On Fri, Aug 1, 2008 at 5:10 PM, lukweb <[EMAIL PROTECTED]> wrote: > > Here is my xwiki.cfg : > > xwiki.base=../../ > > xwiki.store.class=com.xpn.xwiki.store.XWikiHibernateStore > xwiki.store.hibernate.path=/WEB-INF/hibernate.cfg.xml > xwiki.store.hibernate.updateschema=1 > xwiki.store.hibernate.custommapping=1 > xwiki.store.cache=1 > xwiki.store.cache.capacity=100 > xwiki.store.migration=1 > > xwiki.monitor=1 > > # List of active plugins. > xwiki.plugins=\ > com.xpn.xwiki.monitor.api.MonitorPlugin,\ > com.xpn.xwiki.plugin.calendar.CalendarPlugin,\ > com.xpn.xwiki.plugin.skinx.JsSkinExtensionPlugin,\ > com.xpn.xwiki.plugin.skinx.CssSkinExtensionPlugin,\ > com.xpn.xwiki.plugin.feed.FeedPlugin,\ > com.xpn.xwiki.plugin.ldap.LDAPPlugin,\ > com.xpn.xwiki.plugin.google.GooglePlugin,\ > com.xpn.xwiki.plugin.flickr.FlickrPlugin,\ > com.xpn.xwiki.plugin.mail.MailPlugin,\ > com.xpn.xwiki.plugin.packaging.PackagePlugin,\ > com.xpn.xwiki.plugin.query.QueryPlugin,\ > com.xpn.xwiki.plugin.svg.SVGPlugin,\ > com.xpn.xwiki.plugin.charts.ChartingPlugin,\ > com.xpn.xwiki.plugin.fileupload.FileUploadPlugin,\ > com.xpn.xwiki.plugin.image.ImagePlugin,\ > com.xpn.xwiki.plugin.captcha.CaptchaPlugin,\ > com.xpn.xwiki.plugin.userdirectory.UserDirectoryPlugin,\ > > com.xpn.xwiki.plugin.usertools.XWikiUserManagementToolsImpl,\ > com.xpn.xwiki.plugin.zipexplorer.ZipExplorerPlugin,\ > com.xpn.xwiki.plugin.autotag.AutoTagPlugin,\ > com.xpn.xwiki.plugin.lucene.LucenePlugin,\ > com.xpn.xwiki.plugin.diff.DiffPlugin,\ > com.xpn.xwiki.plugin.rightsmanager.RightsManagerPlugin,\ > com.xpn.xwiki.plugin.jodatime.JodaTimePlugin,\ > com.xpn.xwiki.plugin.scheduler.SchedulerPlugin,\ > com.xpn.xwiki.plugin.mailsender.MailSenderPlugin,\ > com.xpn.xwiki.plugin.watchlist.WatchListPlugin > > # This parameter allows XWiki to operate in Hosting mode allowing to create > # multiple wikis having their own database and responding to different URLs > xwiki.virtual=0 > > xwiki.virtual.redirect=http://127.0.0.1:9080/xwiki/bin/Main/ThisWikiDoesNotExist > > # This parameter will activate the eXo Platform integration > xwiki.exo=0 > > xwiki.authentication=form > xwiki.authentication.validationKey=totototototototototototototototo > xwiki.authentication.encryptionKey=titititititititititititititititi > xwiki.authentication.cookiedomains=xwiki.com,wiki.fr > > # This allows logout to happen for any page going through the /logout/ > action, regardless of the document or the servlet. > # Comment-out if you want to enable logout only for > /bin/logout/XWiki/XWikiLogout > xwiki.authentication.logoutpage=(/[^/]+/|/)logout/* > > # Stats configuration allows to globally activate/deactivate stats module > (launch storage thread, register events...) > xwiki.stats=1 > # When statistics are globally enabled, storage can be enabled/disabled by > wiki using the XWikiPreference property "statistics". > # Note: Statistics are disabled by default for improved performances/space. > xwiki.stats.default=0 > # It is also possible to choose a different stats service to record > statistics separately from XWiki. > xwiki.stats.class=com.xpn.xwiki.stats.impl.XWikiStatsServiceImpl > > xwiki.encoding=ISO-8859-1 > > xwiki.backlinks=1 > > xwiki.tags=1 > > # Use edit comments > xwiki.editcomment=1 > > # Hide editcomment field and only use Javascript > xwiki.editcomment.hidden=0 > > # Make edit comment mandatory > xwiki.editcomment.mandatory=0 > > # Make edit comment suggested (asks 1 time if the comment is empty. > # 1 shows one popup if comment is empty. > # 0 means there is no popup. > # This setting is ignored if mandatory is set > xwiki.editcomment.suggested=0 > > # GraphViz plugin configuration. The GraphViz plugin is not configured by > default. > # To enable it, add "com.xpn.xwiki.plugin.graphviz.GraphVizPlugin" to the > list of plugins > # in the xwiki.plugins property. > # Uncomment and set the locations of the Dot and Neato executables > #xwiki.plugin.graphviz.dotpath=c:/Program Files/ATT/GraphViz/bin/dot.exe > #xwiki.plugin.graphviz.neatopath=c:/Program Files/ATT/GraphViz/bin/neato.exe > > xwiki.plugin.laszlo.baseurl=/openlaszlo/xwiki/ > xwiki.plugin.laszlo.path=c:/Program Files/Apache Software Foundation/Tomcat > 5.0/webapps/openlaszlo/xwiki/ > > xwiki.plugin.image.cache.capacity=30 > > xwiki.plugin.captcha=0 > > > # Enable to allow superadmin. It is disabled by default as this could be a > security breach if > # it were set and you forgot about it. > xwiki.superadminpassword=system > > #------------------------------------------------------------------------------------- > # LDAP > #------------------------------------------------------------------------------------- > > #-# new LDAP authentication service > xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl > > #-# Turn LDAP authentication on - otherwise only XWiki authentication > #-# 0: disable > #-# 1: enable > xwiki.authentication.ldap=1 > > #-# LDAP Server (Active Directory, eDirectory, OpenLDAP, etc.) > xwiki.authentication.ldap.server=55.2.64.29 > xwiki.authentication.ldap.port=389 > > #-# LDAP login, empty = anonymous access, otherwise specify full dn > #-# {0} is replaced with the username, {1} with the password > # > xwiki.authentication.ldap.bind_DN=cn={0},department=USER,department=INFORMATIK,department=1230,o=MP > # xwiki.authentication.ldap.bind_pass={1} > xwiki.authentication.ldap.base_DN=DC=agence,DC=masociete,DC=com > xwiki.authentication.ldap.bind_DN=CN=srv-xwiki,CN=Users,DC=agence,DC=masociete,DC=com > xwiki.authentication.ldap.bind_pass=password > xwiki.authentication.ldap.UID_attr=sAMAccountName > xwiki.authentication.ldap.fields_mapping=name=sAMAccountName,last_name=sn,first_name=givenName,fullname=displayName,mail=mail,ldap_dn=dn > > > #-# Force to check password after LDAP connection > #-# 0: disable > #-# 1: enable > xwiki.authentication.ldap.validate_password=0 > > #-# only members of the following group will be verified in the LDAP > # otherwise only users that are found after searching starting from the > base_DN > # xwiki.authentication.ldap.user_group=CN=Utilisa. du > domaine,CN=Users,DC=agence,DC=masociete,DC=com > > #-# base DN for searches > xwiki.authentication.ldap.base_DN=DC=agence,DC=masociete,DC=com > > #-# Specifies the LDAP attribute containing the identifier to be used as the > XWiki name (default=cn) > xwiki.authentication.ldap.UID_attr=sAMAccountName > > #-# [SINCE 1.5M1, XWikiLDAPAuthServiceImpl] > #-# Specifies the LDAP attribute containing the password to be used "when > xwiki.authentication.ldap.validate_password" is set to 1 > # xwiki.authentication.ldap.password_field=userPassword > > #-# [SINCE 1.5M1, XWikiLDAPAuthServiceImpl] > #-# The potential LDAP groups classes. Separated by commas. > # > xwiki.authentication.ldap.group_classes=group,groupOfNames,groupOfUniqueNames,dynamicGroup,dynamicGroupAux,groupWiseDistributionList > > #-# [SINCE 1.5M1, XWikiLDAPAuthServiceImpl] > #-# The potential names of the LDAP groups fields containings the members. > Separated by commas. > # xwiki.authentication.ldap.group_memberfields=member,uniqueMember > > #-# retrieve the following fields from LDAP and store them in the XWiki user > object (xwiki-attribute=ldap-attribute) > #-# ldap_dn=dn -- dn is set by class, caches dn in XWiki.user object for > faster access > xwiki.authentication.ldap.fields_mapping=last_name=sn,first_name=givenName,fullname=fullName,email=mail,ldap_dn=dn > > #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] > #-# on every login update the mapped attributes from LDAP to XWiki otherwise > this happens only once when the XWiki account is created. > xwiki.authentication.ldap.update_user=1 > > #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] > #-# mapps XWiki groups to LDAP groups, separator is "|" > xwiki.authentication.ldap.group_mapping=XWiki.XWikiAdminGroup=CN=Administrateurs > Wiki,CN=Users,DC=agence,DC=masociete,DC=com|\ > > > #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] > #-# time in s after which the list of members in a group is refreshed from > LDAP (default=3600*6) > # xwiki.authentication.ldap.groupcache_expiration=21800 > > #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] > #-# - create : synchronize group membership only when the user is first > created > #-# - always: synchronize on every login > xwiki.authentication.ldap.mode_group_sync=always > > #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] > #-# if ldap authentication fails for any reason, try XWiki DB authentication > with the same credentials > xwiki.authentication.ldap.trylocal=1 > > #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] > #-# SSL connection to LDAP server > #-# 0: normal > #-# 1: SSL > # xwiki.authentication.ldap.ssl=0 > > #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] > #-# The keystore file to use in SSL connection > # xwiki.authentication.ldap.ssl.keystore= > > #-# [SINCE 1.5M1, XWikiLDAPAuthServiceImpl] > #-# The java secure provider used in SSL connection > # > xwiki.authentication.ldap.ssl.secure_provider=com.sun.net.ssl.internal.ssl.Provider > > #------------------------------------------------------------------------------------- > # Cache > #------------------------------------------------------------------------------------- > > #-# [SINCE 1.5M2] > #-# The cache component implementation to use as "normal" (can be local or > distributed depending on the implementation) > #-# cache component. > xwiki.cache.cachefactory.hint=oscache > > #-# [SINCE 1.5M2] > #-# The cache component to use as local cache component. > xwiki.cache.cachefactory.local.hint=oscache/local > > #------------------------------------------------------------------------------------- > > > xwiki.authentication.unauthorized_code=200 > > # This parameter will activate the sectional editing > xwiki.section.edit=1 > > # Uncomment if you want to ignore requests for unmapped actions, and simply > display the document > # xwiki.unknownActionResponse=view > > > # You can configure the toolbars you wish to see in the WYSIWYG editor by > defining the > # xwiki.wysiwyg.toolbars property. > # When not defined it defaults to: > # xwiki.wysiwyg.toolbars=texttoolbar, listtoolbar, indenttoolbar, > undotoolbar, titletoolbar, \ > # styletoolbar, horizontaltoolbar, > attachmenttoolbar, macrostoolbar, \ > # tabletoolbar, tablerowtoolbar, tablecoltoolbar, > linktoolbar > # The full list of toolbars includes the one defined above and the following > ones: > # subtoolbar, findtoolbar, symboltoolbar > > > xwiki.defaultskin=toucan > xwiki.defaultbaseskin=albatross > > # Calendar Prev/Next Month bounds. > # The calendar generates links to the previous/next months for a limited > range, by default 6 months back and 12 months after. > # A value of 0 means that there is no limit in that direction. > # xwiki.calendar.bound.prev=6 > # xwiki.calendar.bound.next=12 > > # xwiki.temp.dir=/tmp/xwiki > # xwiki.work.dir=/usr/local/xwiki > > # xwiki.plugins.lucene.indexdir=/usr/local/xwiki/lucene > # > xwiki.plugins.lucene.analyzer=org.apache.lucene.analysis.standard.StandardAnalyzer > # xwiki.plugins.lucene.indexinterval=20 > > xwiki.work.dir=work
I found what is the problem: It's not your configuration, by default XWiki store the DN in the user's profile (with the "ldap_dn=dn" in xwiki.authentication.ldap.fields_mapping property) to speed up the DN search. The problem is that it will always use the first DN used for a user even the user moved in LDAP server. So what you can do to fix it: - for existing users in XWiki: edit the user's profile page using object editor and change the value of the property ldap_dn (LDAP DN). Set the new DN or just blank it to let XWiki update it. - if you plan to move LDAP users regularely: remove the "ldap_dn=dn" from xwiki.authentication.ldap.fields_mapping property to avoid LDAP user DN storage. > > Thanks for your help. > > -- > View this message in context: > http://n2.nabble.com/Xwiki-LDAP-Authentication-doesn%27t-work-when-you-move-a-user-to-a-different-OU-in-Active-Directory-tp663821p664421.html > Sent from the XWiki- Users mailing list archive at Nabble.com. > > _______________________________________________ > users mailing list > users@xwiki.org > http://lists.xwiki.org/mailman/listinfo/users > -- Thomas Mortagne _______________________________________________ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users