Thank you! This has helped me, I found the reason, there was something wrong with the group mapping, I think we have changed something in the AD and then the group could not be found anymore. But one problem is left. I thought that the group mapping ensures that the groupmembership of a user can be used to add this user to a created XWiki Usergroup. If this is right I do not know why the AD users are not correctly mapped to the XWiki user group.
I have created two XWiki Groups: - XWikiLehrer - XWikiSchueler Now I did the following mapping, for test purpose: xwiki.authentication.ldap.group_mapping=XWiki.XWikiLehrer=CN=HTL-Lehrer,OU=HTL-Lehrer,OU=Users,OU=HTL,DC=edv,DC=mydomain,DC=at Now members of this AD group can login on XWiki but they are only members of the XWikiAllGroup group and not member of the XWikiLehrer group, what they should be. Now my question: Is this syntax right do I have to add the XWiki. before the group name, or without it? Do I have to give the complete AD path including the domain (DC=edv,DC=mydomain,DV=at) or without it? Last question: What is the right syntax to of log4j that only the LDAP is set to debug. At the moment I have this settings: log4j.logger.org.xwiki=debug log4j.logger.com.xpn.xwiki=debug log4j.logger.com.xpn.xwiki.render.XWikiRadeoxRenderEngine=debug log4j.logger.com.xpn.xwiki.store.migration=debug Therefor I have a giant log file. I Think this maybe right: log4j.logger.org.xwiki=info log4j.logger.com.xpn.xwiki=warn log4j.logger.com.xpn.xwiki.render.XWikiRadeoxRenderEngine=warn log4j.logger.com.xpn.xwiki.store.migration=info Would that be right for the LDAP log: log4j.logger.com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl=debug ?? Thanks, Florian -----Ursprüngliche Nachricht----- Von: [email protected] [mailto:[email protected]] Im Auftrag von Caleb James DeLisle Gesendet: Samstag, 08. Mai 2010 10:17 An: XWiki Users Betreff: Re: [xwiki-users] LDAP Autentication do not work anymore Hi Florian, Where the log is stored is dictated by the line: log4j.appender.file.File=xwiki.log I found a copy of the log on my machine at /usr/local/jetty-6.1.3/xwiki.log so it looks like the default path is the jetty/tomcat main directory. you might be able to specify a path in the line: (I haven't tested.) log4j.appender.file.File=/home/user/Desktop/xwiki.log just make sure the user the container is running as has write access in the folder. Another option would be to log everything to the console (stdout) and start with a command line like java -jar start.jar > /var/log/xwiki/xwiki.log (starting jetty in unix) Caleb Florian Rhomberg wrote: > Thank you for your response, I will do that but I have a question: Do I have > to enable the logging in XWiki. I found this page: > http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Logging There it is said > that the logging is already enabled at xwiki. But where does XWi,ki store the > logging file? I uses Tomcat 5 with mod_jk to apache, and both packages are > installed with the rpm manager. Is it possible to "tell" XWiki where the > logging file should be stored? I am not familiar with common logging. > > Thanks, > Florian > > -----Ursprüngliche Nachricht----- > Von: [email protected] [mailto:[email protected]] Im > Auftrag von Thomas Mortagne > Gesendet: Freitag, 07. Mai 2010 15:31 > An: XWiki Users > Betreff: Re: [xwiki-users] LDAP Autentication do not work anymore > > Again, could you try to enable debug log and see what you have in the > log, it should tel you exactly why authentication partly failed. > > BTW what version of XWiki is it ? > > On Fri, May 7, 2010 at 14:05, Florian Rhomberg > <[email protected]> wrote: >> Hello! >> It exactly the same version I only copied the whole XWiki folder from one >> server to the other server. The only difference can be that we installed the >> current Service Pack on our Windows 2008 server. But as I already said on >> the first logon (the user don not exist in XWiki) all datas like the >> Surname, Firstname, E-Mail address are transferred correctly from the Active >> Directory. I tried with Softerra LDAP if an anonymous access to the LDAP is >> possible but it is not possible. So XWiki can only get the user-data if the >> connection to the LDAP works. On the server we also have Ilias which also >> uses LDAP and it works without problems. >> >> I will post the xwiki.cfg settings beneath. >> >> Greetings, >> Florian >> >> Xwiki.cfg: >> >> #-------------------------------------------------------------------- >> ----------------- >> # LDAP >> #-------------------------------------------------------------------- >> ----------------- >> >> #-# new LDAP authentication service >> xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAP >> AuthServiceImpl >> >> #-# Turn LDAP authentication on - otherwise only XWiki authentication >> #-# 0: disable #-# 1: enable >> xwiki.authentication.ldap=1 >> >> #-# LDAP Server (Active Directory, eDirectory, OpenLDAP, etc.) >> xwiki.authentication.ldap.server=AD1.edv.domain.at >> xwiki.authentication.ldap.port=389 >> >> #-# LDAP login, empty = anonymous access, otherwise specify full dn >> #-# {0} is replaced with the username, {1} with the password >> #xwiki.authentication.ldap.bind_DN=cn={0},department=USER,department= >> INFORMATIK,department=1230,o=MP >> #xwiki.authentication.ldap.bind_pass={1} >> >> xwiki.authentication.ldap.bind_DN=edv\\{0} >> xwiki.authentication.ldap.bind_pass={1} >> >> >> #-# Force to check password after LDAP connection #-# 0: disable #-# >> 1: enable >> xwiki.authentication.ldap.validate_password=0 >> >> #-# only members of the following group will be verified in the LDAP >> #-# otherwise only users that are found after searching starting from >> the base_DN # >> xwiki.authentication.ldap.user_group=cn=developers,ou=groups,o=MegaNo >> va,c=US >> >> #-# [Since 1.5RC1, XWikiLDAPAuthServiceImpl] #-# only users not >> member of the following group can autheticate # >> xwiki.authentication.ldap.exclude_group=cn=admin,ou=groups,o=MegaNova >> ,c=US >> >> #-# base DN for searches >> xwiki.authentication.ldap.base_DN=dc=edv,dc=domain=at >> >> #-# Specifies the LDAP attribute containing the identifier to be used >> as the XWiki name (default=cn) # >> xwiki.authentication.ldap.UID_attr=cn >> >> xwiki.authentication.ldap.UID_attr=sAMAccountName >> >> #-# [Since 1.5M1, XWikiLDAPAuthServiceImpl] #-# Specifies the LDAP >> attribute containing the password to be used "when >> xwiki.authentication.ldap.validate_password" is set to 1 # >> xwiki.authentication.ldap.password_field=userPassword >> >> #-# [Since 1.5M1, XWikiLDAPAuthServiceImpl] #-# The potential LDAP >> groups classes. Separated by commas. >> # >> xwiki.authentication.ldap.group_classes=group,groupOfNames,groupOfUni >> queNames,dynamicGroup,dynamicGroupAux,groupWiseDistributionList >> >> #-# [Since 1.5M1, XWikiLDAPAuthServiceImpl] #-# The potential names >> of the LDAP groups fields containings the members. Separated by commas. >> # xwiki.authentication.ldap.group_memberfields=member,uniqueMember >> >> xwiki.authentication.ldap.group_memberfields=HTL-Lehrer >> >> #-# retrieve the following fields from LDAP and store them in the >> XWiki user object (xwiki-attribute=ldap-attribute) >> #xwiki.authentication.ldap.fields_mapping=last_name=sn,first_name=giv >> enName,email=mail >> >> xwiki.authentication.ldap.fields_mapping=name=sAMAccountName,last_nam >> e=sn,first_name=givenName,fullname=displayName,email=mail,ldap_dn=dn >> >> #-# [Since 1.3M2, XWikiLDAPAuthServiceImpl] #-# on every login update >> the mapped attributes from LDAP to XWiki otherwise this happens only once >> when the XWiki account is created. >> xwiki.authentication.ldap.update_user=1 >> >> #-# [Since 1.3M2, XWikiLDAPAuthServiceImpl] #-# mapps XWiki groups to >> LDAP groups, separator is "|" >> # >> xwiki.authentication.ldap.group_mapping=XWiki.XWikiAdminGroup=cn=AdminRole,ou=groups,o=MegaNova,c=US|\ >> # >> XWiki.Organisation=cn=testers,ou=groups,o=MegaNova,c=US >> >> #-# [Since 1.3M2, XWikiLDAPAuthServiceImpl] #-# time in s after which >> the list of members in a group is refreshed from LDAP >> (default=3600*6) >> xwiki.authentication.ldap.groupcache_expiration=21800 >> >> #-# [Since 1.3M2, XWikiLDAPAuthServiceImpl] #-# - create : >> synchronize group membership only when the user is first created #-# >> - always: synchronize on every login >> xwiki.authentication.ldap.mode_group_sync=always >> >> #-# [Since 1.3M2, XWikiLDAPAuthServiceImpl] #-# if ldap >> authentication fails for any reason, try XWiki DB authentication with >> the same credentials >> xwiki.authentication.ldap.trylocal=1 >> >> -----Ursprüngliche Nachricht----- >> Von: [email protected] [mailto:[email protected]] Im >> Auftrag von Thomas Mortagne >> Gesendet: Freitag, 07. Mai 2010 13:07 >> An: XWiki Users >> Betreff: Re: [xwiki-users] LDAP Autentication do not work anymore >> >> On Fri, May 7, 2010 at 12:56, Florian Rhomberg >> <[email protected]> wrote: >>> Hello! >>> Last week I was able to configure the XWiki authentication against an >>> Windows 2008 AD. Everything worked. Now I transferred the wiki from the >>> test system to the working environment and now the authentication do not >>> work anymore. If I try to log in with an AD User I get the message "invalid >>> Credentials". The strange thing is that if I use a user which has not ever >>> entered the XWiki I get the same message. But if I log in with the admin >>> account and look on the user list the user exists and all datas a correctly >>> transferred from the AD, therefore the connection works but I cannot enter. >>> What can be the reason for that, I do not understand this! >> Did you changed anythings ? It's exactly the same version ? >> >> Try to enable debug log >> (http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication#H >> EnableLDAPdebuglog) >> and see what you get. >> >>> Thanks, >>> Florian >>> _______________________________________________ >>> users mailing list >>> [email protected] >>> http://lists.xwiki.org/mailman/listinfo/users >>> >> >> >> -- >> Thomas Mortagne >> _______________________________________________ >> users mailing list >> [email protected] >> http://lists.xwiki.org/mailman/listinfo/users >> _______________________________________________ >> users mailing list >> [email protected] >> http://lists.xwiki.org/mailman/listinfo/users >> > > > _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users
