On Sat, Aug 6, 2011 at 12:46 AM, Chris Meyer <chris.me...@gmail.com> wrote: > Hi All, > > Using Oracle's OID (LDAP) I am trying to get my installation of xWiki to > authenticate using the LDAP.... with logging fully turned up, here is the > messages I am currently getting: > > ----------------------------- > > 2011-08-05 15:32:00,761 INFO [STDOUT] ( > http://hostname:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin) 2011-08-05 > 15:32:00,761 [http://hostname:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] > DEBUG c.x.x.p.l.XWikiLDAPConnection - Binding to LDAP server with > credentials login=[uid=204428,cn=users,dc=company,dc=com] > 2011-08-05 15:32:00,940 INFO [STDOUT] > (http://hostname:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin) > 2011-08-05 15:32:00,940 > [http://hostname:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] > DEBUG u.i.L.XWikiLDAPAuthServiceImpl - Local LDAP authentication failed. > com.xpn.xwiki.plugin.ldap.XWikiLDAPException: Error number 0 in 5: LDAP bind > failed with LDAPException. > Wrapped Exception: Invalid Credentials > at > com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:175) > ~[xwiki-platform-oldcore-3.1.jar!/:na] > at > com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:104) > ~[xwiki-platform-oldcore-3.1.jar!/:na] > at > com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticateInContext(XWikiLDAPAuthServiceImpl.java:313) > [xwiki-platform-oldcore-3.1.jar!/:na] > at > com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWikiLDAPAuthServiceImpl.java:190) > [xwiki-platform-oldcore-3.1.jar!/:na] > at > com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.authenticate(XWikiLDAPAuthServiceImpl.java:137) > [xwiki-platform-oldcore-3.1.jar!/:na] > at > com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.authenticate(MyFormAuthenticator.java:284) > [xwiki-platform-oldcore-3.1.jar!/:na] > at > com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:204) > [xwiki-platform-oldcore-3.1.jar!/:na] > at > com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:187) > [xwiki-platform-oldcore-3.1.jar!/:na] > at > com.xpn.xwiki.user.impl.xwiki.XWikiAuthServiceImpl.checkAuth(XWikiAuthServiceImpl.java:244) > [xwiki-platform-oldcore-3.1.jar!/:na] > at com.xpn.xwiki.XWiki.checkAuth(XWiki.java:4089) > [xwiki-platform-oldcore-3.1.jar!/:na] > at > com.xpn.xwiki.user.impl.xwiki.XWikiRightServiceImpl.checkAccess(XWikiRightServiceImpl.java:170) > [xwiki-platform-oldcore-3.1.jar!/:na] > at com.xpn.xwiki.XWiki.checkAccess(XWiki.java:4102) > [xwiki-platform-oldcore-3.1.jar!/:na] > at com.xpn.xwiki.XWiki.prepareDocuments(XWiki.java:5260) > [xwiki-platform-oldcore-3.1.jar!/:na] > at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:189) > [xwiki-platform-oldcore-3.1.jar!/:na] > at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:115) > [xwiki-platform-oldcore-3.1.jar!/:na] > at > org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:431) > [struts-1.2.9.jar!/:1.2.9] > at > org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:236) > [struts-1.2.9.jar!/:1.2.9] > at > org.apache.struts.action.ActionServlet.process(ActionServlet.java:1196) > [struts-1.2.9.jar!/:1.2.9] > at > org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:432) > [struts-1.2.9.jar!/:1.2.9] > at javax.servlet.http.HttpServlet.service(HttpServlet.java:637) > [servlet-api.jar!/:5.1.0.GA (build: SVNTag=JBoss_5_1_0_GA > date=200905221634)] > at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) > [servlet-api.jar!/:5.1.0.GA (build: SVNTag=JBoss_5_1_0_GA > date=200905221634)] > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) > [jbossweb.jar!/:5.1.0.GA (build: SVNTag=JBoss_5_1_0_GA date=200905221634)] > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > [jbossweb.jar!/:5.1.0.GA (build: SVNTag=JBoss_5_1_0_GA date=200905221634)] > at com.xpn.xwiki.web.ActionFilter.doFilter(ActionFilter.java:129) > [xwiki-platform-oldcore-3.1.jar!/:na] > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) > [jbossweb.jar!/:5.1.0.GA (build: SVNTag=JBoss_5_1_0_GA date=200905221634)] > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > [jbossweb.jar!/:5.1.0.GA (build: SVNTag=JBoss_5_1_0_GA date=200905221634)] > at > org.xwiki.wysiwyg.server.filter.ConversionFilter.doFilter(ConversionFilter.java:152) > [xwiki-platform-wysiwyg-server-3.1.jar!/:na] > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) > [jbossweb.jar!/:5.1.0.GA (build: SVNTag=JBoss_5_1_0_GA date=200905221634)] > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > [jbossweb.jar!/:5.1.0.GA (build: SVNTag=JBoss_5_1_0_GA date=200905221634)] > at > com.xpn.xwiki.plugin.webdav.XWikiDavFilter.doFilter(XWikiDavFilter.java:68) > [xwiki-platform-webdav-server-3.1.jar!/:na] > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) > [jbossweb.jar!/:5.1.0.GA (build: SVNTag=JBoss_5_1_0_GA date=200905221634)] > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > [jbossweb.jar!/:5.1.0.GA (build: SVNTag=JBoss_5_1_0_GA date=200905221634)] > at > org.xwiki.container.servlet.filters.internal.SavedRequestRestorerFilter.doFilter(SavedRequestRestorerFilter.java:218) > [xwiki-platform-container-servlet-3.1.jar!/:na] > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) > [jbossweb.jar!/:5.1.0.GA (build: SVNTag=JBoss_5_1_0_GA date=200905221634)] > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > [jbossweb.jar!/:5.1.0.GA (build: SVNTag=JBoss_5_1_0_GA date=200905221634)] > at > org.xwiki.container.servlet.filters.internal.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:112) > [xwiki-platform-container-servlet-3.1.jar!/:na] > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) > [jbossweb.jar!/:5.1.0.GA (build: SVNTag=JBoss_5_1_0_GA date=200905221634)] > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > [jbossweb.jar!/:5.1.0.GA (build: SVNTag=JBoss_5_1_0_GA date=200905221634)] > at > org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96) > [jboss-web-service.jar!/:5.1.0.GA (build: SVNTag=JBoss_5_1_0_GA > date=200905221634)] > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) > [jbossweb.jar!/:5.1.0.GA (build: SVNTag=JBoss_5_1_0_GA date=200905221634)] > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > [jbossweb.jar!/:5.1.0.GA (build: SVNTag=JBoss_5_1_0_GA date=200905221634)] > at > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:235) > [jbossweb.jar!/:5.1.0.GA (build: SVNTag=JBoss_5_1_0_GA date=200905221634)] > at > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) > [jbossweb.jar!/:5.1.0.GA (build: SVNTag=JBoss_5_1_0_GA date=200905221634)] > at > org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:190) > [jboss-web-service.jar!/:5.1.0.GA (build: SVNTag=JBoss_5_1_0_GA > date=200905221634)] > at > org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92) > [jboss-web-service.jar!/:5.1.0.GA (build: SVNTag=JBoss_5_1_0_GA > date=200905221634)] > at > org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126) > [jboss-web-service.jar!/:5.1.0.GA (build: SVNTag=JBoss_5_1_0_GA > date=200905221634)] > at > org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70) > [jboss-web-service.jar!/:5.1.0.GA (build: SVNTag=JBoss_5_1_0_GA > date=200905221634)] > at > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) > [jbossweb.jar!/:5.1.0.GA (build: SVNTag=JBoss_5_1_0_GA date=200905221634)] > at > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) > [jbossweb.jar!/:5.1.0.GA (build: SVNTag=JBoss_5_1_0_GA date=200905221634)] > at > org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158) > [jboss-web-service.jar!/:5.1.0.GA (build: SVNTag=JBoss_5_1_0_GA > date=200905221634)] > at > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) > [jbossweb.jar!/:5.1.0.GA (build: SVNTag=JBoss_5_1_0_GA date=200905221634)] > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330) > [jbossweb.jar!/:5.1.0.GA (build: SVNTag=JBoss_5_1_0_GA date=200905221634)] > at > org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829) > [jbossweb.jar!/:5.1.0.GA (build: SVNTag=JBoss_5_1_0_GA date=200905221634)] > at > org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598) > [jbossweb.jar!/:5.1.0.GA (build: SVNTag=JBoss_5_1_0_GA date=200905221634)] > at > org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) > [jbossweb.jar!/:5.1.0.GA (build: SVNTag=JBoss_5_1_0_GA date=200905221634)] > at java.lang.Thread.run(Thread.java:619) [na:1.6.0_16] > 2011-08-05 15:32:00,942 INFO [STDOUT] > (http://hostname:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin) > 2011-08-05 15:32:00,942 > [http://hostname:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] > DEBUG c.x.x.s.XWikiCacheStore - Cache: begin for doc > xwiki:XWiki.XWikiPreferences in cache > 2011-08-05 15:32:00,942 INFO [STDOUT] > (http://hostname:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin) > 2011-08-05 15:32:00,942 > [http://hostname:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] > DEBUG c.x.x.s.XWikiCacheStore - Cache: Trying to get doc > xwiki:XWiki.XWikiPreferences from cache > 2011-08-05 15:32:00,942 INFO [STDOUT] > (http://hostname:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin) > 2011-08-05 15:32:00,942 > [http://hostname:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] > DEBUG c.x.x.s.XWikiCacheStore - Cache: got doc > xwiki:XWiki.XWikiPreferences from cache > 2011-08-05 15:32:00,943 INFO [STDOUT] > (http://hostname:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin) > 2011-08-05 15:32:00,943 > [http://hostname:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] > DEBUG c.x.x.s.XWikiCacheStore - Cache: end for doc > xwiki:XWiki.XWikiPreferences in cache > 2011-08-05 15:32:00,943 INFO [STDOUT] > (http://hostname:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin) > 2011-08-05 15:32:00,943 > [http://hostname:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] > DEBUG u.i.L.XWikiLDAPAuthServiceImpl - LDAP authentication failed for user > [204428] > 2011-08-05 15:32:00,943 INFO [STDOUT] > (http://hostname:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin) > 2011-08-05 15:32:00,943 > [http://hostname:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] > INFO .x.x.u.i.x.MyFormAuthenticator - User 204428 login has failed > 2011-08-05 15:32:00,943 INFO [STDOUT] > (http://hostname:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin) > 2011-08-05 15:32:00,943 > [http://hostname:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] > DEBUG x.x.u.i.x.XWikiAuthServiceImpl - > XWikiAuthServiceImpl.checkAuth(XWikiContext) took 391 milliseconds to run. > 2011-08-05 15:32:00,944 INFO [STDOUT] > (http://hostname:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin) > 2011-08-05 15:32:00,944 > [http://hostname:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] > DEBUG .x.u.i.x.XWikiRightServiceImpl - Access has been granted for > (XWiki.XWikiGuest,XWiki.XWikiLogin,loginsubmit): login/logout pages > > ----------------------------------------- > > > Also, here is my xwiki.cfg LDAP section. > #------------------------------------------------------------------------------------- > # LDAP > #------------------------------------------------------------------------------------- > > #-# LDAP authentication service > xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl > > #-# Turn LDAP authentication on - otherwise only XWiki authentication > #-# - 0: disable > #-# - 1: enable > #-# The default is 1 > xwiki.authentication.ldap=1 > > #-# LDAP Server (Active Directory, eDirectory, OpenLDAP, etc.) > xwiki.authentication.ldap.server=ldap.companyname.com > xwiki.authentication.ldap.port=389 > > #-# LDAP login, empty = anonymous access, otherwise specify full dn > #-# {0} is replaced with the user name, {1} with the password > xwiki.authentication.ldap.bind_DN=cn={0},cn=users,dc=company,dc=com > xwiki.authentication.ldap.bind_pass={1} > > #-# LDAP query to search the user in the LDAP database (in case a static > admin user is provided in xwiki.authentication.ldap.bind_DN) > #-# {0} is replaced with the user uid field name and {1} with the user name > #-# The default is ({0}={1}) > # xwiki.authentication.ldap.ldap_user_search_fmt=({0}={1}) > > #-# Only members of the following group will be verified in the LDAP > #-# otherwise only users that are found after searching starting from the > base_DN > # > xwiki.authentication.ldap.user_group=cn=developers,ou=groups,o=MegaNova,c=US > > #-# [Since 1.5RC1, XWikiLDAPAuthServiceImpl] > #-# Only users not member of the following group can autheticate > # xwiki.authentication.ldap.exclude_group=cn=admin,ou=groups,o=MegaNova,c=US > > #-# The Base DN used in LDAP searches > xwiki.authentication.ldap.base_DN=cn=users,dc=usairways,dc=com > > #-# Specifies the LDAP attribute containing the identifier to be used as the > XWiki name > #-# The default is cn > # xwiki.authentication.ldap.UID_attr=cn > > #-# [Since 1.5M1, XWikiLDAPAuthServiceImpl] > #-# The potential LDAP groups classes. Separated by commas. > # > xwiki.authentication.ldap.group_classes=group,groupOfNames,groupOfUniqueNames,dynamicGroup,dynamicGroupAux,groupWiseDistributionList > > #-# [Since 1.5M1, XWikiLDAPAuthServiceImpl] > #-# The potential names of the LDAP groups fields containings the members. > Separated by commas. > # xwiki.authentication.ldap.group_memberfields=member,uniqueMember > > #-# retrieve the following fields from LDAP and store them in the XWiki user > object (xwiki-attribute=ldap-attribute) > xwiki.authentication.ldap.fields_mapping=last_name=sn,first_name=givenName,email=mail > > #-# [Since 1.3M2, XWikiLDAPAuthServiceImpl] > #-# On every login update the mapped attributes from LDAP to XWiki otherwise > this happens only once when the XWiki account is created. > #-# - 0: only when creating user > #-# - 1: at each authentication > #-# The default is 1 > xwiki.authentication.ldap.update_user=1 > > #-# [Since 1.3M2, XWikiLDAPAuthServiceImpl] > #-# Mapps XWiki groups to LDAP groups, separator is "|" > xwiki.authentication.ldap.group_mapping=XWiki.XWikiAdminGroup=cn=portal_administrators,cn=portal.071022.163744.037656000,cn=groups,dc=usairways,dc=com\ > > XWiki.XWikiAllGroup=cn=USPerson,cn=Common,cn=Groups,dc=usairways,dc=com > > #-# [Since 1.3M2, XWikiLDAPAuthServiceImpl] > #-# Time in s after which the list of members in a group is refreshed from > LDAP > #-# The default is 2800 > xwiki.authentication.ldap.groupcache_expiration=2800 > > #-# [Since 1.3M2, XWikiLDAPAuthServiceImpl] > #-# - create : synchronize group membership only when the user is first > created > #-# - always: synchronize on every login > #-# The default is always > xwiki.authentication.ldap.mode_group_sync=always > > #-# [Since 1.3M2, XWikiLDAPAuthServiceImpl] > #-# if ldap authentication fails for any reason, try XWiki DB authentication > with the same credentials > #-# The default is 1 > xwiki.authentication.ldap.trylocal=1 > > #-# [Since 1.3M2, XWikiLDAPAuthServiceImpl] > #-# SSL connection to LDAP server > #-# - 0: normal > #-# - 1: SSL > #-# The default is 0 > # xwiki.authentication.ldap.ssl=0 > > #-# [Since 1.3M2, XWikiLDAPAuthServiceImpl] > #-# The keystore file to use in SSL connection > # xwiki.authentication.ldap.ssl.keystore= > > #-# [Since 1.5M1, XWikiLDAPAuthServiceImpl] > #-# The java secure provider used in SSL connection > #-# The default is com.sun.net.ssl.internal.ssl.Provider > # > xwiki.authentication.ldap.ssl.secure_provider=com.sun.net.ssl.internal.ssl.Provider > > #-# Bypass standard LDAP bind validation by doing a direct password > comparison. > #-# If you don't know what you do, don't use that. It's covering very rare > and bad use cases. > #-# - 0: disable > #-# - 1: enable > #-# The default is 0 > # xwiki.authentication.ldap.validate_password=0 > > #-# [Since 1.5M1, XWikiLDAPAuthServiceImpl] > #-# Specifies the LDAP attribute containing the password to be used "when > xwiki.authentication.ldap.validate_password" is set to 1 > # xwiki.authentication.ldap.password_field=userPassword > > --------------------------- > > So, one thing my LDAP admin noticed was that in the LOG is looks like it is > trying to bid using: > > Binding to LDAP server with credentials login=[* > uid=204428,cn=users,dc=company,dc=com*] > > > Where as in my xwiki.cfg file, I am using: > > *xwiki.authentication.ldap.bind_DN=cn={0},cn=users,dc=company,dc=com* > > * > * > Any reason you can think of that would cause this discrepancy?????
Not really. Make sure you don't have another xwiki.authentication.ldap.bind_DN somewhere in xwiki.cfg file and that... well you are really using that xwiki.cfg. > > Thanks, > Chris > _______________________________________________ > users mailing list > users@xwiki.org > http://lists.xwiki.org/mailman/listinfo/users > -- Thomas Mortagne _______________________________________________ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
