Page 1 of 3
NullPointerException with LDAP
PostPosted:Tue Feb 22, 2011 1:47 pm
by Catscratch
Hi there,
I configured LDAP with Windows Active Directory.
Now I can login with my AD credentials, but I got an error after the login.
First, I show the ldap config files. Thereafter the error message.
Hopefully, someone can help.
OpenKM.cfg
Code: Select allprincipa.adapter=com.openkm.principal.LdapPrincipalAdapter
principal.ldap.server=ldap://MYIP:MYPORT
principal.ldap.security.principal=CN=ldap zugriff,ou=LMMT,ou=MMTOpenUsers,dc=mmtopen,dc=de
principal.ldap.security.credentials=USERPASSWORD
principal.ldap.user.search.base=ou=MMTOpenUsers,dc=mmtopen,dc=de
principal.ldap.user.search.filter=(objectClass=*)
principal.ldap.user.attribute=cn
principal.ldap.role.search.base=ou=MMTOpenUsers,dc=mmtopen,dc=de
principal.ldap.role.search.filter=(objectClass=*)
principal.ldap.role.attribute=cn
default.user.role=UserRole
default.admin.role=AdminRole
login-config.xml
Code: Select all<!-- LDAP -->
<authentication>
<login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required" >
<module-option name="java.naming.provider.url">
ldap://MYIP:MYPORT</module-option>
<module-option name="java.naming.security.authentication">
simple</module-option>
<module-option name="bindDN">
cn=ldap zugriff,ou=LMMT,ou=MMTOpenUsers,dc=mmtopen,dc=de</module-option>
<module-option name="bindCredential">MYPASSWORD</module-option>
<module-option name="baseCtxDN">ou=MMTOpenUsers,dc=mmtopen,dc=de</module-option>
<module-option name="baseFilter">(sAMAccountName={0})</module-option>
<module-option name="rolesCtxDN">ou=MMTOpenUsers,dc=mmtopen,dc=de</module-option>
<module-option name="roleFilter">(member={1})</module-option>
<module-option name="roleAttributeIsDN">false</module-option>
<module-option name="roleAttributeID">cn</module-option>
<module-option name="roleRecursion">2</module-option>
<module-option name="searchTimeLimit">5000</module-option>
<module-option name="searchScope">SUBTREE_SCOPE</module-option>
<module-option name="defaultRole">UserRole</module-option>
</login-module>
</authentication>
And the error message:
Code: Select all13:42:44,023 ERROR [[/OpenKM]] Exception while dispatching incoming RPC call
com.google.gwt.user.server.rpc.UnexpectedException: Service method 'public abstract com.openkm.frontend.client.bean.GWTWorkspace com.openkm.frontend.client.service.OKMWorkspaceService.getUserWorkspace() throws com.openkm.frontend.client.OKMException' threw an unexpected exception: java.lang.NullPointerException
at com.google.gwt.user.server.rpc.RPC.encodeResponseForFailure(RPC.java:378)
at com.google.gwt.user.server.rpc.RPC.invokeAndEncodeResponse(RPC.java:581)
at com.google.gwt.user.server.rpc.RemoteServiceServlet.processCall(RemoteServiceServlet.java:188)
at com.google.gwt.user.server.rpc.RemoteServiceServlet.processPost(RemoteServiceServlet.java:224)
at com.google.gwt.user.server.rpc.AbstractRemoteServiceServlet.doPost(AbstractRemoteServiceServlet.java:62)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:182)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:432)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
at java.lang.Thread.run(Thread.java:636)
Caused by: java.lang.NullPointerException
at com.openkm.frontend.server.OKMWorkspaceServlet.getUserWorkspace(OKMWorkspaceServlet.java:284)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:616)
at com.google.gwt.user.server.rpc.RPC.invokeAndEncodeResponse(RPC.java:562)
... 24 more
The UI shows:
Does someone have an idea?
Thank you!
Re: NullPointerException with LDAP
PostPosted:Wed Feb 23, 2011 8:12 pm
by jllort
login-config.xml is right concentrate in OpenKM.cfg
sure it's your search base ?
Code: Select allprincipal.ldap.user.search.base=ou=MMTOpenUsers,dc=mmtopen,dc=de
might not be
Code: Select allprincipal.ldap.user.search.base=ou=LMMT,ou=MMTOpenUsers,dc=mmtopen,dc=de
I think search filter is wrong
Code: Select allprincipal.ldap.user.search.filter=(objectclass=person)
principal.ldap.role.search.filter=(objectclass=group)
That's it's well explained
http://wiki.openkm.com/index.php/Active_Directory
Re: NullPointerException with LDAP
PostPosted:Thu Feb 24, 2011 9:13 am
by Catscratch
Thanks for your reply. I tried it in different combinations, without success.
The error still is the same.
Our structure is like the following:
MMTOpenUsers
- LMMT
- GroupA
- - SubGroupAA
- - SubGroupAB
- GroupB
... and so on.
I need access for all users in GroupA, SubGroupAA, SubGroupAB and GroupB.
Do you have any hint left?
Thanks.
Re: NullPointerException with LDAP
PostPosted:Fri Feb 25, 2011 8:06 am
by Catscratch
I found something out.
The error:
Code: Select allCaused by: java.lang.NullPointerException
at com.openkm.frontend.server.OKMWorkspaceServlet.getUserWorkspace(OKMWorkspaceServlet.java:284)
...was thrown by the OKMWorkspaceServlet.java.
So I downloaded the source code. And at line 284 is the following:
Code: Select allworkspace.setEmail(user.getEmail());
So I think
user.getEmail() returns null. Is there a workaround? Or how may I fix it?
I looked in the Active Directory. Our users there normally don't have an email adress. So I entered one for the test user and tried to login. But the error remains.
Thanks.
Re: NullPointerException with LDAP
PostPosted:Fri Feb 25, 2011 5:17 pm
by jllort
Probably in that scenario it might be needed to implement a specific LdapPrincipalAdapter.java
Re: NullPointerException with LDAP
PostPosted:Wed Mar 09, 2011 11:59 am
by Catscratch
Hi again.
I'm able to modify the AD to match for openKM. So there has to be another solution than implementing an own adapter?
What's the problem above? May you help me to understand it please?
Thank you and best regards.
Re: NullPointerException with LDAP
PostPosted:Thu Mar 10, 2011 8:09 am
by jllort
ldap configuration parameters are based on with one query can be get all related record. Here could happen two things, or your query is not right or it's not possible getting all records with only one query (normally because you've got users in several separated nodes etc...) then must be implemented a specific adapter.
Re: NullPointerException with LDAP
PostPosted:Thu Mar 10, 2011 9:44 am
by Catscratch
All users are in the same LDAP group. Not all, but this ones who will login to OpenKM.
Is there a howto or something like this? Or are there some other adapters I may use?
Re: NullPointerException with LDAP
PostPosted:Fri Mar 11, 2011 8:15 am
by jllort
do you put these params in your OpenKM.cfg configuration because in your first post I've not seen it
Code: Select allprincipal.ldap.mail.search.base=
principal.ldap.mail.search.filter=
principal.ldap.mail.attribute=mail
Re: NullPointerException with LDAP
PostPosted:Fri Mar 11, 2011 10:20 am
by Catscratch
Thanks for the hint, but the error remains. But I also don't know exactly whats the right configuration of all this parameters in the OpenKM.cfg.
Now the cfg looks like the following. MMTOpenUsers is the group where all users are in there.
Code: Select all#new
principa.adapter=com.openkm.principal.LdapPrincipalAdapter
principal.ldap.server=ldap://MYSERVER.IP
principal.ldap.security.principal=CN=ldap zugriff,ou=LMMT,ou=MMTOpenUsers,dc=mmtopen,dc=de
principal.ldap.security.credentials=**********
principal.ldap.user.search.base=ou=MMTOpenUsers,dc=mmtopen,dc=de
principal.ldap.user.search.filter=(objectClass=person)
principal.ldap.user.attribute=cn
principal.ldap.role.search.base=ou=MMTOpenUsers,dc=mmtopen,dc=de
principal.ldap.role.search.filter=(objectClass=group)
principal.ldap.role.attribute=cn
principal.ldap.mail.search.base=ou=MMTOpenUsers,dc=mmtopen,dc=de
principal.ldap.mail.search.filter=(objectClass=person)
principal.ldap.mail.attribute=mail
default.user.role=UserRole
default.admin.role=AdminRole
In MMTOpenUsers there are no users directly.
Instead there are subgroups.
MMTOpenUsers
-> LMMT
-> Mitarbeiter
And so on.
But the search.base should be MMTOpenUsers, right? And subgroups should be searched automatically, or not?
Thanks.
Re: NullPointerException with LDAP
PostPosted:Sat Mar 12, 2011 10:35 am
by jllort
Here is explained with some full example
http://wiki.openkm.com/index.php/Active_Directory but it's closed only to OpenKM Network users, because we considering this kind of integration is on more professional environment.
Better if you put
Code: Select allprincipal.ldap.mail.search.base=cn={0},ou=MMTOpenUsers,dc=mmtopen,dc=de
Re: NullPointerException with LDAP
PostPosted:Sat Mar 12, 2011 12:10 pm
by Catscratch
Thanks for your reply.
I can't access the secured documentation yet. We transfered the money to you and now are waiting for the access data. Until than I have to try it without this examples. But I'm wondering, that it still do not work for us and I don't know whats the problem.
I modified the config file like you described it, but the error remains. I don't know what I could do anymore. Maybe the documentation wiki helps, but I don't really think so.
Best regards.
Re: NullPointerException with LDAP
PostPosted:Mon Mar 14, 2011 1:03 pm
by jllort
Configuring LDAP is not easy. Ensure all is like - similar - wiki documentation, that sure runs. But runs on most - normal - ldap structure, depending how you've done changes etc... could be some differences, here we only can help connecting to your system and taking a look on it.
I suggest use this application to browser directly ldap and take a look at ldap properties etc...
http://technet.microsoft.com/en-us/sysi ... 63907.aspx because ldap application browser which come by default with windows not shows the exact ldap structure as is shown by this ldap browser application.
Re: NullPointerException with LDAP
PostPosted:Fri Mar 18, 2011 12:45 pm
by Catscratch
I checked the ldap path with this tool. Everthing seems to be fine.
But another question. OpenKM throws a nullpointer exception at this point when it tries to get the email address of the user for the user workspace. In the active directory I added an email address for the user which I want to use for the login. Does I have to add email addresses for all user? I think no. Usally OpenKM should only try to get the email address of this user who tries to login, shouldn't it?
Thanks for your reply.
Edit: The server shows on startup.
Code: Select allINFO [DefaultWebAppDesciptorModifierImpl] Ignore servlet: com.openkm.frontend.server.OKMWorkspaceServlet
And the NullPointerExceptions was thrown by: com.openkm.frontend.server.OKMWorkspaceServlet.getUserWorkspace
Is this "INFO" a problem?
Re: NullPointerException with LDAP
PostPosted:Sat Mar 19, 2011 9:36 am
by jllort
The idea is all users have mail address, if you see on OpenKM administration mail is mandatory field, Basically because OpenKM send messages to users ( notifications, subscriptions, etc... ) and for it reason users must have - mandatory - mail address. That's the idea. In our logic we not considering the case that some user could not have mail address.