On Sun, Apr 10, 2011 at 23:32, Joel Schuster <[email protected]> wrote:
> Thomas,
>
> Thanks for the response!
>
> Ok, I turned on trace for both. Based on what I see now (I've copied the
> piece that seems important out of the log)
>
> 2011-04-10 21:09:56,257 DEBUG ldap.XWikiLDAPConnection - LDAP search:
> baseDN=[ou=users,dc=snapteam,dc=org] query=[null] attr=[[objectClass, cn,
> memberuid]] ldapScope=[0]
> 2011-04-10 21:09:56,258 DEBUG ldap.XWikiLDAPConnection - - values
> for attribute "objectClass"
> 2011-04-10 21:09:56,258 DEBUG ldap.XWikiLDAPConnection - |-
> [organizationalUnit]
> 2011-04-10 21:09:56,259 DEBUG ldap.XWikiLDAPConnection - LDAP search
> found attributes: [{name=dn value=ou=users,dc=snapteam,dc=org},
> {name=objectClass value=organizationalUnit}]
> 2011-04-10 21:09:56,259 ERROR ldap.XWikiLDAPUtils - Could not
> find attribute cn for LDAP dn ou=users,dc=snapteam,dc=org
> 2011-04-10 21:09:56,259 DEBUG ldap.XWikiLDAPUtils - Found group
> [ou=users,dc=snapteam,dc=org] members :null
> 2011-04-10 21:09:56,259 TRACE xwiki.XWikiException - Error number
> 8001 in 8: LDAP user snapadmin does not belong to LDAP group
> ou=users,dc=snapteam,dc=org.
>
> I've appended the ldif for the whole ldap tree below. That group doesn't have
> a cn attribute, why does the main user group need one? This group is for
> holding ALL users, not separating the users into groups.
>
> I can't add a cn attribute as an organizationalUnit doesn't allow for a cn
> attribute, so I'd need to add a different object type. I'm I simply setting
> this up the wrong way? This setup is working just fine already for bugzilla,
> openfire and postfix.
XWiki only works with groups which explicitly list members (like
cn=admins,ou=groups,dc=snapteam,dc=org). Anyway if
ou=users,dc=snapteam,dc=org contains all users then you should really
not setup xwiki.authentication.ldap.user_group since this property is
is here to accept only some user (the ones who are part of this
group).
>
> - Joel
>
>> > Here are the settings in the xwiki.cfg:
>> >
>> > xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl
>> > xwiki.authentication.ldap=1
>> > xwiki.authentication.ldap.server=127.0.0.1
>> > xwiki.authentication.ldap.port=389
>> > xwiki.authentication.ldap.bind_DN=cn=admin,dc=snapteam,dc=org
>> > xwiki.authentication.ldap.bind_pass=adminPassword
>> > xwiki.authentication.ldap.ldap_user_search_fmt=(&({0}={1})(objectClass=posixAccount))
>> > xwiki.authentication.ldap.user_group=ou=users,dc=snapteam,dc=org
>> > xwiki.authentication.ldap.base_DN=dc=snapteam,dc=org
>> > xwiki.authentication.ldap.group_classes=posixGroup
>> > xwiki.authentication.ldap.group_memberfields=memberUid
>> > xwiki.authentication.ldap.fields_mapping=last_name=sn,first_name=givenName,email=mail
>> > xwiki.authentication.ldap.update_user=1
>>> xwiki.authentication.ldap.group_mapping=XWiki.XWikiAdminGroup=cn=admins,ou=groups,dc=snapteam,dc=org|\
>> > XWiki.SnapGroup=cn=snap,ou=groups,dc=snapteam,dc=org|\
>> > XWiki.AARGroup=cn=aar,ou=groups,dc=snapteam,dc=org|\
>> > XWiki.AACUSGroup=cn=aacus,ou=groups,dc=snapteam,dc=org
>> >
>> > xwiki.authentication.ldap.groupcache_expiration=21800
>> > xwiki.authentication.ldap.mode_group_sync=always
>> > xwiki.authentication.ldap.trylocal=1
>
> The LDIF:
>
> version: 1
>
> dn: dc=snapteam,dc=org
> objectClass: top
> objectClass: dcObject
> objectClass: organization
> dc: snapteam
> o: snapteam
> description: Snapteam LDAP
>
> dn: cn=admin,dc=snapteam,dc=org
> objectClass: simpleSecurityObject
> objectClass: organizationalRole
> cn: admin
> userPassword:: cDFqbXM1Iw==
> description: LDAP administrator
>
> dn: ou=users,dc=snapteam,dc=org
> objectClass: organizationalUnit
> ou: users
>
> dn: ou=groups,dc=snapteam,dc=org
> objectClass: organizationalUnit
> ou: groups
>
> dn: cn=admins,ou=groups,dc=snapteam,dc=org
> objectClass: posixGroup
> cn: admins
> gidNumber: 0
> description: Administrators within the snapteam.org domain
> memberUid: uid=bobf,ou=users,dc=snapteam,dc=org
> memberUid: uid=snapadmin,ou=users,dc=snapteam,dc=org
>
> dn: cn=snap,ou=groups,dc=snapteam,dc=org
> objectClass: posixGroup
> cn: snap
> gidNumber: 10000
> description: snapteam members
> memberUid: uid=joels,ou=users,dc=snapteam,dc=org
> memberUid: uid=snapadmin,ou=users,dc=snapteam,dc=org
>
> dn: cn=aar,ou=groups,dc=snapteam,dc=org
> objectClass: posixGroup
> cn: aar
> gidNumber: 10001
> description: aar group members
>
> dn: cn=aacus,ou=groups,dc=snapteam,dc=org
> objectClass: posixGroup
> cn: aacus
> gidNumber: 10002
> description: aacus group members
>
> dn: uid=bobf,ou=users,dc=snapteam,dc=org
> objectClass: inetOrgPerson
> objectClass: posixAccount
> objectClass: shadowAccount
> cn: Bob Frank
> gidNumber: 0
> homeDirectory: /home/bobf
> sn: Frank
> uid: bobf
> uidNumber: 1000
> displayName: Bob Frank
> gecos: Bob Frank
> givenName: Bob
> homePhone: 719-123-1234
> initials: BF
> l: Colorado Springs
> loginShell: /bin/bash
> mail: [email protected]
> mobile: 719-123-1234
> o: SNAP
> postalAddress: 1234 Hearth Ct
> postalCode: 80922
> shadowExpire: -1
> shadowFlag: 0
> shadowLastChange: 10877
> shadowMax: 999999
> shadowMin: 8
> shadowWarning: 7
> st: CO
> title: System Administrator
> userPassword:: e1NIQX1JZmFqYzRNSUFQdWNmQ1lEMkF6MC9YTytLb3M9
>
> dn: uid=snapadmin,ou=users,dc=snapteam,dc=org
> objectClass: inetOrgPerson
> objectClass: posixAccount
> objectClass: shadowAccount
> cn: Snap Admin
> gidNumber: 0
> homeDirectory: /home/snapadmin
> sn: Admin
> uid: snapadmin
> uidNumber: 1001
> displayName: Snap Admin
> gecos: Snap Admin
> givenName: Snap
> homePhone: 719-123-1234
> initials: SA
> l: Colorado Springs
> loginShell: /bin/bash
> mail: [email protected]
> mobile: 719-123-1234
> o: SNAP
> postalAddress: 1234 Hearth Ct
> postalCode: 80922
> shadowExpire: -1
> shadowFlag: 0
> shadowLastChange: 10877
> shadowMax: 999999
> shadowMin: 8
> shadowWarning: 7
> st: CO
> title: System Administrator
> userPassword:: cDFqbXM1Iw==
>
>
> _______________________________________________
> users mailing list
> [email protected]
> http://lists.xwiki.org/mailman/listinfo/users
>
--
Thomas Mortagne
_______________________________________________
users mailing list
[email protected]
http://lists.xwiki.org/mailman/listinfo/users
