Hello again, I've been running XE 1.5 for a while and our LDAP authentication against Active Directory works fine. I've installed a separate, test instance of XE 1.6 and, using the same LDAP configuration, all of our login attempts fail when going against our Active Directory server. 09:04:00,401 [http://xwiki-dev/bin/loginsubmit/XWiki/XWikiLogin] [resin-tcp-connection-127.0.0.1:6808-1] DEBUG LDAP.XWikiLDAPAuthServiceImpl - Found user dn with the user object: null 09:04:00,402 [http://xwiki-dev/bin/loginsubmit/XWiki/XWikiLogin] [resin-tcp-connection-127.0.0.1:6808-1] DEBUG ldap.XWikiLDAPConfig - Ready to create user from LDAP with fields name=sAMAccountName,last_name=sn,first_name=givenName,fullname=displayNa me,mail=mail,ldap_dn=dn 09:04:00,402 [http://xwiki-dev/bin/loginsubmit/XWiki/XWikiLogin] [resin-tcp-connection-127.0.0.1:6808-1] DEBUG ldap.XWikiLDAPUtils - Searching for the user in LDAP: user:jnovak base: query:(sAMAccountName=jnovak) uid:sAMAccountName 09:04:00,484 [http://xwiki-dev/bin/loginsubmit/XWiki/XWikiLogin] [resin-tcp-connection-127.0.0.1:6808-1] DEBUG ldap.XWikiLDAPConnection - LDAP Search failed LDAPException: No Such Object (32) No Such Object LDAPException: Server Message: 0000208D: NameErr: DSID-031001A8, problem 2001 (NO_OBJECT), data 0, best match of: '' Our XE 1.5.2.12758 installation with the same configuration works fine. Does the above error look to you like it's not even binding to the AD server? That's my hunch. The first log line on our working 1.5 install look like this when I authenticate: 08:47:09,148 [http://xwiki/bin/loginsubmit/XWiki/XWikiLogin] [resin-tcp-connection-127.0.0.1:6807-3] DEBUG LDAP.XWikiLD APAuthServiceImpl - Found user dn with the user object: CN=Jamison Novak,CN=Users,DC=NNNNN,DC=com This is our base_DN:
xwiki.authentication.ldap.base_DN=cn=Users,dc=NNNNN,dc=com This is our bind_DN: xwiki.authentication.ldap.bind_DN=cn=svc_webapp,ou=Service Accounts,dc=NNNNN,dc=com Is it possible that the space in the "ou=Service Accounts" is causing some unlogged error? I tried putting quotes around the entire thing (bind_dn="string here"), but that just caused it to fail to try LDAP at all. Any thoughts? I'm really confused why it's changed between 1.5 and 1.6 like this, at least for us. -Jamie _______________________________________________ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users