Online demo
Download
Contact

Because information matters

  • OpenKM WebDav LDAP Authentication problem

  • Problems with installing OpenKM? No problemo, the solution is closer than you think.
It is currently Wed Jun 18, 2025 5:43 pm

OpenKM WebDav LDAP Authentication problem

Problems with installing OpenKM? No problemo, the solution is closer than you think.
Forum rules: Please, before asking something see the documentation wiki or use the search feature of the forum. And remember we don't have a crystal ball or mental readers, so if you post about an issue tell us which OpenKM are you using and also the browser and operating system version. For more info read How to Report Bugs Effectively.
 Reply

OpenKM WebDav LDAP Authentication problem

 #14469  by zeropower
 
Hi,
I am facing a very strange problem with OpenKM 5.1.10 at WebDav access, I successfully logged in using ldap authentication and after few seconds after copying files an error coming in many WebDav clients and sync tools
Code: Select all
- ERROR: Error copying to destination file: Incorrect Basic auth UserID or Password: Server says: Password Incorrect/Password Required: Password Incorrect/Password Required (status code 401)
... and 88 more similar log lines are skipped here (select Job -> Open Left/Right Log to view the entire log)
I checked server log and found the following:
Code: Select all
2012-03-13 15:10:50,575 DEBUG [org.jboss.security.auth.spi.LdapExtLoginModule] Bad password for username=dev
javax.naming.PartialResultException [Root exception is javax.naming.CommunicationException: domain.com:389 [Root exception is java.net.BindException: Address already in use: connect]]
	at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(LdapNamingEnumeration.java:224)
	at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreReferrals(LdapNamingEnumeration.java:362)
	at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(LdapNamingEnumeration.java:208)
	at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreReferrals(LdapNamingEnumeration.java:362)
	at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(LdapNamingEnumeration.java:208)
	at com.sun.jndi.ldap.LdapNamingEnumeration.hasMore(LdapNamingEnumeration.java:171)
	at org.jboss.security.auth.spi.LdapExtLoginModule.rolesSearch(LdapExtLoginModule.java:424)
	at org.jboss.security.auth.spi.LdapExtLoginModule.rolesSearch(LdapExtLoginModule.java:499)
	at org.jboss.security.auth.spi.LdapExtLoginModule.createLdapInitContext(LdapExtLoginModule.java:351)
	at org.jboss.security.auth.spi.LdapExtLoginModule.validatePassword(LdapExtLoginModule.java:232)
	at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:210)
	at sun.reflect.GeneratedMethodAccessor120.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
	at java.lang.reflect.Method.invoke(Method.java:597)
	at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
	at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
	at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
	at java.security.AccessController.doPrivileged(Native Method)
	at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
	at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
	at org.apache.jackrabbit.core.security.authentication.JAASAuthContext.login(JAASAuthContext.java:60)
	at org.apache.jackrabbit.core.RepositoryImpl.login(RepositoryImpl.java:1392)
	at org.apache.jackrabbit.commons.AbstractRepository.login(AbstractRepository.java:53)
	at com.openkm.servlet.BasicSecuredServlet.getSession(BasicSecuredServlet.java:32)
	at com.openkm.webdav.WebDAVFilter.handleRequest(WebDAVFilter.java:73)
	at com.openkm.webdav.WebDAVFilter.doFilter(WebDAVFilter.java:56)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
	at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
	at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:182)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:432)
	at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
	at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
	at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
	at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
	at java.lang.Thread.run(Thread.java:662)
Caused by: javax.naming.CommunicationException: domain.com:389 [Root exception is java.net.BindException: Address already in use: connect]
	at com.sun.jndi.ldap.LdapReferralContext.<init>(LdapReferralContext.java:74)
	at com.sun.jndi.ldap.LdapReferralException.getReferralContext(LdapReferralException.java:132)
	at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreReferrals(LdapNamingEnumeration.java:339)
	at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(LdapNamingEnumeration.java:208)
	... 44 more
Caused by: java.net.BindException: Address already in use: connect
	at java.net.PlainSocketImpl.socketConnect(Native Method)
	at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:351)
	at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:213)
	at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:200)
	at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:366)
	at java.net.Socket.connect(Socket.java:529)
	at java.net.Socket.connect(Socket.java:478)
	at java.net.Socket.<init>(Socket.java:375)
	at java.net.Socket.<init>(Socket.java:189)
	at com.sun.jndi.ldap.Connection.createSocket(Connection.java:350)
	at com.sun.jndi.ldap.Connection.<init>(Connection.java:185)
	at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:116)
	at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1580)
	at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2678)
	at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:296)
	at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
	at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:134)
	at com.sun.jndi.url.ldap.ldapURLContextFactory.getObjectInstance(ldapURLContextFactory.java:35)
	at javax.naming.spi.NamingManager.getURLObject(NamingManager.java:584)
	at javax.naming.spi.NamingManager.processURL(NamingManager.java:364)
	at javax.naming.spi.NamingManager.processURLAddrs(NamingManager.java:344)
	at javax.naming.spi.NamingManager.getObjectInstance(NamingManager.java:316)
	at com.sun.jndi.ldap.LdapReferralContext.<init>(LdapReferralContext.java:93)
	... 47 more
2012-03-13 15:10:50,591 DEBUG [org.jboss.security.auth.spi.LdapExtLoginModule] Bad password for username=dev
javax.naming.CommunicationException: 192.168.2.3:389 [Root exception is java.net.BindException: Address already in use: connect]
	at com.sun.jndi.ldap.Connection.<init>(Connection.java:208)
	at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:116)
	at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1580)
	at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2678)
	at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:296)
	at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
	at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
	at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
	at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
	at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
	at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
	at javax.naming.InitialContext.init(InitialContext.java:223)
	at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:134)
	at org.jboss.security.auth.spi.LdapExtLoginModule.constructInitialLdapContext(LdapExtLoginModule.java:544)
	at org.jboss.security.auth.spi.LdapExtLoginModule.bindDNAuthentication(LdapExtLoginModule.java:401)
	at org.jboss.security.auth.spi.LdapExtLoginModule.createLdapInitContext(LdapExtLoginModule.java:344)
	at org.jboss.security.auth.spi.LdapExtLoginModule.validatePassword(LdapExtLoginModule.java:232)
	at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:210)
	at sun.reflect.GeneratedMethodAccessor120.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
	at java.lang.reflect.Method.invoke(Method.java:597)
	at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
	at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
	at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
	at java.security.AccessController.doPrivileged(Native Method)
	at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
	at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
	at org.apache.jackrabbit.core.security.authentication.JAASAuthContext.login(JAASAuthContext.java:60)
	at org.apache.jackrabbit.core.RepositoryImpl.login(RepositoryImpl.java:1392)
	at org.apache.jackrabbit.commons.AbstractRepository.login(AbstractRepository.java:53)
	at com.openkm.servlet.BasicSecuredServlet.getSession(BasicSecuredServlet.java:32)
	at com.openkm.webdav.WebDAVFilter.handleRequest(WebDAVFilter.java:73)
	at com.openkm.webdav.WebDAVFilter.doFilter(WebDAVFilter.java:56)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
	at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
	at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:182)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:432)
	at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
	at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
	at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
	at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
	at java.lang.Thread.run(Thread.java:662)
Caused by: java.net.BindException: Address already in use: connect
	at java.net.PlainSocketImpl.socketConnect(Native Method)
	at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:351)
	at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:213)
	at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:200)
	at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:366)
	at java.net.Socket.connect(Socket.java:529)
	at java.net.Socket.connect(Socket.java:478)
	at java.net.Socket.<init>(Socket.java:375)
	at java.net.Socket.<init>(Socket.java:189)
	at com.sun.jndi.ldap.Connection.createSocket(Connection.java:350)
	at com.sun.jndi.ldap.Connection.<init>(Connection.java:185)
and if i log out, i can't log in again until waiting 3 minutes.
I tried the same version with the built-in authentication, it works without any problem
i tried OpenKM 5.1.9 with LDAP authentication, and it works also without any problem.
Please advice.
Thanks a lot...

Re: OpenKM WebDav LDAP Authentication problem

 #14499  by zeropower
 
After too much search and tries, i found that ("Address already in use") occurs when the underlying socket is still open before trying to connect to the same address again. I used ports scan tool and found when trying to copy anything to OpenKM webdrive, local tcp ports are opening from 1025 till 5000 and then give that error and stop access until the opened ports close after certain timeout, i increased the range other than default(5000) to 65534 by the help of this link http://support.microsoft.com/kb/196271 and it got fixed.

I think this is only a workaround and i suggest in the newer version to find a way to close the connection before using it again or try pooling the connection to get better performance, that what i got from reading at other forums.
Thanks.

Re: OpenKM WebDav LDAP Authentication problem

 #14546  by pavila
 
I can't understand the relation between the WebDAV and the LDAP configuration. The connections to the server al always done by port 80 (or 8080) if you are accessing to a WebDAV resource.

Re: OpenKM WebDav LDAP Authentication problem

 #14561  by zeropower
 
The connection i was talking about is from the OpenKM server to ldap server, to be more clear, when an Active Directory user trying to copy files to OpenKM server through WebDav, the OpenKM server start opening local TCP ports from 1025 to 5000 and the destination port 389 to ldap server, so it exhaust the available local ports and when trying to start again from 1025, it found the ports still opened and give the error i mentioned before.
My workaround was to increase the available local ports that can be opened as when it reaches the last port and try to start from the beginning the ports were closed already.
Actually i found this solution little bit slow, so i am using internal authentication for copying files using WebDav and in parallel ldap authentication for web access.
Thanks...

Re: OpenKM WebDav LDAP Authentication problem

 #14857  by pavila
 
But the same problem will be present if the user does not copy the document using WebDAV, isn't it? For example, if you make an import from OpenKM Administration, it also copy a lot of documents into OpenKM.

Anyway I'm not sure why OpenKM open a lot of connection to the LDAP server. Perhaps these connections are created by JBoss. I would need to see a detailed log of the com.openkm.principal package to verify this. Please, read http://wiki.openkm.com/index.php/Debug_log_info.
 Reply
 Return to “Installation”

Favorites

About Us

OpenKM is part of the management software. A management software is a program that facilitates the accomplishment of administrative tasks. OpenKM is a document management system that allows you to manage business content and workflow in a more efficient way. Document managers guarantee data protection by establishing information security for business content.

Powered By phpBB -
 ©OpenKM 2021
 - All times are UTC -