LDAP Authentification doesn't work : java.lang.NoClassDefFoundError: Failed to get fields for class [org.xwiki.contrib.ldap.script.LDAPScriptService] because the class [org/xwiki/contrib/ldap/XWikiLDAPException] couldn't be found in the ClassLoader

Hello,

Before you ask, i’ve already read similar posts but didn’t find my answer.

Here 's my configuration :slight_smile:

xwiki.authentication.authclass=org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl
xwiki.authentication.ldap=1
xwiki.authentication.ldap.server=ldap://servername
xwiki.authentication.ldap.port=3268
xwiki.authentication.ldap.base_DN=dc=test,dc=local
xwiki.authentication.ldap.UID_attr=sAMAccountName
xwiki.authentication.ldap.fields_mapping=last_name=sn,first_name=givenName,email=mail
xwiki.authentication.ldap.update_user=1
xwiki.authentication.ldap.trylocal=1

I have enabled the ldap debug and here is the result = 2018_05_22.output.log (6.0 KB)

Any ideas please ?

How did you installed the LDAP authenticator exactly ?

This error seems to suggest you have the ldap-api jar file in WEB-INF/lib but not the ldap-authenticator one on which it depends.

It’s generally better to install it trough the Extension Manager.

Hi, i’ve installed the ldap authenticator manually but when i try to install it through the Extension Manager i have this error message : error_extension_ldap_authenticator

In which version of XWiki are you trying to install it ? The error you get is quite weird, it’s like you had mixed versions of XWiki jars.

Also make sure you removed it from WEB-INF/lib before installing it.

The version is xwiki platform distribution flavor jetty-hsqldb 9.7. Yes i did and i also checked when i tried to install ldap application that the dependances were installed by the extension manager but it wasn’t the case.

Was this instance upgraded at some point ? Could you make sure you don’t have duplicate xwiki-commons-component-api jars (in different versions) in it. That’s the only thing that could explain the error you have.

1 Like

I did an export from a 8.4.3 instance months ago, and i found an 8.3 xwiki-commons-component-api.jar.I removed it and the problem is solved, thank you !!

Now, the problem i have is that i still can’t connect to ldap in the login page.

I tried to create a wiki user to bind ldap because i saw it in an other post :

error_ldap_post
but i don’t know how to do it :

Here is the log file result : 2018_05_30.output.log (412.6 KB)

According to the log your issue is the following:

2018-05-30 10:05:17,031 [http://thoros-sab3:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.l.XWikiLDAPConnection - Connection to LDAP server [ldap://sirius:3268]
2018-05-30 10:05:17,031 [http://thoros-sab3:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG x.c.l.XWikiLDAPAuthServiceImpl - Local LDAP authentication failed.
java.lang.IllegalArgumentException: INVALID_ADDRESS

xwiki.authentication.ldap.server is supposed to only contain the host so sirius here I guess. Custom port is indicated using xwiki.authentication.ldap.port property.

I’ve already tried but i had the same error, i have replaced the host by the ip adress of the ldap server.
Here is the error i get :

2018-05-30 14:43:21,719 [http://thoros-sab3:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.l.XWikiLDAPConfig - remoteUserParser: null
2018-05-30 14:43:21,719 [http://thoros-sab3:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.l.XWikiLDAPConfig - ldap_group_classes: [groupofnames, posixgroup, apple-group, groupofuniquenames, dynamicgroup, groupwisedistributionlist, group, dynamicgroupaux]
2018-05-30 14:43:21,719 [http://thoros-sab3:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.l.XWikiLDAPConfig - ldap_group_memberfields: [uniquemember, memberuid, member]
2018-05-30 14:43:21,719 [http://thoros-sab3:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.l.XWikiLDAPConnection - Connection to LDAP server [ip_adress_ldap_server:3268]
2018-05-30 14:43:21,735 [http://thoros-sab3:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.l.XWikiLDAPConnection - Binding to LDAP server with credentials login=[diallom]
2018-05-30 14:43:21,735 [http://thoros-sab3:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG x.c.l.XWikiLDAPAuthServiceImpl - Local LDAP authentication failed.
org.xwiki.contrib.ldap.XWikiLDAPException: Error number 0 in 5: LDAP bind failed with LDAPException.

here is my ldap application configuration =


ldap_application_configuration2

This “same error” just means you had an issue during authentication. You definitely have a different issue now since this time it tried to bind. You should paste the full error and not just the first line.

ok, here is the full file error : 2018_05_30.output.log (571.4 KB)

So this time what is wrong in your bind DN, which in your case is not a DN but a uid.

You are supposed to provide a pattern (in which {0} will be replaced by the uid when it’s part of the LDAP user DN) which will be converted to the DN to use to access the LDAP server (you can’t connect to a LDAP server with just a uid). If your users have very different DNs (like stored in different organization units) you can choose some LDAP user which is allowed to search trough all the users and group in the LDAP server (in which case you will simply enter this user DN/password instead of patterns).

Ok, i replaced the ldap user instead of patterns and finally it works, thank you for everything !! :smile:

Last question, If i want to import all the ldap users in the wiki, how can i do it please?

The LDAP authenticator does not provide this feature out of the box. Usually it’s done using a Groovy script which use the API provided by the authenticator.

Thank you , i saw this groovy script : http://snippets.xwiki.org/xwiki/bin/view/Extension/Import%20Users%20From%20LDAP

Once i copy-past it , how should i do to run it please ?

Read carefully the warning before executing that.

i read it but it tells “The xwiki.ldap plugin need to be refactored first” and i have the last version of the plugin so i was thinking that i could use this script, it’s not the case ?

The important part is “This snippet is based on the old deprecated LDAP authenticator” which means that since you have the last version you will have issues.

Ok, thank you for everything !!

Hi,

I’ve installed the LDAP Authenticator Lowercase UID extension, but when an user log in through ldap the UID still contains Uppercase Letters in the creation of the user, do you know how to fix it please ?