LDAP Login not working for one user

Hi,

strange situation. LDAP-Login works for a long time, but suddenly, i can’t login with my standard-user anymore. It hangs and then comes HTTP 500. In the logs i don’t see much, when i enable the ldap*-loggings:

DEBUG x.c.l.XWikiLDAPAuthServiceImpl - REMOTE_USER: xxxxx 
DEBUG x.c.l.XWikiLDAPAuthServiceImpl - Try to find principal in the session for remote user [xxxxx] 
DEBUG x.c.l.XWikiLDAPAuthServiceImpl -   There is no principal at all in the session 

and then nothing…

for another user it starts the same way, but then the full LDAP-Login-thing continues:

DEBUG x.c.l.XWikiLDAPAuthServiceImpl - REMOTE_USER: abcabc 
DEBUG x.c.l.XWikiLDAPAuthServiceImpl - Try to find principal in the session for remote user [abcabc] 
DEBUG x.c.l.XWikiLDAPAuthServiceImpl -   There is no principal at all in the session 
DEBUG x.c.l.XWikiLDAPAuthServiceImpl - Try to find principal in the session for remote user [abcabc] 
DEBUG x.c.l.XWikiLDAPAuthServiceImpl -   There is no principal at all in the session 
DEBUG o.x.c.l.XWikiLDAPConfig        - remoteUserParser: null 
DEBUG o.x.c.l.XWikiLDAPConfig        - ldap_group_classes: [groupofnames, posixgroup, apple-group, groupofuniquenames, dynamicgroup, groupwisedistributionlist, group, dynamicgroupaux] 
DEBUG o.x.c.l.XWikiLDAPConfig        - ldap_group_memberfields: [uniquemember, memberuid, member] 
DEBUG o.x.c.l.XWikiLDAPConnection    - Connecting to LDAP using SSL 
(...)

Any idea what i should check? My user in active directory looks good, and on my dev-Environment, my user still works with LDAP-login.
I compared the LDAP-Classes on my xwiki-Users, the look equal.

Thanks,
Gerd

Hi @schnutz! If by standard-user you mean XWiki user (and not LDAP user), you may want to check if the trylocal property in the configuration was not disabled recently.

Hi - sorry, my “standard” user is the LDAP-User. So just opening Xwiki → auto-login should do the rest:
We have an apache doing the pre-auth and giving the username to tomcat/xwiki using header-vars. And then the LDAP-call should check my groups etc, but for my domain-user, it’s stuck… and after the timeout i get HTTP 500.

But this only happens with my own LDAP-User. All other LDAP-Users are working.

I also tried restarting the whole server, removed some unneeded AD-Groups from my LDAP-user, … nothing worked. I also have an additional “local-only” Xwiki-User, this works also (so not a problem of my browsers - I tried more of them).
Also tried different hosts → only my user is not working on them - so must be something within XWiki?

On my dev-instance of xwiki, my LDAP-user is working - nearly same setting as on PROD (not so big machine, but similar config), so i think the LDAP-settings are not the reason.

Thanks,
Gerd

Just guessing, but does your local XWiki user accidentally have the same username as your ldap user?

Hi, this issue was long ago - one time it worked again (don’t know who changed what).

But yes - we have the setting, that new users are automatically created in xwiki with same username - so all of them have the same usernames (=samAccountName), so this can’t be the reason.