On Wed, Oct 8, 2008 at 11:57 AM, Thomas Mortagne <[EMAIL PROTECTED]> wrote: > On Wed, Oct 8, 2008 at 11:51 AM, Thomas Mortagne > <[EMAIL PROTECTED]> wrote: >> On Tue, Oct 7, 2008 at 8:17 PM, Jamison Novak <[EMAIL PROTECTED]> wrote: >>> Hi Thomas, >>> >>> Thanks, as always, for the reply. >>> >>>> Shouldn't your base_DN be >>>> xwiki.authentication.ldap.base_DN=dc=NNNNN,dc=com as your bind_DN >>>> does not seems included in it ? >>> >>> Our bind user isn't really a user, so I specified the base_DN in such a >>> way that only real people are included in the search. I've modified it >>> as you suggested, but it had no effect. >>> >>> I have the DEBUG log enabled already, which is how I got the information >>> for my initial question. It is not altogether helpful, though. >>> >>> >>>> Since XE 1.6, the default LDAP authenticator is >>>> XWikiLDAPAuthServiceImpl as you can see in the log. >>> >>> I have that specifically enabled in both my 1.5 and 1.6 xwiki.cfg file. >>> >>> #-# new LDAP authentication service >>> xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAut >>> hServiceImpl >>> >>> With that enabled, our 1.5.2.12758 install of XWiki successfully >>> authenticates against our Active Directory domain. It binds, it >>> authenticates me, and logs me in. >>> >>> Our 1.6.13286 install does not. >>> >>> I think the problem is that, with the 1.6 installation, it is not >>> binding to the AD server while the 1.5 install is. >>> >>> 12:58:07,674 [http://wiki-dev/bin/loginsubmit/XWiki/XWikiLogin] >>> [resin-tcp-connection-127.0.0.1:6808-1] DEBUG >>> LDAP.XWikiLDAPAuthServiceImpl >>> - Found user dn with the user object: null >>> [ ... ] >>> 12:58:07,741 [http://wiki-dev/bin/loginsubmit/XWiki/XWikiLogin] >>> [resin-tcp-connection-127.0.0.1:6808-1] DEBUG >>> ldap.XWikiLDAPConnection >>> - LDAP Search failed >>> LDAPException: No Such Object (32) No Such Object >>> LDAPException: Server Message: 0000208D: NameErr: DSID-031001A8, >>> problem 2001 >>> (NO_OBJECT), data 0, best match of: >>> '' >>> ^@ >>> LDAPException: Matched DN: >>> at com.novell.ldap.LDAPResponse.getResultException(Unknown >>> Source) >>> at com.novell.ldap.LDAPResponse.chkResultCode(Unknown Source) >>> at com.novell.ldap.LDAPSearchResults.next(Unknown Source) >>> at >>> com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.searchLDAP(XWikiLDAPConnec >>> tion.java:270) >>> at >>> com.xpn.xwiki.plugin.ldap.XWikiLDAPUtils.searchUserAttributesByUid(XWiki >>> LDAPUtils.java:507) >>> at >>> com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticateIn >>> Context(XWikiLDAPAuthServiceImpl.java:338) >>> [ ... ] >>> >>> >>> In the 1.5 DEBUG log, the "Found user dn" log line returns the proper >>> information, rather than "null". (See my previous message). >>> >>> What I want to know is why it succeeds in 1.5, but fails in 1.6 - both >>> using the same xwiki.cfg settings for all things LDAP. The DEBUG log is >>> not helping me understand why exactly it's failing. >> >> I would like to know too ;) >> >>> >>> The ONLY thing I can think of is that the space in "Service Accounts" in >>> our bind_DN is causing it to break under 1.6. >>> >>> xwiki.authentication.ldap.bind_DN=cn=svc_webapp,ou=Service >>> Accounts,dc=MLT,dc=inc >>> >>> Is that possible? Can you think of any other reasons why it would be >>> failing? Both instances are running on the same server, just obviously >>> not the same Java/Resin instance. >> >> I don't think that's the problem no... but there something weird in your log: >>>LDAP: user:jnovak base: >>> query:(sAMAccountName=jnovak) uid:sAMAccountName >> >> the base DN should be printed here so I think that's the problem: the >> search is done with an empty base DN. My guess is that it's a bug >> introduced in 1.6 but every unit test pass on this... >> >> I'm searching a little more... > > I think i found something, i'm fixing and committing and you will be > able to test if it's working for you with a 1.6-SNAPSHOT version.
You can download the last 1.6 version including the fix at http://maven.xwiki.org/snapshots/com/xpn/xwiki/platform/xwiki-core/1.6-SNAPSHOT/. I would be great if you could test it for your configuration. > >> >>> >>> >> >>> >>> Confused, >>> Jamie >>> _______________________________________________ >>> users mailing list >>> [email protected] >>> http://lists.xwiki.org/mailman/listinfo/users >>> >> >> >> >> -- >> Thomas Mortagne >> > > > > -- > Thomas Mortagne > -- Thomas Mortagne _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users
