On Wed, Oct 8, 2008 at 11:51 AM, Thomas Mortagne <[EMAIL PROTECTED]> wrote: > On Tue, Oct 7, 2008 at 8:17 PM, Jamison Novak <[EMAIL PROTECTED]> wrote: >> Hi Thomas, >> >> Thanks, as always, for the reply. >> >>> Shouldn't your base_DN be >>> xwiki.authentication.ldap.base_DN=dc=NNNNN,dc=com as your bind_DN >>> does not seems included in it ? >> >> Our bind user isn't really a user, so I specified the base_DN in such a >> way that only real people are included in the search. I've modified it >> as you suggested, but it had no effect. >> >> I have the DEBUG log enabled already, which is how I got the information >> for my initial question. It is not altogether helpful, though. >> >> >>> Since XE 1.6, the default LDAP authenticator is >>> XWikiLDAPAuthServiceImpl as you can see in the log. >> >> I have that specifically enabled in both my 1.5 and 1.6 xwiki.cfg file. >> >> #-# new LDAP authentication service >> xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAut >> hServiceImpl >> >> With that enabled, our 1.5.2.12758 install of XWiki successfully >> authenticates against our Active Directory domain. It binds, it >> authenticates me, and logs me in. >> >> Our 1.6.13286 install does not. >> >> I think the problem is that, with the 1.6 installation, it is not >> binding to the AD server while the 1.5 install is. >> >> 12:58:07,674 [http://wiki-dev/bin/loginsubmit/XWiki/XWikiLogin] >> [resin-tcp-connection-127.0.0.1:6808-1] DEBUG >> LDAP.XWikiLDAPAuthServiceImpl >> - Found user dn with the user object: null >> [ ... ] >> 12:58:07,741 [http://wiki-dev/bin/loginsubmit/XWiki/XWikiLogin] >> [resin-tcp-connection-127.0.0.1:6808-1] DEBUG >> ldap.XWikiLDAPConnection >> - LDAP Search failed >> LDAPException: No Such Object (32) No Such Object >> LDAPException: Server Message: 0000208D: NameErr: DSID-031001A8, >> problem 2001 >> (NO_OBJECT), data 0, best match of: >> '' >> ^@ >> LDAPException: Matched DN: >> at com.novell.ldap.LDAPResponse.getResultException(Unknown >> Source) >> at com.novell.ldap.LDAPResponse.chkResultCode(Unknown Source) >> at com.novell.ldap.LDAPSearchResults.next(Unknown Source) >> at >> com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.searchLDAP(XWikiLDAPConnec >> tion.java:270) >> at >> com.xpn.xwiki.plugin.ldap.XWikiLDAPUtils.searchUserAttributesByUid(XWiki >> LDAPUtils.java:507) >> at >> com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticateIn >> Context(XWikiLDAPAuthServiceImpl.java:338) >> [ ... ] >> >> >> In the 1.5 DEBUG log, the "Found user dn" log line returns the proper >> information, rather than "null". (See my previous message). >> >> What I want to know is why it succeeds in 1.5, but fails in 1.6 - both >> using the same xwiki.cfg settings for all things LDAP. The DEBUG log is >> not helping me understand why exactly it's failing. > > I would like to know too ;) > >> >> The ONLY thing I can think of is that the space in "Service Accounts" in >> our bind_DN is causing it to break under 1.6. >> >> xwiki.authentication.ldap.bind_DN=cn=svc_webapp,ou=Service >> Accounts,dc=MLT,dc=inc >> >> Is that possible? Can you think of any other reasons why it would be >> failing? Both instances are running on the same server, just obviously >> not the same Java/Resin instance. > > I don't think that's the problem no... but there something weird in your log: >>LDAP: user:jnovak base: >> query:(sAMAccountName=jnovak) uid:sAMAccountName > > the base DN should be printed here so I think that's the problem: the > search is done with an empty base DN. My guess is that it's a bug > introduced in 1.6 but every unit test pass on this... > > I'm searching a little more...
I think i found something, i'm fixing and committing and you will be able to test if it's working for you with a 1.6-SNAPSHOT version. > >> >> > >> >> Confused, >> Jamie >> _______________________________________________ >> users mailing list >> [email protected] >> http://lists.xwiki.org/mailman/listinfo/users >> > > > > -- > Thomas Mortagne > -- Thomas Mortagne _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users
