XWiki Docker in Prod

classic Classic list List threaded Threaded
16 messages Options
Reply | Threaded
Open this post in threaded view
|

XWiki Docker in Prod

Lester Marc Dizon (ITX)
Hi,

We are currently testing XWiki. I have a test environment for XWiki running in Docker. I would like to know if it's ok to run it as is in Prod (intranet)?

Also, I'm trying to connect it to LDAP with no success (tried with http://extensions.xwiki.org/xwiki/bin/view/Extension/LDAP/Authenticator/ and http://extensions.xwiki.org/xwiki/bin/view/Extension/LDAP/Application/ ). Is it because I'm running it in Docker? Is there a log where I can check what's wrong?

Any help is appreciated.

Thanks,
Lester
Reply | Threaded
Open this post in threaded view
|

Re: XWiki Docker in Prod

Thomas Mortagne
Administrator
I don't know much about Docker but I can maybe help with the LDAP authenticator.

After you installed the extension you will also need to modify the
property xwiki.authentication.authclass in file xwiki.cfg in the
application server as indicated on
http://extensions.xwiki.org/xwiki/bin/view/Extension/LDAP/Authenticator/#HGenericLDAPconfiguration.
I have no idea if the Docker package let you modify this file but if
you managed to do that then a good thing to do usually to understand
what's wrong with your LDAP setup is enabled debug log (see
http://extensions.xwiki.org/xwiki/bin/view/Extension/LDAP/Authenticator/#HEnableLDAPdebuglog).

On Wed, May 10, 2017 at 4:13 PM, Lester Marc Dizon (ITX)
<[hidden email]> wrote:

> Hi,
>
> We are currently testing XWiki. I have a test environment for XWiki running in Docker. I would like to know if it's ok to run it as is in Prod (intranet)?
>
> Also, I'm trying to connect it to LDAP with no success (tried with http://extensions.xwiki.org/xwiki/bin/view/Extension/LDAP/Authenticator/ and http://extensions.xwiki.org/xwiki/bin/view/Extension/LDAP/Application/ ). Is it because I'm running it in Docker? Is there a log where I can check what's wrong?
>
> Any help is appreciated.
>
> Thanks,
> Lester



--
Thomas Mortagne
Reply | Threaded
Open this post in threaded view
|

Re: XWiki Docker in Prod

vmassol
Administrator
In reply to this post by Lester Marc Dizon (ITX)
Hi,

> On 10 May 2017, at 16:13, Lester Marc Dizon (ITX) <[hidden email]> wrote:
>
> Hi,
>
> We are currently testing XWiki. I have a test environment for XWiki running in Docker. I would like to know if it's ok to run it as is in Prod (intranet)?

That’s the intent but these images are pretty new (I added them a few months ago) and I haven’t received any feedback so far from people using them in production or not.

I’m also happy to work with you to make them production-ready if you see something missing.

> Also, I'm trying to connect it to LDAP with no success (tried with http://extensions.xwiki.org/xwiki/bin/view/Extension/LDAP/Authenticator/ and http://extensions.xwiki.org/xwiki/bin/view/Extension/LDAP/Application/ ). Is it because I'm running it in Docker? Is there a log where I can check what's wrong?

Yes it could be related to Docker since it runs inside its own network (See https://docs.docker.com/engine/userguide/networking/ for more details). I don’t have much experience with this though but it’s easy to check by doing a “docker exec” on your running container and try to ping your LDAP server IP.

Thanks
-Vincent

> Any help is appreciated.
>
> Thanks,
> Lester

Reply | Threaded
Open this post in threaded view
|

Re: XWiki Docker in Prod

vmassol
Administrator
In reply to this post by Thomas Mortagne

> On 10 May 2017, at 16:27, Thomas Mortagne <[hidden email]> wrote:
>
> I don't know much about Docker but I can maybe help with the LDAP authenticator.
>
> After you installed the extension you will also need to modify the
> property xwiki.authentication.authclass in file xwiki.cfg in the
> application server as indicated on
> http://extensions.xwiki.org/xwiki/bin/view/Extension/LDAP/Authenticator/#HGenericLDAPconfiguration.
> I have no idea if the Docker package let you modify this file

Yes it does, but it could be simpler, see  https://jira.xwiki.org/browse/XDOCKER-20

Thanks
-Vincent

> but if
> you managed to do that then a good thing to do usually to understand
> what's wrong with your LDAP setup is enabled debug log (see
> http://extensions.xwiki.org/xwiki/bin/view/Extension/LDAP/Authenticator/#HEnableLDAPdebuglog).
>
> On Wed, May 10, 2017 at 4:13 PM, Lester Marc Dizon (ITX)
> <[hidden email]> wrote:
>> Hi,
>>
>> We are currently testing XWiki. I have a test environment for XWiki running in Docker. I would like to know if it's ok to run it as is in Prod (intranet)?
>>
>> Also, I'm trying to connect it to LDAP with no success (tried with http://extensions.xwiki.org/xwiki/bin/view/Extension/LDAP/Authenticator/ and http://extensions.xwiki.org/xwiki/bin/view/Extension/LDAP/Application/ ). Is it because I'm running it in Docker? Is there a log where I can check what's wrong?
>>
>> Any help is appreciated.
>>
>> Thanks,
>> Lester
>
>
>
> --
> Thomas Mortagne

Reply | Threaded
Open this post in threaded view
|

Re: XWiki Docker in Prod

Lester Marc Dizon (ITX)
Thank you for your responses. I'm new to this community and happy to see you guys are very responsive.

@Thomas,  I have followed your wiki pages. The moment I add "xwiki.authentication.authclass=org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl" in xwiki.cfg ,  I can't login anymore even with the local admin account. I get a 401 http status code in "/usr/local/tomcat/logs/localhost_access_log.2017-05-10.txt".  Can you tell me where and which logfile I should check when I've added <logger name="org.xwiki.contrib.ldap" level="trace"/> in "WEB-INF/classes/logback.xml"?

@Vincent, running with Docker seems to work very well except for my issues with LDAP. Also, I can ping the LDAP Server inside the XWiki container. I really need to check a logfile to know where it is failing but I don't know where to find it.

Thanks,
Lester

-----Original Message-----
From: users [mailto:[hidden email]] On Behalf Of Vincent Massol
Sent: mercredi 10 mai 2017 16:54
To: XWiki Users <[hidden email]>
Subject: Re: [xwiki-users] XWiki Docker in Prod


> On 10 May 2017, at 16:27, Thomas Mortagne <[hidden email]> wrote:
>
> I don't know much about Docker but I can maybe help with the LDAP authenticator.
>
> After you installed the extension you will also need to modify the
> property xwiki.authentication.authclass in file xwiki.cfg in the
> application server as indicated on
> http://extensions.xwiki.org/xwiki/bin/view/Extension/LDAP/Authenticator/#HGenericLDAPconfiguration.
> I have no idea if the Docker package let you modify this file

Yes it does, but it could be simpler, see  https://jira.xwiki.org/browse/XDOCKER-20

Thanks
-Vincent

> but if
> you managed to do that then a good thing to do usually to understand
> what's wrong with your LDAP setup is enabled debug log (see
> http://extensions.xwiki.org/xwiki/bin/view/Extension/LDAP/Authenticator/#HEnableLDAPdebuglog).
>
> On Wed, May 10, 2017 at 4:13 PM, Lester Marc Dizon (ITX)
> <[hidden email]> wrote:
>> Hi,
>>
>> We are currently testing XWiki. I have a test environment for XWiki running in Docker. I would like to know if it's ok to run it as is in Prod (intranet)?
>>
>> Also, I'm trying to connect it to LDAP with no success (tried with http://extensions.xwiki.org/xwiki/bin/view/Extension/LDAP/Authenticator/ and http://extensions.xwiki.org/xwiki/bin/view/Extension/LDAP/Application/ ). Is it because I'm running it in Docker? Is there a log where I can check what's wrong?
>>
>> Any help is appreciated.
>>
>> Thanks,
>> Lester
>
>
>
> --
> Thomas Mortagne

Reply | Threaded
Open this post in threaded view
|

Re: XWiki Docker in Prod

Thomas Mortagne
Administrator
On Wed, May 10, 2017 at 5:25 PM, Lester Marc Dizon (ITX)
<[hidden email]> wrote:
> Thank you for your responses. I'm new to this community and happy to see you guys are very responsive.
>
> @Thomas,  I have followed your wiki pages. The moment I add "xwiki.authentication.authclass=org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl" in xwiki.cfg ,  I can't login anymore even with the local admin account. I get a 401 http status code in "/usr/local/tomcat/logs/localhost_access_log.2017-05-10.txt".

This is because by default the LDAP authenticator does not fallback on
standard XWiki auth. See xwiki.authentication.ldap.trylocal property
in the documentation.

> Can you tell me where and which logfile I should check when I've added <logger name="org.xwiki.contrib.ldap" level="trace"/> in "WEB-INF/classes/logback.xml"?

Whatever is the application server log file in the docker image.
Vincent should know better.

>
> @Vincent, running with Docker seems to work very well except for my issues with LDAP. Also, I can ping the LDAP Server inside the XWiki container. I really need to check a logfile to know where it is failing but I don't know where to find it.
>
> Thanks,
> Lester
>
> -----Original Message-----
> From: users [mailto:[hidden email]] On Behalf Of Vincent Massol
> Sent: mercredi 10 mai 2017 16:54
> To: XWiki Users <[hidden email]>
> Subject: Re: [xwiki-users] XWiki Docker in Prod
>
>
>> On 10 May 2017, at 16:27, Thomas Mortagne <[hidden email]> wrote:
>>
>> I don't know much about Docker but I can maybe help with the LDAP authenticator.
>>
>> After you installed the extension you will also need to modify the
>> property xwiki.authentication.authclass in file xwiki.cfg in the
>> application server as indicated on
>> http://extensions.xwiki.org/xwiki/bin/view/Extension/LDAP/Authenticator/#HGenericLDAPconfiguration.
>> I have no idea if the Docker package let you modify this file
>
> Yes it does, but it could be simpler, see  https://jira.xwiki.org/browse/XDOCKER-20
>
> Thanks
> -Vincent
>
>> but if
>> you managed to do that then a good thing to do usually to understand
>> what's wrong with your LDAP setup is enabled debug log (see
>> http://extensions.xwiki.org/xwiki/bin/view/Extension/LDAP/Authenticator/#HEnableLDAPdebuglog).
>>
>> On Wed, May 10, 2017 at 4:13 PM, Lester Marc Dizon (ITX)
>> <[hidden email]> wrote:
>>> Hi,
>>>
>>> We are currently testing XWiki. I have a test environment for XWiki running in Docker. I would like to know if it's ok to run it as is in Prod (intranet)?
>>>
>>> Also, I'm trying to connect it to LDAP with no success (tried with http://extensions.xwiki.org/xwiki/bin/view/Extension/LDAP/Authenticator/ and http://extensions.xwiki.org/xwiki/bin/view/Extension/LDAP/Application/ ). Is it because I'm running it in Docker? Is there a log where I can check what's wrong?
>>>
>>> Any help is appreciated.
>>>
>>> Thanks,
>>> Lester
>>
>>
>>
>> --
>> Thomas Mortagne
>



--
Thomas Mortagne
Reply | Threaded
Open this post in threaded view
|

Re: XWiki Docker in Prod

vmassol
Administrator

> On 10 May 2017, at 17:37, Thomas Mortagne <[hidden email]> wrote:
>
> On Wed, May 10, 2017 at 5:25 PM, Lester Marc Dizon (ITX)
> <[hidden email]> wrote:
>> Thank you for your responses. I'm new to this community and happy to see you guys are very responsive.
>>
>> @Thomas,  I have followed your wiki pages. The moment I add "xwiki.authentication.authclass=org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl" in xwiki.cfg ,  I can't login anymore even with the local admin account. I get a 401 http status code in "/usr/local/tomcat/logs/localhost_access_log.2017-05-10.txt".
>
> This is because by default the LDAP authenticator does not fallback on
> standard XWiki auth. See xwiki.authentication.ldap.trylocal property
> in the documentation.
>
>> Can you tell me where and which logfile I should check when I've added <logger name="org.xwiki.contrib.ldap" level="trace"/> in "WEB-INF/classes/logback.xml"?
>
> Whatever is the application server log file in the docker image.
> Vincent should know better.

The image is using Tomcat so the default location where tomcat puts its log file (can’t check right now).

Thanks
-Vincent

>
>>
>> @Vincent, running with Docker seems to work very well except for my issues with LDAP. Also, I can ping the LDAP Server inside the XWiki container. I really need to check a logfile to know where it is failing but I don't know where to find it.
>>
>> Thanks,
>> Lester
>>
>> -----Original Message-----
>> From: users [mailto:[hidden email]] On Behalf Of Vincent Massol
>> Sent: mercredi 10 mai 2017 16:54
>> To: XWiki Users <[hidden email]>
>> Subject: Re: [xwiki-users] XWiki Docker in Prod
>>
>>
>>> On 10 May 2017, at 16:27, Thomas Mortagne <[hidden email]> wrote:
>>>
>>> I don't know much about Docker but I can maybe help with the LDAP authenticator.
>>>
>>> After you installed the extension you will also need to modify the
>>> property xwiki.authentication.authclass in file xwiki.cfg in the
>>> application server as indicated on
>>> http://extensions.xwiki.org/xwiki/bin/view/Extension/LDAP/Authenticator/#HGenericLDAPconfiguration.
>>> I have no idea if the Docker package let you modify this file
>>
>> Yes it does, but it could be simpler, see  https://jira.xwiki.org/browse/XDOCKER-20
>>
>> Thanks
>> -Vincent
>>
>>> but if
>>> you managed to do that then a good thing to do usually to understand
>>> what's wrong with your LDAP setup is enabled debug log (see
>>> http://extensions.xwiki.org/xwiki/bin/view/Extension/LDAP/Authenticator/#HEnableLDAPdebuglog).
>>>
>>> On Wed, May 10, 2017 at 4:13 PM, Lester Marc Dizon (ITX)
>>> <[hidden email]> wrote:
>>>> Hi,
>>>>
>>>> We are currently testing XWiki. I have a test environment for XWiki running in Docker. I would like to know if it's ok to run it as is in Prod (intranet)?
>>>>
>>>> Also, I'm trying to connect it to LDAP with no success (tried with http://extensions.xwiki.org/xwiki/bin/view/Extension/LDAP/Authenticator/ and http://extensions.xwiki.org/xwiki/bin/view/Extension/LDAP/Application/ ). Is it because I'm running it in Docker? Is there a log where I can check what's wrong?
>>>>
>>>> Any help is appreciated.
>>>>
>>>> Thanks,
>>>> Lester
>>>
>>>
>>>
>>> --
>>> Thomas Mortagne
>>
>
>
>
> --
> Thomas Mortagne

Reply | Threaded
Open this post in threaded view
|

Re: XWiki Docker in Prod

Lester Marc Dizon (ITX)
In reply to this post by Thomas Mortagne
Works better with xwiki.authentication.ldap.trylocal=1, thanks . However I don't see any LDAP debug logs. I have the following logs in /usr/local/tomcat/logs/*:
- catalina.2017-05-10.log
- host-manager.2017-05-10.log
- localhost.2017-05-10.log
- localhost_access_log.2017-05-10.txt
- manager.2017-05-10.log

http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Logging states that Tomcat on unix will capture stdout and add logs to the tomcat/logs/catalina.out file. However made a find on "catalina.out" but nothing. Any clues where to find those LDAP logs?

Thanks,
Lester

-----Original Message-----
From: users [mailto:[hidden email]] On Behalf Of Thomas Mortagne
Sent: mercredi 10 mai 2017 17:38
To: XWiki Users <[hidden email]>
Subject: Re: [xwiki-users] XWiki Docker in Prod

On Wed, May 10, 2017 at 5:25 PM, Lester Marc Dizon (ITX) <[hidden email]> wrote:
> Thank you for your responses. I'm new to this community and happy to see you guys are very responsive.
>
> @Thomas,  I have followed your wiki pages. The moment I add "xwiki.authentication.authclass=org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl" in xwiki.cfg ,  I can't login anymore even with the local admin account. I get a 401 http status code in "/usr/local/tomcat/logs/localhost_access_log.2017-05-10.txt".

This is because by default the LDAP authenticator does not fallback on standard XWiki auth. See xwiki.authentication.ldap.trylocal property in the documentation.

> Can you tell me where and which logfile I should check when I've added <logger name="org.xwiki.contrib.ldap" level="trace"/> in "WEB-INF/classes/logback.xml"?

Whatever is the application server log file in the docker image.
Vincent should know better.

>
> @Vincent, running with Docker seems to work very well except for my issues with LDAP. Also, I can ping the LDAP Server inside the XWiki container. I really need to check a logfile to know where it is failing but I don't know where to find it.
>
> Thanks,
> Lester
>
Reply | Threaded
Open this post in threaded view
|

Re: XWiki Docker in Prod

Thomas Froehlich
Hi Lester,

you should configure the XWIKI logging. Then you can find ldap logging information in the XWIKI log file. I did the following steps:

a) Set up the XWIKI logging configuration in WEB-INF\classes\logback.xml by adding a  RollingFileAppender

  <appender name="FILE" class="ch.qos.logback.core.rolling.RollingFileAppender">
    <file>/var/lib/tomcat8/logs/xwiki.log</file>
    <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
    <!-- daily rollover -->
        <fileNamePattern>xwiki.%d{yyyy-MM-dd}.log</fileNamePattern>
        <!-- keep 30 days' worth of history -->
        <maxHistory>30</maxHistory>
    </rollingPolicy>
    <encoder>
        <pattern>%-4relative [%thread] %-5level %logger{35} - %msg%n</pattern>
    </encoder>
  </appender>

b) Extend the root level logging:

  <root level="info">
    <appender-ref ref="stdout"/>
    <appender-ref ref="FILE"/>
  </root>

c) Activation of the ldap logging (debugging) in WEB-INF\classes\logback.xml

  <!-- LDAP debugging -->
  <logger name="org.xwiki.contrib.ldap" level="trace"/>


With kind regards
Thomas


-----Ursprüngliche Nachricht-----
Von: users [mailto:[hidden email]] Im Auftrag von Lester Marc Dizon (ITX)
Gesendet: Mittwoch, 10. Mai 2017 18:45
An: XWiki Users <[hidden email]>
Betreff: Re: [xwiki-users] XWiki Docker in Prod

Works better with xwiki.authentication.ldap.trylocal=1, thanks . However I don't see any LDAP debug logs. I have the following logs in /usr/local/tomcat/logs/*:
- catalina.2017-05-10.log
- host-manager.2017-05-10.log
- localhost.2017-05-10.log
- localhost_access_log.2017-05-10.txt
- manager.2017-05-10.log

http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Logging states that Tomcat on unix will capture stdout and add logs to the tomcat/logs/catalina.out file. However made a find on "catalina.out" but nothing. Any clues where to find those LDAP logs?

Thanks,
Lester

-----Original Message-----
From: users [mailto:[hidden email]] On Behalf Of Thomas Mortagne
Sent: mercredi 10 mai 2017 17:38
To: XWiki Users <[hidden email]>
Subject: Re: [xwiki-users] XWiki Docker in Prod

On Wed, May 10, 2017 at 5:25 PM, Lester Marc Dizon (ITX) <[hidden email]> wrote:
> Thank you for your responses. I'm new to this community and happy to see you guys are very responsive.
>
> @Thomas,  I have followed your wiki pages. The moment I add "xwiki.authentication.authclass=org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl" in xwiki.cfg ,  I can't login anymore even with the local admin account. I get a 401 http status code in "/usr/local/tomcat/logs/localhost_access_log.2017-05-10.txt".

This is because by default the LDAP authenticator does not fallback on standard XWiki auth. See xwiki.authentication.ldap.trylocal property in the documentation.

> Can you tell me where and which logfile I should check when I've added <logger name="org.xwiki.contrib.ldap" level="trace"/> in "WEB-INF/classes/logback.xml"?

Whatever is the application server log file in the docker image.
Vincent should know better.

>
> @Vincent, running with Docker seems to work very well except for my issues with LDAP. Also, I can ping the LDAP Server inside the XWiki container. I really need to check a logfile to know where it is failing but I don't know where to find it.
>
> Thanks,
> Lester
>
Reply | Threaded
Open this post in threaded view
|

Re: XWiki Docker in Prod

vmassol
Administrator
In reply to this post by Lester Marc Dizon (ITX)
Hi,

> On 10 May 2017, at 18:44, Lester Marc Dizon (ITX) <[hidden email]> wrote:
>
> Works better with xwiki.authentication.ldap.trylocal=1, thanks . However I don't see any LDAP debug logs. I have the following logs in /usr/local/tomcat/logs/*:
> - catalina.2017-05-10.log

^^ I guess it’s this one then.

Seems this Tomcat is configured to use log4j: https://tomcat.apache.org/tomcat-6.0-doc/logging.html#Using_Log4j

# Define all the appenders
log4j.appender.CATALINA=org.apache.log4j.DailyRollingFileAppender
log4j.appender.CATALINA.File=${catalina.base}/logs/catalina.
log4j.appender.CATALINA.Append=true
log4j.appender.CATALINA.Encoding=UTF-8
# Roll-over the log once per day
log4j.appender.CATALINA.DatePattern='.'yyyy-MM-dd'.log'
log4j.appender.CATALINA.layout = org.apache.log4j.PatternLayout
log4j.appender.CATALINA.layout.ConversionPattern = %d [%t] %-5p %c- %m%n

Thanks
-Vincent


> - host-manager.2017-05-10.log
> - localhost.2017-05-10.log
> - localhost_access_log.2017-05-10.txt
> - manager.2017-05-10.log
>
> http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Logging states that Tomcat on unix will capture stdout and add logs to the tomcat/logs/catalina.out file. However made a find on "catalina.out" but nothing. Any clues where to find those LDAP logs?
>
> Thanks,
> Lester
>
> -----Original Message-----
> From: users [mailto:[hidden email]] On Behalf Of Thomas Mortagne
> Sent: mercredi 10 mai 2017 17:38
> To: XWiki Users <[hidden email]>
> Subject: Re: [xwiki-users] XWiki Docker in Prod
>
> On Wed, May 10, 2017 at 5:25 PM, Lester Marc Dizon (ITX) <[hidden email]> wrote:
>> Thank you for your responses. I'm new to this community and happy to see you guys are very responsive.
>>
>> @Thomas,  I have followed your wiki pages. The moment I add "xwiki.authentication.authclass=org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl" in xwiki.cfg ,  I can't login anymore even with the local admin account. I get a 401 http status code in "/usr/local/tomcat/logs/localhost_access_log.2017-05-10.txt".
>
> This is because by default the LDAP authenticator does not fallback on standard XWiki auth. See xwiki.authentication.ldap.trylocal property in the documentation.
>
>> Can you tell me where and which logfile I should check when I've added <logger name="org.xwiki.contrib.ldap" level="trace"/> in "WEB-INF/classes/logback.xml"?
>
> Whatever is the application server log file in the docker image.
> Vincent should know better.
>
>>
>> @Vincent, running with Docker seems to work very well except for my issues with LDAP. Also, I can ping the LDAP Server inside the XWiki container. I really need to check a logfile to know where it is failing but I don't know where to find it.
>>
>> Thanks,
>> Lester
>>

Reply | Threaded
Open this post in threaded view
|

Re: XWiki Docker in Prod

Lester Marc Dizon (ITX)
In reply to this post by Thomas Froehlich
@Thomas Froehlich thanks it works and I see LDAP debug logs! @Vincent Massol , with Thomas way, I find the LDAP logs in "/var/lib/tomcat8/logs/xwiki.log" .

I added the following configuration in xwiki.cfg but it still doesn't work:
xwiki.authentication.authclass=org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl
xwiki.authentication.ldap.trylocal=1
xwiki.authentication.ldap=1
xwiki.authentication.ldap.server=10.50.0.26
xwiki.authentication.ldap.port=389
xwiki.authentication.ldap.base_DN=OU=Standards,OU=Accounts,OU=_ITX,DC=itx,DC=local
xwiki.authentication.ldap.bind_DN=CN=Lester Marc Dizon (ITX),OU=Standards,OU=Accounts,OU=_ITX,DC=itx,DC=local
xwiki.authentication.ldap.bind_pass=mypassword

I have the following errors:
81954 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] TRACE o.x.c.ldap.XWikiLDAPAuthServiceImpl - Starting LDAP authentication
81955 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.ldap.XWikiLDAPAuthServiceImpl - The provided user is null. We don't try to authenticate, it probably means the user is in non logged mode.
81955 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] TRACE o.x.c.ldap.XWikiLDAPAuthServiceImpl - Starting LDAP authentication
81956 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.contrib.ldap.XWikiLDAPConfig - remoteUserParser: null
82020 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.contrib.ldap.XWikiLDAPConfig - ldap_group_classes: [groupofnames, posixgroup, apple-group, groupofuniquenames, dynamicgroup, groupwisedistributionlist, group, dynamicgroupaux]
82021 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.contrib.ldap.XWikiLDAPConfig - ldap_group_memberfields: [uniquemember, memberuid, member]
82201 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.ldap.XWikiLDAPConnection - Connection to LDAP server [10.50.0.26:389]
82217 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.ldap.XWikiLDAPConnection - Binding to LDAP server with credentials login=[CN=Lester Marc Dizon (ITX),OU=Standards,OU=Accounts,OU=_ITX,DC=itx,DC=local]
83172 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.xwiki.contrib.ldap.XWikiLDAPUtils - Searching for the user in LDAP: user [lmdizon-itx] base [OU=Standards,OU=Accounts,OU=_ITX,DC=itx,DC=local] query [(cn=lmdizon-itx)] uid [cn]
83180 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.ldap.XWikiLDAPConnection - LDAP search: baseDN=[OU=Standards,OU=Accounts,OU=_ITX,DC=itx,DC=local] query=[(cn=lmdizon-itx)] attr=[null] ldapScope=[2]
83253 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.ldap.XWikiLDAPAuthServiceImpl - Local LDAP authentication failed.
com.xpn.xwiki.XWikiException: Error number 8001 in 8: Can't find LDAP user DN for input [lmdizon-itx]
        at org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl.ldapAuthenticateInContext(XWikiLDAPAuthServiceImpl.java:608)
        at org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWikiLDAPAuthServiceImpl.java:334)
        at org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl.authenticate(XWikiLDAPAuthServiceImpl.java:268)
        at com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.authenticate(MyFormAuthenticator.java:272)
        at com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:192)
        at com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:174)
        at com.xpn.xwiki.user.impl.xwiki.XWikiAuthServiceImpl.checkAuth(XWikiAuthServiceImpl.java:239)
        at org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl.checkAuth(XWikiLDAPAuthServiceImpl.java:163)
        at com.xpn.xwiki.XWiki.checkAuth(XWiki.java:3782)
        at org.xwiki.security.authorization.internal.XWikiCachingRightService.authenticateUser(XWikiCachingRightService.java:242)
        at org.xwiki.security.authorization.internal.XWikiCachingRightService.checkAccess(XWikiCachingRightService.java:272)
        at com.xpn.xwiki.XWiki.checkAccess(XWiki.java:3800)
        at com.xpn.xwiki.XWiki.prepareDocuments(XWiki.java:4850)
        at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:364)
        at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:210)
        at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:425)
        at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:228)
        at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1913)
        at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:462)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:661)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:742)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at com.xpn.xwiki.web.ActionFilter.doFilter(ActionFilter.java:112)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at org.xwiki.wysiwyg.server.filter.ConversionFilter.doFilter(ConversionFilter.java:127)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at org.xwiki.container.servlet.filters.internal.SetHTTPHeaderFilter.doFilter(SetHTTPHeaderFilter.java:63)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at org.xwiki.container.servlet.filters.internal.SavedRequestRestorerFilter.doFilter(SavedRequestRestorerFilter.java:208)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at org.xwiki.container.servlet.filters.internal.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:111)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at org.xwiki.resource.servlet.RoutingFilter.doFilter(RoutingFilter.java:136)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:478)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:80)
        at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:624)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
        at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:799)
        at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
        at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:861)
        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1455)
        at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
        at java.lang.Thread.run(Thread.java:745)
83254 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.ldap.XWikiLDAPAuthServiceImpl - Trying authentication against XWiki DB
83283 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.ldap.XWikiLDAPAuthServiceImpl - LDAP authentication failed for user [lmdizon-itx]
83284 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.ldap.XWikiLDAPAuthServiceImpl - XWikiUser: null


It seems that I connect to the LDAP server but it doesn't find the user.. When I go to the login page I already have errors for some reason:
907353 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] TRACE o.x.c.ldap.XWikiLDAPAuthServiceImpl - Starting LDAP authentication
907354 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.ldap.XWikiLDAPAuthServiceImpl - The provided user is null. We don't try to authenticate, it probably means the user is in non logged mode.
907354 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] TRACE o.x.c.ldap.XWikiLDAPAuthServiceImpl - Starting LDAP authentication
907354 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.ldap.XWikiLDAPAuthServiceImpl - The provided user is null. We don't try to authenticate, it probably means the user is in non logged mode.
907354 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.ldap.XWikiLDAPAuthServiceImpl - XWikiUser: null

Any ideas what config I'm missing/wrong?

Thanks,
Lester

-----Original Message-----
From: users [mailto:[hidden email]] On Behalf Of Thomas Froehlich
Sent: jeudi 11 mai 2017 08:25
To: XWiki Users <[hidden email]>
Subject: Re: [xwiki-users] XWiki Docker in Prod

Hi Lester,

you should configure the XWIKI logging. Then you can find ldap logging information in the XWIKI log file. I did the following steps:

a) Set up the XWIKI logging configuration in WEB-INF\classes\logback.xml by adding a  RollingFileAppender

  <appender name="FILE" class="ch.qos.logback.core.rolling.RollingFileAppender">
    <file>/var/lib/tomcat8/logs/xwiki.log</file>
    <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
    <!-- daily rollover -->
        <fileNamePattern>xwiki.%d{yyyy-MM-dd}.log</fileNamePattern>
        <!-- keep 30 days' worth of history -->
        <maxHistory>30</maxHistory>
    </rollingPolicy>
    <encoder>
        <pattern>%-4relative [%thread] %-5level %logger{35} - %msg%n</pattern>
    </encoder>
  </appender>

b) Extend the root level logging:

  <root level="info">
    <appender-ref ref="stdout"/>
    <appender-ref ref="FILE"/>
  </root>

c) Activation of the ldap logging (debugging) in WEB-INF\classes\logback.xml

  <!-- LDAP debugging -->
  <logger name="org.xwiki.contrib.ldap" level="trace"/>


With kind regards
Thomas
Reply | Threaded
Open this post in threaded view
|

Re: XWiki Docker in Prod

Thomas Mortagne
Administrator
XWiki tried to find an entry in the LDAP server with the field "cn"
having the value "lmdizon-itx". Either this uid does not exist or you
need to set a different field using the property
xwiki.authentication.ldap.UID_attr (cn is the default).

On Thu, May 11, 2017 at 6:20 PM, Lester Marc Dizon (ITX)
<[hidden email]> wrote:

> @Thomas Froehlich thanks it works and I see LDAP debug logs! @Vincent Massol , with Thomas way, I find the LDAP logs in "/var/lib/tomcat8/logs/xwiki.log" .
>
> I added the following configuration in xwiki.cfg but it still doesn't work:
> xwiki.authentication.authclass=org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl
> xwiki.authentication.ldap.trylocal=1
> xwiki.authentication.ldap=1
> xwiki.authentication.ldap.server=10.50.0.26
> xwiki.authentication.ldap.port=389
> xwiki.authentication.ldap.base_DN=OU=Standards,OU=Accounts,OU=_ITX,DC=itx,DC=local
> xwiki.authentication.ldap.bind_DN=CN=Lester Marc Dizon (ITX),OU=Standards,OU=Accounts,OU=_ITX,DC=itx,DC=local
> xwiki.authentication.ldap.bind_pass=mypassword
>
> I have the following errors:
> 81954 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] TRACE o.x.c.ldap.XWikiLDAPAuthServiceImpl - Starting LDAP authentication
> 81955 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.ldap.XWikiLDAPAuthServiceImpl - The provided user is null. We don't try to authenticate, it probably means the user is in non logged mode.
> 81955 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] TRACE o.x.c.ldap.XWikiLDAPAuthServiceImpl - Starting LDAP authentication
> 81956 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.contrib.ldap.XWikiLDAPConfig - remoteUserParser: null
> 82020 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.contrib.ldap.XWikiLDAPConfig - ldap_group_classes: [groupofnames, posixgroup, apple-group, groupofuniquenames, dynamicgroup, groupwisedistributionlist, group, dynamicgroupaux]
> 82021 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.contrib.ldap.XWikiLDAPConfig - ldap_group_memberfields: [uniquemember, memberuid, member]
> 82201 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.ldap.XWikiLDAPConnection - Connection to LDAP server [10.50.0.26:389]
> 82217 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.ldap.XWikiLDAPConnection - Binding to LDAP server with credentials login=[CN=Lester Marc Dizon (ITX),OU=Standards,OU=Accounts,OU=_ITX,DC=itx,DC=local]
> 83172 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.xwiki.contrib.ldap.XWikiLDAPUtils - Searching for the user in LDAP: user [lmdizon-itx] base [OU=Standards,OU=Accounts,OU=_ITX,DC=itx,DC=local] query [(cn=lmdizon-itx)] uid [cn]
> 83180 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.ldap.XWikiLDAPConnection - LDAP search: baseDN=[OU=Standards,OU=Accounts,OU=_ITX,DC=itx,DC=local] query=[(cn=lmdizon-itx)] attr=[null] ldapScope=[2]
> 83253 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.ldap.XWikiLDAPAuthServiceImpl - Local LDAP authentication failed.
> com.xpn.xwiki.XWikiException: Error number 8001 in 8: Can't find LDAP user DN for input [lmdizon-itx]
>         at org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl.ldapAuthenticateInContext(XWikiLDAPAuthServiceImpl.java:608)
>         at org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWikiLDAPAuthServiceImpl.java:334)
>         at org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl.authenticate(XWikiLDAPAuthServiceImpl.java:268)
>         at com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.authenticate(MyFormAuthenticator.java:272)
>         at com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:192)
>         at com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:174)
>         at com.xpn.xwiki.user.impl.xwiki.XWikiAuthServiceImpl.checkAuth(XWikiAuthServiceImpl.java:239)
>         at org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl.checkAuth(XWikiLDAPAuthServiceImpl.java:163)
>         at com.xpn.xwiki.XWiki.checkAuth(XWiki.java:3782)
>         at org.xwiki.security.authorization.internal.XWikiCachingRightService.authenticateUser(XWikiCachingRightService.java:242)
>         at org.xwiki.security.authorization.internal.XWikiCachingRightService.checkAccess(XWikiCachingRightService.java:272)
>         at com.xpn.xwiki.XWiki.checkAccess(XWiki.java:3800)
>         at com.xpn.xwiki.XWiki.prepareDocuments(XWiki.java:4850)
>         at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:364)
>         at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:210)
>         at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:425)
>         at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:228)
>         at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1913)
>         at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:462)
>         at javax.servlet.http.HttpServlet.service(HttpServlet.java:661)
>         at javax.servlet.http.HttpServlet.service(HttpServlet.java:742)
>         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
>         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
>         at com.xpn.xwiki.web.ActionFilter.doFilter(ActionFilter.java:112)
>         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
>         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
>         at org.xwiki.wysiwyg.server.filter.ConversionFilter.doFilter(ConversionFilter.java:127)
>         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
>         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
>         at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
>         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
>         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
>         at org.xwiki.container.servlet.filters.internal.SetHTTPHeaderFilter.doFilter(SetHTTPHeaderFilter.java:63)
>         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
>         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
>         at org.xwiki.container.servlet.filters.internal.SavedRequestRestorerFilter.doFilter(SavedRequestRestorerFilter.java:208)
>         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
>         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
>         at org.xwiki.container.servlet.filters.internal.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:111)
>         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
>         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
>         at org.xwiki.resource.servlet.RoutingFilter.doFilter(RoutingFilter.java:136)
>         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
>         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
>         at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)
>         at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
>         at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:478)
>         at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
>         at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:80)
>         at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:624)
>         at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
>         at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
>         at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:799)
>         at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
>         at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:861)
>         at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1455)
>         at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
>         at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
>         at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
>         at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
>         at java.lang.Thread.run(Thread.java:745)
> 83254 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.ldap.XWikiLDAPAuthServiceImpl - Trying authentication against XWiki DB
> 83283 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.ldap.XWikiLDAPAuthServiceImpl - LDAP authentication failed for user [lmdizon-itx]
> 83284 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.ldap.XWikiLDAPAuthServiceImpl - XWikiUser: null
>
>
> It seems that I connect to the LDAP server but it doesn't find the user.. When I go to the login page I already have errors for some reason:
> 907353 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] TRACE o.x.c.ldap.XWikiLDAPAuthServiceImpl - Starting LDAP authentication
> 907354 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.ldap.XWikiLDAPAuthServiceImpl - The provided user is null. We don't try to authenticate, it probably means the user is in non logged mode.
> 907354 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] TRACE o.x.c.ldap.XWikiLDAPAuthServiceImpl - Starting LDAP authentication
> 907354 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.ldap.XWikiLDAPAuthServiceImpl - The provided user is null. We don't try to authenticate, it probably means the user is in non logged mode.
> 907354 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.ldap.XWikiLDAPAuthServiceImpl - XWikiUser: null
>
> Any ideas what config I'm missing/wrong?
>
> Thanks,
> Lester
>
> -----Original Message-----
> From: users [mailto:[hidden email]] On Behalf Of Thomas Froehlich
> Sent: jeudi 11 mai 2017 08:25
> To: XWiki Users <[hidden email]>
> Subject: Re: [xwiki-users] XWiki Docker in Prod
>
> Hi Lester,
>
> you should configure the XWIKI logging. Then you can find ldap logging information in the XWIKI log file. I did the following steps:
>
> a) Set up the XWIKI logging configuration in WEB-INF\classes\logback.xml by adding a  RollingFileAppender
>
>   <appender name="FILE" class="ch.qos.logback.core.rolling.RollingFileAppender">
>     <file>/var/lib/tomcat8/logs/xwiki.log</file>
>     <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
>     <!-- daily rollover -->
>         <fileNamePattern>xwiki.%d{yyyy-MM-dd}.log</fileNamePattern>
>         <!-- keep 30 days' worth of history -->
>         <maxHistory>30</maxHistory>
>     </rollingPolicy>
>     <encoder>
>         <pattern>%-4relative [%thread] %-5level %logger{35} - %msg%n</pattern>
>     </encoder>
>   </appender>
>
> b) Extend the root level logging:
>
>   <root level="info">
>     <appender-ref ref="stdout"/>
>     <appender-ref ref="FILE"/>
>   </root>
>
> c) Activation of the ldap logging (debugging) in WEB-INF\classes\logback.xml
>
>   <!-- LDAP debugging -->
>   <logger name="org.xwiki.contrib.ldap" level="trace"/>
>
>
> With kind regards
> Thomas



--
Thomas Mortagne
Reply | Threaded
Open this post in threaded view
|

Re: XWiki Docker in Prod

Thomas Mortagne
Administrator
You have various examples
http://extensions.xwiki.org/xwiki/bin/view/Extension/LDAP/Authenticator/UseCases/.

On Thu, May 11, 2017 at 7:03 PM, Thomas Mortagne
<[hidden email]> wrote:

> XWiki tried to find an entry in the LDAP server with the field "cn"
> having the value "lmdizon-itx". Either this uid does not exist or you
> need to set a different field using the property
> xwiki.authentication.ldap.UID_attr (cn is the default).
>
> On Thu, May 11, 2017 at 6:20 PM, Lester Marc Dizon (ITX)
> <[hidden email]> wrote:
>> @Thomas Froehlich thanks it works and I see LDAP debug logs! @Vincent Massol , with Thomas way, I find the LDAP logs in "/var/lib/tomcat8/logs/xwiki.log" .
>>
>> I added the following configuration in xwiki.cfg but it still doesn't work:
>> xwiki.authentication.authclass=org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl
>> xwiki.authentication.ldap.trylocal=1
>> xwiki.authentication.ldap=1
>> xwiki.authentication.ldap.server=10.50.0.26
>> xwiki.authentication.ldap.port=389
>> xwiki.authentication.ldap.base_DN=OU=Standards,OU=Accounts,OU=_ITX,DC=itx,DC=local
>> xwiki.authentication.ldap.bind_DN=CN=Lester Marc Dizon (ITX),OU=Standards,OU=Accounts,OU=_ITX,DC=itx,DC=local
>> xwiki.authentication.ldap.bind_pass=mypassword
>>
>> I have the following errors:
>> 81954 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] TRACE o.x.c.ldap.XWikiLDAPAuthServiceImpl - Starting LDAP authentication
>> 81955 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.ldap.XWikiLDAPAuthServiceImpl - The provided user is null. We don't try to authenticate, it probably means the user is in non logged mode.
>> 81955 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] TRACE o.x.c.ldap.XWikiLDAPAuthServiceImpl - Starting LDAP authentication
>> 81956 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.contrib.ldap.XWikiLDAPConfig - remoteUserParser: null
>> 82020 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.contrib.ldap.XWikiLDAPConfig - ldap_group_classes: [groupofnames, posixgroup, apple-group, groupofuniquenames, dynamicgroup, groupwisedistributionlist, group, dynamicgroupaux]
>> 82021 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.contrib.ldap.XWikiLDAPConfig - ldap_group_memberfields: [uniquemember, memberuid, member]
>> 82201 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.ldap.XWikiLDAPConnection - Connection to LDAP server [10.50.0.26:389]
>> 82217 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.ldap.XWikiLDAPConnection - Binding to LDAP server with credentials login=[CN=Lester Marc Dizon (ITX),OU=Standards,OU=Accounts,OU=_ITX,DC=itx,DC=local]
>> 83172 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.xwiki.contrib.ldap.XWikiLDAPUtils - Searching for the user in LDAP: user [lmdizon-itx] base [OU=Standards,OU=Accounts,OU=_ITX,DC=itx,DC=local] query [(cn=lmdizon-itx)] uid [cn]
>> 83180 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.ldap.XWikiLDAPConnection - LDAP search: baseDN=[OU=Standards,OU=Accounts,OU=_ITX,DC=itx,DC=local] query=[(cn=lmdizon-itx)] attr=[null] ldapScope=[2]
>> 83253 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.ldap.XWikiLDAPAuthServiceImpl - Local LDAP authentication failed.
>> com.xpn.xwiki.XWikiException: Error number 8001 in 8: Can't find LDAP user DN for input [lmdizon-itx]
>>         at org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl.ldapAuthenticateInContext(XWikiLDAPAuthServiceImpl.java:608)
>>         at org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWikiLDAPAuthServiceImpl.java:334)
>>         at org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl.authenticate(XWikiLDAPAuthServiceImpl.java:268)
>>         at com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.authenticate(MyFormAuthenticator.java:272)
>>         at com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:192)
>>         at com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:174)
>>         at com.xpn.xwiki.user.impl.xwiki.XWikiAuthServiceImpl.checkAuth(XWikiAuthServiceImpl.java:239)
>>         at org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl.checkAuth(XWikiLDAPAuthServiceImpl.java:163)
>>         at com.xpn.xwiki.XWiki.checkAuth(XWiki.java:3782)
>>         at org.xwiki.security.authorization.internal.XWikiCachingRightService.authenticateUser(XWikiCachingRightService.java:242)
>>         at org.xwiki.security.authorization.internal.XWikiCachingRightService.checkAccess(XWikiCachingRightService.java:272)
>>         at com.xpn.xwiki.XWiki.checkAccess(XWiki.java:3800)
>>         at com.xpn.xwiki.XWiki.prepareDocuments(XWiki.java:4850)
>>         at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:364)
>>         at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:210)
>>         at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:425)
>>         at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:228)
>>         at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1913)
>>         at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:462)
>>         at javax.servlet.http.HttpServlet.service(HttpServlet.java:661)
>>         at javax.servlet.http.HttpServlet.service(HttpServlet.java:742)
>>         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
>>         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
>>         at com.xpn.xwiki.web.ActionFilter.doFilter(ActionFilter.java:112)
>>         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
>>         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
>>         at org.xwiki.wysiwyg.server.filter.ConversionFilter.doFilter(ConversionFilter.java:127)
>>         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
>>         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
>>         at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
>>         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
>>         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
>>         at org.xwiki.container.servlet.filters.internal.SetHTTPHeaderFilter.doFilter(SetHTTPHeaderFilter.java:63)
>>         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
>>         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
>>         at org.xwiki.container.servlet.filters.internal.SavedRequestRestorerFilter.doFilter(SavedRequestRestorerFilter.java:208)
>>         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
>>         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
>>         at org.xwiki.container.servlet.filters.internal.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:111)
>>         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
>>         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
>>         at org.xwiki.resource.servlet.RoutingFilter.doFilter(RoutingFilter.java:136)
>>         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
>>         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
>>         at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)
>>         at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
>>         at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:478)
>>         at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
>>         at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:80)
>>         at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:624)
>>         at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
>>         at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
>>         at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:799)
>>         at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
>>         at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:861)
>>         at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1455)
>>         at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
>>         at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
>>         at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
>>         at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
>>         at java.lang.Thread.run(Thread.java:745)
>> 83254 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.ldap.XWikiLDAPAuthServiceImpl - Trying authentication against XWiki DB
>> 83283 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.ldap.XWikiLDAPAuthServiceImpl - LDAP authentication failed for user [lmdizon-itx]
>> 83284 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.ldap.XWikiLDAPAuthServiceImpl - XWikiUser: null
>>
>>
>> It seems that I connect to the LDAP server but it doesn't find the user.. When I go to the login page I already have errors for some reason:
>> 907353 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] TRACE o.x.c.ldap.XWikiLDAPAuthServiceImpl - Starting LDAP authentication
>> 907354 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.ldap.XWikiLDAPAuthServiceImpl - The provided user is null. We don't try to authenticate, it probably means the user is in non logged mode.
>> 907354 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] TRACE o.x.c.ldap.XWikiLDAPAuthServiceImpl - Starting LDAP authentication
>> 907354 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.ldap.XWikiLDAPAuthServiceImpl - The provided user is null. We don't try to authenticate, it probably means the user is in non logged mode.
>> 907354 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.ldap.XWikiLDAPAuthServiceImpl - XWikiUser: null
>>
>> Any ideas what config I'm missing/wrong?
>>
>> Thanks,
>> Lester
>>
>> -----Original Message-----
>> From: users [mailto:[hidden email]] On Behalf Of Thomas Froehlich
>> Sent: jeudi 11 mai 2017 08:25
>> To: XWiki Users <[hidden email]>
>> Subject: Re: [xwiki-users] XWiki Docker in Prod
>>
>> Hi Lester,
>>
>> you should configure the XWIKI logging. Then you can find ldap logging information in the XWIKI log file. I did the following steps:
>>
>> a) Set up the XWIKI logging configuration in WEB-INF\classes\logback.xml by adding a  RollingFileAppender
>>
>>   <appender name="FILE" class="ch.qos.logback.core.rolling.RollingFileAppender">
>>     <file>/var/lib/tomcat8/logs/xwiki.log</file>
>>     <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
>>     <!-- daily rollover -->
>>         <fileNamePattern>xwiki.%d{yyyy-MM-dd}.log</fileNamePattern>
>>         <!-- keep 30 days' worth of history -->
>>         <maxHistory>30</maxHistory>
>>     </rollingPolicy>
>>     <encoder>
>>         <pattern>%-4relative [%thread] %-5level %logger{35} - %msg%n</pattern>
>>     </encoder>
>>   </appender>
>>
>> b) Extend the root level logging:
>>
>>   <root level="info">
>>     <appender-ref ref="stdout"/>
>>     <appender-ref ref="FILE"/>
>>   </root>
>>
>> c) Activation of the ldap logging (debugging) in WEB-INF\classes\logback.xml
>>
>>   <!-- LDAP debugging -->
>>   <logger name="org.xwiki.contrib.ldap" level="trace"/>
>>
>>
>> With kind regards
>> Thomas
>
>
>
> --
> Thomas Mortagne



--
Thomas Mortagne
Reply | Threaded
Open this post in threaded view
|

Re: XWiki Docker in Prod

Lester Marc Dizon (ITX)
Hi guys,

Thanks alot for all the help. I have logs and ldap running!

@Thomas Mortagne, for ldap I had this config missing (I actually thought that sAMAccountName should be replaced by the user to authenticate with the windows AD....) :
xwiki.authentication.ldap.UID_attr=sAMAccountName

Thanks and have a nice weekend!

Lester

-----Original Message-----
From: users [mailto:[hidden email]] On Behalf Of Thomas Mortagne
Sent: jeudi 11 mai 2017 19:05
To: XWiki Users <[hidden email]>
Subject: Re: [xwiki-users] XWiki Docker in Prod

You have various examples
http://extensions.xwiki.org/xwiki/bin/view/Extension/LDAP/Authenticator/UseCases/.

On Thu, May 11, 2017 at 7:03 PM, Thomas Mortagne <[hidden email]> wrote:

> XWiki tried to find an entry in the LDAP server with the field "cn"
> having the value "lmdizon-itx". Either this uid does not exist or you
> need to set a different field using the property
> xwiki.authentication.ldap.UID_attr (cn is the default).
>
> On Thu, May 11, 2017 at 6:20 PM, Lester Marc Dizon (ITX)
> <[hidden email]> wrote:
>> @Thomas Froehlich thanks it works and I see LDAP debug logs! @Vincent Massol , with Thomas way, I find the LDAP logs in "/var/lib/tomcat8/logs/xwiki.log" .
>>
>> I added the following configuration in xwiki.cfg but it still doesn't work:
>> xwiki.authentication.authclass=org.xwiki.contrib.ldap.XWikiLDAPAuthSe
>> rviceImpl
>> xwiki.authentication.ldap.trylocal=1
>> xwiki.authentication.ldap=1
>> xwiki.authentication.ldap.server=10.50.0.26
>> xwiki.authentication.ldap.port=389
>> xwiki.authentication.ldap.base_DN=OU=Standards,OU=Accounts,OU=_ITX,DC
>> =itx,DC=local xwiki.authentication.ldap.bind_DN=CN=Lester Marc Dizon
>> (ITX),OU=Standards,OU=Accounts,OU=_ITX,DC=itx,DC=local
>> xwiki.authentication.ldap.bind_pass=mypassword
>>
>> I have the following errors:
>> 81954 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] TRACE
>> o.x.c.ldap.XWikiLDAPAuthServiceImpl - Starting LDAP authentication
>> 81955 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.ldap.XWikiLDAPAuthServiceImpl - The provided user is null. We don't try to authenticate, it probably means the user is in non logged mode.
>> 81955 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] TRACE
>> o.x.c.ldap.XWikiLDAPAuthServiceImpl - Starting LDAP authentication
>> 81956 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG
>> o.x.contrib.ldap.XWikiLDAPConfig - remoteUserParser: null
>> 82020 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG
>> o.x.contrib.ldap.XWikiLDAPConfig - ldap_group_classes: [groupofnames,
>> posixgroup, apple-group, groupofuniquenames, dynamicgroup,
>> groupwisedistributionlist, group, dynamicgroupaux]
>> 82021 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG
>> o.x.contrib.ldap.XWikiLDAPConfig - ldap_group_memberfields:
>> [uniquemember, memberuid, member]
>> 82201 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG
>> o.x.c.ldap.XWikiLDAPConnection - Connection to LDAP server
>> [10.50.0.26:389]
>> 82217 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG
>> o.x.c.ldap.XWikiLDAPConnection - Binding to LDAP server with
>> credentials login=[CN=Lester Marc Dizon
>> (ITX),OU=Standards,OU=Accounts,OU=_ITX,DC=itx,DC=local]
>> 83172 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG
>> o.xwiki.contrib.ldap.XWikiLDAPUtils - Searching for the user in LDAP:
>> user [lmdizon-itx] base
>> [OU=Standards,OU=Accounts,OU=_ITX,DC=itx,DC=local] query
>> [(cn=lmdizon-itx)] uid [cn]
>> 83180 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG
>> o.x.c.ldap.XWikiLDAPConnection - LDAP search:
>> baseDN=[OU=Standards,OU=Accounts,OU=_ITX,DC=itx,DC=local]
>> query=[(cn=lmdizon-itx)] attr=[null] ldapScope=[2]
>> 83253 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.ldap.XWikiLDAPAuthServiceImpl - Local LDAP authentication failed.
>> com.xpn.xwiki.XWikiException: Error number 8001 in 8: Can't find LDAP user DN for input [lmdizon-itx]
>>         at org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl.ldapAuthenticateInContext(XWikiLDAPAuthServiceImpl.java:608)
>>         at org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWikiLDAPAuthServiceImpl.java:334)
>>         at org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl.authenticate(XWikiLDAPAuthServiceImpl.java:268)
>>         at com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.authenticate(MyFormAuthenticator.java:272)
>>         at com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:192)
>>         at com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:174)
>>         at com.xpn.xwiki.user.impl.xwiki.XWikiAuthServiceImpl.checkAuth(XWikiAuthServiceImpl.java:239)
>>         at org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl.checkAuth(XWikiLDAPAuthServiceImpl.java:163)
>>         at com.xpn.xwiki.XWiki.checkAuth(XWiki.java:3782)
>>         at org.xwiki.security.authorization.internal.XWikiCachingRightService.authenticateUser(XWikiCachingRightService.java:242)
>>         at org.xwiki.security.authorization.internal.XWikiCachingRightService.checkAccess(XWikiCachingRightService.java:272)
>>         at com.xpn.xwiki.XWiki.checkAccess(XWiki.java:3800)
>>         at com.xpn.xwiki.XWiki.prepareDocuments(XWiki.java:4850)
>>         at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:364)
>>         at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:210)
>>         at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:425)
>>         at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:228)
>>         at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1913)
>>         at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:462)
>>         at javax.servlet.http.HttpServlet.service(HttpServlet.java:661)
>>         at javax.servlet.http.HttpServlet.service(HttpServlet.java:742)
>>         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
>>         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
>>         at com.xpn.xwiki.web.ActionFilter.doFilter(ActionFilter.java:112)
>>         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
>>         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
>>         at org.xwiki.wysiwyg.server.filter.ConversionFilter.doFilter(ConversionFilter.java:127)
>>         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
>>         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
>>         at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
>>         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
>>         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
>>         at org.xwiki.container.servlet.filters.internal.SetHTTPHeaderFilter.doFilter(SetHTTPHeaderFilter.java:63)
>>         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
>>         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
>>         at org.xwiki.container.servlet.filters.internal.SavedRequestRestorerFilter.doFilter(SavedRequestRestorerFilter.java:208)
>>         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
>>         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
>>         at org.xwiki.container.servlet.filters.internal.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:111)
>>         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
>>         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
>>         at org.xwiki.resource.servlet.RoutingFilter.doFilter(RoutingFilter.java:136)
>>         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
>>         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
>>         at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)
>>         at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
>>         at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:478)
>>         at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
>>         at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:80)
>>         at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:624)
>>         at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
>>         at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
>>         at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:799)
>>         at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
>>         at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:861)
>>         at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1455)
>>         at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
>>         at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
>>         at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
>>         at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
>>         at java.lang.Thread.run(Thread.java:745)
>> 83254 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG
>> o.x.c.ldap.XWikiLDAPAuthServiceImpl - Trying authentication against
>> XWiki DB
>> 83283 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG
>> o.x.c.ldap.XWikiLDAPAuthServiceImpl - LDAP authentication failed for
>> user [lmdizon-itx]
>> 83284 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG
>> o.x.c.ldap.XWikiLDAPAuthServiceImpl - XWikiUser: null
>>
>>
>> It seems that I connect to the LDAP server but it doesn't find the user.. When I go to the login page I already have errors for some reason:
>> 907353 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] TRACE
>> o.x.c.ldap.XWikiLDAPAuthServiceImpl - Starting LDAP authentication
>> 907354 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.ldap.XWikiLDAPAuthServiceImpl - The provided user is null. We don't try to authenticate, it probably means the user is in non logged mode.
>> 907354 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] TRACE
>> o.x.c.ldap.XWikiLDAPAuthServiceImpl - Starting LDAP authentication
>> 907354 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.ldap.XWikiLDAPAuthServiceImpl - The provided user is null. We don't try to authenticate, it probably means the user is in non logged mode.
>> 907354 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG
>> o.x.c.ldap.XWikiLDAPAuthServiceImpl - XWikiUser: null
>>
>> Any ideas what config I'm missing/wrong?
>>
>> Thanks,
>> Lester
>>
>> -----Original Message-----
>> From: users [mailto:[hidden email]] On Behalf Of Thomas
>> Froehlich
>> Sent: jeudi 11 mai 2017 08:25
>> To: XWiki Users <[hidden email]>
>> Subject: Re: [xwiki-users] XWiki Docker in Prod
>>
>> Hi Lester,
>>
>> you should configure the XWIKI logging. Then you can find ldap logging information in the XWIKI log file. I did the following steps:
>>
>> a) Set up the XWIKI logging configuration in
>> WEB-INF\classes\logback.xml by adding a  RollingFileAppender
>>
>>   <appender name="FILE" class="ch.qos.logback.core.rolling.RollingFileAppender">
>>     <file>/var/lib/tomcat8/logs/xwiki.log</file>
>>     <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
>>     <!-- daily rollover -->
>>         <fileNamePattern>xwiki.%d{yyyy-MM-dd}.log</fileNamePattern>
>>         <!-- keep 30 days' worth of history -->
>>         <maxHistory>30</maxHistory>
>>     </rollingPolicy>
>>     <encoder>
>>         <pattern>%-4relative [%thread] %-5level %logger{35} - %msg%n</pattern>
>>     </encoder>
>>   </appender>
>>
>> b) Extend the root level logging:
>>
>>   <root level="info">
>>     <appender-ref ref="stdout"/>
>>     <appender-ref ref="FILE"/>
>>   </root>
>>
>> c) Activation of the ldap logging (debugging) in
>> WEB-INF\classes\logback.xml
>>
>>   <!-- LDAP debugging -->
>>   <logger name="org.xwiki.contrib.ldap" level="trace"/>
>>
>>
>> With kind regards
>> Thomas
>
>
>
> --
> Thomas Mortagne



--
Thomas Mortagne
Reply | Threaded
Open this post in threaded view
|

Re: XWiki Docker in Prod

vmassol
Administrator
cool thanks for reporting back!

Have a nice weekend too.

And let me know if you have ideas on how to improve the docker image.

Thanks
-Vincent

> On 12 May 2017, at 17:11, Lester Marc Dizon (ITX) <[hidden email]> wrote:
>
> Hi guys,
>
> Thanks alot for all the help. I have logs and ldap running!
>
> @Thomas Mortagne, for ldap I had this config missing (I actually thought that sAMAccountName should be replaced by the user to authenticate with the windows AD....) :
> xwiki.authentication.ldap.UID_attr=sAMAccountName
>
> Thanks and have a nice weekend!
>
> Lester
>
> -----Original Message-----
> From: users [mailto:[hidden email]] On Behalf Of Thomas Mortagne
> Sent: jeudi 11 mai 2017 19:05
> To: XWiki Users <[hidden email]>
> Subject: Re: [xwiki-users] XWiki Docker in Prod
>
> You have various examples
> http://extensions.xwiki.org/xwiki/bin/view/Extension/LDAP/Authenticator/UseCases/.
>
> On Thu, May 11, 2017 at 7:03 PM, Thomas Mortagne <[hidden email]> wrote:
>> XWiki tried to find an entry in the LDAP server with the field "cn"
>> having the value "lmdizon-itx". Either this uid does not exist or you
>> need to set a different field using the property
>> xwiki.authentication.ldap.UID_attr (cn is the default).
>>
>> On Thu, May 11, 2017 at 6:20 PM, Lester Marc Dizon (ITX)
>> <[hidden email]> wrote:
>>> @Thomas Froehlich thanks it works and I see LDAP debug logs! @Vincent Massol , with Thomas way, I find the LDAP logs in "/var/lib/tomcat8/logs/xwiki.log" .
>>>
>>> I added the following configuration in xwiki.cfg but it still doesn't work:
>>> xwiki.authentication.authclass=org.xwiki.contrib.ldap.XWikiLDAPAuthSe
>>> rviceImpl
>>> xwiki.authentication.ldap.trylocal=1
>>> xwiki.authentication.ldap=1
>>> xwiki.authentication.ldap.server=10.50.0.26
>>> xwiki.authentication.ldap.port=389
>>> xwiki.authentication.ldap.base_DN=OU=Standards,OU=Accounts,OU=_ITX,DC
>>> =itx,DC=local xwiki.authentication.ldap.bind_DN=CN=Lester Marc Dizon
>>> (ITX),OU=Standards,OU=Accounts,OU=_ITX,DC=itx,DC=local
>>> xwiki.authentication.ldap.bind_pass=mypassword
>>>
>>> I have the following errors:
>>> 81954 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] TRACE
>>> o.x.c.ldap.XWikiLDAPAuthServiceImpl - Starting LDAP authentication
>>> 81955 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.ldap.XWikiLDAPAuthServiceImpl - The provided user is null. We don't try to authenticate, it probably means the user is in non logged mode.
>>> 81955 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] TRACE
>>> o.x.c.ldap.XWikiLDAPAuthServiceImpl - Starting LDAP authentication
>>> 81956 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG
>>> o.x.contrib.ldap.XWikiLDAPConfig - remoteUserParser: null
>>> 82020 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG
>>> o.x.contrib.ldap.XWikiLDAPConfig - ldap_group_classes: [groupofnames,
>>> posixgroup, apple-group, groupofuniquenames, dynamicgroup,
>>> groupwisedistributionlist, group, dynamicgroupaux]
>>> 82021 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG
>>> o.x.contrib.ldap.XWikiLDAPConfig - ldap_group_memberfields:
>>> [uniquemember, memberuid, member]
>>> 82201 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG
>>> o.x.c.ldap.XWikiLDAPConnection - Connection to LDAP server
>>> [10.50.0.26:389]
>>> 82217 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG
>>> o.x.c.ldap.XWikiLDAPConnection - Binding to LDAP server with
>>> credentials login=[CN=Lester Marc Dizon
>>> (ITX),OU=Standards,OU=Accounts,OU=_ITX,DC=itx,DC=local]
>>> 83172 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG
>>> o.xwiki.contrib.ldap.XWikiLDAPUtils - Searching for the user in LDAP:
>>> user [lmdizon-itx] base
>>> [OU=Standards,OU=Accounts,OU=_ITX,DC=itx,DC=local] query
>>> [(cn=lmdizon-itx)] uid [cn]
>>> 83180 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG
>>> o.x.c.ldap.XWikiLDAPConnection - LDAP search:
>>> baseDN=[OU=Standards,OU=Accounts,OU=_ITX,DC=itx,DC=local]
>>> query=[(cn=lmdizon-itx)] attr=[null] ldapScope=[2]
>>> 83253 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.ldap.XWikiLDAPAuthServiceImpl - Local LDAP authentication failed.
>>> com.xpn.xwiki.XWikiException: Error number 8001 in 8: Can't find LDAP user DN for input [lmdizon-itx]
>>>        at org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl.ldapAuthenticateInContext(XWikiLDAPAuthServiceImpl.java:608)
>>>        at org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWikiLDAPAuthServiceImpl.java:334)
>>>        at org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl.authenticate(XWikiLDAPAuthServiceImpl.java:268)
>>>        at com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.authenticate(MyFormAuthenticator.java:272)
>>>        at com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:192)
>>>        at com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:174)
>>>        at com.xpn.xwiki.user.impl.xwiki.XWikiAuthServiceImpl.checkAuth(XWikiAuthServiceImpl.java:239)
>>>        at org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl.checkAuth(XWikiLDAPAuthServiceImpl.java:163)
>>>        at com.xpn.xwiki.XWiki.checkAuth(XWiki.java:3782)
>>>        at org.xwiki.security.authorization.internal.XWikiCachingRightService.authenticateUser(XWikiCachingRightService.java:242)
>>>        at org.xwiki.security.authorization.internal.XWikiCachingRightService.checkAccess(XWikiCachingRightService.java:272)
>>>        at com.xpn.xwiki.XWiki.checkAccess(XWiki.java:3800)
>>>        at com.xpn.xwiki.XWiki.prepareDocuments(XWiki.java:4850)
>>>        at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:364)
>>>        at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:210)
>>>        at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:425)
>>>        at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:228)
>>>        at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1913)
>>>        at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:462)
>>>        at javax.servlet.http.HttpServlet.service(HttpServlet.java:661)
>>>        at javax.servlet.http.HttpServlet.service(HttpServlet.java:742)
>>>        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
>>>        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
>>>        at com.xpn.xwiki.web.ActionFilter.doFilter(ActionFilter.java:112)
>>>        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
>>>        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
>>>        at org.xwiki.wysiwyg.server.filter.ConversionFilter.doFilter(ConversionFilter.java:127)
>>>        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
>>>        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
>>>        at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
>>>        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
>>>        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
>>>        at org.xwiki.container.servlet.filters.internal.SetHTTPHeaderFilter.doFilter(SetHTTPHeaderFilter.java:63)
>>>        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
>>>        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
>>>        at org.xwiki.container.servlet.filters.internal.SavedRequestRestorerFilter.doFilter(SavedRequestRestorerFilter.java:208)
>>>        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
>>>        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
>>>        at org.xwiki.container.servlet.filters.internal.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:111)
>>>        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
>>>        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
>>>        at org.xwiki.resource.servlet.RoutingFilter.doFilter(RoutingFilter.java:136)
>>>        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
>>>        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
>>>        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)
>>>        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
>>>        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:478)
>>>        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
>>>        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:80)
>>>        at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:624)
>>>        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
>>>        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
>>>        at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:799)
>>>        at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
>>>        at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:861)
>>>        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1455)
>>>        at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
>>>        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
>>>        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
>>>        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
>>>        at java.lang.Thread.run(Thread.java:745)
>>> 83254 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG
>>> o.x.c.ldap.XWikiLDAPAuthServiceImpl - Trying authentication against
>>> XWiki DB
>>> 83283 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG
>>> o.x.c.ldap.XWikiLDAPAuthServiceImpl - LDAP authentication failed for
>>> user [lmdizon-itx]
>>> 83284 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG
>>> o.x.c.ldap.XWikiLDAPAuthServiceImpl - XWikiUser: null
>>>
>>>
>>> It seems that I connect to the LDAP server but it doesn't find the user.. When I go to the login page I already have errors for some reason:
>>> 907353 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] TRACE
>>> o.x.c.ldap.XWikiLDAPAuthServiceImpl - Starting LDAP authentication
>>> 907354 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.ldap.XWikiLDAPAuthServiceImpl - The provided user is null. We don't try to authenticate, it probably means the user is in non logged mode.
>>> 907354 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] TRACE
>>> o.x.c.ldap.XWikiLDAPAuthServiceImpl - Starting LDAP authentication
>>> 907354 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.ldap.XWikiLDAPAuthServiceImpl - The provided user is null. We don't try to authenticate, it probably means the user is in non logged mode.
>>> 907354 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG
>>> o.x.c.ldap.XWikiLDAPAuthServiceImpl - XWikiUser: null
>>>
>>> Any ideas what config I'm missing/wrong?
>>>
>>> Thanks,
>>> Lester
>>>
>>> -----Original Message-----
>>> From: users [mailto:[hidden email]] On Behalf Of Thomas
>>> Froehlich
>>> Sent: jeudi 11 mai 2017 08:25
>>> To: XWiki Users <[hidden email]>
>>> Subject: Re: [xwiki-users] XWiki Docker in Prod
>>>
>>> Hi Lester,
>>>
>>> you should configure the XWIKI logging. Then you can find ldap logging information in the XWIKI log file. I did the following steps:
>>>
>>> a) Set up the XWIKI logging configuration in
>>> WEB-INF\classes\logback.xml by adding a  RollingFileAppender
>>>
>>>  <appender name="FILE" class="ch.qos.logback.core.rolling.RollingFileAppender">
>>>    <file>/var/lib/tomcat8/logs/xwiki.log</file>
>>>    <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
>>>    <!-- daily rollover -->
>>>        <fileNamePattern>xwiki.%d{yyyy-MM-dd}.log</fileNamePattern>
>>>        <!-- keep 30 days' worth of history -->
>>>        <maxHistory>30</maxHistory>
>>>    </rollingPolicy>
>>>    <encoder>
>>>        <pattern>%-4relative [%thread] %-5level %logger{35} - %msg%n</pattern>
>>>    </encoder>
>>>  </appender>
>>>
>>> b) Extend the root level logging:
>>>
>>>  <root level="info">
>>>    <appender-ref ref="stdout"/>
>>>    <appender-ref ref="FILE"/>
>>>  </root>
>>>
>>> c) Activation of the ldap logging (debugging) in
>>> WEB-INF\classes\logback.xml
>>>
>>>  <!-- LDAP debugging -->
>>>  <logger name="org.xwiki.contrib.ldap" level="trace"/>
>>>
>>>
>>> With kind regards
>>> Thomas
>>
>>
>>
>> --
>> Thomas Mortagne
>
>
>
> --
> Thomas Mortagne

Reply | Threaded
Open this post in threaded view
|

Re: XWiki Docker in Prod

vmassol
Administrator
[[Note: The XWiki project is switching away from this mailing list and moving to a forum: https://discourse.xwiki.org. This list will be made readonly in a few days. Please post on the forum from now on. Thanks.]]

-----
Hi Lester,

> On 19 May 2017, at 18:48, Lester Marc Dizon (ITX) <[hidden email]> wrote:
>
> Hi Vincent,
>
> I'm trying to replicate the xwiki and mysql-xwiki containers to another web server (for a web server cluster) but it doesn't work . The database data doesn't persist on the image when I docker commit. I do the following:
>
> On test server:
> sudo docker commit 7c7a4a700519 mysql-xwiki_itx
> sudo docker save mysql-xwiki_itx > /vagrant/mysql-xwiki_itx.tar
>
> On test server2:
> docker load < /vagrant/mysql-xwiki_itx.tar
> docker run --net=xwiki-nw --name mysql-xwiki -v /my/own/mysql:/var/lib/mysql -e MYSQL_ROOT_PASSWORD=xwiki -e MYSQL_USER=xwiki -e MYSQL_PASSWORD=xwiki -e MYSQL_DATABASE=xwiki -d mysql-xwiki_itx:latest --character-set-server=utf8 --collation-server=utf8_bin --explicit-defaults-for-timestamp=1
>
> "xwiki" database doesn't persist. Would you know why and to make it persist on the commit? Sorry for this seems to be trivial question..

I’ve never used docker commit/load so I’d need to learn those to help on that.

But I don’t understand how this could work since on the 1st server you have 2 local volumes (one for the xwiki permanent dir and one for mysql). How would these local volumes find their way onto the 2nd server?

Thanks
-Vincent

PS: Please use the users mailing list or even better please switch to the new XWiki forum on http://forum.xwiki.org (see http://dev.xwiki.org/xwiki/bin/view/Community/Discuss).

> Thanks,
> Lester
>
>
> -----Original Message-----
> From: users [mailto:[hidden email]] On Behalf Of Vincent Massol
> Sent: vendredi 12 mai 2017 17:16
> To: XWiki Users <[hidden email]>
> Subject: Re: [xwiki-users] XWiki Docker in Prod
>
> cool thanks for reporting back!
>
> Have a nice weekend too.
>
> And let me know if you have ideas on how to improve the docker image.
>
> Thanks
> -Vincent
>
>> On 12 May 2017, at 17:11, Lester Marc Dizon (ITX) <[hidden email]> wrote:
>>
>> Hi guys,
>>
>> Thanks alot for all the help. I have logs and ldap running!
>>
>> @Thomas Mortagne, for ldap I had this config missing (I actually thought that sAMAccountName should be replaced by the user to authenticate with the windows AD....) :
>> xwiki.authentication.ldap.UID_attr=sAMAccountName
>>
>> Thanks and have a nice weekend!
>>
>> Lester
>>
>> -----Original Message-----
>> From: users [mailto:[hidden email]] On Behalf Of Thomas
>> Mortagne
>> Sent: jeudi 11 mai 2017 19:05
>> To: XWiki Users <[hidden email]>
>> Subject: Re: [xwiki-users] XWiki Docker in Prod
>>
>> You have various examples
>> http://extensions.xwiki.org/xwiki/bin/view/Extension/LDAP/Authenticator/UseCases/.
>>
>> On Thu, May 11, 2017 at 7:03 PM, Thomas Mortagne <[hidden email]> wrote:
>>> XWiki tried to find an entry in the LDAP server with the field "cn"
>>> having the value "lmdizon-itx". Either this uid does not exist or you
>>> need to set a different field using the property
>>> xwiki.authentication.ldap.UID_attr (cn is the default).
>>>
>>> On Thu, May 11, 2017 at 6:20 PM, Lester Marc Dizon (ITX)
>>> <[hidden email]> wrote:
>>>> @Thomas Froehlich thanks it works and I see LDAP debug logs! @Vincent Massol , with Thomas way, I find the LDAP logs in "/var/lib/tomcat8/logs/xwiki.log" .
>>>>
>>>> I added the following configuration in xwiki.cfg but it still doesn't work:
>>>> xwiki.authentication.authclass=org.xwiki.contrib.ldap.XWikiLDAPAuthS
>>>> e
>>>> rviceImpl
>>>> xwiki.authentication.ldap.trylocal=1
>>>> xwiki.authentication.ldap=1
>>>> xwiki.authentication.ldap.server=10.50.0.26
>>>> xwiki.authentication.ldap.port=389
>>>> xwiki.authentication.ldap.base_DN=OU=Standards,OU=Accounts,OU=_ITX,D
>>>> C =itx,DC=local xwiki.authentication.ldap.bind_DN=CN=Lester Marc
>>>> Dizon (ITX),OU=Standards,OU=Accounts,OU=_ITX,DC=itx,DC=local
>>>> xwiki.authentication.ldap.bind_pass=mypassword
>>>>
>>>> I have the following errors:
>>>> 81954 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] TRACE
>>>> o.x.c.ldap.XWikiLDAPAuthServiceImpl - Starting LDAP authentication
>>>> 81955 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.ldap.XWikiLDAPAuthServiceImpl - The provided user is null. We don't try to authenticate, it probably means the user is in non logged mode.
>>>> 81955 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] TRACE
>>>> o.x.c.ldap.XWikiLDAPAuthServiceImpl - Starting LDAP authentication
>>>> 81956 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG
>>>> o.x.contrib.ldap.XWikiLDAPConfig - remoteUserParser: null
>>>> 82020 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG
>>>> o.x.contrib.ldap.XWikiLDAPConfig - ldap_group_classes:
>>>> [groupofnames, posixgroup, apple-group, groupofuniquenames,
>>>> dynamicgroup, groupwisedistributionlist, group, dynamicgroupaux]
>>>> 82021 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG
>>>> o.x.contrib.ldap.XWikiLDAPConfig - ldap_group_memberfields:
>>>> [uniquemember, memberuid, member]
>>>> 82201 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG
>>>> o.x.c.ldap.XWikiLDAPConnection - Connection to LDAP server
>>>> [10.50.0.26:389]
>>>> 82217 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG
>>>> o.x.c.ldap.XWikiLDAPConnection - Binding to LDAP server with
>>>> credentials login=[CN=Lester Marc Dizon
>>>> (ITX),OU=Standards,OU=Accounts,OU=_ITX,DC=itx,DC=local]
>>>> 83172 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG
>>>> o.xwiki.contrib.ldap.XWikiLDAPUtils - Searching for the user in LDAP:
>>>> user [lmdizon-itx] base
>>>> [OU=Standards,OU=Accounts,OU=_ITX,DC=itx,DC=local] query
>>>> [(cn=lmdizon-itx)] uid [cn]
>>>> 83180 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG
>>>> o.x.c.ldap.XWikiLDAPConnection - LDAP search:
>>>> baseDN=[OU=Standards,OU=Accounts,OU=_ITX,DC=itx,DC=local]
>>>> query=[(cn=lmdizon-itx)] attr=[null] ldapScope=[2]
>>>> 83253 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.ldap.XWikiLDAPAuthServiceImpl - Local LDAP authentication failed.
>>>> com.xpn.xwiki.XWikiException: Error number 8001 in 8: Can't find LDAP user DN for input [lmdizon-itx]
>>>>       at org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl.ldapAuthenticateInContext(XWikiLDAPAuthServiceImpl.java:608)
>>>>       at org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWikiLDAPAuthServiceImpl.java:334)
>>>>       at org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl.authenticate(XWikiLDAPAuthServiceImpl.java:268)
>>>>       at com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.authenticate(MyFormAuthenticator.java:272)
>>>>       at com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:192)
>>>>       at com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:174)
>>>>       at com.xpn.xwiki.user.impl.xwiki.XWikiAuthServiceImpl.checkAuth(XWikiAuthServiceImpl.java:239)
>>>>       at org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl.checkAuth(XWikiLDAPAuthServiceImpl.java:163)
>>>>       at com.xpn.xwiki.XWiki.checkAuth(XWiki.java:3782)
>>>>       at org.xwiki.security.authorization.internal.XWikiCachingRightService.authenticateUser(XWikiCachingRightService.java:242)
>>>>       at org.xwiki.security.authorization.internal.XWikiCachingRightService.checkAccess(XWikiCachingRightService.java:272)
>>>>       at com.xpn.xwiki.XWiki.checkAccess(XWiki.java:3800)
>>>>       at com.xpn.xwiki.XWiki.prepareDocuments(XWiki.java:4850)
>>>>       at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:364)
>>>>       at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:210)
>>>>       at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:425)
>>>>       at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:228)
>>>>       at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1913)
>>>>       at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:462)
>>>>       at javax.servlet.http.HttpServlet.service(HttpServlet.java:661)
>>>>       at javax.servlet.http.HttpServlet.service(HttpServlet.java:742)
>>>>       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
>>>>       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
>>>>       at com.xpn.xwiki.web.ActionFilter.doFilter(ActionFilter.java:112)
>>>>       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
>>>>       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
>>>>       at org.xwiki.wysiwyg.server.filter.ConversionFilter.doFilter(ConversionFilter.java:127)
>>>>       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
>>>>       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
>>>>       at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
>>>>       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
>>>>       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
>>>>       at org.xwiki.container.servlet.filters.internal.SetHTTPHeaderFilter.doFilter(SetHTTPHeaderFilter.java:63)
>>>>       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
>>>>       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
>>>>       at org.xwiki.container.servlet.filters.internal.SavedRequestRestorerFilter.doFilter(SavedRequestRestorerFilter.java:208)
>>>>       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
>>>>       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
>>>>       at org.xwiki.container.servlet.filters.internal.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:111)
>>>>       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
>>>>       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
>>>>       at org.xwiki.resource.servlet.RoutingFilter.doFilter(RoutingFilter.java:136)
>>>>       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
>>>>       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
>>>>       at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)
>>>>       at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
>>>>       at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:478)
>>>>       at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
>>>>       at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:80)
>>>>       at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:624)
>>>>       at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
>>>>       at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
>>>>       at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:799)
>>>>       at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
>>>>       at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:861)
>>>>       at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1455)
>>>>       at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
>>>>       at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
>>>>       at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
>>>>       at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
>>>>       at java.lang.Thread.run(Thread.java:745)
>>>> 83254 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG
>>>> o.x.c.ldap.XWikiLDAPAuthServiceImpl - Trying authentication against
>>>> XWiki DB
>>>> 83283 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG
>>>> o.x.c.ldap.XWikiLDAPAuthServiceImpl - LDAP authentication failed for
>>>> user [lmdizon-itx]
>>>> 83284 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG
>>>> o.x.c.ldap.XWikiLDAPAuthServiceImpl - XWikiUser: null
>>>>
>>>>
>>>> It seems that I connect to the LDAP server but it doesn't find the user.. When I go to the login page I already have errors for some reason:
>>>> 907353 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] TRACE
>>>> o.x.c.ldap.XWikiLDAPAuthServiceImpl - Starting LDAP authentication
>>>> 907354 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.ldap.XWikiLDAPAuthServiceImpl - The provided user is null. We don't try to authenticate, it probably means the user is in non logged mode.
>>>> 907354 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] TRACE
>>>> o.x.c.ldap.XWikiLDAPAuthServiceImpl - Starting LDAP authentication
>>>> 907354 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.ldap.XWikiLDAPAuthServiceImpl - The provided user is null. We don't try to authenticate, it probably means the user is in non logged mode.
>>>> 907354 [http://localhost:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG
>>>> o.x.c.ldap.XWikiLDAPAuthServiceImpl - XWikiUser: null
>>>>
>>>> Any ideas what config I'm missing/wrong?
>>>>
>>>> Thanks,
>>>> Lester
>>>>
>>>> -----Original Message-----
>>>> From: users [mailto:[hidden email]] On Behalf Of Thomas
>>>> Froehlich
>>>> Sent: jeudi 11 mai 2017 08:25
>>>> To: XWiki Users <[hidden email]>
>>>> Subject: Re: [xwiki-users] XWiki Docker in Prod
>>>>
>>>> Hi Lester,
>>>>
>>>> you should configure the XWIKI logging. Then you can find ldap logging information in the XWIKI log file. I did the following steps:
>>>>
>>>> a) Set up the XWIKI logging configuration in
>>>> WEB-INF\classes\logback.xml by adding a  RollingFileAppender
>>>>
>>>> <appender name="FILE" class="ch.qos.logback.core.rolling.RollingFileAppender">
>>>>   <file>/var/lib/tomcat8/logs/xwiki.log</file>
>>>>   <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
>>>>   <!-- daily rollover -->
>>>>       <fileNamePattern>xwiki.%d{yyyy-MM-dd}.log</fileNamePattern>
>>>>       <!-- keep 30 days' worth of history -->
>>>>       <maxHistory>30</maxHistory>
>>>>   </rollingPolicy>
>>>>   <encoder>
>>>>       <pattern>%-4relative [%thread] %-5level %logger{35} - %msg%n</pattern>
>>>>   </encoder>
>>>> </appender>
>>>>
>>>> b) Extend the root level logging:
>>>>
>>>> <root level="info">
>>>>   <appender-ref ref="stdout"/>
>>>>   <appender-ref ref="FILE"/>
>>>> </root>
>>>>
>>>> c) Activation of the ldap logging (debugging) in
>>>> WEB-INF\classes\logback.xml
>>>>
>>>> <!-- LDAP debugging -->
>>>> <logger name="org.xwiki.contrib.ldap" level="trace"/>
>>>>
>>>>
>>>> With kind regards
>>>> Thomas
>>>
>>>
>>>
>>> --
>>> Thomas Mortagne
>>
>>
>>
>> --
>> Thomas Mortagne
>