Hi All, Using Oracle's OID (LDAP) I am trying to get my installation of xWiki to authenticate using the LDAP.... with logging fully turned up, here is the messages I am currently getting:
----------------------------- 2011-08-05 15:32:00,761 INFO [STDOUT] ( http://hostname:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin) 2011-08-05 15:32:00,761 [http://hostname:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConnection - Binding to LDAP server with credentials login=[uid=204428,cn=users,dc=company,dc=com] 2011-08-05 15:32:00,940 INFO [STDOUT] (http://hostname:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin) 2011-08-05 15:32:00,940 [http://hostname:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG u.i.L.XWikiLDAPAuthServiceImpl - Local LDAP authentication failed. com.xpn.xwiki.plugin.ldap.XWikiLDAPException: Error number 0 in 5: LDAP bind failed with LDAPException. Wrapped Exception: Invalid Credentials at com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:175) ~[xwiki-platform-oldcore-3.1.jar!/:na] at com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:104) ~[xwiki-platform-oldcore-3.1.jar!/:na] at com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticateInContext(XWikiLDAPAuthServiceImpl.java:313) [xwiki-platform-oldcore-3.1.jar!/:na] at com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWikiLDAPAuthServiceImpl.java:190) [xwiki-platform-oldcore-3.1.jar!/:na] at com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.authenticate(XWikiLDAPAuthServiceImpl.java:137) [xwiki-platform-oldcore-3.1.jar!/:na] at com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.authenticate(MyFormAuthenticator.java:284) [xwiki-platform-oldcore-3.1.jar!/:na] at com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:204) [xwiki-platform-oldcore-3.1.jar!/:na] at com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:187) [xwiki-platform-oldcore-3.1.jar!/:na] at com.xpn.xwiki.user.impl.xwiki.XWikiAuthServiceImpl.checkAuth(XWikiAuthServiceImpl.java:244) [xwiki-platform-oldcore-3.1.jar!/:na] at com.xpn.xwiki.XWiki.checkAuth(XWiki.java:4089) [xwiki-platform-oldcore-3.1.jar!/:na] at com.xpn.xwiki.user.impl.xwiki.XWikiRightServiceImpl.checkAccess(XWikiRightServiceImpl.java:170) [xwiki-platform-oldcore-3.1.jar!/:na] at com.xpn.xwiki.XWiki.checkAccess(XWiki.java:4102) [xwiki-platform-oldcore-3.1.jar!/:na] at com.xpn.xwiki.XWiki.prepareDocuments(XWiki.java:5260) [xwiki-platform-oldcore-3.1.jar!/:na] at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:189) [xwiki-platform-oldcore-3.1.jar!/:na] at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:115) [xwiki-platform-oldcore-3.1.jar!/:na] at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:431) [struts-1.2.9.jar!/:1.2.9] at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:236) [struts-1.2.9.jar!/:1.2.9] at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1196) [struts-1.2.9.jar!/:1.2.9] at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:432) [struts-1.2.9.jar!/:1.2.9] at javax.servlet.http.HttpServlet.service(HttpServlet.java:637) [servlet-api.jar!/:5.1.0.GA (build: SVNTag=JBoss_5_1_0_GA date=200905221634)] at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) [servlet-api.jar!/:5.1.0.GA (build: SVNTag=JBoss_5_1_0_GA date=200905221634)] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) [jbossweb.jar!/:5.1.0.GA (build: SVNTag=JBoss_5_1_0_GA date=200905221634)] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [jbossweb.jar!/:5.1.0.GA (build: SVNTag=JBoss_5_1_0_GA date=200905221634)] at com.xpn.xwiki.web.ActionFilter.doFilter(ActionFilter.java:129) [xwiki-platform-oldcore-3.1.jar!/:na] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) [jbossweb.jar!/:5.1.0.GA (build: SVNTag=JBoss_5_1_0_GA date=200905221634)] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [jbossweb.jar!/:5.1.0.GA (build: SVNTag=JBoss_5_1_0_GA date=200905221634)] at org.xwiki.wysiwyg.server.filter.ConversionFilter.doFilter(ConversionFilter.java:152) [xwiki-platform-wysiwyg-server-3.1.jar!/:na] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) [jbossweb.jar!/:5.1.0.GA (build: SVNTag=JBoss_5_1_0_GA date=200905221634)] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [jbossweb.jar!/:5.1.0.GA (build: SVNTag=JBoss_5_1_0_GA date=200905221634)] at com.xpn.xwiki.plugin.webdav.XWikiDavFilter.doFilter(XWikiDavFilter.java:68) [xwiki-platform-webdav-server-3.1.jar!/:na] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) [jbossweb.jar!/:5.1.0.GA (build: SVNTag=JBoss_5_1_0_GA date=200905221634)] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [jbossweb.jar!/:5.1.0.GA (build: SVNTag=JBoss_5_1_0_GA date=200905221634)] at org.xwiki.container.servlet.filters.internal.SavedRequestRestorerFilter.doFilter(SavedRequestRestorerFilter.java:218) [xwiki-platform-container-servlet-3.1.jar!/:na] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) [jbossweb.jar!/:5.1.0.GA (build: SVNTag=JBoss_5_1_0_GA date=200905221634)] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [jbossweb.jar!/:5.1.0.GA (build: SVNTag=JBoss_5_1_0_GA date=200905221634)] at org.xwiki.container.servlet.filters.internal.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:112) [xwiki-platform-container-servlet-3.1.jar!/:na] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) [jbossweb.jar!/:5.1.0.GA (build: SVNTag=JBoss_5_1_0_GA date=200905221634)] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [jbossweb.jar!/:5.1.0.GA (build: SVNTag=JBoss_5_1_0_GA date=200905221634)] at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96) [jboss-web-service.jar!/:5.1.0.GA (build: SVNTag=JBoss_5_1_0_GA date=200905221634)] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) [jbossweb.jar!/:5.1.0.GA (build: SVNTag=JBoss_5_1_0_GA date=200905221634)] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [jbossweb.jar!/:5.1.0.GA (build: SVNTag=JBoss_5_1_0_GA date=200905221634)] at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:235) [jbossweb.jar!/:5.1.0.GA (build: SVNTag=JBoss_5_1_0_GA date=200905221634)] at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) [jbossweb.jar!/:5.1.0.GA (build: SVNTag=JBoss_5_1_0_GA date=200905221634)] at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:190) [jboss-web-service.jar!/:5.1.0.GA (build: SVNTag=JBoss_5_1_0_GA date=200905221634)] at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92) [jboss-web-service.jar!/:5.1.0.GA (build: SVNTag=JBoss_5_1_0_GA date=200905221634)] at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126) [jboss-web-service.jar!/:5.1.0.GA (build: SVNTag=JBoss_5_1_0_GA date=200905221634)] at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70) [jboss-web-service.jar!/:5.1.0.GA (build: SVNTag=JBoss_5_1_0_GA date=200905221634)] at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) [jbossweb.jar!/:5.1.0.GA (build: SVNTag=JBoss_5_1_0_GA date=200905221634)] at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [jbossweb.jar!/:5.1.0.GA (build: SVNTag=JBoss_5_1_0_GA date=200905221634)] at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158) [jboss-web-service.jar!/:5.1.0.GA (build: SVNTag=JBoss_5_1_0_GA date=200905221634)] at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [jbossweb.jar!/:5.1.0.GA (build: SVNTag=JBoss_5_1_0_GA date=200905221634)] at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330) [jbossweb.jar!/:5.1.0.GA (build: SVNTag=JBoss_5_1_0_GA date=200905221634)] at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829) [jbossweb.jar!/:5.1.0.GA (build: SVNTag=JBoss_5_1_0_GA date=200905221634)] at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598) [jbossweb.jar!/:5.1.0.GA (build: SVNTag=JBoss_5_1_0_GA date=200905221634)] at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) [jbossweb.jar!/:5.1.0.GA (build: SVNTag=JBoss_5_1_0_GA date=200905221634)] at java.lang.Thread.run(Thread.java:619) [na:1.6.0_16] 2011-08-05 15:32:00,942 INFO [STDOUT] (http://hostname:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin) 2011-08-05 15:32:00,942 [http://hostname:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG c.x.x.s.XWikiCacheStore - Cache: begin for doc xwiki:XWiki.XWikiPreferences in cache 2011-08-05 15:32:00,942 INFO [STDOUT] (http://hostname:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin) 2011-08-05 15:32:00,942 [http://hostname:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG c.x.x.s.XWikiCacheStore - Cache: Trying to get doc xwiki:XWiki.XWikiPreferences from cache 2011-08-05 15:32:00,942 INFO [STDOUT] (http://hostname:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin) 2011-08-05 15:32:00,942 [http://hostname:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG c.x.x.s.XWikiCacheStore - Cache: got doc xwiki:XWiki.XWikiPreferences from cache 2011-08-05 15:32:00,943 INFO [STDOUT] (http://hostname:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin) 2011-08-05 15:32:00,943 [http://hostname:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG c.x.x.s.XWikiCacheStore - Cache: end for doc xwiki:XWiki.XWikiPreferences in cache 2011-08-05 15:32:00,943 INFO [STDOUT] (http://hostname:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin) 2011-08-05 15:32:00,943 [http://hostname:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG u.i.L.XWikiLDAPAuthServiceImpl - LDAP authentication failed for user [204428] 2011-08-05 15:32:00,943 INFO [STDOUT] (http://hostname:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin) 2011-08-05 15:32:00,943 [http://hostname:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] INFO .x.x.u.i.x.MyFormAuthenticator - User 204428 login has failed 2011-08-05 15:32:00,943 INFO [STDOUT] (http://hostname:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin) 2011-08-05 15:32:00,943 [http://hostname:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG x.x.u.i.x.XWikiAuthServiceImpl - XWikiAuthServiceImpl.checkAuth(XWikiContext) took 391 milliseconds to run. 2011-08-05 15:32:00,944 INFO [STDOUT] (http://hostname:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin) 2011-08-05 15:32:00,944 [http://hostname:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG .x.u.i.x.XWikiRightServiceImpl - Access has been granted for (XWiki.XWikiGuest,XWiki.XWikiLogin,loginsubmit): login/logout pages ----------------------------------------- Also, here is my xwiki.cfg LDAP section. #------------------------------------------------------------------------------------- # LDAP #------------------------------------------------------------------------------------- #-# LDAP authentication service xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl #-# Turn LDAP authentication on - otherwise only XWiki authentication #-# - 0: disable #-# - 1: enable #-# The default is 1 xwiki.authentication.ldap=1 #-# LDAP Server (Active Directory, eDirectory, OpenLDAP, etc.) xwiki.authentication.ldap.server=ldap.companyname.com xwiki.authentication.ldap.port=389 #-# LDAP login, empty = anonymous access, otherwise specify full dn #-# {0} is replaced with the user name, {1} with the password xwiki.authentication.ldap.bind_DN=cn={0},cn=users,dc=company,dc=com xwiki.authentication.ldap.bind_pass={1} #-# LDAP query to search the user in the LDAP database (in case a static admin user is provided in xwiki.authentication.ldap.bind_DN) #-# {0} is replaced with the user uid field name and {1} with the user name #-# The default is ({0}={1}) # xwiki.authentication.ldap.ldap_user_search_fmt=({0}={1}) #-# Only members of the following group will be verified in the LDAP #-# otherwise only users that are found after searching starting from the base_DN # xwiki.authentication.ldap.user_group=cn=developers,ou=groups,o=MegaNova,c=US #-# [Since 1.5RC1, XWikiLDAPAuthServiceImpl] #-# Only users not member of the following group can autheticate # xwiki.authentication.ldap.exclude_group=cn=admin,ou=groups,o=MegaNova,c=US #-# The Base DN used in LDAP searches xwiki.authentication.ldap.base_DN=cn=users,dc=usairways,dc=com #-# Specifies the LDAP attribute containing the identifier to be used as the XWiki name #-# The default is cn # xwiki.authentication.ldap.UID_attr=cn #-# [Since 1.5M1, XWikiLDAPAuthServiceImpl] #-# The potential LDAP groups classes. Separated by commas. # xwiki.authentication.ldap.group_classes=group,groupOfNames,groupOfUniqueNames,dynamicGroup,dynamicGroupAux,groupWiseDistributionList #-# [Since 1.5M1, XWikiLDAPAuthServiceImpl] #-# The potential names of the LDAP groups fields containings the members. Separated by commas. # xwiki.authentication.ldap.group_memberfields=member,uniqueMember #-# retrieve the following fields from LDAP and store them in the XWiki user object (xwiki-attribute=ldap-attribute) xwiki.authentication.ldap.fields_mapping=last_name=sn,first_name=givenName,email=mail #-# [Since 1.3M2, XWikiLDAPAuthServiceImpl] #-# On every login update the mapped attributes from LDAP to XWiki otherwise this happens only once when the XWiki account is created. #-# - 0: only when creating user #-# - 1: at each authentication #-# The default is 1 xwiki.authentication.ldap.update_user=1 #-# [Since 1.3M2, XWikiLDAPAuthServiceImpl] #-# Mapps XWiki groups to LDAP groups, separator is "|" xwiki.authentication.ldap.group_mapping=XWiki.XWikiAdminGroup=cn=portal_administrators,cn=portal.071022.163744.037656000,cn=groups,dc=usairways,dc=com\ XWiki.XWikiAllGroup=cn=USPerson,cn=Common,cn=Groups,dc=usairways,dc=com #-# [Since 1.3M2, XWikiLDAPAuthServiceImpl] #-# Time in s after which the list of members in a group is refreshed from LDAP #-# The default is 2800 xwiki.authentication.ldap.groupcache_expiration=2800 #-# [Since 1.3M2, XWikiLDAPAuthServiceImpl] #-# - create : synchronize group membership only when the user is first created #-# - always: synchronize on every login #-# The default is always xwiki.authentication.ldap.mode_group_sync=always #-# [Since 1.3M2, XWikiLDAPAuthServiceImpl] #-# if ldap authentication fails for any reason, try XWiki DB authentication with the same credentials #-# The default is 1 xwiki.authentication.ldap.trylocal=1 #-# [Since 1.3M2, XWikiLDAPAuthServiceImpl] #-# SSL connection to LDAP server #-# - 0: normal #-# - 1: SSL #-# The default is 0 # xwiki.authentication.ldap.ssl=0 #-# [Since 1.3M2, XWikiLDAPAuthServiceImpl] #-# The keystore file to use in SSL connection # xwiki.authentication.ldap.ssl.keystore= #-# [Since 1.5M1, XWikiLDAPAuthServiceImpl] #-# The java secure provider used in SSL connection #-# The default is com.sun.net.ssl.internal.ssl.Provider # xwiki.authentication.ldap.ssl.secure_provider=com.sun.net.ssl.internal.ssl.Provider #-# Bypass standard LDAP bind validation by doing a direct password comparison. #-# If you don't know what you do, don't use that. It's covering very rare and bad use cases. #-# - 0: disable #-# - 1: enable #-# The default is 0 # xwiki.authentication.ldap.validate_password=0 #-# [Since 1.5M1, XWikiLDAPAuthServiceImpl] #-# Specifies the LDAP attribute containing the password to be used "when xwiki.authentication.ldap.validate_password" is set to 1 # xwiki.authentication.ldap.password_field=userPassword --------------------------- So, one thing my LDAP admin noticed was that in the LOG is looks like it is trying to bid using: Binding to LDAP server with credentials login=[* uid=204428,cn=users,dc=company,dc=com*] Where as in my xwiki.cfg file, I am using: *xwiki.authentication.ldap.bind_DN=cn={0},cn=users,dc=company,dc=com* * * Any reason you can think of that would cause this discrepancy????? Thanks, Chris _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users
