> >> >
> >> >> >
> >> >>
> >> >> _______________________________________________
> >> >> users mailing list
> >> >> [email protected]
> >> >> http://lists.xwiki.org/mailman/listinfo/users
> >> >>
> >> >
> >> >
> >> >
> >>
> >> _______________________________________________
> >> users mailing list
> >> [email protected]
> >> http://lists.xwiki.org/mailman/listinfo/users
> >>
> >
> >
> >
> _______________________________________________
> users mailing list
> [email protected]
> http://lists.xwiki.org/mailman/listinfo/users
> Ar cieņu, Mihails
>
> Links:
> ------
> [1] mailto:[EMAIL PROTECTED]
>
>
> _______________________________________________
> users mailing list
> [email protected]
> http://lists.xwiki.org/mailman/listinfo/users
>
--
Thomas Mortagne
_______________________________________________
users mailing list
[email protected]
http://lists.xwiki.org/mailman/listinfo/users
