HI Thomas, Thanks for your reply. I'm using 2.0.3, freshly installed, no other pages imported or loaded, just the default Xwiki XAR, and this is the result.
Met vriendelijke groet/Best regards, Paul Rijnhout ICT Manager -----Oorspronkelijk bericht----- Van: [email protected] [mailto:[email protected]] Namens Thomas Mortagne Verzonden: zaterdag 14 november 2009 18:24 Aan: XWiki Users Onderwerp: Re: [xwiki-users] LDAP Authentication fails with AD Hi, On Sat, Nov 14, 2009 at 10:19, Paul Rijnhout <[email protected]> wrote: > Hello, > > I seem to have a LDAP configuration problem which I can not solve. I'm tryin > gto authenticate to a AD Windows 2008 domain. The domain is standard one > forest, one domain named mega.local. I;ve configured xwiki.cfg according > instructions with: > #------------------------------------------------------------------------------------- > # LDAP > #------------------------------------------------------------------------------------- > > #-# new LDAP authentication service > xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl > > #-# Turn LDAP authentication on - otherwise only XWiki authentication > #-# 0: disable > #-# 1: enable > xwiki.authentication.ldap=1 > > #-# LDAP Server (Active Directory, eDirectory, OpenLDAP, etc.) > xwiki.authentication.ldap.server=hf-dom02.mega.local > xwiki.authentication.ldap.port=389 > > #-# LDAP login, empty = anonymous access, otherwise specify full dn > #-# {0} is replaced with the username, {1} with the password > xwiki.authentication.ldap.bind_DN=mega\\sa_ad > xwiki.authentication.ldap.bind_pass=..... > > #-# Force to check password after LDAP connection > #-# 0: disable > #-# 1: enable > xwiki.authentication.ldap.validate_password=0 > > #-# only members of the following group will be verified in the LDAP > #-# otherwise only users that are found after searching starting from the > base_DN > # xwiki.authentication.ldap.user_group=cn=Users > > #-# [Since 1.5RC1, XWikiLDAPAuthServiceImpl] > #-# only users not member of the following group can autheticate > # xwiki.authentication.ldap.exclude_group=cn=admin,ou=groups,o=MegaNova,c=US > > #-# base DN for searches > xwiki.authentication.ldap.base_DN=dc=mega,dc=local > > #-# Specifies the LDAP attribute containing the identifier to be used as the > XWiki name (default=cn) > xwiki.authentication.ldap.UID_attr=saAMAccountName It's sAMAccountName, maybe you did a wrong copy past in the mail > > But all searches failed with the following error. Anyone ideas left? > > 2009-11-13 13:53:47,157 > [http://ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin] > [http://ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin<http://ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin%5d%20%5bhttp:/ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin>] > INFO .AbstractXWikiMigrationManager - No storage migration required since > current version is [15429] > 2009-11-13 13:53:48,735 > [http://ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin] > [http://ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin<http://ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin%5d%20%5bhttp:/ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin>] > DEBUG LDAP.XWikiLDAPAuthServiceImpl - The provided user is null. We don't > try to authenticate, it probably means the user is in non logged mode. > 2009-11-13 13:53:48,735 > [http://ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin] > [http://ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin<http://ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin%5d%20%5bhttp:/ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin>] > DEBUG ldap.XWikiLDAPConfig - ldap_group_classes: [groupofnames, > groupwisedistributionlist, dynamicgroup, dynamicgroupaux, groupofuniquenames, > group] > 2009-11-13 13:53:48,735 > [http://ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin] > [http://ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin] DEBUG > ldap.XWikiLDAPConfig - ldap_group_memberfields: [member, > uniquemember<http://ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin%5d%20%5bhttp:/ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin%5d%20DEBUG%20ldap.XWikiLDAPConfig%20 -%20ldap_group_memberfields:%20%5bmember,%20uniquemember>] > 2009-11-13 13:53:48,767 > [http://ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin] > [http://ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin<http://ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin%5d%20%5bhttp:/ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin>] > DEBUG ldap.XWikiLDAPConnection - Connection to LDAP server > [hf-dom02.mega.local:389] > 2009-11-13 13:53:48,782 > [http://ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin] > [http://ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin<http://ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin%5d%20%5bhttp:/ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin>] > DEBUG ldap.XWikiLDAPConnection - Binding to LDAP server with > credentials login=[mega\sa_ad] > 2009-11-13 13:53:48,813 > [http://ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin] > [http://ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin<http://ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin%5d%20%5bhttp:/ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin>] > DEBUG ldap.XWikiLDAPUtils - Searching for the user in LDAP: > user:p.rijnhout base:dc=mega,dc=local query:(saAMAccountName=p.rijnhout) > uid:saAMAccountName > 2009-11-13 13:53:48,813 > [http://ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin] > [http://ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin] DEBUG > ldap.XWikiLDAPConnection - LDAP search: > baseDN=[dc=mega,dc=local<http://ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin%5d%20%5bhttp:/ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin%5d%20DEBUG%20ldap.XWikiLDAPConnection%20 -%20LDAP%20search:%20baseDN=%5bdc=mega,dc=local>] > query=[(saAMAccountName=p.rijnhout)] attr=[[sn, givenName, mail]] > ldapScope=[2] > 2009-11-13 13:53:48,829 > [http://ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin] > [http://ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin<http://ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin%5d%20%5bhttp:/ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin>] > DEBUG ldap.XWikiLDAPConnection - LDAP Search failed > LDAPReferralException: Search result reference received, and referral > following is off (10) Referral Looks like the result is in another LDAP server (a referral), a partial support of LDAP referrals has been added in XWiki 2.0.3, if you are using older version that's why it's not working for you. > LDAPReferralException: Referral: > ldap://ForestDnsZones.mega.local/DC=ForestDnsZones,DC=mega,DC=local > at com.novell.ldap.LDAPSearchResults.next(Unknown Source) > at com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.searchLD > > Met vriendelijke groet/Best regards, > > Paul Rijnhout > > > _______________________________________________ > users mailing list > [email protected] > http://lists.xwiki.org/mailman/listinfo/users > -- Thomas Mortagne _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users
