LDAP AD configuration problem - "Provided user is null, LDAP not active"

Hi everyone!

I’m in the process of configuring XWiki after successful migration from Mindtouch. At the moment I’m trying to configure LDAP/AD and have some problems that I don’t know how to debug. Perhaps someone can help me and clarify some things.

Firstly, I tried to configure LDAP through Active Directory Application, and then just through LDAP Application, but with no success.

So I started tweaking xwiki.cfg according to the documentation here and here. I also took a look on several topics describing issues related to AD, but couldn’t find any solution that worked for me.

Configuration details

This is my current config:

xwiki.authentication.authclass=org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl
xwiki.authentication.ldap=1
xwiki.authentication.ldap.trylocal=1
xwiki.authentication.ldap.server=ourcompany.pl
xwiki.authentication.ldap.bind_DN=cn={0},ou=XXXX_Users,dc=ourcompany,dc=pl
xwiki.authentication.ldap.bind_pass={1}
xwiki.authentication.ldap.UID_attr=sAMAccountName
xwiki.authentication.ldap.base_DN=ou=XXXX_Users,dc=ourcompany,dc=pl
xwiki.authentication.ldap.fields_mapping=name=sAMAccountName,last_name=sn,first_name=givenName,fullname=displayName,email=mail,ldap_dn=dn
xwiki.authentication.ldap.update_user=1
xwiki.authentication.ldap.update_photo=1

I cleared all the possible ldap parameters in Global Administration interface in XWiki.XWikiPreferences (1) of /bin/edit/XWiki/XWikiPreferences?editor=object.

Of course after each change I was restarting Docker container.

I also checked my connection parameters on the host through ldapsearch and it seems to work correctly:

$ ldapsearch -x -h ourcompany.pl -D "xwikitest" -w "password" -b "DC=ourcompany,DC=pl" -s sub "(sAMAccountName=xwikitest)" cn mail sn er userPrincipalName sAMAccountName
# extended LDIF
#
# LDAPv3
# base <DC=ourcompany,DC=pl> with scope subtree
# filter: (sAMAccountName=xwikitest)
# requesting: cn mail sn er userPrincipalName sAMAccountName
#

# xwikitest, Techniczne, XXXX_Users, ourcompany.pl
dn: CN=xwikitest,OU=Techniczne,OU=XXXX_Users,DC=ourcompany,DC=pl
cn: xwikitest
sAMAccountName: xwikitest
userPrincipalName: xwikitest@ourcompany.pl

In case of my account the output is:

# Roszkowski Dominik, XXXX_Users, ourcompany.pl
dn: CN=Roszkowski Dominik,OU=XXXX_Users,DC=ourcompany,DC=pl
cn: Roszkowski Dominik
sn: Roszkowski
sAMAccountName: mylogin
userPrincipalName: mylogin@ourcompany.pl
mail: dominik.roszkowski@ourcompany.pl

I also mapped ports in Docker container:

ports:
  - "8080:8080"
  - "389:389"

Unfortunately I still get following output from DEBUG logs:

10:10:34,063 [/bin/loginsubmit/XWiki/XWikiLogin] DEBUG x.c.l.XWikiLDAPAuthServiceImpl - The provided user is null. We don't try to authenticate, it probably means the user is in non logged mode.
10:10:34,063 [/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.l.XWikiLDAPConfig        - remoteUserParser: null
10:10:34,065 [/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.l.XWikiLDAPConfig        - ldap_group_classes: [groupofnames, posixgroup, apple-group, groupofuniquenames, dynamicgroup, groupwisedistributionlist, group, dynamicgroupaux]
10:10:34,065 [/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.l.XWikiLDAPConfig        - ldap_group_memberfields: [uniquemember, memberuid, member]
10:10:34,065 [/bin/loginsubmit/XWiki/XWikiLogin] DEBUG x.c.l.XWikiLDAPAuthServiceImpl - LDAP authentication failed: LDAP not activ
10:10:34,065 [/bin/loginsubmit/XWiki/XWikiLogin] DEBUG x.c.l.XWikiLDAPAuthServiceImpl - Trying authentication against XWiki DB
10:10:34,171 [/bin/loginsubmit/XWiki/XWikiLogin] DEBUG x.c.l.XWikiLDAPAuthServiceImpl - LDAP authentication failed for user [xwikitest]
10:10:34,172 [/bin/loginsubmit/XWiki/XWikiLogin] DEBUG x.c.l.XWikiLDAPAuthServiceImpl - XWikiUser: null
10:10:35,755 [/bin/get/TourCode/TourJson?xpage=plain&outputSyntax=plain&tourDoc=XWiki.XWikiLogin] DEBUG x.c.l.XWikiLDAPAuthServiceImpl - The provided user is null. We don't try to authenticate, it probably means the user is in non logged mode.
10:10:35,755 [/bin/get/TourCode/TourJson?xpage=plain&outputSyntax=plain&tourDoc=XWiki.XWikiLogin] DEBUG x.c.l.XWikiLDAPAuthServiceImpl - XWikiUser: null

Question

What could be wrong with my configuration at this stage?

This can only mean one of the following:

  • no xwiki.authentication.ldap=1 in xwiki.cfg
  • Ldap is set to no in XWikiPreferences

I went through several configurations:

  • LDAP on both in XWikiPreferences and xwiki.cfg
  • LDAP only in xwiki.cfg
  • LDAP only in XWikiPreferences

image
image

I edit the xwiki.cfg in /opt/volumes/wiki/xwiki-data/data which is mapped in Docker to /usr/local/xwiki/data

Unfortunately it doesn’t work :confused:

I’m going to run separate clean container with clean database to check again.

It seems that using Active Directory Application before left some settings that were overriding LDAP Application config as well as wiki.cfg even though I removed all the settings in XWikiPreferences and LDAP Application.

After clean install I was able to configure AD properly. I just installed LDAP Authenticator and configured everything in wiki.cfg.

The issue can be considered resolved.

You should mark your last message as being the solution then :wink:

1 Like

We stumbled across the same issue with the LDAP Authenticator not working at all after having had installed and deinstalled the Active Directory Application.
I know this is an old topic already marked as solved, but we managed to get it running again without having to reinstall the whole wiki, so I thought it might still be worth noting.
For us it was the application-activedirectory-api extension which had stayed installed, a part or dependency of the Active Directory Application. After removing that the LDAP Authenticator started working for us.