On Thu, Jun 14, 2012 at 3:18 PM, Patrycja Suchomska <[email protected]> wrote: >> You sure it's exactly the same ? I don't see how you can get "Binding >> to LDAP server with credentials login=[cn=xwiki]" with this >> configuration. It should indeicate >> "login=[uid=xwiki,ou=People,dc=debuntu,dc=local]". > > >> Maybe you have some configuration set in XWiki.XWikiPreferences page >> which override what you have in xwiki.cfg, did you tried the LDAP UI >> before seting xwiki.cfg ? > > You're right, I've tried the LDAP UI before setting the xwiki.cfg. I > removed it, but it seems that XWiki still stores those settings > somewhere. I uninstalled it earlier in web interface and even removed > directories such as > /var/lib/xwiki/data/extension/repository/org.xwiki.platform%3Axwiki-platform-ldap-ui/ > and > /var/lib/xwiki/data/extension/repository/org.xwiki.platform%3Axwiki-platform-ldap-api/. > LDAP UI extension disappeared in web administration. But still I could > see in catalina.out that message "Binding to LDAP server with > credentials login=[cn=xwiki]", despite the fact my xwiki.cfg was > different. > > I did 'locate ldap | grep xwiki' on serrver to find where it may be. > The only things it found are: > /usr/lib/xwiki/WEB-INF/lib/jldap-4.3.jar > /var/cache/tomcat6/Catalina/localhost/xwiki/aether-repository/com/novell/ldap > /var/cache/tomcat6/Catalina/localhost/xwiki/aether-repository/com/novell/ldap/jldap > /var/cache/tomcat6/Catalina/localhost/xwiki/aether-repository/com/novell/ldap/jldap/4.3 > /var/cache/tomcat6/Catalina/localhost/xwiki/aether-repository/com/novell/ldap/jldap/4.3/_maven.repositories > /var/cache/tomcat6/Catalina/localhost/xwiki/aether-repository/com/novell/ldap/jldap/4.3/jldap-4.3.pom > /var/cache/tomcat6/Catalina/localhost/xwiki/aether-repository/com/novell/ldap/jldap/4.3/jldap-4.3.pom.sha1 > > I have no idea where does LDAP UI store its configuration.
As I said, it's in the XWiki.XWikiPreferences page. Go to http://yourdomain/xwiki/bin/edit/XWiki/XWikiPreferences?editor=object, you should find some LDAP properties at the end of the XWikiPreferences object. > > > Anyway, after your response, I've tried to install and configure XWiki > UI again (since I'm unable to fully remove its configuration), > according to your proposals. I got different output in catalina.out, > but still no luck: > > > 2012-06-14 14:54:21,163 > [http://10.1.0.220:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] TRACE > u.i.L.XWikiLDAPAuthServiceImpl - Starting LDAP authentication > 2012-06-14 14:54:21,173 > [http://10.1.0.220:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG > c.x.x.p.l.XWikiLDAPConfig - ldap_group_classes: [groupofnames, > groupwisedistributionlist, dynamicgroup, dynamicgroupaux, > groupofuniquenames, group] > 2012-06-14 14:54:21,173 > [http://10.1.0.220:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG > c.x.x.p.l.XWikiLDAPConfig - ldap_group_memberfields: [member, > uniquemember] > 2012-06-14 14:54:21,200 > [http://10.1.0.220:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG > c.x.x.p.l.XWikiLDAPConnection - Connection to LDAP server > [127.0.0.1:389] > 2012-06-14 14:54:21,209 > [http://10.1.0.220:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG > c.x.x.p.l.XWikiLDAPConnection - Binding to LDAP server with > credentials login=[uid=xwiki,ou=People,dc=debuntu,dc=local] > 2012-06-14 14:54:21,244 > [http://10.1.0.220:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG > u.i.L.XWikiLDAPAuthServiceImpl - Local LDAP authentication failed. > com.xpn.xwiki.plugin.ldap.XWikiLDAPException: Error number 0 in 5: > LDAP bind failed with LDAPException. > Wrapped Exception: Invalid Credentials > at > com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:172) > ~[xwiki-platform-legacy-oldcore-4.0.jar:na] > at > com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:101) > ~[xwiki-platform-legacy-oldcore-4.0.jar:na] > at > com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticateInContext(XWikiLDAPAuthServiceImpl.java:305) > [xwiki-platform-legacy-oldcore-4.0.jar:na] > (exception same as before) > 2012-06-14 14:54:21,245 > [http://10.1.0.220:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG > u.i.L.XWikiLDAPAuthServiceImpl - Trying authentication against XWiki > DB > 2012-06-14 14:54:21,276 > [http://10.1.0.220:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG > u.i.L.XWikiLDAPAuthServiceImpl - LDAP authentication failed for user > [xwiki] > 2012-06-14 14:54:21,356 > [http://10.1.0.220:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] WARN > o.x.v.i.DefaultVelocityEngine - Deprecated usage of method > [com.xpn.xwiki.api.XWiki.parseMessage] in /templates/login.vm@29,33 > > > And here's my detailed configuration in XWiki's LDAP UI, as (like I > said) I didn't manage to remove it fully (and use xwiki.cfg instead): > > LDAP > Yes > > LDAP SERVER ADDRESS > 127.0.0.1 > > LDAP SERVER PORT > 389 > > LDAP LOGIN MATCHING > uid={0},ou=People,dc=debuntu,dc=local > > LDAP PASSWORD MATCHING > {1} > > RESTRICT TO GROUP > > LDAP GROUP TO EXCLUDE > > LDAP BASE DN > ou=People,dc=debuntu,dc=local > > LDAP UID ATTRIBUTE NAME > uid > > TRY LOCAL LOGIN > Yes > > UPDATE USER FROM LDAP AFTER LOGIN > Yes > > LDAP USER FIELDS MAPPING > name -> uid > last_name -> uid > first_name -> uid > fullname -> uid > > LDAP GROUPS MAPPING > > LDAP GROUPS CACHE EXPIRATION > > WHEN TO SYNCHRONIZE LDAP GROUPS > At each authentication of a user > > > Is this wrong, or perhaps should I use only xwiki.cfg? If so, do you > know where can I find Xwiki's LDAP UI configuration files? All I can say is that XWiki connect to an LDAP server with host 127.0.0.1 and port 389, try to bind (authenticate) with DN "uid=xwiki,ou=People,dc=debuntu,dc=local" and the password you provide in the form and the LDAP server is answering that it's wrong. Since the DN seems ok according to the ldapsearch you did then the issue probably comes from the password. You should try to connect with those credential with an LDAP client, you can find some listed on http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication#HLDAPAuthentication. You might try to look at OpenLDAP log (I don't know OpenLDAP very well so I don't know exactly where you can find it but I would bet for /var/log/... if you installed it with apt-get). > > > Thanks > > Patricia > _______________________________________________ > users mailing list > [email protected] > http://lists.xwiki.org/mailman/listinfo/users -- Thomas Mortagne _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users
