LDAP: error code 49

[dandevnull]

Okay, so I understand how difficult it is to get Active Directory working properly, I fully understand that now. I'm so close I can taste it.
I've gotten it to the point where any user can login and upload documents, import email, etc. It's fully functioning as far as that goes. With OCR, preview, and everything.
My one last problem is when I go to add permissions to existing folders only the current user shows in the list and only the current role as well.
When I go to the administration tab and click on users nothing shows up, when I click on "force user mail import" I get "success" on the screen but this error in the server.log:

Code: Select all

2011-10-12 09:11:09,939 ERROR [STDERR] javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece]
2011-10-12 09:11:09,939 ERROR [STDERR]  at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3041)
2011-10-12 09:11:09,939 ERROR [STDERR]  at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2987)
2011-10-12 09:11:09,939 ERROR [STDERR]  at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2789)
2011-10-12 09:11:09,939 ERROR [STDERR]  at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2703)
2011-10-12 09:11:09,939 ERROR [STDERR]  at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:293)
2011-10-12 09:11:09,939 ERROR [STDERR]  at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
2011-10-12 09:11:09,939 ERROR [STDERR]  at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
2011-10-12 09:11:09,939 ERROR [STDERR]  at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
2011-10-12 09:11:09,939 ERROR [STDERR]  at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
2011-10-12 09:11:09,939 ERROR [STDERR]  at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
2011-10-12 09:11:09,939 ERROR [STDERR]  at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
2011-10-12 09:11:09,939 ERROR [STDERR]  at javax.naming.InitialContext.init(InitialContext.java:223)
2011-10-12 09:11:09,939 ERROR [STDERR]  at javax.naming.InitialContext.<init>(InitialContext.java:197)
2011-10-12 09:11:09,939 ERROR [STDERR]  at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:82)
2011-10-12 09:11:09,939 ERROR [STDERR]  at com.openkm.principal.LdapPrincipalAdapter.ldapSearch(LdapPrincipalAdapter.java:197)
2011-10-12 09:11:09,939 ERROR [STDERR]  at com.openkm.principal.LdapPrincipalAdapter.getRoles(LdapPrincipalAdapter.java:85)
2011-10-12 09:11:09,939 ERROR [STDERR]  at com.openkm.module.direct.DirectAuthModule.getRoles(DirectAuthModule.java:782)
2011-10-12 09:11:09,939 ERROR [STDERR]  at com.openkm.api.OKMAuth.getRoles(OKMAuth.java:143)
2011-10-12 09:11:09,940 ERROR [STDERR]  at com.openkm.servlet.admin.AuthServlet.userList(AuthServlet.java:251)
2011-10-12 09:11:09,940 ERROR [STDERR]  at com.openkm.servlet.admin.AuthServlet.doGet(AuthServlet.java:93)
2011-10-12 09:11:09,940 ERROR [STDERR]  at javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
2011-10-12 09:11:09,940 ERROR [STDERR]  at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
2011-10-12 09:11:09,940 ERROR [STDERR]  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
2011-10-12 09:11:09,940 ERROR [STDERR]  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
2011-10-12 09:11:09,940 ERROR [STDERR]  at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
2011-10-12 09:11:09,940 ERROR [STDERR]  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
2011-10-12 09:11:09,940 ERROR [STDERR]  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
2011-10-12 09:11:09,940 ERROR [STDERR]  at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
2011-10-12 09:11:09,940 ERROR [STDERR]  at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
2011-10-12 09:11:09,940 ERROR [STDERR]  at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:182)
2011-10-12 09:11:09,940 ERROR [STDERR]  at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:524)
2011-10-12 09:11:09,940 ERROR [STDERR]  at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
2011-10-12 09:11:09,940 ERROR [STDERR]  at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
2011-10-12 09:11:09,940 ERROR [STDERR]  at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
2011-10-12 09:11:09,940 ERROR [STDERR]  at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
2011-10-12 09:11:09,940 ERROR [STDERR]  at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
2011-10-12 09:11:09,940 ERROR [STDERR]  at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
2011-10-12 09:11:09,940 ERROR [STDERR]  at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
2011-10-12 09:11:09,940 ERROR [STDERR]  at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
2011-10-12 09:11:09,940 ERROR [STDERR]  at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
2011-10-12 09:11:09,940 ERROR [STDERR]  at java.lang.Thread.run(Thread.java:662)
2011-10-12 09:11:09,941 TRACE [org.jboss.security.SecurityAssociation] popRunAsIdentity, runAs=null
2011-10-12 09:11:09,941 TRACE [org.jboss.security.SecurityAssociation] clear, server=true
2011-10-12 09:11:09,980 TRACE [org.jboss.security.SecurityAssociation] pushRunAsIdentity, runAs=null
2011-10-12 09:11:09,980 TRACE [org.jboss.security.SecurityAssociation] pushSubjectContext, subject=Subject:

I've looked up that error elsewhere and made the suggested changes but to no avail. Mine is a very standard AD.
I assume that since I can log in my login-config.xml is correct and that this error has something to do with my "configuration" option on the administration tab. Any pointers would be much appreciated. See attached screens shot of config panel.

Thanks in advance.

[jllort]

Let's go step by step.

1- On UI , security tab, you can see users and roles
2- give some screenshot tools / preferences / user configuration
3- some administration screenshot

All users on ldap have mail ? it's mandatory for connecting to OpenKM we asume all users have it node.

[dandevnull]

On security tab I can only see the user that is currently logged in, with the user role. (Even though I am in the AdminRole and I have the administration tab.)
Yes,all user have mail.
See attached screen shots.

security-tab.jpg (225.86 KiB) Viewed 3121 times

User-config.jpg (234.15 KiB) Viewed 3121 times

Admin-userlist.jpg (161.77 KiB) Viewed 3121 times

[dandevnull]

Okay so here's a strange thing, I've logged in as a basic user and this is what I get for the security pane.

[jllort]

After making changes on login-config.xml you must make changes on administration tab ( secon icon from left -> parameters ) there're a lot of ldap parameters that might be set. The good news is that you can doing without restarting jboss ( except first time you change DatabasePrincipalAdapter to LdapPrincipalAdapter this change need jboss restarting ).