Hm, I'm still getting nothing. Where are the logs for ldap related issues held?
Sam On Oct 22, 2008, at 9:44 AM, Thomas Mortagne wrote: > Hi, > > On Wed, Oct 22, 2008 at 6:32 PM, Samuel Lee <[EMAIL PROTECTED]> > wrote: >> I can't seem to get my XWiki to recognize my AD usernames. Can >> anyone >> take a look at my xwiki.cfg to see if I'm doing something wrong? >> >> When I try to log into the xwiki, I get a "Wrong User name", and the >> user i'm using is in the crbs-admin group, which I've mapped to the >> XWiki.XWikiAdminGroup group. >> >> Thanks, >> Sam >> >> #-# new LDAP authentication service^M >> xwiki >> .authentication >> .authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl >> >> #-# Turn LDAP authentication on - otherwise only XWiki authentication >> #-# 0: disable >> #-# 1: enable^M >> xwiki.authentication.ldap=1 >> >> #-# LDAP Server (Active Directory, eDirectory, OpenLDAP, etc.)^M >> xwiki.authentication.ldap.server=ldap.ad.xxxx.yyy >> xwiki.authentication.ldap.port=636 >> >> #-# LDAP login, empty = anonymous access, otherwise specify full dn >> ^M >> #-# {0} is replaced with the username, {1} with the password >> # >> xwiki >> .authentication >> .ldap >> .bind_DN >> =cn={0},department=USER,department=INFORMATIK,department=1230,o=MP^M >> xwiki.authentication.ldap.bind_DN={0} > > This means that the login entered by use will be used to authenticate > against LDAP/AD server. But enter an uid and not the complete DN. > You should look at > http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication#HLDAPConfigurationforActiveDirectory > >> xwiki.authentication.ldap.bind_pass={1} >> >> #-# Force to check password after LDAP connection >> #-# 0: disable >> #-# 1: enable >> xwiki.authentication.ldap.validate_password=0 >> ^M >> #-# only members of the following group will be verified in the >> LDAP^M >> # otherwise only users that are found after searching starting from >> the base_DN^M >> # >> xwiki >> .authentication >> .ldap.user_group=cn=developers,ou=groups,o=MegaNova,c=US^M >> ^M >> #-# base DN for searches^M >> xwiki.authentication.ldap.base_DN=OU=CRBS,DC=AD,DC=XXXX,DC=YYY >> ^M >> #-# Specifies the LDAP attribute containing the identifier to be used >> as the XWiki name (default=cn)^M >> xwiki.authentication.ldap.UID_attr=sAMAccountName >> >> #-# [SINCE 1.5M1, XWikiLDAPAuthServiceImpl] >> #-# Specifies the LDAP attribute containing the password to be used >> "when xwiki.authentication.ldap.validate_password" is set to 1 >> # xwiki.authentication.ldap.password_field=userPassword >> >> #-# [SINCE 1.5M1, XWikiLDAPAuthServiceImpl] >> #-# The potential LDAP groups classes. Separated by commas. >> # >> xwiki >> .authentication >> .ldap >> .group_classes >> = >> group >> ,groupOfNames >> ,groupOfUniqueNames >> ,dynamicGroup,dynamicGroupAux,groupWiseDistributionList >> >> #-# [SINCE 1.5M1, XWikiLDAPAuthServiceImpl] >> #-# The potential names of the LDAP groups fields containings the >> members. Separated by commas. >> # xwiki.authentication.ldap.group_memberfields=member,uniqueMember^M >> ^M >> #-# retrieve the following fields from LDAP and store them in the >> XWiki user object (xwiki-attribute=ldap-attribute) >> #-# ldap_dn=dn -- dn is set by class, caches dn in XWiki.user object >> for faster access^M >> xwiki >> .authentication >> .ldap >> .fields_mapping >> = >> name >> = >> sAMAccountName >> ,last_name >> =sn,first_name=givenName,fullname=fullName,email=mail,ldap_dn=dn >> ^M >> #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] >> #-# on every login update the mapped attributes from LDAP to XWiki >> otherwise this happens only once when the XWiki account is created.^M >> xwiki.authentication.ldap.update_user=1 >> ^M >> #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] >> #-# mapps XWiki groups to LDAP groups, separator is "|"^M >> xwiki >> .authentication.ldap.group_mapping=XWiki.XWikiAdminGroup=CN=crbs- >> admin,OU=CRBS,DC=AD,DC=XXXX,DC=YYY|XWiki.XWiki.AllGroup=CN=crbs- >> users,OU=CRBS,DC=AD,DC=XXXX,DC=YYY >> # >> XWiki.Organisation=cn=testers,ou=groups,o=MegaNova,c=US^M >> ^M >> #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] >> #-# time in s after which the list of members in a group is refreshed >> from LDAP (default=3600*6)^M >> # xwiki.authentication.ldap.groupcache_expiration=21800^M >> >> #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl]^M >> #-# - create : synchronize group membership only when the user is >> first created >> #-# - always: synchronize on every login^M >> # xwiki.authentication.ldap.mode_group_sync=always^M >> ^M >> #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] >> #-# if ldap authentication fails for any reason, try XWiki DB >> authentication with the same credentials^M >> xwiki.authentication.ldap.trylocal=1 >> >> #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] >> #-# SSL connection to LDAP server >> #-# 0: normal >> #-# 1: SSL >> # xwiki.authentication.ldap.ssl=0 >> >> #-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl] >> #-# The keystore file to use in SSL connection >> # xwiki.authentication.ldap.ssl.keystore= >> >> #-# [SINCE 1.5M1, XWikiLDAPAuthServiceImpl] >> #-# The java secure provider used in SSL connection >> # >> xwiki >> .authentication >> .ldap.ssl.secure_provider=com.sun.net.ssl.internal.ssl.Provider >> >> _______________________________________________ >> users mailing list >> users@xwiki.org >> http://lists.xwiki.org/mailman/listinfo/users >> > > > > -- > Thomas Mortagne > _______________________________________________ > users mailing list > users@xwiki.org > http://lists.xwiki.org/mailman/listinfo/users > _______________________________________________ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users