cool thanks for reporting back! Have a nice weekend too.
And let me know if you have ideas on how to improve the docker image. Thanks -Vincent > On 12 May 2017, at 17:11, Lester Marc Dizon (ITX) <lmdi...@itx-ge.com> wrote: > > Hi guys, > > Thanks alot for all the help. I have logs and ldap running! > > @Thomas Mortagne, for ldap I had this config missing (I actually thought that > sAMAccountName should be replaced by the user to authenticate with the > windows AD....) : > xwiki.authentication.ldap.UID_attr=sAMAccountName > > Thanks and have a nice weekend! > > Lester > > -----Original Message----- > From: users [mailto:users-boun...@xwiki.org] On Behalf Of Thomas Mortagne > Sent: jeudi 11 mai 2017 19:05 > To: XWiki Users <users@xwiki.org> > Subject: Re: [xwiki-users] XWiki Docker in Prod > > You have various examples > http://extensions.xwiki.org/xwiki/bin/view/Extension/LDAP/Authenticator/UseCases/. > > On Thu, May 11, 2017 at 7:03 PM, Thomas Mortagne <thomas.morta...@xwiki.com> > wrote: >> XWiki tried to find an entry in the LDAP server with the field "cn" >> having the value "lmdizon-itx". Either this uid does not exist or you >> need to set a different field using the property >> xwiki.authentication.ldap.UID_attr (cn is the default). >> >> On Thu, May 11, 2017 at 6:20 PM, Lester Marc Dizon (ITX) >> <lmdi...@itx-ge.com> wrote: >>> @Thomas Froehlich thanks it works and I see LDAP debug logs! @Vincent >>> Massol , with Thomas way, I find the LDAP logs in >>> "/var/lib/tomcat8/logs/xwiki.log" . >>> >>> I added the following configuration in xwiki.cfg but it still doesn't work: >>> xwiki.authentication.authclass=org.xwiki.contrib.ldap.XWikiLDAPAuthSe >>> rviceImpl >>> xwiki.authentication.ldap.trylocal=1 >>> xwiki.authentication.ldap=1 >>> xwiki.authentication.ldap.server=10.50.0.26 >>> xwiki.authentication.ldap.port=389 >>> xwiki.authentication.ldap.base_DN=OU=Standards,OU=Accounts,OU=_ITX,DC >>> =itx,DC=local xwiki.authentication.ldap.bind_DN=CN=Lester Marc Dizon >>> (ITX),OU=Standards,OU=Accounts,OU=_ITX,DC=itx,DC=local >>> xwiki.authentication.ldap.bind_pass=mypassword >>> >>> I have the following errors: >>> 81954 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] TRACE >>> o.x.c.ldap.XWikiLDAPAuthServiceImpl - Starting LDAP authentication >>> 81955 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG >>> o.x.c.ldap.XWikiLDAPAuthServiceImpl - The provided user is null. We don't >>> try to authenticate, it probably means the user is in non logged mode. >>> 81955 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] TRACE >>> o.x.c.ldap.XWikiLDAPAuthServiceImpl - Starting LDAP authentication >>> 81956 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG >>> o.x.contrib.ldap.XWikiLDAPConfig - remoteUserParser: null >>> 82020 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG >>> o.x.contrib.ldap.XWikiLDAPConfig - ldap_group_classes: [groupofnames, >>> posixgroup, apple-group, groupofuniquenames, dynamicgroup, >>> groupwisedistributionlist, group, dynamicgroupaux] >>> 82021 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG >>> o.x.contrib.ldap.XWikiLDAPConfig - ldap_group_memberfields: >>> [uniquemember, memberuid, member] >>> 82201 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG >>> o.x.c.ldap.XWikiLDAPConnection - Connection to LDAP server >>> [10.50.0.26:389] >>> 82217 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG >>> o.x.c.ldap.XWikiLDAPConnection - Binding to LDAP server with >>> credentials login=[CN=Lester Marc Dizon >>> (ITX),OU=Standards,OU=Accounts,OU=_ITX,DC=itx,DC=local] >>> 83172 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG >>> o.xwiki.contrib.ldap.XWikiLDAPUtils - Searching for the user in LDAP: >>> user [lmdizon-itx] base >>> [OU=Standards,OU=Accounts,OU=_ITX,DC=itx,DC=local] query >>> [(cn=lmdizon-itx)] uid [cn] >>> 83180 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG >>> o.x.c.ldap.XWikiLDAPConnection - LDAP search: >>> baseDN=[OU=Standards,OU=Accounts,OU=_ITX,DC=itx,DC=local] >>> query=[(cn=lmdizon-itx)] attr=[null] ldapScope=[2] >>> 83253 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG >>> o.x.c.ldap.XWikiLDAPAuthServiceImpl - Local LDAP authentication failed. >>> com.xpn.xwiki.XWikiException: Error number 8001 in 8: Can't find LDAP user >>> DN for input [lmdizon-itx] >>> at >>> org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl.ldapAuthenticateInContext(XWikiLDAPAuthServiceImpl.java:608) >>> at >>> org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWikiLDAPAuthServiceImpl.java:334) >>> at >>> org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl.authenticate(XWikiLDAPAuthServiceImpl.java:268) >>> at >>> com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.authenticate(MyFormAuthenticator.java:272) >>> at >>> com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:192) >>> at >>> com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:174) >>> at >>> com.xpn.xwiki.user.impl.xwiki.XWikiAuthServiceImpl.checkAuth(XWikiAuthServiceImpl.java:239) >>> at >>> org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl.checkAuth(XWikiLDAPAuthServiceImpl.java:163) >>> at com.xpn.xwiki.XWiki.checkAuth(XWiki.java:3782) >>> at >>> org.xwiki.security.authorization.internal.XWikiCachingRightService.authenticateUser(XWikiCachingRightService.java:242) >>> at >>> org.xwiki.security.authorization.internal.XWikiCachingRightService.checkAccess(XWikiCachingRightService.java:272) >>> at com.xpn.xwiki.XWiki.checkAccess(XWiki.java:3800) >>> at com.xpn.xwiki.XWiki.prepareDocuments(XWiki.java:4850) >>> at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:364) >>> at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:210) >>> at >>> org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:425) >>> at >>> org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:228) >>> at >>> org.apache.struts.action.ActionServlet.process(ActionServlet.java:1913) >>> at >>> org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:462) >>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:661) >>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:742) >>> at >>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231) >>> at >>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) >>> at com.xpn.xwiki.web.ActionFilter.doFilter(ActionFilter.java:112) >>> at >>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) >>> at >>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) >>> at >>> org.xwiki.wysiwyg.server.filter.ConversionFilter.doFilter(ConversionFilter.java:127) >>> at >>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) >>> at >>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) >>> at >>> org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) >>> at >>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) >>> at >>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) >>> at >>> org.xwiki.container.servlet.filters.internal.SetHTTPHeaderFilter.doFilter(SetHTTPHeaderFilter.java:63) >>> at >>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) >>> at >>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) >>> at >>> org.xwiki.container.servlet.filters.internal.SavedRequestRestorerFilter.doFilter(SavedRequestRestorerFilter.java:208) >>> at >>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) >>> at >>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) >>> at >>> org.xwiki.container.servlet.filters.internal.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:111) >>> at >>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) >>> at >>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) >>> at >>> org.xwiki.resource.servlet.RoutingFilter.doFilter(RoutingFilter.java:136) >>> at >>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) >>> at >>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) >>> at >>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198) >>> at >>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) >>> at >>> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:478) >>> at >>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140) >>> at >>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:80) >>> at >>> org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:624) >>> at >>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87) >>> at >>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342) >>> at >>> org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:799) >>> at >>> org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) >>> at >>> org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:861) >>> at >>> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1455) >>> at >>> org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) >>> at >>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) >>> at >>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) >>> at >>> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) >>> at java.lang.Thread.run(Thread.java:745) >>> 83254 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG >>> o.x.c.ldap.XWikiLDAPAuthServiceImpl - Trying authentication against >>> XWiki DB >>> 83283 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG >>> o.x.c.ldap.XWikiLDAPAuthServiceImpl - LDAP authentication failed for >>> user [lmdizon-itx] >>> 83284 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG >>> o.x.c.ldap.XWikiLDAPAuthServiceImpl - XWikiUser: null >>> >>> >>> It seems that I connect to the LDAP server but it doesn't find the user.. >>> When I go to the login page I already have errors for some reason: >>> 907353 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] TRACE >>> o.x.c.ldap.XWikiLDAPAuthServiceImpl - Starting LDAP authentication >>> 907354 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG >>> o.x.c.ldap.XWikiLDAPAuthServiceImpl - The provided user is null. We don't >>> try to authenticate, it probably means the user is in non logged mode. >>> 907354 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] TRACE >>> o.x.c.ldap.XWikiLDAPAuthServiceImpl - Starting LDAP authentication >>> 907354 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG >>> o.x.c.ldap.XWikiLDAPAuthServiceImpl - The provided user is null. We don't >>> try to authenticate, it probably means the user is in non logged mode. >>> 907354 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG >>> o.x.c.ldap.XWikiLDAPAuthServiceImpl - XWikiUser: null >>> >>> Any ideas what config I'm missing/wrong? >>> >>> Thanks, >>> Lester >>> >>> -----Original Message----- >>> From: users [mailto:users-boun...@xwiki.org] On Behalf Of Thomas >>> Froehlich >>> Sent: jeudi 11 mai 2017 08:25 >>> To: XWiki Users <users@xwiki.org> >>> Subject: Re: [xwiki-users] XWiki Docker in Prod >>> >>> Hi Lester, >>> >>> you should configure the XWIKI logging. Then you can find ldap logging >>> information in the XWIKI log file. I did the following steps: >>> >>> a) Set up the XWIKI logging configuration in >>> WEB-INF\classes\logback.xml by adding a RollingFileAppender >>> >>> <appender name="FILE" >>> class="ch.qos.logback.core.rolling.RollingFileAppender"> >>> <file>/var/lib/tomcat8/logs/xwiki.log</file> >>> <rollingPolicy >>> class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> >>> <!-- daily rollover --> >>> <fileNamePattern>xwiki.%d{yyyy-MM-dd}.log</fileNamePattern> >>> <!-- keep 30 days' worth of history --> >>> <maxHistory>30</maxHistory> >>> </rollingPolicy> >>> <encoder> >>> <pattern>%-4relative [%thread] %-5level %logger{35} - >>> %msg%n</pattern> >>> </encoder> >>> </appender> >>> >>> b) Extend the root level logging: >>> >>> <root level="info"> >>> <appender-ref ref="stdout"/> >>> <appender-ref ref="FILE"/> >>> </root> >>> >>> c) Activation of the ldap logging (debugging) in >>> WEB-INF\classes\logback.xml >>> >>> <!-- LDAP debugging --> >>> <logger name="org.xwiki.contrib.ldap" level="trace"/> >>> >>> >>> With kind regards >>> Thomas >> >> >> >> -- >> Thomas Mortagne > > > > -- > Thomas Mortagne