Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Invalid
    • Affects Version/s: 9.4.4
    • Fix Version/s: None
    • Component/s: Authenticator
    • Labels:
      None
    • Difficulty:
      Unknown
    • Similar issues:

      Description

      Hello! 

      I am using XWiki 11.10.5 (in Docker), LDAP Authenticator 9.4.4, FreeIPA 4.6.6

      I ran into a problem - it often happens that a user who has an account in FreeIPA enters XWiki for the first time, login is successful, but he doesn't have rights to view any pages. He doesn't belong to any of the groups and if you add him manually - the next time he log in, he will be removed from all groups again. The only thing that helps in this situation is restarting XWiki. After that, everything works for a while, then breaks down again for new users. 

      Here is my LDAP configuration:

      xwiki.authentication.authclass=org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl
      xwiki.authentication.ldap=1
      xwiki.authentication.ldap.trylocal=1
      xwiki.authentication.ldap.server=ipa.domain.com
      xwiki.authentication.ldap.port=636
      xwiki.authentication.ldap.bind_DN=uid=login,cn=users,cn=accounts,dc=domain,dc=com
      xwiki.authentication.ldap.bind_pass=password
      xwiki.authentication.ldap.base_DN=cn=users,cn=accounts,dc=domain,dc=com
      xwiki.authentication.ldap.user_search_fmt=({0}={1})
      xwiki.authentication.ldap.UID_attr=uid
      xwiki.authentication.ldap.fields_mapping=last_name=sn,first_name=givenName,email=mail
      xwiki.authentication.ldap.update_user=1
      xwiki.authentication.ldap.group_mapping=XWiki.XWikiAdminGroup=cn=xwiki-admins,cn=groups,cn=accounts,dc=domain,dc=com|\
      XWiki.XWikiAllGroup=cn=groups,cn=accounts,dc=domain,dc=com
      xwiki.authentication.ldap.ssl=1
      xwiki.authentication.ldap.ssl.secure_provider=com.sun.net.ssl.internal.ssl.Provider

        Attachments

          Activity

            People

            • Assignee:
              tmortagne Thomas Mortagne
              Reporter:
              Not_Honest Pavel
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Date of First Response: