If you bump up the log level of org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl
(e.g. via https://your-xwiki-instance/xwiki/bin/admin/XWiki/XWikiPreferences?editor=globaladmin§ion=Logging) you should see a stack trace if your DN syntax is not valid, e.g.:
2023-09-22 19:37:37,347 [qtp665372494-75 - http://xwiki:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG x.c.l.XWikiLDAPAuthServiceImpl - Local LDAP authentication failed.
org.xwiki.contrib.ldap.XWikiLDAPException: Error number 0 in 5: LDAP bind failed with LDAPException.
at org.xwiki.contrib.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:244)
at org.xwiki.contrib.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:165)
...
Caused by: com.novell.ldap.LDAPException: Invalid DN Syntax
at com.novell.ldap.LDAPResponse.getResultException(LDAPResponse.java:407)
...
That being said, while character escaping is technically properly defined in RFC4514 it has always been notoriously iffy. Some server implementations support \,
, some require \
plus two hex digits (i.e. \2C
in this case).
I’ve just tried LDAP xWiki
on a 389ds (xwiki 14.10.17) which worked fine, but I was unsuccessful with LDAP, xWiki
, no matter how I escaped it. That might be a shortcoming of 389ds, jldap, or me not knowing what the correct syntax is. Your mileage may vary.