Page 1 of 1
nullpointerexception with ldap login module
PostPosted:Mon Mar 15, 2010 1:29 pm
by kraken
i've added a new login module for ldap, but everytime i login i get
Code: Select all14:17:03,561 ERROR [[/OpenKM]] Exception while dispatching incoming RPC call
com.google.gwt.user.server.rpc.UnexpectedException: Service method 'public abstract es.git.openkm.frontend.client.bean.GWTWorkspace es.git.openkm.frontend.client.service.OKMWorkspaceService.getUserWorkspace() throws es.git.openkm.frontend.client.OKMException' threw an unexpected exception: java.lang.NullPointerException
at com.google.gwt.user.server.rpc.RPC.encodeResponseForFailure(RPC.java:360)
at com.google.gwt.user.server.rpc.RPC.invokeAndEncodeResponse(RPC.java:546)
at com.google.gwt.user.server.rpc.RemoteServiceServlet.processCall(RemoteServiceServlet.java:164)
at com.google.gwt.user.server.rpc.RemoteServiceServlet.doPost(RemoteServiceServlet.java:86)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:182)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:432)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
at java.lang.Thread.run(Thread.java:619)
Caused by: java.lang.NullPointerException
at es.git.openkm.frontend.server.OKMWorkspaceServlet.getUserWorkspace(OKMWorkspaceServlet.java:74)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.google.gwt.user.server.rpc.RPC.invokeAndEncodeResponse(RPC.java:527)
... 23 more
any chance to know how to fix this ?
Re: nullpointerexception with ldap login module
PostPosted:Mon Mar 15, 2010 3:46 pm
by jllort
AS you can see in log, when OpenKM tries to get the logged user, obtains a "null" I think it's clear.
It's needed more information to understanding what's happening.
1- With which ldap you're integrating ( microsoft or other ).
2- Except this error, the OpenKM logins well ?
3- When you says "new ldap login module" you've made a new class ? really it's not needed in major cases, with OpenKM 4.0 ldap is configured in OpenKM.cfg by parameters
Re: nullpointerexception with ldap login module
PostPosted:Mon Mar 15, 2010 4:00 pm
by kraken
i've this as login-config-xml as i need to allow login for multiple domains. this works ok in any version of OpenKM less than 4.0:
Code: Select all <application-policy name="OpenKM">
<authentication>
<login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="sufficient">
<module-option name="dsJndiName">java:/OKMAuthDS</module-option>
<module-option name="principalsQuery">select usr_pass as PASSWD from users where usr_id=? and usr_active='true'</module-option>
<module-option name="rolesQuery">select ur_role as ROLEID, 'Roles' from user_role where ur_user=?</module-option>
</login-module>
<login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="sufficient">
<module-option name="java.naming.provider.url">ldap://192.168.10.11:389</module-option>
<module-option name="bindDN">CN=_xxxxx,CN=xxxxx,DC=xxxxx,DC=xxxxx</module-option>
<module-option name="java.naming.security.authentication">simple</module-option>
<module-option name="bindCredential">xxxxx</module-option>
<module-option name="baseCtxDN">OU=xxxxx,DC=xxxxx,DC=xxxxx</module-option>
<module-option name="baseFilter">(sAMAccountName={0})</module-option>
<module-option name="rolesCtxDN">OU=xxxxx,DC=xxxxx,DC=xxxxx</module-option>
<module-option name="roleFilter">(sAMAccountName={0})</module-option>
<module-option name="roleAttributeID">memberOf</module-option>
<module-option name="roleAttributeIsDN">true</module-option>
<module-option name="roleNameAttributeID">cn</module-option>
<module-option name="roleRecursion">-1</module-option>
<module-option name="searchScope">SUBTREE_SCOPE</module-option>
<module-option name="defaultRole">AdminRol</module-option>
<module-option name="allowEmptyPasswords">false</module-option>
</login-module>
<login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="sufficient" >
<module-option name="java.naming.provider.url">ldap://192.168.10.11:389</module-option>
<module-option name="bindDN">CN=_xxxxx,CN=xxxxx,DC=xxxxx,DC=xxxxx</module-option>
<module-option name="java.naming.security.authentication">simple</module-option>
<module-option name="bindCredential">xxxxx</module-option>
<module-option name="baseCtxDN">OU=xxxxx,OU=xxxxx,DC=xxxxx,DC=xxxxx</module-option>
<module-option name="baseFilter">(sAMAccountName={0})</module-option>
<module-option name="rolesCtxDN">OU=xxxxx,OU=xxxxx,DC=xxxxx,DC=xxxxx</module-option>
<module-option name="roleFilter">(sAMAccountName={0})</module-option>
<module-option name="roleAttributeID">memberOf</module-option>
<module-option name="roleAttributeIsDN">true</module-option>
<module-option name="roleNameAttributeID">cn</module-option>
<module-option name="roleRecursion">-1</module-option>
<module-option name="searchScope">SUBTREE_SCOPE</module-option>
<module-option name="defaultRole">UserRol</module-option>
<module-option name="allowEmptyPasswords">false</module-option>
</login-module>
<login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="sufficient" >
<module-option name="java.naming.provider.url">ldap://192.168.10.14:389</module-option>
<module-option name="bindDN">CN=_xxxxx,CN=xxxxx,DC=xxxxx,DC=xxxxx</module-option>
<module-option name="java.naming.security.authentication">simple</module-option>
<module-option name="bindCredential">xxxxx</module-option>
<module-option name="baseCtxDN">OU=xxxxx,DC=xxxxx,DC=xxxxx</module-option>
<module-option name="baseFilter">(sAMAccountName={0})</module-option>
<module-option name="rolesCtxDN">OU=xxxxx,DC=xxxxx,DC=xxxxx</module-option>
<module-option name="roleFilter">(sAMAccountName={0})</module-option>
<module-option name="roleAttributeID">memberOf</module-option>
<module-option name="roleAttributeIsDN">true</module-option>
<module-option name="roleNameAttributeID">cn</module-option>
<module-option name="roleRecursion">-1</module-option>
<module-option name="searchScope">SUBTREE_SCOPE</module-option>
<module-option name="defaultRole">UserRol</module-option>
<module-option name="allowEmptyPasswords">false</module-option>
</login-module>
</authentication>
</application-policy>
Re: nullpointerexception with ldap login module
PostPosted:Mon Mar 15, 2010 9:31 pm
by jllort
You know we've changed UserRol to UserRole and AdminRol to AdminRole I think this could be the problem.
Re: nullpointerexception with ldap login module
PostPosted:Mon Mar 15, 2010 9:50 pm
by kraken
I remember i've tried both. But tomorrow i'll make some more tests on this... if i discover the same problem i will report you... thanx !
Re: nullpointerexception with ldap login module
PostPosted:Tue Mar 16, 2010 10:47 am
by jllort
In your xml there's some UserRol and AdminRol ( you must change there and in your ldap ) to become compatible with version 4.0
Re: nullpointerexception with ldap login module
PostPosted:Fri Apr 23, 2010 7:43 pm
by akorn
Hi,
I have a similar problem. This is a new installation of OpenKM 4.1 RC1. For a little while, to experiment, we used it with the default configuration; then I changed login-config.xml so the auth part now reads as follows:
Code: Select all<!-- OpenKM -->
<!-- default OKMAuthDS commented out -->
<application-policy name="OpenKM">
<authentication>
<login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required" >
<module-option name="java.naming.provider.url">ldap://ldap.mydomain.net:389</module-option>
<module-option name="java.naming.security.authentication">simple</module-option>
<module-option name="baseCtxDN">ou=People,dc=mydomain,dc=net</module-option>
<module-option name="baseFilter">(uid={0})</module-option>
<module-option name="rolesCtxDN">ou=Group,dc=mydomain,dc=net</module-option>
<module-option name="roleFilter">(member={1})</module-option>
<module-option name="roleAttributeID">memberOf</module-option>
<module-option name="roleAttributeIsDN">true</module-option>
<module-option name="roleRecursion">2</module-option>
<module-option name="searchScope">ONELEVEL_SCOPE</module-option>
<module-option name="defaultRole">UserRole</module-option>
<module-option name="allowEmptyPasswords">False</module-option>
</login-module>
</authentication>
</application-policy>
OpenKM.cfg contains the following LDAP related settings:
Code: Select allprincipal.ldap.server=ldap://ldap.mydomain.net
principal.ldap.search=dc=mydomain,dc=net
principal.ldap.user.search.base=ou=People,dc=mydomain,dc=net
principal.ldap.user.search.filter=(objectClass=inetOrgPerson)
principal.ldap.role.search.base=ou=Group,dc=mydomain,dc=net
principal.ldap.role.search.filter=(objectclass=groupOfNames)
principal.ldap.role.atribute=cn
principal.ldap.user.atribute=uid
principal.ldap.mail.search.base=uid={0},ou=People,dc=mydomain,dc=net
principal.ldap.mail.search.filter=(objectclass=inetOrgperson)
principal.ldap.mail.atribute=mail
I can log in, but when I do, the web GUI says "Error when communicating with server (getUserWorkspace)".
In the server log I see:
Code: Select all21:18:38,149 ERROR [[/OpenKM]] Exception while dispatching incoming RPC call
com.google.gwt.user.server.rpc.UnexpectedException: Service method 'public abstract es.git.openkm.frontend.client.bean.GWTWorkspace es.git.openkm.frontend.client.service.OKMWorkspaceService.getUserWorkspace() throws es.git.openkm.frontend.client.OKMException' threw an unexpected exception: java.lang.NullPointerException
at com.google.gwt.user.server.rpc.RPC.encodeResponseForFailure(RPC.java:360)
at com.google.gwt.user.server.rpc.RPC.invokeAndEncodeResponse(RPC.java:546)
at com.google.gwt.user.server.rpc.RemoteServiceServlet.processCall(RemoteServiceServlet.java:164)
at com.google.gwt.user.server.rpc.RemoteServiceServlet.doPost(RemoteServiceServlet.java:86)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:182)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:432)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
at java.lang.Thread.run(Thread.java:619)
Caused by: java.lang.NullPointerException
at es.git.openkm.frontend.server.OKMWorkspaceServlet.getUserWorkspace(OKMWorkspaceServlet.java:77)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.google.gwt.user.server.rpc.RPC.invokeAndEncodeResponse(RPC.java:527)
... 23 more
I have no idea why this happens (or even what it means, other than that a "workspace" for the user wasn't "found" - but I don't know where or how it's supposed to be found). Any help would be appreciated.
Re: nullpointerexception with ldap login module
PostPosted:Fri Apr 23, 2010 9:17 pm
by akorn
akorn wrote:I have no idea why this happens (or even what it means, other than that a "workspace" for the user wasn't "found" - but I don't know where or how it's supposed to be found). Any help would be appreciated.
I still don't understand what happened, but it works now; see
http://forum.openkm.com/viewtopic.php?f=4&t=3714.
Re: nullpointerexception with ldap login module
PostPosted:Tue Apr 27, 2010 8:41 am
by jllort
Sometimes jboss cache could be the origin of the problem. It not bad idea after stoping to clean tmp folder content to prevent problems ( but in this configuration change might not be the reason ).
Re: nullpointerexception with ldap login module
PostPosted:Tue Apr 27, 2010 9:18 am
by akorn
Thanks; however, I'm still curious what the "workspace" is (preferably in non-Java-developer terms :), and in what constitutes "finding" it.
I come from the Unix world, so my intuitive reading of the error message was that some analogue of the home directory of the user wasn't found.
So, what is the workspace? Where and how does OpenKM look for it, and how does it know that it's been found?
Thanks!
Re: nullpointerexception with ldap login module
PostPosted:Thu Apr 29, 2010 5:45 pm
by jllort
We'll looking more your stacktrace:
Line 77 of WorkspaceServlet is:
Code: Select all workspace.setEmail(user.getEmail());
For some reason this user has no mail and when is set null then it occurs the error.
Have you been migrating something between versions or something similiar, any reason why some user has no mail address ?
Re: nullpointerexception with ldap login module
PostPosted:Thu Apr 29, 2010 6:40 pm
by akorn
It was probably caused by the not-quite-correct LDAP configuration; maybe the user wasn't looked up properly or something. I'm basically just whining about the lack of clarity in the error message here. :) (A stacktrace is not an error message, and it doesn't substitute an error message either, I think.)