Hallo yep, that was the first attempt. no matter what variation i try i get bind errors or invalid credentials (depending on what user i try to login). xwiki shows an 'internal error' on the login dialog.
its very weird. he mediawiki configuration is alost exactly the same (using that domain\\user syntax rather than ldap) hard to tell what i'm doing wrong :) i'll do another attempt on a different server next week to make sure its nothing too stupid. thanks! regards werner Thomas Mortagne schrieb: > Hi, > > Did you tryed the suggested AD configuration at > http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication#HLDAPConfigurationforActiveDirectory > ? > > On Mon, May 12, 2008 at 12:38 PM, Mihails Agafonovs <[EMAIL PROTECTED]> wrote: >> Try LDAP Browser to find the correct configuration. >> >> I've succeeded in connecting to AD, using the CN attribute, so in >> config it would be: >> >> bind_DN={0} /// here the user will type his cn >> UID_attr=cn >> Quoting werner mueller : hallo >> >> well i am a little stuck. i cant make it work although i copied the >> settings from a working example (well another tool but the same >> servers). i can only get to 'invalid credentials' >> does the server need to be in the same domain as the active >> directory to >> use the bind_DN=subdomain\{0} bind schema? the server is a linux >> machine and is not added to the windows domain. >> is there a unit test or little tool or something one could use for >> testing? its a little weird its not working. >> thanks for any ideas :) >> regards >> werner >> Thomas Mortagne schrieb: >> > You can enable "debug" logging, see >> > http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Logging >> > >> > On Wed, Apr 30, 2008 at 1:54 PM, werner mueller >> >> >> > wrote: >> >> Hallo >> >> >> >> thanks for the quick reply. >> >> >> >> well the config should work then :/ >> >> i compared it with the bugzilla / subversion config which uses >> the same >> >> ldap / active directory auth. the only difference is that they >> >> distinguish the bind user with the user to be authenticated. but >> in my >> >> case even the bind user cannot login. >> >> >> >> >> >> 2008-04-30 13:44:34,891 >> >> >> [http://dev.edoras.ch:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] >> >> [http-8080-Processor24] WARN LDAP.XWikiLDAPAuthServiceImpl - >> LDAP >> >> authentication failed. >> >> >> >> com.xpn.xwiki.plugin.ldap.XWikiLDAPException: Error number 0 in >> 5: LDAP >> >> bind failed with LDAPException. >> >> Wrapped Exception: Invalid Credentials >> >> at >> >> >> >> com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:178) >> >> at >> >> >> >> com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:109) >> >> at >> >> >> >> com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWikiLDAPAuthServiceImpl.java:194) >> >> at >> >> >> >> >> >> com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.authenticate(XWikiLDAPAuthServiceImpl.java:107) >> >> ......... >> >> >> >> Wrapped Exception: >> >> >> >> >> >> LDAPException: Invalid Credentials (49) Invalid Credentials >> >> LDAPException: Server Message: 80090308: LdapErr: DSID-0C090334, >> >> comment: AcceptSecurityContext error, data 525, vece >> >> LDAPException: Matched DN: >> >> at >> com.novell.ldap.LDAPResponse.getResultException(Unknown Source) >> >> at com.novell.ldap.LDAPResponse.chkResultCode(Unknown >> Source) >> >> at com.novell.ldap.LDAPConnection.chkResultCode(Unknown >> Source) >> >> at com.novell.ldap.LDAPConnection.bind(Unknown Source) >> >> at com.novell.ldap.LDAPConnection.bind(Unknown Source) >> >> at >> >> >> >> com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:170) >> >> at >> >> >> >> com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:109) >> >> at >> >> >> >> com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWikiLDAPAuthServiceImpl.java:194) >> >> >> >> >> >> >> >> >> >> is there some debug feature i can turn on to get some more >> information? >> >> or some small test-class to verify the settings? it seems it >> uses the >> >> login name from the login form but then authentication fails. >> >> >> >> >> >> >> >> thanks a lot :) >> >> regards >> >> >> >> werner >> >> >> >> >> >> >> >> >> >> Thomas Mortagne schrieb: >> >> > On Wed, Apr 30, 2008 at 11:55 AM, werner mueller >> >> >> >> > wrote: >> >> >> Hallo >> >> >> >> >> >> thanks for the reply. >> >> >> back to stupid questions: >> >> >> >> >> >> > #-# LDAP login, empty = anonymous access, otherwise >> specify full dn >> >> >> > #-# {0} is replaced with the username, {1} with the >> password >> >> >> > >> #xwiki.authentication.ldap.bind_DN=cn={0},department=USER,o=MP >> >> >> >> >> >> > #xwiki.authentication.ldap.bind_pass={1} >> >> >> >> >> >> {0} is the username from the login form in xwiki? >> >> >> {1} is the password from the login form in xwiki? >> >> > >> >> > Yes, you really write "{0}" and "{1}" in the configuration and >> it will >> >> > be replaced at runtime by user/pass provided by user in the >> login >> >> > form. >> >> > >> >> >> or are these documentation placeholders to be filled in the >> config file >> >> >> directly? >> >> >> >> >> >> thanks :) >> >> >> >> >> >> >> >> >> >> >> >> regards >> >> >> >> >> >> werner >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> Thomas Mortagne schrieb: >> >> >> > On Tue, Apr 29, 2008 at 1:30 PM, werner mueller >> >> >> >> > wrote: >> >> >> >> Hallo >> >> >> >> >> >> >> >> thanks for the hints. >> >> >> >> >> >> >> >> i tried some other configurations but with no luck. it >> seems not every >> >> >> >> user is allowed to query the ldap structure. i have to >> use a special >> >> >> >> user/password to bind xwiki to the active directory. >> that user can login >> >> >> >> but thats not a solution. aloow everyone to query the ad >> is not an >> >> >> >> option for us. >> >> >> >> >> >> >> >> has anyone a working active directory config he or she >> could share? >> >> >> >> >> >> >> >> is it possible to trick xwiki to use a different user to >> bind to the AD >> >> >> >> and then use username/password from login to process the >> login? >> >> >> >> i've been doing similar things for bugzilla/ldap using >> LDAPbinddn = >> >> >> >> cn=,cn=Users,dc=domain,dc=com: >> >> >> >> >> > >> >> >> > Yes and it's the default way to work for LDAP >> authenticator. You can >> >> >> > see in default xwiki.cfg : >> >> >> > >> >> >> > #-# LDAP login, empty = anonymous access, otherwise >> specify full dn >> >> >> > #-# {0} is replaced with the username, {1} with the >> password >> >> >> > >> >> #xwiki.authentication.ldap.bind_DN=cn={0},department=USER,department=INFORMATIK,department=1230,o=MP >> >> >> > #xwiki.authentication.ldap.bind_pass={1} >> >> >> > >> >> >> > So in your case it would be : >> >> >> > >> xwiki.authentication.ldap.bind_DN=cn={0},cn=Users,dc=domain,dc=com >> >> >> > xwiki.authentication.ldap.bind_pass={1} >> >> >> > >> >> >> >> btw: yes i am sure its version 1.3.2.9174. its the one >> copy pasted from >> >> >> >> xwiki. unless its not correct there but that would be >> weird. >> >> >> >> >> >> >> >> >> >> >> >> any hints or examples would be cool :) >> >> >> >> thanks a lot >> >> >> >> >> >> >> >> regards >> >> >> >> >> >> >> >> werner >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> Thomas Mortagne schrieb: >> >> >> >> > Also I think >> >> http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication#HLDAPConfigurationforActiveDirectory >> >> >> >> > is based in old LDAP authenticator (see >> >> >> >> > >> http://platform.xwiki.org/xwiki/bin/view/AdminGuide/AuthenticationLdapOld). >> >> >> >> > >> >> >> >> > On Thu, Apr 17, 2008 at 7:35 PM, Thomas Mortagne >> >> >> >> >> > wrote: >> >> >> >> >> Hi, >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> On Thu, Apr 17, 2008 at 7:02 PM, werner mueller >> >> >> >> >> >> >> wrote: >> >> >> >> >> > hallo >> >> >> >> >> > >> >> >> >> >> > i am currently trying to setup xwiki on taomcat >> 5.5/mysql. until now its >> >> >> >> >> > doing quite well :) >> >> >> >> >> > >> >> >> >> >> > my next step is to get ldap authentication >> against an active directory >> >> >> >> >> > working. i followed >> >> >> >> >> > >> >> http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication#HLDAPConfigurationforActiveDirectory >> >> >> >> >> > and some postings on the mailing list but i cant >> get it to work. >> >> >> >> >> > >> >> >> >> >> > i either end up with: >> >> >> >> >> > com.xpn.xwiki.plugin.ldap.XWikiLDAPException: >> Error number 0 in 5: LDAP >> >> >> >> >> > bind failed with LDAPException. >> >> >> >> >> > Wrapped Exception: Invalid Credentials >> >> >> >> >> > >> >> >> >> >> > or worse (with in my eyes the propper config): >> >> >> >> >> > WARN LDAP.XWikiLDAPAuthS >> >> >> >> >> > erviceImpl - LDAP authentication failed. >> >> >> >> >> > java.lang.NullPointerException >> >> >> >> >> > at >> >> >> >> >> > >> >> com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWikiLDAPAuthServiceImpl.java:256) >> >> >> >> >> > at >> >> >> >> >> > >> >> com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.authenticate(XWikiLDAPAuthServiceImpl.java:107) >> >> >> >> >> > at >> >> >> >> >> > >> >> com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.authenticate(MyFormAuthenticator.java:194) >> >> >> >> >> > at >> >> >> >> >> > >> >> com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:127) >> >> >> >> >> > at >> >> >> >> >> > >> >> com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:112) >> >> >> >> >> > at >> >> >> >> >> > >> >> com.xpn.xwiki.user.impl.xwiki.XWikiAuthServiceImpl.checkAuth(XWikiAuthServiceImpl.java:214) >> >> >> >> >> > at >> com.xpn.xwiki.XWiki.checkAuth(XWiki.java:3307) >> >> >> >> >> > at >> >> >> >> >> > >> >> com.xpn.xwiki.user.impl.xwiki.XWikiRightServiceImpl.checkAccess(XWikiRightServiceImpl.java:136) >> >> >> >> >> > at >> com.xpn.xwiki.XWiki.checkAccess(XWiki.java:3315) >> >> >> >> >> > at >> com.xpn.xwiki.XWiki.prepareDocuments(XWiki.java:4259) >> >> >> >> >> > at >> com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:173) >> >> >> >> >> > ... >> >> >> >> >> >> >> >> >> >> Could you copy/paste your configuration. >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > i've done ldap auth on several other tools >> (apache/subversion, >> >> >> >> >> > bugzilla). there i used two accounts: one allowed >> to bind to the active >> >> >> >> >> > directory and do searches and the useraccount >> itself. >> >> >> >> >> > >> >> >> >> >> > in the xwiki config i can only see the user >> logging in is used to bind >> >> >> >> >> > to the ldap server? >> >> >> >> >> >> >> >> >> >> You can define a user able to bind to the active >> directory using >> >> >> >> >> "bind_DN" and "bind_pass" properties and it will >> search for provided >> >> >> >> >> login in ldap based on "UID_attr" property >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > is the documentation current for xwiki >> 1.3.2.9174? or can someone give >> >> >> >> >> > me a hint to make this work? >> >> >> >> >> >> >> >> >> >> Are you sure you use xwiki-core 1.3.2 version, I >> can't find in the >> >> >> >> >> code what could make NullPointerException at >> >> >> >> >> XWikiLDAPAuthServiceImpl.java:256 >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > thanks a lot >> >> >> >> >> > regards >> >> >> >> >> > >> >> >> >> >> > werner >> >> >> >> >> > >> >> >> >> >> > _______________________________________________ >> >> >> >> >> > users mailing list >> >> >> >> >> > [email protected] >> >> >> >> >> > http://lists.xwiki.org/mailman/listinfo/users >> >> >> >> >> > >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> -- >> >> >> >> >> Thomas Mortagne >> >> >> >> >> >> >> >> >> > >> >> >> >> > >> >> >> >> > >> >> >> >> >> >> >> >> _______________________________________________ >> >> >> >> users mailing list >> >> >> >> [email protected] >> >> >> >> http://lists.xwiki.org/mailman/listinfo/users >> >> >> >> >> >> >> > >> >> >> > >> >> >> > >> >> >> >> >> >> _______________________________________________ >> >> >> users mailing list >> >> >> [email protected] >> >> >> http://lists.xwiki.org/mailman/listinfo/users >> >> >> >> >> > >> >> > >> >> > >> >> >> >> _______________________________________________ >> >> users mailing list >> >> [email protected] >> >> http://lists.xwiki.org/mailman/listinfo/users >> >> >> > >> > >> > >> _______________________________________________ >> users mailing list >> [email protected] >> http://lists.xwiki.org/mailman/listinfo/users >> Ar cieņu, Mihails >> >> Links: >> ------ >> [1] mailto:[EMAIL PROTECTED] >> >> >> _______________________________________________ >> users mailing list >> [email protected] >> http://lists.xwiki.org/mailman/listinfo/users >> > > > _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users
