Configuración Active Directory

[dgutierrez]

Si eso ya lo sabía. Ya lo pare y volví a iniciar. De hecho hago esta operación cada vez que modifico algún fichero.
El error 49 de LDAP tiene que ver con credenciales invalidas.

¿Qué tipo de usuario necesita OpenKM? (los permisos)

[dgutierrez]

Hemos activado las trazas de Debug. Te adjunto las trazas cuando se intenta acceder con un usuario del LDAP.
Hemos comprobado el usuario de LDAP y funciona correctamente en otros servidores que tenemos, de todas formas lo hemos cambiado pero el error es el mismo.

Quizas lo mejor sería empezar de 0, con una nueva estructura de LDAP, ¿No? ¿Podrías darme un ejemplo muy simple de LDAP? Diciendome todo lo que se tendría que crear en el LDAP (usuarios, roles...). Se lo agradecería mucho.

Muchas gracias.

Un saludo.

[jllort]

Para configurar la traza del ldap tienes que sacar este paquete: org.springframework.security.ldap

Y relativo a la estructura si tienes un active directory aquí http://wiki.openkm.com/index.php/LDAP_examples hay dos ejemplos, yo sinceramente ya no sé como explicarlo mejor. Teneis que tener una cosa clara - ya pongo el plural - que esto del ldap no es trivial necesita su tiempo entender lo que se tiene en las manos y no hay 2 exactamente iguales ( aunque cuando has visto unos cuantos ya le vas pillando el truco al tema ).

[dgutierrez]

Ya hemos logrado que se integre. Ahora mi duda viene porque la lista de roles y los usuarios los muestra. Es decir, vas a Administración --> Usuarios y se puede observar que ha cargado el directorio activo. El problema esta a la hora del login. Si quiero loguearme con un usuario del directorio activo aunque este pertenezca a ROLE_ADMIN o ROLE_USER no me deja, me sale Authentication Error. Hay que dar algun tipo de permiso o activar algo?

El fichero que he configurado ha sido el OpenKM.xml y el apartado de Administración --> config.

Resultados del DEBUG, se ha intentado conectar con un ususario que en LDAP es miembro de ROLE_ADMIN y además de AUTHENTICATION FAILED se obtiene la siguiente traza de debug:

Code: Select all

2013-04-24 09:16:13,281 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/j_spring_security_check'; against '/services/**'
2013-04-24 09:16:13,281 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/j_spring_security_check'; against '/status'
2013-04-24 09:16:13,281 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/j_spring_security_check'; against '/download'
2013-04-24 09:16:13,281 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/j_spring_security_check'; against '/workflow-register'
2013-04-24 09:16:13,281 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/j_spring_security_check'; against '/webdav/**'
2013-04-24 09:16:13,281 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/j_spring_security_check'; against '/feed/**'
2013-04-24 09:16:13,282 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.FilterChainProxy - /j_spring_security_check at position 1 of 8 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2013-04-24 09:16:13,282 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - HttpSession returned null object for SPRING_SECURITY_CONTEXT
2013-04-24 09:16:13,282 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@58eff866. A new one will be created.
2013-04-24 09:16:13,282 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.FilterChainProxy - /j_spring_security_check at position 2 of 8 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
2013-04-24 09:16:13,282 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter - Request is to process authentication
2013-04-24 09:16:13,283 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.authentication.ProviderManager - Authentication attempt using org.springframework.security.authentication.dao.DaoAuthenticationProvider
2013-04-24 09:16:13,312 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.provisioning.JdbcUserDetailsManager - Query returned no results for user 'dgutierrez'
2013-04-24 09:16:13,317 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.authentication.dao.DaoAuthenticationProvider - User 'dgutierrez' not found
2013-04-24 09:16:13,318 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter - Authentication request failed: org.springframework.security.authentication.BadCredentialsException: Bad credentials
2013-04-24 09:16:13,318 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter - Updated SecurityContextHolder to contain null Authentication
2013-04-24 09:16:13,318 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter - Delegating to authentication failure handlerorg.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler@39ee7088
2013-04-24 09:16:13,318 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler - Redirecting to /login.jsp?error=1
2013-04-24 09:16:13,318 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.DefaultRedirectStrategy - Redirecting to '/OpenKM/login.jsp?error=1'
2013-04-24 09:16:13,318 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2013-04-24 09:16:13,318 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.context.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
2013-04-24 09:16:13,356 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/login.jsp'; against '/services/**'
2013-04-24 09:16:13,356 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/login.jsp'; against '/status'
2013-04-24 09:16:13,356 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/login.jsp'; against '/download'
2013-04-24 09:16:13,356 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/login.jsp'; against '/workflow-register'
2013-04-24 09:16:13,356 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/login.jsp'; against '/webdav/**'
2013-04-24 09:16:13,356 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/login.jsp'; against '/feed/**'
2013-04-24 09:16:13,356 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.FilterChainProxy - /login.jsp?error=1 at position 1 of 8 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2013-04-24 09:16:13,356 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - HttpSession returned null object for SPRING_SECURITY_CONTEXT
2013-04-24 09:16:13,356 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@58eff866. A new one will be created.
2013-04-24 09:16:13,356 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.FilterChainProxy - /login.jsp?error=1 at position 2 of 8 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
2013-04-24 09:16:13,356 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.FilterChainProxy - /login.jsp?error=1 at position 3 of 8 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
2013-04-24 09:16:13,356 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.savedrequest.DefaultSavedRequest - pathInfo: both null (property equals)
2013-04-24 09:16:13,356 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.savedrequest.DefaultSavedRequest - queryString: arg1=null; arg2=error=1 (property not equals)
2013-04-24 09:16:13,356 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.savedrequest.HttpSessionRequestCache - saved request doesn't match
2013-04-24 09:16:13,356 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.FilterChainProxy - /login.jsp?error=1 at position 4 of 8 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2013-04-24 09:16:13,357 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.FilterChainProxy - /login.jsp?error=1 at position 5 of 8 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2013-04-24 09:16:13,357 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.authentication.AnonymousAuthenticationFilter - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@905571d8: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@0: RemoteIpAddress: 172.17.2.35; SessionId: CF897847E241ABBB3F36D0D58DA11E11; Granted Authorities: ROLE_ANONYMOUS'
2013-04-24 09:16:13,357 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.FilterChainProxy - /login.jsp?error=1 at position 6 of 8 in additional filter chain; firing Filter: 'SessionManagementFilter'
2013-04-24 09:16:13,357 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.FilterChainProxy - /login.jsp?error=1 at position 7 of 8 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2013-04-24 09:16:13,357 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.FilterChainProxy - /login.jsp?error=1 at position 8 of 8 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2013-04-24 09:16:13,357 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/login.jsp'; against '/frontend/**'
2013-04-24 09:16:13,357 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/login.jsp'; against '/login.jsp'
2013-04-24 09:16:13,357 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor - Secure object: FilterInvocation: URL: /login.jsp?error=1; Attributes: [IS_AUTHENTICATED_ANONYMOUSLY]
 true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@0: RemoteIpAddress: 172.17.2.35; SessionId: CF897847E241ABBB3F36D0D58DA11E11; Granted Authorities: ROLE_ANONYMOUS
2013-04-24 09:16:13,357 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.access.vote.AffirmativeBased - Voter: org.springframework.security.access.vote.RoleVoter@7f001ba5, returned: 0
2013-04-24 09:16:13,357 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.access.vote.AffirmativeBased - Voter: org.springframework.security.access.vote.AuthenticatedVoter@60172ec6, returned: 1
2013-04-24 09:16:13,357 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor - Authorization successful
2013-04-24 09:16:13,357 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor - RunAsManager did not change Authentication object
2013-04-24 09:16:13,357 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.FilterChainProxy - /login.jsp?error=1 reached end of additional filter chain; proceeding with original chain
2013-04-24 09:16:13,399 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.access.ExceptionTranslationFilter - Chain processed normally
2013-04-24 09:16:13,399 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2013-04-24 09:16:13,399 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.context.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
2013-04-24 09:16:13,553 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/logo/login'; against '/services/**'
2013-04-24 09:16:13,553 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/logo/login'; against '/status'
2013-04-24 09:16:13,553 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/logo/login'; against '/download'
2013-04-24 09:16:13,553 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/logo/login'; against '/workflow-register'
2013-04-24 09:16:13,553 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/logo/login'; against '/webdav/**'
2013-04-24 09:16:13,553 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/logo/login'; against '/feed/**'
2013-04-24 09:16:13,553 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.FilterChainProxy - /logo/login at position 1 of 8 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2013-04-24 09:16:13,553 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - HttpSession returned null object for SPRING_SECURITY_CONTEXT
2013-04-24 09:16:13,553 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@58eff866. A new one will be created.
2013-04-24 09:16:13,553 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.FilterChainProxy - /logo/login at position 2 of 8 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
2013-04-24 09:16:13,554 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.FilterChainProxy - /logo/login at position 3 of 8 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
2013-04-24 09:16:13,554 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.savedrequest.DefaultSavedRequest - pathInfo: arg1=null; arg2=/login (property not equals)
2013-04-24 09:16:13,554 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.savedrequest.HttpSessionRequestCache - saved request doesn't match
2013-04-24 09:16:13,554 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.FilterChainProxy - /logo/login at position 4 of 8 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2013-04-24 09:16:13,554 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.FilterChainProxy - /logo/login at position 5 of 8 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2013-04-24 09:16:13,554 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.authentication.AnonymousAuthenticationFilter - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@905571d8: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@0: RemoteIpAddress: 172.17.2.35; SessionId: CF897847E241ABBB3F36D0D58DA11E11; Granted Authorities: ROLE_ANONYMOUS'
2013-04-24 09:16:13,554 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.FilterChainProxy - /logo/login at position 6 of 8 in additional filter chain; firing Filter: 'SessionManagementFilter'
2013-04-24 09:16:13,554 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.FilterChainProxy - /logo/login at position 7 of 8 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2013-04-24 09:16:13,554 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.FilterChainProxy - /logo/login at position 8 of 8 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2013-04-24 09:16:13,554 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/logo/login'; against '/frontend/**'
2013-04-24 09:16:13,554 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/logo/login'; against '/login.jsp'
2013-04-24 09:16:13,554 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/logo/login'; against '/admin/**'
2013-04-24 09:16:13,554 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/logo/login'; against '/mobile/**'
2013-04-24 09:16:13,554 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/logo/login'; against '/repositorystartup'
2013-04-24 09:16:13,554 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/logo/login'; against '/texttospeech'
2013-04-24 09:16:13,555 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/logo/login'; against '/htmlpreview'
2013-04-24 09:16:13,555 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/logo/login'; against '/syntaxhighlighter'
2013-04-24 09:16:13,555 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/logo/login'; against '/test'
2013-04-24 09:16:13,555 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/logo/login'; against '/extension/zohofileupload'
2013-04-24 09:16:13,555 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/logo/login'; against '/extension/**'
2013-04-24 09:16:13,555 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor - Public object - authentication not attempted
2013-04-24 09:16:13,555 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.FilterChainProxy - /logo/login reached end of additional filter chain; proceeding with original chain
2013-04-24 09:16:13,557 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.access.ExceptionTranslationFilter - Chain processed normally
2013-04-24 09:16:13,557 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2013-04-24 09:16:13,557 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.context.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed

No se porque pero creo que se le conceden permisos de ROLE_ANONYMOUS, pero ese ROLE yo no lo tengo en mi LDAP.

Te dejo los ficheros, pero yo supongo que falta algo, porque por ejemplo el usuario okmAdmin tiene diferente pass en el LDAP que la que le asigne en OpenKM y me deja entrar con la de OpenKM y la del LDAP no. Me da la sensación que a la hora del login ignora al LDAP.

Parece que empiezan a llegar los progresos.

De antemano, gracias por su ayuda.

[jllort]

authentication error quiere decir que no se logea, no llega a pasar el usuario y clave.

De momento no has un filtrado por role en los usuario:

<beans:constructor-arg index="1" value="(&(sAMAccountName={0})(|(memberOf=CN=ROLE_ADMIN,CN=users,DC=almis,DC=local)(memberOf=CN=ROLE_USER,CN=users,DC=almis,DC=local)))" />

déjalo solo con (sAMAccountName={0})

Y si así te logea quiere decir que no tienes asignado el rol al usuario

[dgutierrez]

El usuario que he probado si que está asignado a ROLE_ADMIN. De todos modos he probado realizando el cambio que me comentas y sigo sin poder loguearme.

En definitiva se obtiene la misma traza. El usuario del LDAP está bien, puesto que inicio sesión todos los días con dicha cuenta en mi equipo. Las query de la configuración las he probado en apache DS y hace las búsquedas de forma correcta.

Aparece la siguiente traza de DEBUG:

Code: Select all

2013-04-25 11:47:20,691 [http-bio-0.0.0.0-8080-exec-6] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/j_spring_security_check'; against '/services/**'
2013-04-25 11:47:20,691 [http-bio-0.0.0.0-8080-exec-6] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/j_spring_security_check'; against '/status'
2013-04-25 11:47:20,691 [http-bio-0.0.0.0-8080-exec-6] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/j_spring_security_check'; against '/download'
2013-04-25 11:47:20,691 [http-bio-0.0.0.0-8080-exec-6] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/j_spring_security_check'; against '/workflow-register'
2013-04-25 11:47:20,691 [http-bio-0.0.0.0-8080-exec-6] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/j_spring_security_check'; against '/webdav/**'
2013-04-25 11:47:20,692 [http-bio-0.0.0.0-8080-exec-6] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/j_spring_security_check'; against '/feed/**'
2013-04-25 11:47:20,692 [http-bio-0.0.0.0-8080-exec-6] DEBUG org.springframework.security.web.FilterChainProxy - /j_spring_security_check at position 1 of 8 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2013-04-25 11:47:20,692 [http-bio-0.0.0.0-8080-exec-6] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - HttpSession returned null object for SPRING_SECURITY_CONTEXT
2013-04-25 11:47:20,692 [http-bio-0.0.0.0-8080-exec-6] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@14a78af0. A new one will be created.
2013-04-25 11:47:20,692 [http-bio-0.0.0.0-8080-exec-6] DEBUG org.springframework.security.web.FilterChainProxy - /j_spring_security_check at position 2 of 8 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
2013-04-25 11:47:20,692 [http-bio-0.0.0.0-8080-exec-6] DEBUG org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter - Request is to process authentication
2013-04-25 11:47:20,693 [http-bio-0.0.0.0-8080-exec-6] DEBUG org.springframework.security.authentication.ProviderManager - Authentication attempt using org.springframework.security.authentication.dao.DaoAuthenticationProvider
2013-04-25 11:47:20,730 [http-bio-0.0.0.0-8080-exec-6] DEBUG org.springframework.security.provisioning.JdbcUserDetailsManager - Query returned no results for user 'dgutierrez'
2013-04-25 11:47:20,735 [http-bio-0.0.0.0-8080-exec-6] DEBUG org.springframework.security.authentication.dao.DaoAuthenticationProvider - User 'dgutierrez' not found
2013-04-25 11:47:20,735 [http-bio-0.0.0.0-8080-exec-6] DEBUG org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter - Authentication request failed: org.springframework.security.authentication.BadCredentialsException: Bad credentials
2013-04-25 11:47:20,735 [http-bio-0.0.0.0-8080-exec-6] DEBUG org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter - Updated SecurityContextHolder to contain null Authentication
2013-04-25 11:47:20,735 [http-bio-0.0.0.0-8080-exec-6] DEBUG org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter - Delegating to authentication failure handlerorg.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler@103219d3
2013-04-25 11:47:20,736 [http-bio-0.0.0.0-8080-exec-6] DEBUG org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler - Redirecting to /login.jsp?error=1
2013-04-25 11:47:20,737 [http-bio-0.0.0.0-8080-exec-6] DEBUG org.springframework.security.web.DefaultRedirectStrategy - Redirecting to '/OpenKM/login.jsp?error=1'
2013-04-25 11:47:20,737 [http-bio-0.0.0.0-8080-exec-6] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2013-04-25 11:47:20,737 [http-bio-0.0.0.0-8080-exec-6] DEBUG org.springframework.security.web.context.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
2013-04-25 11:47:20,769 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/login.jsp'; against '/services/**'
2013-04-25 11:47:20,769 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/login.jsp'; against '/status'
2013-04-25 11:47:20,769 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/login.jsp'; against '/download'
2013-04-25 11:47:20,770 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/login.jsp'; against '/workflow-register'
2013-04-25 11:47:20,770 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/login.jsp'; against '/webdav/**'
2013-04-25 11:47:20,770 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/login.jsp'; against '/feed/**'
2013-04-25 11:47:20,770 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.FilterChainProxy - /login.jsp?error=1 at position 1 of 8 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2013-04-25 11:47:20,770 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - HttpSession returned null object for SPRING_SECURITY_CONTEXT
2013-04-25 11:47:20,771 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@14a78af0. A new one will be created.
2013-04-25 11:47:20,771 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.FilterChainProxy - /login.jsp?error=1 at position 2 of 8 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
2013-04-25 11:47:20,771 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.FilterChainProxy - /login.jsp?error=1 at position 3 of 8 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
2013-04-25 11:47:20,771 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.savedrequest.DefaultSavedRequest - pathInfo: both null (property equals)
2013-04-25 11:47:20,771 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.savedrequest.DefaultSavedRequest - queryString: arg1=null; arg2=error=1 (property not equals)
2013-04-25 11:47:20,771 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.savedrequest.HttpSessionRequestCache - saved request doesn't match
2013-04-25 11:47:20,772 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.FilterChainProxy - /login.jsp?error=1 at position 4 of 8 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2013-04-25 11:47:20,772 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.FilterChainProxy - /login.jsp?error=1 at position 5 of 8 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2013-04-25 11:47:20,772 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.authentication.AnonymousAuthenticationFilter - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@905571d8: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@0: RemoteIpAddress: 172.17.2.35; SessionId: 959592B226BB648BFD17E1AFB97D8E0C; Granted Authorities: ROLE_ANONYMOUS'
2013-04-25 11:47:20,772 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.FilterChainProxy - /login.jsp?error=1 at position 6 of 8 in additional filter chain; firing Filter: 'SessionManagementFilter'
2013-04-25 11:47:20,772 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.FilterChainProxy - /login.jsp?error=1 at position 7 of 8 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2013-04-25 11:47:20,773 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.FilterChainProxy - /login.jsp?error=1 at position 8 of 8 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2013-04-25 11:47:20,773 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/login.jsp'; against '/frontend/**'
2013-04-25 11:47:20,773 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/login.jsp'; against '/login.jsp'
2013-04-25 11:47:20,773 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor - Secure object: FilterInvocation: URL: /login.jsp?error=1; Attributes: [IS_AUTHENTICATED_ANONYMOUSLY]
2013-04-25 11:47:20,774 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor - Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@905571d8: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@0: RemoteIpAddress: 172.17.2.35; SessionId: 959592B226BB648BFD17E1AFB97D8E0C; Granted Authorities: ROLE_ANONYMOUS
2013-04-25 11:47:20,774 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.access.vote.AffirmativeBased - Voter: org.springframework.security.access.vote.RoleVoter@63721e22, returned: 0
2013-04-25 11:47:20,774 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.access.vote.AffirmativeBased - Voter: org.springframework.security.access.vote.AuthenticatedVoter@59187d2f, returned: 1
2013-04-25 11:47:20,774 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor - Authorization successful
2013-04-25 11:47:20,774 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor - RunAsManager did not change Authentication object
2013-04-25 11:47:20,774 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.FilterChainProxy - /login.jsp?error=1 reached end of additional filter chain; proceeding with original chain
2013-04-25 11:47:21,495 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.access.ExceptionTranslationFilter - Chain processed normally
2013-04-25 11:47:21,495 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2013-04-25 11:47:21,495 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.context.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed

¿No puede ser que el login lo este comprobando en la base de datos embebida?

[jllort]

Si has cambiado el openKM.xml y has comentado la parte que afecta al login en la base de datos no es posible que lo este realizando ahí.

[dgutierrez]

La parte esa directamente la elimine del fichero y he hecho una prueba para comprobar que efectivamente carga los usuario de la base de datos embebida. La prueba ha sido:
1.-Borrar la configuración de LDAP y volver a poner esa parte por defecto.
2.-Crear un nuevo usuario.
3.-Volver a poner la configuración para LDAP.
4.-Iniciar sesión con el nuevo usuario creado.

Se ah comprobado que el logueo ha sido satisfactorio por lo que comprueba los usuarios con la base de datos embebida, a la hora de realizar el login.

¿Además de OpenKM.xml se debe tocar algún otro fichero? Es que no entiendo porque carga los usuarios de la base de datos embebida, o ¿puede ser que los cargue de MySQL? Pero bueno al fin y al cabo es el mismo problema, a la hora del login no mira en el LDAP

[jllort]

Despues de configurar el OpenKM.xml tienes que configurar la aplicación ( los parametros de configuración ) en tu caso te has olvidado de un parámetro fundamental el principal.adapter=com.openkm.principal.LdapPrincipalAdapter asegúrate que tenga el valor correcto. Y un detalle importante, después de cambiar este parámetro tienes que reiniciar la aplicación.

[dgutierrez]

No ese parámetro ya lo configuré desde el principio puesto que en algunos Post miré que esa era una de las causas por las que fallaba y muchas personas cometían dicho fallo.

El parámetro lo tengo puesto tal y como has escrito en tu mensaje.

La aplicación nose porque razón sigue comprobando a los usuarios dentro de la base de datos embebida. ¿No habrá que configurar algún fichero más a parte de OpenKM.xml y el panel de Administración --> config?

Tengo que decir que empece usando OpenKM sin configurar el LDAP desde un principio. Es decir la primera vez lo inicie como viene por defecto para probar que se había instalado bien y luego le fuy añadiendo, MySQL, LDAP, LIbreOffice...

No tendrá nada que ver no¿?

Gracias por su interes.

[jllort]

Pero has reiniciado la aplicación después de cambiar el parámetro ? Porque este cambio en concreto precisa de que se reinicie la aplicación. Y puedes estar mas que seguro que no te va a pillar los datos de la base de datos embebida esto es totalmente imposible.

[dgutierrez]

Tomcat ya lo reinicie, es lo mismo que cuando cambias OpenKM.xml, ¿no?

[jllort]

Efectivamente, te puedo asegurar totalmente que si has reiniciado el tomcat y el parametro de configuración es el del ldap es totalmente imposible que te este pillando valores de la base de datos. Algo no estas haciendo bien, porque esto no es trivial de configurar, pero esto que me cuentas es literalmente imposible.

[dgutierrez]

Pues no consigo ver lo que estoy haciendo mal puesto que he seguido el ejemplo 3 que teneis de la wiki y las configuraciones las adjunto por si puede echarle un ojo. Encuentra algo extraño/mal en las configuraciones? Hay que configurar algo más para poder loguearme con los usuarios del lDAP?

[jllort]

Esto que me cuentas me cuesta de creer. Si eliminas los datos de acceso al ldap desde la administración te continuan saliendo los usuarios de la base de datos ( eso es imposible ).