Good morning,
I am setting up xwiki from the Docker image and i’m trying to set-it up so my users can login from LDAP.
I went through the following references to solve my issue:
- http://extensions.xwiki.org/xwiki/bin/view/Extension/LDAP/Authenticator/
- http://extensions.xwiki.org/xwiki/bin/view/Extension/LDAP/Authenticator/UseCases/
I also enabled trace debugging in logback.xml
.
I ended up with the following addition to my xwiki.cfg
(that is everything I added):
xwiki.authentication.authclass=org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl
xwiki.authentication.ldap=1
xwiki.authentication.ldap.trylocal=0
xwiki.authentication.ldap.server=192.168.*.*
xwiki.authentication.ldap.port=389
xwiki.authentication.ldap.base_DN=dc=******,dc=***
xwiki.authentication.ldap.bind_DN=cn=*******,ou=******,dc=********,dc=*******
xwiki.authentication.ldap.bind_pass=**********
xwiki.authentication.ldap.UID_attr=sAMAccountName
If I use JXplorer with the base DN, the bind_dn as the user and the bind_pass, my Read Only AD user can browse the entries and I can find the users i am looking for under the following different DN.
CN=My User,OU=Somewhere,OU=Some Logical Group,DC=******,DC=***
CN=Some User,OU=Somewhere Else,OU=Some Logical Group,DC=******,DC=***
Let’s say i’m trying to use the account associated with the following DN CN=My User,OU=Somewhere,OU=Some Logical Group,DC=******,DC=***
, by using it’s associated login (sAMAccountName) , it ends up trying to bind to the server like so:
2017-08-22 12:49:55,214 [http://**************:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.l.XWikiLDAPConnection - Binding to LDAP server with credentials login=[cn="The sAMAccountName value",dc=********,dc=***]
2017-08-22 12:49:55,292 [http://**************:8080/bin/loginsubmit/XWiki/XWikiLogin] DEBUG x.c.l.XWikiLDAPAuthServiceImpl - Local LDAP authentication failed.
org.xwiki.contrib.ldap.XWikiLDAPException: Error number 0 in 5: LDAP bind failed with LDAPException.
at org.xwiki.contrib.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:227)
at org.xwiki.contrib.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:155)
at org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl.ldapAuthenticateInContext(XWikiLDAPAuthServiceImpl.java:518)
at org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWikiLDAPAuthServiceImpl.java:334)
at org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl.authenticate(XWikiLDAPAuthServiceImpl.java:268)
at org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl.checkAuth(XWikiLDAPAuthServiceImpl.java:163)
Caused by: com.novell.ldap.LDAPException: Invalid Credentials
at com.novell.ldap.LDAPResponse.getResultException(Unknown Source)
at com.novell.ldap.LDAPResponse.chkResultCode(Unknown Source)
at com.novell.ldap.LDAPConnection.chkResultCode(Unknown Source)
at com.novell.ldap.LDAPConnection.bind(Unknown Source)
at com.novell.ldap.LDAPConnection.bind(Unknown Source)
at org.xwiki.contrib.ldap.XWikiLDAPConnection.bind(XWikiLDAPConnection.java:261)
at org.xwiki.contrib.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:223)
Hopefull, someone can point me at what needs to be changed in the configuration file.
Regards,
Philippe.