Active Directory 2.

classic Classic list List threaded Threaded
11 messages Options
bzg
Reply | Threaded
Open this post in threaded view
|

Active Directory 2.

bzg
Hi Members!

  I still have problems with xwiki and Active Directory
authentication. I upgraded to 1.5 RC1, but didn't helped.

  This are my users ldif:
dn: CN=Sztar Balazs, OU=COMPANY, DC=company,DC=intranet
displayName: Sztar Balazs
givenName: Sztar
sAMAccountType: 805306368
primaryGroupID: 513
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
badPasswordTime: 128606019171875000
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=company,DC=intranet
cn: Sztar Balazs
userAccountControl: 66048
userPrincipalName: [hidden email]
codePage: 0
distinguishedName: CN=Sztar Balazs,OU=COMPANY,DC=company,DC=intranet
whenChanged: 20080715132556.0Z
whenCreated: 20080707142421.0Z
pwdLastSet: 128606019568593750
logonCount: 0
accountExpires: 9223372036854775807
lastLogoff: 0
objectGUID: ^LB¯¡Úr]G<93>ç.;\zöA
sn: Balazs
lastLogon: 128606019762343750
uSNChanged: 16406
uSNCreated: 13936
objectSid: ^A^E^@^@^@^@^@^E^U^@^@^@Ú¤uÊ^?<99><94>ãÜ»¼iT^D^@^@
countryCode: 0
sAMAccountName: balazs
instanceType: 4
badPwdCount: 0
name: Sztar Balazs


dn: CN=Zoltán Beck, OU=COMPANY, DC=company,DC=intranet
displayName: Zoltán Beck
givenName: Zoltán
sAMAccountType: 805306368
primaryGroupID: 513
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
badPasswordTime: 0
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=company,DC=intranet
cn: Zoltán Beck
userAccountControl: 66048
userPrincipalName: [hidden email]
codePage: 0
distinguishedName: CN=Zoltán Beck,OU=COMPANY,DC=company,DC=intranet
whenChanged: 20080715143431.0Z
whenCreated: 20080715143431.0Z
pwdLastSet: 128606060713750000
logonCount: 0
accountExpires: 9223372036854775807
lastLogoff: 0
objectGUID: Ì~õÜPuýC<93><8f>)¾¨<8b>^WÃ
sn: Beck
lastLogon: 0
uSNChanged: 16425
uSNCreated: 16419
objectSid: ^A^E^@^@^@^@^@^E^U^@^@^@Ú¤uÊ^?<99><94>ãÜ»¼iU^D^@^@
countryCode: 0
sAMAccountName: beck
instanceType: 4
badPwdCount: 0
name: Zoltán Beck


  xwiki.cfg:
xwiki.authentication.ldap=1
xwiki.authentication.ldap.server=172.16.1.165
xwiki.authentication.ldap.check_level=1
xwiki.authentication.ldap.port=389
xwiki.authentication.ldap.base_DN=dc=company,dc=intranet
xwiki.authentication.ldap.bind_DN=cn={0},ou=COMPANY,dc=company,dc=intranet
xwiki.authentication.ldap.bind_pass={1}
xwiki.authentication.ldap.UID_attr=sAMAccountName
xwiki.authentication.ldap.fields_mapping=name=sAMAccountName,last_name=sn,first_name=givenName,fullname=displayName,mail=cn,ldap_dn=dn

So actually with Sztar Balazs user I an loging and user the wiki, but
with Zoltán Beck I got the following error:
[15/Jul/2008:17:03:27] info (20106): CORE3282: stdout: 2008-07-15
17:03:27,844 [https://unixdba.sysman.hu/xwiki/bin/loginsubmit/XWiki/XWikiLogin]
[service-j2ee-8] ERROR LDAP.LDAPAuthServiceImpl        - LDAP Bind
failed with Exception Invalid Credentials

In the Active Directory Event Viever I can't see anything about this
failed login attempt!

It is possible to login with sAMAccountName attribute or it will be
developed in the near future?

  Best regards,
bzg
--
Zoltan Gyula Beck
Tel.: +36-70-328-9306
E-Mail: [hidden email]
_______________________________________________
users mailing list
[hidden email]
http://lists.xwiki.org/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Active Directory 2.

Wright, Philip
I would suggest changing the ldap authentication to look at your
samaccountname's since they appear to not have any spaces, periods or
special characters which I have noticed break the authentication.


 

Philip Wright

Reports Analyst

ACS: BPS
Affiliated Computer Services, Inc

 

Affiliated Computer Services, Inc (ACS) Proprietary and Confidential
Information
This document (or any part thereof) may not be disseminated outside of ACS
in either electronic or physical form without specific authorization of the
office of the ACS Chief Information Security Officer. The information
included in this document represents no commitment by ACS to any other
party. The policies and standards described do not consider any country law
or other directive outside of the United States.

P Please consider the environment before printing this email


-----Original Message-----
From: [hidden email] [mailto:[hidden email]] On Behalf Of
Zoltan Gyula Beck
Sent: Tuesday, July 15, 2008 8:27 AM
To: [hidden email]
Subject: [xwiki-users] Active Directory 2.

Hi Members!

  I still have problems with xwiki and Active Directory authentication. I
upgraded to 1.5 RC1, but didn't helped.

  This are my users ldif:
dn: CN=Sztar Balazs, OU=COMPANY, DC=company,DC=intranet
displayName: Sztar Balazs
givenName: Sztar
sAMAccountType: 805306368
primaryGroupID: 513
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
badPasswordTime: 128606019171875000
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=company,DC=intranet
cn: Sztar Balazs
userAccountControl: 66048
userPrincipalName: [hidden email]
codePage: 0
distinguishedName: CN=Sztar Balazs,OU=COMPANY,DC=company,DC=intranet
whenChanged: 20080715132556.0Z
whenCreated: 20080707142421.0Z
pwdLastSet: 128606019568593750
logonCount: 0
accountExpires: 9223372036854775807
lastLogoff: 0
objectGUID: ^LB¯¡Úr]G<93>ç.;\zöA
sn: Balazs
lastLogon: 128606019762343750
uSNChanged: 16406
uSNCreated: 13936
objectSid: ^A^E^@^@^@^@^@^E^U^@^@^@Ú¤uÊ^?<99><94>ãÜ»¼iT^D^@^@
countryCode: 0
sAMAccountName: balazs
instanceType: 4
badPwdCount: 0
name: Sztar Balazs


dn: CN=Zoltán Beck, OU=COMPANY, DC=company,DC=intranet
displayName: Zoltán Beck
givenName: Zoltán
sAMAccountType: 805306368
primaryGroupID: 513
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
badPasswordTime: 0
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=company,DC=intranet
cn: Zoltán Beck
userAccountControl: 66048
userPrincipalName: [hidden email]
codePage: 0
distinguishedName: CN=Zoltán Beck,OU=COMPANY,DC=company,DC=intranet
whenChanged: 20080715143431.0Z
whenCreated: 20080715143431.0Z
pwdLastSet: 128606060713750000
logonCount: 0
accountExpires: 9223372036854775807
lastLogoff: 0
objectGUID: Ì~õÜPuýC<93><8f>)¾¨<8b>^WÃ
sn: Beck
lastLogon: 0
uSNChanged: 16425
uSNCreated: 16419
objectSid: ^A^E^@^@^@^@^@^E^U^@^@^@Ú¤uÊ^?<99><94>ãÜ»¼iU^D^@^@
countryCode: 0
sAMAccountName: beck
instanceType: 4
badPwdCount: 0
name: Zoltán Beck


  xwiki.cfg:
xwiki.authentication.ldap=1
xwiki.authentication.ldap.server=172.16.1.165
xwiki.authentication.ldap.check_level=1
xwiki.authentication.ldap.port=389
xwiki.authentication.ldap.base_DN=dc=company,dc=intranet
xwiki.authentication.ldap.bind_DN=cn={0},ou=COMPANY,dc=company,dc=intranet
xwiki.authentication.ldap.bind_pass={1}
xwiki.authentication.ldap.UID_attr=sAMAccountName
xwiki.authentication.ldap.fields_mapping=name=sAMAccountName,last_name=sn,fi
rst_name=givenName,fullname=displayName,mail=cn,ldap_dn=dn

So actually with Sztar Balazs user I an loging and user the wiki, but with
Zoltán Beck I got the following error:
[15/Jul/2008:17:03:27] info (20106): CORE3282: stdout: 2008-07-15
17:03:27,844
[https://unixdba.sysman.hu/xwiki/bin/loginsubmit/XWiki/XWikiLogin]
[service-j2ee-8] ERROR LDAP.LDAPAuthServiceImpl        - LDAP Bind
failed with Exception Invalid Credentials

In the Active Directory Event Viever I can't see anything about this failed
login attempt!

It is possible to login with sAMAccountName attribute or it will be
developed in the near future?

  Best regards,
bzg
--
Zoltan Gyula Beck
Tel.: +36-70-328-9306
E-Mail: [hidden email]
_______________________________________________
users mailing list
[hidden email]
http://lists.xwiki.org/mailman/listinfo/users
_______________________________________________
users mailing list
[hidden email]
http://lists.xwiki.org/mailman/listinfo/users
bzg
Reply | Threaded
Open this post in threaded view
|

Re: Active Directory 2.

bzg
Thank you Philip, but how can I do it? Can you explain me please. The
xwiki.authentication.ldap.UID_attr=sAMAccountName is set, but doesn't
work for me, if in login I write the balazs or beck "user names".

  Best Regards,
bzg


2008/7/15 Wright, Philip <[hidden email]>:

> I would suggest changing the ldap authentication to look at your
> samaccountname's since they appear to not have any spaces, periods or
> special characters which I have noticed break the authentication.
>
>
>
>
> Philip Wright
>
> Reports Analyst
>
> ACS: BPS
> Affiliated Computer Services, Inc
>
>
>
> Affiliated Computer Services, Inc (ACS) Proprietary and Confidential
> Information
> This document (or any part thereof) may not be disseminated outside of ACS
> in either electronic or physical form without specific authorization of the
> office of the ACS Chief Information Security Officer. The information
> included in this document represents no commitment by ACS to any other
> party. The policies and standards described do not consider any country law
> or other directive outside of the United States.
>
> P Please consider the environment before printing this email
>
>
> -----Original Message-----
> From: [hidden email] [mailto:[hidden email]] On Behalf Of
> Zoltan Gyula Beck
> Sent: Tuesday, July 15, 2008 8:27 AM
> To: [hidden email]
> Subject: [xwiki-users] Active Directory 2.
>
> Hi Members!
>
>  I still have problems with xwiki and Active Directory authentication. I
> upgraded to 1.5 RC1, but didn't helped.
>
>  This are my users ldif:
> dn: CN=Sztar Balazs, OU=COMPANY, DC=company,DC=intranet
> displayName: Sztar Balazs
> givenName: Sztar
> sAMAccountType: 805306368
> primaryGroupID: 513
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: user
> badPasswordTime: 128606019171875000
> objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=company,DC=intranet
> cn: Sztar Balazs
> userAccountControl: 66048
> userPrincipalName: [hidden email]
> codePage: 0
> distinguishedName: CN=Sztar Balazs,OU=COMPANY,DC=company,DC=intranet
> whenChanged: 20080715132556.0Z
> whenCreated: 20080707142421.0Z
> pwdLastSet: 128606019568593750
> logonCount: 0
> accountExpires: 9223372036854775807
> lastLogoff: 0
> objectGUID: ^LB¯¡Úr]G<93>ç.;\zöA
> sn: Balazs
> lastLogon: 128606019762343750
> uSNChanged: 16406
> uSNCreated: 13936
> objectSid: ^A^E^@^@^@^@^@^E^U^@^@^@Ú¤uÊ^?<99><94>ãÜ»¼iT^D^@^@
> countryCode: 0
> sAMAccountName: balazs
> instanceType: 4
> badPwdCount: 0
> name: Sztar Balazs
>
>
> dn: CN=Zoltán Beck, OU=COMPANY, DC=company,DC=intranet
> displayName: Zoltán Beck
> givenName: Zoltán
> sAMAccountType: 805306368
> primaryGroupID: 513
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: user
> badPasswordTime: 0
> objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=company,DC=intranet
> cn: Zoltán Beck
> userAccountControl: 66048
> userPrincipalName: [hidden email]
> codePage: 0
> distinguishedName: CN=Zoltán Beck,OU=COMPANY,DC=company,DC=intranet
> whenChanged: 20080715143431.0Z
> whenCreated: 20080715143431.0Z
> pwdLastSet: 128606060713750000
> logonCount: 0
> accountExpires: 9223372036854775807
> lastLogoff: 0
> objectGUID: Ì~õÜPuýC<93><8f>)¾¨<8b>^WÃ
> sn: Beck
> lastLogon: 0
> uSNChanged: 16425
> uSNCreated: 16419
> objectSid: ^A^E^@^@^@^@^@^E^U^@^@^@Ú¤uÊ^?<99><94>ãÜ»¼iU^D^@^@
> countryCode: 0
> sAMAccountName: beck
> instanceType: 4
> badPwdCount: 0
> name: Zoltán Beck
>
>
>  xwiki.cfg:
> xwiki.authentication.ldap=1
> xwiki.authentication.ldap.server=172.16.1.165
> xwiki.authentication.ldap.check_level=1
> xwiki.authentication.ldap.port=389
> xwiki.authentication.ldap.base_DN=dc=company,dc=intranet
> xwiki.authentication.ldap.bind_DN=cn={0},ou=COMPANY,dc=company,dc=intranet
> xwiki.authentication.ldap.bind_pass={1}
> xwiki.authentication.ldap.UID_attr=sAMAccountName
> xwiki.authentication.ldap.fields_mapping=name=sAMAccountName,last_name=sn,fi
> rst_name=givenName,fullname=displayName,mail=cn,ldap_dn=dn
>
> So actually with Sztar Balazs user I an loging and user the wiki, but with
> Zoltán Beck I got the following error:
> [15/Jul/2008:17:03:27] info (20106): CORE3282: stdout: 2008-07-15
> 17:03:27,844
> [https://unixdba.sysman.hu/xwiki/bin/loginsubmit/XWiki/XWikiLogin]
> [service-j2ee-8] ERROR LDAP.LDAPAuthServiceImpl        - LDAP Bind
> failed with Exception Invalid Credentials
>
> In the Active Directory Event Viever I can't see anything about this failed
> login attempt!
>
> It is possible to login with sAMAccountName attribute or it will be
> developed in the near future?
>
>  Best regards,
> bzg
> --
> Zoltan Gyula Beck
> Tel.: +36-70-328-9306
> E-Mail: [hidden email]
> _______________________________________________
> users mailing list
> [hidden email]
> http://lists.xwiki.org/mailman/listinfo/users
> _______________________________________________
> users mailing list
> [hidden email]
> http://lists.xwiki.org/mailman/listinfo/users
>



--
Zoltan Gyula Beck
Tel.: +36-70-328-9306
E-Mail: [hidden email]
_______________________________________________
users mailing list
[hidden email]
http://lists.xwiki.org/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Active Directory 2.

Wright, Philip
In reply to this post by bzg
 do you really have a space in your code on this line in the word first (fi
rst):

xwiki.authentication.ldap.fields_mapping=name=sAMAccountName,last_name
> =sn,fi rst_name=givenName,fullname=displayName,mail=cn,ldap_dn=dn


 

Philip Wright



-----Original Message-----
From: [hidden email] [mailto:[hidden email]] On Behalf Of
Zoltan Gyula Beck
Sent: Tuesday, July 15, 2008 2:28 PM
To: XWiki Users
Subject: Re: [xwiki-users] Active Directory 2.

Thank you Philip, but how can I do it? Can you explain me please. The
xwiki.authentication.ldap.UID_attr=sAMAccountName is set, but doesn't work
for me, if in login I write the balazs or beck "user names".

  Best Regards,
bzg


2008/7/15 Wright, Philip <[hidden email]>:

> I would suggest changing the ldap authentication to look at your
> samaccountname's since they appear to not have any spaces, periods or
> special characters which I have noticed break the authentication.
>
>
>
>
> Philip Wright
>
> Reports Analyst
>
> ACS: BPS
> Affiliated Computer Services, Inc
>
>
>
> Affiliated Computer Services, Inc (ACS) Proprietary and Confidential
> Information This document (or any part thereof) may not be
> disseminated outside of ACS in either electronic or physical form
> without specific authorization of the office of the ACS Chief
> Information Security Officer. The information included in this
> document represents no commitment by ACS to any other party. The
> policies and standards described do not consider any country law or
> other directive outside of the United States.
>
> P Please consider the environment before printing this email
>
>
> -----Original Message-----
> From: [hidden email] [mailto:[hidden email]] On
> Behalf Of Zoltan Gyula Beck
> Sent: Tuesday, July 15, 2008 8:27 AM
> To: [hidden email]
> Subject: [xwiki-users] Active Directory 2.
>
> Hi Members!
>
>  I still have problems with xwiki and Active Directory authentication.
> I upgraded to 1.5 RC1, but didn't helped.
>
>  This are my users ldif:
> dn: CN=Sztar Balazs, OU=COMPANY, DC=company,DC=intranet
> displayName: Sztar Balazs
> givenName: Sztar
> sAMAccountType: 805306368
> primaryGroupID: 513
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: user
> badPasswordTime: 128606019171875000
> objectCategory:
> CN=Person,CN=Schema,CN=Configuration,DC=company,DC=intranet
> cn: Sztar Balazs
> userAccountControl: 66048
> userPrincipalName: [hidden email]
> codePage: 0
> distinguishedName: CN=Sztar Balazs,OU=COMPANY,DC=company,DC=intranet
> whenChanged: 20080715132556.0Z
> whenCreated: 20080707142421.0Z
> pwdLastSet: 128606019568593750
> logonCount: 0
> accountExpires: 9223372036854775807
> lastLogoff: 0
> objectGUID: ^LB¯¡Úr]G<93>ç.;\zöA
> sn: Balazs
> lastLogon: 128606019762343750
> uSNChanged: 16406
> uSNCreated: 13936
> objectSid: ^A^E^@^@^@^@^@^E^U^@^@^@Ú¤uÊ^?<99><94>ãÜ»¼iT^D^@^@
> countryCode: 0
> sAMAccountName: balazs
> instanceType: 4
> badPwdCount: 0
> name: Sztar Balazs
>
>
> dn: CN=Zoltán Beck, OU=COMPANY, DC=company,DC=intranet
> displayName: Zoltán Beck
> givenName: Zoltán
> sAMAccountType: 805306368
> primaryGroupID: 513
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: user
> badPasswordTime: 0
> objectCategory:
> CN=Person,CN=Schema,CN=Configuration,DC=company,DC=intranet
> cn: Zoltán Beck
> userAccountControl: 66048
> userPrincipalName: [hidden email]
> codePage: 0
> distinguishedName: CN=Zoltán Beck,OU=COMPANY,DC=company,DC=intranet
> whenChanged: 20080715143431.0Z
> whenCreated: 20080715143431.0Z
> pwdLastSet: 128606060713750000
> logonCount: 0
> accountExpires: 9223372036854775807
> lastLogoff: 0
> objectGUID: Ì~õÜPuýC<93><8f>)¾¨<8b>^WÃ
> sn: Beck
> lastLogon: 0
> uSNChanged: 16425
> uSNCreated: 16419
> objectSid: ^A^E^@^@^@^@^@^E^U^@^@^@Ú¤uÊ^?<99><94>ãÜ»¼iU^D^@^@
> countryCode: 0
> sAMAccountName: beck
> instanceType: 4
> badPwdCount: 0
> name: Zoltán Beck
>
>
>  xwiki.cfg:
> xwiki.authentication.ldap=1
> xwiki.authentication.ldap.server=172.16.1.165
> xwiki.authentication.ldap.check_level=1
> xwiki.authentication.ldap.port=389
> xwiki.authentication.ldap.base_DN=dc=company,dc=intranet
> xwiki.authentication.ldap.bind_DN=cn={0},ou=COMPANY,dc=company,dc=intr
> anet xwiki.authentication.ldap.bind_pass={1}
> xwiki.authentication.ldap.UID_attr=sAMAccountName
> xwiki.authentication.ldap.fields_mapping=name=sAMAccountName,last_name
> =sn,fi rst_name=givenName,fullname=displayName,mail=cn,ldap_dn=dn
>
> So actually with Sztar Balazs user I an loging and user the wiki, but
> with Zoltán Beck I got the following error:
> [15/Jul/2008:17:03:27] info (20106): CORE3282: stdout: 2008-07-15
> 17:03:27,844
> [https://unixdba.sysman.hu/xwiki/bin/loginsubmit/XWiki/XWikiLogin]
> [service-j2ee-8] ERROR LDAP.LDAPAuthServiceImpl        - LDAP Bind
> failed with Exception Invalid Credentials
>
> In the Active Directory Event Viever I can't see anything about this
> failed login attempt!
>
> It is possible to login with sAMAccountName attribute or it will be
> developed in the near future?
>
>  Best regards,
> bzg
> --
> Zoltan Gyula Beck
> Tel.: +36-70-328-9306
> E-Mail: [hidden email]
> _______________________________________________
> users mailing list
> [hidden email]
> http://lists.xwiki.org/mailman/listinfo/users
> _______________________________________________
> users mailing list
> [hidden email]
> http://lists.xwiki.org/mailman/listinfo/users
>



--
Zoltan Gyula Beck
Tel.: +36-70-328-9306
E-Mail: [hidden email]
_______________________________________________
users mailing list
[hidden email]
http://lists.xwiki.org/mailman/listinfo/users
_______________________________________________
users mailing list
[hidden email]
http://lists.xwiki.org/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Active Directory 2.

Wright, Philip
In reply to this post by bzg
Also can all of your user's view your LDAP?  Or do you need a login with
admin privileges to do so? If you need admin privileges to view the ldap you
would need to replace:

xwiki.authentication.ldap.bind_DN=cn={0},ou=COMPANY,dc=company,dc=intranet
xwiki.authentication.ldap.bind_pass={1}

With:

xwiki.authentication.ldap.bind_DN=cn=***AdminUsername***,ou=COMPANY,dc=compa
ny,dc=intranet
xwiki.authentication.ldap.bind_pass=***AdminPassword***

 
Philip Wright




-----Original Message-----
From: [hidden email] [mailto:[hidden email]] On Behalf Of
Zoltan Gyula Beck
Sent: Tuesday, July 15, 2008 2:28 PM
To: XWiki Users
Subject: Re: [xwiki-users] Active Directory 2.

Thank you Philip, but how can I do it? Can you explain me please. The
xwiki.authentication.ldap.UID_attr=sAMAccountName is set, but doesn't work
for me, if in login I write the balazs or beck "user names".

  Best Regards,
bzg


2008/7/15 Wright, Philip <[hidden email]>:

> I would suggest changing the ldap authentication to look at your
> samaccountname's since they appear to not have any spaces, periods or
> special characters which I have noticed break the authentication.
>
>
>
>
> Philip Wright
>
> Reports Analyst
>
> ACS: BPS
> Affiliated Computer Services, Inc
>
>
>
> Affiliated Computer Services, Inc (ACS) Proprietary and Confidential
> Information This document (or any part thereof) may not be
> disseminated outside of ACS in either electronic or physical form
> without specific authorization of the office of the ACS Chief
> Information Security Officer. The information included in this
> document represents no commitment by ACS to any other party. The
> policies and standards described do not consider any country law or
> other directive outside of the United States.
>
> P Please consider the environment before printing this email
>
>
> -----Original Message-----
> From: [hidden email] [mailto:[hidden email]] On
> Behalf Of Zoltan Gyula Beck
> Sent: Tuesday, July 15, 2008 8:27 AM
> To: [hidden email]
> Subject: [xwiki-users] Active Directory 2.
>
> Hi Members!
>
>  I still have problems with xwiki and Active Directory authentication.
> I upgraded to 1.5 RC1, but didn't helped.
>
>  This are my users ldif:
> dn: CN=Sztar Balazs, OU=COMPANY, DC=company,DC=intranet
> displayName: Sztar Balazs
> givenName: Sztar
> sAMAccountType: 805306368
> primaryGroupID: 513
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: user
> badPasswordTime: 128606019171875000
> objectCategory:
> CN=Person,CN=Schema,CN=Configuration,DC=company,DC=intranet
> cn: Sztar Balazs
> userAccountControl: 66048
> userPrincipalName: [hidden email]
> codePage: 0
> distinguishedName: CN=Sztar Balazs,OU=COMPANY,DC=company,DC=intranet
> whenChanged: 20080715132556.0Z
> whenCreated: 20080707142421.0Z
> pwdLastSet: 128606019568593750
> logonCount: 0
> accountExpires: 9223372036854775807
> lastLogoff: 0
> objectGUID: ^LB¯¡Úr]G<93>ç.;\zöA
> sn: Balazs
> lastLogon: 128606019762343750
> uSNChanged: 16406
> uSNCreated: 13936
> objectSid: ^A^E^@^@^@^@^@^E^U^@^@^@Ú¤uÊ^?<99><94>ãÜ»¼iT^D^@^@
> countryCode: 0
> sAMAccountName: balazs
> instanceType: 4
> badPwdCount: 0
> name: Sztar Balazs
>
>
> dn: CN=Zoltán Beck, OU=COMPANY, DC=company,DC=intranet
> displayName: Zoltán Beck
> givenName: Zoltán
> sAMAccountType: 805306368
> primaryGroupID: 513
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: user
> badPasswordTime: 0
> objectCategory:
> CN=Person,CN=Schema,CN=Configuration,DC=company,DC=intranet
> cn: Zoltán Beck
> userAccountControl: 66048
> userPrincipalName: [hidden email]
> codePage: 0
> distinguishedName: CN=Zoltán Beck,OU=COMPANY,DC=company,DC=intranet
> whenChanged: 20080715143431.0Z
> whenCreated: 20080715143431.0Z
> pwdLastSet: 128606060713750000
> logonCount: 0
> accountExpires: 9223372036854775807
> lastLogoff: 0
> objectGUID: Ì~õÜPuýC<93><8f>)¾¨<8b>^WÃ
> sn: Beck
> lastLogon: 0
> uSNChanged: 16425
> uSNCreated: 16419
> objectSid: ^A^E^@^@^@^@^@^E^U^@^@^@Ú¤uÊ^?<99><94>ãÜ»¼iU^D^@^@
> countryCode: 0
> sAMAccountName: beck
> instanceType: 4
> badPwdCount: 0
> name: Zoltán Beck
>
>
>  xwiki.cfg:
> xwiki.authentication.ldap=1
> xwiki.authentication.ldap.server=172.16.1.165
> xwiki.authentication.ldap.check_level=1
> xwiki.authentication.ldap.port=389
> xwiki.authentication.ldap.base_DN=dc=company,dc=intranet
> xwiki.authentication.ldap.bind_DN=cn={0},ou=COMPANY,dc=company,dc=intr
> anet xwiki.authentication.ldap.bind_pass={1}
> xwiki.authentication.ldap.UID_attr=sAMAccountName
> xwiki.authentication.ldap.fields_mapping=name=sAMAccountName,last_name
> =sn,fi rst_name=givenName,fullname=displayName,mail=cn,ldap_dn=dn
>
> So actually with Sztar Balazs user I an loging and user the wiki, but
> with Zoltán Beck I got the following error:
> [15/Jul/2008:17:03:27] info (20106): CORE3282: stdout: 2008-07-15
> 17:03:27,844
> [https://unixdba.sysman.hu/xwiki/bin/loginsubmit/XWiki/XWikiLogin]
> [service-j2ee-8] ERROR LDAP.LDAPAuthServiceImpl        - LDAP Bind
> failed with Exception Invalid Credentials
>
> In the Active Directory Event Viever I can't see anything about this
> failed login attempt!
>
> It is possible to login with sAMAccountName attribute or it will be
> developed in the near future?
>
>  Best regards,
> bzg
> --
> Zoltan Gyula Beck
> Tel.: +36-70-328-9306
> E-Mail: [hidden email]
> _______________________________________________
> users mailing list
> [hidden email]
> http://lists.xwiki.org/mailman/listinfo/users
> _______________________________________________
> users mailing list
> [hidden email]
> http://lists.xwiki.org/mailman/listinfo/users
>



--
Zoltan Gyula Beck
Tel.: +36-70-328-9306
E-Mail: [hidden email]
_______________________________________________
users mailing list
[hidden email]
http://lists.xwiki.org/mailman/listinfo/users
_______________________________________________
users mailing list
[hidden email]
http://lists.xwiki.org/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Active Directory 2.

emj10
Try checking to see if you need to be using a subdomain on your binddn.

My company uses a subdomain for logging in:

Example, for windows login, we enter our username and password and where to
login (either to the network or to the local machine).  IF THIS IS THE CASE,
then an admin username and admin password will most likely NOT be required.

If you are logging into a subdomain, try changing the bind_DN=***\\{0} and
bind_pass={1}, where *** is the subdomain you log into.  As far as I know
the double \'s are needed.

Eric

-----Original Message-----
From: [hidden email] [mailto:[hidden email]] On Behalf Of
Wright, Philip
Sent: Tuesday, July 15, 2008 6:24 PM
To: XWiki Users
Subject: Re: [xwiki-users] Active Directory 2.

Also can all of your user's view your LDAP?  Or do you need a login with
admin privileges to do so? If you need admin privileges to view the ldap you
would need to replace:

xwiki.authentication.ldap.bind_DN=cn={0},ou=COMPANY,dc=company,dc=intranet
xwiki.authentication.ldap.bind_pass={1}

With:

xwiki.authentication.ldap.bind_DN=cn=***AdminUsername***,ou=COMPANY,dc=compa
ny,dc=intranet
xwiki.authentication.ldap.bind_pass=***AdminPassword***

 
Philip Wright




-----Original Message-----
From: [hidden email] [mailto:[hidden email]] On Behalf Of
Zoltan Gyula Beck
Sent: Tuesday, July 15, 2008 2:28 PM
To: XWiki Users
Subject: Re: [xwiki-users] Active Directory 2.

Thank you Philip, but how can I do it? Can you explain me please. The
xwiki.authentication.ldap.UID_attr=sAMAccountName is set, but doesn't work
for me, if in login I write the balazs or beck "user names".

  Best Regards,
bzg


2008/7/15 Wright, Philip <[hidden email]>:

> I would suggest changing the ldap authentication to look at your
> samaccountname's since they appear to not have any spaces, periods or
> special characters which I have noticed break the authentication.
>
>
>
>
> Philip Wright
>
> Reports Analyst
>
> ACS: BPS
> Affiliated Computer Services, Inc
>
>
>
> Affiliated Computer Services, Inc (ACS) Proprietary and Confidential
> Information This document (or any part thereof) may not be
> disseminated outside of ACS in either electronic or physical form
> without specific authorization of the office of the ACS Chief
> Information Security Officer. The information included in this
> document represents no commitment by ACS to any other party. The
> policies and standards described do not consider any country law or
> other directive outside of the United States.
>
> P Please consider the environment before printing this email
>
>
> -----Original Message-----
> From: [hidden email] [mailto:[hidden email]] On
> Behalf Of Zoltan Gyula Beck
> Sent: Tuesday, July 15, 2008 8:27 AM
> To: [hidden email]
> Subject: [xwiki-users] Active Directory 2.
>
> Hi Members!
>
>  I still have problems with xwiki and Active Directory authentication.
> I upgraded to 1.5 RC1, but didn't helped.
>
>  This are my users ldif:
> dn: CN=Sztar Balazs, OU=COMPANY, DC=company,DC=intranet
> displayName: Sztar Balazs
> givenName: Sztar
> sAMAccountType: 805306368
> primaryGroupID: 513
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: user
> badPasswordTime: 128606019171875000
> objectCategory:
> CN=Person,CN=Schema,CN=Configuration,DC=company,DC=intranet
> cn: Sztar Balazs
> userAccountControl: 66048
> userPrincipalName: [hidden email]
> codePage: 0
> distinguishedName: CN=Sztar Balazs,OU=COMPANY,DC=company,DC=intranet
> whenChanged: 20080715132556.0Z
> whenCreated: 20080707142421.0Z
> pwdLastSet: 128606019568593750
> logonCount: 0
> accountExpires: 9223372036854775807
> lastLogoff: 0
> objectGUID: ^LB¯¡Úr]G<93>ç.;\zöA
> sn: Balazs
> lastLogon: 128606019762343750
> uSNChanged: 16406
> uSNCreated: 13936
> objectSid: ^A^E^@^@^@^@^@^E^U^@^@^@Ú¤uÊ^?<99><94>ãÜ»¼iT^D^@^@
> countryCode: 0
> sAMAccountName: balazs
> instanceType: 4
> badPwdCount: 0
> name: Sztar Balazs
>
>
> dn: CN=Zoltán Beck, OU=COMPANY, DC=company,DC=intranet
> displayName: Zoltán Beck
> givenName: Zoltán
> sAMAccountType: 805306368
> primaryGroupID: 513
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: user
> badPasswordTime: 0
> objectCategory:
> CN=Person,CN=Schema,CN=Configuration,DC=company,DC=intranet
> cn: Zoltán Beck
> userAccountControl: 66048
> userPrincipalName: [hidden email]
> codePage: 0
> distinguishedName: CN=Zoltán Beck,OU=COMPANY,DC=company,DC=intranet
> whenChanged: 20080715143431.0Z
> whenCreated: 20080715143431.0Z
> pwdLastSet: 128606060713750000
> logonCount: 0
> accountExpires: 9223372036854775807
> lastLogoff: 0
> objectGUID: Ì~õÜPuýC<93><8f>)¾¨<8b>^WÃ
> sn: Beck
> lastLogon: 0
> uSNChanged: 16425
> uSNCreated: 16419
> objectSid: ^A^E^@^@^@^@^@^E^U^@^@^@Ú¤uÊ^?<99><94>ãÜ»¼iU^D^@^@
> countryCode: 0
> sAMAccountName: beck
> instanceType: 4
> badPwdCount: 0
> name: Zoltán Beck
>
>
>  xwiki.cfg:
> xwiki.authentication.ldap=1
> xwiki.authentication.ldap.server=172.16.1.165
> xwiki.authentication.ldap.check_level=1
> xwiki.authentication.ldap.port=389
> xwiki.authentication.ldap.base_DN=dc=company,dc=intranet
> xwiki.authentication.ldap.bind_DN=cn={0},ou=COMPANY,dc=company,dc=intr
> anet xwiki.authentication.ldap.bind_pass={1}
> xwiki.authentication.ldap.UID_attr=sAMAccountName
> xwiki.authentication.ldap.fields_mapping=name=sAMAccountName,last_name
> =sn,fi rst_name=givenName,fullname=displayName,mail=cn,ldap_dn=dn
>
> So actually with Sztar Balazs user I an loging and user the wiki, but
> with Zoltán Beck I got the following error:
> [15/Jul/2008:17:03:27] info (20106): CORE3282: stdout: 2008-07-15
> 17:03:27,844
> [https://unixdba.sysman.hu/xwiki/bin/loginsubmit/XWiki/XWikiLogin]
> [service-j2ee-8] ERROR LDAP.LDAPAuthServiceImpl        - LDAP Bind
> failed with Exception Invalid Credentials
>
> In the Active Directory Event Viever I can't see anything about this
> failed login attempt!
>
> It is possible to login with sAMAccountName attribute or it will be
> developed in the near future?
>
>  Best regards,
> bzg
> --
> Zoltan Gyula Beck
> Tel.: +36-70-328-9306
> E-Mail: [hidden email]
> _______________________________________________
> users mailing list
> [hidden email]
> http://lists.xwiki.org/mailman/listinfo/users
> _______________________________________________
> users mailing list
> [hidden email]
> http://lists.xwiki.org/mailman/listinfo/users
>



--
Zoltan Gyula Beck
Tel.: +36-70-328-9306
E-Mail: [hidden email]
_______________________________________________
users mailing list
[hidden email]
http://lists.xwiki.org/mailman/listinfo/users
_______________________________________________
users mailing list
[hidden email]
http://lists.xwiki.org/mailman/listinfo/users

_______________________________________________
users mailing list
[hidden email]
http://lists.xwiki.org/mailman/listinfo/users
bzg
Reply | Threaded
Open this post in threaded view
|

Re: Active Directory 2.

bzg
In reply to this post by Wright, Philip
Hi Philip!

  No there is no space, I checked!

bzg

2008/7/16 Wright, Philip <[hidden email]>:
>  do you really have a space in your code on this line in the word first (fi
> rst):
>
> xwiki.authentication.ldap.fields_mapping=name=sAMAccountName,last_name
>> =sn,fi rst_name=givenName,fullname=displayName,mail=cn,ldap_dn=dn
_______________________________________________
users mailing list
[hidden email]
http://lists.xwiki.org/mailman/listinfo/users
bzg
Reply | Threaded
Open this post in threaded view
|

Re: Active Directory 2.

bzg
In reply to this post by Wright, Philip
Hi Philip!

  Yes, all of my users can see the ldap tree, I tried with ldapbrowser.
  Any other ideas?

bzg

2008/7/16 Wright, Philip <[hidden email]>:

> Also can all of your user's view your LDAP?  Or do you need a login with
> admin privileges to do so? If you need admin privileges to view the ldap you
> would need to replace:
>
> xwiki.authentication.ldap.bind_DN=cn={0},ou=COMPANY,dc=company,dc=intranet
> xwiki.authentication.ldap.bind_pass={1}
>
> With:
>
> xwiki.authentication.ldap.bind_DN=cn=***AdminUsername***,ou=COMPANY,dc=compa
> ny,dc=intranet
> xwiki.authentication.ldap.bind_pass=***AdminPassword***
>
>
> Philip Wright
>
>
>
>
> -----Original Message-----
> From: [hidden email] [mailto:[hidden email]] On Behalf Of
> Zoltan Gyula Beck
> Sent: Tuesday, July 15, 2008 2:28 PM
> To: XWiki Users
> Subject: Re: [xwiki-users] Active Directory 2.
>
> Thank you Philip, but how can I do it? Can you explain me please. The
> xwiki.authentication.ldap.UID_attr=sAMAccountName is set, but doesn't work
> for me, if in login I write the balazs or beck "user names".
>
>  Best Regards,
> bzg
>
>
> 2008/7/15 Wright, Philip <[hidden email]>:
>> I would suggest changing the ldap authentication to look at your
>> samaccountname's since they appear to not have any spaces, periods or
>> special characters which I have noticed break the authentication.
>>
>>
>>
>>
>> Philip Wright
>>
>> Reports Analyst
>>
>> ACS: BPS
>> Affiliated Computer Services, Inc
>>
>>
>>
>> Affiliated Computer Services, Inc (ACS) Proprietary and Confidential
>> Information This document (or any part thereof) may not be
>> disseminated outside of ACS in either electronic or physical form
>> without specific authorization of the office of the ACS Chief
>> Information Security Officer. The information included in this
>> document represents no commitment by ACS to any other party. The
>> policies and standards described do not consider any country law or
>> other directive outside of the United States.
>>
>> P Please consider the environment before printing this email
>>
>>
>> -----Original Message-----
>> From: [hidden email] [mailto:[hidden email]] On
>> Behalf Of Zoltan Gyula Beck
>> Sent: Tuesday, July 15, 2008 8:27 AM
>> To: [hidden email]
>> Subject: [xwiki-users] Active Directory 2.
>>
>> Hi Members!
>>
>>  I still have problems with xwiki and Active Directory authentication.
>> I upgraded to 1.5 RC1, but didn't helped.
>>
>>  This are my users ldif:
>> dn: CN=Sztar Balazs, OU=COMPANY, DC=company,DC=intranet
>> displayName: Sztar Balazs
>> givenName: Sztar
>> sAMAccountType: 805306368
>> primaryGroupID: 513
>> objectClass: top
>> objectClass: person
>> objectClass: organizationalPerson
>> objectClass: user
>> badPasswordTime: 128606019171875000
>> objectCategory:
>> CN=Person,CN=Schema,CN=Configuration,DC=company,DC=intranet
>> cn: Sztar Balazs
>> userAccountControl: 66048
>> userPrincipalName: [hidden email]
>> codePage: 0
>> distinguishedName: CN=Sztar Balazs,OU=COMPANY,DC=company,DC=intranet
>> whenChanged: 20080715132556.0Z
>> whenCreated: 20080707142421.0Z
>> pwdLastSet: 128606019568593750
>> logonCount: 0
>> accountExpires: 9223372036854775807
>> lastLogoff: 0
>> objectGUID: ^LB¯¡Úr]G<93>ç.;\zöA
>> sn: Balazs
>> lastLogon: 128606019762343750
>> uSNChanged: 16406
>> uSNCreated: 13936
>> objectSid: ^A^E^@^@^@^@^@^E^U^@^@^@Ú¤uÊ^?<99><94>ãÜ»¼iT^D^@^@
>> countryCode: 0
>> sAMAccountName: balazs
>> instanceType: 4
>> badPwdCount: 0
>> name: Sztar Balazs
>>
>>
>> dn: CN=Zoltán Beck, OU=COMPANY, DC=company,DC=intranet
>> displayName: Zoltán Beck
>> givenName: Zoltán
>> sAMAccountType: 805306368
>> primaryGroupID: 513
>> objectClass: top
>> objectClass: person
>> objectClass: organizationalPerson
>> objectClass: user
>> badPasswordTime: 0
>> objectCategory:
>> CN=Person,CN=Schema,CN=Configuration,DC=company,DC=intranet
>> cn: Zoltán Beck
>> userAccountControl: 66048
>> userPrincipalName: [hidden email]
>> codePage: 0
>> distinguishedName: CN=Zoltán Beck,OU=COMPANY,DC=company,DC=intranet
>> whenChanged: 20080715143431.0Z
>> whenCreated: 20080715143431.0Z
>> pwdLastSet: 128606060713750000
>> logonCount: 0
>> accountExpires: 9223372036854775807
>> lastLogoff: 0
>> objectGUID: Ì~õÜPuýC<93><8f>)¾¨<8b>^WÃ
>> sn: Beck
>> lastLogon: 0
>> uSNChanged: 16425
>> uSNCreated: 16419
>> objectSid: ^A^E^@^@^@^@^@^E^U^@^@^@Ú¤uÊ^?<99><94>ãÜ»¼iU^D^@^@
>> countryCode: 0
>> sAMAccountName: beck
>> instanceType: 4
>> badPwdCount: 0
>> name: Zoltán Beck
>>
>>
>>  xwiki.cfg:
>> xwiki.authentication.ldap=1
>> xwiki.authentication.ldap.server=172.16.1.165
>> xwiki.authentication.ldap.check_level=1
>> xwiki.authentication.ldap.port=389
>> xwiki.authentication.ldap.base_DN=dc=company,dc=intranet
>> xwiki.authentication.ldap.bind_DN=cn={0},ou=COMPANY,dc=company,dc=intr
>> anet xwiki.authentication.ldap.bind_pass={1}
>> xwiki.authentication.ldap.UID_attr=sAMAccountName
>> xwiki.authentication.ldap.fields_mapping=name=sAMAccountName,last_name
>> =sn,fi rst_name=givenName,fullname=displayName,mail=cn,ldap_dn=dn
>>
>> So actually with Sztar Balazs user I an loging and user the wiki, but
>> with Zoltán Beck I got the following error:
>> [15/Jul/2008:17:03:27] info (20106): CORE3282: stdout: 2008-07-15
>> 17:03:27,844
>> [https://unixdba.sysman.hu/xwiki/bin/loginsubmit/XWiki/XWikiLogin]
>> [service-j2ee-8] ERROR LDAP.LDAPAuthServiceImpl        - LDAP Bind
>> failed with Exception Invalid Credentials
>>
>> In the Active Directory Event Viever I can't see anything about this
>> failed login attempt!
>>
>> It is possible to login with sAMAccountName attribute or it will be
>> developed in the near future?
>>
>>  Best regards,
>> bzg
>> --
>> Zoltan Gyula Beck
>> Tel.: +36-70-328-9306
>> E-Mail: [hidden email]
>> _______________________________________________
>> users mailing list
>> [hidden email]
>> http://lists.xwiki.org/mailman/listinfo/users
>> _______________________________________________
>> users mailing list
>> [hidden email]
>> http://lists.xwiki.org/mailman/listinfo/users
>>
>
>
>
> --
> Zoltan Gyula Beck
> Tel.: +36-70-328-9306
> E-Mail: [hidden email]
> _______________________________________________
> users mailing list
> [hidden email]
> http://lists.xwiki.org/mailman/listinfo/users
> _______________________________________________
> users mailing list
> [hidden email]
> http://lists.xwiki.org/mailman/listinfo/users
>



--
Zoltan Gyula Beck
Tel.: +36-70-328-9306
E-Mail: [hidden email]
_______________________________________________
users mailing list
[hidden email]
http://lists.xwiki.org/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Active Directory 2.

mike a.-2
I do have successfully configured authentication to AD. You can try
the following configuration:

xwiki.authentication.ldap.bind_DN={0}
xwiki.authentication.ldap.bind_pass={1}
 xwiki.authentication.ldap.UID_attr=cn
xwiki.authentication.ldap.bind_DN=[hidden email]
xwiki.authentication.ldap.bind_pass=anyusername.surname's password

Then, your users'll have to login using name.surname as a username,
since the authentication using sAMAccountName is yet implemented(?).

 Quoting Zoltan Gyula Beck : Hi Philip!
 Yes, all of my users can see the ldap tree, I tried with
ldapbrowser.
 Any other ideas?
 bzg
 2008/7/16 Wright, Philip &lt;[hidden email]&gt;:
 &gt; Also can all of your user's view your LDAP?  Or do you need a
login with
 &gt; admin privileges to do so? If you need admin privileges to view
the ldap you
 &gt; would need to replace:
 &gt;
 &gt;
xwiki.authentication.ldap.bind_DN=cn={0},ou=COMPANY,dc=company,dc=intranet
 &gt; xwiki.authentication.ldap.bind_pass={1}
 &gt;
 &gt; With:
 &gt;
 &gt;
xwiki.authentication.ldap.bind_DN=cn=***AdminUsername***,ou=COMPANY,dc=compa
 &gt; ny,dc=intranet
 &gt; xwiki.authentication.ldap.bind_pass=***AdminPassword***
 &gt;
 &gt;
 &gt; Philip Wright
 &gt;
 &gt;
 &gt;
 &gt;
 &gt; -----Original Message-----
 &gt; From: [hidden email] [mailto:[hidden email]]
On Behalf Of
 &gt; Zoltan Gyula Beck
 &gt; Sent: Tuesday, July 15, 2008 2:28 PM
 &gt; To: XWiki Users
 &gt; Subject: Re: [xwiki-users] Active Directory 2.
 &gt;
 &gt; Thank you Philip, but how can I do it? Can you explain me
please. The
 &gt; xwiki.authentication.ldap.UID_attr=sAMAccountName is set, but
doesn't work
 &gt; for me, if in login I write the balazs or beck &quot;user
names&quot;.
 &gt;
 &gt;  Best Regards,
 &gt; bzg
 &gt;
 &gt;
 &gt; 2008/7/15 Wright, Philip &lt;[hidden email]&gt;:
 &gt;&gt; I would suggest changing the ldap authentication to look at
your
 &gt;&gt; samaccountname's since they appear to not have any spaces,
periods or
 &gt;&gt; special characters which I have noticed break the
authentication.
 &gt;&gt;
 &gt;&gt;
 &gt;&gt;
 &gt;&gt;
 &gt;&gt; Philip Wright
 &gt;&gt;
 &gt;&gt; Reports Analyst
 &gt;&gt;
 &gt;&gt; ACS: BPS
 &gt;&gt; Affiliated Computer Services, Inc
 &gt;&gt;
 &gt;&gt;
 &gt;&gt;
 &gt;&gt; Affiliated Computer Services, Inc (ACS) Proprietary and
Confidential
 &gt;&gt; Information This document (or any part thereof) may not be
 &gt;&gt; disseminated outside of ACS in either electronic or
physical form
 &gt;&gt; without specific authorization of the office of the ACS
Chief
 &gt;&gt; Information Security Officer. The information included in
this
 &gt;&gt; document represents no commitment by ACS to any other
party. The
 &gt;&gt; policies and standards described do not consider any
country law or
 &gt;&gt; other directive outside of the United States.
 &gt;&gt;
 &gt;&gt; P Please consider the environment before printing this
email
 &gt;&gt;
 &gt;&gt;
 &gt;&gt; -----Original Message-----
 &gt;&gt; From: [hidden email]
[mailto:[hidden email]] On
 &gt;&gt; Behalf Of Zoltan Gyula Beck
 &gt;&gt; Sent: Tuesday, July 15, 2008 8:27 AM
 &gt;&gt; To: [hidden email]
 &gt;&gt; Subject: [xwiki-users] Active Directory 2.
 &gt;&gt;
 &gt;&gt; Hi Members!
 &gt;&gt;
 &gt;&gt;  I still have problems with xwiki and Active Directory
authentication.
 &gt;&gt; I upgraded to 1.5 RC1, but didn't helped.
 &gt;&gt;
 &gt;&gt;  This are my users ldif:
 &gt;&gt; dn: CN=Sztar Balazs, OU=COMPANY, DC=company,DC=intranet
 &gt;&gt; displayName: Sztar Balazs
 &gt;&gt; givenName: Sztar
 &gt;&gt; sAMAccountType: 805306368
 &gt;&gt; primaryGroupID: 513
 &gt;&gt; objectClass: top
 &gt;&gt; objectClass: person
 &gt;&gt; objectClass: organizationalPerson
 &gt;&gt; objectClass: user
 &gt;&gt; badPasswordTime: 128606019171875000
 &gt;&gt; objectCategory:
 &gt;&gt; CN=Person,CN=Schema,CN=Configuration,DC=company,DC=intranet
 &gt;&gt; cn: Sztar Balazs
 &gt;&gt; userAccountControl: 66048
 &gt;&gt; userPrincipalName: [hidden email]
 &gt;&gt; codePage: 0
 &gt;&gt; distinguishedName: CN=Sztar
Balazs,OU=COMPANY,DC=company,DC=intranet
 &gt;&gt; whenChanged: 20080715132556.0Z
 &gt;&gt; whenCreated: 20080707142421.0Z
 &gt;&gt; pwdLastSet: 128606019568593750
 &gt;&gt; logonCount: 0
 &gt;&gt; accountExpires: 9223372036854775807
 &gt;&gt; lastLogoff: 0
 &gt;&gt; objectGUID:
^LB&macr;&iexcl;&Uacute;r]G&lt;93&gt;&ccedil;.;z&ouml;A
 &gt;&gt; sn: Balazs
 &gt;&gt; lastLogon: 128606019762343750
 &gt;&gt; uSNChanged: 16406
 &gt;&gt; uSNCreated: 13936
 &gt;&gt; objectSid:
^A^E^@^@^@^@^@^E^U^@^@^@&Uacute;&curren;u&Ecirc;^?&lt;99&gt;&lt;94&gt;&atilde;&Uuml;&raquo;&frac14;iT^D^@^@
 &gt;&gt; countryCode: 0
 &gt;&gt; sAMAccountName: balazs
 &gt;&gt; instanceType: 4
 &gt;&gt; badPwdCount: 0
 &gt;&gt; name: Sztar Balazs
 &gt;&gt;
 &gt;&gt;
 &gt;&gt; dn: CN=Zolt&aacute;n Beck, OU=COMPANY,
DC=company,DC=intranet
 &gt;&gt; displayName: Zolt&aacute;n Beck
 &gt;&gt; givenName: Zolt&aacute;n
 &gt;&gt; sAMAccountType: 805306368
 &gt;&gt; primaryGroupID: 513
 &gt;&gt; objectClass: top
 &gt;&gt; objectClass: person
 &gt;&gt; objectClass: organizationalPerson
 &gt;&gt; objectClass: user
 &gt;&gt; badPasswordTime: 0
 &gt;&gt; objectCategory:
 &gt;&gt; CN=Person,CN=Schema,CN=Configuration,DC=company,DC=intranet
 &gt;&gt; cn: Zolt&aacute;n Beck
 &gt;&gt; userAccountControl: 66048
 &gt;&gt; userPrincipalName: [hidden email]
 &gt;&gt; codePage: 0
 &gt;&gt; distinguishedName: CN=Zolt&aacute;n
Beck,OU=COMPANY,DC=company,DC=intranet
 &gt;&gt; whenChanged: 20080715143431.0Z
 &gt;&gt; whenCreated: 20080715143431.0Z
 &gt;&gt; pwdLastSet: 128606060713750000
 &gt;&gt; logonCount: 0
 &gt;&gt; accountExpires: 9223372036854775807
 &gt;&gt; lastLogoff: 0
 &gt;&gt; objectGUID:
&Igrave;~&otilde;&Uuml;Pu&yacute;C&lt;93&gt;&lt;8f&gt;)&frac34;&uml;&lt;8b&gt;^W&Atilde;
 &gt;&gt; sn: Beck
 &gt;&gt; lastLogon: 0
 &gt;&gt; uSNChanged: 16425
 &gt;&gt; uSNCreated: 16419
 &gt;&gt; objectSid:
^A^E^@^@^@^@^@^E^U^@^@^@&Uacute;&curren;u&Ecirc;^?&lt;99&gt;&lt;94&gt;&atilde;&Uuml;&raquo;&frac14;iU^D^@^@
 &gt;&gt; countryCode: 0
 &gt;&gt; sAMAccountName: beck
 &gt;&gt; instanceType: 4
 &gt;&gt; badPwdCount: 0
 &gt;&gt; name: Zolt&aacute;n Beck
 &gt;&gt;
 &gt;&gt;
 &gt;&gt;  xwiki.cfg:
 &gt;&gt; xwiki.authentication.ldap=1
 &gt;&gt; xwiki.authentication.ldap.server=172.16.1.165
 &gt;&gt; xwiki.authentication.ldap.check_level=1
 &gt;&gt; xwiki.authentication.ldap.port=389
 &gt;&gt; xwiki.authentication.ldap.base_DN=dc=company,dc=intranet
 &gt;&gt;
xwiki.authentication.ldap.bind_DN=cn={0},ou=COMPANY,dc=company,dc=intr
 &gt;&gt; anet xwiki.authentication.ldap.bind_pass={1}
 &gt;&gt; xwiki.authentication.ldap.UID_attr=sAMAccountName
 &gt;&gt;
xwiki.authentication.ldap.fields_mapping=name=sAMAccountName,last_name
 &gt;&gt; =sn,fi
rst_name=givenName,fullname=displayName,mail=cn,ldap_dn=dn
 &gt;&gt;
 &gt;&gt; So actually with Sztar Balazs user I an loging and user the
wiki, but
 &gt;&gt; with Zolt&aacute;n Beck I got the following error:
 &gt;&gt; [15/Jul/2008:17:03:27] info (20106): CORE3282: stdout:
2008-07-15
 &gt;&gt; 17:03:27,844
 &gt;&gt;
[https://unixdba.sysman.hu/xwiki/bin/loginsubmit/XWiki/XWikiLogin]
 &gt;&gt; [service-j2ee-8] ERROR LDAP.LDAPAuthServiceImpl        -
LDAP Bind
 &gt;&gt; failed with Exception Invalid Credentials
 &gt;&gt;
 &gt;&gt; In the Active Directory Event Viever I can't see anything
about this
 &gt;&gt; failed login attempt!
 &gt;&gt;
 &gt;&gt; It is possible to login with sAMAccountName attribute or it
will be
 &gt;&gt; developed in the near future?
 &gt;&gt;
 &gt;&gt;  Best regards,
 &gt;&gt; bzg
 &gt;&gt; --
 &gt;&gt; Zoltan Gyula Beck
 &gt;&gt; Tel.: +36-70-328-9306
 &gt;&gt; E-Mail: [hidden email]
 &gt;&gt; _______________________________________________
 &gt;&gt; users mailing list
 &gt;&gt; [hidden email]
 &gt;&gt; http://lists.xwiki.org/mailman/listinfo/users
 &gt;&gt; _______________________________________________
 &gt;&gt; users mailing list
 &gt;&gt; [hidden email]
 &gt;&gt; http://lists.xwiki.org/mailman/listinfo/users
 &gt;&gt;
 &gt;
 &gt;
 &gt;
 &gt; --
 &gt; Zoltan Gyula Beck
 &gt; Tel.: +36-70-328-9306
 &gt; E-Mail: [hidden email]
 &gt; _______________________________________________
 &gt; users mailing list
 &gt; [hidden email]
 &gt; http://lists.xwiki.org/mailman/listinfo/users
 &gt; _______________________________________________
 &gt; users mailing list
 &gt; [hidden email]
 &gt; http://lists.xwiki.org/mailman/listinfo/users
 &gt;
 --
 Zoltan Gyula Beck
 Tel.: +36-70-328-9306
 E-Mail: [hidden email]
 _______________________________________________
 users mailing list
 [hidden email]
 http://lists.xwiki.org/mailman/listinfo/users
 Ar cieņu, Mihails

Links:
------
[1] mailto:[hidden email]
_______________________________________________
users mailing list
[hidden email]
http://lists.xwiki.org/mailman/listinfo/users
bzg
Reply | Threaded
Open this post in threaded view
|

Re: Active Directory 2.

bzg
In reply to this post by emj10
Hi Eric!

  So I did some changes of config:
1. xwiki.authentication.ldap.bind_DN=COMPANY\\{0}
2. xwiki.authentication.ldap.bind_DN=COMPANY\\{0},ou=COMPANY,dc=company,dc=intranet

Both time if I try to connect with the sAMAccontName value then I got
an error that "Wrong user name", but if I try with cn then I got
"Wrong password" error message :(

  Best Regards,
bzg

2008/7/16 Eric Johnson <[hidden email]>:

> Try checking to see if you need to be using a subdomain on your binddn.
>
> My company uses a subdomain for logging in:
>
> Example, for windows login, we enter our username and password and where to
> login (either to the network or to the local machine).  IF THIS IS THE CASE,
> then an admin username and admin password will most likely NOT be required.
>
> If you are logging into a subdomain, try changing the bind_DN=***\\{0} and
> bind_pass={1}, where *** is the subdomain you log into.  As far as I know
> the double \'s are needed.
_______________________________________________
users mailing list
[hidden email]
http://lists.xwiki.org/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Active Directory 2.

Wright, Philip
In reply to this post by bzg
 Try to configure it using AD's WwwHomepage field as the username or another
such field.  For some reason I had to do that on my install to get ldap/ad
to work, I used an LDAP admin program to create everyones username in the
WwwHomepage field and used that as my username.

#-# new LDAP authentication service
xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthSer
viceImpl

#-# Turn LDAP authentication on - otherwise only XWiki authentication
#-# 0: disable
#-# 1: enable
xwiki.authentication.ldap=1

#-# LDAP Server (Active Directory, eDirectory, OpenLDAP, etc.)
xwiki.authentication.ldap.server=Local.Ip.Address.here
xwiki.authentication.ldap.port=389

#-# LDAP login, empty = anonymous access, otherwise specify full dn
#-# {0} is replaced with the username, {1} with the password
xwiki.authentication.ldap.bind_DN=CN=*account with ldap browsing privledges
using
CN*,OU=Path,DC=TO,DC=THE,DC=Domain/OU,DC=HEREusingstandardldapformating
xwiki.authentication.ldap.bind_pass=*previously mentioned cn's password*

#-# Force to check password after LDAP connection
#-# 0: disable
#-# 1: enable
xwiki.authentication.ldap.validate_password=0


#-# base DN for searches
xwiki.authentication.ldap.base_DN=
DC=TO,DC=THE,DC=Domain,DC=HEREusingstandardldapformating

#-# Specifies the LDAP attribute containing the identifier to be used as the
XWiki name (default=cn)
xwiki.authentication.ldap.UID_attr=wWWHomePage

#-# retrieve the following fields from LDAP and store them in the XWiki user
object (xwiki-attribute=ldap-attribute)
#-# ldap_dn=dn  -- dn is set by class, caches dn in XWiki.user object for
faster access
xwiki.authentication.ldap.fields_mapping=last_name=sn,first_name=givenName,f
ullname=wWWHomePage,email=mail,ldap_dn=dn

#-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl]
#-# on every login update the mapped attributes from LDAP to XWiki otherwise
this happens only once when the XWiki account is created.
xwiki.authentication.ldap.update_user=1

#-# [SINCE 1.3M2, XWikiLDAPAuthServiceImpl]
#-# if ldap authentication fails for any reason, try XWiki DB authentication
with the same credentials
xwiki.authentication.ldap.trylocal=1


 

Philip Wright

Reports Analyst

ACS: BPS

Affiliated Computer Services, Inc

 

Affiliated Computer Services, Inc (ACS) Proprietary and Confidential
Information
This document (or any part thereof) may not be disseminated outside of ACS
in either electronic or physical form without specific authorization of the
office of the ACS Chief Information Security Officer. The information
included in this document represents no commitment by ACS to any other
party. The policies and standards described do not consider any country law
or other directive outside of the United States.

P Please consider the environment before printing this email


-----Original Message-----
From: [hidden email] [mailto:[hidden email]] On Behalf Of
Zoltan Gyula Beck
Sent: Thursday, July 17, 2008 12:56 AM
To: XWiki Users
Subject: Re: [xwiki-users] Active Directory 2.

Hi Eric!

  So I did some changes of config:
1. xwiki.authentication.ldap.bind_DN=COMPANY\\{0}
2.
xwiki.authentication.ldap.bind_DN=COMPANY\\{0},ou=COMPANY,dc=company,dc=intr
anet

Both time if I try to connect with the sAMAccontName value then I got an
error that "Wrong user name", but if I try with cn then I got "Wrong
password" error message :(

  Best Regards,
bzg

2008/7/16 Eric Johnson <[hidden email]>:
> Try checking to see if you need to be using a subdomain on your binddn.
>
> My company uses a subdomain for logging in:
>
> Example, for windows login, we enter our username and password and
> where to login (either to the network or to the local machine).  IF
> THIS IS THE CASE, then an admin username and admin password will most
likely NOT be required.
>
> If you are logging into a subdomain, try changing the bind_DN=***\\{0}
> and bind_pass={1}, where *** is the subdomain you log into.  As far as
> I know the double \'s are needed.
_______________________________________________
users mailing list
[hidden email]
http://lists.xwiki.org/mailman/listinfo/users
_______________________________________________
users mailing list
[hidden email]
http://lists.xwiki.org/mailman/listinfo/users