On Tue, Oct 7, 2008 at 8:17 PM, Jamison Novak <[EMAIL PROTECTED]> wrote: > Hi Thomas, > > Thanks, as always, for the reply. > >> Shouldn't your base_DN be >> xwiki.authentication.ldap.base_DN=dc=NNNNN,dc=com as your bind_DN >> does not seems included in it ? > > Our bind user isn't really a user, so I specified the base_DN in such a > way that only real people are included in the search. I've modified it > as you suggested, but it had no effect. > > I have the DEBUG log enabled already, which is how I got the information > for my initial question. It is not altogether helpful, though. > > >> Since XE 1.6, the default LDAP authenticator is >> XWikiLDAPAuthServiceImpl as you can see in the log. > > I have that specifically enabled in both my 1.5 and 1.6 xwiki.cfg file. > > #-# new LDAP authentication service > xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAut > hServiceImpl > > With that enabled, our 1.5.2.12758 install of XWiki successfully > authenticates against our Active Directory domain. It binds, it > authenticates me, and logs me in. > > Our 1.6.13286 install does not. > > I think the problem is that, with the 1.6 installation, it is not > binding to the AD server while the 1.5 install is. > > 12:58:07,674 [http://wiki-dev/bin/loginsubmit/XWiki/XWikiLogin] > [resin-tcp-connection-127.0.0.1:6808-1] DEBUG > LDAP.XWikiLDAPAuthServiceImpl > - Found user dn with the user object: null > [ ... ] > 12:58:07,741 [http://wiki-dev/bin/loginsubmit/XWiki/XWikiLogin] > [resin-tcp-connection-127.0.0.1:6808-1] DEBUG > ldap.XWikiLDAPConnection > - LDAP Search failed > LDAPException: No Such Object (32) No Such Object > LDAPException: Server Message: 0000208D: NameErr: DSID-031001A8, > problem 2001 > (NO_OBJECT), data 0, best match of: > '' > ^@ > LDAPException: Matched DN: > at com.novell.ldap.LDAPResponse.getResultException(Unknown > Source) > at com.novell.ldap.LDAPResponse.chkResultCode(Unknown Source) > at com.novell.ldap.LDAPSearchResults.next(Unknown Source) > at > com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.searchLDAP(XWikiLDAPConnec > tion.java:270) > at > com.xpn.xwiki.plugin.ldap.XWikiLDAPUtils.searchUserAttributesByUid(XWiki > LDAPUtils.java:507) > at > com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticateIn > Context(XWikiLDAPAuthServiceImpl.java:338) > [ ... ] > > > In the 1.5 DEBUG log, the "Found user dn" log line returns the proper > information, rather than "null". (See my previous message). > > What I want to know is why it succeeds in 1.5, but fails in 1.6 - both > using the same xwiki.cfg settings for all things LDAP. The DEBUG log is > not helping me understand why exactly it's failing.
I would like to know too ;) > > The ONLY thing I can think of is that the space in "Service Accounts" in > our bind_DN is causing it to break under 1.6. > > xwiki.authentication.ldap.bind_DN=cn=svc_webapp,ou=Service > Accounts,dc=MLT,dc=inc > > Is that possible? Can you think of any other reasons why it would be > failing? Both instances are running on the same server, just obviously > not the same Java/Resin instance. I don't think that's the problem no... but there something weird in your log: >LDAP: user:jnovak base: > query:(sAMAccountName=jnovak) uid:sAMAccountName the base DN should be printed here so I think that's the problem: the search is done with an empty base DN. My guess is that it's a bug introduced in 1.6 but every unit test pass on this... I'm searching a little more... > > > > Confused, > Jamie > _______________________________________________ > users mailing list > [email protected] > http://lists.xwiki.org/mailman/listinfo/users > -- Thomas Mortagne _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users
