First , I tried it about a month can't login with ldap ( I sorry my English not very well )
this is my Ldap structure .
-----------------------------------------------------------------------------------------------------
DIT
-----|-----Root DSE
----------|-----CN=Partition1,DC=want-moss,DC=com
---------------|-----CN=Users
--------------------|-----CN=Shanghai
-------------------------|-----CN=00000001
-------------------------|-----CN=00000002
-------------------------|-----CN=00000003
-------------------------|-----CN=00000004
-------------------------|----- ......
---------------|-----CN=Taiwan
--------------------|-----CN=Taipei
-------------------------|-----CN=80001001
-------------------------|-----CN=80001002
-------------------------|-----CN=80001003
-------------------------|----- ......
--------------------|-----CN=Tainai
-------------------------|-----CN=90001001
-------------------------|-----CN=90001002
-------------------------|-----CN=90001003
-------------------------|----- ......
-----------------------------------------------------------------------------------------------------
Also I show the Apache Directory Studio detail for User : 80001001
objectClass:organizationalPerson(structural)
objectClass:person(structural)
objectClass:top(abstract)
objectClass:user(structural)
objectClass:companyPerson(structural)
cn=80001001
instanceType=4
badPasswordTime=0
badPwdCount=0
description=ADUser
distnguishedName=CN=80001001,CN=Taipei,CN=Taiwan,CN=Users,CN=Partition1,DC=want-moss,DC=com
mail=xxxx@company.com
mobile=09xxxxxxxx
name=80001001
sn=Adam
uid=80001001
userPrincipalName=80001001
(I just take some important information)
-----------------------------------------------------------------------------------------------------
And this is my OpenKM.xml
Because I'm come from taiwan , so my company cn = Taiwan(this is not english is chinese characters)
Thanks you very much to helping me , I'm appreciation .
this is my Ldap structure .
-----------------------------------------------------------------------------------------------------
DIT
-----|-----Root DSE
----------|-----CN=Partition1,DC=want-moss,DC=com
---------------|-----CN=Users
--------------------|-----CN=Shanghai
-------------------------|-----CN=00000001
-------------------------|-----CN=00000002
-------------------------|-----CN=00000003
-------------------------|-----CN=00000004
-------------------------|----- ......
---------------|-----CN=Taiwan
--------------------|-----CN=Taipei
-------------------------|-----CN=80001001
-------------------------|-----CN=80001002
-------------------------|-----CN=80001003
-------------------------|----- ......
--------------------|-----CN=Tainai
-------------------------|-----CN=90001001
-------------------------|-----CN=90001002
-------------------------|-----CN=90001003
-------------------------|----- ......
-----------------------------------------------------------------------------------------------------
Also I show the Apache Directory Studio detail for User : 80001001
objectClass:organizationalPerson(structural)
objectClass:person(structural)
objectClass:top(abstract)
objectClass:user(structural)
objectClass:companyPerson(structural)
cn=80001001
instanceType=4
badPasswordTime=0
badPwdCount=0
description=ADUser
distnguishedName=CN=80001001,CN=Taipei,CN=Taiwan,CN=Users,CN=Partition1,DC=want-moss,DC=com
mail=xxxx@company.com
mobile=09xxxxxxxx
name=80001001
sn=Adam
uid=80001001
userPrincipalName=80001001
(I just take some important information)
-----------------------------------------------------------------------------------------------------
And this is my OpenKM.xml
Code: Select all
The settings I used in configuration view are as below
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider ref="ldapAuthProvider" />
</security:authentication-manager>
<beans:bean id="contextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
<beans:constructor-arg value="ldap://10.0.xx.xxx:xxx"/>
<beans:property name="userDn" value="CN=ron,CN=Partition1,DC=want-moss,DC=com"/>
<beans:property name="password" value="****"/>
<beans:property name="baseEnvironmentProperties">
<beans:map>
<beans:entry>
<beans:key>
<beans:value>java.naming.referral</beans:value>
</beans:key>
<beans:value>follow</beans:value>
</beans:entry>
</beans:map>
</beans:property>
</beans:bean>
<beans:bean id="ldapAuthProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
<beans:constructor-arg>
<beans:bean class="org.springframework.security.ldap.authentication.BindAuthenticator">
<beans:constructor-arg ref="contextSource"/>
<beans:property name="userSearch" ref="userSearch"/>
</beans:bean>
</beans:constructor-arg>
<beans:constructor-arg>
<beans:bean class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
<beans:constructor-arg ref="contextSource"/>
<beans:constructor-arg value=""CN=Partition1,DC=want-moss,DC=com/>
<beans:property name="groupSearchFilter" value="member={0}"/>
<beans:property name="groupRoleAttribute" value="cn"/>
<beans:property name="searchSubtree" value="true" />
<beans:property name="convertToUpperCase" value="false" />
<beans:property name="rolePrefix" value="" />
</beans:bean>
</beans:constructor-arg>
</beans:bean>
<beans:bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
<beans:constructor-arg index="0" value="CN=Partition1,DC=want-moss,DC=com" />
<beans:constructor-arg index="1" value="(cn={0})" />
<beans:constructor-arg index="2" ref="contextSource" />
<beans:property name="searchSubtree" value="true" />
</beans:bean>
Code: Select all
And this is tomcat -> logs -> catalina.log
principal.adapter=com.openkm.principal.LdapPrincipalAdapter
system.login.lowercase=true
principal.ldap.referral=follow
principal.ldap.users.from.roles=false
principal.ldap.server=ldap://10.0.xx.xxx:xxx
principal.ldap.security.principal="CN=ron,CN=Partition1,DC=want-moss,DC=com"
principal.ldap.security.credentials=password
principal.ldap.user.attribute=cn
principal.ldap.user.search.base=CN=Partition1,DC=want-moss,DC=com
principal.ldap.user.search.filter=(&(objectClass=person)(cn={0}))
principal.ldap.username.attribute=cn
principal.ldap.username.search.base=CN=Partition1,DC=want-moss,DC=com
principal.ldap.username.search.filter=(&(objectClass=person)(cn={0}))
principal.ldap.mail.attribute=mail
principal.ldap.mail.search.base=CN=Partition1,DC=want-moss,DC=com
principal.ldap.mail.search.filter=(&(objectClass=person)(cn={0}))
principal.ldap.role.attribute=cn
principal.ldap.role.search.baseDC=CN=Partition1,DC=want-moss,DC=com
principal.ldap.role.search.filter=(objectClass=person)
principal.ldap.roles.by.user.attribute=cn
principal.ldap.roles.by.user.search.base=CN=Partition1,DC=want-moss,DC=com
principal.ldap.roles.by.user.search.filter=(&(objectClass=person)(snc={0}))
principal.ldap.users.by.role.attribute=cn
principal.ldap.users.by.role.search.base=CN=Partition1,DC=want-moss,DC=com
principal.ldap.users.by.role.search.filter=(&(objectClass=person)(cn={0}))
Code: Select all
Can someone tell me where I needed to fix ?
2017-03-22 18:23:21,042 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.util.AntPathRequestMatcher- Checking match of request : '/j_spring_security_check'; against '/status'
2017-03-22 18:23:21,043 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.util.AntPathRequestMatcher- Checking match of request : '/j_spring_security_check'; against '/download'
2017-03-22 18:23:21,043 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.util.AntPathRequestMatcher- Checking match of request : '/j_spring_security_check'; against '/workflow-register'
2017-03-22 18:23:21,043 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.util.AntPathRequestMatcher- Checking match of request : '/j_spring_security_check'; against '/webdav/**'
2017-03-22 18:23:21,043 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.util.AntPathRequestMatcher- Checking match of request : '/j_spring_security_check'; against '/feed/**'
2017-03-22 18:23:21,043 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.util.AntPathRequestMatcher- Checking match of request : '/j_spring_security_check'; against '/cmis/browser/**'
2017-03-22 18:23:21,043 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.util.AntPathRequestMatcher- Checking match of request : '/j_spring_security_check'; against '/cmis/atom/**'
2017-03-22 18:23:21,043 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.util.AntPathRequestMatcher- Checking match of request : '/j_spring_security_check'; against '/cmis/atom11/**'
2017-03-22 18:23:21,043 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.util.AntPathRequestMatcher- Checking match of request : '/j_spring_security_check'; against '/services/rest/**'
2017-03-22 18:23:21,043 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.FilterChainProxy- /j_spring_security_check at position 1 of 8 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2017-03-22 18:23:21,043 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository- No HttpSession currently exists
2017-03-22 18:23:21,043 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository- No SecurityContext was available from the HttpSession: null. A new one will be created.
2017-03-22 18:23:21,043 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.FilterChainProxy- /j_spring_security_check at position 2 of 8 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
2017-03-22 18:23:21,043 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter- Request is to process authentication
2017-03-22 18:23:21,043 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.authentication.ProviderManager- Authentication attempt using org.springframework.security.ldap.authentication.LdapAuthenticationProvider
2017-03-22 18:23:21,043 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.ldap.authentication.LdapAuthenticationProvider- Processing authentication request for user: 80001001
2017-03-22 18:23:21,043 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.ldap.search.FilterBasedLdapUserSearch- Searching for user '80005108', with user search [ searchFilter: 'cn={0}', searchBase: 'CN=taiwan,CN=Users,CN=Partition1,DC=want-moss,DC=com', scope: subtree, searchTimeLimit: 0, derefLinkFlag: false ]
2017-03-22 18:23:21,253 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.ldap.SpringSecurityLdapTemplate- Searching for entry under DN '', base = 'cn=taiwan,cn=Users,cn=Partition1,dc=want-moss,dc=com', filter = 'cn={0}'
2017-03-22 18:23:21,253 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.ldap.SpringSecurityLdapTemplate- Found DN: cn=80001001,cn=taipei,cn=taiwan,cn=Users,cn=Partition1,dc=want-moss,dc=com
2017-03-22 18:23:21,255 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.ldap.authentication.BindAuthenticator- Attempting to bind as cn=80001001,cn=taipei,cn=taiwan,cn=Users,cn=Partition1,dc=want-moss,dc=com
2017-03-22 18:23:21,256 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.ldap.DefaultSpringSecurityContextSource- Removing pooling flag for user cn=80001001,cn=taipei,cn=taiwan,cn=Users,cn=Partition1,dc=want-moss,dc=com
2017-03-22 18:23:21,409 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.ldap.authentication.BindAuthenticator- Retrieving attributes...
2017-03-22 18:23:21,478 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter- Authentication request failed: org.springframework.security.authentication.AuthenticationServiceException: [LDAP: error code 32 - 0000208D: NameErr: DSID-031522C9, problem 2001 (NO_OBJECT), data 0, best match of:
'CN=Partition1,DC=want-moss,DC=com'
]; nested exception is javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-031522C9, problem 2001 (NO_OBJECT), data 0, best match of:
'CN=Partition1,DC=want-moss,DC=com'
]; remaining name 'cn=80001001,cn=taipei,cn=taiwan,cn=Users,cn=Partition1,dc=want-moss,dc=com'
2017-03-22 18:23:21,479 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter- Updated SecurityContextHolder to contain null Authentication
2017-03-22 18:23:21,479 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter- Delegating to authentication failure handlerorg.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler@375e7899
2017-03-22 18:23:21,480 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler- Redirecting to /login.jsp?error=1
2017-03-22 18:23:21,480 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.DefaultRedirectStrategy- Redirecting to '/OpenKM/login.jsp?error=1'
2017-03-22 18:23:21,480 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository- SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2017-03-22 18:23:21,480 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.context.SecurityContextPersistenceFilter- SecurityContextHolder now cleared, as request processing completed
2017-03-22 18:23:21,556 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.util.AntPathRequestMatcher- Checking match of request : '/login.jsp'; against '/status'
2017-03-22 18:23:21,556 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.util.AntPathRequestMatcher- Checking match of request : '/login.jsp'; against '/download'
2017-03-22 18:23:21,556 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.util.AntPathRequestMatcher- Checking match of request : '/login.jsp'; against '/workflow-register'
2017-03-22 18:23:21,557 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.util.AntPathRequestMatcher- Checking match of request : '/login.jsp'; against '/webdav/**'
2017-03-22 18:23:21,557 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.util.AntPathRequestMatcher- Checking match of request : '/login.jsp'; against '/feed/**'
2017-03-22 18:23:21,557 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.util.AntPathRequestMatcher- Checking match of request : '/login.jsp'; against '/cmis/browser/**'
2017-03-22 18:23:21,557 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.util.AntPathRequestMatcher- Checking match of request : '/login.jsp'; against '/cmis/atom/**'
2017-03-22 18:23:21,557 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.util.AntPathRequestMatcher- Checking match of request : '/login.jsp'; against '/cmis/atom11/**'
2017-03-22 18:23:21,557 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.util.AntPathRequestMatcher- Checking match of request : '/login.jsp'; against '/services/rest/**'
2017-03-22 18:23:21,557 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.FilterChainProxy- /login.jsp?error=1 at position 1 of 8 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2017-03-22 18:23:21,557 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository- HttpSession returned null object for SPRING_SECURITY_CONTEXT
Because I'm come from taiwan , so my company cn = Taiwan(this is not english is chinese characters)
Thanks you very much to helping me , I'm appreciation .