Hi,

Are you sure you need to authenticate for ldap bind, and if yes, of the
user/pwd ?
During my little experience, I've encountered ldap bind with anonymous
access, or with specific admin account.
(binding is not authentication)

"provided user is null" seems a bit strange.
But I'm no ldap expert...
Le 30 janv. 2013 17:47, "Pape, Barry" <barry.p...@nov.com> a écrit :

> Greetings Xwiki Gurus,
>
> I've been trying to get our installation authenticating with LDAP and am
> having no luck.  We are running XWiki 4.3 in Tomcat 7.0.34 on Windows
> Server 2008 R2 Standard.  I have installed the LDAP Application Extension
> and tried configuring it both through the web interface and xwiki.config
> with no success.  Every time I attempt to login I receive an Invalid
> Credentials error (stack trace below,) and the LDAP section from
> xwiki.config file is below that.  I've tried a number of different values
> for the server, bind DN, and the base DN, but nothing works.  Any
> suggestions are greatly appreciated?  Is there any additional logging that
> I can add for more information?
>
> Thanks,
> Barry
>
>
>
>
> 2013-01-30 10:12:55,825 [
> http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X
> Wiki/XWikiLogin] TRACE u.i.L.XWikiLDAPAuthServiceImpl - Starting LDAP
> authentica
> tion
> 2013-01-30 10:12:55,825 [
> http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X
> Wiki/XWikiLogin] DEBUG u.i.L.XWikiLDAPAuthServiceImpl - The provided user
> is nul
> l. We don't try to authenticate, it probably means the user is in non
> logged mod
> e.
> 2013-01-30 10:12:55,825 [
> http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X
> Wiki/XWikiLogin] TRACE u.i.L.XWikiLDAPAuthServiceImpl - Starting LDAP
> authentica
> tion
> 2013-01-30 10:12:55,840 [
> http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X
> Wiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConfig      -
> ldap_group_classes: [gro
> upofnames, groupwisedistributionlist, dynamicgroup, dynamicgroupaux,
> groupofuniq
> uenames, group]
> 2013-01-30 10:12:55,840 [
> http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X
> Wiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConfig      -
> ldap_group_memberfields:
> [member, uniquemember]
> 2013-01-30 10:12:55,857 [
> http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X
> Wiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConnection  - Connection to
> LDAP serve
> r [ldap.nov.com:389]
> 2013-01-30 10:12:55,868 [
> http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X
> Wiki/XWikiLogin] DEBUG c.x.x.p.l.XWikiLDAPConnection  - Binding to LDAP
> server w
> ith credentials login=[cn=papeb,dc=nov,dc=com]
> 2013-01-30 10:12:55,928 [
> http://usa-111b4s1.nov.com:8080/xwiki/bin/loginsubmit/X
> Wiki/XWikiLogin] DEBUG u.i.L.XWikiLDAPAuthServiceImpl - Local LDAP
> authenticatio
> n failed.
> com.xpn.xwiki.plugin.ldap.XWikiLDAPException: Error number 0 in 5: LDAP
> bind fai
> led with LDAPException.
> Wrapped Exception: Invalid Credentials
>         at
> com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnectio
> n.java:184) ~[xwiki-platform-legacy-oldcore-4.4.jar:na]
>         at
> com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.open(XWikiLDAPConnectio
> n.java:113) ~[xwiki-platform-legacy-oldcore-4.4.jar:na]
>         at
> com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticat
> eInContext(XWikiLDAPAuthServiceImpl.java:305)
> [xwiki-platform-legacy-oldcore-4.4
> .jar:na]
>
>
>
>
>
> #-------------------------------------------------------------------------------------
> # LDAP
>
> #-------------------------------------------------------------------------------------
>
> #-# LDAP authentication service
>
> xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl
>
> #-# Turn LDAP authentication on - otherwise only XWiki authentication
> #-# - 0: disable
> #-# - 1: enable
> #-# The default is 0
> xwiki.authentication.ldap=1
>
> #-# LDAP Server (Active Directory, eDirectory, OpenLDAP, etc.)
> xwiki.authentication.ldap.server=ldap.nov.com
> xwiki.authentication.ldap.port=389
>
> #-# LDAP login, empty = anonymous access, otherwise specify full dn
> #-# {0} is replaced with the user name, {1} with the password
> xwiki.authentication.ldap.bind_DN= cn={0},dc=nov,dc=com
> xwiki.authentication.ldap.bind_pass={1}
>
> #-# The Base DN used in LDAP searches
> xwiki.authentication.ldap.base_DN=dc=nov,dc=com
>
> #-# LDAP query to search the user in the LDAP database (in case a static
> admin user is provided in
> #-# xwiki.authentication.ldap.bind_DN)
> #-# {0} is replaced with the user uid field name and {1} with the user name
> #-# The default is ({0}={1})
> # xwiki.authentication.ldap.user_search_fmt=({0}={1})
>
> #-# Only members of the following group will be verified in the LDAP
> #-# otherwise only users that are found after searching starting from the
> base_DN
> #
> xwiki.authentication.ldap.user_group=cn=developers,ou=groups,o=MegaNova,c=US
>
> #-# [Since 1.5RC1, XWikiLDAPAuthServiceImpl]
> #-# Only users not member of the following group can autheticate
> #
> xwiki.authentication.ldap.exclude_group=cn=admin,ou=groups,o=MegaNova,c=US
>
> #-# Specifies the LDAP attribute containing the identifier to be used as
> the XWiki name
> #-# The default is cn
> # xwiki.authentication.ldap.UID_attr=sAMAccountName
>
> #-# [Since 1.5M1, XWikiLDAPAuthServiceImpl]
> #-# The potential LDAP groups classes. Separated by commas.
> #
> xwiki.authentication.ldap.group_classes=group,groupOfNames,groupOfUniqueNames,dynamicGroup,dynamicGroupAux,groupWiseDistributionList
>
> #-# [Since 1.5M1, XWikiLDAPAuthServiceImpl]
> #-# The potential names of the LDAP groups fields containings the members.
> Separated by commas.
> # xwiki.authentication.ldap.group_memberfields=member,uniqueMember
>
> #-# retrieve the following fields from LDAP and store them in the XWiki
> user object (xwiki-attribute=ldap-attribute)
>
> #xwiki.authentication.ldap.fields_mapping=last_name=sn,first_name=givenName,email=mail
>
> #-# [Since 1.3M2, XWikiLDAPAuthServiceImpl]
> #-# On every login update the mapped attributes from LDAP to XWiki
> otherwise this happens only once when the XWiki
> #-# account is created.
> #-# - 0: only when creating user
> #-# - 1: at each authentication
> #-# The default is 0
> #xwiki.authentication.ldap.update_user=1
>
> #-# [Since 1.3M2, XWikiLDAPAuthServiceImpl]
> #-# Maps XWiki groups to LDAP groups, separator is "|". The following kind
> of groups are supported:
> #-# * LDAP static groups (users/subgroups are listed statically in the
> group object)
> #-# * [Since 3.3M1] LDAP organization units (users/subgroups are sub
> object of the provided organization unit)
> #-# * [Since 3.3M1] LDAP filter (users/groups are object found in a search
> with the provided filter),
> #-#   | character in the filter need to be escaped with backslash (\).
> #-#
> #-# Here is an example:
> #
> xwiki.authentication.ldap.group_mapping=XWiki.XWikiAdminGroup=cn=AdminRole,ou=groups,o=domain,c=com|\
> #
> XWiki.LDAPUsers=ou=groups,o=domain,c=com|\
> #                                         XWiki.Organisation=(cn=testers)
>
> #-# [Since 1.3M2, XWikiLDAPAuthServiceImpl]
> #-# Time in s after which the list of members in a group is refreshed from
> LDAP
> #-# The default is 21600 (6 hours)
> # xwiki.authentication.ldap.groupcache_expiration=21600
>
> #-# [Since 1.3M2, XWikiLDAPAuthServiceImpl]
> #-# - create : synchronize group membership only when the user is first
> created
> #-# - always: synchronize on every login
> #-# The default is always
> # xwiki.authentication.ldap.mode_group_sync=always
>
> #-# [Since 1.3M2, XWikiLDAPAuthServiceImpl]
> #-# If ldap authentication fails for any reason, try XWiki DB
> authentication with the same credentials
> #-# - 0: disable
> #-# - 1: enable
> #-# The default is 0
> xwiki.authentication.ldap.trylocal=1
>
> #-# [Since 1.3M2, XWikiLDAPAuthServiceImpl]
> #-# SSL connection to LDAP server
> #-# - 0: normal
> #-# - 1: SSL
> #-# The default is 0
> # xwiki.authentication.ldap.ssl=0
>
> #-# [Since 1.3M2, XWikiLDAPAuthServiceImpl]
> #-# The keystore file to use in SSL connection
> # xwiki.authentication.ldap.ssl.keystore=
>
> #-# [Since 1.5M1, XWikiLDAPAuthServiceImpl]
> #-# The java secure provider used in SSL connection
> #-# The default is com.sun.net.ssl.internal.ssl.Provider
> #
> xwiki.authentication.ldap.ssl.secure_provider=com.sun.net.ssl.internal.ssl.Provider
>
> #-# Bypass standard LDAP bind validation by doing a direct password
> comparison.
> #-# If you don't know what you do, don't use that. It's covering very rare
> and bad use cases.
> #-# - 0: disable
> #-# - 1: enable
> #-# The default is 0
> # xwiki.authentication.ldap.validate_password=0
>
> #-# [Since 1.5M1, XWikiLDAPAuthServiceImpl]
> #-# Specifies the LDAP attribute containing the password to be used "when
> xwiki.authentication.ldap.validate_password"
> #-# is set to 1
> # xwiki.authentication.ldap.password_field=userPassword
>
> #-# [Since 4.3M1, XWikiLDAPAuthServiceImpl]
> #-# The maximum number of milliseconds the client waits for any operation
> under these constraints to complete.
> #-# The default is 1000
> # xwiki.authentication.ldap.timeout=1000
> _______________________________________________
> users mailing list
> users@xwiki.org
> http://lists.xwiki.org/mailman/listinfo/users
>
_______________________________________________
users mailing list
users@xwiki.org
http://lists.xwiki.org/mailman/listinfo/users

Reply via email to