Open Source Document Management System | OpenKM - LDAP not working correctly in 6.2

Because information matters

LDAP not working correctly in 6.2
OpenKM has many interesting features, but requires some configuration process to show its full potential.

Board index
OpenKM English Users Configuration « You are here

LDAP not working correctly in 6.2

Forum rules: Please, before asking something see the documentation wiki or use the search feature of the forum. And remember we don't have a crystal ball or mental readers, so if you post about an issue tell us which OpenKM are you using and also the browser and operating system version. For more info read How to Report Bugs Effectively.

55 posts

Reply

LDAP not working correctly in 6.2

#20643 by Catscratch
Wed Jan 09, 2013 8:58 am

Hi,

I got a problem with the LDAP configuration in 6.2. Seems some problem with finding roles by the username.

But I don't know what is exactly wrong.
I think there is an error in the OpenKM.xml config. What exactly should the group-search-* contain?
Also I got a working okm 5.1 as reference for the settings. (I took the settings from these working 5.1 instance)

But first of all, some logs and so on.

Logfile:

Code: Select all

...
2013-01-07 14:01:02,372 [http-bio-0.0.0.0-8080-exec-3] DEBUG org.springframework.security.authentication.ProviderManager - Authentication attempt using org.springframework.security.ldap.authentication.LdapAuthenticationProvider
2013-01-07 14:01:02,372 [http-bio-0.0.0.0-8080-exec-3] DEBUG org.springframework.security.ldap.authentication.LdapAuthenticationProvider - Processing authentication request for user: okmstudent
2013-01-07 14:01:02,377 [http-bio-0.0.0.0-8080-exec-3] DEBUG org.springframework.security.ldap.search.FilterBasedLdapUserSearch - Searching for user 'okmstudent', with user search [ searchFilter: '(&(sAMAccountName={0})(memberOf=cn=OpenKMAllUsers,cn=Users,dc=mmtopen,dc=de))', searchBase: 'ou=MMTOpenUsers,dc=mmtopen,dc=de', scope: subtree, searchTimeLimit: 0, derefLinkFlag: false ]
2013-01-07 14:01:02,387 [http-bio-0.0.0.0-8080-exec-3] DEBUG org.springframework.security.ldap.SpringSecurityLdapTemplate - Searching for entry under DN '', base = 'ou=MMTOpenUsers,dc=mmtopen,dc=de', filter = '(&(sAMAccountName={0})(memberOf=cn=OpenKMAllUsers,cn=Users,dc=mmtopen,dc=de))'
2013-01-07 14:01:02,389 [http-bio-0.0.0.0-8080-exec-3] DEBUG org.springframework.security.ldap.SpringSecurityLdapTemplate - Found DN: cn=OpenKM Student,ou=Studenten,ou=MMTOpenUsers,dc=mmtopen,dc=de
2013-01-07 14:01:02,392 [http-bio-0.0.0.0-8080-exec-3] DEBUG org.springframework.security.ldap.authentication.BindAuthenticator - Attempting to bind as cn=OpenKM Student,ou=Studenten,ou=MMTOpenUsers,dc=mmtopen,dc=de
2013-01-07 14:01:02,392 [http-bio-0.0.0.0-8080-exec-3] DEBUG org.springframework.security.ldap.DefaultSpringSecurityContextSource - Removing pooling flag for user cn=OpenKM Student,ou=Studenten,ou=MMTOpenUsers,dc=mmtopen,dc=de
2013-01-07 14:01:02,398 [http-bio-0.0.0.0-8080-exec-3] DEBUG org.springframework.security.ldap.authentication.BindAuthenticator - Retrieving attributes...
2013-01-07 14:01:02,405 [http-bio-0.0.0.0-8080-exec-3] DEBUG org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator - Getting authorities for user cn=OpenKM Student,ou=Studenten,ou=MMTOpenUsers,dc=mmtopen,dc=de
2013-01-07 14:01:02,409 [http-bio-0.0.0.0-8080-exec-3] DEBUG org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator - Searching for roles for user 'okmstudent', DN = 'cn=OpenKM Student,ou=Studenten,ou=MMTOpenUsers,dc=mmtopen,dc=de', with filter (member={1}) in search base 'cn=Users,dc=mmtopen,dc=de'
2013-01-07 14:01:02,412 [http-bio-0.0.0.0-8080-exec-3] DEBUG org.springframework.security.ldap.SpringSecurityLdapTemplate - Using filter: (member=okmstudent)
2013-01-07 14:01:02,412 [http-bio-0.0.0.0-8080-exec-3] INFO  org.springframework.ldap.core.LdapTemplate - The returnObjFlag of supplied SearchControls is not set but a ContextMapper is used - setting flag to true
2013-01-07 14:01:02,414 [http-bio-0.0.0.0-8080-exec-3] DEBUG org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator - Roles from search: []
2013-01-07 14:01:02,415 [http-bio-0.0.0.0-8080-exec-3] DEBUG org.springframework.security.ldap.userdetails.LdapUserDetailsMapper - Mapping user details from context with DN: cn=OpenKM Student,ou=Studenten,ou=MMTOpenUsers,dc=mmtopen,dc=de

...

2013-01-07 14:01:02,469 [http-bio-0.0.0.0-8080-exec-1] INFO  com.openkm.module.db.DbAuthModule - Create okm:trash/okmstudent
2013-01-07 14:01:02,476 [http-bio-0.0.0.0-8080-exec-1] ERROR com.openkm.module.db.DbAuthModule - 6b5ca2f3-a901-4caa-878a-402eea293d42 : /okm:trash
com.openkm.core.PathNotFoundException: 6b5ca2f3-a901-4caa-878a-402eea293d42 : /okm:trash
	at com.openkm.module.db.stuff.SecurityHelper.checkRead(SecurityHelper.java:106)
	at com.openkm.dao.NodeFolderDAO.create(NodeFolderDAO.java:102)
	at com.openkm.module.db.DbAuthModule.createBase(DbAuthModule.java:437)
	at com.openkm.module.db.DbAuthModule.loadUserData(DbAuthModule.java:400)
	at com.openkm.module.db.DbAuthModule.login(DbAuthModule.java:81)
	at com.openkm.api.OKMAuth.login(OKMAuth.java:52)
	at org.apache.jsp.frontend.index_jsp._jspService(index_jsp.java:68)
	at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
	at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:432)
	at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:390)
	at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:334)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:311)
	at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:116)
	at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:101)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:182)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:173)
	at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
	at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:225)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:169)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
	at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
	at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:999)
	at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:565)
	at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:309)
	at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
	at java.lang.Thread.run(Thread.java:662)

OpenKM.xml

Code: Select all

<security:ldap-server id="ldapServer"
    url="ldap://<MY SERVER>:389"
    manager-dn="cn=<USER>,ou=LMMT,ou=MMTOpenUsers,dc=mmtopen,dc=de"
    manager-password="<PASSWORD>"/>
 
  <security:authentication-manager alias="authenticationManager">
    <security:ldap-authentication-provider
      server-ref="ldapServer"
      user-search-base="ou=MMTOpenUsers,dc=mmtopen,dc=de"
      user-search-filter="(&(sAMAccountName={0})(memberOf=cn=OpenKMAllUsers,cn=Users,dc=mmtopen,dc=de))"
      group-search-base="cn=Users,dc=mmtopen,dc=de"
      group-search-filter="(member={1})"
      group-role-attribute="cn"
      role-prefix="none">
    </security:ldap-authentication-provider>
  </security:authentication-manager>

OpenKM Konfiguration in the database (put from working 5.1 copy):

Code: Select all

	default.user.role	UserRole
	default.admin.role	OpenKMAdmins

	principal.adapter	com.openkm.principal.DatabasePrincipalAdapter
			
	principal.ldap.server	ldap://<MYSERVER>:389
	principal.ldap.security.principal	CN=<USER>,ou=LMMT,ou=MMTOpenUsers,dc=mmtopen,dc=de
	principal.ldap.security.credentials	<PASSWORD>
	principal.ldap.referral	
	principal.ldap.users.from.roles	false
	principal.ldap.user.search.base	ou=MMTOpenUsers,dc=mmtopen,dc=de
	principal.ldap.user.search.filter	(&(objectClass=person)(memberOf=cn=OpenKMAllUsers,cn=Users,dc=mmtopen,dc=de))
	principal.ldap.user.attribute	cn
	principal.ldap.role.search.base	cn=Users,dc=mmtopen,dc=de
	principal.ldap.role.search.filter	(&(objectClass=group)(memberOf=cn=OpenKMGroups,cn=Users,dc=mmtopen,dc=de))
	principal.ldap.role.attribute	cn
	principal.ldap.username.search.base	ou=MMTOpenUsers,dc=mmtopen,dc=de
	principal.ldap.username.search.filter	(&(objectClass=person)(memberOf=cn=OpenKMAllUsers,cn=Users,dc=mmtopen,dc=de)(sAMAccountName={0}))
	principal.ldap.username.attribute	cn
	principal.ldap.mail.search.base	ou=MMTOpenUsers,dc=mmtopen,dc=de
	principal.ldap.mail.search.filter	(&(objectClass=person)(sAMAccountName={0}))
	principal.ldap.mail.attribute	mail
	principal.ldap.users.by.role.search.base	cn={0},cn=Users,dc=mmtopen,dc=de
	principal.ldap.users.by.role.search.filter	(objectClass=group)
	principal.ldap.users.by.role.attribute	member
	principal.ldap.roles.by.user.search.base	ou=MMTOpenUsers,dc=mmtopen,dc=de
	principal.ldap.roles.by.user.search.filter	(&(objectClass=person)(cn={0}))
	principal.ldap.roles.by.user.attribute	memberOf

Some advice?

Thanks!

Username

Catscratch

Rank

Platinum Boarder

Posts

336

Joined

Wed Feb 16, 2011 10:35 am

Re: LDAP not working correctly in 6.2

#20645 by dejanfc
Wed Jan 09, 2013 9:29 am

principal.adapter com.openkm.principal.DatabasePrincipalAdapter

Change to

principal.adapter com.openkm.principal.LdapPrincipalAdapter

Username

dejanfc

Rank

Senior Boarder

Posts

60

Joined

Wed Dec 05, 2012 1:40 pm

Re: LDAP not working correctly in 6.2

#20646 by Catscratch
Wed Jan 09, 2013 9:41 am

Good hint.

I changed it to:
principal.adapter = com.openkm.principal.LdapPrincipalAdapter

But still the same problem. Here is the log output:

Code: Select all

// ...
2013-01-09 10:44:00,612 [http-bio-0.0.0.0-8080-exec-6] DEBUG org.springframework.security.authentication.ProviderManager - Authentication attempt using org.springframework.security.ldap.authentication.LdapAuthenticationProvider
2013-01-09 10:44:00,612 [http-bio-0.0.0.0-8080-exec-6] DEBUG org.springframework.security.ldap.authentication.LdapAuthenticationProvider - Processing authentication request for user: rf2
2013-01-09 10:44:00,612 [http-bio-0.0.0.0-8080-exec-6] DEBUG org.springframework.security.ldap.search.FilterBasedLdapUserSearch - Searching for user 'rf2', with user search [ searchFilter: '(&(sAMAccountName={0})(memberOf=cn=OpenKMAllUsers,cn=Users,dc=mmtopen,dc=de))', searchBase: 'ou=MMTOpenUsers,dc=mmtopen,dc=de', scope: subtree, searchTimeLimit: 0, derefLinkFlag: false ]
2013-01-09 10:44:00,617 [http-bio-0.0.0.0-8080-exec-6] DEBUG org.springframework.security.ldap.SpringSecurityLdapTemplate - Searching for entry under DN '', base = 'ou=MMTOpenUsers,dc=mmtopen,dc=de', filter = '(&(sAMAccountName={0})(memberOf=cn=OpenKMAllUsers,cn=Users,dc=mmtopen,dc=de))'
2013-01-09 10:44:00,618 [http-bio-0.0.0.0-8080-exec-6] DEBUG org.springframework.security.ldap.SpringSecurityLdapTemplate - Found DN: cn=Ronny Fritzsche,ou=Mitarbeiter,ou=MMTOpenUsers,dc=mmtopen,dc=de
2013-01-09 10:44:00,620 [http-bio-0.0.0.0-8080-exec-6] DEBUG org.springframework.security.ldap.authentication.BindAuthenticator - Attempting to bind as cn=Ronny Fritzsche,ou=Mitarbeiter,ou=MMTOpenUsers,dc=mmtopen,dc=de
2013-01-09 10:44:00,620 [http-bio-0.0.0.0-8080-exec-6] DEBUG org.springframework.security.ldap.DefaultSpringSecurityContextSource - Removing pooling flag for user cn=Ronny Fritzsche,ou=Mitarbeiter,ou=MMTOpenUsers,dc=mmtopen,dc=de
2013-01-09 10:44:00,628 [http-bio-0.0.0.0-8080-exec-6] DEBUG org.springframework.security.ldap.authentication.BindAuthenticator - Retrieving attributes...
2013-01-09 10:44:00,632 [http-bio-0.0.0.0-8080-exec-6] DEBUG org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator - Getting authorities for user cn=Ronny Fritzsche,ou=Mitarbeiter,ou=MMTOpenUsers,dc=mmtopen,dc=de
2013-01-09 10:44:00,633 [http-bio-0.0.0.0-8080-exec-6] DEBUG org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator - Searching for roles for user 'rf2', DN = 'cn=Ronny Fritzsche,ou=Mitarbeiter,ou=MMTOpenUsers,dc=mmtopen,dc=de', with filter (member={1}) in search base 'cn=Users,dc=mmtopen,dc=de'
2013-01-09 10:44:00,633 [http-bio-0.0.0.0-8080-exec-6] DEBUG org.springframework.security.ldap.SpringSecurityLdapTemplate - Using filter: (member=rf2)
2013-01-09 10:44:00,633 [http-bio-0.0.0.0-8080-exec-6] INFO  org.springframework.ldap.core.LdapTemplate - The returnObjFlag of supplied SearchControls is not set but a ContextMapper is used - setting flag to true
2013-01-09 10:44:00,635 [http-bio-0.0.0.0-8080-exec-6] DEBUG org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator - Roles from search: []
2013-01-09 10:44:00,636 [http-bio-0.0.0.0-8080-exec-6] DEBUG org.springframework.security.ldap.userdetails.LdapUserDetailsMapper - Mapping user details from context with DN: cn=Ronny Fritzsche,ou=Mitarbeiter,ou=MMTOpenUsers,dc=mmtopen,dc=de

// ...

2013-01-09 10:44:00,651 [http-bio-0.0.0.0-8080-exec-1] INFO  com.openkm.module.db.DbAuthModule - Create okm:trash/rf2
2013-01-09 10:44:00,655 [http-bio-0.0.0.0-8080-exec-1] ERROR com.openkm.module.db.DbAuthModule - 6b5ca2f3-a901-4caa-878a-402eea293d42 : /okm:trash
com.openkm.core.PathNotFoundException: 6b5ca2f3-a901-4caa-878a-402eea293d42 : /okm:trash
	at com.openkm.module.db.stuff.SecurityHelper.checkRead(SecurityHelper.java:106)
	at com.openkm.dao.NodeFolderDAO.create(NodeFolderDAO.java:102)
	at com.openkm.module.db.DbAuthModule.createBase(DbAuthModule.java:437)
	at com.openkm.module.db.DbAuthModule.loadUserData(DbAuthModule.java:400)
	at com.openkm.module.db.DbAuthModule.login(DbAuthModule.java:81)
	at com.openkm.api.OKMAuth.login(OKMAuth.java:52)
	at org.apache.jsp.frontend.index_jsp._jspService(index_jsp.java:68)
	at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
	at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:432)
	at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:390)
	at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:334)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:311)
	at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:116)
	at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:101)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:182)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:173)
	at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
	at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:225)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:169)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
	at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
	at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:999)
	at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:565)
	at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:309)
	at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
	at java.lang.Thread.run(Thread.java:662)

Username

Catscratch

Rank

Platinum Boarder

Posts

336

Joined

Wed Feb 16, 2011 10:35 am

Re: LDAP not working correctly in 6.2

#20648 by dejanfc
Wed Jan 09, 2013 9:51 am

Your group search filter isn't returning any roles. Can you even view any roles from the Administration tab?

Username

dejanfc

Rank

Senior Boarder

Posts

60

Joined

Wed Dec 05, 2012 1:40 pm

Re: LDAP not working correctly in 6.2

#20650 by Catscratch
Wed Jan 09, 2013 10:00 am

I can't even login to okm 6.2. So I can't access the administrator tab.

But I can show you what okm 5.1 returned (with the same filter).

Username

Catscratch

Rank

Platinum Boarder

Posts

336

Joined

Wed Feb 16, 2011 10:35 am

Re: LDAP not working correctly in 6.2

#20655 by dejanfc
Wed Jan 09, 2013 10:41 am

Your RolePrefix attribute is set to "none", it should be "". Try that first, if it doesn't work, try to comment out group search filter.

Username

dejanfc

Rank

Senior Boarder

Posts

60

Joined

Wed Dec 05, 2012 1:40 pm

Re: LDAP not working correctly in 6.2

#20657 by Catscratch
Wed Jan 09, 2013 11:21 am

Ok.

I tried

Code: Select all

role-prefix=""

Without success. Same error.

Then I tried:

Code: Select all

<security:authentication-manager alias="authenticationManager">
    <security:ldap-authentication-provider
      server-ref="ldapServer"
      user-search-base="ou=MMTOpenUsers,dc=mmtopen,dc=de"
      user-search-filter="(&(sAMAccountName={0})(memberOf=cn=OpenKMAllUsers,cn=Users,dc=mmtopen,dc=de))"
      role-prefix="">
    </security:ldap-authentication-provider>
  </security:authentication-manager>

Now I get another error:

Code: Select all

2013-01-09 12:22:36,198 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/j_spring_security_check'; against '/services/**'
2013-01-09 12:22:36,199 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/j_spring_security_check'; against '/status'
2013-01-09 12:22:36,199 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/j_spring_security_check'; against '/download'
2013-01-09 12:22:36,199 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/j_spring_security_check'; against '/workflow-register'
2013-01-09 12:22:36,199 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/j_spring_security_check'; against '/webdav/**'
2013-01-09 12:22:36,199 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/j_spring_security_check'; against '/feed/**'
2013-01-09 12:22:36,199 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.FilterChainProxy - /j_spring_security_check at position 1 of 8 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2013-01-09 12:22:36,199 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - HttpSession returned null object for SPRING_SECURITY_CONTEXT
2013-01-09 12:22:36,199 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@789df61d. A new one will be created.
2013-01-09 12:22:36,199 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.FilterChainProxy - /j_spring_security_check at position 2 of 8 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
2013-01-09 12:22:36,199 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter - Request is to process authentication
2013-01-09 12:22:36,200 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.authentication.ProviderManager - Authentication attempt using org.springframework.security.ldap.authentication.LdapAuthenticationProvider
2013-01-09 12:22:36,200 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.ldap.authentication.LdapAuthenticationProvider - Processing authentication request for user: rf2
2013-01-09 12:22:36,203 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.ldap.search.FilterBasedLdapUserSearch - Searching for user 'rf2', with user search [ searchFilter: '(&(sAMAccountName={0})(memberOf=cn=OpenKMAllUsers,cn=Users,dc=mmtopen,dc=de))', searchBase: 'ou=MMTOpenUsers,dc=mmtopen,dc=de', scope: subtree, searchTimeLimit: 0, derefLinkFlag: false ]
2013-01-09 12:22:36,244 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.ldap.SpringSecurityLdapTemplate - Searching for entry under DN '', base = 'ou=MMTOpenUsers,dc=mmtopen,dc=de', filter = '(&(sAMAccountName={0})(memberOf=cn=OpenKMAllUsers,cn=Users,dc=mmtopen,dc=de))'
2013-01-09 12:22:36,272 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.ldap.SpringSecurityLdapTemplate - Found DN: cn=Ronny Fritzsche,ou=Mitarbeiter,ou=MMTOpenUsers,dc=mmtopen,dc=de
2013-01-09 12:22:36,280 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.ldap.authentication.BindAuthenticator - Attempting to bind as cn=Ronny Fritzsche,ou=Mitarbeiter,ou=MMTOpenUsers,dc=mmtopen,dc=de
2013-01-09 12:22:36,280 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.ldap.DefaultSpringSecurityContextSource - Removing pooling flag for user cn=Ronny Fritzsche,ou=Mitarbeiter,ou=MMTOpenUsers,dc=mmtopen,dc=de
2013-01-09 12:22:36,286 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.ldap.authentication.BindAuthenticator - Retrieving attributes...
2013-01-09 12:22:36,292 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator - Getting authorities for user cn=Ronny Fritzsche,ou=Mitarbeiter,ou=MMTOpenUsers,dc=mmtopen,dc=de
2013-01-09 12:22:36,293 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator - Searching for roles for user 'rf2', DN = 'cn=Ronny Fritzsche,ou=Mitarbeiter,ou=MMTOpenUsers,dc=mmtopen,dc=de', with filter (uniqueMember={0}) in search base ''
2013-01-09 12:22:36,293 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.ldap.SpringSecurityLdapTemplate - Using filter: (uniqueMember=cn=Ronny Fritzsche,ou=Mitarbeiter,ou=MMTOpenUsers,dc=mmtopen,dc=de)
2013-01-09 12:22:36,295 [http-bio-0.0.0.0-8080-exec-9] INFO  org.springframework.ldap.core.LdapTemplate - The returnObjFlag of supplied SearchControls is not set but a ContextMapper is used - setting flag to true
2013-01-09 12:22:36,317 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2013-01-09 12:22:36,317 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.context.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
2013-01-09 12:22:36,317 [http-bio-0.0.0.0-8080-exec-9] ERROR org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/OpenKM].[default] - Servlet.service() for servlet [default] in context with path [/OpenKM] threw exception
org.springframework.ldap.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-031001BF, problem 2001 (NO_OBJECT), data 0, best match of:
	''
NUL]; nested exception is javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-031001BF, problem 2001 (NO_OBJECT), data 0, best match of:
	''
NUL]; remaining name ''
	at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:174)
	at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:306)
	at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:259)
	at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:606)
	at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:524)
	at org.springframework.security.ldap.SpringSecurityLdapTemplate.searchForSingleAttributeValues(SpringSecurityLdapTemplate.java:173)
	at org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator.getGroupMembershipRoles(DefaultLdapAuthoritiesPopulator.java:215)
	at org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator.getGrantedAuthorities(DefaultLdapAuthoritiesPopulator.java:185)
	at org.springframework.security.ldap.authentication.LdapAuthenticationProvider.loadUserAuthorities(LdapAuthenticationProvider.java:197)
	at org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider.authenticate(AbstractLdapAuthenticationProvider.java:63)
	at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156)
	at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:174)
	at org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter.attemptAuthentication(UsernamePasswordAuthenticationFilter.java:94)
	at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:194)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:173)
	at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
	at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:225)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:169)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
	at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
	at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:999)
	at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:565)
	at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:309)
	at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
	at java.lang.Thread.run(Thread.java:662)
Caused by: javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-031001BF, problem 2001 (NO_OBJECT), data 0, best match of:
	''
NUL]; nested exception is javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-031001BF, problem 2001 (NO_OBJECT), data 0, best match of:
	''
NUL]; remaining name ''
	at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:174)
	at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:306)
	at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:259)
	at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:606)
	at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:524)
	at org.springframework.security.ldap.SpringSecurityLdapTemplate.searchForSingleAttributeValues(SpringSecurityLdapTemplate.java:173)
	at org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator.getGroupMembershipRoles(DefaultLdapAuthoritiesPopulator.java:215)
	at org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator.getGrantedAuthorities(DefaultLdapAuthoritiesPopulator.java:185)
	at org.springframework.security.ldap.authentication.LdapAuthenticationProvider.loadUserAuthorities(LdapAuthenticationProvider.java:197)
	at org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider.authenticate(AbstractLdapAuthenticationProvider.java:63)
	at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156)
	at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:174)
	at org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter.attemptAuthentication(UsernamePasswordAuthenticationFilter.java:94)
	at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:194)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:173)
	at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
	at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:225)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:169)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
	at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
	at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:999)
	at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:565)
	at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:309)
	at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
	at java.lang.Thread.run(Thread.java:662)
Caused by: javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-031001BF, problem 2001 (NO_OBJECT), data 0, best match of:
	''
NUL]; remaining name ''
	at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3066)
	at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2987)
	at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2794)
	at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1826)
	at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1749)
	at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368)
	at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338)
	at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:321)
	at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:248)
	at org.springframework.ldap.core.LdapTemplate$4.executeSearch(LdapTemplate.java:253)
	at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:293)
	... 34 more

Username

Catscratch

Rank

Platinum Boarder

Posts

336

Joined

Wed Feb 16, 2011 10:35 am

Re: LDAP not working correctly in 6.2

#20658 by dejanfc
Wed Jan 09, 2013 11:40 am

You also deleted the group search base

Code: Select all

 group-search-base="cn=Users,dc=mmtopen,dc=de"
group-search-filter="(member={1})"

Change to:

Code: Select all

group-search-base="cn=Users,dc=mmtopen,dc=de"
<!--  group-search-filter="(member={1})" -->

Or even change the search filter to something else, like (objectClass=group), depends on ldap configuration.

Username

dejanfc

Rank

Senior Boarder

Posts

60

Joined

Wed Dec 05, 2012 1:40 pm

Re: LDAP not working correctly in 6.2

#20662 by Catscratch
Wed Jan 09, 2013 1:32 pm

Ok, now with only removing the search-filter, I get the same old error again.

Code: Select all

2013-01-09 14:36:00,096 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/j_spring_security_check'; against '/services/**'
2013-01-09 14:36:00,098 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/j_spring_security_check'; against '/status'
2013-01-09 14:36:00,098 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/j_spring_security_check'; against '/download'
2013-01-09 14:36:00,098 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/j_spring_security_check'; against '/workflow-register'
2013-01-09 14:36:00,098 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/j_spring_security_check'; against '/webdav/**'
2013-01-09 14:36:00,098 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/j_spring_security_check'; against '/feed/**'
2013-01-09 14:36:00,098 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.FilterChainProxy - /j_spring_security_check at position 1 of 8 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2013-01-09 14:36:00,098 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - HttpSession returned null object for SPRING_SECURITY_CONTEXT
2013-01-09 14:36:00,099 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@3456c4a2. A new one will be created.
2013-01-09 14:36:00,099 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.FilterChainProxy - /j_spring_security_check at position 2 of 8 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
2013-01-09 14:36:00,099 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter - Request is to process authentication
2013-01-09 14:36:00,099 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.authentication.ProviderManager - Authentication attempt using org.springframework.security.ldap.authentication.LdapAuthenticationProvider
2013-01-09 14:36:00,099 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.ldap.authentication.LdapAuthenticationProvider - Processing authentication request for user: rf2
2013-01-09 14:36:00,102 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.ldap.search.FilterBasedLdapUserSearch - Searching for user 'rf2', with user search [ searchFilter: '(&(sAMAccountName={0})(memberOf=cn=OpenKMAllUsers,cn=Users,dc=mmtopen,dc=de))', searchBase: 'ou=MMTOpenUsers,dc=mmtopen,dc=de', scope: subtree, searchTimeLimit: 0, derefLinkFlag: false ]
2013-01-09 14:36:00,205 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.ldap.SpringSecurityLdapTemplate - Searching for entry under DN '', base = 'ou=MMTOpenUsers,dc=mmtopen,dc=de', filter = '(&(sAMAccountName={0})(memberOf=cn=OpenKMAllUsers,cn=Users,dc=mmtopen,dc=de))'
2013-01-09 14:36:00,236 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.ldap.SpringSecurityLdapTemplate - Found DN: cn=Ronny Fritzsche,ou=Mitarbeiter,ou=MMTOpenUsers,dc=mmtopen,dc=de
2013-01-09 14:36:00,244 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.ldap.authentication.BindAuthenticator - Attempting to bind as cn=Ronny Fritzsche,ou=Mitarbeiter,ou=MMTOpenUsers,dc=mmtopen,dc=de
2013-01-09 14:36:00,244 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.ldap.DefaultSpringSecurityContextSource - Removing pooling flag for user cn=Ronny Fritzsche,ou=Mitarbeiter,ou=MMTOpenUsers,dc=mmtopen,dc=de
2013-01-09 14:36:00,285 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.ldap.authentication.BindAuthenticator - Retrieving attributes...
2013-01-09 14:36:00,290 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator - Getting authorities for user cn=Ronny Fritzsche,ou=Mitarbeiter,ou=MMTOpenUsers,dc=mmtopen,dc=de
2013-01-09 14:36:00,290 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator - Searching for roles for user 'rf2', DN = 'cn=Ronny Fritzsche,ou=Mitarbeiter,ou=MMTOpenUsers,dc=mmtopen,dc=de', with filter (uniqueMember={0}) in search base 'cn=Users,dc=mmtopen,dc=de'
2013-01-09 14:36:00,290 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.ldap.SpringSecurityLdapTemplate - Using filter: (uniqueMember=cn=Ronny Fritzsche,ou=Mitarbeiter,ou=MMTOpenUsers,dc=mmtopen,dc=de)
2013-01-09 14:36:00,292 [http-bio-0.0.0.0-8080-exec-9] INFO  org.springframework.ldap.core.LdapTemplate - The returnObjFlag of supplied SearchControls is not set but a ContextMapper is used - setting flag to true
2013-01-09 14:36:00,405 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator - Roles from search: []
2013-01-09 14:36:00,406 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.ldap.userdetails.LdapUserDetailsMapper - Mapping user details from context with DN: cn=Ronny Fritzsche,ou=Mitarbeiter,ou=MMTOpenUsers,dc=mmtopen,dc=de
2013-01-09 14:36:00,412 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy - Invalidating session with Id 'C7D0D845DE7A8CC876AB9572868B3DBE' and migrating attributes.
2013-01-09 14:36:00,423 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy - Started new session: 7582415DE11DB4738EC911861599CF0F
2013-01-09 14:36:00,423 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter - Authentication success. Updating SecurityContextHolder to contain: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@d203c50f: Principal: org.springframework.security.ldap.userdetails.LdapUserDetailsImpl@2dfde4ab: Dn: cn=Ronny Fritzsche,ou=Mitarbeiter,ou=MMTOpenUsers,dc=mmtopen,dc=de; Username: rf2; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; CredentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@1de60: RemoteIpAddress: 141.76.61.150; SessionId: C7D0D845DE7A8CC876AB9572868B3DBE; Not granted any authorities
2013-01-09 14:36:00,423 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler - Redirecting to DefaultSavedRequest Url: http://141.76.68.69:8080/OpenKM/frontend/index.jsp
2013-01-09 14:36:00,424 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.DefaultRedirectStrategy - Redirecting to 'http://141.76.68.69:8080/OpenKM/frontend/index.jsp'
2013-01-09 14:36:00,442 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - SecurityContext stored to HttpSession: 'org.springframework.security.core.context.SecurityContextImpl@d203c50f: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@d203c50f: Principal: org.springframework.security.ldap.userdetails.LdapUserDetailsImpl@2dfde4ab: Dn: cn=Ronny Fritzsche,ou=Mitarbeiter,ou=MMTOpenUsers,dc=mmtopen,dc=de; Username: rf2; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; CredentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@1de60: RemoteIpAddress: 141.76.61.150; SessionId: C7D0D845DE7A8CC876AB9572868B3DBE; Not granted any authorities'
2013-01-09 14:36:00,442 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.context.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
2013-01-09 14:36:00,449 [http-bio-0.0.0.0-8080-exec-10] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/frontend/index.jsp'; against '/services/**'
2013-01-09 14:36:00,469 [http-bio-0.0.0.0-8080-exec-10] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/frontend/index.jsp'; against '/status'
2013-01-09 14:36:00,469 [http-bio-0.0.0.0-8080-exec-10] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/frontend/index.jsp'; against '/download'
2013-01-09 14:36:00,469 [http-bio-0.0.0.0-8080-exec-10] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/frontend/index.jsp'; against '/workflow-register'
2013-01-09 14:36:00,469 [http-bio-0.0.0.0-8080-exec-10] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/frontend/index.jsp'; against '/webdav/**'
2013-01-09 14:36:00,469 [http-bio-0.0.0.0-8080-exec-10] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/frontend/index.jsp'; against '/feed/**'
2013-01-09 14:36:00,469 [http-bio-0.0.0.0-8080-exec-10] DEBUG org.springframework.security.web.FilterChainProxy - /frontend/index.jsp at position 1 of 8 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2013-01-09 14:36:00,469 [http-bio-0.0.0.0-8080-exec-10] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - Obtained a valid SecurityContext from SPRING_SECURITY_CONTEXT: 'org.springframework.security.core.context.SecurityContextImpl@d203c50f: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@d203c50f: Principal: org.springframework.security.ldap.userdetails.LdapUserDetailsImpl@2dfde4ab: Dn: cn=Ronny Fritzsche,ou=Mitarbeiter,ou=MMTOpenUsers,dc=mmtopen,dc=de; Username: rf2; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; CredentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@1de60: RemoteIpAddress: 141.76.61.150; SessionId: C7D0D845DE7A8CC876AB9572868B3DBE; Not granted any authorities'
2013-01-09 14:36:00,469 [http-bio-0.0.0.0-8080-exec-10] DEBUG org.springframework.security.web.FilterChainProxy - /frontend/index.jsp at position 2 of 8 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
2013-01-09 14:36:00,469 [http-bio-0.0.0.0-8080-exec-10] DEBUG org.springframework.security.web.FilterChainProxy - /frontend/index.jsp at position 3 of 8 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
2013-01-09 14:36:00,469 [http-bio-0.0.0.0-8080-exec-10] DEBUG org.springframework.security.web.savedrequest.DefaultSavedRequest - pathInfo: both null (property equals)
2013-01-09 14:36:00,469 [http-bio-0.0.0.0-8080-exec-10] DEBUG org.springframework.security.web.savedrequest.DefaultSavedRequest - queryString: both null (property equals)
2013-01-09 14:36:00,469 [http-bio-0.0.0.0-8080-exec-10] DEBUG org.springframework.security.web.savedrequest.DefaultSavedRequest - requestURI: arg1=/OpenKM/frontend/index.jsp; arg2=/OpenKM/frontend/index.jsp (property equals)
2013-01-09 14:36:00,469 [http-bio-0.0.0.0-8080-exec-10] DEBUG org.springframework.security.web.savedrequest.DefaultSavedRequest - serverPort: arg1=8080; arg2=8080 (property equals)
2013-01-09 14:36:00,470 [http-bio-0.0.0.0-8080-exec-10] DEBUG org.springframework.security.web.savedrequest.DefaultSavedRequest - requestURL: arg1=http://141.76.68.69:8080/OpenKM/frontend/index.jsp; arg2=http://141.76.68.69:8080/OpenKM/frontend/index.jsp (property equals)
2013-01-09 14:36:00,470 [http-bio-0.0.0.0-8080-exec-10] DEBUG org.springframework.security.web.savedrequest.DefaultSavedRequest - scheme: arg1=http; arg2=http (property equals)
2013-01-09 14:36:00,470 [http-bio-0.0.0.0-8080-exec-10] DEBUG org.springframework.security.web.savedrequest.DefaultSavedRequest - serverName: arg1=141.76.68.69; arg2=141.76.68.69 (property equals)
2013-01-09 14:36:00,470 [http-bio-0.0.0.0-8080-exec-10] DEBUG org.springframework.security.web.savedrequest.DefaultSavedRequest - contextPath: arg1=/OpenKM; arg2=/OpenKM (property equals)
2013-01-09 14:36:00,470 [http-bio-0.0.0.0-8080-exec-10] DEBUG org.springframework.security.web.savedrequest.DefaultSavedRequest - servletPath: arg1=/frontend/index.jsp; arg2=/frontend/index.jsp (property equals)
2013-01-09 14:36:00,470 [http-bio-0.0.0.0-8080-exec-10] DEBUG org.springframework.security.web.savedrequest.HttpSessionRequestCache - Removing DefaultSavedRequest from session if present
2013-01-09 14:36:00,477 [http-bio-0.0.0.0-8080-exec-10] DEBUG org.springframework.security.web.FilterChainProxy - /frontend/index.jsp at position 4 of 8 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2013-01-09 14:36:00,477 [http-bio-0.0.0.0-8080-exec-10] DEBUG org.springframework.security.web.FilterChainProxy - /frontend/index.jsp at position 5 of 8 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2013-01-09 14:36:00,477 [http-bio-0.0.0.0-8080-exec-10] DEBUG org.springframework.security.web.authentication.AnonymousAuthenticationFilter - SecurityContextHolder not populated with anonymous token, as it already contained: 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken@d203c50f: Principal: org.springframework.security.ldap.userdetails.LdapUserDetailsImpl@2dfde4ab: Dn: cn=Ronny Fritzsche,ou=Mitarbeiter,ou=MMTOpenUsers,dc=mmtopen,dc=de; Username: rf2; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; CredentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@1de60: RemoteIpAddress: 141.76.61.150; SessionId: C7D0D845DE7A8CC876AB9572868B3DBE; Not granted any authorities'
2013-01-09 14:36:00,477 [http-bio-0.0.0.0-8080-exec-10] DEBUG org.springframework.security.web.FilterChainProxy - /frontend/index.jsp at position 6 of 8 in additional filter chain; firing Filter: 'SessionManagementFilter'
2013-01-09 14:36:00,477 [http-bio-0.0.0.0-8080-exec-10] DEBUG org.springframework.security.web.FilterChainProxy - /frontend/index.jsp at position 7 of 8 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2013-01-09 14:36:00,477 [http-bio-0.0.0.0-8080-exec-10] DEBUG org.springframework.security.web.FilterChainProxy - /frontend/index.jsp at position 8 of 8 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2013-01-09 14:36:00,477 [http-bio-0.0.0.0-8080-exec-10] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/frontend/index.jsp'; against '/frontend/**'
2013-01-09 14:36:00,477 [http-bio-0.0.0.0-8080-exec-10] DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor - Secure object: FilterInvocation: URL: /frontend/index.jsp; Attributes: [IS_AUTHENTICATED_FULLY]
2013-01-09 14:36:00,477 [http-bio-0.0.0.0-8080-exec-10] DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor - Previously Authenticated: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@d203c50f: Principal: org.springframework.security.ldap.userdetails.LdapUserDetailsImpl@2dfde4ab: Dn: cn=Ronny Fritzsche,ou=Mitarbeiter,ou=MMTOpenUsers,dc=mmtopen,dc=de; Username: rf2; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; CredentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@1de60: RemoteIpAddress: 141.76.61.150; SessionId: C7D0D845DE7A8CC876AB9572868B3DBE; Not granted any authorities
2013-01-09 14:36:00,477 [http-bio-0.0.0.0-8080-exec-10] DEBUG org.springframework.security.access.vote.AffirmativeBased - Voter: org.springframework.security.access.vote.RoleVoter@2d205042, returned: 0
2013-01-09 14:36:00,477 [http-bio-0.0.0.0-8080-exec-10] DEBUG org.springframework.security.access.vote.AffirmativeBased - Voter: org.springframework.security.access.vote.AuthenticatedVoter@24753433, returned: 1
2013-01-09 14:36:00,477 [http-bio-0.0.0.0-8080-exec-10] DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor - Authorization successful
2013-01-09 14:36:00,478 [http-bio-0.0.0.0-8080-exec-10] DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor - RunAsManager did not change Authentication object
2013-01-09 14:36:00,478 [http-bio-0.0.0.0-8080-exec-10] DEBUG org.springframework.security.web.FilterChainProxy - /frontend/index.jsp reached end of additional filter chain; proceeding with original chain
2013-01-09 14:36:00,711 [http-bio-0.0.0.0-8080-exec-10] INFO  com.openkm.module.db.DbAuthModule - Create okm:trash/rf2
2013-01-09 14:36:00,736 [http-bio-0.0.0.0-8080-exec-10] ERROR com.openkm.module.db.DbAuthModule - 6b5ca2f3-a901-4caa-878a-402eea293d42 : /okm:trash
com.openkm.core.PathNotFoundException: 6b5ca2f3-a901-4caa-878a-402eea293d42 : /okm:trash
	at com.openkm.module.db.stuff.SecurityHelper.checkRead(SecurityHelper.java:106)
	at com.openkm.dao.NodeFolderDAO.create(NodeFolderDAO.java:102)
	at com.openkm.module.db.DbAuthModule.createBase(DbAuthModule.java:437)
	at com.openkm.module.db.DbAuthModule.loadUserData(DbAuthModule.java:400)
	at com.openkm.module.db.DbAuthModule.login(DbAuthModule.java:81)
	at com.openkm.api.OKMAuth.login(OKMAuth.java:52)
	at org.apache.jsp.frontend.index_jsp._jspService(index_jsp.java:68)
	at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
	at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:432)
	at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:390)
	at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:334)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:311)
	at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:116)
	at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:101)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:182)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:173)
	at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
	at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:225)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:169)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
	at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
	at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:999)
	at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:565)
	at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:309)
	at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
	at java.lang.Thread.run(Thread.java:662)
2013-01-09 14:36:00,751 [http-bio-0.0.0.0-8080-exec-10] DEBUG org.springframework.security.web.access.ExceptionTranslationFilter - Chain processed normally
2013-01-09 14:36:00,751 [http-bio-0.0.0.0-8080-exec-10] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - HttpSession is now null, but was not null at start of request; session was invalidated, so do not create a new session
2013-01-09 14:36:00,751 [http-bio-0.0.0.0-8080-exec-10] DEBUG org.springframework.security.web.context.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
2013-01-09 14:36:00,867 [http-bio-0.0.0.0-8080-exec-1] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/logo/login'; against '/services/**'
2013-01-09 14:36:00,867 [http-bio-0.0.0.0-8080-exec-1] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/logo/login'; against '/status'
2013-01-09 14:36:00,868 [http-bio-0.0.0.0-8080-exec-1] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/logo/login'; against '/download'
2013-01-09 14:36:00,868 [http-bio-0.0.0.0-8080-exec-1] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/logo/login'; against '/workflow-register'
2013-01-09 14:36:00,868 [http-bio-0.0.0.0-8080-exec-1] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/logo/login'; against '/webdav/**'
2013-01-09 14:36:00,868 [http-bio-0.0.0.0-8080-exec-1] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/logo/login'; against '/feed/**'
2013-01-09 14:36:00,868 [http-bio-0.0.0.0-8080-exec-1] DEBUG org.springframework.security.web.FilterChainProxy - /logo/login at position 1 of 8 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2013-01-09 14:36:00,868 [http-bio-0.0.0.0-8080-exec-1] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - No HttpSession currently exists
2013-01-09 14:36:00,868 [http-bio-0.0.0.0-8080-exec-1] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - No SecurityContext was available from the HttpSession: null. A new one will be created.
2013-01-09 14:36:00,868 [http-bio-0.0.0.0-8080-exec-1] DEBUG org.springframework.security.web.FilterChainProxy - /logo/login at position 2 of 8 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
2013-01-09 14:36:00,868 [http-bio-0.0.0.0-8080-exec-1] DEBUG org.springframework.security.web.FilterChainProxy - /logo/login at position 3 of 8 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
2013-01-09 14:36:00,868 [http-bio-0.0.0.0-8080-exec-1] DEBUG org.springframework.security.web.FilterChainProxy - /logo/login at position 4 of 8 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2013-01-09 14:36:00,868 [http-bio-0.0.0.0-8080-exec-1] DEBUG org.springframework.security.web.FilterChainProxy - /logo/login at position 5 of 8 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2013-01-09 14:36:00,868 [http-bio-0.0.0.0-8080-exec-1] DEBUG org.springframework.security.web.authentication.AnonymousAuthenticationFilter - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@90550640: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@7798: RemoteIpAddress: 141.76.61.150; SessionId: null; Granted Authorities: ROLE_ANONYMOUS'
2013-01-09 14:36:00,868 [http-bio-0.0.0.0-8080-exec-1] DEBUG org.springframework.security.web.FilterChainProxy - /logo/login at position 6 of 8 in additional filter chain; firing Filter: 'SessionManagementFilter'
2013-01-09 14:36:00,868 [http-bio-0.0.0.0-8080-exec-1] DEBUG org.springframework.security.web.session.SessionManagementFilter - Requested session ID7582415DE11DB4738EC911861599CF0F is invalid.
2013-01-09 14:36:00,869 [http-bio-0.0.0.0-8080-exec-1] DEBUG org.springframework.security.web.FilterChainProxy - /logo/login at position 7 of 8 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2013-01-09 14:36:00,869 [http-bio-0.0.0.0-8080-exec-1] DEBUG org.springframework.security.web.FilterChainProxy - /logo/login at position 8 of 8 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2013-01-09 14:36:00,869 [http-bio-0.0.0.0-8080-exec-1] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/logo/login'; against '/frontend/**'
2013-01-09 14:36:00,869 [http-bio-0.0.0.0-8080-exec-1] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/logo/login'; against '/login.jsp'
2013-01-09 14:36:00,869 [http-bio-0.0.0.0-8080-exec-1] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/logo/login'; against '/admin/**'
2013-01-09 14:36:00,869 [http-bio-0.0.0.0-8080-exec-1] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/logo/login'; against '/repositorystartup'
2013-01-09 14:36:00,869 [http-bio-0.0.0.0-8080-exec-1] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/logo/login'; against '/test'
2013-01-09 14:36:00,869 [http-bio-0.0.0.0-8080-exec-1] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/logo/login'; against '/extension/**'
2013-01-09 14:36:00,869 [http-bio-0.0.0.0-8080-exec-1] DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor - Public object - authentication not attempted
2013-01-09 14:36:00,869 [http-bio-0.0.0.0-8080-exec-1] DEBUG org.springframework.security.web.FilterChainProxy - /logo/login reached end of additional filter chain; proceeding with original chain
2013-01-09 14:36:00,873 [http-bio-0.0.0.0-8080-exec-1] DEBUG org.springframework.security.web.access.ExceptionTranslationFilter - Chain processed normally
2013-01-09 14:36:00,873 [http-bio-0.0.0.0-8080-exec-1] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2013-01-09 14:36:00,873 [http-bio-0.0.0.0-8080-exec-1] DEBUG org.springframework.security.web.context.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed

Username

Catscratch

Rank

Platinum Boarder

Posts

336

Joined

Wed Feb 16, 2011 10:35 am

Re: LDAP not working correctly in 6.2

#20663 by dejanfc
Wed Jan 09, 2013 1:57 pm

You're still not getting the roles correctly. Where are:

Code: Select all

default.user.role   UserRole
default.admin.role   OpenKMAdmins

Located? In cn=Users,dc=mmtopen,dc=de or cn=OpenKMGroups,cn=Users,dc=mmtopen,dc=de ? You can also try using the searchSubtree attribute or just switch to bean configuration.

If you perform the ldapsearch for cn=UserRole , what is the distinguished name?

Username

dejanfc

Rank

Senior Boarder

Posts

60

Joined

Wed Dec 05, 2012 1:40 pm

Re: LDAP not working correctly in 6.2

#20664 by Catscratch
Wed Jan 09, 2013 2:28 pm

dejanfc wrote: default.user.role UserRole
default.admin.role OpenKMAdmins

I changed it to

Code: Select all

   default.user.role   OpenKMAllUsers
   default.admin.role   OpenKMAdmins

Because, OpenKMAllUsers should be the right user role. But I wonder why it is working in okm 5.1. UserRole isn't a valid groud in our ldap.
But still the same problem.

dejanfc wrote: Located? In cn=Users,dc=mmtopen,dc=de or cn=OpenKMGroups,cn=Users,dc=mmtopen,dc=de ?

In Both. Every group (CN) is present in Users, but Users also contain a group (OpenKMGroups) which groups all other OpenKM groups.

dejanfc wrote: If you perform the ldapsearch for cn=UserRole , what is the distinguished name?

Nothing, because it doesn't exist.

Username

Catscratch

Rank

Platinum Boarder

Posts

336

Joined

Wed Feb 16, 2011 10:35 am

Re: LDAP not working correctly in 6.2

#20665 by dejanfc
Wed Jan 09, 2013 2:34 pm

Catscratch wrote: I changed it to
Code: Select all
   default.user.role   OpenKMAllUsers
   default.admin.role   OpenKMAdmins
dejanfc wrote: If you perform the ldapsearch for cn=UserRole , what is the distinguished name?
Nothing, because it doesn't exist.

if you have OpenKMAllUsers set in OpenKM configuration as default user role, then do ldapsearch for that.

Username

dejanfc

Rank

Senior Boarder

Posts

60

Joined

Wed Dec 05, 2012 1:40 pm

Re: LDAP not working correctly in 6.2

#20666 by Catscratch
Wed Jan 09, 2013 3:07 pm

Then I get this:

Code: Select all

"Dn"	
"CN=OpenKMAllUsers,CN=Users,DC=mmtopen,DC=de"

Username

Catscratch

Rank

Platinum Boarder

Posts

336

Joined

Wed Feb 16, 2011 10:35 am

Re: LDAP not working correctly in 6.2

#20685 by dejanfc
Thu Jan 10, 2013 7:28 am

Try to disable the RoleVoter bean in applicationContext.xml:

Code: Select all

<!--  Remove prefix to be able of use custom roles
    <beans:bean class="org.springframework.security.access.vote.RoleVoter">
        <beans:property name="rolePrefix" value=""/>
    </beans:bean> -->

And do the ldapsearch for one of your users (maybe rf2, to see if you even get the OpenKMAllUsers group) to check if the group attribute is maybe memberOf (set that in group-search-filter then, or even try with member={0} instead of member={1} ). Beyond that, you could switch to bean configuration and see if that works for you.

Username

dejanfc

Rank

Senior Boarder

Posts

60

Joined

Wed Dec 05, 2012 1:40 pm

Re: LDAP not working correctly in 6.2

#20686 by Catscratch
Thu Jan 10, 2013 8:08 am

Thanks for the hint.

I changed the search-filter to member={0} and indeed. The groups are found.

Code: Select all

2013-01-10 09:08:51,559 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.ldap.SpringSecurityLdapTemplate - Using filter: (member=cn=Ronny Fritzsche,ou=Mitarbeiter,ou=MMTOpenUsers,dc=mmtopen,dc=de)
// ...
2013-01-10 09:08:51,627 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator - Roles from search: [OpenKMAllUsers, Domänen-Admins, OpenKMMitarbeiter, OpenKMAdmins]

But the error still is the same:

Code: Select all

2013-01-10 09:08:51,775 [http-bio-0.0.0.0-8080-exec-10] INFO  com.openkm.module.db.DbAuthModule - Create okm:trash/rf2
2013-01-10 09:08:51,897 [http-bio-0.0.0.0-8080-exec-10] ERROR com.openkm.module.db.DbAuthModule - 6b5ca2f3-a901-4caa-878a-402eea293d42 : /okm:trash
com.openkm.core.PathNotFoundException: 6b5ca2f3-a901-4caa-878a-402eea293d42 : /okm:trash
	at com.openkm.module.db.stuff.SecurityHelper.checkRead(SecurityHelper.java:106)
	at com.openkm.dao.NodeFolderDAO.create(NodeFolderDAO.java:102)
	at com.openkm.module.db.DbAuthModule.createBase(DbAuthModule.java:437)
	at com.openkm.module.db.DbAuthModule.loadUserData(DbAuthModule.java:400)
	at com.openkm.module.db.DbAuthModule.login(DbAuthModule.java:81)
	at com.openkm.api.OKMAuth.login(OKMAuth.java:52)
	at org.apache.jsp.frontend.index_jsp._jspService(index_jsp.java:68)
	at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
	at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:432)
	at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:390)
	at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:334)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:311)
	at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:116)
	at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:101)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:182)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:173)
	at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
	at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:225)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:169)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
	at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
	at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:999)
	at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:565)
	at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:309)
	at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
	at java.lang.Thread.run(Thread.java:662)

So what is the problem with this strange ID ( 6b5ca2f3-a901-4caa-878a-402eea293d42 )? Seems like OKM creates a folder in the trash called by the user login (rf2) but then I get a PathNotFound Exception by an ID?

Thanks for your advice.

Username

Catscratch

Rank

Platinum Boarder

Posts

336

Joined

Wed Feb 16, 2011 10:35 am

Reply

Page 1 of 4
55 posts

1
2
3
4

Return to “Configuration”

Display:

Sort by:

Sort by:

Jump to:

- All times are UTC -