On Thu, Feb 5, 2009 at 12:03, Stefan Woehrer <[email protected]> wrote: > > > > ok .. as i enabled ldap debugging i get tons of messages ;-) very good. > > here is a piece of xwiki.log when the login doesn't work (beginning with > "Connection to LDAP server"): > > > > 11:31:34,605 [http://xwiki/bin/loginsubmit/XWiki/XWikiLogin] [http-80-3] > DEBUG ldap.XWikiLDAPConnection - Connection to LDAP server > [company.comp.co:389] > 11:31:49,761 [http://xwiki.company/bin/loginsubmit/XWiki/XWikiLogin] > [http-80-5] DEBUG LDAP.XWikiLDAPAuthServiceImpl - The provided user is > null. We don't try to authenticate, it probably means the user is in non > logged mode. > 11:31:49,761 [http://xwiki.company/bin/loginsubmit/XWiki/XWikiLogin] > [http-80-5] DEBUG ldap.XWikiLDAPConfig - ldap_group_classes: > [groupofnames, groupwisedistributionlist, dynamicgroup, dynamicgroupaux, > groupofuniquenames, group] > 11:31:49,761 [http://xwiki.company/bin/loginsubmit/XWiki/XWikiLogin] > [http-80-5] DEBUG ldap.XWikiLDAPConfig - ldap_group_memberfields: > [member, uniquemember] > 11:31:49,761 [http://xwiki.company/bin/loginsubmit/XWiki/XWikiLogin] > [http-80-5] DEBUG ldap.XWikiLDAPConnection - Connection to LDAP > server [company.comp.co:389] > 11:31:55,621 [http://xwiki/bin/loginsubmit/XWiki/XWikiLogin] [http-80-3] > DEBUG LDAP.XWikiLDAPAuthServiceImpl - Local LDAP authentication failed. > com.xpn.xwiki.plugin.ldap.XWikiLDAPException: Error number 0 in 5: LDAP bind > failed with LDAPException. > Wrapped Exception: Connect Error > at > com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:174) > at > com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:108) > at > com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticateInContext(XWikiLDAPAuthServiceImpl.java:304) > at > com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWikiLDAPAuthServiceImpl.java:202) > at > com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.authenticate(XWikiLDAPAuthServiceImpl.java:149) > at > com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.authenticate(MyFormAuthenticator.java:239) > at > com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:165) > at > com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:148) > at > com.xpn.xwiki.user.impl.xwiki.XWikiAuthServiceImpl.checkAuth(XWikiAuthServiceImpl.java:203) > at com.xpn.xwiki.XWiki.checkAuth(XWiki.java:3578) > at > com.xpn.xwiki.user.impl.xwiki.XWikiRightServiceImpl.checkAccess(XWikiRightServiceImpl.java:139) > at com.xpn.xwiki.XWiki.checkAccess(XWiki.java:3586) > at com.xpn.xwiki.XWiki.prepareDocuments(XWiki.java:4572) > at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:190) > at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:115) > at > org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:431) > at > org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:236) > at > org.apache.struts.action.ActionServlet.process(ActionServlet.java:1196) > at > org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:432) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:710) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:803) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > at > com.xpn.xwiki.plugin.webdav.XWikiDavFilter.doFilter(XWikiDavFilter.java:68) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > at > com.xpn.xwiki.wysiwyg.server.filter.ConversionFilter.doFilter(ConversionFilter.java:135) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > at > com.xpn.xwiki.web.SavedRequestRestorerFilter.doFilter(SavedRequestRestorerFilter.java:287) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > at > com.xpn.xwiki.web.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:112) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > at > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) > at > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) > at > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) > at > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) > at > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286) > at > org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) > at > org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) > at > org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) > at java.lang.Thread.run(Unknown Source) > > > Wrapped Exception: > > > java.net.ConnectException: Connection timed out: connect > at java.net.PlainSocketImpl.socketConnect(Native Method) > at java.net.PlainSocketImpl.doConnect(Unknown Source) > at java.net.PlainSocketImpl.connectToAddress(Unknown Source) > at java.net.PlainSocketImpl.connect(Unknown Source) > at java.net.SocksSocketImpl.connect(Unknown Source) > at java.net.Socket.connect(Unknown Source) > at java.net.Socket.connect(Unknown Source) > at java.net.Socket.<init>(Unknown Source) > at java.net.Socket.<init>(Unknown Source) > at com.novell.ldap.Connection.connect(Unknown Source) > at com.novell.ldap.Connection.connect(Unknown Source) > at com.novell.ldap.LDAPConnection.connect(Unknown Source) > at > com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.connect(XWikiLDAPConnection.java:194) > at > com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:166) > at > com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:108) > at > com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticateInContext(XWikiLDAPAuthServiceImpl.java:304) > at > com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWikiLDAPAuthServiceImpl.java:202) > at > com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.authenticate(XWikiLDAPAuthServiceImpl.java:149) > at > com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.authenticate(MyFormAuthenticator.java:239) > at > com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:165) > at > com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:148) > at > com.xpn.xwiki.user.impl.xwiki.XWikiAuthServiceImpl.checkAuth(XWikiAuthServiceImpl.java:203) > at com.xpn.xwiki.XWiki.checkAuth(XWiki.java:3578) > at > com.xpn.xwiki.user.impl.xwiki.XWikiRightServiceImpl.checkAccess(XWikiRightServiceImpl.java:139) > at com.xpn.xwiki.XWiki.checkAccess(XWiki.java:3586) > at com.xpn.xwiki.XWiki.prepareDocuments(XWiki.java:4572) > at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:190) > at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:115) > at > org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:431) > at > org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:236) > at > org.apache.struts.action.ActionServlet.process(ActionServlet.java:1196) > at > org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:432) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:710) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:803) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > at > com.xpn.xwiki.plugin.webdav.XWikiDavFilter.doFilter(XWikiDavFilter.java:68) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > at > com.xpn.xwiki.wysiwyg.server.filter.ConversionFilter.doFilter(ConversionFilter.java:135) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > at > com.xpn.xwiki.web.SavedRequestRestorerFilter.doFilter(SavedRequestRestorerFilter.java:287) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > at > com.xpn.xwiki.web.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:112) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > at > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) > at > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) > at > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) > at > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) > at > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286) > at > org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) > at > org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) > at > org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) > at java.lang.Thread.run(Unknown Source) > 11:31:55,621 [http://xwiki/bin/loginsubmit/XWiki/XWikiLogin] [http-80-3] > DEBUG LDAP.XWikiLDAPAuthServiceImpl - Trying authentication against XWiki > DB > 11:31:55,621 [http://xwiki/bin/loginsubmit/XWiki/XWikiLogin] [http-80-3] > DEBUG LDAP.XWikiLDAPAuthServiceImpl - LDAP authentication failed for user > [woeste] > 11:31:55,918 [http://xwiki/bin/view/Main/DocumentDoesNotExist] [http-80-3] > DEBUG LDAP.XWikiLDAPAuthServiceImpl - The provided user is null. We don't > try to authenticate, it probably means the user is in non logged mode. > > > > > ------------------------------------------------------------------------ > > here is a piece of xwiki.log when the login works again (one minute later) > (also beginning with "Connection to LDAP server"): > > > > > > 11:32:21,496 [http://xwiki.company/bin/loginsubmit/XWiki/XWikiLogin] > [http-80-4] DEBUG ldap.XWikiLDAPConnection - Connection to LDAP > server [company.comp.co:389] > 11:32:21,543 [http://xwiki.company/bin/loginsubmit/XWiki/XWikiLogin] > [http-80-4] DEBUG ldap.XWikiLDAPConnection - Binding to LDAP server > with credentials > login=[CN=xWiKi,OU=ServicesAccounts,DC=company,DC=comp,DC=co] > 11:32:21,684 [http://xwiki.company/bin/loginsubmit/XWiki/XWikiLogin] > [http-80-4] DEBUG ldap.XWikiLDAPUtils - Searching for the user > in LDAP: user:asakur base:DC=company,DC=comp,DC=co > query:(sAMAccountName=asakur) uid:sAMAccountName > 11:32:21,684 [http://xwiki.company/bin/loginsubmit/XWiki/XWikiLogin] > [http-80-4] DEBUG ldap.XWikiLDAPConnection - LDAP search: > baseDN=[DC=company,DC=comp,DC=co] query=[(sAMAccountName=asakur)] > attr=[[sAMAccountName, sn, givenName, fullName, mail, dn]] ldapScope=[2] > 11:32:21,746 [http://xwiki.company/bin/loginsubmit/XWiki/XWikiLogin] > [http-80-4] DEBUG ldap.XWikiLDAPConnection - - values for attribute > "givenName" > 11:32:21,762 [http://xwiki.company/bin/loginsubmit/XWiki/XWikiLogin] > [http-80-4] DEBUG ldap.XWikiLDAPConnection - |- [Stefan] > 11:32:21,762 [http://xwiki.company/bin/loginsubmit/XWiki/XWikiLogin] > [http-80-4] DEBUG ldap.XWikiLDAPConnection - - values for attribute > "sn" > 11:32:21,762 [http://xwiki.company/bin/loginsubmit/XWiki/XWikiLogin] > [http-80-4] DEBUG ldap.XWikiLDAPConnection - |- [Woehrer] > 11:32:21,762 [http://xwiki.company/bin/loginsubmit/XWiki/XWikiLogin] > [http-80-4] DEBUG ldap.XWikiLDAPConnection - - values for attribute > "mail" > 11:32:21,762 [http://xwiki.company/bin/loginsubmit/XWiki/XWikiLogin] > [http-80-4] DEBUG ldap.XWikiLDAPConnection - |- > [[email protected]] > 11:32:21,762 [http://xwiki.company/bin/loginsubmit/XWiki/XWikiLogin] > [http-80-4] DEBUG ldap.XWikiLDAPConnection - - values for attribute > "sAMAccountName" > 11:32:21,762 [http://xwiki.company/bin/loginsubmit/XWiki/XWikiLogin] > [http-80-4] DEBUG ldap.XWikiLDAPConnection - |- [woeste] > 11:32:21,762 [http://xwiki.company/bin/loginsubmit/XWiki/XWikiLogin] > [http-80-4] DEBUG ldap.XWikiLDAPConnection - LDAP search found > attributes: [{name=dn value=CN=company > Kurt,OU=Poweruser,DC=company,DC=comp,DC=co}, {name=givenName value=woe}, > {name=sn value=company}, {name=mail [email protected]}, > {name=sAMAccountName value=woeste}] > 11:32:21,809 [http://xwiki.company/bin/loginsubmit/XWiki/XWikiLogin] > [http-80-4] DEBUG LDAP.XWikiLDAPAuthServiceImpl - LDAP attributes will be > used to update XWiki attributes. > 11:32:21,809 [http://xwiki.company/bin/loginsubmit/XWiki/XWikiLogin] > [http-80-4] DEBUG LDAP.XWikiLDAPAuthServiceImpl - Creating new XWiki user > based on LDAP attribues located at CN=Woehrer > Stefan,OU=Poweruser,DC=company,DC=comp,DC=co > 11:32:21,809 [http://xwiki.company/bin/loginsubmit/XWiki/XWikiLogin] > [http-80-4] DEBUG LDAP.XWikiLDAPAuthServiceImpl - Start synchronising LDAP > profile > .... > > even groupmapping works correctly > > 11:32:22,121 [http://xwiki.company/bin/loginsubmit/XWiki/XWikiLogin] > [http-80-4] DEBUG ldap.XWikiLDAPConfig - Groupmapping found: > XWiki.XWikiAdminGroup [CN=xwiki_Admin,OU=xWiki > Groups,DC=company,DC=comp,DC=co] > > ... > > ------------------------------------------------------------------------ > > hope this helps
"java.net.ConnectException: Connection timed out: connect", looks like there is a connection issue here, it means XWiki had to wait too long to get server answer. > > stefan > > > > > I think you get "wrong passowrd" just because LDAP failed to connect > for some reason so the authentication tried the XWiki authenticator > and obviously it fail since the password is registered on LDAP server > and not in XWiki database. > > Could you enable LDAP debug log (see > http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication#HEnableLDAPdebuglog) > and try to reproduce it ? We will see better what append when LDAP > fail to connect. > > -- > View this message in context: > http://n2.nabble.com/LDAP-Login-changes-in-new-version-tp2257004p2274317.html > Sent from the XWiki- Users mailing list archive at Nabble.com. > > _______________________________________________ > users mailing list > [email protected] > http://lists.xwiki.org/mailman/listinfo/users > -- Thomas Mortagne _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users
