Open Source Document Management System | OpenKM

Because information matters
https://forum.openkm.com/

5.0 RC1 Active directory issues

https://forum.openkm.com/viewtopic.php?t=4141

Page 1 of 1

5.0 RC1 Active directory issues

PostPosted:Thu Nov 18, 2010 9:30 pm
by ManPage
I am getting a bunch of errors any time anyone logs in. my OpenKM.cfg has this
Code: Select all
principal.adapter=com.openkm.principal.LdapPrincipalAdapter
principal.ldap.server=ldap://192.168.1.14
principal.ldap.security.principal=CN=BindUser,ou=Personnel,ou=Union,dc=atlanticunion,dc=org
principal.ldap.security.credentials=***
principal.ldap.user.search.base=ou=personnel,ou=union,dc=atlanticunion,dc=org
#principal.ldap.user.search.filter=(&(objectclass=user)(memberOf=CN=UserRole,OU=Personnel,OU=Union,DC=atlanticunion,DC=org))
principal.ldap.user.search.filter=(objectclass=person)
principal.ldap.user.attribute=cn
principal.ldap.role.search.base=ou=Personnel,ou=Union,dc=atlanticunion,dc=org
#principal.ldap.role.search.filter=(&(objectclass=group)(memberOf=CN=OpenKM,OU=Personnel,OU=Union,DC=atlanticunion,DC=org))
principal.ldap.role.search.filter=(objectclass=group)
principal.ldap.role.attribute=cn
principal.ldap.mail.search.base=cn={0},ou=Personnel,ou=Union,ou=atlanticunion,dc=org
principal.ldap.mail.search.filter=(objectclass=person)
principal.ldap.mail.attribute=mail
system.login.lowercase=on
login-config.xml
Code: Select all
<application-policy name = "OpenKM">
       <authentication>
         <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag = "required">
            <module-option name="java.naming.provider.url">ldap://192.168.1.14</module-option>
            <module-option name="bindDN">CN=BindUser,ou=Personnel,ou=Union,dc=atlanticunion,dc=org</module-option>
            <module-option name="java.naming.security.authentication">simple</module-option>
            <module-option name="bindCredential">***</module-option>
            <module-option name="baseCtxDN">ou=personnel,ou=union,dc=atlanticunion,dc=org</module-option>
            <module-option name="rolesCtxDN">ou=personnel,ou=union,dc=atlanticunion,dc=org</module-option>
            <module-option name="roleFilter">(member={1})</module-option>
            <module-option name="roleAttributeID">cn</module-option>
            <module-option name="roleAttributeIsDN">true</module-option>
            <module-option name="roleRecursion">2</module-option>
            <module-option name="searchScope">ONELEVEL_SCOPE</module-option>
            <module-option name="allowEmptyPasswords">false</module-option>
            <module-option name="baseFilter">(sAMAccountName={0})</module-option>
            <module-option name="defaultRole">UserRole</module-option>

         </login-module>
       </authentication>
    </application-policy>



The error is
Code: Select all
16:22:05,850 ERROR [STDERR] javax.naming.directory.InvalidSearchFilterException: Empty filter; remaining name 'ou=personnel,ou=union,dc=atlanticunion,dc=org'
16:22:05,851 ERROR [STDERR] 	at com.sun.jndi.ldap.Filter.encodeFilterString(Filter.java:39)
16:22:05,851 ERROR [STDERR] 	at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:520)
16:22:05,851 ERROR [STDERR] 	at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1962)
16:22:05,851 ERROR [STDERR] 	at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1824)
16:22:05,851 ERROR [STDERR] 	at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1749)
16:22:05,851 ERROR [STDERR] 	at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368)
16:22:05,851 ERROR [STDERR] 	at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338)
16:22:05,851 ERROR [STDERR] 	at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:321)
16:22:05,851 ERROR [STDERR] 	at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:248)
16:22:05,851 ERROR [STDERR] 	at com.openkm.principal.LdapPrincipalAdapter.ldapSearch(LdapPrincipalAdapter.java:200)
16:22:05,851 ERROR [STDERR] 	at com.openkm.principal.LdapPrincipalAdapter.getRolesByUser(LdapPrincipalAdapter.java:136)
16:22:05,851 ERROR [STDERR] 	at com.openkm.module.direct.DirectAuthModule.getRolesByUser(DirectAuthModule.java:836)
16:22:05,851 ERROR [STDERR] 	at com.openkm.api.OKMAuth.getRolesByUser(OKMAuth.java:161)
16:22:05,851 ERROR [STDERR] 	at com.openkm.frontend.server.OKMWorkspaceServlet.getUserWorkspace(OKMWorkspaceServlet.java:296)
16:22:05,851 ERROR [STDERR] 	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
16:22:05,851 ERROR [STDERR] 	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
16:22:05,851 ERROR [STDERR] 	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
16:22:05,851 ERROR [STDERR] 	at java.lang.reflect.Method.invoke(Method.java:597)
16:22:05,851 ERROR [STDERR] 	at com.google.gwt.user.server.rpc.RPC.invokeAndEncodeResponse(RPC.java:562)
16:22:05,851 ERROR [STDERR] 	at com.google.gwt.user.server.rpc.RemoteServiceServlet.processCall(RemoteServiceServlet.java:188)
16:22:05,851 ERROR [STDERR] 	at com.google.gwt.user.server.rpc.RemoteServiceServlet.processPost(RemoteServiceServlet.java:224)
16:22:05,851 ERROR [STDERR] 	at com.google.gwt.user.server.rpc.AbstractRemoteServiceServlet.doPost(AbstractRemoteServiceServlet.java:62)
16:22:05,851 ERROR [STDERR] 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
16:22:05,851 ERROR [STDERR] 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
16:22:05,852 ERROR [STDERR] 	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
16:22:05,852 ERROR [STDERR] 	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
16:22:05,852 ERROR [STDERR] 	at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
16:22:05,852 ERROR [STDERR] 	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
16:22:05,852 ERROR [STDERR] 	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
16:22:05,852 ERROR [STDERR] 	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
16:22:05,852 ERROR [STDERR] 	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
16:22:05,852 ERROR [STDERR] 	at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:182)
16:22:05,852 ERROR [STDERR] 	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:432)
16:22:05,852 ERROR [STDERR] 	at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
16:22:05,852 ERROR [STDERR] 	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
16:22:05,852 ERROR [STDERR] 	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
16:22:05,852 ERROR [STDERR] 	at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
16:22:05,852 ERROR [STDERR] 	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
16:22:05,852 ERROR [STDERR] 	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
16:22:05,852 ERROR [STDERR] 	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
16:22:05,852 ERROR [STDERR] 	at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
16:22:05,852 ERROR [STDERR] 	at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
16:22:05,852 ERROR [STDERR] 	at java.lang.Thread.run(Thread.java:662)
do i can log in but cannot manage users or set up Roles

Any help ?

Thanks

Re: 5.0 RC1 Active directory issues

PostPosted:Thu Nov 18, 2010 10:17 pm
by jllort
1- If you can login then login-config.xml is righ ( forget it )
2- In security panel can you see users and roles ? if you can see both something in OpenKM.cfg is right
3- Can you send a mail to some users ? Then OpenKM.cfg getting mail from ldap is right

You can not change from OpenKM any user data to ldap using administration ... if you're trying doing it, tell me where ... because then there's some problem on logic because must not be allowed it.

Re: 5.0 RC1 Active directory issues

PostPosted:Fri Nov 19, 2010 2:03 pm
by ManPage
I can go into Users and see all the User ID's however com.openkm.principal.LdapPrincipalAdapter is listed for each name in the name column the mail and roles column is also empty. all of the roles are listed however in the Roles dropdown for searching but it does not list any people as members of those roles.
I cannot send e-mails to other users.

when I try to send an email I get this from the console
Code: Select all
09:01:10,779 ERROR [STDERR] javax.naming.PartialResultException: [LDAP: error code 10 - 0000202B: RefErr: DSID-031007EF, data 0, 1 access points
	ref 1: 'org'
]; remaining name 'cn=admin,ou=Personnel,ou=Union,ou=atlanticunion,dc=org'
09:01:10,779 ERROR [STDERR] 	at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2877)
09:01:10,779 ERROR [STDERR] 	at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2794)
09:01:10,779 ERROR [STDERR] 	at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1826)
09:01:10,779 ERROR [STDERR] 	at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1749)
09:01:10,779 ERROR [STDERR] 	at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368)
09:01:10,779 ERROR [STDERR] 	at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338)
09:01:10,779 ERROR [STDERR] 	at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:321)
09:01:10,779 ERROR [STDERR] 	at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:248)
09:01:10,780 ERROR [STDERR] 	at com.openkm.principal.LdapPrincipalAdapter.ldapSearch(LdapPrincipalAdapter.java:200)
09:01:10,780 ERROR [STDERR] 	at com.openkm.principal.LdapPrincipalAdapter.getMails(LdapPrincipalAdapter.java:160)
09:01:10,780 ERROR [STDERR] 	at com.openkm.module.direct.DirectAuthModule.getMails(DirectAuthModule.java:853)
09:01:10,780 ERROR [STDERR] 	at com.openkm.module.direct.DirectNotificationModule.notify(DirectNotificationModule.java:270)
09:01:10,780 ERROR [STDERR] 	at com.openkm.api.OKMNotification.notify(OKMNotification.java:83)
09:01:10,780 ERROR [STDERR] 	at com.openkm.frontend.server.OKMNotifyServlet.notify(OKMNotifyServlet.java:129)
09:01:10,780 ERROR [STDERR] 	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
09:01:10,780 ERROR [STDERR] 	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
09:01:10,780 ERROR [STDERR] 	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
09:01:10,780 ERROR [STDERR] 	at java.lang.reflect.Method.invoke(Method.java:597)
09:01:10,780 ERROR [STDERR] 	at com.google.gwt.user.server.rpc.RPC.invokeAndEncodeResponse(RPC.java:562)
09:01:10,780 ERROR [STDERR] 	at com.google.gwt.user.server.rpc.RemoteServiceServlet.processCall(RemoteServiceServlet.java:188)
09:01:10,780 ERROR [STDERR] 	at com.google.gwt.user.server.rpc.RemoteServiceServlet.processPost(RemoteServiceServlet.java:224)
09:01:10,780 ERROR [STDERR] 	at com.google.gwt.user.server.rpc.AbstractRemoteServiceServlet.doPost(AbstractRemoteServiceServlet.java:62)
09:01:10,780 ERROR [STDERR] 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
09:01:10,780 ERROR [STDERR] 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
09:01:10,780 ERROR [STDERR] 	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
09:01:10,780 ERROR [STDERR] 	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
09:01:10,780 ERROR [STDERR] 	at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
09:01:10,780 ERROR [STDERR] 	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
09:01:10,780 ERROR [STDERR] 	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
09:01:10,780 ERROR [STDERR] 	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
09:01:10,780 ERROR [STDERR] 	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
09:01:10,780 ERROR [STDERR] 	at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:182)
09:01:10,780 ERROR [STDERR] 	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:432)
09:01:10,780 ERROR [STDERR] 	at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
09:01:10,780 ERROR [STDERR] 	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
09:01:10,780 ERROR [STDERR] 	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
09:01:10,780 ERROR [STDERR] 	at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
09:01:10,780 ERROR [STDERR] 	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
09:01:10,780 ERROR [STDERR] 	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
09:01:10,780 ERROR [STDERR] 	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
09:01:10,780 ERROR [STDERR] 	at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
09:01:10,780 ERROR [STDERR] 	at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
09:01:10,780 ERROR [STDERR] 	at java.lang.Thread.run(Thread.java:662)
I also get the same error for each user in my AD when I open up the administration panel and look at users.


Thanks

Re: 5.0 RC1 Active directory issues

PostPosted:Sat Nov 20, 2010 10:49 am
by jllort
Roles are defined under ou=personnel,ou=union,dc=atlanticunion,dc=org and are memberof CN=OpenKM ?
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited