Thomas,
Thanks for the response!
Ok, I turned on trace for both. Based on what I see now (I've copied the piece
that seems important out of the log)
2011-04-10 21:09:56,257 DEBUG ldap.XWikiLDAPConnection - LDAP search:
baseDN=[ou=users,dc=snapteam,dc=org] query=[null] attr=[[objectClass, cn,
memberuid]] ldapScope=[0]
2011-04-10 21:09:56,258 DEBUG ldap.XWikiLDAPConnection - - values for
attribute "objectClass"
2011-04-10 21:09:56,258 DEBUG ldap.XWikiLDAPConnection - |-
[organizationalUnit]
2011-04-10 21:09:56,259 DEBUG ldap.XWikiLDAPConnection - LDAP search
found attributes: [{name=dn value=ou=users,dc=snapteam,dc=org},
{name=objectClass value=organizationalUnit}]
2011-04-10 21:09:56,259 ERROR ldap.XWikiLDAPUtils - Could not find
attribute cn for LDAP dn ou=users,dc=snapteam,dc=org
2011-04-10 21:09:56,259 DEBUG ldap.XWikiLDAPUtils - Found group
[ou=users,dc=snapteam,dc=org] members :null
2011-04-10 21:09:56,259 TRACE xwiki.XWikiException - Error number
8001 in 8: LDAP user snapadmin does not belong to LDAP group
ou=users,dc=snapteam,dc=org.
I've appended the ldif for the whole ldap tree below. That group doesn't have a
cn attribute, why does the main user group need one? This group is for holding
ALL users, not separating the users into groups.
I can't add a cn attribute as an organizationalUnit doesn't allow for a cn
attribute, so I'd need to add a different object type. I'm I simply setting
this up the wrong way? This setup is working just fine already for bugzilla,
openfire and postfix.
- Joel
> > Here are the settings in the xwiki.cfg:
> >
> > xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl
> > xwiki.authentication.ldap=1
> > xwiki.authentication.ldap.server=127.0.0.1
> > xwiki.authentication.ldap.port=389
> > xwiki.authentication.ldap.bind_DN=cn=admin,dc=snapteam,dc=org
> > xwiki.authentication.ldap.bind_pass=adminPassword
> > xwiki.authentication.ldap.ldap_user_search_fmt=(&({0}={1})(objectClass=posixAccount))
> > xwiki.authentication.ldap.user_group=ou=users,dc=snapteam,dc=org
> > xwiki.authentication.ldap.base_DN=dc=snapteam,dc=org
> > xwiki.authentication.ldap.group_classes=posixGroup
> > xwiki.authentication.ldap.group_memberfields=memberUid
> > xwiki.authentication.ldap.fields_mapping=last_name=sn,first_name=givenName,email=mail
> > xwiki.authentication.ldap.update_user=1
>> xwiki.authentication.ldap.group_mapping=XWiki.XWikiAdminGroup=cn=admins,ou=groups,dc=snapteam,dc=org|\
> > XWiki.SnapGroup=cn=snap,ou=groups,dc=snapteam,dc=org|\
> > XWiki.AARGroup=cn=aar,ou=groups,dc=snapteam,dc=org|\
> > XWiki.AACUSGroup=cn=aacus,ou=groups,dc=snapteam,dc=org
> >
> > xwiki.authentication.ldap.groupcache_expiration=21800
> > xwiki.authentication.ldap.mode_group_sync=always
> > xwiki.authentication.ldap.trylocal=1
The LDIF:
version: 1
dn: dc=snapteam,dc=org
objectClass: top
objectClass: dcObject
objectClass: organization
dc: snapteam
o: snapteam
description: Snapteam LDAP
dn: cn=admin,dc=snapteam,dc=org
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
userPassword:: cDFqbXM1Iw==
description: LDAP administrator
dn: ou=users,dc=snapteam,dc=org
objectClass: organizationalUnit
ou: users
dn: ou=groups,dc=snapteam,dc=org
objectClass: organizationalUnit
ou: groups
dn: cn=admins,ou=groups,dc=snapteam,dc=org
objectClass: posixGroup
cn: admins
gidNumber: 0
description: Administrators within the snapteam.org domain
memberUid: uid=bobf,ou=users,dc=snapteam,dc=org
memberUid: uid=snapadmin,ou=users,dc=snapteam,dc=org
dn: cn=snap,ou=groups,dc=snapteam,dc=org
objectClass: posixGroup
cn: snap
gidNumber: 10000
description: snapteam members
memberUid: uid=joels,ou=users,dc=snapteam,dc=org
memberUid: uid=snapadmin,ou=users,dc=snapteam,dc=org
dn: cn=aar,ou=groups,dc=snapteam,dc=org
objectClass: posixGroup
cn: aar
gidNumber: 10001
description: aar group members
dn: cn=aacus,ou=groups,dc=snapteam,dc=org
objectClass: posixGroup
cn: aacus
gidNumber: 10002
description: aacus group members
dn: uid=bobf,ou=users,dc=snapteam,dc=org
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
cn: Bob Frank
gidNumber: 0
homeDirectory: /home/bobf
sn: Frank
uid: bobf
uidNumber: 1000
displayName: Bob Frank
gecos: Bob Frank
givenName: Bob
homePhone: 719-123-1234
initials: BF
l: Colorado Springs
loginShell: /bin/bash
mail: [email protected]
mobile: 719-123-1234
o: SNAP
postalAddress: 1234 Hearth Ct
postalCode: 80922
shadowExpire: -1
shadowFlag: 0
shadowLastChange: 10877
shadowMax: 999999
shadowMin: 8
shadowWarning: 7
st: CO
title: System Administrator
userPassword:: e1NIQX1JZmFqYzRNSUFQdWNmQ1lEMkF6MC9YTytLb3M9
dn: uid=snapadmin,ou=users,dc=snapteam,dc=org
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
cn: Snap Admin
gidNumber: 0
homeDirectory: /home/snapadmin
sn: Admin
uid: snapadmin
uidNumber: 1001
displayName: Snap Admin
gecos: Snap Admin
givenName: Snap
homePhone: 719-123-1234
initials: SA
l: Colorado Springs
loginShell: /bin/bash
mail: [email protected]
mobile: 719-123-1234
o: SNAP
postalAddress: 1234 Hearth Ct
postalCode: 80922
shadowExpire: -1
shadowFlag: 0
shadowLastChange: 10877
shadowMax: 999999
shadowMin: 8
shadowWarning: 7
st: CO
title: System Administrator
userPassword:: cDFqbXM1Iw==
_______________________________________________
users mailing list
[email protected]
http://lists.xwiki.org/mailman/listinfo/users
