com.xpn.xwiki.XWikiException: Error number 8001 in 8: LDAP user mjeanson does not belong to LDAP group cn=xwiki,ou=Group,dc=example,dc=com.

XWiki.org JIRA | Michael Jeanson | 9 years ago
tip
Your exception is missing from the Samebug knowledge base.
Here are the best solutions we found on the Internet.
Click on the to mark the helpful solution and get rewards for you help.
  1. 0

    Another problem I ran into with posixGroup is that the members are listed only by their userid and not their full dn. For example the ldif of my xwiki group : 1. xwiki, Group, example.com dn: cn=xwiki,ou=Group,dc=example,dc=com cn: xwiki description: Utilisateurs de XWiki gidNumber: 2005 memberUid: mjeanson memberUid: jmdault memberUid: julien memberUid: luiggi objectClass: top objectClass: posixGroup Xwiki expects to have the full dn for each member attribute and so is not able to map group membership. Here is the debug output I get : For each member of the xwiki group : 14:22:19,735 [http://xwiki.revolutionlinux.com/xwiki-1.5/bin/loginsubmit/XWiki/XWikiLogin] [http-8080-1] ERROR ldap.XWikiLDAPUtils - Could not find att ribute uid for LDAP dn frobichaud 14:22:19,735 [http://xwiki.revolutionlinux.com/xwiki-1.5/bin/loginsubmit/XWiki/XWikiLogin] [http-8080-1] DEBUG ldap.XWikiLDAPConnection - LDAP Search failed LDAPException: Invalid DN Syntax (34) Invalid DN Syntax LDAPException: Server Message: invalid DN LDAPException: Matched DN: at com.novell.ldap.LDAPResponse.getResultException(Unknown Source) at com.novell.ldap.LDAPResponse.chkResultCode(Unknown Source) at com.novell.ldap.LDAPSearchResults.next(Unknown Source) at com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection.searchLDAP(XWikiLDAPConnection.java:274) at com.xpn.xwiki.plugin.ldap.XWikiLDAPUtils.searchGroupsMembers(XWikiLDAPUtils.java:211) ... And finaly : 14:22:19,738 [http://xwiki.revolutionlinux.com/xwiki-1.5/bin/loginsubmit/XWiki/XWikiLogin] [http-8080-1] ERROR ldap.XWikiLDAPUtils - Could not find attribute uid for LDAP dn mjeanson 14:22:19,738 [http://xwiki.revolutionlinux.com/xwiki-1.5/bin/loginsubmit/XWiki/XWikiLogin] [http-8080-1] DEBUG ldap.XWikiLDAPUtils - Found user dn in user group:null 14:22:19,738 [http://xwiki.revolutionlinux.com/xwiki-1.5/bin/loginsubmit/XWiki/XWikiLogin] [http-8080-1] DEBUG ldap.XWikiLDAPUtils - LDAP authentication failed: user not in LDAP user group 14:22:19,738 [http://xwiki.revolutionlinux.com/xwiki-1.5/bin/loginsubmit/XWiki/XWikiLogin] [http-8080-1] DEBUG LDAP.XWikiLDAPAuthServiceImpl - Trying authentication against XWiki DB 14:22:19,739 [http://xwiki.revolutionlinux.com/xwiki-1.5/bin/loginsubmit/XWiki/XWikiLogin] [http-8080-1] WARN LDAP.XWikiLDAPAuthServiceImpl - LDAP authentication failed. com.xpn.xwiki.XWikiException: Error number 8001 in 8: LDAP user mjeanson does not belong to LDAP group cn=xwiki,ou=Group,dc=example,dc=com. at com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWikiLDAPAuthServiceImpl.java:216) at com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.authenticate(XWikiLDAPAuthServiceImpl.java:107) at com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.authenticate(MyFormAuthenticator.java:195) at com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:128) at com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:113) at com.xpn.xwiki.user.impl.xwiki.XWikiAuthServiceImpl.checkAuth(XWikiAuthServiceImpl.java:205) ... I wrote a patch that does an ldap request for each group member to find their full dn. It's clearly a hack, please understand that I am by no mean a java programmer nor a programmer at all but I needed the ldap authentication to work. I think the proper solution, correct me if I'm wrong, would be to add a configuration option allowing to match ldap group membership with the userid instead of the full dn.

    XWiki.org JIRA | 9 years ago | Michael Jeanson
    com.xpn.xwiki.XWikiException: Error number 8001 in 8: LDAP user mjeanson does not belong to LDAP group cn=xwiki,ou=Group,dc=example,dc=com.

    Root Cause Analysis

    1. com.xpn.xwiki.XWikiException

      Error number 8001 in 8: LDAP user mjeanson does not belong to LDAP group cn=xwiki,ou=Group,dc=example,dc=com.

      at com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticate()
    2. com.xpn.xwiki
      XWikiAuthServiceImpl.checkAuth
      1. com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWikiLDAPAuthServiceImpl.java:216)
      2. com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.authenticate(XWikiLDAPAuthServiceImpl.java:107)
      3. com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.authenticate(MyFormAuthenticator.java:195)
      4. com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:128)
      5. com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:113)
      6. com.xpn.xwiki.user.impl.xwiki.XWikiAuthServiceImpl.checkAuth(XWikiAuthServiceImpl.java:205)
      6 frames