Good morning,
I’ve installed XWiki 10.9 and configured LDAP in the xwiki.cfg as attached.
I’ve installed LDAP Authenticator and no Application UI.
#-------------------------------------------------------------------------------------
LDAP
#-------------------------------------------------------------------------------------
#-# LDAP authentication service
xwiki.authentication.authclass=org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl
#-# Turn LDAP authentication on - otherwise only XWiki authentication
#-# - 0: disable
#-# - 1: enable
#-# The default is 0
xwiki.authentication.ldap=1
#-# LDAP Server (Active Directory, eDirectory, OpenLDAP, etc.)
xwiki.authentication.ldap.server=ourdomaincontroller
xwiki.authentication.ldap.port=389
#-# LDAP login, empty = anonymous access, otherwise specify full dn
#-# {0} is replaced with the user name, {1} with the password
xwiki.authentication.ldap.bind_DN=cn={0},cd=Users,dc=xxxxxxxxxx,dc=xxx
xwiki.authentication.ldap.bind_pass={1}
#-# The Base DN used in LDAP searches
xwiki.authentication.ldap.base_DN=dc=xxxxxxxxxx,dc=xxx
#-# LDAP query to search the user in the LDAP database (in case a static admin user is provided in
#-# xwiki.authentication.ldap.bind_DN)
#-# {0} is replaced with the user uid field name and {1} with the user name
#-# The default is ({0}={1})
xwiki.authentication.ldap.user_search_fmt=({0}={1})
#-# Only members of the following group will be verified in the LDAP
#-# otherwise only users that are found after searching starting from the base_DN
xwiki.authentication.ldap.user_group=cn=developers,ou=groups,o=MegaNova,c=US
#-# [Since 1.5RC1, XWikiLDAPAuthServiceImpl]
#-# Only users not member of the following group can autheticate
xwiki.authentication.ldap.exclude_group=cn=admin,ou=groups,o=MegaNova,c=US
#-# Specifies the LDAP attribute containing the identifier to be used as the XWiki name
#-# The default is cn
xwiki.authentication.ldap.UID_attr=sAMAccountName
#-# [Since 1.5M1, XWikiLDAPAuthServiceImpl]
#-# The potential LDAP groups classes. Separated by commas.
#wiki.authentication.ldap.group_classes=group,groupOfNames,groupOfUniqueNames,dynamicGroup,dynamicGroupAux,groupWiseDistributionList
#-# [Since 1.5M1, XWikiLDAPAuthServiceImpl]
#-# The potential names of the LDAP groups fields containings the members. Separated by commas.
xwiki.authentication.ldap.group_memberfields=member,uniqueMember
#-# retrieve the following fields from LDAP and store them in the XWiki user object (xwiki-attribute=ldap-attribute)
xwiki.authentication.ldap.fields_mapping=name=sAMAccountName,last_name=sn,first_name=givenName,email=mail
#-# [Since 1.3M2, XWikiLDAPAuthServiceImpl]
#-# On every login update the mapped attributes from LDAP to XWiki otherwise this happens only once when the XWiki
#-# account is created.
#-# - 0: only when creating user
#-# - 1: at each authentication
#-# The default is 0
xwiki.authentication.ldap.update_user=1
#-# [Since 1.3M2, XWikiLDAPAuthServiceImpl]
#-# Maps XWiki groups to LDAP groups, separator is “|”. The following kind of groups are supported:
#-# * LDAP static groups (users/subgroups are listed statically in the group object)
#-# * [Since 3.3M1] LDAP organization units (users/subgroups are sub object of the provided organization unit)
#-# * [Since 3.3M1] LDAP filter (users/groups are object found in a search with the provided filter),
#-# | character in the filter need to be escaped with backslash ().
#-#
#-# Here is an example:
#wiki.authentication.ldap.group_mapping=XWiki.XWikiAdminGroup=cn=AdminRole,ou=groups,o=domain,c=com|\
XWiki.LDAPUsers=ou=groups,o=domain,c=com|\
XWiki.Organisation=(cn=testers)
#-# [Since 1.3M2, XWikiLDAPAuthServiceImpl]
#-# Time in s after which the list of members in a group is refreshed from LDAP
#-# The default is 21600 (6 hours)
xwiki.authentication.ldap.groupcache_expiration=21600
#-# [Since 1.3M2, XWikiLDAPAuthServiceImpl]
#-# - create : synchronize group membership only when the user is first created
#-# - always: synchronize on every login
#-# The default is always
xwiki.authentication.ldap.mode_group_sync=always
#-# [Since 1.3M2, XWikiLDAPAuthServiceImpl]
#-# If ldap authentication fails for any reason, try XWiki DB authentication with the same credentials
#-# - 0: disable
#-# - 1: enable
#-# The default is 0
xwiki.authentication.ldap.trylocal=1
#-# [Since 1.3M2, XWikiLDAPAuthServiceImpl]
#-# SSL connection to LDAP server
#-# - 0: normal
#-# - 1: SSL
#-# The default is 0
xwiki.authentication.ldap.ssl=0
#-# [Since 1.3M2, XWikiLDAPAuthServiceImpl]
#-# The keystore file to use in SSL connection
xwiki.authentication.ldap.ssl.keystore=
#-# [Since 1.5M1, XWikiLDAPAuthServiceImpl]
#-# The java secure provider used in SSL connection
#-# The default is com.sun.net.ssl.internal.ssl.Provider
xwiki.authentication.ldap.ssl.secure_provider=com.sun.net.ssl.internal.ssl.Provider
#-# Bypass standard LDAP bind validation by doing a direct password comparison.
#-# If you don’t know what you do, don’t use that. It’s covering very rare and bad use cases.
#-# - 0: disable
#-# - 1: enable
#-# The default is 0
xwiki.authentication.ldap.validate_password=0
#-# [Since 1.5M1, XWikiLDAPAuthServiceImpl]
#-# Specifies the LDAP attribute containing the password to be used “when xwiki.authentication.ldap.validate_password”
#-# is set to 1
xwiki.authentication.ldap.password_field=userPassword
#-# [Since 4.3M1, XWikiLDAPAuthServiceImpl]
#-# The maximum number of milliseconds the client waits for any operation under these constraints to complete.
#-# The default is 1000
xwiki.authentication.ldap.timeout=1000
/> Blockquote
After restarting Tomcat there are two types of log messages.
The first one is displayed after trying to log in (with LDAP user; but the error message appears still if I use a local xwiki user):
Blockquote
Error number 4001 in 4: Error while evaluating velocity template frequentlyUsedDocs.vm
see next post
The second one concerns LDAP:
2018-11-12 09:17:57,169 [http://localhost:8080/xwiki/bin/view/Main/] TRACE x.c.l.XWikiLDAPAuthServiceImpl - Starting LDAP authentication
2018-11-12 09:17:57,169 [http://localhost:8080/xwiki/bin/view/Main/] DEBUG x.c.l.XWikiLDAPAuthServiceImpl - The provided user is null. We don’t try to authenticate, it probably means the user is in non logged mode.
2018-11-12 09:17:57,175 [http://localhost:8080/xwiki/bin/view/Main/] DEBUG x.c.l.XWikiLDAPAuthServiceImpl - XWikiUser: null
2018-11-12 09:18:03,278 [http://localhost:8080/xwiki/bin/ssx/ExtensionCode/ExtensionSheet?language=en&docVersion=1.1] TRACE x.c.l.XWikiLDAPAuthServiceImpl - Starting LDAP authentication
2018-11-12 09:18:03,278 [http://localhost:8080/xwiki/bin/ssx/ExtensionCode/ExtensionSheet?language=en&docVersion=1.1] DEBUG x.c.l.XWikiLDAPAuthServiceImpl - The provided user is null. We don’t try to authenticate, it probably means the user is in non logged mode.
2018-11-12 09:18:03,278 [http://localhost:8080/xwiki/bin/ssx/ExtensionCode/ExtensionSheet?language=en&docVersion=1.1] DEBUG x.c.l.XWikiLDAPAuthServiceImpl - XWikiUser: null
2018-11-12 09:18:03,288 [http://localhost:8080/xwiki/bin/jsx/Blog/BlogMenuUIX?language=en&docVersion=1.1] TRACE x.c.l.XWikiLDAPAuthServiceImpl - Starting LDAP authentication
2018-11-12 09:18:03,288 [http://localhost:8080/xwiki/bin/jsx/Blog/BlogMenuUIX?language=en&docVersion=1.1] DEBUG x.c.l.XWikiLDAPAuthServiceImpl - The provided user is null. We don’t try to authenticate, it probably means the user is in non logged mode.
2018-11-12 09:18:03,289 [http://localhost:8080/xwiki/bin/jsx/Blog/BlogMenuUIX?language=en&docVersion=1.1] DEBUG x.c.l.XWikiLDAPAuthServiceImpl - XWikiUser: null
2018-11-12 09:18:03,291 [http://localhost:8080/xwiki/bin/skin/skins/flamingo/style.css?skin=flamingo&colorTheme=xwiki%3AColorThemes.DefaultColorTheme] TRACE x.c.l.XWikiLDAPAuthServiceImpl - Starting LDAP authentication
2018-11-12 09:18:03,292 [http://localhost:8080/xwiki/bin/skin/skins/flamingo/style.css?skin=flamingo&colorTheme=xwiki%3AColorThemes.DefaultColorTheme] DEBUG x.c.l.XWikiLDAPAuthServiceImpl - The provided user is null. We don’t try to authenticate, it probably means the user is in non logged mode.
2018-11-12 09:18:03,292 [http://localhost:8080/xwiki/bin/skin/skins/flamingo/style.css?skin=flamingo&colorTheme=xwiki%3AColorThemes.DefaultColorTheme] DEBUG x.c.l.XWikiLDAPAuthServiceImpl - XWikiUser: null
2018-11-12 09:18:03,297 [http://localhost:8080/xwiki/bin/skin/resources/css/xwiki-min.css?colorTheme=ColorThemes.DefaultColorTheme&language=en] TRACE x.c.l.XWikiLDAPAuthServiceImpl - Starting LDAP authentication
2018-11-12 09:18:03,297 [http://localhost:8080/xwiki/bin/skin/resources/css/xwiki-min.css?colorTheme=ColorThemes.DefaultColorTheme&language=en] DEBUG x.c.l.XWikiLDAPAuthServiceImpl - The provided user is null. We don’t try to authenticate, it probably means the user is in non logged mode.
2018-11-12 09:18:03,297 [http://localhost:8080/xwiki/bin/skin/resources/css/xwiki-min.css?colorTheme=ColorThemes.DefaultColorTheme&language=en] DEBUG x.c.l.XWikiLDAPAuthServiceImpl - XWikiUser: null
2018-11-12 09:18:03,304 [http://localhost:8080/xwiki/bin/skin/skins/flamingo/print.css?skin=flamingo&colorTheme=xwiki%3AColorThemes.DefaultColorTheme] TRACE x.c.l.XWikiLDAPAuthServiceImpl - Starting LDAP authentication
2018-11-12 09:18:03,304 [http://localhost:8080/xwiki/bin/skin/skins/flamingo/print.css?skin=flamingo&colorTheme=xwiki%3AColorThemes.DefaultColorTheme] DEBUG x.c.l.XWikiLDAPAuthServiceImpl - The provided user is null. We don’t try to authenticate, it probably means the user is in non logged mode.
2018-11-12 09:18:03,304 [http://localhost:8080/xwiki/bin/skin/skins/flamingo/print.css?skin=flamingo&colorTheme=xwiki%3AColorThemes.DefaultColorTheme] DEBUG x.c.l.XWikiLDAPAuthServiceImpl - XWikiUser: null