Open Source Document Management System | OpenKM

Reply

LDAP User/Group Errors

#9772 by tomsilby
Wed Mar 23, 2011 5:26 pm

I have searched the forum, but cannot find an answer to my problem. I configured LDAP according to the wiki and authentication work perfectly. However, when I go to the Administration tab and click users I get errors in the log. The users are listed, but if I click on a group to view just the group's members, I get no results. Here is my OpenKM.cfg and the errors from the log:

OpenKM.cfg

Code: Select all

principal.adapter=com.openkm.principal.LdapPrincipalAdapter
principal.ldap.server=ldap://ldap.myDomain.net
principal.ldap.security.principal=CN=SvcUser,OU=Service Accounts,DC=myDomain,DC=local
principal.ldap.security.credentials=svcPassword
principal.ldap.user.search.base=ou=users, dc=myDomain,dc=local
principal.ldap.user.search.filter=(&(objectclass=user)(memberOf=CN=OpenKM DEV Users,OU=DEV,OU=OpenKM,OU=Applications,DC=myDomain,DC=local))
principal.ldap.user.attribute=cn
principal.ldap.role.search.base=ou=DEV,ou=OpenKM,ou=Applications,dc=myDomain,dc=local
principal.ldap.role.search.filter=(objectclass=group)
principal.ldap.role.attribute=cn
principal.ldap.mail.search.base=cn={0},ou=users,dc=myDomain,dc=local
principal.ldap.mail.search.filter=(objectclass=person)
principal.ldap.mail.attribute=mail
principal.ldap.users.by.role.search.filter=(&(objectClass=group)(cn={0}))
principal.ldap.roles.by.user.search.filter=(&(objectClass=group)(cn={0}))
system.login.lowercase=on
default.admin.role=OpenKM DEV Administrators
default.user.role=OpenKM DEV Users

Log Errors: (The same error for each user)

Code: Select all

13:24:52,668 ERROR [STDERR] javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-031001CD, problem 2001 (NO_OBJECT), data 0, best match of:
        'OU=users,DC=myDomain,DC=local'
]; remaining name 'cn=ken brayboy,ou=users,dc=myDomain,dc=local'
13:24:52,668 ERROR [STDERR]     at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source)
13:24:52,668 ERROR [STDERR]     at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
13:24:52,668 ERROR [STDERR]     at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
13:24:52,668 ERROR [STDERR]     at com.sun.jndi.ldap.LdapCtx.searchAux(Unknown Source)
13:24:52,668 ERROR [STDERR]     at com.sun.jndi.ldap.LdapCtx.c_search(Unknown Source)
13:24:52,668 ERROR [STDERR]     at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(Unknown Source)
13:24:52,668 ERROR [STDERR]     at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)
13:24:52,668 ERROR [STDERR]     at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)
13:24:52,668 ERROR [STDERR]     at javax.naming.directory.InitialDirContext.search(Unknown Source)
13:24:52,668 ERROR [STDERR]     at com.openkm.principal.LdapPrincipalAdapter.ldapSearch(LdapPrincipalAdapter.java:200)
13:24:52,669 ERROR [STDERR]     at com.openkm.principal.LdapPrincipalAdapter.getMails(LdapPrincipalAdapter.java:111)
13:24:52,669 ERROR [STDERR]     at com.openkm.module.direct.DirectAuthModule.getMails(DirectAuthModule.java:853)
13:24:52,669 ERROR [STDERR]     at com.openkm.api.OKMAuth.getMails(OKMAuth.java:170)
13:24:52,669 ERROR [STDERR]     at com.openkm.servlet.admin.AuthServlet.str2user(AuthServlet.java:389)
13:24:52,669 ERROR [STDERR]     at com.openkm.servlet.admin.AuthServlet.userList(AuthServlet.java:250)
13:24:52,669 ERROR [STDERR]     at com.openkm.servlet.admin.AuthServlet.doGet(AuthServlet.java:93)
13:24:52,669 ERROR [STDERR]     at javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
13:24:52,669 ERROR [STDERR]     at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
13:24:52,669 ERROR [STDERR]     at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
13:24:52,669 ERROR [STDERR]     at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
13:24:52,669 ERROR [STDERR]     at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
13:24:52,669 ERROR [STDERR]     at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
13:24:52,669 ERROR [STDERR]     at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
13:24:52,669 ERROR [STDERR]     at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
13:24:52,669 ERROR [STDERR]     at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
13:24:52,669 ERROR [STDERR]     at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:182)
13:24:52,669 ERROR [STDERR]     at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:524)
13:24:52,669 ERROR [STDERR]     at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
13:24:52,669 ERROR [STDERR]     at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
13:24:52,669 ERROR [STDERR]     at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
13:24:52,669 ERROR [STDERR]     at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
13:24:52,669 ERROR [STDERR]     at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
13:24:52,670 ERROR [STDERR]     at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
13:24:52,670 ERROR [STDERR]     at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
13:24:52,670 ERROR [STDERR]     at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
13:24:52,670 ERROR [STDERR]     at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
13:24:52,672 ERROR [STDERR]     at java.lang.Thread.run(Unknown Source)

Username

tomsilby

Rank

Fresh Boarder

Posts

8

Joined

Wed Mar 23, 2011 5:14 pm

Re: LDAP User/Group Errors

#9798 by jllort
Thu Mar 24, 2011 12:21 pm

You've got a complex ldap tree structure for what I'm seeing.

Appears in security popup the roles ?

With principal.ldap.role.search.base equals to principal.ldap.user.search.base not runs right ? Do you've got roles defined in other tree node, could you define into the same nodes or is not possible ?

Username

jllort

Rank

Moderator

Posts

12053

Joined

Fri Dec 21, 2007 11:23 am

Location

Sineu - ( Illes Balears ) - Spain

Contact

Re: LDAP User/Group Errors

#9799 by tomsilby
Thu Mar 24, 2011 12:35 pm

jllort wrote:You've got a complex ldap tree structure for what I'm seeing.

Appears in security popup the roles ?

With principal.ldap.role.search.base equals to principal.ldap.user.search.base not runs right ? Do you've got roles defined in other tree node, could you define into the same nodes or is not possible ?

Thank you for your response.

Our AD administrator setup a tree structure just for OpenKM groups. Those groups are found in ldap.role.search.base. But the AD users who may be using OpenKM are in ou=users. It is not possible to define the groups in the same tree node as the users.

I'm not sure what you mean by security popup.

Username

tomsilby

Rank

Fresh Boarder

Posts

8

Joined

Wed Mar 23, 2011 5:14 pm

Re: LDAP User/Group Errors

#9800 by jllort
Thu Mar 24, 2011 12:39 pm

Select one document, and at bottom tabs select security -> change security it'll appearing the security popup, appears there the roles ?

http://wiki.openkm.com/index.php/Modifying_security

Username

jllort

Rank

Moderator

Posts

12053

Joined

Fri Dec 21, 2007 11:23 am

Location

Sineu - ( Illes Balears ) - Spain

Contact

Re: LDAP User/Group Errors

#9801 by tomsilby
Thu Mar 24, 2011 12:44 pm

jllort wrote:Select one document, and at bottom tabs select security -> change security it'll appearing the security popup, appears there the roles ?

http://wiki.openkm.com/index.php/Modifying_security

Thank you. Right now we only have three roles defined. Only two of our roles appear in the security popup. The Admin role does not appear. Also, all of our users appear in the user tab.

Username

tomsilby

Rank

Fresh Boarder

Posts

8

Joined

Wed Mar 23, 2011 5:14 pm

Re: LDAP User/Group Errors

#9805 by jllort
Thu Mar 24, 2011 3:14 pm

AdminRole not appears because we're filtering.

It's strange because this case indicates that is getting all roles. Seems problem could be getting the roles associated to some user.

Other thing I see is username has white spaces, could you try with someone without spaces ? That could be the problem too.

Username

jllort

Rank

Moderator

Posts

12053

Joined

Fri Dec 21, 2007 11:23 am

Location

Sineu - ( Illes Balears ) - Spain

Contact

Re: LDAP User/Group Errors

#9807 by tomsilby
Thu Mar 24, 2011 3:42 pm

Thanks. I'll give your suggestion a try. Thanks again.

Username

tomsilby

Rank

Fresh Boarder

Posts

8

Joined

Wed Mar 23, 2011 5:14 pm

Reply

Page 1 of 1
7 posts