Uploaded image for project: 'LDAP'
  1. LDAP
  2. LDAP-92

Group mapping problem

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Invalid
    • Affects Version/s: 9.4.4
    • Fix Version/s: None
    • Component/s: Authenticator
    • Labels:
      None
    • Difficulty:
      Unknown
    • Similar issues:

      Description

      Hello! 

      I am using XWiki 11.10.5 (in Docker), LDAP Authenticator 9.4.4, FreeIPA 4.6.6

      I ran into a problem - it often happens that a user who has an account in FreeIPA enters XWiki for the first time, login is successful, but he doesn't have rights to view any pages. He doesn't belong to any of the groups and if you add him manually - the next time he log in, he will be removed from all groups again. The only thing that helps in this situation is restarting XWiki. After that, everything works for a while, then breaks down again for new users. 

      Here is my LDAP configuration:

      xwiki.authentication.authclass=org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl
      xwiki.authentication.ldap=1
      xwiki.authentication.ldap.trylocal=1
      xwiki.authentication.ldap.server=ipa.domain.com
      xwiki.authentication.ldap.port=636
      xwiki.authentication.ldap.bind_DN=uid=login,cn=users,cn=accounts,dc=domain,dc=com
      xwiki.authentication.ldap.bind_pass=password
      xwiki.authentication.ldap.base_DN=cn=users,cn=accounts,dc=domain,dc=com
      xwiki.authentication.ldap.user_search_fmt=({0}={1})
      xwiki.authentication.ldap.UID_attr=uid
      xwiki.authentication.ldap.fields_mapping=last_name=sn,first_name=givenName,email=mail
      xwiki.authentication.ldap.update_user=1
      xwiki.authentication.ldap.group_mapping=XWiki.XWikiAdminGroup=cn=xwiki-admins,cn=groups,cn=accounts,dc=domain,dc=com|\
      XWiki.XWikiAllGroup=cn=groups,cn=accounts,dc=domain,dc=com
      xwiki.authentication.ldap.ssl=1
      xwiki.authentication.ldap.ssl.secure_provider=com.sun.net.ssl.internal.ssl.Provider

        Attachments

          Activity

            People

            Assignee:
            tmortagne Thomas Mortagne
            Reporter:
            Not_Honest Pavel
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Date of First Response: