Hi Jamie, On Tue, Oct 7, 2008 at 4:16 PM, Jamison Novak <[EMAIL PROTECTED]> wrote: > Hello again, > > I've been running XE 1.5 for a while and our LDAP authentication against > Active Directory works fine. I've installed a separate, test instance of > XE 1.6 and, using the same LDAP configuration, all of our login attempts > fail when going against our Active Directory server. > > > 09:04:00,401 [http://xwiki-dev/bin/loginsubmit/XWiki/XWikiLogin] > [resin-tcp-connection-127.0.0.1:6808-1] > DEBUG LDAP.XWikiLDAPAuthServiceImpl - Found user dn with the user > object: null > 09:04:00,402 [http://xwiki-dev/bin/loginsubmit/XWiki/XWikiLogin] > [resin-tcp-connection-127.0.0.1:6808-1] > DEBUG ldap.XWikiLDAPConfig - Ready to create user from > LDAP with fields > > name=sAMAccountName,last_name=sn,first_name=givenName,fullname=displayNa > me,mail=mail,ldap_dn=dn > 09:04:00,402 [http://xwiki-dev/bin/loginsubmit/XWiki/XWikiLogin] > [resin-tcp-connection-127.0.0.1:6808-1] > DEBUG ldap.XWikiLDAPUtils - Searching for the user in > LDAP: user:jnovak base: > query:(sAMAccountName=jnovak) uid:sAMAccountName > 09:04:00,484 [http://xwiki-dev/bin/loginsubmit/XWiki/XWikiLogin] > [resin-tcp-connection-127.0.0.1:6808-1] > DEBUG ldap.XWikiLDAPConnection - LDAP Search failed > LDAPException: No Such Object (32) No Such Object > LDAPException: Server Message: 0000208D: NameErr: DSID-031001A8, > problem 2001 (NO_OBJECT), > data 0, best match of: > '' > > Our XE 1.5.2.12758 installation with the same configuration works fine. > Does the above error look to you like it's not even binding to the AD > server? That's my hunch. > > The first log line on our working 1.5 install look like this when I > authenticate: > > 08:47:09,148 [http://xwiki/bin/loginsubmit/XWiki/XWikiLogin] > [resin-tcp-connection-127.0.0.1:6807-3] > DEBUG LDAP.XWikiLD APAuthServiceImpl - Found user dn with the user > object: > CN=Jamison Novak,CN=Users,DC=NNNNN,DC=com > > This is our base_DN: > > xwiki.authentication.ldap.base_DN=cn=Users,dc=NNNNN,dc=com > > This is our bind_DN: > > xwiki.authentication.ldap.bind_DN=cn=svc_webapp,ou=Service > Accounts,dc=NNNNN,dc=com
Shouldn't your base_DN be xwiki.authentication.ldap.base_DN=dc=NNNNN,dc=com as your bind_DN does not seems included in it ? you can enable "debug" log to get more informations (see http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication#HEnableLDAPdebuglog) > > Is it possible that the space in the "ou=Service Accounts" is causing > some unlogged error? I tried putting quotes around the entire thing > (bind_dn="string here"), but that just caused it to fail to try LDAP at > all. > > Any thoughts? I'm really confused why it's changed between 1.5 and 1.6 > like this, at least for us. Since XE 1.6, the default LDAP authenticator is XWikiLDAPAuthServiceImpl as you can see in the log. Before that it was LDAPAuthServiceImpl which is deprecated since 1.3. If you don't have any xwiki.authentication.authclass explicitly configured in xwiki.cfg that's the main difference between 1.5 and 1.6. If you want to use the old LDAP authenticator you need to add xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.LDAPAuthServiceImpl in xwiki.cfg > > -Jamie > _______________________________________________ > users mailing list > users@xwiki.org > http://lists.xwiki.org/mailman/listinfo/users > -- Thomas Mortagne _______________________________________________ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
