Hi, you were right. There was an error in the config file. Now i have the following line in xwiki.cfg: xwiki.authentication.ldap.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl
Afterwards I restarted Tomcat6. Hi, The problem still remains: Users that are already added (by the former LDAP mechanism or by hand) can login (with their active directory password), but no new users are created as they want to log in for the first time. The stdout_xxxxxxxx.log says: [http-80-1] INFO .AbstractXWikiMigrationManager - No storage migration required since current version is [7351] [http-80-2] ERROR LDAP.LDAPAuthServiceImpl - LDAP Bind failed with Exception Invalid Credentials --> get this line every time a user that doesn't exist in the xwiki userlist wants to login I also tried the old one authservice class using this line: xwiki.authentication.ldap.authclass=com.xpn.xwiki.user.impl.LDAP.LDAPAuthServiceImpl with the same result. All the other logs in the tomcat log directory look clean... Thanks Helmut Thomas Mortagne wrote: > > Hi, > > On Tue, Jun 3, 2008 at 5:46 PM, hel-o <[EMAIL PROTECTED]> wrote: >> >> Hi, >> >> Authentication worked before 1.3.2. Works now for existing users but not >> for >> New Users. New Users are not created when they log in the first time. >> >> Log file: >> --- >> 2008-06-03 17:24:46,344 [http://server/bin/view/Main/WebHome] [http-80-1] >> ERROR LDAP.LDAPAuthServiceImpl - LDAP Bind failed with Exception > > This looks like you use LDAPAuthServiceImpl and not > XWikiLDAPAuthServiceImpl as it is written in the configuration you > sent... > Makes sure you restarted xwiki after modifying xwiki.cfg. > >> Invalid Credentials >> 2008-06-03 17:24:47,125 [http://server/bin/view/Main/WebHome] [http-80-1] >> ERROR LDAP.LDAPAuthServiceImpl - LDAP Bind failed with Exception >> Invalid Credentials >> --- >> >> Configuration: >> --- >> # new LDAP authentication service >> # >> xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl >> >> #-# Turn LDAP authentication on - otherwise only XWiki authentication >> #-# 0: disable >> #-# 1: enable >> xwiki.authentication.ldap=1 >> >> #-# LDAP Server (Active Directory, eDirectory, OpenLDAP, etc.) >> xwiki.authentication.ldap.server=server >> xwiki.authentication.ldap.port=389 >> >> #-# LDAP login, empty = anonymous access, otherwise specify full dn >> #-# {0} is replaced with the username, {1} with the password >> xwiki.authentication.ldap.bind_DN=CN=user,OU=ServicesAccounts,DC=company,DC=holding,DC=ch >> xwiki.authentication.ldap.bind_pass=password >> >> #-# Force to check password after LDAP connection >> #-# 0: disable >> #-# 1: enable >> xwiki.authentication.ldap.validate_password=0 >> >> #-# only members of the following group will be verified in the LDAP >> # otherwise only users that are found after searching starting from the >> base_DN >> # >> xwiki.authentication.ldap.user_group=cn=developers,ou=groups,o=MegaNova,c=US >> >> #-# base DN for searches >> xwiki.authentication.ldap.base_DN=DC=company,DC=holding,DC=ch >> >> #-# specifies the LDAP attribute containing the identifier to be used as >> the >> XWiki name (default=cn) >> xwiki.authentication.ldap.UID_attr=sAMAccountName >> >> #-# retrieve the following fields from LDAP and store them in the XWiki >> user >> object (xwiki-attribute=ldap-attribute) >> #-# ldap_dn=dn -- dn is set by class, caches dn in XWiki.user object for >> faster access >> xwiki.authentication.ldap.fields_mapping=name=sAMAccountName,last_name=sn,first_name=givenName,fullname=fullName,email=mail,ldap_dn=dn >> >> #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] >> #-# on every login update the mapped attributes from LDAP to XWiki >> otherwise >> this happens only once when the XWiki account is created. >> xwiki.authentication.ldap.update_user=1 >> >> #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] >> #-# mapps XWiki groups to LDAP groups, separator is "|" >> # >> xwiki.authentication.ldap.group_mapping=XWiki.XWikiAdminGroup=cn=AdminRole,ou=groups,o=MegaNova,c=US|\ >> # >> XWiki.Organisation=cn=testers,ou=groups,o=MegaNova,c=US >> >> #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] >> #-# time in s after which the list of members in a group is refreshed >> from >> LDAP (default=3600*6) >> # xwiki.authentication.ldap.groupcache_expiration=21800 >> >> #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] >> #-# - create : synchronize group membership only when the user is first >> created >> #-# - always: synchronize on every login >> xwiki.authentication.ldap.mode_group_sync=create >> >> #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] >> #-# if ldap authentication fails for any reason, try XWiki DB >> authentication >> with the same credentials >> xwiki.authentication.ldap.trylocal=1 >> >> #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] >> #-# SSL connection to LDAP server >> #-# 0: normal >> #-# 1: SSL >> # xwiki.authentication.ldap.ssl=0 >> >> #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] >> #-# The keystore file to use in SSL connection >> # xwiki.authentication.ldap.ssl.keystore= >> ---- >> >> Connection in LDAP-Browser works with the settings used in the >> configuration >> above. >> >> Thanks for your help >> Helmut >> -- >> View this message in context: >> http://www.nabble.com/LDAP-Authentication-%28Active-Directory-tp17626760p17626760.html >> Sent from the XWiki- Users mailing list archive at Nabble.com. >> >> _______________________________________________ >> users mailing list >> [email protected] >> http://lists.xwiki.org/mailman/listinfo/users >> > > > > -- > Thomas Mortagne > _______________________________________________ > users mailing list > [email protected] > http://lists.xwiki.org/mailman/listinfo/users > > -- View this message in context: http://www.nabble.com/LDAP-Authentication-%28Active-Directory%29-tp17626760p17640459.html Sent from the XWiki- Users mailing list archive at Nabble.com. _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users
