Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-4379

LDAP (Active Directory Windows 2003) authentication problem with users in more than one orginisational unit

    XMLWordPrintable

Details

    • Bug
    • Resolution: Duplicate
    • Major
    • None
    • 1.7.1
    • {Unused} Auth Service - LDAP
    • None
    • xwiki 1.7.1, MS/SQL, Windows 2003
    • LDAP,
    • Unknown

    Description

      we're having problems here with authenticating users against a Windows 2003 active directory.
      Our users are located in different OU (organisational units) in the active directory
      So i followed the instructions in
      http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication
      unfortunatelly without success.

      My searchuser as all rights and is perfectly working with OTRS (www.otrs.org)

      Here in xWiki, only users in one organisational unit are found?!
      For all other users I'm getting the errormessage: user not found

      #-------------------------------------------------------------------------------------
# LDAP
#-------------------------------------------------------------------------------------
#-# new LDAP authentication service
xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl
#-# Turn LDAP authentication on - otherwise only XWiki authentication
#-# 0: disable
#-# 1: enable
xwiki.authentication.ldap=1
#-# LDAP Server (Active Directory, eDirectory, OpenLDAP, etc.)
#-# Kann zur Not auf eine fixe IP gesetzt werden
xwiki.authentication.ldap.server=aohdc03.asamer.holding.ah
#xwiki.authentication.ldap.server=asamer.holding.ah
xwiki.authentication.ldap.port=389
xwiki.authentication.ldap.check_level=2
#-# LDAP login, empty = anonymous access, otherwise specify full dn
#-# {0} is replaced with the username, {1} with the password
#xwiki.authentication.ldap.bind_DN=CN=xWiKi,OU=ServicesAccounts,DC=asamer,DC=holding,DC=ah
#xwiki.authentication.ldap.bind_pass=xwiki4ldap1
xwiki.authentication.ldap.bind_DN=CN=otrs,OU=ServicesAccounts,DC=asamer,DC=holding,DC=ah
xwiki.authentication.ldap.bind_pass=xxxyyy
#-# Force to check password after LDAP connection
#-# 0: disable
#-# 1: enable
xwiki.authentication.ldap.validate_password=0
#-# only members of the following group will be verified in the LDAP
#-# otherwise only users that are found after searching starting from the base_DN
# xwiki.authentication.ldap.user_group=cn=developers,ou=groups,o=MegaNova,c=US
#-# [Since 1.5RC1, XWikiLDAPAuthServiceImpl]
#-# only users not member of the following group can autheticate
# xwiki.authentication.ldap.exclude_group=cn=admin,ou=groups,o=MegaNova,c=US
#-# base DN for searches
# xwiki.authentication.ldap.base_DN=DC=asamer,DC=holding,DC=ah
xwiki.authentication.ldap.base_DN=DC=holding,DC=ah
#-# Specifies the LDAP attribute containing the identifier to be used as the XWiki name (default=cn)
xwiki.authentication.ldap.UID_attr=sAMAccountName
#-# [Since 1.5M1, XWikiLDAPAuthServiceImpl]
#-# Specifies the LDAP attribute containing the password to be used "when xwiki.authentication.ldap.validate_password" is set to 1
# xwiki.authentication.ldap.password_field=userPassword
#-# [Since 1.5M1, XWikiLDAPAuthServiceImpl]
#-# The potential LDAP groups classes. Separated by commas.
# xwiki.authentication.ldap.group_classes=group,groupOfNames,groupOfUniqueNames,dynamicGroup,dynamicGroupAux,groupWiseDistributionList
#-# [Since 1.5M1, XWikiLDAPAuthServiceImpl]
#-# The potential names of the LDAP groups fields containings the members. Separated by commas. 
# xwiki.authentication.ldap.group_memberfields=member,uniqueMember
#-# retrieve the following fields from LDAP and store them in the XWiki user object (xwiki-attribute=ldap-attribute)
# xwiki.authentication.ldap.fields_mapping=name=sAMAccountName,last_name=sn,first_name=givenName,fullname=fullName,email=mail,ldap_dn=dn
xwiki.authentication.ldap.fields_mapping=name=sAMAccountName,last_name=sn,first_name=givenName,fullname=fullName,email=mail
#-# [Since 1.3M2, XWikiLDAPAuthServiceImpl]
#-# on every login update the mapped attributes from LDAP to XWiki otherwise this happens only once when the XWiki account is created.
xwiki.authentication.ldap.update_user=1
#-# [Since 1.3M2, XWikiLDAPAuthServiceImpl]
#-# mapps XWiki groups to LDAP groups, separator is "|"
xwiki.authentication.ldap.group_mapping=XWiki.XWikiAdminGroup=CN=xwiki_Admin,OU=xWiki Groups,DC=asamer,DC=holding,DC=ah|\
XWiki.ViewAllGroup=CN=xwiki_ViewAll,OU=xWiki Groups,DC=asamer,DC=holding,DC=ah|\
XWiki.ACGroup=CN=xwiki_AC,OU=xWiki Groups,DC=asamer,DC=holding,DC=ah|\
XWiki.CEGroup=CN=xwiki_CE,OU=xWiki Groups,DC=asamer,DC=holding,DC=ah|\
XWiki.FNGroup=CN=xwiki_FN,OU=xWiki Groups,DC=asamer,DC=holding,DC=ah|\
XWiki.HRGroup=CN=xwiki_HR,OU=xWiki Groups,DC=asamer,DC=holding,DC=ah|\
XWiki.IMGroup=CN=xwiki_IM,OU=xWiki Groups,DC=asamer,DC=holding,DC=ah|\
XWiki.INGroup=CN=xwiki_IN,OU=xWiki Groups,DC=asamer,DC=holding,DC=ah|\
XWiki.ITGroup=CN=xwiki_IT,OU=xWiki Groups,DC=asamer,DC=holding,DC=ah|\
XWiki.ITsecureGroup=CN=xwiki_ITsecure,OU=xWiki Groups,DC=asamer,DC=holding,DC=ah|\
XWiki.JSGroup=CN=xwiki_JS,OU=xWiki Groups,DC=asamer,DC=holding,DC=ah|\
XWiki.LDGroup=CN=xwiki_LD,OU=xWiki Groups,DC=asamer,DC=holding,DC=ah|\
XWiki.PDGroup=CN=xwiki_PD,OU=xWiki Groups,DC=asamer,DC=holding,DC=ah|\
XWiki.PDsecureGroup=CN=xwiki_PDsecure,OU=xWiki Groups,DC=asamer,DC=holding,DC=ah|\
XWiki.PRGroup=CN=xwiki_PR,OU=xWiki Groups,DC=asamer,DC=holding,DC=ah|\
XWiki.PTGroup=CN=xwiki_PT,OU=xWiki Groups,DC=asamer,DC=holding,DC=ah|\
XWiki.QAGroup=CN=xwiki_QA,OU=xWiki Groups,DC=asamer,DC=holding,DC=ah
#-# [Since 1.3M2, XWikiLDAPAuthServiceImpl]
#-# time in s after which the list of members in a group is refreshed from LDAP (default=3600*6)
xwiki.authentication.ldap.groupcache_expiration=21800
#-# [Since 1.3M2, XWikiLDAPAuthServiceImpl]
#-# - create : synchronize group membership only when the user is first created
#-# - always: synchronize on every login
xwiki.authentication.ldap.mode_group_sync=always
#-# [Since 1.3M2, XWikiLDAPAuthServiceImpl]
#-# if ldap authentication fails for any reason, try XWiki DB authentication with the same credentials
xwiki.authentication.ldap.trylocal=1
#-# [Since 1.3M2, XWikiLDAPAuthServiceImpl]
#-# SSL connection to LDAP server
#-# 0: normal
#-# 1: SSL
# xwiki.authentication.ldap.ssl=0
#-# [Since 1.3M2, XWikiLDAPAuthServiceImpl]
#-# The keystore file to use in SSL connection
# xwiki.authentication.ldap.ssl.keystore=
#-# [Since 1.5M1, XWikiLDAPAuthServiceImpl]
#-# The java secure provider used in SSL connection
# xwiki.authentication.ldap.ssl.secure_provider=com.sun.net.ssl.internal.ssl.Provider

      Attachments

        Issue Links

          duplicates

          Improvement - An improvement or enhancement to an existing feature or task. XWIKI-2388 XWiki does not support LDAP Referral redirection

          • Major - Major loss of function.
          • Closed

          Activity

            People

              tmortagne Thomas Mortagne
              fuewol Wolfgang Furtbauer
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: