On Mon, Oct 13, 2008 at 1:43 PM, Art Yeung <[EMAIL PROTECTED]> wrote: > > > > Thomas Mortagne wrote: >> >> On Tue, Oct 7, 2008 at 1:06 PM, Art Yeung <[EMAIL PROTECTED]> >> wrote: >>> >>> >>> >>> Thomas Mortagne wrote: >>>> >>>> See http://markmail.org/message/jlsqhlrk2d3kwyrx >>>> >>>> On Tue, Oct 7, 2008 at 9:34 AM, Art Yeung <[EMAIL PROTECTED]> >>>> wrote: >>>>> >>>>> Hi All, >>>>> >>>>> I have a XWiki on version 1.5.1 and recently upgraded to 1.6.13286 with >>>>> LDAP >>>>> integrated for Authentication. In both versions, I have turned DEBUG on >>>>> and >>>>> noticed there are LDAP connections on not only when users login but on >>>>> "every" action, even just naviation from one spacec to another. >>>>> >>>>> I would thought LDAP call will only be made during the login process? >>>>> or >>>>> is >>>>> there anything I missed in the config? >>>>> >>>>> Here are the debug messages when I do my test by clicking on a link to >>>>> a >>>>> Space. I have also attach the LDAP config as well. >>>>> >>>>> Thanks a lot! >>>>> =================================== >>>>> 08:22:32,069 [http://myhost/xwiki/bin/view/Admin/] [TP-Processor7] >>>>> DEBUG >>>>> ldap.XWikiLDAPConnection - Connecting to LDAP using SSL >>>>> 08:22:32,507 [http://myhost/xwiki/bin/view/Admin/] [TP-Processor7] >>>>> DEBUG >>>>> LDAP.XWikiLDAPAuthServiceImpl - Found user dn with the user object: >>>>> cn=MY_LDAP_ID,ou=People,dc=mydc,dc=net >>>>> 08:22:32,702 [http://myhost/xwiki/bin/view/Admin/] [TP-Processor7] >>>>> DEBUG >>>>> LDAP.XWikiLDAPAuthServiceImpl - LDAP attributes will be used to >>>>> update >>>>> XWiki attributes. >>>>> 08:22:32,703 [http://myhost/xwiki/bin/view/Admin/] [TP-Processor7] >>>>> DEBUG >>>>> ldap.XWikiLDAPConfig - Ready to create user from LDAP with >>>>> fields >>>>> last_name=sn,first_name=givenName,fullname=fullName,email=mail,ldap_dn=dn >>>>> 08:22:32,810 [http://myhost/xwiki/bin/view/Admin/] [TP-Processor7] >>>>> DEBUG >>>>> LDAP.XWikiLDAPAuthServiceImpl - Updating existing user with >>>>> LDAPattribues >>>>> located at cn=MY_LDAP_ID,ou=People,dc=mydc,dc=net >>>>> 08:22:32,811 [http://myhost/xwiki/bin/view/Admin/] [TP-Processor7] >>>>> DEBUG >>>>> ldap.XWikiLDAPConfig - Ready to create user from LDAP with >>>>> fields >>>>> last_name=sn,first_name=givenName,fullname=fullName,email=mail,ldap_dn=dn >>>>> 08:22:33,115 [http://myhost/xwiki/bin/view/Admin/] [TP-Processor7] >>>>> DEBUG >>>>> ldap.XWikiLDAPConnection - Connecting to LDAP using SSL >>>>> 08:22:33,564 [http://myhost/xwiki/bin/view/Admin/] [TP-Processor7] >>>>> DEBUG >>>>> LDAP.XWikiLDAPAuthServiceImpl - Found user dn with the user object: >>>>> null >>>>> 08:22:33,565 [http://myhost/xwiki/bin/view/Admin/] [TP-Processor7] >>>>> DEBUG >>>>> ldap.XWikiLDAPConfig - Ready to create user from LDAP with >>>>> fields >>>>> last_name=sn,first_name=givenName,fullname=fullName,email=mail,ldap_dn=dn >>>>> 08:22:33,566 [http://myhost/xwiki/bin/view/Admin/] [TP-Processor7] >>>>> DEBUG >>>>> ldap.XWikiLDAPUtils - Searching for the user in LDAP: >>>>> user:MY_LDAP_ID base: query:(cn=MY_LDAP_ID) uid:cn >>>>> 08:22:33,865 [http://myhost/xwiki/bin/view/Admin/] [TP-Processor7] >>>>> DEBUG >>>>> LDAP.XWikiLDAPAuthServiceImpl - LDAP attributes will be used to >>>>> update >>>>> XWiki attributes. >>>>> 08:22:33,865 [http://myhost/xwiki/bin/view/Admin/] [TP-Processor7] >>>>> DEBUG >>>>> LDAP.XWikiLDAPAuthServiceImpl - Updating existing user with >>>>> LDAPattribues >>>>> located at cn=MY_LDAP_ID,ou=People,dc=mydc,dc=net >>>>> 08:22:33,866 [http://myhost/xwiki/bin/view/Admin/] [TP-Processor7] >>>>> DEBUG >>>>> ldap.XWikiLDAPConfig - Ready to create user from LDAP with >>>>> fields >>>>> last_name=sn,first_name=givenName,fullname=fullName,email=mail,ldap_dn=dn >>>>> [WARNING] Deprecated usage of method [com.xpn.xwiki.api.XWiki.split] in >>>>> [EMAIL PROTECTED],36 >>>>> 08:22:34,989 >>>>> [http://myhost/xwiki/bin/view/Admin/?xpage=xpart&vm=commentsinline.vm] >>>>> [TP-Processor7] DEBUG ldap.XWikiLDAPConnection -Connecting to >>>>> LDAP >>>>> using SSL >>>>> 08:22:35,548 >>>>> [http://myhost/xwiki/bin/view/Admin/?xpage=xpart&vm=commentsinline.vm] >>>>> [TP-Processor7] DEBUG LDAP.XWikiLDAPAuthServiceImpl -Found user dn >>>>> with >>>>> the user object: cn=MY_LDAP_ID,ou=People,dc=mydc,dc=net >>>>> 08:22:35,743 >>>>> [http://myhost/xwiki/bin/view/Admin/?xpage=xpart&vm=commentsinline.vm] >>>>> [TP-Processor7] DEBUG LDAP.XWikiLDAPAuthServiceImpl -LDAP attributes >>>>> will >>>>> be used to update XWiki attributes. >>>>> 08:22:35,744 >>>>> [http://myhost/xwiki/bin/view/Admin/?xpage=xpart&vm=commentsinline.vm] >>>>> [TP-Processor7] DEBUG ldap.XWikiLDAPConfig -Ready to create >>>>> user >>>>> from LDAP with fields >>>>> last_name=sn,first_name=givenName,fullname=fullName,email=mail,ldap_dn=dn >>>>> 08:22:35,848 >>>>> [http://myhost/xwiki/bin/view/Admin/?xpage=xpart&vm=commentsinline.vm] >>>>> [TP-Processor7] DEBUG LDAP.XWikiLDAPAuthServiceImpl -Updating >>>>> existing >>>>> user with LDAP attribues located at >>>>> cn=MY_LDAP_ID,ou=People,dc=mydc,dc=net >>>>> 08:22:35,849 >>>>> [http://myhost/xwiki/bin/view/Admin/?xpage=xpart&vm=commentsinline.vm] >>>>> [TP-Processor7] DEBUG ldap.XWikiLDAPConfig -Ready to create >>>>> user >>>>> from LDAP with fields >>>>> last_name=sn,first_name=givenName,fullname=fullName,email=mail,ldap_dn=dn >>>>> >>>>> =================================== >>>>> >>>>> xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl >>>>> xwiki.authentication.ldap.base_DN=ou=People,dc=mydc,dc=net >>>>> xwiki.authentication.ldap.bind_DN=cn=xwikiAdmin, ou=myou, ou=myou2, >>>>> ou=Applications, dc=mydc, dc=net >>>>> xwiki.authentication.ldap.bind_pass=mypassword >>>>> xwiki.authentication.ldap.fields_mapping=last_name=sn,first_name=givenName,fullname=fullName,email=mail,ldap_dn=dn >>>>> xwiki.authentication.ldap.group_classes=group,groupOfNames,groupOfUniqueNames,dynamicGroup,dynamicGroupAux,groupWiseDistributionList >>>>> xwiki.authentication.ldap.group_memberfields=member,uniqueMember >>>>> xwiki.authentication.ldap.mode_group_sync=always >>>>> xwiki.authentication.ldap.port=636 >>>>> xwiki.authentication.ldap.server=1.2.3.4 >>>>> xwiki.authentication.ldap.ssl.keystore=wiki_keystore.jks >>>>> xwiki.authentication.ldap.ssl.secure_provider=com.sun.net.ssl.internal.ssl.Provider >>>>> xwiki.authentication.ldap.ssl=1 >>>>> xwiki.authentication.ldap.trylocal=1 >>>>> xwiki.authentication.ldap.update_user=1 >>>>> xwiki.authentication.ldap.validate_password=0 >>>>> xwiki.authentication.ldap=1 >>>>> >>>>> =================================== >>>>> >>>>> -- >>>>> View this message in context: >>>>> http://n2.nabble.com/Unexpected-LDAP-Connection-Issue-tp1302910p1302910.html >>>>> Sent from the XWiki- Users mailing list archive at Nabble.com. >>>>> >>>>> _______________________________________________ >>>>> users mailing list >>>>> [email protected] >>>>> http://lists.xwiki.org/mailman/listinfo/users >>>>> >>>> >>>> >>>> >>>> -- >>>> Thomas Mortagne >>>> _______________________________________________ >>>> users mailing list >>>> [email protected] >>>> http://lists.xwiki.org/mailman/listinfo/users >>>> >>>> >>> >>> >>> Just saw the post, thanks a lot. >>> >>> However, why is that necessary? Thanks >> >> There is no good reason for that, it's just the way general >> authentication is working currently and it has to be improved. The >> jira issue I pointed is one solution for LDAP authentication.. >> >>> >>> -- >>> View this message in context: >>> http://n2.nabble.com/Unexpected-LDAP-Connection-Issue-tp1302910p1303254.html >>> Sent from the XWiki- Users mailing list archive at Nabble.com. >>> >>> _______________________________________________ >>> users mailing list >>> [email protected] >>> http://lists.xwiki.org/mailman/listinfo/users >>> >> >> >> >> -- >> Thomas Mortagne >> _______________________________________________ >> users mailing list >> [email protected] >> http://lists.xwiki.org/mailman/listinfo/users >> >> > > > Hi Thomas, > > [Nabble told me my last post didn't get sent, so reposting, apologize if it > caused a duplication] > > Thanks for the clarification. However, I have futher question about the > connection. The following are the debug messages from log4j when a user did > a single click on a normal navigation. There are basically 3 parts. > 1st, user found > 2nd, user object null (which is my main question) > 3rd, getting the page comment > > I assume after the first connection, users was authenticated. Why there was > the 2nd connection with null object? I am using Enterprise LDAP, and not be > able to go live into Production without clearing this issue. I have the > Trace from LDAP side if that helps. > > I am planning to go live the system in 2 weeks, so its fairly urgent to get > this issue resolved please. Appreciate your thoughts. > > Many Thanks > Art > =========================================================== > First Part, found user > =========================================================== > 17:57:22,398 [https://localhost/xwiki/bin/view/Admin/] [TP-Processor8] DEBUG > LDAP.XWikiLDAPAuthServiceImpl - Found user dn with the user object: > cn=MYID,ou=People,dc=MYDC,dc=net > 17:57:22,591 [https://localhost/xwiki/bin/view/Admin/] [TP-Processor8] DEBUG > LDAP.XWikiLDAPAuthServiceImpl - LDAP attributes will be used toupdate > XWiki attributes. > 17:57:22,592 [https://localhost/xwiki/bin/view/Admin/] [TP-Processor8] DEBUG > ldap.XWikiLDAPConfig - Ready to create user from LDAP with fields > last_name=sn,first_name=givenName,fullname=fullName,email=mail,ldap_dn=dn > 17:57:22,712 [https://localhost/xwiki/bin/view/Admin/] [TP-Processor8] DEBUG > LDAP.XWikiLDAPAuthServiceImpl - Updating existing user with LDAP attribues > located at cn=MYID,ou=People,dc=MYDC,dc=net > 17:57:22,716 [https://localhost/xwiki/bin/view/Admin/] [TP-Processor8] DEBUG > ldap.XWikiLDAPConfig - Ready to create user from LDAP with fields > last_name=sn,first_name=givenName,fullname=fullName,email=mail,ldap_dn=dn >
This looks like an already complete authentication as I don't see configuration for group mapping in your previous mail. I think theses three part are tree differnts authentications. > =========================================================== > Second Part, user object null > =========================================================== > 17:57:23,726 [https://localhost/xwiki/bin/view/Admin/] [TP-Processor8] DEBUG > LDAP.XWikiLDAPAuthServiceImpl - Found user dn with the user object: null > 17:57:23,727 [https://localhost/xwiki/bin/view/Admin/] [TP-Processor8] DEBUG > ldap.XWikiLDAPConfig - Ready to create user from LDAP with fields > last_name=sn,first_name=givenName,fullname=fullName,email=mail,ldap_dn=dn > 17:57:23,729 [https://localhost/xwiki/bin/view/Admin/] [TP-Processor8] DEBUG > ldap.XWikiLDAPUtils - Searching for the user in LDAP:user:MYID > base: query:(cn=MYID) uid:cn > 17:57:24,171 [https://localhost/xwiki/bin/view/Admin/] [TP-Processor8] DEBUG > LDAP.XWikiLDAPAuthServiceImpl - LDAP attributes will be used toupdate > XWiki attributes. > 17:57:24,172 [https://localhost/xwiki/bin/view/Admin/] [TP-Processor8] DEBUG > LDAP.XWikiLDAPAuthServiceImpl - Updating existing user with LDAP attribues > located at cn=MYID,ou=People,dc=MYDC,dc=net > 17:57:24,173 [https://localhost/xwiki/bin/view/Admin/] [TP-Processor8] DEBUG > ldap.XWikiLDAPConfig - Ready to create user from LDAP with fields > last_name=sn,first_name=givenName,fullname=fullName,email=mail,ldap_dn=dn > "Found user dn with the user object: " is about already registered LDAP DN found in XWiki user profile (to speed up authentication) : null just means authentication did not find any XWiki profile with LDAP DN for provided login. So It looks like a completely different authentication than the first one. Don't you have any logs between these two extracts ? > =========================================================== > Third Part, seems getting details for the page comment field which is > another LDAP call > =========================================================== > 17:57:26,590 > [https://localhost/xwiki/bin/view/Admin/?xpage=xpart&vm=commentsinline.vm] > [TP-Processor8] DEBUG LDAP.XWikiLDAPAuthServiceImpl - Found user dn with > the user object: cn=MYID,ou=People,dc=MYDC,dc=net > 17:57:26,794 > [https://localhost/xwiki/bin/view/Admin/?xpage=xpart&vm=commentsinline.vm] > [TP-Processor8] DEBUG LDAP.XWikiLDAPAuthServiceImpl - LDAP attributes will > be used to update XWiki attributes. > 17:57:26,796 > [https://localhost/xwiki/bin/view/Admin/?xpage=xpart&vm=commentsinline.vm] > [TP-Processor8] DEBUG ldap.XWikiLDAPConfig - Ready to create user > from LDAP with fields > last_name=sn,first_name=givenName,fullname=fullName,email=mail,ldap_dn=dn > 17:57:26,903 > [https://localhost/xwiki/bin/view/Admin/?xpage=xpart&vm=commentsinline.vm] > [TP-Processor8] DEBUG LDAP.XWikiLDAPAuthServiceImpl - Updating existing > user with LDAP attribues located at cn=MYID,ou=People,dc=MYDC,dc=net > 17:57:26,906 > [https://localhost/xwiki/bin/view/Admin/?xpage=xpart&vm=commentsinline.vm] > [TP-Processor8] DEBUG ldap.XWikiLDAPConfig - Ready to create user > from LDAP with fields > last_name=sn,first_name=givenName,fullname=fullName,email=mail,ldap_dn=dn > =========================================================== > -- > View this message in context: > http://n2.nabble.com/Unexpected-LDAP-Connection-Issue-tp1302910p1328530.html > Sent from the XWiki- Users mailing list archive at Nabble.com. > > _______________________________________________ > users mailing list > [email protected] > http://lists.xwiki.org/mailman/listinfo/users > -- Thomas Mortagne _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users
