I think found wat is the problem : There s a bug with group mappig when you don't get the user DN in xwiki.authentication.ldap.fields_mappinp
Try to add "ldap_dn=dn" in "xwiki.authentication.ldap.fields_mappinp". xwiki.authentication.ldap.fields_mappinp=last_name=sn,first_name=givenName,fullname=displayName,email=mail,ldap_dn=dn On Thu, Aug 21, 2008 at 11:05 AM, Thomas Mortagne <[EMAIL PROTECTED]> wrote: > If it does not work you should try to enable debug log (see > http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Logging) to see > mre details on what append during the LDAP authentication. > > On Thu, Aug 21, 2008 at 10:59 AM, Thomas Mortagne > <[EMAIL PROTECTED]> wrote: >> Hi, >> >> Your configuration seems correct to me (except the >> XWiki.XWikiAllGroup=cn=users,ou=xwiki,ou=Groups,dc=mydomain in >> group_mapping which is useless). >> >> Could you try the last 1.5 snapshot at >> http://maven.xwiki.org/snapshots/com/xpn/xwiki/platform/xwiki-core/1.5-SNAPSHOT/ >> (which will be soon the 1.5.1), I fixed some bugs (like ogin with user >> id contaning poits that was broken) on LDAP but not directly related >> to this. With this version it's working for me with OpenLDAP but, not >> with exactly the same LDAP schema but very similar. >> >> On Wed, Aug 20, 2008 at 11:17 PM, Richard V. <[EMAIL PROTECTED]> wrote: >>> >>> >>> Hello XWiki users, >>> >>> I have a problem getting OpenLDAP to work with XWiki 1.5.11446. For some >>> strange reason i cannot login into xwiki from an account located in >>> OpenLDAP and no error messages are produced. The login page just refreshes >>> itself and nothing else happens. This problem started when I migrated Xwiki >>> 1.4 to 1.5. As solution, I downgraded back to 1.4 and everything seems to >>> work again. Is the LDAP plugin broken in 1.5? I have copy-pasted a sample >>> ldif of my OpenLDAP as well as the xwiki.cfg settings so that someone can >>> give me a hint on where the problem could be. >>> >>> Many thanks in advanced. >>> >>> Richard >>> >>> ------------------------------------------------------ BEGIN >>> ldif------------------------------------------------------------------- >>> >>> dn: dc=mydomain >>> objectClass: organization >>> objectClass: dcObject >>> dc: mydomain >>> o: mydomain >>> >>> dn: ou=Users,dc=mydomain >>> objectClass: organizationalUnit >>> ou: Users >>> >>> dn: ou=People,ou=Users,dc=mydomain >>> objectClass: organizationalUnit >>> ou: People >>> >>> dn: ou=Groups,dc=mydomain >>> objectClass: organizationalUnit >>> ou: Groups >>> >>> dn: ou=Machines,ou=Users,dc=mydomain >>> objectClass: organizationalUnit >>> ou: Machines >>> >>> dn: ou=Domains,dc=mydomain >>> objectClass: organizationalUnit >>> ou: Domains >>> >>> dn: sambaDomainName=SCRAPPY,ou=Domains,dc=mydomain >>> objectClass: sambaDomain >>> sambaAlgorithmicRidBase: 1000 >>> sambaSID: S-1-5-21-4074884656-2525905897-914379862 >>> sambaDomainName: SCRAPPY >>> sambaMinPwdLength: 8 >>> >>> dn: cn=domainUsers,ou=Groups,dc=mydomain >>> objectClass: sambaGroupMapping >>> objectClass: posixGroup >>> displayName: Domain Users >>> sambaGroupType: 2 >>> sambaSID: S-1-5-21-4074884656-2525905897-914379862-513 >>> description: Domain Users >>> gidNumber: 2001 >>> cn: domainUsers >>> memberUid: richi >>> >>> dn: cn=domainGuests,ou=Groups,dc=mydomain >>> objectClass: sambaGroupMapping >>> objectClass: posixGroobjectClass: posixGroup >>> displayName: Domain Guests >>> sambaGroupType: 2 >>> sambaSID: S-1-5-21-4074884656-2525905897-914379862-514 >>> description: Domain Guests >>> gidNumber: 2002 >>> cn: domainGuests >>> >>> dn: cn=domainComputers,ou=Groups,dc=mydomain >>> objectClass: sambaGroupMapping >>> objectClass: posixGroup >>> displayName: Domain Computers >>> sambaGroupType: 2 >>> sambaSID: S-1-5-21-4074884656-2525905897-914379862-515 >>> description: Domain Computers >>> gidNumber: 2003 >>> cn: domainComputers >>> >>> dn: uid=richi,ou=People,ou=Users,dc=mydomain >>> objectClass: sambaSamAccount >>> objectClass: shadowAccount >>> objectClass: posixAccount >>> objectClass: inetOrgPerson >>> sambaHomeDrive: U: >>> sambaDomainName: SCRAPPY >>> sambaAcctFlags: [XU ] >>> displayName: Richi >>> sambaPrimaryGroupSID: S-1-5-21-4074884656-2525905897-914379862-512 >>> sambaSID: S-1-5-21-4074884656-2525905897-914379862-5000 >>> sambaLMPassword: <hidden> >>> sambaNTPassword: <hidden> >>> sambaPwdLastSet: 1218502167 >>> shadowWarning: 10 >>> shadowInactive: 10 >>> shadowMin: 1 >>> shadowMax: 365 >>> homeDirectory: /home/richi >>> loginShell: /bin/bash >>> uid: richi >>> cn: Richi >>> uidNumber: 2000 >>> gidNumber: 2000 >>> sn: Smith >>> givenName: Richi >>> shadowLastChange: 14105 >>> userPassword: secret >>> >>> dn: cn=domainAdmins,ou=Groups,dc=mydomain >>> cn: domainAdmins >>> description: Domain Admins >>> objectClass: sambaGroupMapping >>> objectClass: posixGroup >>> gidNumber: 2000 >>> sambaSID: S-1-5-21-4074884656-2525905897-914379862-512 >>> sambaGroupType: 2 >>> displayName: Domain Admin >>> >>> dn: ou=xwiki,ou=Groups,dc=mydomain >>> ou: xwiki >>> objectClass: top >>> objectClass: organizationalUnit >>> >>> dn: cn=users,ou=xwiki,ou=Groups,dc=mydomain >>> cn: users >>> member: uid=richi,ou=People,ou=Users,dc=mydomain >>> objectClass: groupOfNames >>> objectClass: top >>> ou: xwiki >>> >>> dn: cn=admins,ou=xwiki,ou=Groups,dc=mydomain >>> cn: admins >>> member: uid=richi,ou=People,ou=Users,dc=mydomain >>> ou: xwiki >>> objectClass: groupOfNames >>> objectClass: top >>> >>> >>> ------------------------------------------------- END ldif >>> ------------------------------------------------------------ >>> >>> ------------------------------------------------- BEGIN xwiki.cfg >>> ------------------------------------------------ >>> #-# new LDAP authentication service >>> xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl >>> >>> #-# Turn LDAP authentication on - otherwise only XWiki authentication >>> #-# 0: disable >>> #-# 1: enable >>> xwiki.authentication.ldap=1 >>> >>> #-# LDAP Server (Active Directory, eDirectory, OpenLDAP, etc.) >>> xwiki.authentication.ldap.server=localhost >>> xwiki.authentication.ldap.port=389 >>> >>> #-# LDAP login, empty = anonymous access, otherwise specify full dn >>> #-# {0} is replaced with the username, {1} with the password >>> xwiki.authentication.ldap.bind_DN=uid={0},ou=People,ou=Users,dc=mydomain >>> xwiki.authentication.ldap.bind_pass={1} >>> >>> #-# Force to check password after LDAP connection >>> #-# 0: disable >>> #-# 1: enable >>> xwiki.authentication.ldap.validate_password=0 >>> >>> #-# only members of the following group will be verified in the LDAP >>> # otherwise only users that are found after searching starting from the >>> base_DN >>> xwiki.authentication.ldap.user_group=cn=users,ou=xwiki,ou=Groups,dc=mydomain >>> >>> #-# base DN for searches >>> xwiki.authentication.ldap.base_DN=ou=People,ou=Users,dc=mydomain >>> #-# Specifies the LDAP attribute containing the identifier to be used as >>> the XWiki name (default=cn) >>> xwiki.authentication.ldap.UID_attr=uid >>> >>> #-# [SINCE 1.5M1, XWikiLDAPAuthServiceImpl] >>> #-# Specifies the LDAP attribute containing the password to be used "when >>> xwiki.authentication.ldap.validate_password" is set to 1 >>> xwiki.authentication.ldap.password_field=userPassword >>> >>> #-# [SINCE 1.5M1, XWikiLDAPAuthServiceImpl] >>> #-# The potential LDAP groups classes. Separated by commas. >>> xwiki.authentication.ldap.group_classes=group,groupOfNames,groupOfUniqueNames,dynamicGroup >>> >>> #-# [SINCE 1.5M1, XWikiLDAPAuthServiceImpl] >>> #-# The potential names of the LDAP groups fields containings the members. >>> Separated by commas. >>> xwiki.authentication.ldap.group_memberfields=member,uniqueMember >>> >>> #-# retrieve the following fields from LDAP and store them in the XWiki >>> user object (xwiki-attribute=ldap-attribute) >>> #-# ldap_dn=dn -- dn is set by class, caches dn in XWiki.user object for >>> faster access >>> xwiki.authentication.ldap.fields_mapping=last_name=sn,first_name=givenName,fullname=displayName,email=mail >>> >>> #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] >>> #-# on every login update the mapped attributes from LDAP to XWiki >>> otherwise thi >>> s happens only once when the XWiki account is created. >>> xwiki.authentication.ldap.update_user=1 >>> >>> #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] >>> #-# mapps XWiki groups to LDAP groups, separator is "|" >>> xwiki.authentication.ldap.group_mapping=\ >>> XWiki.XWikiAdminGroup=cn=admins,ou=xwiki,ou=Groups,dc=mydomain|\ >>> XWiki.XWikiAllGroup=cn=users,ou=xwiki,ou=Groups,dc=mydomain >>> >>> #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] >>> #-# time in s after which the list of members in a group is refreshed from >>> LDAP (default=3600*6) >>> #Every half an hour >>> xwiki.authentication.ldap.groupcache_expiration=1800 >>> >>> #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] >>> #-# - create : synchronize group membership only when the user is first >>> created >>> #-# - always: synchronize on every login >>> xwiki.authentication.ldap.mode_group_sync=always >>> >>> #-# if ldap authentication fails for any reason, try XWiki DB >>> authentication with the same credentials >>> xwiki.authentication.ldap.trylocal=0 >>> >>> #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] >>> #-# SSL connection to LDAP server >>> #-# 0: normal >>> #-# 1: SSL >>> # xwiki.authentication.ldap.ssl=0 >>> >>> #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] >>> #-# The keystore file to use in SSL connection >>> # xwiki.authentication.ldap.ssl.keystore= >>> >>> #-# [SINCE 1.5M1, XWikiLDAPAuthServiceImpl] >>> #-# The java secure provider used in SSL connection >>> # >>> xwiki.authentication.ldap.ssl.secure_provider=com.sun.net.ssl.internal.ssl.Provider >>> >>> --------------------------------------------------- END xwiki.cfg >>> --------------------------------------------------------- >>> >>> _________________________________________________________________ >>> Get ideas on sharing photos from people like you. Find new ways to share. >>> http://www.windowslive.com/explore/photogallery/posts?ocid=TXT_TAGLM_WL_Photo_Gallery_082008 >>> _______________________________________________ >>> users mailing list >>> users@xwiki.org >>> http://lists.xwiki.org/mailman/listinfo/users >>> >> >> >> >> -- >> Thomas Mortagne >> > > > > -- > Thomas Mortagne > -- Thomas Mortagne _______________________________________________ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
