Page 3 of 3

Re: Configuration of Active Directory from OpenKM

PostPosted:Mon Mar 20, 2017 1:10 am
by AdamChen
All the people can visit OpenKM ,
and last week I try to reduce user try to login with ldap in OpenKM ( I need to success login for test )
and the somethings wrong ,
I can see the User in the Adminstration , but I can't login with those user
It's always Authentication error
I don't know where I can find the problems.

and the Authentication error is http 302
(My company use MS AD for Ldap)

Re: Configuration of Active Directory from OpenKM

PostPosted:Tue Mar 21, 2017 7:03 pm
by jllort
I do not understanding exactly the problem, your description is not much clear. I suggest make some screenshot and also add catalina.log file for understanding better the problem ( please share only the piece of the log file where is shown some error related with authentication ).

Re: Configuration of Active Directory from OpenKM

PostPosted:Wed Mar 22, 2017 10:36 am
by AdamChen
Code: Select all
2017-03-22 18:23:21,042 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.util.AntPathRequestMatcher- Checking match of request : '/j_spring_security_check'; against '/status'
2017-03-22 18:23:21,043 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.util.AntPathRequestMatcher- Checking match of request : '/j_spring_security_check'; against '/download'
2017-03-22 18:23:21,043 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.util.AntPathRequestMatcher- Checking match of request : '/j_spring_security_check'; against '/workflow-register'
2017-03-22 18:23:21,043 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.util.AntPathRequestMatcher- Checking match of request : '/j_spring_security_check'; against '/webdav/**'
2017-03-22 18:23:21,043 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.util.AntPathRequestMatcher- Checking match of request : '/j_spring_security_check'; against '/feed/**'
2017-03-22 18:23:21,043 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.util.AntPathRequestMatcher- Checking match of request : '/j_spring_security_check'; against '/cmis/browser/**'
2017-03-22 18:23:21,043 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.util.AntPathRequestMatcher- Checking match of request : '/j_spring_security_check'; against '/cmis/atom/**'
2017-03-22 18:23:21,043 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.util.AntPathRequestMatcher- Checking match of request : '/j_spring_security_check'; against '/cmis/atom11/**'
2017-03-22 18:23:21,043 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.util.AntPathRequestMatcher- Checking match of request : '/j_spring_security_check'; against '/services/rest/**'
2017-03-22 18:23:21,043 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.FilterChainProxy- /j_spring_security_check at position 1 of 8 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2017-03-22 18:23:21,043 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository- No HttpSession currently exists
2017-03-22 18:23:21,043 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository- No SecurityContext was available from the HttpSession: null. A new one will be created.
2017-03-22 18:23:21,043 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.FilterChainProxy- /j_spring_security_check at position 2 of 8 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
2017-03-22 18:23:21,043 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter- Request is to process authentication
2017-03-22 18:23:21,043 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.authentication.ProviderManager- Authentication attempt using org.springframework.security.ldap.authentication.LdapAuthenticationProvider
2017-03-22 18:23:21,043 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.ldap.authentication.LdapAuthenticationProvider- Processing authentication request for user: 80005108
2017-03-22 18:23:21,043 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.ldap.search.FilterBasedLdapUserSearch- Searching for user '80005108', with user search [ searchFilter: 'cn={0}', searchBase: 'CN=taiwan,CN=Users,CN=Partition1,DC=want-moss,DC=com', scope: subtree, searchTimeLimit: 0, derefLinkFlag: false ]
2017-03-22 18:23:21,253 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.ldap.SpringSecurityLdapTemplate- Searching for entry under DN '', base = 'cn=taiwan,cn=Users,cn=Partition1,dc=want-moss,dc=com', filter = 'cn={0}'
2017-03-22 18:23:21,253 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.ldap.SpringSecurityLdapTemplate- Found DN: cn=80005108,cn=taipei,cn=taiwan,cn=Users,cn=Partition1,dc=want-moss,dc=com
2017-03-22 18:23:21,255 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.ldap.authentication.BindAuthenticator- Attempting to bind as cn=80005108,cn=taipei,cn=taiwan,cn=Users,cn=Partition1,dc=want-moss,dc=com
2017-03-22 18:23:21,256 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.ldap.DefaultSpringSecurityContextSource- Removing pooling flag for user cn=80005108,cn=taipei,cn=taiwan,cn=Users,cn=Partition1,dc=want-moss,dc=com
2017-03-22 18:23:21,409 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.ldap.authentication.BindAuthenticator- Retrieving attributes...
2017-03-22 18:23:21,478 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter- Authentication request failed: org.springframework.security.authentication.AuthenticationServiceException: [LDAP: error code 32 - 0000208D: NameErr: DSID-031522C9, problem 2001 (NO_OBJECT), data 0, best match of:
	'CN=Partition1,DC=want-moss,DC=com'
]; nested exception is javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-031522C9, problem 2001 (NO_OBJECT), data 0, best match of:
	'CN=Partition1,DC=want-moss,DC=com'
]; remaining name 'cn=80005108,cn=taipei,cn=taiwan,cn=Users,cn=Partition1,dc=want-moss,dc=com'
2017-03-22 18:23:21,479 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter- Updated SecurityContextHolder to contain null Authentication
2017-03-22 18:23:21,479 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter- Delegating to authentication failure handlerorg.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler@375e7899
2017-03-22 18:23:21,480 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler- Redirecting to /login.jsp?error=1
2017-03-22 18:23:21,480 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.DefaultRedirectStrategy- Redirecting to '/OpenKM/login.jsp?error=1'
2017-03-22 18:23:21,480 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository- SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2017-03-22 18:23:21,480 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.context.SecurityContextPersistenceFilter- SecurityContextHolder now cleared, as request processing completed
2017-03-22 18:23:21,556 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.util.AntPathRequestMatcher- Checking match of request : '/login.jsp'; against '/status'
2017-03-22 18:23:21,556 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.util.AntPathRequestMatcher- Checking match of request : '/login.jsp'; against '/download'
2017-03-22 18:23:21,556 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.util.AntPathRequestMatcher- Checking match of request : '/login.jsp'; against '/workflow-register'
2017-03-22 18:23:21,557 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.util.AntPathRequestMatcher- Checking match of request : '/login.jsp'; against '/webdav/**'
2017-03-22 18:23:21,557 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.util.AntPathRequestMatcher- Checking match of request : '/login.jsp'; against '/feed/**'
2017-03-22 18:23:21,557 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.util.AntPathRequestMatcher- Checking match of request : '/login.jsp'; against '/cmis/browser/**'
2017-03-22 18:23:21,557 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.util.AntPathRequestMatcher- Checking match of request : '/login.jsp'; against '/cmis/atom/**'
2017-03-22 18:23:21,557 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.util.AntPathRequestMatcher- Checking match of request : '/login.jsp'; against '/cmis/atom11/**'
2017-03-22 18:23:21,557 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.util.AntPathRequestMatcher- Checking match of request : '/login.jsp'; against '/services/rest/**'
2017-03-22 18:23:21,557 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.FilterChainProxy- /login.jsp?error=1 at position 1 of 8 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2017-03-22 18:23:21,557 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository- HttpSession returned null object for SPRING_SECURITY_CONTEXT
This is my Apache Directory Studio DN:
______________________________________________________________________________________________________________________
distinguishedName:CN=80005108,CN=taipei,CN=taiwan,CN=Users,CN=Partition1,DC=want-moss,DC=com
______________________________________________________________________________________________________________________

I don't really know where I get the problem is !?

and I feel I already successful login but something stop me to login with openkm

like the spring !? or the other things ?

Re: Configuration of Active Directory from OpenKM

PostPosted:Thu Mar 23, 2017 9:24 pm
by jllort
I suggest search at google for "LDAP error code 32" ( for example read here https://confluence.atlassian.com/stashk ... 85640.html )