LDAP login issue


This error was very annoying because neither the admin either the user knew what really happened.
Thank you for this info (maybe it is better to put an alert on ldap autenticathor page in case someone migrates and has the same errors) but there should be a prior check that avoids the creation of those n-users.
I think simply adding an if statement into ldap plugin code to check if the user found in xwiki database has the LDAP object added (if I enabled the new ldap extension and I set try-local property to false but a user inside the database has no ldap class, we should avoid any other errors adding that object or alerting the user).
Second, for the next versions there should be an UI improvement with the cases I wrote you because now it is totally not responsive.



I don’t agree with this, many XWiki instances have both LDAP users and regular XWiki users and the LDAP authenticator need to deal with collisions between the two.

I will have to reproduce and debug this, there should only be a _1 in your case. Could you tell me what you have in the LDAP profile object in _1 users ? Does the LDAP uid looks right in it ?



What kind of collisions do you mean? If a user exists in ldap and also in Xwiki and both have the same credentials (and XWiki has try-local=false, so it uses only ldap) I think it is obvious that this user is ok, no deals required. There should be no other errors, I don’t have a mixed situation, I use ldap only.
You can easily reproduce it in this way:

  • Using XWiki version 8.4.5, ldap authenticator ver. 9.2.5
  • setting try-local to false and using only ldap
  • Creating a user using the UI, that user must be in your ldap with same values
  • Trying to login with that user, if you will be able to pass you will see “_1” user, this user has the right LDAPProfileClass with right values, in this way you will enter with your id but for XWiki you are another user.


Only to help someone, if you see this error inside log:
DEBUG x.c.l.XWikiLDAPAuthServiceImpl - Local LDAP authentication failed.
java.lang.NullPointerException: null
at org.xwiki.contrib.ldap.XWikiLDAPUtils.updateUserFromLDAP(XWikiLDAPUtils.java:1328)
at org.xwiki.contrib.ldap.XWikiLDAPUtils.syncUser(XWikiLDAPUtils.java:1105)

This error could be related to this issue.



So I tried to reproduce your isse but I only have a _1 user created, following logins are reusing _1 version of the user properly.

I did not see any answer from you about what exactly you had in the LDAP profile object in the _1 user page, that would help understand your issue. Also a complete debug log of a login that create another _N user would help too.



as I already said, the “_1” user has an object with right ldap values:

By the way this is not a problem anymore, I applied a workaround to my batch procedure in order to add also the ldap object after the user creation, it seems to work well.

Currently I have only 2 problems:

  1. If I uninstall the LDAP Application extension (http://extensions.xwiki.org/xwiki/bin/view/Extension/LDAP/Application/) with the extension manager, I’m not able to use the cfg properties file, it seems to see the old properties I set with the LDAP Application, how to avoid this? Do I have to delete some dirty records in database or temp files?

  2. Please add a fix for the user interface management (delete and creation) for the next version



The application is a UI to make easier to edit the general XWiki preference so uninstalling the application does not reset those and they have priority over xwiki.cfg. You can either put back the application to reset all the values or directly edit the XWikiPreferences object on http://mydomain/xwiki/bin/edit/XWiki/XWikiPreference?editor=object.

Not sure what fix you are exactly talking about here. If you have a feature request related to LDAP you can detail it on https://jira.xwiki.org/browse/LDAP. If it’s only for the standard user UI then it’s https://jira.xwiki.org/browse/XWIKI



Thank you for reply.
I think you should add an alert about that in wiki page (I see that there is a comment into LDAP Application plugin page but it is not so visible). That behaviour is not so intuitive for normal users (and for developers too :wink: )

About the UI fix I mean this one:

And this one:

The first one does not refresh after user deletion (and does not confirm it!), the second one respond only after a very long time, if it responds.



First thing is usually is to clean your browser cache to see if the issue does not come from outdated JS/CSS.

Then if you can reproduce this without using LDAP authenticator would be nice to create an issue on https://jira.xwiki.org/browse/XWIKI with the steps to reproduce it on standard XWiki. Note that when you delete a user it’s trying to clean all references of that user and it might take a long time if you have a lot of wikis (see https://jira.xwiki.org/browse/XWIKI-9641).