LDAP Auth again

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

LDAP Auth again

Douglas Landau
OK, now I'm -totally- confused.  :-)     I am looking for the LDAP Application form.

I started over with the standalone installer.
I installed the LDAP Authenticator using the built-in (pre-installed?) admin application
I tried adding the LDAP settings found here to xwiki.cfg: http://extensions.xwiki.org/xwiki/bin/view/Extension/LDAP/Authenticator/
Therefore I have "xwiki.authentication.ldap=1"
I also set a value/server-hostname for "xwiki.authentication.ldap.server="
I left these two lines uncommented, hoping for anonymous LDAP binding, which I am told we offer.

xwiki.authentication.ldap.bind_DN=cn={0},department=USER,department=INFORMATIK,department=1230,o=MP
xwiki.authentication.ldap.bind_pass={1}

I have a value for "xwiki.authentication.ldap.base_DN="
I stopped XWiki by pressing Control-C twice in the window in which I started it using start_xwiki.sh, since I never got a prompt back.
I modified my xwiki.cfg but am not able to log in using LDAP.
I saw where it says "if you are not using the LDAP application, you will have to redeploy".   But I don’t know what that means or see it explained anywhere.
So I installed the LDAP Application.  Version 9.2.3.   The version of the LDAP Authenticator is also 9.2.3.  I installed XWiki 8.4.4.
I finally got to a known point!!!!!!!!!!!!!!!!!!!!!!!!!   PHEW!   I go to here, from the LDAP Application page:
-----------------------------------------------------------------------------------
Enabling LDAP authentication on a wiki
The LDAP application assumes LDAP is enabled as the main authenticator via the bundled XWiki LDAP authenticator. If it's not the case, you will be "welcomed" with the following warning message:

ldap-authenticator-warning.png

In the event you encounter this message, please report to Authenticator documentation in order to enable the LDAP authenticator on your wiki.

You need to make sure you have have the following in your xwiki.cfg file:

xwiki.authentication.authclass=org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl
since LDAP Application 8.3 or if you are using older version of the application:

xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl
Uncomment it and then restart XWiki.
---------------------------------------------------------------------------------------------------------

Okay!!!!  Right ON.   Now, it says "Since LDAP Application 8.3 or if you are using an older version of the application."
This is confusing to me.  Since 8.3 I ought to use that line, and also if I am using an older version?!?   OK, I'll try that, since I am using 9.2.3, and it sounds like I ought be using that ever since 8.3.  And I got Java errors when I tried to start xwiki again.
Okay.  I guess that is not going to work.  I'll try the other line, the first one suggested.  That time I got no Java errors.
Now I have this: xwiki.authentication.authclass=org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl

Okay.  After setting that to that, I was able to start xwiki again.   I logged in as Admin and went to the LDAP Application.  The page is titled "LDAP Admin sheet".   There is some whitespace.  The in large font is the work "Configuration".  There is a pencil on the far right.  Below that is the word "Miscellaneous".  Another pencil on the far right.  Below that is a button "Reset group cache".  I pressed it.  I then clicked the pencil to the right of "Configuration".  There is nothing there.

Where is the form I see on this page: http://extensions.xwiki.org/xwiki/bin/view/Extension/LDAP/Application/   ???
I see no error msgs or guidance of any sort going to the window in which I started xwiki.
I still can't log in using LDAP credentials.

OK Now I've uncommeted out these two lines and removed their values:
xwiki.authentication.ldap.bind_DN=
xwiki.authentication.ldap.bind_pass=

Same story.  Maybe I'll give up on anonymous binding.  OK, now I've filled those in.  I've restarted and same story - cant auth using LDAP and can't find the form, just a pencil on the LDAP Admin sheet.  Not sure what to do next except start over with XWiki 9.  Guess I'll get that going in another VM.

Help?

Thanks.  



The information contained in this transmission may contain West Marine proprietary, confidential and/or privileged
information.  It is intended only for the use of the person(s) named above. If you are not the intended recipient, you are
hereby notified that any review, dissemination, distribution or duplication of this communication is strictly prohibited.
If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original
message. To reply to our email administrator directly, please send an email to [hidden email].
Reply | Threaded
Open this post in threaded view
|

Re: LDAP Auth again

Thomas Mortagne
Administrator
I never use the LDAP application myself but here is what I would do:

* start XWiki
* go to the admin and install "LDAP Application" (it's possible you
have to click the "All remote extensions" blue button to see this
extension)
* modify the xwiki.cfg and copy/paste everything that can be found on
http://extensions.xwiki.org/xwiki/bin/view/Extension/LDAP/Authenticator/
among which you can find the following important parts:

#-# LDAP authentication service
xwiki.authentication.authclass=org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl

and

#-# If ldap authentication fails for any reason, try XWiki DB
authentication with the same credentials
#-# - 0: disable
#-# - 1: enable
#-# The default is 0
xwiki.authentication.ldap.trylocal=1

since I want to access the administration even when the LDAP
authenticator is not properly configured.

* restart XWiki

That's it, the LDAP authenticator is used as authenticator and you
have what is described on
http://extensions.xwiki.org/xwiki/bin/view/Extension/LDAP/Application/
when you do to the administration -> LDAP.

If you think you configured LDAP authenticator with the right values
and login still fail then you should do what is explained on
http://extensions.xwiki.org/xwiki/bin/view/Extension/LDAP/Authenticator/#HEnableLDAPdebuglog
and you will have all the details to see why it fails.

On Wed, Mar 15, 2017 at 4:20 AM, Douglas Landau <[hidden email]> wrote:

> OK, now I'm -totally- confused.  :-)     I am looking for the LDAP Application form.
>
> I started over with the standalone installer.
> I installed the LDAP Authenticator using the built-in (pre-installed?) admin application
> I tried adding the LDAP settings found here to xwiki.cfg: http://extensions.xwiki.org/xwiki/bin/view/Extension/LDAP/Authenticator/
> Therefore I have "xwiki.authentication.ldap=1"
> I also set a value/server-hostname for "xwiki.authentication.ldap.server="
> I left these two lines uncommented, hoping for anonymous LDAP binding, which I am told we offer.
>
> xwiki.authentication.ldap.bind_DN=cn={0},department=USER,department=INFORMATIK,department=1230,o=MP
> xwiki.authentication.ldap.bind_pass={1}
>
> I have a value for "xwiki.authentication.ldap.base_DN="
> I stopped XWiki by pressing Control-C twice in the window in which I started it using start_xwiki.sh, since I never got a prompt back.
> I modified my xwiki.cfg but am not able to log in using LDAP.
> I saw where it says "if you are not using the LDAP application, you will have to redeploy".   But I don’t know what that means or see it explained anywhere.
> So I installed the LDAP Application.  Version 9.2.3.   The version of the LDAP Authenticator is also 9.2.3.  I installed XWiki 8.4.4.
> I finally got to a known point!!!!!!!!!!!!!!!!!!!!!!!!!   PHEW!   I go to here, from the LDAP Application page:
> -----------------------------------------------------------------------------------
> Enabling LDAP authentication on a wiki
> The LDAP application assumes LDAP is enabled as the main authenticator via the bundled XWiki LDAP authenticator. If it's not the case, you will be "welcomed" with the following warning message:
>
> ldap-authenticator-warning.png
>
> In the event you encounter this message, please report to Authenticator documentation in order to enable the LDAP authenticator on your wiki.
>
> You need to make sure you have have the following in your xwiki.cfg file:
>
> xwiki.authentication.authclass=org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl
> since LDAP Application 8.3 or if you are using older version of the application:
>
> xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl
> Uncomment it and then restart XWiki.
> ---------------------------------------------------------------------------------------------------------
>
> Okay!!!!  Right ON.   Now, it says "Since LDAP Application 8.3 or if you are using an older version of the application."
> This is confusing to me.  Since 8.3 I ought to use that line, and also if I am using an older version?!?   OK, I'll try that, since I am using 9.2.3, and it sounds like I ought be using that ever since 8.3.  And I got Java errors when I tried to start xwiki again.
> Okay.  I guess that is not going to work.  I'll try the other line, the first one suggested.  That time I got no Java errors.
> Now I have this: xwiki.authentication.authclass=org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl
>
> Okay.  After setting that to that, I was able to start xwiki again.   I logged in as Admin and went to the LDAP Application.  The page is titled "LDAP Admin sheet".   There is some whitespace.  The in large font is the work "Configuration".  There is a pencil on the far right.  Below that is the word "Miscellaneous".  Another pencil on the far right.  Below that is a button "Reset group cache".  I pressed it.  I then clicked the pencil to the right of "Configuration".  There is nothing there.
>
> Where is the form I see on this page: http://extensions.xwiki.org/xwiki/bin/view/Extension/LDAP/Application/   ???
> I see no error msgs or guidance of any sort going to the window in which I started xwiki.
> I still can't log in using LDAP credentials.
>
> OK Now I've uncommeted out these two lines and removed their values:
> xwiki.authentication.ldap.bind_DN=
> xwiki.authentication.ldap.bind_pass=
>
> Same story.  Maybe I'll give up on anonymous binding.  OK, now I've filled those in.  I've restarted and same story - cant auth using LDAP and can't find the form, just a pencil on the LDAP Admin sheet.  Not sure what to do next except start over with XWiki 9.  Guess I'll get that going in another VM.
>
> Help?
>
> Thanks.
>
>
>
> The information contained in this transmission may contain West Marine proprietary, confidential and/or privileged
> information.  It is intended only for the use of the person(s) named above. If you are not the intended recipient, you are
> hereby notified that any review, dissemination, distribution or duplication of this communication is strictly prohibited.
> If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original
> message. To reply to our email administrator directly, please send an email to [hidden email].



--
Thomas Mortagne
Reply | Threaded
Open this post in threaded view
|

Re: LDAP Auth again

Douglas Landau
That's it, the LDAP authenticator is used as authenticator and you have what is described on http://extensions.xwiki.org/xwiki/bin/view/Extension/LDAP/Application/
when you do to the administration -> LDAP.

>If you think you configured LDAP authenticator with the right values and login still fail then you should do what is explained on >http://extensions.xwiki.org/xwiki/bin/view/Extension/LDAP/Authenticator/#HEnableLDAPdebuglog
>and you will have all the details to see why it fails.

Great!  Thanks.  Did so.  Now I get a whole lot of copies of the 1st message below:  " The provided user is null. We don't try to authenticate, it probably means the user is in non logged mode."

But I did provide a user, in this line:
xwiki.authentication.ldap.bind_DN=cn=sa-douglasl,ou=SystemsEngineering,dc=westmarine,dc=net

...and I see that that line has been seen:
2017-03-15 12:42:30,422 [http://dwswiki9.westmarine.net:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.l.XWikiLDAPConnection    - Binding to LDAP server with credentials login=[cn=sa-douglasl,ou=SystemsEngineering,dc=westmarine,dc=net]
2017-03-15 12:42:30,537 [http://dwswiki9.westmarine.net:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG x.c.l.XWikiLDAPAuthServiceImpl - Local LDAP authentication failed.


Was I suppose to specifiy the/a user on some other line?  
Thanks

-------------------------------------
2017-03-15 12:42:30,231 [http://dwswiki9.westmarine.net:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG x.c.l.XWikiLDAPAuthServiceImpl - The provided user is null. We don't try to authenticate, it probably means the user is in non logged mode.
2017-03-15 12:42:30,231 [http://dwswiki9.westmarine.net:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] TRACE x.c.l.XWikiLDAPAuthServiceImpl - Starting LDAP authentication
2017-03-15 12:42:30,232 [http://dwswiki9.westmarine.net:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.l.XWikiLDAPConfig        - remoteUserParser: null
2017-03-15 12:42:30,271 [http://dwswiki9.westmarine.net:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.l.XWikiLDAPConfig        - ldap_group_classes: [groupofnames, posixgroup, apple-group, groupofuniquenames, dynamicgroup, groupwisedistributionlist, group, dynamicgroupaux]
2017-03-15 12:42:30,271 [http://dwswiki9.westmarine.net:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.l.XWikiLDAPConfig        - ldap_group_memberfields: [uniquemember, memberuid, member]
2017-03-15 12:42:30,382 [http://dwswiki9.westmarine.net:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.l.XWikiLDAPConnection    - Connection to LDAP server [pwsdc03.westmarine.net:389]
2017-03-15 12:42:30,422 [http://dwswiki9.westmarine.net:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.l.XWikiLDAPConnection    - Binding to LDAP server with credentials login=[cn=sa-douglasl,ou=SystemsEngineering,dc=westmarine,dc=net]
2017-03-15 12:42:30,537 [http://dwswiki9.westmarine.net:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG x.c.l.XWikiLDAPAuthServiceImpl - Local LDAP authentication failed.
org.xwiki.contrib.ldap.XWikiLDAPException: Error number 0 in 5: LDAP bind failed with LDAPException.
        at org.xwiki.contrib.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:227)
        at org.xwiki.contrib.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:155)
        at org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl.ldapAuthenticateInContext(XWikiLDAPAuthServiceImpl.java:515)
        at org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWikiLDAPAuthServiceImpl.java:331)
        at org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl.authenticate(XWikiLDAPAuthServiceImpl.java:267)
        at com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.authenticate(MyFormAuthenticator.java:272)
        at com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:192)
        at com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:174)
        at com.xpn.xwiki.user.impl.xwiki.XWikiAuthServiceImpl.checkAuth(XWikiAuthServiceImpl.java:239)
        at org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl.checkAuth(XWikiLDAPAuthServiceImpl.java:163)
        at com.xpn.xwiki.XWiki.checkAuth(XWiki.java:3776)
        at org.xwiki.security.authorization.internal.XWikiCachingRightService.authenticateUser(XWikiCachingRightService.java:242)
        at org.xwiki.security.authorization.internal.XWikiCachingRightService.checkAccess(XWikiCachingRightService.java:272)
        at com.xpn.xwiki.XWiki.checkAccess(XWiki.java:3794)
        at com.xpn.xwiki.XWiki.prepareDocuments(XWiki.java:4844)
        at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:364)
        at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:210)
        at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:425)
        at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:228)
        at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1913)
        at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:462)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
        at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:808)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1669)
        at com.xpn.xwiki.web.ActionFilter.doFilter(ActionFilter.java:112)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
        at org.xwiki.wysiwyg.server.filter.ConversionFilter.doFilter(ConversionFilter.java:127)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
        at org.xwiki.container.servlet.filters.internal.SetHTTPHeaderFilter.doFilter(SetHTTPHeaderFilter.java:63)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
        at org.xwiki.container.servlet.filters.internal.SavedRequestRestorerFilter.doFilter(SavedRequestRestorerFilter.java:208)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
        at org.xwiki.container.servlet.filters.internal.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:111)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
        at org.xwiki.resource.servlet.RoutingFilter.doFilter(RoutingFilter.java:136)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
        at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:585)
        at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
        at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:577)
        at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:223)
        at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127)
        at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515)
        at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
        at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061)
        at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
        at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:215)
        at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:110)
        at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)
        at org.eclipse.jetty.server.Server.handle(Server.java:499)
        at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:310)
        at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257)
        at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:540)
        at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635)
        at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555)
        at java.lang.Thread.run(Thread.java:745)
Caused by: com.novell.ldap.LDAPException: Invalid Credentials
        at com.novell.ldap.LDAPResponse.getResultException(Unknown Source)
        at com.novell.ldap.LDAPResponse.chkResultCode(Unknown Source)
        at com.novell.ldap.LDAPConnection.chkResultCode(Unknown Source)
        at com.novell.ldap.LDAPConnection.bind(Unknown Source)
        at com.novell.ldap.LDAPConnection.bind(Unknown Source)
        at org.xwiki.contrib.ldap.XWikiLDAPConnection.bind(XWikiLDAPConnection.java:261)
        at org.xwiki.contrib.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:223)
        ... 55 common frames omitted
2017-03-15 12:42:30,538 [http://dwswiki9.westmarine.net:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG x.c.l.XWikiLDAPAuthServiceImpl - Trying authentication against XWiki DB
2017-03-15 12:42:30,547 [http://dwswiki9.westmarine.net:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG x.c.l.XWikiLDAPAuthServiceImpl - LDAP authentication failed for user [douglasl]
2017-03-15 12:42:30,547 [http://dwswiki9.westmarine.net:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG x.c.l.XWikiLDAPAuthServiceImpl - XWikiUser: null
2017-03-15 12:42:30,983 [http://dwswiki9.westmarine.net:8080/xwiki/bin/get/TourCode/TourJson?xpage=plain&outputSyntax=plain&tourDoc=XWiki.XWikiLogin] TRACE x.c.l.XWikiLDAPAuthServiceImpl - Starting LDAP authentication
2017-03-15 12:42:30,984 [http://dwswiki9.westmarine.net:8080/xwiki/bin/get/TourCode/TourJson?xpage=plain&outputSyntax=plain&tourDoc=XWiki.XWikiLogin] DEBUG x.c.l.XWikiLDAPAuthServiceImpl - The provided user is null. We don't try to authenticate, it probably means the user is in non logged mode.
----------------------------

The information contained in this transmission may contain West Marine proprietary, confidential and/or privileged
information.  It is intended only for the use of the person(s) named above. If you are not the intended recipient, you are
hereby notified that any review, dissemination, distribution or duplication of this communication is strictly prohibited.
If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original
message. To reply to our email administrator directly, please send an email to [hidden email].
Reply | Threaded
Open this post in threaded view
|

Re: LDAP Auth again

Douglas Landau
Greets,

I am getting the same results no matter what I set as the value for:
xwiki.authentication.ldap.bind_DN=cn=sa-douglasl

I see it says that LDAP auth failed for douglasl, which I don’t understand yet, but whu then is the XWikiUser null?

Thanks


2017-03-15 13:13:03,767 [http://dwswiki9.westmarine.net:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG x.c.l.XWikiLDAPAuthServiceImpl - Trying authentication against XWiki DB
2017-03-15 13:13:03,775 [http://dwswiki9.westmarine.net:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG x.c.l.XWikiLDAPAuthServiceImpl - LDAP authentication failed for user [douglasl]
2017-03-15 13:13:03,775 [http://dwswiki9.westmarine.net:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG x.c.l.XWikiLDAPAuthServiceImpl - XWikiUser: null
2017-03-15 13:13:04,304 [http://dwswiki9.westmarine.net:8080/xwiki/bin/get/TourCode/TourJson?xpage=plain&outputSyntax=plain&tourDoc=XWiki.XWikiLogin] TRACE x.c.l.XWikiLDAPAuthServiceImpl - Starting LDAP authentication
2017-03-15 13:13:04,304 [http://dwswiki9.westmarine.net:8080/xwiki/bin/get/TourCode/TourJson?xpage=plain&outputSyntax=plain&tourDoc=XWiki.XWikiLogin] DEBUG x.c.l.XWikiLDAPAuthServiceImpl - The provided user is null. We don't try to authenticate, it probably means the user is in non logged mode.
2017-03-15 13:13:04,304 [http://dwswiki9.westmarine.net:8080/xwiki/bin/get/TourCode/TourJson?xpage=plain&outputSyntax=plain&tourDoc=XWiki.XWikiLogin] DEBUG x.c.l.XWikiLDAPAuthServiceImpl - XWikiUser: null


Am I setting the wrong thing?   Thanks


The information contained in this transmission may contain West Marine proprietary, confidential and/or privileged
information.  It is intended only for the use of the person(s) named above. If you are not the intended recipient, you are
hereby notified that any review, dissemination, distribution or duplication of this communication is strictly prohibited.
If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original
message. To reply to our email administrator directly, please send an email to [hidden email].
Reply | Threaded
Open this post in threaded view
|

Re: LDAP Auth again

Douglas Landau
Hmm.  I've set these two lines to:

xwiki.authentication.ldap.bind_DN=cn={0},dc=westmarine,dc=net
xwiki.authentication.ldap.bind_pass={1}

... and still get a Java stacktrace surrounded by these:

2017-03-15 13:39:12,357 [http://dwswiki9.westmarine.net:8080/xwiki/bin/get/TourCode/TourJson?xpage=plain&outputSyntax=plain&tourDoc=XWiki.XWikiLogin] DEBUG x.c.l.XWikiLDAPAuthServiceImpl - The provided user is null. We don't try to authenticate, it probably means the user is in non logged mode.
2017-03-15 13:39:12,357 [http://dwswiki9.westmarine.net:8080/xwiki/bin/get/TourCode/TourJson?xpage=plain&outputSyntax=plain&tourDoc=XWiki.XWikiLogin] DEBUG x.c.l.XWikiLDAPAuthServiceImpl - XWikiUser: null

I don't understand why the provided user is null.

Does Anybody?  I apologize for the dumb question.  But I have no idea where to go from here.

Thanks
Doug


The information contained in this transmission may contain West Marine proprietary, confidential and/or privileged
information.  It is intended only for the use of the person(s) named above. If you are not the intended recipient, you are
hereby notified that any review, dissemination, distribution or duplication of this communication is strictly prohibited.
If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original
message. To reply to our email administrator directly, please send an email to [hidden email].
Reply | Threaded
Open this post in threaded view
|

Re: LDAP Auth again

Douglas Landau
What does this mean?
#-# LDAP credentials, empty = anonymous access, otherwise specify full dn
#-# {0} is replaced with the user name, {1} with the password
#xwiki.authentication.ldap.bind_DN=cn={0},department=USER,department=INFORMATIK,department=1230,o=MP
#xwiki.authentication.ldap.bind_pass={1}

Does this mean that {0} is going to be replaced at runtime, or that I should replace it?

Thanks


-----Original Message-----
From: users [mailto:[hidden email]] On Behalf Of Douglas Landau
Sent: Wednesday, March 15, 2017 1:44 PM
To: XWiki Users
Subject: Re: [xwiki-users] LDAP Auth again

Hmm.  I've set these two lines to:

xwiki.authentication.ldap.bind_DN=cn={0},dc=westmarine,dc=net
xwiki.authentication.ldap.bind_pass={1}

... and still get a Java stacktrace surrounded by these:

2017-03-15 13:39:12,357 [http://dwswiki9.westmarine.net:8080/xwiki/bin/get/TourCode/TourJson?xpage=plain&outputSyntax=plain&tourDoc=XWiki.XWikiLogin] DEBUG x.c.l.XWikiLDAPAuthServiceImpl - The provided user is null. We don't try to authenticate, it probably means the user is in non logged mode.
2017-03-15 13:39:12,357 [http://dwswiki9.westmarine.net:8080/xwiki/bin/get/TourCode/TourJson?xpage=plain&outputSyntax=plain&tourDoc=XWiki.XWikiLogin] DEBUG x.c.l.XWikiLDAPAuthServiceImpl - XWikiUser: null

I don't understand why the provided user is null.

Does Anybody?  I apologize for the dumb question.  But I have no idea where to go from here.

Thanks
Doug


The information contained in this transmission may contain West Marine proprietary, confidential and/or privileged information.  It is intended only for the use of the person(s) named above. If you are not the intended recipient, you are hereby notified that any review, dissemination, distribution or duplication of this communication is strictly prohibited.
If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. To reply to our email administrator directly, please send an email to [hidden email].

The information contained in this transmission may contain West Marine proprietary, confidential and/or privileged
information.  It is intended only for the use of the person(s) named above. If you are not the intended recipient, you are
hereby notified that any review, dissemination, distribution or duplication of this communication is strictly prohibited.
If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original
message. To reply to our email administrator directly, please send an email to [hidden email].
Reply | Threaded
Open this post in threaded view
|

Re: LDAP Auth again

Thomas Mortagne
Administrator
In reply to this post by Douglas Landau
On Wed, Mar 15, 2017 at 8:56 PM, Douglas Landau <[hidden email]> wrote:
> That's it, the LDAP authenticator is used as authenticator and you have what is described on http://extensions.xwiki.org/xwiki/bin/view/Extension/LDAP/Application/
> when you do to the administration -> LDAP.
>
>>If you think you configured LDAP authenticator with the right values and login still fail then you should do what is explained on >http://extensions.xwiki.org/xwiki/bin/view/Extension/LDAP/Authenticator/#HEnableLDAPdebuglog
>>and you will have all the details to see why it fails.
>
> Great!  Thanks.  Did so.  Now I get a whole lot of copies of the 1st message below:  " The provided user is null. We don't try to authenticate, it probably means the user is in non logged mode."

You are not look in the right place. Authenticators are always called
even when you are not yet logged so you get this message when you
access the login page. LDAP authenticator just indicate that there is
not much it can do here.

Look at the big message below:

> 2017-03-15 12:42:30,422 [http://dwswiki9.westmarine.net:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.l.XWikiLDAPConnection    - Binding to LDAP server with credentials login=[cn=sa-douglasl,ou=SystemsEngineering,dc=westmarine,dc=net]
> Caused by: com.novell.ldap.LDAPException: Invalid Credentials

Looks like the password you indicated in
xwiki.authentication.ldap.bind_pass is wrong (since you explicitly
indicated a bind_DN you need the corresponding password).

>
> But I did provide a user, in this line:
> xwiki.authentication.ldap.bind_DN=cn=sa-douglasl,ou=SystemsEngineering,dc=westmarine,dc=net
>
> ...and I see that that line has been seen:
> 2017-03-15 12:42:30,422 [http://dwswiki9.westmarine.net:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.l.XWikiLDAPConnection    - Binding to LDAP server with credentials login=[cn=sa-douglasl,ou=SystemsEngineering,dc=westmarine,dc=net]
> 2017-03-15 12:42:30,537 [http://dwswiki9.westmarine.net:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG x.c.l.XWikiLDAPAuthServiceImpl - Local LDAP authentication failed.
>
>
> Was I suppose to specifiy the/a user on some other line?
> Thanks
>
> -------------------------------------
> 2017-03-15 12:42:30,231 [http://dwswiki9.westmarine.net:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG x.c.l.XWikiLDAPAuthServiceImpl - The provided user is null. We don't try to authenticate, it probably means the user is in non logged mode.
> 2017-03-15 12:42:30,231 [http://dwswiki9.westmarine.net:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] TRACE x.c.l.XWikiLDAPAuthServiceImpl - Starting LDAP authentication
> 2017-03-15 12:42:30,232 [http://dwswiki9.westmarine.net:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.l.XWikiLDAPConfig        - remoteUserParser: null
> 2017-03-15 12:42:30,271 [http://dwswiki9.westmarine.net:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.l.XWikiLDAPConfig        - ldap_group_classes: [groupofnames, posixgroup, apple-group, groupofuniquenames, dynamicgroup, groupwisedistributionlist, group, dynamicgroupaux]
> 2017-03-15 12:42:30,271 [http://dwswiki9.westmarine.net:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.l.XWikiLDAPConfig        - ldap_group_memberfields: [uniquemember, memberuid, member]
> 2017-03-15 12:42:30,382 [http://dwswiki9.westmarine.net:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.l.XWikiLDAPConnection    - Connection to LDAP server [pwsdc03.westmarine.net:389]
> 2017-03-15 12:42:30,422 [http://dwswiki9.westmarine.net:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.l.XWikiLDAPConnection    - Binding to LDAP server with credentials login=[cn=sa-douglasl,ou=SystemsEngineering,dc=westmarine,dc=net]
> 2017-03-15 12:42:30,537 [http://dwswiki9.westmarine.net:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG x.c.l.XWikiLDAPAuthServiceImpl - Local LDAP authentication failed.
> org.xwiki.contrib.ldap.XWikiLDAPException: Error number 0 in 5: LDAP bind failed with LDAPException.
>         at org.xwiki.contrib.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:227)
>         at org.xwiki.contrib.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:155)
>         at org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl.ldapAuthenticateInContext(XWikiLDAPAuthServiceImpl.java:515)
>         at org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWikiLDAPAuthServiceImpl.java:331)
>         at org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl.authenticate(XWikiLDAPAuthServiceImpl.java:267)
>         at com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.authenticate(MyFormAuthenticator.java:272)
>         at com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:192)
>         at com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:174)
>         at com.xpn.xwiki.user.impl.xwiki.XWikiAuthServiceImpl.checkAuth(XWikiAuthServiceImpl.java:239)
>         at org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl.checkAuth(XWikiLDAPAuthServiceImpl.java:163)
>         at com.xpn.xwiki.XWiki.checkAuth(XWiki.java:3776)
>         at org.xwiki.security.authorization.internal.XWikiCachingRightService.authenticateUser(XWikiCachingRightService.java:242)
>         at org.xwiki.security.authorization.internal.XWikiCachingRightService.checkAccess(XWikiCachingRightService.java:272)
>         at com.xpn.xwiki.XWiki.checkAccess(XWiki.java:3794)
>         at com.xpn.xwiki.XWiki.prepareDocuments(XWiki.java:4844)
>         at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:364)
>         at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:210)
>         at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:425)
>         at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:228)
>         at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1913)
>         at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:462)
>         at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
>         at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
>         at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:808)
>         at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1669)
>         at com.xpn.xwiki.web.ActionFilter.doFilter(ActionFilter.java:112)
>         at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
>         at org.xwiki.wysiwyg.server.filter.ConversionFilter.doFilter(ConversionFilter.java:127)
>         at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
>         at org.xwiki.container.servlet.filters.internal.SetHTTPHeaderFilter.doFilter(SetHTTPHeaderFilter.java:63)
>         at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
>         at org.xwiki.container.servlet.filters.internal.SavedRequestRestorerFilter.doFilter(SavedRequestRestorerFilter.java:208)
>         at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
>         at org.xwiki.container.servlet.filters.internal.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:111)
>         at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
>         at org.xwiki.resource.servlet.RoutingFilter.doFilter(RoutingFilter.java:136)
>         at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
>         at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:585)
>         at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
>         at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:577)
>         at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:223)
>         at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127)
>         at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515)
>         at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
>         at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061)
>         at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
>         at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:215)
>         at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:110)
>         at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)
>         at org.eclipse.jetty.server.Server.handle(Server.java:499)
>         at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:310)
>         at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257)
>         at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:540)
>         at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635)
>         at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555)
>         at java.lang.Thread.run(Thread.java:745)
> Caused by: com.novell.ldap.LDAPException: Invalid Credentials
>         at com.novell.ldap.LDAPResponse.getResultException(Unknown Source)
>         at com.novell.ldap.LDAPResponse.chkResultCode(Unknown Source)
>         at com.novell.ldap.LDAPConnection.chkResultCode(Unknown Source)
>         at com.novell.ldap.LDAPConnection.bind(Unknown Source)
>         at com.novell.ldap.LDAPConnection.bind(Unknown Source)
>         at org.xwiki.contrib.ldap.XWikiLDAPConnection.bind(XWikiLDAPConnection.java:261)
>         at org.xwiki.contrib.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:223)
>         ... 55 common frames omitted
> 2017-03-15 12:42:30,538 [http://dwswiki9.westmarine.net:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG x.c.l.XWikiLDAPAuthServiceImpl - Trying authentication against XWiki DB
> 2017-03-15 12:42:30,547 [http://dwswiki9.westmarine.net:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG x.c.l.XWikiLDAPAuthServiceImpl - LDAP authentication failed for user [douglasl]
> 2017-03-15 12:42:30,547 [http://dwswiki9.westmarine.net:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG x.c.l.XWikiLDAPAuthServiceImpl - XWikiUser: null
> 2017-03-15 12:42:30,983 [http://dwswiki9.westmarine.net:8080/xwiki/bin/get/TourCode/TourJson?xpage=plain&outputSyntax=plain&tourDoc=XWiki.XWikiLogin] TRACE x.c.l.XWikiLDAPAuthServiceImpl - Starting LDAP authentication
> 2017-03-15 12:42:30,984 [http://dwswiki9.westmarine.net:8080/xwiki/bin/get/TourCode/TourJson?xpage=plain&outputSyntax=plain&tourDoc=XWiki.XWikiLogin] DEBUG x.c.l.XWikiLDAPAuthServiceImpl - The provided user is null. We don't try to authenticate, it probably means the user is in non logged mode.
> ----------------------------
>
> The information contained in this transmission may contain West Marine proprietary, confidential and/or privileged
> information.  It is intended only for the use of the person(s) named above. If you are not the intended recipient, you are
> hereby notified that any review, dissemination, distribution or duplication of this communication is strictly prohibited.
> If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original
> message. To reply to our email administrator directly, please send an email to [hidden email].



--
Thomas Mortagne
Reply | Threaded
Open this post in threaded view
|

Re: LDAP Auth again

Thomas Mortagne
Administrator
In reply to this post by Douglas Landau
It means it will be replaced at runtime and it's usually the safest
(avoid putting clear password in a file) if the users are allowed to
search in the LDAP repository.

Note that you have various example for more precise use cases in
http://extensions.xwiki.org/xwiki/bin/view/Extension/LDAP/Authenticator/UseCases/.

On Wed, Mar 15, 2017 at 10:07 PM, Douglas Landau
<[hidden email]> wrote:

> What does this mean?
> #-# LDAP credentials, empty = anonymous access, otherwise specify full dn
> #-# {0} is replaced with the user name, {1} with the password
> #xwiki.authentication.ldap.bind_DN=cn={0},department=USER,department=INFORMATIK,department=1230,o=MP
> #xwiki.authentication.ldap.bind_pass={1}
>
> Does this mean that {0} is going to be replaced at runtime, or that I should replace it?
>
> Thanks
>
>
> -----Original Message-----
> From: users [mailto:[hidden email]] On Behalf Of Douglas Landau
> Sent: Wednesday, March 15, 2017 1:44 PM
> To: XWiki Users
> Subject: Re: [xwiki-users] LDAP Auth again
>
> Hmm.  I've set these two lines to:
>
> xwiki.authentication.ldap.bind_DN=cn={0},dc=westmarine,dc=net
> xwiki.authentication.ldap.bind_pass={1}
>
> ... and still get a Java stacktrace surrounded by these:
>
> 2017-03-15 13:39:12,357 [http://dwswiki9.westmarine.net:8080/xwiki/bin/get/TourCode/TourJson?xpage=plain&outputSyntax=plain&tourDoc=XWiki.XWikiLogin] DEBUG x.c.l.XWikiLDAPAuthServiceImpl - The provided user is null. We don't try to authenticate, it probably means the user is in non logged mode.
> 2017-03-15 13:39:12,357 [http://dwswiki9.westmarine.net:8080/xwiki/bin/get/TourCode/TourJson?xpage=plain&outputSyntax=plain&tourDoc=XWiki.XWikiLogin] DEBUG x.c.l.XWikiLDAPAuthServiceImpl - XWikiUser: null
>
> I don't understand why the provided user is null.
>
> Does Anybody?  I apologize for the dumb question.  But I have no idea where to go from here.
>
> Thanks
> Doug
>
>
> The information contained in this transmission may contain West Marine proprietary, confidential and/or privileged information.  It is intended only for the use of the person(s) named above. If you are not the intended recipient, you are hereby notified that any review, dissemination, distribution or duplication of this communication is strictly prohibited.
> If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. To reply to our email administrator directly, please send an email to [hidden email].
>
> The information contained in this transmission may contain West Marine proprietary, confidential and/or privileged
> information.  It is intended only for the use of the person(s) named above. If you are not the intended recipient, you are
> hereby notified that any review, dissemination, distribution or duplication of this communication is strictly prohibited.
> If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original
> message. To reply to our email administrator directly, please send an email to [hidden email].



--
Thomas Mortagne