Hi there.
I would like some help with LDAP authentication in XWiki. I have done my first configuration on XWiki.cfg and LDAP work fine (looking on debug mode log). But, when I trying to login with an LDAP account and type the wrong password, the authentication passes and no LDAP validation is taking place. When I try to log-in with an account that never log-in before and type the wrong password, I can’t pass. So, It only happens when I already log-in.
Is there some configuration wrong?
XWiki Debian 12.9
LDAP Authenticator extension
xwiki.authentication.authclass=org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl
xwiki.authentication.ldap=1
xwiki.authentication.ldap.trylocal=1
xwiki.authentication.ldap.server=10.xxxx
xwiki.authentication.ldap.port=389
xwiki.authentication.ldap.bind_DN=AD\\{0}
xwiki.authentication.ldap.bind_pass={1}
xwiki.authentication.ldap.base_DN=DC=AD,DC=XXXXXX,DC=XX
xwiki.authentication.ldap.UID_attr=sAMAccountName
wiki.authentication.ldap.fields_mapping=last_name=sn,first_name=givenName,email=mail
xwiki.authentication.ldap.update_user=1
8080/xwiki/wiki/gmg/loginsubmit/XWiki/XWikiLogin] TRACE x.c.l.XWikiLDAPAuthServiceImpl - Starting LDAP authentication
8080/xwiki/wiki/gmg/loginsubmit/XWiki/XWikiLogin] DEBUG x.c.l.XWikiLDAPAuthServiceImpl - The provided user is null. We don't try to authenticate, it probably means the user is in non logged mode.
8080/xwiki/wiki/gmg/loginsubmit/XWiki/XWikiLogin] TRACE x.c.l.XWikiLDAPAuthServiceImpl - Starting LDAP authentication
8080/xwiki/wiki/gmg/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.l.XWikiLDAPConfig - remoteUserParser: null
8080/xwiki/wiki/gmg/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.l.XWikiLDAPConfig - ldap_group_classes: [groupofnames, posixgroup, apple-group, groupofuniquenames, dynamicgroup, groupwisedistributionlist, group, dynamicgroupaux]
8080/xwiki/wiki/gmg/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.l.XWikiLDAPConfig - ldap_group_memberfields: [uniquemember, memberuid, member]
8080/xwiki/wiki/gmg/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.l.XWikiLDAPConnection - Connection to LDAP server [10.xxxxxx:389]
8080/xwiki/wiki/gmg/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.l.XWikiLDAPConnection - Binding to LDAP server with credentials login=[CN=Bruno Melo,CN=xxxxx,DC=AD,DC=xxxxx,DC=xxx]
8080/xwiki/wiki/gmg/loginsubmit/XWiki/XWikiLogin] WARN c.x.x.XWiki - Deprecated usage legacy-style HQL ordinal parameters (`?`); use JPA-style ordinal parameters (e.g., `?1`) instead. Query [select distinct doc.fullName from XWikiDocument as doc , BaseObject as obj, StringProperty as prop where doc.fullName=obj.name and obj.className=? and obj.id=prop.id.id and prop.name=? and lower(prop.value)=?] has been converted to [select distinct doc.fullName from XWikiDocument as doc , BaseObject as obj, StringProperty as prop where doc.fullName=obj.name and obj.className=?1 and obj.id=prop.id.id and prop.name=?2 and lower(prop.value)=?3]
8080/xwiki/wiki/gmg/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.l.XWikiLDAPUtils - Getting the list of user fields to synchronize
8080/xwiki/wiki/gmg/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.l.XWikiLDAPUtils - LDAP avatar photo synchronisation is disabled
8080/xwiki/wiki/gmg/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.l.XWikiLDAPUtils - LDAP user fields to synchronize: [givenName, sn]
8080/xwiki/wiki/gmg/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.l.XWikiLDAPUtils - Searching for the user in LDAP: user [bam] base [CN=xxxx,DC=AD,DC=xxxxxx,DC=xxxxx] query [(sAMAccountName=bam)] uid [sAMAccountName]
8080/xwiki/wiki/gmg/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.l.PagedLDAPSearchResults - LDAP pagined search: base=[CN=xxxx,DC=AD,DC=xxxx,DC=xxxx] query=[(sAMAccountName=bam)] attrs=[[givenName, sn]] scope=[2] typesOnly=[false] pageSize=[500], cookie=[null]
8080/xwiki/wiki/gmg/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.l.XWikiLDAPConnection - - values for attribute [sn]
8080/xwiki/wiki/gmg/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.l.XWikiLDAPConnection - |- [Melo]
8080/xwiki/wiki/gmg/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.l.XWikiLDAPConnection - - values for attribute [givenName]
8080/xwiki/wiki/gmg/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.l.XWikiLDAPConnection - |- [Bruno]
8080/xwiki/wiki/gmg/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.l.XWikiLDAPConnection - LDAP search found attributes [[{name=dn value=CN=Bruno Melo,CN=xxxx,DC=AD,DC=xxxxx,DC=xxxxx}, {name=sn value=Melo}, {name=givenName value=Bruno}]]
8080/xwiki/wiki/gmg/loginsubmit/XWiki/XWikiLogin] DEBUG x.c.l.XWikiLDAPAuthServiceImpl - LDAP authentication succeed with principal [XWiki.bam]