Open Source Document Management System | OpenKM

Because information matters
https://forum.openkm.com/

Configuración Active Directory

https://forum.openkm.com/viewtopic.php?t=9364

Page 2 of 4

Re: Configuración Active Directory

PostPosted:Wed Apr 17, 2013 6:03 am
by dgutierrez
Si eso ya lo sabía. Ya lo pare y volví a iniciar. De hecho hago esta operación cada vez que modifico algún fichero.
El error 49 de LDAP tiene que ver con credenciales invalidas.

¿Qué tipo de usuario necesita OpenKM? (los permisos)

Re: Configuración Active Directory

PostPosted:Thu Apr 18, 2013 9:35 am
by dgutierrez
Hemos activado las trazas de Debug. Te adjunto las trazas cuando se intenta acceder con un usuario del LDAP.
Hemos comprobado el usuario de LDAP y funciona correctamente en otros servidores que tenemos, de todas formas lo hemos cambiado pero el error es el mismo.

Quizas lo mejor sería empezar de 0, con una nueva estructura de LDAP, ¿No? ¿Podrías darme un ejemplo muy simple de LDAP? Diciendome todo lo que se tendría que crear en el LDAP (usuarios, roles...). Se lo agradecería mucho.

Muchas gracias.

Un saludo.

Re: Configuración Active Directory

PostPosted:Fri Apr 19, 2013 9:37 pm
by jllort
Para configurar la traza del ldap tienes que sacar este paquete: org.springframework.security.ldap

Y relativo a la estructura si tienes un active directory aquí http://wiki.openkm.com/index.php/LDAP_examples hay dos ejemplos, yo sinceramente ya no sé como explicarlo mejor. Teneis que tener una cosa clara - ya pongo el plural - que esto del ldap no es trivial necesita su tiempo entender lo que se tiene en las manos y no hay 2 exactamente iguales ( aunque cuando has visto unos cuantos ya le vas pillando el truco al tema ).

Re: Configuración Active Directory

PostPosted:Tue Apr 23, 2013 8:21 am
by dgutierrez
Ya hemos logrado que se integre. Ahora mi duda viene porque la lista de roles y los usuarios los muestra. Es decir, vas a Administración --> Usuarios y se puede observar que ha cargado el directorio activo. El problema esta a la hora del login. Si quiero loguearme con un usuario del directorio activo aunque este pertenezca a ROLE_ADMIN o ROLE_USER no me deja, me sale Authentication Error. Hay que dar algun tipo de permiso o activar algo?

El fichero que he configurado ha sido el OpenKM.xml y el apartado de Administración --> config.

Resultados del DEBUG, se ha intentado conectar con un ususario que en LDAP es miembro de ROLE_ADMIN y además de AUTHENTICATION FAILED se obtiene la siguiente traza de debug:
Code: Select all
2013-04-24 09:16:13,281 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/j_spring_security_check'; against '/services/**'
2013-04-24 09:16:13,281 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/j_spring_security_check'; against '/status'
2013-04-24 09:16:13,281 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/j_spring_security_check'; against '/download'
2013-04-24 09:16:13,281 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/j_spring_security_check'; against '/workflow-register'
2013-04-24 09:16:13,281 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/j_spring_security_check'; against '/webdav/**'
2013-04-24 09:16:13,281 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/j_spring_security_check'; against '/feed/**'
2013-04-24 09:16:13,282 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.FilterChainProxy - /j_spring_security_check at position 1 of 8 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2013-04-24 09:16:13,282 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - HttpSession returned null object for SPRING_SECURITY_CONTEXT
2013-04-24 09:16:13,282 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@58eff866. A new one will be created.
2013-04-24 09:16:13,282 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.FilterChainProxy - /j_spring_security_check at position 2 of 8 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
2013-04-24 09:16:13,282 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter - Request is to process authentication
2013-04-24 09:16:13,283 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.authentication.ProviderManager - Authentication attempt using org.springframework.security.authentication.dao.DaoAuthenticationProvider
2013-04-24 09:16:13,312 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.provisioning.JdbcUserDetailsManager - Query returned no results for user 'dgutierrez'
2013-04-24 09:16:13,317 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.authentication.dao.DaoAuthenticationProvider - User 'dgutierrez' not found
2013-04-24 09:16:13,318 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter - Authentication request failed: org.springframework.security.authentication.BadCredentialsException: Bad credentials
2013-04-24 09:16:13,318 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter - Updated SecurityContextHolder to contain null Authentication
2013-04-24 09:16:13,318 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter - Delegating to authentication failure handlerorg.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler@39ee7088
2013-04-24 09:16:13,318 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler - Redirecting to /login.jsp?error=1
2013-04-24 09:16:13,318 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.DefaultRedirectStrategy - Redirecting to '/OpenKM/login.jsp?error=1'
2013-04-24 09:16:13,318 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2013-04-24 09:16:13,318 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.context.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
2013-04-24 09:16:13,356 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/login.jsp'; against '/services/**'
2013-04-24 09:16:13,356 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/login.jsp'; against '/status'
2013-04-24 09:16:13,356 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/login.jsp'; against '/download'
2013-04-24 09:16:13,356 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/login.jsp'; against '/workflow-register'
2013-04-24 09:16:13,356 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/login.jsp'; against '/webdav/**'
2013-04-24 09:16:13,356 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/login.jsp'; against '/feed/**'
2013-04-24 09:16:13,356 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.FilterChainProxy - /login.jsp?error=1 at position 1 of 8 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2013-04-24 09:16:13,356 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - HttpSession returned null object for SPRING_SECURITY_CONTEXT
2013-04-24 09:16:13,356 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@58eff866. A new one will be created.
2013-04-24 09:16:13,356 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.FilterChainProxy - /login.jsp?error=1 at position 2 of 8 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
2013-04-24 09:16:13,356 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.FilterChainProxy - /login.jsp?error=1 at position 3 of 8 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
2013-04-24 09:16:13,356 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.savedrequest.DefaultSavedRequest - pathInfo: both null (property equals)
2013-04-24 09:16:13,356 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.savedrequest.DefaultSavedRequest - queryString: arg1=null; arg2=error=1 (property not equals)
2013-04-24 09:16:13,356 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.savedrequest.HttpSessionRequestCache - saved request doesn't match
2013-04-24 09:16:13,356 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.FilterChainProxy - /login.jsp?error=1 at position 4 of 8 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2013-04-24 09:16:13,357 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.FilterChainProxy - /login.jsp?error=1 at position 5 of 8 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2013-04-24 09:16:13,357 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.authentication.AnonymousAuthenticationFilter - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@905571d8: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@0: RemoteIpAddress: 172.17.2.35; SessionId: CF897847E241ABBB3F36D0D58DA11E11; Granted Authorities: ROLE_ANONYMOUS'
2013-04-24 09:16:13,357 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.FilterChainProxy - /login.jsp?error=1 at position 6 of 8 in additional filter chain; firing Filter: 'SessionManagementFilter'
2013-04-24 09:16:13,357 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.FilterChainProxy - /login.jsp?error=1 at position 7 of 8 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2013-04-24 09:16:13,357 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.FilterChainProxy - /login.jsp?error=1 at position 8 of 8 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2013-04-24 09:16:13,357 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/login.jsp'; against '/frontend/**'
2013-04-24 09:16:13,357 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/login.jsp'; against '/login.jsp'
2013-04-24 09:16:13,357 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor - Secure object: FilterInvocation: URL: /login.jsp?error=1; Attributes: [IS_AUTHENTICATED_ANONYMOUSLY]
 true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@0: RemoteIpAddress: 172.17.2.35; SessionId: CF897847E241ABBB3F36D0D58DA11E11; Granted Authorities: ROLE_ANONYMOUS
2013-04-24 09:16:13,357 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.access.vote.AffirmativeBased - Voter: org.springframework.security.access.vote.RoleVoter@7f001ba5, returned: 0
2013-04-24 09:16:13,357 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.access.vote.AffirmativeBased - Voter: org.springframework.security.access.vote.AuthenticatedVoter@60172ec6, returned: 1
2013-04-24 09:16:13,357 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor - Authorization successful
2013-04-24 09:16:13,357 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor - RunAsManager did not change Authentication object
2013-04-24 09:16:13,357 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.FilterChainProxy - /login.jsp?error=1 reached end of additional filter chain; proceeding with original chain
2013-04-24 09:16:13,399 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.access.ExceptionTranslationFilter - Chain processed normally
2013-04-24 09:16:13,399 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2013-04-24 09:16:13,399 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.context.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
2013-04-24 09:16:13,553 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/logo/login'; against '/services/**'
2013-04-24 09:16:13,553 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/logo/login'; against '/status'
2013-04-24 09:16:13,553 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/logo/login'; against '/download'
2013-04-24 09:16:13,553 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/logo/login'; against '/workflow-register'
2013-04-24 09:16:13,553 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/logo/login'; against '/webdav/**'
2013-04-24 09:16:13,553 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/logo/login'; against '/feed/**'
2013-04-24 09:16:13,553 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.FilterChainProxy - /logo/login at position 1 of 8 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2013-04-24 09:16:13,553 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - HttpSession returned null object for SPRING_SECURITY_CONTEXT
2013-04-24 09:16:13,553 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@58eff866. A new one will be created.
2013-04-24 09:16:13,553 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.FilterChainProxy - /logo/login at position 2 of 8 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
2013-04-24 09:16:13,554 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.FilterChainProxy - /logo/login at position 3 of 8 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
2013-04-24 09:16:13,554 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.savedrequest.DefaultSavedRequest - pathInfo: arg1=null; arg2=/login (property not equals)
2013-04-24 09:16:13,554 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.savedrequest.HttpSessionRequestCache - saved request doesn't match
2013-04-24 09:16:13,554 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.FilterChainProxy - /logo/login at position 4 of 8 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2013-04-24 09:16:13,554 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.FilterChainProxy - /logo/login at position 5 of 8 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2013-04-24 09:16:13,554 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.authentication.AnonymousAuthenticationFilter - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@905571d8: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@0: RemoteIpAddress: 172.17.2.35; SessionId: CF897847E241ABBB3F36D0D58DA11E11; Granted Authorities: ROLE_ANONYMOUS'
2013-04-24 09:16:13,554 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.FilterChainProxy - /logo/login at position 6 of 8 in additional filter chain; firing Filter: 'SessionManagementFilter'
2013-04-24 09:16:13,554 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.FilterChainProxy - /logo/login at position 7 of 8 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2013-04-24 09:16:13,554 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.FilterChainProxy - /logo/login at position 8 of 8 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2013-04-24 09:16:13,554 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/logo/login'; against '/frontend/**'
2013-04-24 09:16:13,554 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/logo/login'; against '/login.jsp'
2013-04-24 09:16:13,554 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/logo/login'; against '/admin/**'
2013-04-24 09:16:13,554 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/logo/login'; against '/mobile/**'
2013-04-24 09:16:13,554 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/logo/login'; against '/repositorystartup'
2013-04-24 09:16:13,554 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/logo/login'; against '/texttospeech'
2013-04-24 09:16:13,555 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/logo/login'; against '/htmlpreview'
2013-04-24 09:16:13,555 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/logo/login'; against '/syntaxhighlighter'
2013-04-24 09:16:13,555 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/logo/login'; against '/test'
2013-04-24 09:16:13,555 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/logo/login'; against '/extension/zohofileupload'
2013-04-24 09:16:13,555 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/logo/login'; against '/extension/**'
2013-04-24 09:16:13,555 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor - Public object - authentication not attempted
2013-04-24 09:16:13,555 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.FilterChainProxy - /logo/login reached end of additional filter chain; proceeding with original chain
2013-04-24 09:16:13,557 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.access.ExceptionTranslationFilter - Chain processed normally
2013-04-24 09:16:13,557 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2013-04-24 09:16:13,557 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.context.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
No se porque pero creo que se le conceden permisos de ROLE_ANONYMOUS, pero ese ROLE yo no lo tengo en mi LDAP.

Te dejo los ficheros, pero yo supongo que falta algo, porque por ejemplo el usuario okmAdmin tiene diferente pass en el LDAP que la que le asigne en OpenKM y me deja entrar con la de OpenKM y la del LDAP no. Me da la sensación que a la hora del login ignora al LDAP.

Parece que empiezan a llegar los progresos.

De antemano, gracias por su ayuda.

Re: Configuración Active Directory

PostPosted:Thu Apr 25, 2013 8:56 am
by jllort
authentication error quiere decir que no se logea, no llega a pasar el usuario y clave.

De momento no has un filtrado por role en los usuario:
<beans:constructor-arg index="1" value="(&(sAMAccountName={0})(|(memberOf=CN=ROLE_ADMIN,CN=users,DC=almis,DC=local)(memberOf=CN=ROLE_USER,CN=users,DC=almis,DC=local)))" />
déjalo solo con (sAMAccountName={0})

Y si así te logea quiere decir que no tienes asignado el rol al usuario

Re: Configuración Active Directory

PostPosted:Thu Apr 25, 2013 9:48 am
by dgutierrez
El usuario que he probado si que está asignado a ROLE_ADMIN. De todos modos he probado realizando el cambio que me comentas y sigo sin poder loguearme.

En definitiva se obtiene la misma traza. El usuario del LDAP está bien, puesto que inicio sesión todos los días con dicha cuenta en mi equipo. Las query de la configuración las he probado en apache DS y hace las búsquedas de forma correcta.

Aparece la siguiente traza de DEBUG:
Code: Select all
2013-04-25 11:47:20,691 [http-bio-0.0.0.0-8080-exec-6] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/j_spring_security_check'; against '/services/**'
2013-04-25 11:47:20,691 [http-bio-0.0.0.0-8080-exec-6] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/j_spring_security_check'; against '/status'
2013-04-25 11:47:20,691 [http-bio-0.0.0.0-8080-exec-6] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/j_spring_security_check'; against '/download'
2013-04-25 11:47:20,691 [http-bio-0.0.0.0-8080-exec-6] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/j_spring_security_check'; against '/workflow-register'
2013-04-25 11:47:20,691 [http-bio-0.0.0.0-8080-exec-6] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/j_spring_security_check'; against '/webdav/**'
2013-04-25 11:47:20,692 [http-bio-0.0.0.0-8080-exec-6] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/j_spring_security_check'; against '/feed/**'
2013-04-25 11:47:20,692 [http-bio-0.0.0.0-8080-exec-6] DEBUG org.springframework.security.web.FilterChainProxy - /j_spring_security_check at position 1 of 8 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2013-04-25 11:47:20,692 [http-bio-0.0.0.0-8080-exec-6] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - HttpSession returned null object for SPRING_SECURITY_CONTEXT
2013-04-25 11:47:20,692 [http-bio-0.0.0.0-8080-exec-6] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@14a78af0. A new one will be created.
2013-04-25 11:47:20,692 [http-bio-0.0.0.0-8080-exec-6] DEBUG org.springframework.security.web.FilterChainProxy - /j_spring_security_check at position 2 of 8 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
2013-04-25 11:47:20,692 [http-bio-0.0.0.0-8080-exec-6] DEBUG org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter - Request is to process authentication
2013-04-25 11:47:20,693 [http-bio-0.0.0.0-8080-exec-6] DEBUG org.springframework.security.authentication.ProviderManager - Authentication attempt using org.springframework.security.authentication.dao.DaoAuthenticationProvider
2013-04-25 11:47:20,730 [http-bio-0.0.0.0-8080-exec-6] DEBUG org.springframework.security.provisioning.JdbcUserDetailsManager - Query returned no results for user 'dgutierrez'
2013-04-25 11:47:20,735 [http-bio-0.0.0.0-8080-exec-6] DEBUG org.springframework.security.authentication.dao.DaoAuthenticationProvider - User 'dgutierrez' not found
2013-04-25 11:47:20,735 [http-bio-0.0.0.0-8080-exec-6] DEBUG org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter - Authentication request failed: org.springframework.security.authentication.BadCredentialsException: Bad credentials
2013-04-25 11:47:20,735 [http-bio-0.0.0.0-8080-exec-6] DEBUG org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter - Updated SecurityContextHolder to contain null Authentication
2013-04-25 11:47:20,735 [http-bio-0.0.0.0-8080-exec-6] DEBUG org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter - Delegating to authentication failure handlerorg.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler@103219d3
2013-04-25 11:47:20,736 [http-bio-0.0.0.0-8080-exec-6] DEBUG org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler - Redirecting to /login.jsp?error=1
2013-04-25 11:47:20,737 [http-bio-0.0.0.0-8080-exec-6] DEBUG org.springframework.security.web.DefaultRedirectStrategy - Redirecting to '/OpenKM/login.jsp?error=1'
2013-04-25 11:47:20,737 [http-bio-0.0.0.0-8080-exec-6] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2013-04-25 11:47:20,737 [http-bio-0.0.0.0-8080-exec-6] DEBUG org.springframework.security.web.context.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
2013-04-25 11:47:20,769 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/login.jsp'; against '/services/**'
2013-04-25 11:47:20,769 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/login.jsp'; against '/status'
2013-04-25 11:47:20,769 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/login.jsp'; against '/download'
2013-04-25 11:47:20,770 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/login.jsp'; against '/workflow-register'
2013-04-25 11:47:20,770 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/login.jsp'; against '/webdav/**'
2013-04-25 11:47:20,770 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/login.jsp'; against '/feed/**'
2013-04-25 11:47:20,770 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.FilterChainProxy - /login.jsp?error=1 at position 1 of 8 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2013-04-25 11:47:20,770 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - HttpSession returned null object for SPRING_SECURITY_CONTEXT
2013-04-25 11:47:20,771 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@14a78af0. A new one will be created.
2013-04-25 11:47:20,771 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.FilterChainProxy - /login.jsp?error=1 at position 2 of 8 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
2013-04-25 11:47:20,771 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.FilterChainProxy - /login.jsp?error=1 at position 3 of 8 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
2013-04-25 11:47:20,771 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.savedrequest.DefaultSavedRequest - pathInfo: both null (property equals)
2013-04-25 11:47:20,771 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.savedrequest.DefaultSavedRequest - queryString: arg1=null; arg2=error=1 (property not equals)
2013-04-25 11:47:20,771 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.savedrequest.HttpSessionRequestCache - saved request doesn't match
2013-04-25 11:47:20,772 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.FilterChainProxy - /login.jsp?error=1 at position 4 of 8 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2013-04-25 11:47:20,772 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.FilterChainProxy - /login.jsp?error=1 at position 5 of 8 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2013-04-25 11:47:20,772 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.authentication.AnonymousAuthenticationFilter - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@905571d8: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@0: RemoteIpAddress: 172.17.2.35; SessionId: 959592B226BB648BFD17E1AFB97D8E0C; Granted Authorities: ROLE_ANONYMOUS'
2013-04-25 11:47:20,772 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.FilterChainProxy - /login.jsp?error=1 at position 6 of 8 in additional filter chain; firing Filter: 'SessionManagementFilter'
2013-04-25 11:47:20,772 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.FilterChainProxy - /login.jsp?error=1 at position 7 of 8 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2013-04-25 11:47:20,773 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.FilterChainProxy - /login.jsp?error=1 at position 8 of 8 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2013-04-25 11:47:20,773 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/login.jsp'; against '/frontend/**'
2013-04-25 11:47:20,773 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/login.jsp'; against '/login.jsp'
2013-04-25 11:47:20,773 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor - Secure object: FilterInvocation: URL: /login.jsp?error=1; Attributes: [IS_AUTHENTICATED_ANONYMOUSLY]
2013-04-25 11:47:20,774 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor - Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@905571d8: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@0: RemoteIpAddress: 172.17.2.35; SessionId: 959592B226BB648BFD17E1AFB97D8E0C; Granted Authorities: ROLE_ANONYMOUS
2013-04-25 11:47:20,774 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.access.vote.AffirmativeBased - Voter: org.springframework.security.access.vote.RoleVoter@63721e22, returned: 0
2013-04-25 11:47:20,774 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.access.vote.AffirmativeBased - Voter: org.springframework.security.access.vote.AuthenticatedVoter@59187d2f, returned: 1
2013-04-25 11:47:20,774 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor - Authorization successful
2013-04-25 11:47:20,774 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor - RunAsManager did not change Authentication object
2013-04-25 11:47:20,774 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.FilterChainProxy - /login.jsp?error=1 reached end of additional filter chain; proceeding with original chain
2013-04-25 11:47:21,495 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.access.ExceptionTranslationFilter - Chain processed normally
2013-04-25 11:47:21,495 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2013-04-25 11:47:21,495 [http-bio-0.0.0.0-8080-exec-7] DEBUG org.springframework.security.web.context.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
¿No puede ser que el login lo este comprobando en la base de datos embebida?

Re: Configuración Active Directory

PostPosted:Fri Apr 26, 2013 4:12 pm
by jllort
Si has cambiado el openKM.xml y has comentado la parte que afecta al login en la base de datos no es posible que lo este realizando ahí.

Re: Configuración Active Directory

PostPosted:Mon Apr 29, 2013 8:29 am
by dgutierrez
La parte esa directamente la elimine del fichero y he hecho una prueba para comprobar que efectivamente carga los usuario de la base de datos embebida. La prueba ha sido:
1.-Borrar la configuración de LDAP y volver a poner esa parte por defecto.
2.-Crear un nuevo usuario.
3.-Volver a poner la configuración para LDAP.
4.-Iniciar sesión con el nuevo usuario creado.

Se ah comprobado que el logueo ha sido satisfactorio por lo que comprueba los usuarios con la base de datos embebida, a la hora de realizar el login.

¿Además de OpenKM.xml se debe tocar algún otro fichero? Es que no entiendo porque carga los usuarios de la base de datos embebida, o ¿puede ser que los cargue de MySQL? Pero bueno al fin y al cabo es el mismo problema, a la hora del login no mira en el LDAP

Re: Configuración Active Directory

PostPosted:Tue Apr 30, 2013 7:21 am
by jllort
Despues de configurar el OpenKM.xml tienes que configurar la aplicación ( los parametros de configuración ) en tu caso te has olvidado de un parámetro fundamental el principal.adapter=com.openkm.principal.LdapPrincipalAdapter asegúrate que tenga el valor correcto. Y un detalle importante, después de cambiar este parámetro tienes que reiniciar la aplicación.

Re: Configuración Active Directory

PostPosted:Tue Apr 30, 2013 8:17 am
by dgutierrez
No ese parámetro ya lo configuré desde el principio puesto que en algunos Post miré que esa era una de las causas por las que fallaba y muchas personas cometían dicho fallo.

El parámetro lo tengo puesto tal y como has escrito en tu mensaje.

La aplicación nose porque razón sigue comprobando a los usuarios dentro de la base de datos embebida. ¿No habrá que configurar algún fichero más a parte de OpenKM.xml y el panel de Administración --> config?

Tengo que decir que empece usando OpenKM sin configurar el LDAP desde un principio. Es decir la primera vez lo inicie como viene por defecto para probar que se había instalado bien y luego le fuy añadiendo, MySQL, LDAP, LIbreOffice...

No tendrá nada que ver no¿?

Gracias por su interes.

Re: Configuración Active Directory

PostPosted:Thu May 02, 2013 9:29 pm
by jllort
Pero has reiniciado la aplicación después de cambiar el parámetro ? Porque este cambio en concreto precisa de que se reinicie la aplicación. Y puedes estar mas que seguro que no te va a pillar los datos de la base de datos embebida esto es totalmente imposible.

Re: Configuración Active Directory

PostPosted:Fri May 03, 2013 6:08 am
by dgutierrez
Tomcat ya lo reinicie, es lo mismo que cuando cambias OpenKM.xml, ¿no?

Re: Configuración Active Directory

PostPosted:Sat May 04, 2013 6:05 pm
by jllort
Efectivamente, te puedo asegurar totalmente que si has reiniciado el tomcat y el parametro de configuración es el del ldap es totalmente imposible que te este pillando valores de la base de datos. Algo no estas haciendo bien, porque esto no es trivial de configurar, pero esto que me cuentas es literalmente imposible.

Re: Configuración Active Directory

PostPosted:Mon May 06, 2013 6:45 am
by dgutierrez
Pues no consigo ver lo que estoy haciendo mal puesto que he seguido el ejemplo 3 que teneis de la wiki y las configuraciones las adjunto por si puede echarle un ojo. Encuentra algo extraño/mal en las configuraciones? Hay que configurar algo más para poder loguearme con los usuarios del lDAP?

Re: Configuración Active Directory

PostPosted:Wed May 08, 2013 11:28 am
by jllort
Esto que me cuentas me cuesta de creer. Si eliminas los datos de acceso al ldap desde la administración te continuan saliendo los usuarios de la base de datos ( eso es imposible ).
All times are UTC
Page 2 of 4
Powered by phpBB® Forum Software © phpBB Limited