Help with LDAP configuration

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Help with LDAP configuration

wb-2
Does anyone have any suggestions for me on what I might be missing getting xwiki integrated with my open-ldap?

I've added the following to xwiki.cfg, then no users (including Admin) have the ability to log in.  I've tried both existing xwiki users and non-existing xwiki users, and neither work:

xwiki.authentication.ldap=1
xwiki.authentication.ldap.server=ldaphost
xwiki.authentication.ldap.port=389
xwiki.authentication.ldap.base_DN=ou=People,dc=mydomain,dc=com
xwiki.authentication.ldap.UID_attr=uid

My LDAP administrator didn't think I needed any settings for the following configuration options, so these are currently commented out:
> #xwiki.authentication.ldap.check_level
> #xwiki.authentication.ldap.bind_DN
> #xwiki.authentication.ldap.bind_pass
> #xwiki.authentication.ldap.fields_mapping

Any assistance is appreciated.



--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws
Reply | Threaded
Open this post in threaded view
|

Re: Help with LDAP configuration

kenk-3


wb,

> My LDAP administrator didn't think I needed any settings for the following
> configuration options, so these are currently commented out:
> #xwiki.authentication.ldap.check_level
> #xwiki.authentication.ldap.bind_DN
> #xwiki.authentication.ldap.bind_pass
> #xwiki.authentication.ldap.fields_mapping

In my limited experience with this, I found that you need a simple bind to make it work.

-Ken



--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws
Reply | Threaded
Open this post in threaded view
|

Re: Help with LDAP configuration

Andreas Haumer
In reply to this post by wb-2
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi!

[hidden email] schrieb:

> Does anyone have any suggestions for me on what I might be missing getting xwiki integrated with my open-ldap?
>
> I've added the following to xwiki.cfg, then no users (including Admin) have the ability to log in.  I've tried both existing xwiki users and non-existing xwiki users, and neither work:
>
> xwiki.authentication.ldap=1
> xwiki.authentication.ldap.server=ldaphost
> xwiki.authentication.ldap.port=389
> xwiki.authentication.ldap.base_DN=ou=People,dc=mydomain,dc=com
> xwiki.authentication.ldap.UID_attr=uid
>
> My LDAP administrator didn't think I needed any settings for the following configuration options, so these are currently commented out:
>
>>#xwiki.authentication.ldap.check_level
>>#xwiki.authentication.ldap.bind_DN
>>#xwiki.authentication.ldap.bind_pass
>>#xwiki.authentication.ldap.fields_mapping
>
You'll need these as well!

Here's the LDAP part of my xwiki.cfg:

xwiki.authentication.ldap=1
xwiki.authentication.ldap.check_level=1
xwiki.authentication.ldap.server=ldap.intern.xss.co.at
xwiki.authentication.ldap.base_DN=ou=people,ou=accounts,dc=xss,dc=co,dc=at
xwiki.authentication.ldap.bind_DN=uid={0},ou=people,ou=accounts,dc=xss,dc=co,dc=at
xwiki.authentication.ldap.bind_pass={1}
xwiki.authentication.ldap.UID_attr=uid
xwiki.authentication.ldap.fields_mapping=name=uid,last_name=sn,first_name=givenName,fullname=cn,mail=mail,ldap_dn=dn

Please note the placeholders {0} and {1} in the bind_DN and
bind_pass attribute settings. These are replaced by the username
and password the user gives at the login page.

With this information xwiki performs the following actions
against the LDAP server:

1.) bind with bind_DN and bind_pass
2.) Lookup of the user entry using UID_attr attribute and base_DN search base

Look at the following log messages my OpenLDAP server produces
when I log in to xwiki:
[...]
Nov  3 19:43:51 kant slapd[27005]: conn=20146 fd=32 ACCEPT from IP=192.168.162.2:56549 (IP=0.0.0.0:389)
Nov  3 19:43:51 kant slapd[27032]: conn=20146 op=0 BIND dn="uid=andreas,ou=people,ou=accounts,dc=xss,dc=co,dc=at" method=128
Nov  3 19:43:51 kant slapd[27032]: conn=20146 op=0 BIND dn="uid=andreas,ou=people,ou=accounts,dc=xss,dc=co,dc=at" mech=SIMPLE ssf=0
Nov  3 19:43:51 kant slapd[27032]: conn=20146 op=0 RESULT tag=97 err=0 text=
Nov  3 19:43:51 kant slapd[16011]: conn=20146 op=1 SRCH base="ou=people,ou=accounts,dc=xss,dc=co,dc=at" scope=2 deref=0 filter="(uid=andreas)"
Nov  3 19:43:51 kant slapd[16011]: conn=20146 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
Nov  3 19:43:51 kant slapd[27018]: conn=20146 op=2 UNBIND
Nov  3 19:43:51 kant slapd[27018]: conn=20146 fd=32 closed
[...]

HTH

- - andreas

- --
Andreas Haumer                     | mailto:[hidden email]
*x Software + Systeme              | http://www.xss.co.at/
Karmarschgasse 51/2/20             | Tel: +43-1-6060114-0
A-1100 Vienna, Austria             | Fax: +43-1-6060114-71
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDaluwxJmyeGcXPhERAqdkAKCG4V3PNbw4IsbdlyvX50RpTQ21RgCgvmoF
p43vIFHffybmQrzupxy0Oes=
=W0Wr
-----END PGP SIGNATURE-----



--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws
Reply | Threaded
Open this post in threaded view
|

Re: Help with LDAP configuration

tsuter
Andreas is right.  I banged my way through this integration.  I couldn't
get it to work anonymously so I had to create a user and a pass to login
to LDAP with.

Andreas Haumer wrote:

> Hi!
>
> [hidden email] schrieb:
>
> >Does anyone have any suggestions for me on what I might be missing
> getting xwiki integrated with my open-ldap?
>
> >I've added the following to xwiki.cfg, then no users (including
> Admin) have the ability to log in.  I've tried both existing xwiki
> users and non-existing xwiki users, and neither work:
>
> >xwiki.authentication.ldap=1
> >xwiki.authentication.ldap.server=ldaphost
> >xwiki.authentication.ldap.port=389
> >xwiki.authentication.ldap.base_DN=ou=People,dc=mydomain,dc=com
> >xwiki.authentication.ldap.UID_attr=uid
>
> >My LDAP administrator didn't think I needed any settings for the
> following configuration options, so these are currently commented out:
>
> >>#xwiki.authentication.ldap.check_level
> >>#xwiki.authentication.ldap.bind_DN
> >>#xwiki.authentication.ldap.bind_pass
> >>#xwiki.authentication.ldap.fields_mapping
>
> You'll need these as well!
>
> Here's the LDAP part of my xwiki.cfg:
>
> xwiki.authentication.ldap=1
> xwiki.authentication.ldap.check_level=1
> xwiki.authentication.ldap.server=ldap.intern.xss.co.at
> xwiki.authentication.ldap.base_DN=ou=people,ou=accounts,dc=xss,dc=co,dc=at
> xwiki.authentication.ldap.bind_DN=uid={0},ou=people,ou=accounts,dc=xss,dc=co,dc=at
> xwiki.authentication.ldap.bind_pass={1}
> xwiki.authentication.ldap.UID_attr=uid
> xwiki.authentication.ldap.fields_mapping=name=uid,last_name=sn,first_name=givenName,fullname=cn,mail=mail,ldap_dn=dn
>
> Please note the placeholders {0} and {1} in the bind_DN and
> bind_pass attribute settings. These are replaced by the username
> and password the user gives at the login page.
>
> With this information xwiki performs the following actions
> against the LDAP server:
>
> 1.) bind with bind_DN and bind_pass
> 2.) Lookup of the user entry using UID_attr attribute and base_DN
> search base
>
> Look at the following log messages my OpenLDAP server produces
> when I log in to xwiki:
> [...]
> Nov  3 19:43:51 kant slapd[27005]: conn=20146 fd=32 ACCEPT from
> IP=192.168.162.2:56549 (IP=0.0.0.0:389)
> Nov  3 19:43:51 kant slapd[27032]: conn=20146 op=0 BIND
> dn="uid=andreas,ou=people,ou=accounts,dc=xss,dc=co,dc=at" method=128
> Nov  3 19:43:51 kant slapd[27032]: conn=20146 op=0 BIND
> dn="uid=andreas,ou=people,ou=accounts,dc=xss,dc=co,dc=at" mech=SIMPLE
> ssf=0
> Nov  3 19:43:51 kant slapd[27032]: conn=20146 op=0 RESULT tag=97 err=0
> text=
> Nov  3 19:43:51 kant slapd[16011]: conn=20146 op=1 SRCH
> base="ou=people,ou=accounts,dc=xss,dc=co,dc=at" scope=2 deref=0
> filter="(uid=andreas)"
> Nov  3 19:43:51 kant slapd[16011]: conn=20146 op=1 SEARCH RESULT
> tag=101 err=0 nentries=1 text=
> Nov  3 19:43:51 kant slapd[27018]: conn=20146 op=2 UNBIND
> Nov  3 19:43:51 kant slapd[27018]: conn=20146 fd=32 closed
> [...]
>
> HTH
>
> - andreas
>
> --
> Andreas Haumer                     | mailto:[hidden email]
> *x Software + Systeme              | http://www.xss.co.at/
> Karmarschgasse 51/2/20             | Tel: +43-1-6060114-0
> A-1100 Vienna, Austria             | Fax: +43-1-6060114-71

-------------------------


--
You receive this message as a subscriber of the
[hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws





--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws
Reply | Threaded
Open this post in threaded view
|

Re: Help with LDAP configuration

Ludovic Dubost

We might need a task in JIRA to implemented anonymous binding

Ludovic

Tim Suter a écrit :

> Andreas is right.  I banged my way through this integration.  I couldn't
> get it to work anonymously so I had to create a user and a pass to login
> to LDAP with.
>
> Andreas Haumer wrote:
>
>  
>> Hi!
>>
>> [hidden email] schrieb:
>>
>>    
>>> Does anyone have any suggestions for me on what I might be missing
>>>      
>> getting xwiki integrated with my open-ldap?
>>
>>    
>>> I've added the following to xwiki.cfg, then no users (including
>>>      
>> Admin) have the ability to log in.  I've tried both existing xwiki
>> users and non-existing xwiki users, and neither work:
>>
>>    
>>> xwiki.authentication.ldap=1
>>> xwiki.authentication.ldap.server=ldaphost
>>> xwiki.authentication.ldap.port=389
>>> xwiki.authentication.ldap.base_DN=ou=People,dc=mydomain,dc=com
>>> xwiki.authentication.ldap.UID_attr=uid
>>>      
>>> My LDAP administrator didn't think I needed any settings for the
>>>      
>> following configuration options, so these are currently commented out:
>>
>>    
>>>> #xwiki.authentication.ldap.check_level
>>>> #xwiki.authentication.ldap.bind_DN
>>>> #xwiki.authentication.ldap.bind_pass
>>>> #xwiki.authentication.ldap.fields_mapping
>>>>        
>> You'll need these as well!
>>
>> Here's the LDAP part of my xwiki.cfg:
>>
>> xwiki.authentication.ldap=1
>> xwiki.authentication.ldap.check_level=1
>> xwiki.authentication.ldap.server=ldap.intern.xss.co.at
>> xwiki.authentication.ldap.base_DN=ou=people,ou=accounts,dc=xss,dc=co,dc=at
>> xwiki.authentication.ldap.bind_DN=uid={0},ou=people,ou=accounts,dc=xss,dc=co,dc=at
>> xwiki.authentication.ldap.bind_pass={1}
>> xwiki.authentication.ldap.UID_attr=uid
>> xwiki.authentication.ldap.fields_mapping=name=uid,last_name=sn,first_name=givenName,fullname=cn,mail=mail,ldap_dn=dn
>>
>> Please note the placeholders {0} and {1} in the bind_DN and
>> bind_pass attribute settings. These are replaced by the username
>> and password the user gives at the login page.
>>
>> With this information xwiki performs the following actions
>> against the LDAP server:
>>
>> 1.) bind with bind_DN and bind_pass
>> 2.) Lookup of the user entry using UID_attr attribute and base_DN
>> search base
>>
>> Look at the following log messages my OpenLDAP server produces
>> when I log in to xwiki:
>> [...]
>> Nov  3 19:43:51 kant slapd[27005]: conn=20146 fd=32 ACCEPT from
>> IP=192.168.162.2:56549 (IP=0.0.0.0:389)
>> Nov  3 19:43:51 kant slapd[27032]: conn=20146 op=0 BIND
>> dn="uid=andreas,ou=people,ou=accounts,dc=xss,dc=co,dc=at" method=128
>> Nov  3 19:43:51 kant slapd[27032]: conn=20146 op=0 BIND
>> dn="uid=andreas,ou=people,ou=accounts,dc=xss,dc=co,dc=at" mech=SIMPLE
>> ssf=0
>> Nov  3 19:43:51 kant slapd[27032]: conn=20146 op=0 RESULT tag=97 err=0
>> text=
>> Nov  3 19:43:51 kant slapd[16011]: conn=20146 op=1 SRCH
>> base="ou=people,ou=accounts,dc=xss,dc=co,dc=at" scope=2 deref=0
>> filter="(uid=andreas)"
>> Nov  3 19:43:51 kant slapd[16011]: conn=20146 op=1 SEARCH RESULT
>> tag=101 err=0 nentries=1 text=
>> Nov  3 19:43:51 kant slapd[27018]: conn=20146 op=2 UNBIND
>> Nov  3 19:43:51 kant slapd[27018]: conn=20146 fd=32 closed
>> [...]
>>
>> HTH
>>
>> - andreas
>>
>> --
>> Andreas Haumer                     | mailto:[hidden email]
>> *x Software + Systeme              | http://www.xss.co.at/
>> Karmarschgasse 51/2/20             | Tel: +43-1-6060114-0
>> A-1100 Vienna, Austria             | Fax: +43-1-6060114-71
>>    
>
>
> -------------------------
>
>
> --
> You receive this message as a subscriber of the
> [hidden email] mailing list.
> To unsubscribe: mailto:[hidden email]
> For general help: mailto:[hidden email]?subject=help
> ObjectWeb mailing lists service home page: http://www.objectweb.org/wws
>
>
>
>  
> ------------------------------------------------------------------------
>
>
> --
> You receive this message as a subscriber of the [hidden email] mailing list.
> To unsubscribe: mailto:[hidden email]
> For general help: mailto:[hidden email]?subject=help
> ObjectWeb mailing lists service home page: http://www.objectweb.org/wws
>  

--
Ludovic Dubost
XPertNet: http://www.xpertnet.fr/
Blog: http://www.ludovic.org/blog/
XWiki: http://www.xwiki.com
Skype: ldubost AIM: nvludo Yahoo: ludovic




--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws