Hi Thomas, Thanks, as always, for the reply.
> Shouldn't your base_DN be > xwiki.authentication.ldap.base_DN=dc=NNNNN,dc=com as your bind_DN > does not seems included in it ? Our bind user isn't really a user, so I specified the base_DN in such a way that only real people are included in the search. I've modified it as you suggested, but it had no effect. I have the DEBUG log enabled already, which is how I got the information for my initial question. It is not altogether helpful, though. > Since XE 1.6, the default LDAP authenticator is > XWikiLDAPAuthServiceImpl as you can see in the log. I have that specifically enabled in both my 1.5 and 1.6 xwiki.cfg file. #-# new LDAP authentication service xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAut hServiceImpl With that enabled, our 1.5.2.12758 install of XWiki successfully authenticates against our Active Directory domain. It binds, it authenticates me, and logs me in. Our 1.6.13286 install does not. I think the problem is that, with the 1.6 installation, it is not binding to the AD server while the 1.5 install is. 12:58:07,674 [http://wiki-dev/bin/loginsubmit/XWiki/XWikiLogin] [resin-tcp-connection-127.0.0.1:6808-1] DEBUG LDAP.XWikiLDAPAuthServiceImpl - Found user dn with the user object: null [ ... ] 12:58:07,741 [http://wiki-dev/bin/loginsubmit/XWiki/XWikiLogin] [resin-tcp-connection-127.0.0.1:6808-1] DEBUG ldap.XWikiLDAPConnection - LDAP Search failed LDAPException: No Such Object (32) No Such Object LDAPException: Server Message: 0000208D: NameErr: DSID-031001A8, problem 2001 (NO_OBJECT), data 0, best match of: '' ^@ LDAPException: Matched DN: at com.novell.ldap.LDAPResponse.getResultException(Unknown Source) at com.novell.ldap.LDAPResponse.chkResultCode(Unknown Source) at com.novell.ldap.LDAPSearchResults.next(Unknown Source) at com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.searchLDAP(XWikiLDAPConnec tion.java:270) at com.xpn.xwiki.plugin.ldap.XWikiLDAPUtils.searchUserAttributesByUid(XWiki LDAPUtils.java:507) at com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticateIn Context(XWikiLDAPAuthServiceImpl.java:338) [ ... ] In the 1.5 DEBUG log, the "Found user dn" log line returns the proper information, rather than "null". (See my previous message). What I want to know is why it succeeds in 1.5, but fails in 1.6 - both using the same xwiki.cfg settings for all things LDAP. The DEBUG log is not helping me understand why exactly it's failing. The ONLY thing I can think of is that the space in "Service Accounts" in our bind_DN is causing it to break under 1.6. xwiki.authentication.ldap.bind_DN=cn=svc_webapp,ou=Service Accounts,dc=MLT,dc=inc Is that possible? Can you think of any other reasons why it would be failing? Both instances are running on the same server, just obviously not the same Java/Resin instance. Confused, Jamie _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users
