Error communicating with the server (getUserWorkspace)

[sagar]

Hi,

I've installed the 5.1.7 version on Linux box and configured it with AD for authentication but after login it hangs at the splash screen and gives this error "Error communicating with the server (getUserWorkspace)"

below is the error from the log file:

Code: Select all

2011-09-04 13:26:27,986 DEBUG [com.openkm.jcr.JCRUtils] #24 - 0 Destroy session org.apache.jackrabbit.core.XASessionImpl@60a88 from com.openkm.servlet.frontend.WorkspaceServlet.getUserWorkspace(WorkspaceServlet.java:339)
2011-09-04 13:26:27,987 ERROR [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost].[/OpenKM]] Exception while dispatching incoming RPC call
com.google.gwt.user.server.rpc.UnexpectedException: Service method 'public abstract com.openkm.frontend.client.bean.GWTWorkspace com.openkm.frontend.client.service.OKMWorkspaceService.getUserWorkspace() throws com.openkm.frontend.client.OKMException' threw an unexpected exception: java.lang.NullPointerException
	at com.google.gwt.user.server.rpc.RPC.encodeResponseForFailure(RPC.java:378)
	at com.google.gwt.user.server.rpc.RPC.invokeAndEncodeResponse(RPC.java:581)
	at com.google.gwt.user.server.rpc.RemoteServiceServlet.processCall(RemoteServiceServlet.java:207)
	at com.google.gwt.user.server.rpc.RemoteServiceServlet.processPost(RemoteServiceServlet.java:243)
	at com.google.gwt.user.server.rpc.AbstractRemoteServiceServlet.doPost(AbstractRemoteServiceServlet.java:62)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
	at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
	at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:182)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:524)
	at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
	at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
	at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
	at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
	at java.lang.Thread.run(Thread.java:619)
Caused by: java.lang.NullPointerException
	at com.openkm.servlet.frontend.WorkspaceServlet.getUserWorkspace(WorkspaceServlet.java:306)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
	at java.lang.reflect.Method.invoke(Method.java:597)
	at com.google.gwt.user.server.rpc.RPC.invokeAndEncodeResponse(RPC.java:562)
	... 24 more

OpenKM.cfg

Code: Select all

#system.ocr=/usr/bin/cuneiform
#system.openoffice.path=/usr/lib/openoffice
#system.imagemagick.convert=/usr/bin/convert
#system.swftools.pdf2swf=/usr/bin/pdf2swf
#system.antivir=/usr/bin/clamscan
hibernate.dialect=org.hibernate.dialect.HSQLDialect
hibernate.hbm2ddl=none
application.url=http:///*****/OpenKM/com.openkm.frontend.Main/index.jsp




file.size=100.

subscription.message.subject=AwalDMS - {0} - {1};
subscription.message.body=Document: <a href=\"{0}\">{1}</a>
notify.message.subject=AwalDMS - NOTIFICATION - {0}
notify.message.body=Document: <a href=\"{0}\">{1}</a>


wizard.property.groups=okg:consulting,okg:technology
wizard.keywords=on
wizard.categories=on


system.login.lowercase=on
principal.adapter=com.openkm.principal.LdapPrincipalAdapter
 
principal.ldap.server=ldap://*****
principal.ldap.security.principal=CN=*****,CN=Users,DC=****,DC=com
principal.ldap.security.credentials=*****
 
principal.ldap.user.search.base=CN=users,DC=****,DC=com
principal.ldap.user.search.filter=(objectclass=person)
principal.ldap.user.attribute=cn
 
principal.ldap.role.search.base=cn=users,dc=****,dc=com
principal.ldap.role.search.filter=(objectclass=group)
principal.ldap.role.attribute=cn
 
principal.ldap.mail.search.base=CN={0},CN=users,dc=****,dc=com
principal.ldap.mail.search.filter=(objectclass=person)
principal.ldap.mail.attribute=mail
 
principal.ldap.users.by.role.search.filter=(&(objectClass=group)(cn={0}))
principal.ldap.roles.by.user.search.filter=(&(objectClass=group)(cn={0}))


principal.ldap.roles.by.user.attribute=memberOf

login-config.xml

Code: Select all

<login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required" > 
      <module-option name="java.naming.provider.url">ldap://***</module-option> 
      <module-option name="bindDN">CN=****,CN=Users,DC=***,DC=com</module-option>
      <module-option name="java.naming.security.authentication">simple</module-option>
      <module-option name="bindCredential">****</module-option>
      <module-option name="baseCtxDN">CN=users,dc=***,dc=com</module-option>
      <module-option name="baseFilter">(sAMAccountName={0})</module-option>
      <module-option name="rolesCtxDN">CN=users,dc=***,dc=com</module-option>
      <module-option name="roleFilter">(member={1})</module-option>
      <module-option name="roleAttributeID">cn</module-option>
      <module-option name="roleAttributeIsDN">false</module-option>
      <module-option name="roleRecursion">2</module-option>
      <module-option name="searchScope">ONELEVEL_SCOPE</module-option>
      <module-option name="defaultRole">UserRole</module-option>
      <module-option name="allowEmptyPasswords">false</module-option>
    </login-module> 

Thanks in advance.

[pavila]

The source line is:

Code: Select all

workspace.setRoleList(OKMAuth.getInstance().getRolesByUser(null, user.getId()));

I think the "user" variable maybe null. This can be because the principal adapter is not well configured. BTW, in OpenKM 5.1.x the OpenKM.cfg configuration file is only used for hibernate.* properties. The others are managed from Administration and stored in database.

[sagar]

So shall I change it back to local authentication and use the administration tab to configure the authentication ?

Regards,
Sagar

[pavila]

Or connect to the database and make the changes into the OKM_CONFIG table.

[jllort]

Remember after first startup all properties are stored in DBMS, and changes on OpenKM.cfg will not take any effect ( into OpenKM.cfg will only have sense leave the DBMS properties others can be deleted after first startup and must be changed on administration tab ).

[sagar]

Hi,

I've rest everything back to normal authentication and logged in as okmAdmin and entered all the configuration on the administration tab and changed the login-config.xml, then if I change the hibernate.hbm2ddl to none and restart the service I get a lot of "Table not found in statement" errors and if i leave hibernate.hbm2ddl to create I get the old error I posted earlier.

Appreciate your help.

Thanks & regards,
Sagar

[jllort]

Do you got information on that OpenKM installation ?

[sagar]

Maybe I didn't understand your question; but if you're asking if I have information on the installation, yes I was reading the documentation site.

Thanks & regards,
Sagar-

[pavila]

Properties hibernate.hbm2ddl and hibernate.dialect are configured in the OpenKM.cfg file, isn't it? Can you post your OpenKM.cfg file and a screenshot of the Administration > Configuration?

Also would be nice the OpenKM related part of the login-config.xml from JBoss configuration.

[sagar]

Hi all,

I have reviewed the configuration and got it working, but it is not getting the right role from the AD (AdminRole or UserRole) it always use the default role from the login-config.xml

The other question is that the departments are represented as OUes in the AD and I want to use this to group the users so they can share documents through the group.

Thanks & regards,
Sagar

[sagar]

Please find the administration screen configuration attached.
also find below the login-config.xml and OpenKM.cfg

OpenKM.cfg

Code: Select all

#system.ocr=/usr/bin/cuneiform
#system.openoffice.path=/usr/lib/openoffice
#system.imagemagick.convert=/usr/bin/convert
#system.swftools.pdf2swf=/usr/bin/pdf2swf
#system.antivir=/usr/bin/clamscan
hibernate.dialect=org.hibernate.dialect.HSQLDialect
hibernate.hbm2ddl=none

application.url=http:///*****/OpenKM/com.openkm.frontend.Main/index.jsp




file.size=100.

subscription.message.subject=OpenKM - {0} - {1};
subscription.message.body=Document: <a href=\"{0}\">{1}</a>
notify.message.subject=OpenKM - NOTIFICATION - {0}
notify.message.body=Document: <a href=\"{0}\">{1}</a>


wizard.property.groups=okg:consulting,okg:technology
wizard.keywords=on
wizard.categories=on


system.login.lowercase=on

login-config.xml

Code: Select all

<authentication>
    <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required" >
      <module-option name="java.naming.provider.url">ldap://***</module-option>
      <module-option name="bindDN">CN=***,CN=Users,DC=***,DC=com</module-option>
      <module-option name="java.naming.security.authentication">simple</module-option>
      <module-option name="bindCredential">***</module-option>
      <module-option name="baseCtxDN">CN=Users,dc=***,dc=com</module-option>
      <module-option name="baseFilter">(sAMAccountName={0})</module-option>
      <module-option name="rolesCtxDN">cn=users,dc=***,dc=com</module-option>
      <module-option name="roleFilter">(cn={1})</module-option>
      <module-option name="roleAttributeID">cn</module-option>
      <module-option name="roleAttributeIsDN">false</module-option>
      <module-option name="roleRecursion">2</module-option>
      <module-option name="searchScope">ONELEVEL_SCOPE</module-option>
      <module-option name="defaultRole">UserRole</module-option>
      <module-option name="allowEmptyPasswords">false</module-option>
    </login-module>
  </authentication>

Thanks & regards,
Sagar

[pavila]

In OpenKM 5.1.x only these lines are meaninful at OpenKM.cfg:

Code: Select all

hibernate.dialect=org.hibernate.dialect.HSQLDialect
hibernate.hbm2ddl=none

The others are pretty ignored.

I have updated the wiki with a new entry at http://wiki.openkm.com/index.php/Testin ... figuration. This explain a bit better how to configure the LDAP integration.

Comments are welcomed.

[sagar]

Hi,

I tried to use the tool you developed here http://wiki.openkm.com/index.php/Testin ... figuration but the zip file require a password which was not given.

Thanks & regards,
Sagar

[jllort]

It think you're wrong, the http://www.openkm.com/download/OpenKM-5.1-LDAP.zip has not password ( I tested ).

[sagar]

Hi,

Strange I've tried to download it many times and tried to open it with 7zip and winrar but it always asks for the password!

Thanks & regards,
Sagar