5.0 RC1 Active directory issues

[ManPage]

I am getting a bunch of errors any time anyone logs in. my OpenKM.cfg has this

Code: Select all

principal.adapter=com.openkm.principal.LdapPrincipalAdapter
principal.ldap.server=ldap://192.168.1.14
principal.ldap.security.principal=CN=BindUser,ou=Personnel,ou=Union,dc=atlanticunion,dc=org
principal.ldap.security.credentials=***
principal.ldap.user.search.base=ou=personnel,ou=union,dc=atlanticunion,dc=org
#principal.ldap.user.search.filter=(&(objectclass=user)(memberOf=CN=UserRole,OU=Personnel,OU=Union,DC=atlanticunion,DC=org))
principal.ldap.user.search.filter=(objectclass=person)
principal.ldap.user.attribute=cn
principal.ldap.role.search.base=ou=Personnel,ou=Union,dc=atlanticunion,dc=org
#principal.ldap.role.search.filter=(&(objectclass=group)(memberOf=CN=OpenKM,OU=Personnel,OU=Union,DC=atlanticunion,DC=org))
principal.ldap.role.search.filter=(objectclass=group)
principal.ldap.role.attribute=cn
principal.ldap.mail.search.base=cn={0},ou=Personnel,ou=Union,ou=atlanticunion,dc=org
principal.ldap.mail.search.filter=(objectclass=person)
principal.ldap.mail.attribute=mail
system.login.lowercase=on

login-config.xml

Code: Select all

<application-policy name = "OpenKM">
       <authentication>
         <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag = "required">
            <module-option name="java.naming.provider.url">ldap://192.168.1.14</module-option>
            <module-option name="bindDN">CN=BindUser,ou=Personnel,ou=Union,dc=atlanticunion,dc=org</module-option>
            <module-option name="java.naming.security.authentication">simple</module-option>
            <module-option name="bindCredential">***</module-option>
            <module-option name="baseCtxDN">ou=personnel,ou=union,dc=atlanticunion,dc=org</module-option>
            <module-option name="rolesCtxDN">ou=personnel,ou=union,dc=atlanticunion,dc=org</module-option>
            <module-option name="roleFilter">(member={1})</module-option>
            <module-option name="roleAttributeID">cn</module-option>
            <module-option name="roleAttributeIsDN">true</module-option>
            <module-option name="roleRecursion">2</module-option>
            <module-option name="searchScope">ONELEVEL_SCOPE</module-option>
            <module-option name="allowEmptyPasswords">false</module-option>
            <module-option name="baseFilter">(sAMAccountName={0})</module-option>
            <module-option name="defaultRole">UserRole</module-option>

         </login-module>
       </authentication>
    </application-policy>

The error is

Code: Select all

16:22:05,850 ERROR [STDERR] javax.naming.directory.InvalidSearchFilterException: Empty filter; remaining name 'ou=personnel,ou=union,dc=atlanticunion,dc=org'
16:22:05,851 ERROR [STDERR] 	at com.sun.jndi.ldap.Filter.encodeFilterString(Filter.java:39)
16:22:05,851 ERROR [STDERR] 	at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:520)
16:22:05,851 ERROR [STDERR] 	at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1962)
16:22:05,851 ERROR [STDERR] 	at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1824)
16:22:05,851 ERROR [STDERR] 	at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1749)
16:22:05,851 ERROR [STDERR] 	at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368)
16:22:05,851 ERROR [STDERR] 	at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338)
16:22:05,851 ERROR [STDERR] 	at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:321)
16:22:05,851 ERROR [STDERR] 	at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:248)
16:22:05,851 ERROR [STDERR] 	at com.openkm.principal.LdapPrincipalAdapter.ldapSearch(LdapPrincipalAdapter.java:200)
16:22:05,851 ERROR [STDERR] 	at com.openkm.principal.LdapPrincipalAdapter.getRolesByUser(LdapPrincipalAdapter.java:136)
16:22:05,851 ERROR [STDERR] 	at com.openkm.module.direct.DirectAuthModule.getRolesByUser(DirectAuthModule.java:836)
16:22:05,851 ERROR [STDERR] 	at com.openkm.api.OKMAuth.getRolesByUser(OKMAuth.java:161)
16:22:05,851 ERROR [STDERR] 	at com.openkm.frontend.server.OKMWorkspaceServlet.getUserWorkspace(OKMWorkspaceServlet.java:296)
16:22:05,851 ERROR [STDERR] 	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
16:22:05,851 ERROR [STDERR] 	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
16:22:05,851 ERROR [STDERR] 	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
16:22:05,851 ERROR [STDERR] 	at java.lang.reflect.Method.invoke(Method.java:597)
16:22:05,851 ERROR [STDERR] 	at com.google.gwt.user.server.rpc.RPC.invokeAndEncodeResponse(RPC.java:562)
16:22:05,851 ERROR [STDERR] 	at com.google.gwt.user.server.rpc.RemoteServiceServlet.processCall(RemoteServiceServlet.java:188)
16:22:05,851 ERROR [STDERR] 	at com.google.gwt.user.server.rpc.RemoteServiceServlet.processPost(RemoteServiceServlet.java:224)
16:22:05,851 ERROR [STDERR] 	at com.google.gwt.user.server.rpc.AbstractRemoteServiceServlet.doPost(AbstractRemoteServiceServlet.java:62)
16:22:05,851 ERROR [STDERR] 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
16:22:05,851 ERROR [STDERR] 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
16:22:05,852 ERROR [STDERR] 	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
16:22:05,852 ERROR [STDERR] 	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
16:22:05,852 ERROR [STDERR] 	at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
16:22:05,852 ERROR [STDERR] 	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
16:22:05,852 ERROR [STDERR] 	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
16:22:05,852 ERROR [STDERR] 	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
16:22:05,852 ERROR [STDERR] 	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
16:22:05,852 ERROR [STDERR] 	at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:182)
16:22:05,852 ERROR [STDERR] 	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:432)
16:22:05,852 ERROR [STDERR] 	at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
16:22:05,852 ERROR [STDERR] 	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
16:22:05,852 ERROR [STDERR] 	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
16:22:05,852 ERROR [STDERR] 	at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
16:22:05,852 ERROR [STDERR] 	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
16:22:05,852 ERROR [STDERR] 	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
16:22:05,852 ERROR [STDERR] 	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
16:22:05,852 ERROR [STDERR] 	at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
16:22:05,852 ERROR [STDERR] 	at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
16:22:05,852 ERROR [STDERR] 	at java.lang.Thread.run(Thread.java:662)

do i can log in but cannot manage users or set up Roles

Any help ?

Thanks

[jllort]

1- If you can login then login-config.xml is righ ( forget it )
2- In security panel can you see users and roles ? if you can see both something in OpenKM.cfg is right
3- Can you send a mail to some users ? Then OpenKM.cfg getting mail from ldap is right

You can not change from OpenKM any user data to ldap using administration ... if you're trying doing it, tell me where ... because then there's some problem on logic because must not be allowed it.

[ManPage]

I can go into Users and see all the User ID's however com.openkm.principal.LdapPrincipalAdapter is listed for each name in the name column the mail and roles column is also empty. all of the roles are listed however in the Roles dropdown for searching but it does not list any people as members of those roles.
I cannot send e-mails to other users.

when I try to send an email I get this from the console

Code: Select all

09:01:10,779 ERROR [STDERR] javax.naming.PartialResultException: [LDAP: error code 10 - 0000202B: RefErr: DSID-031007EF, data 0, 1 access points
	ref 1: 'org'
]; remaining name 'cn=admin,ou=Personnel,ou=Union,ou=atlanticunion,dc=org'
09:01:10,779 ERROR [STDERR] 	at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2877)
09:01:10,779 ERROR [STDERR] 	at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2794)
09:01:10,779 ERROR [STDERR] 	at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1826)
09:01:10,779 ERROR [STDERR] 	at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1749)
09:01:10,779 ERROR [STDERR] 	at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368)
09:01:10,779 ERROR [STDERR] 	at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338)
09:01:10,779 ERROR [STDERR] 	at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:321)
09:01:10,779 ERROR [STDERR] 	at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:248)
09:01:10,780 ERROR [STDERR] 	at com.openkm.principal.LdapPrincipalAdapter.ldapSearch(LdapPrincipalAdapter.java:200)
09:01:10,780 ERROR [STDERR] 	at com.openkm.principal.LdapPrincipalAdapter.getMails(LdapPrincipalAdapter.java:160)
09:01:10,780 ERROR [STDERR] 	at com.openkm.module.direct.DirectAuthModule.getMails(DirectAuthModule.java:853)
09:01:10,780 ERROR [STDERR] 	at com.openkm.module.direct.DirectNotificationModule.notify(DirectNotificationModule.java:270)
09:01:10,780 ERROR [STDERR] 	at com.openkm.api.OKMNotification.notify(OKMNotification.java:83)
09:01:10,780 ERROR [STDERR] 	at com.openkm.frontend.server.OKMNotifyServlet.notify(OKMNotifyServlet.java:129)
09:01:10,780 ERROR [STDERR] 	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
09:01:10,780 ERROR [STDERR] 	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
09:01:10,780 ERROR [STDERR] 	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
09:01:10,780 ERROR [STDERR] 	at java.lang.reflect.Method.invoke(Method.java:597)
09:01:10,780 ERROR [STDERR] 	at com.google.gwt.user.server.rpc.RPC.invokeAndEncodeResponse(RPC.java:562)
09:01:10,780 ERROR [STDERR] 	at com.google.gwt.user.server.rpc.RemoteServiceServlet.processCall(RemoteServiceServlet.java:188)
09:01:10,780 ERROR [STDERR] 	at com.google.gwt.user.server.rpc.RemoteServiceServlet.processPost(RemoteServiceServlet.java:224)
09:01:10,780 ERROR [STDERR] 	at com.google.gwt.user.server.rpc.AbstractRemoteServiceServlet.doPost(AbstractRemoteServiceServlet.java:62)
09:01:10,780 ERROR [STDERR] 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
09:01:10,780 ERROR [STDERR] 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
09:01:10,780 ERROR [STDERR] 	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
09:01:10,780 ERROR [STDERR] 	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
09:01:10,780 ERROR [STDERR] 	at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
09:01:10,780 ERROR [STDERR] 	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
09:01:10,780 ERROR [STDERR] 	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
09:01:10,780 ERROR [STDERR] 	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
09:01:10,780 ERROR [STDERR] 	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
09:01:10,780 ERROR [STDERR] 	at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:182)
09:01:10,780 ERROR [STDERR] 	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:432)
09:01:10,780 ERROR [STDERR] 	at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
09:01:10,780 ERROR [STDERR] 	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
09:01:10,780 ERROR [STDERR] 	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
09:01:10,780 ERROR [STDERR] 	at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
09:01:10,780 ERROR [STDERR] 	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
09:01:10,780 ERROR [STDERR] 	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
09:01:10,780 ERROR [STDERR] 	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
09:01:10,780 ERROR [STDERR] 	at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
09:01:10,780 ERROR [STDERR] 	at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
09:01:10,780 ERROR [STDERR] 	at java.lang.Thread.run(Thread.java:662)

I also get the same error for each user in my AD when I open up the administration panel and look at users.


Thanks

[jllort]

Roles are defined under ou=personnel,ou=union,dc=atlanticunion,dc=org and are memberof CN=OpenKM ?