On Tue, Nov 17, 2009 at 07:52, Paul Rijnhout <[email protected]> wrote: > Hello Thomas, > > I guess you're right. I get a 'not allowed'error message, even when being > authenticated on the domain. This means that Windows AD 2008 ldap > authentication is out for now?
LDAP authentication works well on one LDAP server. If AD 2008 always use referral that need authentication then yes but i doubt that... > > Met vriendelijke groet/Best regards, > > Paul Rijnhout > ICT Manager > > -----Oorspronkelijk bericht----- > Van: [email protected] [mailto:[email protected]] Namens Thomas > Mortagne > Verzonden: maandag 16 november 2009 14:40 > Aan: XWiki Users > Onderwerp: Re: [xwiki-users] LDAP Authentication fails with AD > > On Mon, Nov 16, 2009 at 13:31, Paul Rijnhout > <[email protected]> wrote: >> HI Thomas, >> >> Thanks for your reply. I'm using 2.0.3, freshly installed, no other pages >> imported or loaded, just the default Xwiki XAR, and this is the result. >> > > I think the jldap automatic referral support support only anonymous > access to referals. Does > ldap://ForestDnsZones.mega.local/DC=ForestDnsZones,DC=mega,DC=local > login/password ? That maybe would explain. If that's the case would be > great if you could create an issue on http://jira.xwiki.org about > referral with authentication support. > > What is weird is that error message seems to indicate that automatic > referral support is not enabled ("referral following is off"), i would > need to test it more when i can find some time. > >> Met vriendelijke groet/Best regards, >> >> Paul Rijnhout >> ICT Manager >> >> -----Oorspronkelijk bericht----- >> Van: [email protected] [mailto:[email protected]] Namens Thomas >> Mortagne >> Verzonden: zaterdag 14 november 2009 18:24 >> Aan: XWiki Users >> Onderwerp: Re: [xwiki-users] LDAP Authentication fails with AD >> >> Hi, >> >> On Sat, Nov 14, 2009 at 10:19, Paul Rijnhout >> <[email protected]> wrote: >>> Hello, >>> >>> I seem to have a LDAP configuration problem which I can not solve. I'm >>> tryin gto authenticate to a AD Windows 2008 domain. The domain is standard >>> one forest, one domain named mega.local. I;ve configured xwiki.cfg >>> according instructions with: >>> #------------------------------------------------------------------------------------- >>> # LDAP >>> #------------------------------------------------------------------------------------- >>> >>> #-# new LDAP authentication service >>> xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl >>> >>> #-# Turn LDAP authentication on - otherwise only XWiki authentication >>> #-# 0: disable >>> #-# 1: enable >>> xwiki.authentication.ldap=1 >>> >>> #-# LDAP Server (Active Directory, eDirectory, OpenLDAP, etc.) >>> xwiki.authentication.ldap.server=hf-dom02.mega.local >>> xwiki.authentication.ldap.port=389 >>> >>> #-# LDAP login, empty = anonymous access, otherwise specify full dn >>> #-# {0} is replaced with the username, {1} with the password >>> xwiki.authentication.ldap.bind_DN=mega\\sa_ad >>> xwiki.authentication.ldap.bind_pass=..... >>> >>> #-# Force to check password after LDAP connection >>> #-# 0: disable >>> #-# 1: enable >>> xwiki.authentication.ldap.validate_password=0 >>> >>> #-# only members of the following group will be verified in the LDAP >>> #-# otherwise only users that are found after searching starting from the >>> base_DN >>> # xwiki.authentication.ldap.user_group=cn=Users >>> >>> #-# [Since 1.5RC1, XWikiLDAPAuthServiceImpl] >>> #-# only users not member of the following group can autheticate >>> # xwiki.authentication.ldap.exclude_group=cn=admin,ou=groups,o=MegaNova,c=US >>> >>> #-# base DN for searches >>> xwiki.authentication.ldap.base_DN=dc=mega,dc=local >>> >>> #-# Specifies the LDAP attribute containing the identifier to be used as >>> the XWiki name (default=cn) >>> xwiki.authentication.ldap.UID_attr=saAMAccountName >> >> It's sAMAccountName, maybe you did a wrong copy past in the mail >> >>> >>> But all searches failed with the following error. Anyone ideas left? >>> >>> 2009-11-13 13:53:47,157 >>> [http://ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin] >>> [http://ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin<http://ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin%5d%20%5bhttp:/ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin>] >>> INFO .AbstractXWikiMigrationManager - No storage migration required >>> since current version is [15429] >>> 2009-11-13 13:53:48,735 >>> [http://ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin] >>> [http://ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin<http://ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin%5d%20%5bhttp:/ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin>] >>> DEBUG LDAP.XWikiLDAPAuthServiceImpl - The provided user is null. We >>> don't try to authenticate, it probably means the user is in non logged mode. >>> 2009-11-13 13:53:48,735 >>> [http://ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin] >>> [http://ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin<http://ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin%5d%20%5bhttp:/ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin>] >>> DEBUG ldap.XWikiLDAPConfig - ldap_group_classes: [groupofnames, >>> groupwisedistributionlist, dynamicgroup, dynamicgroupaux, >>> groupofuniquenames, group] >>> 2009-11-13 13:53:48,735 >>> [http://ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin] >>> [http://ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin] DEBUG >>> ldap.XWikiLDAPConfig - ldap_group_memberfields: [member, >>> uniquemember<http://ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin%5d%20%5bhttp:/ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin%5d%20DEBUG%20ldap.XWikiLDAPConfig%20 -%20ldap_group_memberfields:%20%5bmember,%20uniquemember>] >>> 2009-11-13 13:53:48,767 >>> [http://ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin] >>> [http://ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin<http://ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin%5d%20%5bhttp:/ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin>] >>> DEBUG ldap.XWikiLDAPConnection - Connection to LDAP server >>> [hf-dom02.mega.local:389] >>> 2009-11-13 13:53:48,782 >>> [http://ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin] >>> [http://ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin<http://ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin%5d%20%5bhttp:/ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin>] >>> DEBUG ldap.XWikiLDAPConnection - Binding to LDAP server with >>> credentials login=[mega\sa_ad] >>> 2009-11-13 13:53:48,813 >>> [http://ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin] >>> [http://ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin<http://ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin%5d%20%5bhttp:/ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin>] >>> DEBUG ldap.XWikiLDAPUtils - Searching for the user in LDAP: >>> user:p.rijnhout base:dc=mega,dc=local query:(saAMAccountName=p.rijnhout) >>> uid:saAMAccountName >>> 2009-11-13 13:53:48,813 >>> [http://ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin] >>> [http://ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin] DEBUG >>> ldap.XWikiLDAPConnection - LDAP search: >>> baseDN=[dc=mega,dc=local<http://ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin%5d%20%5bhttp:/ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin%5d%20DEBUG%20ldap.XWikiLDAPConnection%20 -%20LDAP%20search:%20baseDN=%5bdc=mega,dc=local>] >>> query=[(saAMAccountName=p.rijnhout)] attr=[[sn, givenName, mail]] >>> ldapScope=[2] >>> 2009-11-13 13:53:48,829 >>> [http://ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin] >>> [http://ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin<http://ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin%5d%20%5bhttp:/ict.mega.local/bin/loginsubmit/XWiki/XWikiLogin>] >>> DEBUG ldap.XWikiLDAPConnection - LDAP Search failed >>> LDAPReferralException: Search result reference received, and referral >>> following is off (10) Referral >> >> Looks like the result is in another LDAP server (a referral), a >> partial support of LDAP referrals has been added in XWiki 2.0.3, if >> you are using older version that's why it's not working for you. >> >>> LDAPReferralException: Referral: >>> ldap://ForestDnsZones.mega.local/DC=ForestDnsZones,DC=mega,DC=local >>> at com.novell.ldap.LDAPSearchResults.next(Unknown Source) >>> at com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.searchLD >>> >>> Met vriendelijke groet/Best regards, >>> >>> Paul Rijnhout >>> >>> >>> _______________________________________________ >>> users mailing list >>> [email protected] >>> http://lists.xwiki.org/mailman/listinfo/users >>> >> >> >> >> -- >> Thomas Mortagne >> _______________________________________________ >> users mailing list >> [email protected] >> http://lists.xwiki.org/mailman/listinfo/users >> _______________________________________________ >> users mailing list >> [email protected] >> http://lists.xwiki.org/mailman/listinfo/users >> > > > > -- > Thomas Mortagne > _______________________________________________ > users mailing list > [email protected] > http://lists.xwiki.org/mailman/listinfo/users > _______________________________________________ > users mailing list > [email protected] > http://lists.xwiki.org/mailman/listinfo/users > -- Thomas Mortagne _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users
