My login does not contain a "." and I already get bind, I got another problem after the bind during the search.
I got the following error, but I am unable to google what it means. Does anyone knows what means this error ? And how to correct it ? "LDAP Search failed LDAPReferralException: *Automatic referral following not enabled* (10) Referral LDAPReferralException: Server Message: 0000202B: RefErr: DSID-0310063C, data 0, 1 access points" Fabien On Fri, May 16, 2008 at 3:23 PM, Mihails Agafonovs <[EMAIL PROTECTED]> wrote: > If your sAMAccountName is like name.surname, it won't work. XWiki has > some problems with "." (or is this solved?) sign when logging in. > Quoting Fabien : Hi, > I don't know if this will help, but here is below my xwiki.cfg > configuration > file that enable me to bind. > I still do not reach the field mapping step though, I get a > "LDAPReferralException: Automatic referral following not enabled > (10) > Referral LDAPReferralException: Server Message: 0000202B: RefErr: > DSID-0310063C, data 0, 1 access points Iref 1: 'ad.toto.com'" > ------8 > > yep, that was the first attempt. no matter what variation i try i > get > > bind errors or invalid credentials (depending on what user i try > to > > login). xwiki shows an 'internal error' on the login dialog. > > > > its very weird. he mediawiki configuration is alost exactly the > same > > (using that domain\user syntax rather than ldap) > > > > hard to tell what i'm doing wrong :) > > > > i'll do another attempt on a different server next week to make > sure its > > nothing too stupid. > > > > thanks! > > > > regards > > > > werner > > > > > > > > > > Thomas Mortagne schrieb: > > > Hi, > > > > > > Did you tryed the suggested AD configuration at > > > > > > > http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication#HLDAPConfigurationforActiveDirectory > > > ? > > > > > > On Mon, May 12, 2008 at 12:38 PM, Mihails Agafonovs > > wrote: > > >> Try LDAP Browser to find the correct configuration. > > >> > > >> I've succeeded in connecting to AD, using the CN attribute, so > in > > >> config it would be: > > >> > > >> bind_DN={0} /// here the user will type his cn > > >> UID_attr=cn > > >> Quoting werner mueller : hallo > > >> > > >> well i am a little stuck. i cant make it work although i > copied the > > >> settings from a working example (well another tool but the > same > > >> servers). i can only get to 'invalid credentials' > > >> does the server need to be in the same domain as the active > > >> directory to > > >> use the bind_DN=subdomain{0} bind schema? the server is a > linux > > >> machine and is not added to the windows domain. > > >> is there a unit test or little tool or something one could > use for > > >> testing? its a little weird its not working. > > >> thanks for any ideas :) > > >> regards > > >> werner > > >> Thomas Mortagne schrieb: > > >> > You can enable "debug" logging, see > > >> > http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Logging > > >> > > > >> > On Wed, Apr 30, 2008 at 1:54 PM, werner mueller > > >> > > >> > > >> > wrote: > > >> >> Hallo > > >> >> > > >> >> thanks for the quick reply. > > >> >> > > >> >> well the config should work then :/ > > >> >> i compared it with the bugzilla / subversion config which > uses > > >> the same > > >> >> ldap / active directory auth. the only difference is that > they > > >> >> distinguish the bind user with the user to be > authenticated. but > > >> in my > > >> >> case even the bind user cannot login. > > >> >> > > >> >> > > >> >> 2008-04-30 13:44:34,891 > > >> >> > > >> > [http://dev.edoras.ch:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] > > >> >> [http-8080-Processor24] WARN > LDAP.XWikiLDAPAuthServiceImpl - > > >> LDAP > > >> >> authentication failed. > > >> >> > > >> >> com.xpn.xwiki.plugin.ldap.XWikiLDAPException: Error number > 0 in > > >> 5: LDAP > > >> >> bind failed with LDAPException. > > >> >> Wrapped Exception: Invalid Credentials > > >> >> at > > >> >> > > >> > > > > com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:178) > > >> >> at > > >> >> > > >> > > > > com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:109) > > >> >> at > > >> >> > > >> > > > > com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWikiLDAPAuthServiceImpl.java:194) > > >> >> at > > >> >> > > >> >> > > >> > > > > com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.authenticate(XWikiLDAPAuthServiceImpl.java:107) > > >> >> ......... > > >> >> > > >> >> Wrapped Exception: > > >> >> > > >> >> > > >> >> LDAPException: Invalid Credentials (49) Invalid > Credentials > > >> >> LDAPException: Server Message: 80090308: LdapErr: > DSID-0C090334, > > >> >> comment: AcceptSecurityContext error, data 525, vece > > >> >> LDAPException: Matched DN: > > >> >> at > > >> com.novell.ldap.LDAPResponse.getResultException(Unknown > Source) > > >> >> at > com.novell.ldap.LDAPResponse.chkResultCode(Unknown > > >> Source) > > >> >> at > com.novell.ldap.LDAPConnection.chkResultCode(Unknown > > >> Source) > > >> >> at com.novell.ldap.LDAPConnection.bind(Unknown > Source) > > >> >> at com.novell.ldap.LDAPConnection.bind(Unknown > Source) > > >> >> at > > >> >> > > >> > > > > com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:170) > > >> >> at > > >> >> > > >> > > > > com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:109) > > >> >> at > > >> >> > > >> > > > > com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWikiLDAPAuthServiceImpl.java:194) > > >> >> > > >> >> > > >> >> > > >> >> > > >> >> is there some debug feature i can turn on to get some > more > > >> information? > > >> >> or some small test-class to verify the settings? it seems > it > > >> uses the > > >> >> login name from the login form but then authentication > fails. > > >> >> > > >> >> > > >> >> > > >> >> thanks a lot :) > > >> >> regards > > >> >> > > >> >> werner > > >> >> > > >> >> > > >> >> > > >> >> > > >> >> Thomas Mortagne schrieb: > > >> >> > On Wed, Apr 30, 2008 at 11:55 AM, werner mueller > > >> > > >> > > >> >> > wrote: > > >> >> >> Hallo > > >> >> >> > > >> >> >> thanks for the reply. > > >> >> >> back to stupid questions: > > >> >> >> > > >> >> >> > #-# LDAP login, empty = anonymous access, otherwise > > >> specify full dn > > >> >> >> > #-# {0} is replaced with the username, {1} with > the > > >> password > > >> >> >> > > > >> #xwiki.authentication.ldap.bind_DN=cn={0},department=USER,o=MP > > >> >> >> > > >> >> >> > #xwiki.authentication.ldap.bind_pass={1} > > >> >> >> > > >> >> >> {0} is the username from the login form in xwiki? > > >> >> >> {1} is the password from the login form in xwiki? > > >> >> > > > >> >> > Yes, you really write "{0}" and "{1}" in the > configuration and > > >> it will > > >> >> > be replaced at runtime by user/pass provided by user in > the > > >> login > > >> >> > form. > > >> >> > > > >> >> >> or are these documentation placeholders to be filled > in the > > >> config file > > >> >> >> directly? > > >> >> >> > > >> >> >> thanks :) > > >> >> >> > > >> >> >> > > >> >> >> > > >> >> >> regards > > >> >> >> > > >> >> >> werner > > >> >> >> > > >> >> >> > > >> >> >> > > >> >> >> > > >> >> >> Thomas Mortagne schrieb: > > >> >> >> > On Tue, Apr 29, 2008 at 1:30 PM, werner mueller > > >> > > >> >> >> > wrote: > > >> >> >> >> Hallo > > >> >> >> >> > > >> >> >> >> thanks for the hints. > > >> >> >> >> > > >> >> >> >> i tried some other configurations but with no > luck. it > > >> seems not every > > >> >> >> >> user is allowed to query the ldap structure. i > have to > > >> use a special > > >> >> >> >> user/password to bind xwiki to the active > directory. > > >> that user can login > > >> >> >> >> but thats not a solution. aloow everyone to query > the ad > > >> is not an > > >> >> >> >> option for us. > > >> >> >> >> > > >> >> >> >> has anyone a working active directory config he > or she > > >> could share? > > >> >> >> >> > > >> >> >> >> is it possible to trick xwiki to use a different > user to > > >> bind to the AD > > >> >> >> >> and then use username/password from login to > process the > > >> login? > > >> >> >> >> i've been doing similar things for bugzilla/ldap > using > > >> LDAPbinddn = > > >> >> >> >> cn=,cn=Users,dc=domain,dc=com: > > >> > > >> > > >> >> >> > > > >> >> >> > Yes and it's the default way to work for LDAP > > >> authenticator. You can > > >> >> >> > see in default xwiki.cfg : > > >> >> >> > > > >> >> >> > #-# LDAP login, empty = anonymous access, otherwise > > >> specify full dn > > >> >> >> > #-# {0} is replaced with the username, {1} with the > > >> password > > >> >> >> > > > >> > > > > #xwiki.authentication.ldap.bind_DN=cn={0},department=USER,department=INFORMATIK,department=1230,o=MP > > >> >> >> > #xwiki.authentication.ldap.bind_pass={1} > > >> >> >> > > > >> >> >> > So in your case it would be : > > >> >> >> > > > >> > xwiki.authentication.ldap.bind_DN=cn={0},cn=Users,dc=domain,dc=com > > >> >> >> > xwiki.authentication.ldap.bind_pass={1} > > >> >> >> > > > >> >> >> >> btw: yes i am sure its version 1.3.2.9174. its > the one > > >> copy pasted from > > >> >> >> >> xwiki. unless its not correct there but that > would be > > >> weird. > > >> >> >> >> > > >> >> >> >> > > >> >> >> >> any hints or examples would be cool :) > > >> >> >> >> thanks a lot > > >> >> >> >> > > >> >> >> >> regards > > >> >> >> >> > > >> >> >> >> werner > > >> >> >> >> > > >> >> >> >> > > >> >> >> >> > > >> >> >> >> Thomas Mortagne schrieb: > > >> >> >> >> > Also I think > > >> > > > > http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication#HLDAPConfigurationforActiveDirectory > > >> >> >> >> > is based in old LDAP authenticator (see > > >> >> >> >> > > > >> > > > http://platform.xwiki.org/xwiki/bin/view/AdminGuide/AuthenticationLdapOld > > ). > > >> >> >> >> > > > >> >> >> >> > On Thu, Apr 17, 2008 at 7:35 PM, Thomas > Mortagne > > >> > > >> >> >> >> > wrote: > > >> >> >> >> >> Hi, > > >> >> >> >> >> > > >> >> >> >> >> > > >> >> >> >> >> > > >> >> >> >> >> On Thu, Apr 17, 2008 at 7:02 PM, werner > mueller > > >> > > >> > > >> >> >> >> >> wrote: > > >> >> >> >> >> > hallo > > >> >> >> >> >> > > > >> >> >> >> >> > i am currently trying to setup xwiki on > taomcat > > >> 5.5/mysql. until now its > > >> >> >> >> >> > doing quite well :) > > >> >> >> >> >> > > > >> >> >> >> >> > my next step is to get ldap authentication > > >> against an active directory > > >> >> >> >> >> > working. i followed > > >> >> >> >> >> > > > >> > > > > http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication#HLDAPConfigurationforActiveDirectory > > >> >> >> >> >> > and some postings on the mailing list but > i cant > > >> get it to work. > > >> >> >> >> >> > > > >> >> >> >> >> > i either end up with: > > >> >> >> >> >> > > com.xpn.xwiki.plugin.ldap.XWikiLDAPException: > > >> Error number 0 in 5: LDAP > > >> >> >> >> >> > bind failed with LDAPException. > > >> >> >> >> >> > Wrapped Exception: Invalid Credentials > > >> >> >> >> >> > > > >> >> >> >> >> > or worse (with in my eyes the propper > config): > > >> >> >> >> >> > WARN LDAP.XWikiLDAPAuthS > > >> >> >> >> >> > erviceImpl - LDAP authentication failed. > > >> >> >> >> >> > java.lang.NullPointerException > > >> >> >> >> >> > at > > >> >> >> >> >> > > > >> > > > > com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWikiLDAPAuthServiceImpl.java:256) > > >> >> >> >> >> > at > > >> >> >> >> >> > > > >> > > > > com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.authenticate(XWikiLDAPAuthServiceImpl.java:107) > > >> >> >> >> >> > at > > >> >> >> >> >> > > > >> > > > > com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.authenticate(MyFormAuthenticator.java:194) > > >> >> >> >> >> > at > > >> >> >> >> >> > > > >> > > > > com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:127) > > >> >> >> >> >> > at > > >> >> >> >> >> > > > >> > > > > com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:112) > > >> >> >> >> >> > at > > >> >> >> >> >> > > > >> > > > > com.xpn.xwiki.user.impl.xwiki.XWikiAuthServiceImpl.checkAuth(XWikiAuthServiceImpl.java:214) > > >> >> >> >> >> > at > > >> com.xpn.xwiki.XWiki.checkAuth(XWiki.java:3307) > > >> >> >> >> >> > at > > >> >> >> >> >> > > > >> > > > > com.xpn.xwiki.user.impl.xwiki.XWikiRightServiceImpl.checkAccess(XWikiRightServiceImpl.java:136) > > >> >> >> >> >> > at > > >> com.xpn.xwiki.XWiki.checkAccess(XWiki.java:3315) > > >> >> >> >> >> > at > > >> com.xpn.xwiki.XWiki.prepareDocuments(XWiki.java:4259) > > >> >> >> >> >> > at > > >> com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:173) > > >> >> >> >> >> > ... > > >> >> >> >> >> > > >> >> >> >> >> Could you copy/paste your configuration. > > >> >> >> >> >> > > >> >> >> >> >> > > >> >> >> >> >> > > > >> >> >> >> >> > > > >> >> >> >> >> > i've done ldap auth on several other tools > > >> (apache/subversion, > > >> >> >> >> >> > bugzilla). there i used two accounts: one > allowed > > >> to bind to the active > > >> >> >> >> >> > directory and do searches and the > useraccount > > >> itself. > > >> >> >> >> >> > > > >> >> >> >> >> > in the xwiki config i can only see the > user > > >> logging in is used to bind > > >> >> >> >> >> > to the ldap server? > > >> >> >> >> >> > > >> >> >> >> >> You can define a user able to bind to the > active > > >> directory using > > >> >> >> >> >> "bind_DN" and "bind_pass" properties and it > will > > >> search for provided > > >> >> >> >> >> login in ldap based on "UID_attr" property > > >> >> >> >> >> > > >> >> >> >> >> > > >> >> >> >> >> > > > >> >> >> >> >> > > > >> >> >> >> >> > is the documentation current for xwiki > > >> 1.3.2.9174? or can someone give > > >> >> >> >> >> > me a hint to make this work? > > >> >> >> >> >> > > >> >> >> >> >> Are you sure you use xwiki-core 1.3.2 > version, I > > >> can't find in the > > >> >> >> >> >> code what could make NullPointerException at > > >> >> >> >> >> XWikiLDAPAuthServiceImpl.java:256 > > >> >> >> >> >> > > >> >> >> >> >> > > >> >> >> >> >> > > > >> >> >> >> >> > > > >> >> >> >> >> > thanks a lot > > >> >> >> >> >> > regards > > >> >> >> >> >> > > > >> >> >> >> >> > werner > > >> >> >> >> >> > > > >> >> >> >> >> > > _______________________________________________ > > >> >> >> >> >> > users mailing list > > >> >> >> >> >> > [email protected] > > >> >> >> >> >> > > http://lists.xwiki.org/mailman/listinfo/users > > >> >> >> >> >> > > > >> >> >> >> >> > > >> >> >> >> >> > > >> >> >> >> >> > > >> >> >> >> >> -- > > >> >> >> >> >> Thomas Mortagne > > >> >> >> >> >> > > >> >> >> >> > > > >> >> >> >> > > > >> >> >> >> > > > >> >> >> >> > > >> >> >> >> _______________________________________________ > > >> >> >> >> users mailing list > > >> >> >> >> [email protected] > > >> >> >> >> http://lists.xwiki.org/mailman/listinfo/users > > >> >> >> >> > > >> >> >> > > > >> >> >> > > > >> >> >> > > > >> >> >> > > >> >> >> _______________________________________________ > > >> >> >> users mailing list > > >> >> >> [email protected] > > >> >> >> http://lists.xwiki.org/mailman/listinfo/users > > >> >> >> > > >> >> > > > >> >> > > > >> >> > > > >> >> > > >> >> _______________________________________________ > > >> >> users mailing list > > >> >> [email protected] > > >> >> http://lists.xwiki.org/mailman/listinfo/users > > >> >> > > >> > > > >> > > > >> > > > >> _______________________________________________ > > >> users mailing list > > >> [email protected] > > >> http://lists.xwiki.org/mailman/listinfo/users > > >> Ar cieņu, Mihails > > >> > > >> Links: > > >> ------ > > >> [1] mailto:[EMAIL PROTECTED] > > >> > > >> > > >> _______________________________________________ > > >> users mailing list > > >> [email protected] > > >> http://lists.xwiki.org/mailman/listinfo/users > > >> > > > > > > > > > > > > > _______________________________________________ > > users mailing list > > [email protected] > > http://lists.xwiki.org/mailman/listinfo/users > > > _______________________________________________ > users mailing list > [email protected] > http://lists.xwiki.org/mailman/listinfo/users > Ar cieņu, Mihails > > Links: > ------ > [1] mailto:[EMAIL PROTECTED] > _______________________________________________ > users mailing list > [email protected] > http://lists.xwiki.org/mailman/listinfo/users > _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users
