LDAP not Working

Hi,

i hope anybody can help me.

i have a subdomain (MS Active Directory): SSI.company.com
Any Users from the Subdomain SSI should Access to the XWIKI.

But i can´t login with an Active Directory User.

Here is my XWiki.cfg Part Active Directory (original | 1:1):

xwiki.authentication.authclass=org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl
xwiki.authentication.ldap=1

xwiki.authentication.ldap.server=10.100.100.1
xwiki.authentication.ldap.port=389

xwiki.authentication.ldap.base_DN=dc=SSI,dc=company,dc=com
xwiki.authentication.ldap.bind_DN=SSI\{0}
xwiki.authentication.ldap.bind_pass={1}
xwiki.authentication.ldap.UID_attr=sAMAccountName

xwiki.authentication.ldap.fields_mapping=name=sAMAccountName,last_name=sn,first_name=givenName,fullname=displayName,email=mail,ldap_dn=dn

xwiki.authentication.ldap.trylocal=1
xwiki.authentication.ldap.update_user=1

See anybody an Error?
Is an seperate XWIKI AD User required for this? -> I Know this on an other WIki named bookstack, to activate LDAP authentication.

Until now i cannot provide a debug log, because the Tomcat not write anything from XWIKI in the Catalina log. :disappointed:

Thanks for any help.

With best regards

Mike

Try doubling the \ in xwiki.authentication.ldap.bind_DN as indicated in http://extensions.xwiki.org/xwiki/bin/view/Extension/LDAP/Authenticator/UseCases/#HActiveDirectory.

Hi,

it is doubled. But the Forum not display the second “”

Then without debug log I don’t have much idea.

Have you an Idea how i can bring the logging to function?

As on the Page ordered,

I added tehe following Lines to WEB-INF/classes/logback.xml:

<!-- LDAP debugging -->
<logger name="org.xwiki.contrib.ldap" level="trace"/>

After XWIKI Restart, GUI Confirm, that the Logging Level for the Module is in Trace, but the only information, that i take from the catalina.log is following:

INFO: Deployment of web application archive /data_vhd2/xwiki-tomcat_webapps_dir/xwiki.war has finished in 42,628 ms
Jul 20, 2017 11:20:29 AM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["http-bio-8082"]
Jul 20, 2017 11:20:29 AM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["ajp-bio-8009"]
Jul 20, 2017 11:20:29 AM org.apache.catalina.startup.Catalina start
INFO: Server startup in 42831 ms
Jul 20, 2017 11:28:15 AM org.apache.coyote.AbstractProtocol pause
INFO: Pausing ProtocolHandler ["http-bio-8082"]
Jul 20, 2017 11:28:15 AM org.apache.coyote.AbstractProtocol pause
INFO: Pausing ProtocolHandler ["ajp-bio-8009"]
Jul 20, 2017 11:28:15 AM org.apache.catalina.core.StandardService stopInternal
INFO: Stopping service Catalina
Jul 20, 2017 11:28:37 AM org.apache.coyote.AbstractProtocol stop
INFO: Stopping ProtocolHandler ["http-bio-8082"]
Jul 20, 2017 11:28:37 AM org.apache.coyote.AbstractProtocol stop
INFO: Stopping ProtocolHandler ["ajp-bio-8009"]
Jul 20, 2017 11:28:37 AM org.apache.coyote.AbstractProtocol destroy
INFO: Destroying ProtocolHandler ["http-bio-8082"]
Jul 20, 2017 11:28:37 AM org.apache.coyote.AbstractProtocol destroy
INFO: Destroying ProtocolHandler ["ajp-bio-8009"]
Jul 20, 2017 11:28:38 AM org.apache.catalina.startup.VersionLoggerListener log
INFO: Server version:        Apache Tomcat/7.0.69
Jul 20, 2017 11:28:38 AM org.apache.catalina.startup.VersionLoggerListener log
INFO: Server built:          Apr 12 2017 23:39:01 UTC
Jul 20, 2017 11:28:38 AM org.apache.catalina.startup.VersionLoggerListener log
INFO: Server number:         7.0.69.0
Jul 20, 2017 11:28:38 AM org.apache.catalina.startup.VersionLoggerListener log
INFO: OS Name:               Linux
Jul 20, 2017 11:28:38 AM org.apache.catalina.startup.VersionLoggerListener log
INFO: OS Version:            3.10.0-514.21.2.el7.x86_64
Jul 20, 2017 11:28:38 AM org.apache.catalina.startup.VersionLoggerListener log
INFO: Architecture:          amd64
Jul 20, 2017 11:28:38 AM org.apache.catalina.startup.VersionLoggerListener log
INFO: Java Home:             /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.131-3.b12.el7_3.x86_64/jre
Jul 20, 2017 11:28:38 AM org.apache.catalina.startup.VersionLoggerListener log
INFO: JVM Version:           1.8.0_131-b12
Jul 20, 2017 11:28:38 AM org.apache.catalina.startup.VersionLoggerListener log
INFO: JVM Vendor:            Oracle Corporation
Jul 20, 2017 11:28:38 AM org.apache.catalina.startup.VersionLoggerListener log
INFO: CATALINA_BASE:         /usr/share/tomcat
Jul 20, 2017 11:28:38 AM org.apache.catalina.startup.VersionLoggerListener log
INFO: CATALINA_HOME:         /usr/share/tomcat
Jul 20, 2017 11:28:38 AM org.apache.catalina.startup.VersionLoggerListener log
INFO: Command line argument: -DproxySet=true
Jul 20, 2017 11:28:38 AM org.apache.catalina.startup.VersionLoggerListener log
INFO: Command line argument: -Dhttp.proxyHost=10.254.103.2
Jul 20, 2017 11:28:38 AM org.apache.catalina.startup.VersionLoggerListener log
INFO: Command line argument: -Dhttp.proxyPort=3128
Jul 20, 2017 11:28:38 AM org.apache.catalina.startup.VersionLoggerListener log
INFO: Command line argument: -Dhttps.proxyHost=10.254.103.2
Jul 20, 2017 11:28:38 AM org.apache.catalina.startup.VersionLoggerListener log
INFO: Command line argument: -Dhttps.proxyPort=3128
Jul 20, 2017 11:28:38 AM org.apache.catalina.startup.VersionLoggerListener log
INFO: Command line argument: -Xms1g
Jul 20, 2017 11:28:38 AM org.apache.catalina.startup.VersionLoggerListener log
INFO: Command line argument: -Xmx2g
Jul 20, 2017 11:28:38 AM org.apache.catalina.startup.VersionLoggerListener log
INFO: Command line argument: -Dcatalina.base=/usr/share/tomcat
Jul 20, 2017 11:28:38 AM org.apache.catalina.startup.VersionLoggerListener log
INFO: Command line argument: -Dcatalina.home=/usr/share/tomcat
Jul 20, 2017 11:28:38 AM org.apache.catalina.startup.VersionLoggerListener log
INFO: Command line argument: -Djava.endorsed.dirs=
Jul 20, 2017 11:28:38 AM org.apache.catalina.startup.VersionLoggerListener log
INFO: Command line argument: -Djava.io.tmpdir=/var/cache/tomcat/temp
Jul 20, 2017 11:28:38 AM org.apache.catalina.startup.VersionLoggerListener log
INFO: Command line argument: -Djava.util.logging.config.file=/usr/share/tomcat/conf/logging.properties
Jul 20, 2017 11:28:38 AM org.apache.catalina.startup.VersionLoggerListener log
INFO: Command line argument: -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
Jul 20, 2017 11:28:38 AM org.apache.catalina.core.AprLifecycleListener lifecycleEvent
INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: /usr/java/packages/lib/amd64:/usr/lib64:/lib64:/lib:/usr/lib
Jul 20, 2017 11:28:38 AM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["http-bio-8082"]
Jul 20, 2017 11:28:38 AM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["ajp-bio-8009"]
Jul 20, 2017 11:28:38 AM org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 673 ms
Jul 20, 2017 11:28:38 AM org.apache.catalina.core.StandardService startInternal
INFO: Starting service Catalina
Jul 20, 2017 11:28:38 AM org.apache.catalina.core.StandardEngine startInternal
INFO: Starting Servlet Engine: Apache Tomcat/7.0.69
Jul 20, 2017 11:28:38 AM org.apache.catalina.startup.HostConfig deployWAR
INFO: Deploying web application archive /data_vhd2/xwiki-tomcat_webapps_dir/xwiki.war
Jul 20, 2017 11:28:51 AM org.apache.catalina.startup.TldConfig execute
INFO: At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time.
Jul 20, 2017 11:29:23 AM org.apache.catalina.util.SessionIdGeneratorBase createSecureRandom
INFO: Creation of SecureRandom instance for session ID generation using [SHA1PRNG] took [18,014] milliseconds.
Jul 20, 2017 11:29:24 AM org.apache.catalina.startup.HostConfig deployWAR
INFO: Deployment of web application archive /data_vhd2/xwiki-tomcat_webapps_dir/xwiki.war has finished in 45,682 ms
Jul 20, 2017 11:29:24 AM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["http-bio-8082"]
Jul 20, 2017 11:29:24 AM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["ajp-bio-8009"]
Jul 20, 2017 11:29:24 AM org.apache.catalina.startup.Catalina start
INFO: Server startup in 45741 ms

This is an Tomcat in a default installation on a CentOS. XWIKI is in this part (LDAP/Logging) very difficult.

Or is it a problem, that the Logging would work, but the LDAP Module is not active or the XWIKI try only authethicate via the local User in the DB?

Did i something wrong: After i configured the Lines from my first post in the xwiki.cfg i tried to log in with following Credentials/Syntax:

Login: SSI\xwikitestuser1
Password: Password

Is here something else necessary, that LDAP finally works? And yes the Active Directory Works perfectly. Other Linux Applications make LDAP without a Problem :wink:

XWiki always log a few things at startup but I don’t see anything that looks like XWiki log in what you pasted so the log is probably somewhere else. Maybe each application get it’s own log file the way Tomcat is configured for you ?

That’s not the right login. In the configuration you indicated SSI\{0} and {0} is replaced by the login you enter which means it does not make sense to repeat “SSI”. People are supposed to enter there sAMAccountName, not the full name (unless in cases where you want to setup several domains).

OK. I tried the it with the SAMAccountName without the SUBDOMAIN, but unfortunatelly the error persists.

I see in nearly every Log File and on no other position i find another log with XWIKI Information.

I tryed to Log it with LILITH (http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Logging) but the Port on the Server isn´t listening…

What can i do to find/activate or whatever to become Logfiles???

Is this mayby an alternative:
I download the Windows Version of XWIKI for DEMO. Here i have a CMD Window with Information. Would this help?

Sure with the demo package it’s easy, you have both the console and also a log file in data/logs.

Hi Tmortagne,

Many thanks for your help. The Same Config worked on my Windows PC without Problems. I found out, that the Problem ist with the downloaded Version 9.5.0 from a few weeks. When i deploy XWIKI 8.4.5 on the Same System, LDAP Works Perfectly.

Again -> Many Thanks for Your Help :smile:

With best regards

Mike

I really doubt the issue come from the XWiki version which should not change anything to the behavior of this extensions.