On Sat, Apr 9, 2011 at 23:53, Joel Schuster <[email protected]> wrote: > I have an OpenLDAP installation with the following simple configuration: > > > > dc=snapteam,dc=org < root (top) > > cn=admin < admin login for access to LDAP, no > anonymous access (organizationalRole, simpleSecurityObject) > > ou=groups < group of groups (organizationalUnit) > > cn=group1 < posixGroups with multiple 'memberUid' > attributes with full user DNs > > cn=group2 > > cn=admins > > ou=users < group of users (organizationalUnit) > > uid=snapadmin < user (inetOrgPerson, posixAccount) - > userPassword fields with plaintext password (I'd like to change to sha or > somesuch) > > uid=user1 < another user > > > > Here are the settings in the xwiki.cfg: > > > > xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthSer > viceImpl > > xwiki.authentication.ldap=1 > > xwiki.authentication.ldap.server=127.0.0.1 > > xwiki.authentication.ldap.port=389 > > xwiki.authentication.ldap.bind_DN=cn=admin,dc=snapteam,dc=org > > xwiki.authentication.ldap.bind_pass=adminPassword > > xwiki.authentication.ldap.ldap_user_search_fmt=(&({0}={1})(objectClass=posix > Account)) > > xwiki.authentication.ldap.user_group=ou=users,dc=snapteam,dc=org > > xwiki.authentication.ldap.base_DN=dc=snapteam,dc=org > > xwiki.authentication.ldap.group_classes=posixGroup > > xwiki.authentication.ldap.group_memberfields=memberUid > > xwiki.authentication.ldap.fields_mapping=last_name=sn,first_name=givenName,e > mail=mail > > xwiki.authentication.ldap.update_user=1 > > xwiki.authentication.ldap.group_mapping=XWiki.XWikiAdminGroup=cn=admins,ou=g > roups,dc=snapteam,dc=org|\ > > > XWiki.SnapGroup=cn=snap,ou=groups,dc=snapteam,dc=org|\ > > > XWiki.AARGroup=cn=aar,ou=groups,dc=snapteam,dc=org|\ > > > XWiki.AACUSGroup=cn=aacus,ou=groups,dc=snapteam,dc=org > > xwiki.authentication.ldap.groupcache_expiration=21800 > > xwiki.authentication.ldap.mode_group_sync=always > > xwiki.authentication.ldap.trylocal=1 > > > > Here are the log trace I'm getting when trying to log in as one of the > users: > > > > 2011-04-09 21:35:19,522 DEBUG xwiki.XWiki - Using custom > AuthClass com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl. > > 2011-04-09 21:50:42,946 TRACE LDAP.XWikiLDAPAuthServiceImpl - Starting > LDAP authentication > > 2011-04-09 21:50:42,946 DEBUG LDAP.XWikiLDAPAuthServiceImpl - The provided > user is null. We don't try to authenticate, it probably means the user is in > non logged mode. > > 2011-04-09 21:50:42,948 TRACE LDAP.XWikiLDAPAuthServiceImpl - Starting > LDAP authentication > > 2011-04-09 21:50:42,967 DEBUG LDAP.XWikiLDAPAuthServiceImpl - Checking if > the user belongs to the user group: ou=users,dc=snapteam,dc=org > > 2011-04-09 21:50:42,969 DEBUG LDAP.XWikiLDAPAuthServiceImpl - Local LDAP > authentication failed. > > at > com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticateInCont > ext(XWikiLDAPAuthServiceImpl.java:339) > > at > com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWiki > LDAPAuthServiceImpl.java:190) > > at > com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.authenticate(XWikiLDAP > AuthServiceImpl.java:137) > > 2011-04-09 21:50:42,970 DEBUG LDAP.XWikiLDAPAuthServiceImpl - Trying > authentication against XWiki DB > > 2011-04-09 21:50:42,974 DEBUG LDAP.XWikiLDAPAuthServiceImpl - LDAP > authentication failed for user [snapadmin] > > > > > > Any help would be appreciated. Thanks!
You should get more log than that. Are you sure you added both lines: log4j.logger.com.xpn.xwiki.plugin.ldap=trace log4j.logger.com.xpn.xwiki.user.impl.LDAP=trace ? Looks like there is only the second one. > > > > > > > > Joel Schuster > > [email protected] > > 719-510-0181 > > > > _______________________________________________ > users mailing list > [email protected] > http://lists.xwiki.org/mailman/listinfo/users > -- Thomas Mortagne _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users
