Open Source Document Management System | OpenKM

Because information matters
https://forum.openkm.com/

LDAP not working correctly in 6.2

https://forum.openkm.com/viewtopic.php?t=9017

Page 1 of 4

LDAP not working correctly in 6.2

PostPosted:Wed Jan 09, 2013 8:58 am
by Catscratch
Hi,

I got a problem with the LDAP configuration in 6.2. Seems some problem with finding roles by the username.

But I don't know what is exactly wrong.
I think there is an error in the OpenKM.xml config. What exactly should the group-search-* contain?
Also I got a working okm 5.1 as reference for the settings. (I took the settings from these working 5.1 instance)

But first of all, some logs and so on.

Logfile:
Code: Select all
...
2013-01-07 14:01:02,372 [http-bio-0.0.0.0-8080-exec-3] DEBUG org.springframework.security.authentication.ProviderManager - Authentication attempt using org.springframework.security.ldap.authentication.LdapAuthenticationProvider
2013-01-07 14:01:02,372 [http-bio-0.0.0.0-8080-exec-3] DEBUG org.springframework.security.ldap.authentication.LdapAuthenticationProvider - Processing authentication request for user: okmstudent
2013-01-07 14:01:02,377 [http-bio-0.0.0.0-8080-exec-3] DEBUG org.springframework.security.ldap.search.FilterBasedLdapUserSearch - Searching for user 'okmstudent', with user search [ searchFilter: '(&(sAMAccountName={0})(memberOf=cn=OpenKMAllUsers,cn=Users,dc=mmtopen,dc=de))', searchBase: 'ou=MMTOpenUsers,dc=mmtopen,dc=de', scope: subtree, searchTimeLimit: 0, derefLinkFlag: false ]
2013-01-07 14:01:02,387 [http-bio-0.0.0.0-8080-exec-3] DEBUG org.springframework.security.ldap.SpringSecurityLdapTemplate - Searching for entry under DN '', base = 'ou=MMTOpenUsers,dc=mmtopen,dc=de', filter = '(&(sAMAccountName={0})(memberOf=cn=OpenKMAllUsers,cn=Users,dc=mmtopen,dc=de))'
2013-01-07 14:01:02,389 [http-bio-0.0.0.0-8080-exec-3] DEBUG org.springframework.security.ldap.SpringSecurityLdapTemplate - Found DN: cn=OpenKM Student,ou=Studenten,ou=MMTOpenUsers,dc=mmtopen,dc=de
2013-01-07 14:01:02,392 [http-bio-0.0.0.0-8080-exec-3] DEBUG org.springframework.security.ldap.authentication.BindAuthenticator - Attempting to bind as cn=OpenKM Student,ou=Studenten,ou=MMTOpenUsers,dc=mmtopen,dc=de
2013-01-07 14:01:02,392 [http-bio-0.0.0.0-8080-exec-3] DEBUG org.springframework.security.ldap.DefaultSpringSecurityContextSource - Removing pooling flag for user cn=OpenKM Student,ou=Studenten,ou=MMTOpenUsers,dc=mmtopen,dc=de
2013-01-07 14:01:02,398 [http-bio-0.0.0.0-8080-exec-3] DEBUG org.springframework.security.ldap.authentication.BindAuthenticator - Retrieving attributes...
2013-01-07 14:01:02,405 [http-bio-0.0.0.0-8080-exec-3] DEBUG org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator - Getting authorities for user cn=OpenKM Student,ou=Studenten,ou=MMTOpenUsers,dc=mmtopen,dc=de
2013-01-07 14:01:02,409 [http-bio-0.0.0.0-8080-exec-3] DEBUG org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator - Searching for roles for user 'okmstudent', DN = 'cn=OpenKM Student,ou=Studenten,ou=MMTOpenUsers,dc=mmtopen,dc=de', with filter (member={1}) in search base 'cn=Users,dc=mmtopen,dc=de'
2013-01-07 14:01:02,412 [http-bio-0.0.0.0-8080-exec-3] DEBUG org.springframework.security.ldap.SpringSecurityLdapTemplate - Using filter: (member=okmstudent)
2013-01-07 14:01:02,412 [http-bio-0.0.0.0-8080-exec-3] INFO  org.springframework.ldap.core.LdapTemplate - The returnObjFlag of supplied SearchControls is not set but a ContextMapper is used - setting flag to true
2013-01-07 14:01:02,414 [http-bio-0.0.0.0-8080-exec-3] DEBUG org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator - Roles from search: []
2013-01-07 14:01:02,415 [http-bio-0.0.0.0-8080-exec-3] DEBUG org.springframework.security.ldap.userdetails.LdapUserDetailsMapper - Mapping user details from context with DN: cn=OpenKM Student,ou=Studenten,ou=MMTOpenUsers,dc=mmtopen,dc=de

...

2013-01-07 14:01:02,469 [http-bio-0.0.0.0-8080-exec-1] INFO  com.openkm.module.db.DbAuthModule - Create okm:trash/okmstudent
2013-01-07 14:01:02,476 [http-bio-0.0.0.0-8080-exec-1] ERROR com.openkm.module.db.DbAuthModule - 6b5ca2f3-a901-4caa-878a-402eea293d42 : /okm:trash
com.openkm.core.PathNotFoundException: 6b5ca2f3-a901-4caa-878a-402eea293d42 : /okm:trash
	at com.openkm.module.db.stuff.SecurityHelper.checkRead(SecurityHelper.java:106)
	at com.openkm.dao.NodeFolderDAO.create(NodeFolderDAO.java:102)
	at com.openkm.module.db.DbAuthModule.createBase(DbAuthModule.java:437)
	at com.openkm.module.db.DbAuthModule.loadUserData(DbAuthModule.java:400)
	at com.openkm.module.db.DbAuthModule.login(DbAuthModule.java:81)
	at com.openkm.api.OKMAuth.login(OKMAuth.java:52)
	at org.apache.jsp.frontend.index_jsp._jspService(index_jsp.java:68)
	at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
	at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:432)
	at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:390)
	at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:334)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:311)
	at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:116)
	at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:101)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:182)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:173)
	at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
	at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:225)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:169)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
	at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
	at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:999)
	at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:565)
	at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:309)
	at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
	at java.lang.Thread.run(Thread.java:662)
OpenKM.xml
Code: Select all
<security:ldap-server id="ldapServer"
    url="ldap://<MY SERVER>:389"
    manager-dn="cn=<USER>,ou=LMMT,ou=MMTOpenUsers,dc=mmtopen,dc=de"
    manager-password="<PASSWORD>"/>
 
  <security:authentication-manager alias="authenticationManager">
    <security:ldap-authentication-provider
      server-ref="ldapServer"
      user-search-base="ou=MMTOpenUsers,dc=mmtopen,dc=de"
      user-search-filter="(&(sAMAccountName={0})(memberOf=cn=OpenKMAllUsers,cn=Users,dc=mmtopen,dc=de))"
      group-search-base="cn=Users,dc=mmtopen,dc=de"
      group-search-filter="(member={1})"
      group-role-attribute="cn"
      role-prefix="none">
    </security:ldap-authentication-provider>
  </security:authentication-manager>
OpenKM Konfiguration in the database (put from working 5.1 copy):
Code: Select all
	default.user.role	UserRole
	default.admin.role	OpenKMAdmins

	principal.adapter	com.openkm.principal.DatabasePrincipalAdapter
			
	principal.ldap.server	ldap://<MYSERVER>:389
	principal.ldap.security.principal	CN=<USER>,ou=LMMT,ou=MMTOpenUsers,dc=mmtopen,dc=de
	principal.ldap.security.credentials	<PASSWORD>
	principal.ldap.referral	
	principal.ldap.users.from.roles	false
	principal.ldap.user.search.base	ou=MMTOpenUsers,dc=mmtopen,dc=de
	principal.ldap.user.search.filter	(&(objectClass=person)(memberOf=cn=OpenKMAllUsers,cn=Users,dc=mmtopen,dc=de))
	principal.ldap.user.attribute	cn
	principal.ldap.role.search.base	cn=Users,dc=mmtopen,dc=de
	principal.ldap.role.search.filter	(&(objectClass=group)(memberOf=cn=OpenKMGroups,cn=Users,dc=mmtopen,dc=de))
	principal.ldap.role.attribute	cn
	principal.ldap.username.search.base	ou=MMTOpenUsers,dc=mmtopen,dc=de
	principal.ldap.username.search.filter	(&(objectClass=person)(memberOf=cn=OpenKMAllUsers,cn=Users,dc=mmtopen,dc=de)(sAMAccountName={0}))
	principal.ldap.username.attribute	cn
	principal.ldap.mail.search.base	ou=MMTOpenUsers,dc=mmtopen,dc=de
	principal.ldap.mail.search.filter	(&(objectClass=person)(sAMAccountName={0}))
	principal.ldap.mail.attribute	mail
	principal.ldap.users.by.role.search.base	cn={0},cn=Users,dc=mmtopen,dc=de
	principal.ldap.users.by.role.search.filter	(objectClass=group)
	principal.ldap.users.by.role.attribute	member
	principal.ldap.roles.by.user.search.base	ou=MMTOpenUsers,dc=mmtopen,dc=de
	principal.ldap.roles.by.user.search.filter	(&(objectClass=person)(cn={0}))
	principal.ldap.roles.by.user.attribute	memberOf
Some advice?

Thanks!

Re: LDAP not working correctly in 6.2

PostPosted:Wed Jan 09, 2013 9:29 am
by dejanfc
principal.adapter com.openkm.principal.DatabasePrincipalAdapter

Change to

principal.adapter com.openkm.principal.LdapPrincipalAdapter

Re: LDAP not working correctly in 6.2

PostPosted:Wed Jan 09, 2013 9:41 am
by Catscratch
Good hint.

I changed it to:
principal.adapter = com.openkm.principal.LdapPrincipalAdapter

But still the same problem. Here is the log output:
Code: Select all
// ...
2013-01-09 10:44:00,612 [http-bio-0.0.0.0-8080-exec-6] DEBUG org.springframework.security.authentication.ProviderManager - Authentication attempt using org.springframework.security.ldap.authentication.LdapAuthenticationProvider
2013-01-09 10:44:00,612 [http-bio-0.0.0.0-8080-exec-6] DEBUG org.springframework.security.ldap.authentication.LdapAuthenticationProvider - Processing authentication request for user: rf2
2013-01-09 10:44:00,612 [http-bio-0.0.0.0-8080-exec-6] DEBUG org.springframework.security.ldap.search.FilterBasedLdapUserSearch - Searching for user 'rf2', with user search [ searchFilter: '(&(sAMAccountName={0})(memberOf=cn=OpenKMAllUsers,cn=Users,dc=mmtopen,dc=de))', searchBase: 'ou=MMTOpenUsers,dc=mmtopen,dc=de', scope: subtree, searchTimeLimit: 0, derefLinkFlag: false ]
2013-01-09 10:44:00,617 [http-bio-0.0.0.0-8080-exec-6] DEBUG org.springframework.security.ldap.SpringSecurityLdapTemplate - Searching for entry under DN '', base = 'ou=MMTOpenUsers,dc=mmtopen,dc=de', filter = '(&(sAMAccountName={0})(memberOf=cn=OpenKMAllUsers,cn=Users,dc=mmtopen,dc=de))'
2013-01-09 10:44:00,618 [http-bio-0.0.0.0-8080-exec-6] DEBUG org.springframework.security.ldap.SpringSecurityLdapTemplate - Found DN: cn=Ronny Fritzsche,ou=Mitarbeiter,ou=MMTOpenUsers,dc=mmtopen,dc=de
2013-01-09 10:44:00,620 [http-bio-0.0.0.0-8080-exec-6] DEBUG org.springframework.security.ldap.authentication.BindAuthenticator - Attempting to bind as cn=Ronny Fritzsche,ou=Mitarbeiter,ou=MMTOpenUsers,dc=mmtopen,dc=de
2013-01-09 10:44:00,620 [http-bio-0.0.0.0-8080-exec-6] DEBUG org.springframework.security.ldap.DefaultSpringSecurityContextSource - Removing pooling flag for user cn=Ronny Fritzsche,ou=Mitarbeiter,ou=MMTOpenUsers,dc=mmtopen,dc=de
2013-01-09 10:44:00,628 [http-bio-0.0.0.0-8080-exec-6] DEBUG org.springframework.security.ldap.authentication.BindAuthenticator - Retrieving attributes...
2013-01-09 10:44:00,632 [http-bio-0.0.0.0-8080-exec-6] DEBUG org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator - Getting authorities for user cn=Ronny Fritzsche,ou=Mitarbeiter,ou=MMTOpenUsers,dc=mmtopen,dc=de
2013-01-09 10:44:00,633 [http-bio-0.0.0.0-8080-exec-6] DEBUG org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator - Searching for roles for user 'rf2', DN = 'cn=Ronny Fritzsche,ou=Mitarbeiter,ou=MMTOpenUsers,dc=mmtopen,dc=de', with filter (member={1}) in search base 'cn=Users,dc=mmtopen,dc=de'
2013-01-09 10:44:00,633 [http-bio-0.0.0.0-8080-exec-6] DEBUG org.springframework.security.ldap.SpringSecurityLdapTemplate - Using filter: (member=rf2)
2013-01-09 10:44:00,633 [http-bio-0.0.0.0-8080-exec-6] INFO  org.springframework.ldap.core.LdapTemplate - The returnObjFlag of supplied SearchControls is not set but a ContextMapper is used - setting flag to true
2013-01-09 10:44:00,635 [http-bio-0.0.0.0-8080-exec-6] DEBUG org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator - Roles from search: []
2013-01-09 10:44:00,636 [http-bio-0.0.0.0-8080-exec-6] DEBUG org.springframework.security.ldap.userdetails.LdapUserDetailsMapper - Mapping user details from context with DN: cn=Ronny Fritzsche,ou=Mitarbeiter,ou=MMTOpenUsers,dc=mmtopen,dc=de

// ...

2013-01-09 10:44:00,651 [http-bio-0.0.0.0-8080-exec-1] INFO  com.openkm.module.db.DbAuthModule - Create okm:trash/rf2
2013-01-09 10:44:00,655 [http-bio-0.0.0.0-8080-exec-1] ERROR com.openkm.module.db.DbAuthModule - 6b5ca2f3-a901-4caa-878a-402eea293d42 : /okm:trash
com.openkm.core.PathNotFoundException: 6b5ca2f3-a901-4caa-878a-402eea293d42 : /okm:trash
	at com.openkm.module.db.stuff.SecurityHelper.checkRead(SecurityHelper.java:106)
	at com.openkm.dao.NodeFolderDAO.create(NodeFolderDAO.java:102)
	at com.openkm.module.db.DbAuthModule.createBase(DbAuthModule.java:437)
	at com.openkm.module.db.DbAuthModule.loadUserData(DbAuthModule.java:400)
	at com.openkm.module.db.DbAuthModule.login(DbAuthModule.java:81)
	at com.openkm.api.OKMAuth.login(OKMAuth.java:52)
	at org.apache.jsp.frontend.index_jsp._jspService(index_jsp.java:68)
	at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
	at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:432)
	at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:390)
	at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:334)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:311)
	at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:116)
	at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:101)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:182)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:173)
	at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
	at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:225)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:169)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
	at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
	at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:999)
	at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:565)
	at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:309)
	at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
	at java.lang.Thread.run(Thread.java:662)

Re: LDAP not working correctly in 6.2

PostPosted:Wed Jan 09, 2013 9:51 am
by dejanfc
Your group search filter isn't returning any roles. Can you even view any roles from the Administration tab?

Re: LDAP not working correctly in 6.2

PostPosted:Wed Jan 09, 2013 10:00 am
by Catscratch
I can't even login to okm 6.2. So I can't access the administrator tab.

But I can show you what okm 5.1 returned (with the same filter).

Image

Re: LDAP not working correctly in 6.2

PostPosted:Wed Jan 09, 2013 10:41 am
by dejanfc
Your RolePrefix attribute is set to "none", it should be "". Try that first, if it doesn't work, try to comment out group search filter.

Re: LDAP not working correctly in 6.2

PostPosted:Wed Jan 09, 2013 11:21 am
by Catscratch
Ok.

I tried
Code: Select all
role-prefix=""
Without success. Same error.

Then I tried:
Code: Select all
<security:authentication-manager alias="authenticationManager">
    <security:ldap-authentication-provider
      server-ref="ldapServer"
      user-search-base="ou=MMTOpenUsers,dc=mmtopen,dc=de"
      user-search-filter="(&(sAMAccountName={0})(memberOf=cn=OpenKMAllUsers,cn=Users,dc=mmtopen,dc=de))"
      role-prefix="">
    </security:ldap-authentication-provider>
  </security:authentication-manager>
Now I get another error:
Code: Select all
2013-01-09 12:22:36,198 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/j_spring_security_check'; against '/services/**'
2013-01-09 12:22:36,199 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/j_spring_security_check'; against '/status'
2013-01-09 12:22:36,199 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/j_spring_security_check'; against '/download'
2013-01-09 12:22:36,199 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/j_spring_security_check'; against '/workflow-register'
2013-01-09 12:22:36,199 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/j_spring_security_check'; against '/webdav/**'
2013-01-09 12:22:36,199 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/j_spring_security_check'; against '/feed/**'
2013-01-09 12:22:36,199 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.FilterChainProxy - /j_spring_security_check at position 1 of 8 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2013-01-09 12:22:36,199 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - HttpSession returned null object for SPRING_SECURITY_CONTEXT
2013-01-09 12:22:36,199 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@789df61d. A new one will be created.
2013-01-09 12:22:36,199 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.FilterChainProxy - /j_spring_security_check at position 2 of 8 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
2013-01-09 12:22:36,199 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter - Request is to process authentication
2013-01-09 12:22:36,200 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.authentication.ProviderManager - Authentication attempt using org.springframework.security.ldap.authentication.LdapAuthenticationProvider
2013-01-09 12:22:36,200 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.ldap.authentication.LdapAuthenticationProvider - Processing authentication request for user: rf2
2013-01-09 12:22:36,203 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.ldap.search.FilterBasedLdapUserSearch - Searching for user 'rf2', with user search [ searchFilter: '(&(sAMAccountName={0})(memberOf=cn=OpenKMAllUsers,cn=Users,dc=mmtopen,dc=de))', searchBase: 'ou=MMTOpenUsers,dc=mmtopen,dc=de', scope: subtree, searchTimeLimit: 0, derefLinkFlag: false ]
2013-01-09 12:22:36,244 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.ldap.SpringSecurityLdapTemplate - Searching for entry under DN '', base = 'ou=MMTOpenUsers,dc=mmtopen,dc=de', filter = '(&(sAMAccountName={0})(memberOf=cn=OpenKMAllUsers,cn=Users,dc=mmtopen,dc=de))'
2013-01-09 12:22:36,272 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.ldap.SpringSecurityLdapTemplate - Found DN: cn=Ronny Fritzsche,ou=Mitarbeiter,ou=MMTOpenUsers,dc=mmtopen,dc=de
2013-01-09 12:22:36,280 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.ldap.authentication.BindAuthenticator - Attempting to bind as cn=Ronny Fritzsche,ou=Mitarbeiter,ou=MMTOpenUsers,dc=mmtopen,dc=de
2013-01-09 12:22:36,280 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.ldap.DefaultSpringSecurityContextSource - Removing pooling flag for user cn=Ronny Fritzsche,ou=Mitarbeiter,ou=MMTOpenUsers,dc=mmtopen,dc=de
2013-01-09 12:22:36,286 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.ldap.authentication.BindAuthenticator - Retrieving attributes...
2013-01-09 12:22:36,292 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator - Getting authorities for user cn=Ronny Fritzsche,ou=Mitarbeiter,ou=MMTOpenUsers,dc=mmtopen,dc=de
2013-01-09 12:22:36,293 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator - Searching for roles for user 'rf2', DN = 'cn=Ronny Fritzsche,ou=Mitarbeiter,ou=MMTOpenUsers,dc=mmtopen,dc=de', with filter (uniqueMember={0}) in search base ''
2013-01-09 12:22:36,293 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.ldap.SpringSecurityLdapTemplate - Using filter: (uniqueMember=cn=Ronny Fritzsche,ou=Mitarbeiter,ou=MMTOpenUsers,dc=mmtopen,dc=de)
2013-01-09 12:22:36,295 [http-bio-0.0.0.0-8080-exec-9] INFO  org.springframework.ldap.core.LdapTemplate - The returnObjFlag of supplied SearchControls is not set but a ContextMapper is used - setting flag to true
2013-01-09 12:22:36,317 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2013-01-09 12:22:36,317 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.context.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
2013-01-09 12:22:36,317 [http-bio-0.0.0.0-8080-exec-9] ERROR org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/OpenKM].[default] - Servlet.service() for servlet [default] in context with path [/OpenKM] threw exception
org.springframework.ldap.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-031001BF, problem 2001 (NO_OBJECT), data 0, best match of:
	''
NUL]; nested exception is javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-031001BF, problem 2001 (NO_OBJECT), data 0, best match of:
	''
NUL]; remaining name ''
	at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:174)
	at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:306)
	at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:259)
	at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:606)
	at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:524)
	at org.springframework.security.ldap.SpringSecurityLdapTemplate.searchForSingleAttributeValues(SpringSecurityLdapTemplate.java:173)
	at org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator.getGroupMembershipRoles(DefaultLdapAuthoritiesPopulator.java:215)
	at org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator.getGrantedAuthorities(DefaultLdapAuthoritiesPopulator.java:185)
	at org.springframework.security.ldap.authentication.LdapAuthenticationProvider.loadUserAuthorities(LdapAuthenticationProvider.java:197)
	at org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider.authenticate(AbstractLdapAuthenticationProvider.java:63)
	at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156)
	at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:174)
	at org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter.attemptAuthentication(UsernamePasswordAuthenticationFilter.java:94)
	at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:194)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:173)
	at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
	at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:225)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:169)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
	at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
	at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:999)
	at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:565)
	at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:309)
	at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
	at java.lang.Thread.run(Thread.java:662)
Caused by: javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-031001BF, problem 2001 (NO_OBJECT), data 0, best match of:
	''
NUL]; nested exception is javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-031001BF, problem 2001 (NO_OBJECT), data 0, best match of:
	''
NUL]; remaining name ''
	at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:174)
	at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:306)
	at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:259)
	at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:606)
	at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:524)
	at org.springframework.security.ldap.SpringSecurityLdapTemplate.searchForSingleAttributeValues(SpringSecurityLdapTemplate.java:173)
	at org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator.getGroupMembershipRoles(DefaultLdapAuthoritiesPopulator.java:215)
	at org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator.getGrantedAuthorities(DefaultLdapAuthoritiesPopulator.java:185)
	at org.springframework.security.ldap.authentication.LdapAuthenticationProvider.loadUserAuthorities(LdapAuthenticationProvider.java:197)
	at org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider.authenticate(AbstractLdapAuthenticationProvider.java:63)
	at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156)
	at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:174)
	at org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter.attemptAuthentication(UsernamePasswordAuthenticationFilter.java:94)
	at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:194)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:173)
	at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
	at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:225)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:169)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
	at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
	at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:999)
	at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:565)
	at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:309)
	at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
	at java.lang.Thread.run(Thread.java:662)
Caused by: javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-031001BF, problem 2001 (NO_OBJECT), data 0, best match of:
	''
NUL]; remaining name ''
	at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3066)
	at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2987)
	at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2794)
	at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1826)
	at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1749)
	at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368)
	at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338)
	at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:321)
	at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:248)
	at org.springframework.ldap.core.LdapTemplate$4.executeSearch(LdapTemplate.java:253)
	at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:293)
	... 34 more

Re: LDAP not working correctly in 6.2

PostPosted:Wed Jan 09, 2013 11:40 am
by dejanfc
You also deleted the group search base :)
Code: Select all
 group-search-base="cn=Users,dc=mmtopen,dc=de"
group-search-filter="(member={1})"
Change to:
Code: Select all
group-search-base="cn=Users,dc=mmtopen,dc=de"
<!--  group-search-filter="(member={1})" -->
Or even change the search filter to something else, like (objectClass=group), depends on ldap configuration.

Re: LDAP not working correctly in 6.2

PostPosted:Wed Jan 09, 2013 1:32 pm
by Catscratch
Ok, now with only removing the search-filter, I get the same old error again.
Code: Select all
2013-01-09 14:36:00,096 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/j_spring_security_check'; against '/services/**'
2013-01-09 14:36:00,098 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/j_spring_security_check'; against '/status'
2013-01-09 14:36:00,098 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/j_spring_security_check'; against '/download'
2013-01-09 14:36:00,098 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/j_spring_security_check'; against '/workflow-register'
2013-01-09 14:36:00,098 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/j_spring_security_check'; against '/webdav/**'
2013-01-09 14:36:00,098 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/j_spring_security_check'; against '/feed/**'
2013-01-09 14:36:00,098 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.FilterChainProxy - /j_spring_security_check at position 1 of 8 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2013-01-09 14:36:00,098 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - HttpSession returned null object for SPRING_SECURITY_CONTEXT
2013-01-09 14:36:00,099 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@3456c4a2. A new one will be created.
2013-01-09 14:36:00,099 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.FilterChainProxy - /j_spring_security_check at position 2 of 8 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
2013-01-09 14:36:00,099 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter - Request is to process authentication
2013-01-09 14:36:00,099 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.authentication.ProviderManager - Authentication attempt using org.springframework.security.ldap.authentication.LdapAuthenticationProvider
2013-01-09 14:36:00,099 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.ldap.authentication.LdapAuthenticationProvider - Processing authentication request for user: rf2
2013-01-09 14:36:00,102 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.ldap.search.FilterBasedLdapUserSearch - Searching for user 'rf2', with user search [ searchFilter: '(&(sAMAccountName={0})(memberOf=cn=OpenKMAllUsers,cn=Users,dc=mmtopen,dc=de))', searchBase: 'ou=MMTOpenUsers,dc=mmtopen,dc=de', scope: subtree, searchTimeLimit: 0, derefLinkFlag: false ]
2013-01-09 14:36:00,205 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.ldap.SpringSecurityLdapTemplate - Searching for entry under DN '', base = 'ou=MMTOpenUsers,dc=mmtopen,dc=de', filter = '(&(sAMAccountName={0})(memberOf=cn=OpenKMAllUsers,cn=Users,dc=mmtopen,dc=de))'
2013-01-09 14:36:00,236 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.ldap.SpringSecurityLdapTemplate - Found DN: cn=Ronny Fritzsche,ou=Mitarbeiter,ou=MMTOpenUsers,dc=mmtopen,dc=de
2013-01-09 14:36:00,244 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.ldap.authentication.BindAuthenticator - Attempting to bind as cn=Ronny Fritzsche,ou=Mitarbeiter,ou=MMTOpenUsers,dc=mmtopen,dc=de
2013-01-09 14:36:00,244 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.ldap.DefaultSpringSecurityContextSource - Removing pooling flag for user cn=Ronny Fritzsche,ou=Mitarbeiter,ou=MMTOpenUsers,dc=mmtopen,dc=de
2013-01-09 14:36:00,285 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.ldap.authentication.BindAuthenticator - Retrieving attributes...
2013-01-09 14:36:00,290 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator - Getting authorities for user cn=Ronny Fritzsche,ou=Mitarbeiter,ou=MMTOpenUsers,dc=mmtopen,dc=de
2013-01-09 14:36:00,290 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator - Searching for roles for user 'rf2', DN = 'cn=Ronny Fritzsche,ou=Mitarbeiter,ou=MMTOpenUsers,dc=mmtopen,dc=de', with filter (uniqueMember={0}) in search base 'cn=Users,dc=mmtopen,dc=de'
2013-01-09 14:36:00,290 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.ldap.SpringSecurityLdapTemplate - Using filter: (uniqueMember=cn=Ronny Fritzsche,ou=Mitarbeiter,ou=MMTOpenUsers,dc=mmtopen,dc=de)
2013-01-09 14:36:00,292 [http-bio-0.0.0.0-8080-exec-9] INFO  org.springframework.ldap.core.LdapTemplate - The returnObjFlag of supplied SearchControls is not set but a ContextMapper is used - setting flag to true
2013-01-09 14:36:00,405 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator - Roles from search: []
2013-01-09 14:36:00,406 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.ldap.userdetails.LdapUserDetailsMapper - Mapping user details from context with DN: cn=Ronny Fritzsche,ou=Mitarbeiter,ou=MMTOpenUsers,dc=mmtopen,dc=de
2013-01-09 14:36:00,412 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy - Invalidating session with Id 'C7D0D845DE7A8CC876AB9572868B3DBE' and migrating attributes.
2013-01-09 14:36:00,423 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy - Started new session: 7582415DE11DB4738EC911861599CF0F
2013-01-09 14:36:00,423 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter - Authentication success. Updating SecurityContextHolder to contain: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@d203c50f: Principal: org.springframework.security.ldap.userdetails.LdapUserDetailsImpl@2dfde4ab: Dn: cn=Ronny Fritzsche,ou=Mitarbeiter,ou=MMTOpenUsers,dc=mmtopen,dc=de; Username: rf2; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; CredentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@1de60: RemoteIpAddress: 141.76.61.150; SessionId: C7D0D845DE7A8CC876AB9572868B3DBE; Not granted any authorities
2013-01-09 14:36:00,423 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler - Redirecting to DefaultSavedRequest Url: http://141.76.68.69:8080/OpenKM/frontend/index.jsp
2013-01-09 14:36:00,424 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.DefaultRedirectStrategy - Redirecting to 'http://141.76.68.69:8080/OpenKM/frontend/index.jsp'
2013-01-09 14:36:00,442 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - SecurityContext stored to HttpSession: 'org.springframework.security.core.context.SecurityContextImpl@d203c50f: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@d203c50f: Principal: org.springframework.security.ldap.userdetails.LdapUserDetailsImpl@2dfde4ab: Dn: cn=Ronny Fritzsche,ou=Mitarbeiter,ou=MMTOpenUsers,dc=mmtopen,dc=de; Username: rf2; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; CredentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@1de60: RemoteIpAddress: 141.76.61.150; SessionId: C7D0D845DE7A8CC876AB9572868B3DBE; Not granted any authorities'
2013-01-09 14:36:00,442 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.context.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
2013-01-09 14:36:00,449 [http-bio-0.0.0.0-8080-exec-10] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/frontend/index.jsp'; against '/services/**'
2013-01-09 14:36:00,469 [http-bio-0.0.0.0-8080-exec-10] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/frontend/index.jsp'; against '/status'
2013-01-09 14:36:00,469 [http-bio-0.0.0.0-8080-exec-10] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/frontend/index.jsp'; against '/download'
2013-01-09 14:36:00,469 [http-bio-0.0.0.0-8080-exec-10] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/frontend/index.jsp'; against '/workflow-register'
2013-01-09 14:36:00,469 [http-bio-0.0.0.0-8080-exec-10] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/frontend/index.jsp'; against '/webdav/**'
2013-01-09 14:36:00,469 [http-bio-0.0.0.0-8080-exec-10] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/frontend/index.jsp'; against '/feed/**'
2013-01-09 14:36:00,469 [http-bio-0.0.0.0-8080-exec-10] DEBUG org.springframework.security.web.FilterChainProxy - /frontend/index.jsp at position 1 of 8 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2013-01-09 14:36:00,469 [http-bio-0.0.0.0-8080-exec-10] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - Obtained a valid SecurityContext from SPRING_SECURITY_CONTEXT: 'org.springframework.security.core.context.SecurityContextImpl@d203c50f: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@d203c50f: Principal: org.springframework.security.ldap.userdetails.LdapUserDetailsImpl@2dfde4ab: Dn: cn=Ronny Fritzsche,ou=Mitarbeiter,ou=MMTOpenUsers,dc=mmtopen,dc=de; Username: rf2; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; CredentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@1de60: RemoteIpAddress: 141.76.61.150; SessionId: C7D0D845DE7A8CC876AB9572868B3DBE; Not granted any authorities'
2013-01-09 14:36:00,469 [http-bio-0.0.0.0-8080-exec-10] DEBUG org.springframework.security.web.FilterChainProxy - /frontend/index.jsp at position 2 of 8 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
2013-01-09 14:36:00,469 [http-bio-0.0.0.0-8080-exec-10] DEBUG org.springframework.security.web.FilterChainProxy - /frontend/index.jsp at position 3 of 8 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
2013-01-09 14:36:00,469 [http-bio-0.0.0.0-8080-exec-10] DEBUG org.springframework.security.web.savedrequest.DefaultSavedRequest - pathInfo: both null (property equals)
2013-01-09 14:36:00,469 [http-bio-0.0.0.0-8080-exec-10] DEBUG org.springframework.security.web.savedrequest.DefaultSavedRequest - queryString: both null (property equals)
2013-01-09 14:36:00,469 [http-bio-0.0.0.0-8080-exec-10] DEBUG org.springframework.security.web.savedrequest.DefaultSavedRequest - requestURI: arg1=/OpenKM/frontend/index.jsp; arg2=/OpenKM/frontend/index.jsp (property equals)
2013-01-09 14:36:00,469 [http-bio-0.0.0.0-8080-exec-10] DEBUG org.springframework.security.web.savedrequest.DefaultSavedRequest - serverPort: arg1=8080; arg2=8080 (property equals)
2013-01-09 14:36:00,470 [http-bio-0.0.0.0-8080-exec-10] DEBUG org.springframework.security.web.savedrequest.DefaultSavedRequest - requestURL: arg1=http://141.76.68.69:8080/OpenKM/frontend/index.jsp; arg2=http://141.76.68.69:8080/OpenKM/frontend/index.jsp (property equals)
2013-01-09 14:36:00,470 [http-bio-0.0.0.0-8080-exec-10] DEBUG org.springframework.security.web.savedrequest.DefaultSavedRequest - scheme: arg1=http; arg2=http (property equals)
2013-01-09 14:36:00,470 [http-bio-0.0.0.0-8080-exec-10] DEBUG org.springframework.security.web.savedrequest.DefaultSavedRequest - serverName: arg1=141.76.68.69; arg2=141.76.68.69 (property equals)
2013-01-09 14:36:00,470 [http-bio-0.0.0.0-8080-exec-10] DEBUG org.springframework.security.web.savedrequest.DefaultSavedRequest - contextPath: arg1=/OpenKM; arg2=/OpenKM (property equals)
2013-01-09 14:36:00,470 [http-bio-0.0.0.0-8080-exec-10] DEBUG org.springframework.security.web.savedrequest.DefaultSavedRequest - servletPath: arg1=/frontend/index.jsp; arg2=/frontend/index.jsp (property equals)
2013-01-09 14:36:00,470 [http-bio-0.0.0.0-8080-exec-10] DEBUG org.springframework.security.web.savedrequest.HttpSessionRequestCache - Removing DefaultSavedRequest from session if present
2013-01-09 14:36:00,477 [http-bio-0.0.0.0-8080-exec-10] DEBUG org.springframework.security.web.FilterChainProxy - /frontend/index.jsp at position 4 of 8 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2013-01-09 14:36:00,477 [http-bio-0.0.0.0-8080-exec-10] DEBUG org.springframework.security.web.FilterChainProxy - /frontend/index.jsp at position 5 of 8 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2013-01-09 14:36:00,477 [http-bio-0.0.0.0-8080-exec-10] DEBUG org.springframework.security.web.authentication.AnonymousAuthenticationFilter - SecurityContextHolder not populated with anonymous token, as it already contained: 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken@d203c50f: Principal: org.springframework.security.ldap.userdetails.LdapUserDetailsImpl@2dfde4ab: Dn: cn=Ronny Fritzsche,ou=Mitarbeiter,ou=MMTOpenUsers,dc=mmtopen,dc=de; Username: rf2; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; CredentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@1de60: RemoteIpAddress: 141.76.61.150; SessionId: C7D0D845DE7A8CC876AB9572868B3DBE; Not granted any authorities'
2013-01-09 14:36:00,477 [http-bio-0.0.0.0-8080-exec-10] DEBUG org.springframework.security.web.FilterChainProxy - /frontend/index.jsp at position 6 of 8 in additional filter chain; firing Filter: 'SessionManagementFilter'
2013-01-09 14:36:00,477 [http-bio-0.0.0.0-8080-exec-10] DEBUG org.springframework.security.web.FilterChainProxy - /frontend/index.jsp at position 7 of 8 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2013-01-09 14:36:00,477 [http-bio-0.0.0.0-8080-exec-10] DEBUG org.springframework.security.web.FilterChainProxy - /frontend/index.jsp at position 8 of 8 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2013-01-09 14:36:00,477 [http-bio-0.0.0.0-8080-exec-10] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/frontend/index.jsp'; against '/frontend/**'
2013-01-09 14:36:00,477 [http-bio-0.0.0.0-8080-exec-10] DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor - Secure object: FilterInvocation: URL: /frontend/index.jsp; Attributes: [IS_AUTHENTICATED_FULLY]
2013-01-09 14:36:00,477 [http-bio-0.0.0.0-8080-exec-10] DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor - Previously Authenticated: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@d203c50f: Principal: org.springframework.security.ldap.userdetails.LdapUserDetailsImpl@2dfde4ab: Dn: cn=Ronny Fritzsche,ou=Mitarbeiter,ou=MMTOpenUsers,dc=mmtopen,dc=de; Username: rf2; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; CredentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@1de60: RemoteIpAddress: 141.76.61.150; SessionId: C7D0D845DE7A8CC876AB9572868B3DBE; Not granted any authorities
2013-01-09 14:36:00,477 [http-bio-0.0.0.0-8080-exec-10] DEBUG org.springframework.security.access.vote.AffirmativeBased - Voter: org.springframework.security.access.vote.RoleVoter@2d205042, returned: 0
2013-01-09 14:36:00,477 [http-bio-0.0.0.0-8080-exec-10] DEBUG org.springframework.security.access.vote.AffirmativeBased - Voter: org.springframework.security.access.vote.AuthenticatedVoter@24753433, returned: 1
2013-01-09 14:36:00,477 [http-bio-0.0.0.0-8080-exec-10] DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor - Authorization successful
2013-01-09 14:36:00,478 [http-bio-0.0.0.0-8080-exec-10] DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor - RunAsManager did not change Authentication object
2013-01-09 14:36:00,478 [http-bio-0.0.0.0-8080-exec-10] DEBUG org.springframework.security.web.FilterChainProxy - /frontend/index.jsp reached end of additional filter chain; proceeding with original chain
2013-01-09 14:36:00,711 [http-bio-0.0.0.0-8080-exec-10] INFO  com.openkm.module.db.DbAuthModule - Create okm:trash/rf2
2013-01-09 14:36:00,736 [http-bio-0.0.0.0-8080-exec-10] ERROR com.openkm.module.db.DbAuthModule - 6b5ca2f3-a901-4caa-878a-402eea293d42 : /okm:trash
com.openkm.core.PathNotFoundException: 6b5ca2f3-a901-4caa-878a-402eea293d42 : /okm:trash
	at com.openkm.module.db.stuff.SecurityHelper.checkRead(SecurityHelper.java:106)
	at com.openkm.dao.NodeFolderDAO.create(NodeFolderDAO.java:102)
	at com.openkm.module.db.DbAuthModule.createBase(DbAuthModule.java:437)
	at com.openkm.module.db.DbAuthModule.loadUserData(DbAuthModule.java:400)
	at com.openkm.module.db.DbAuthModule.login(DbAuthModule.java:81)
	at com.openkm.api.OKMAuth.login(OKMAuth.java:52)
	at org.apache.jsp.frontend.index_jsp._jspService(index_jsp.java:68)
	at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
	at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:432)
	at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:390)
	at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:334)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:311)
	at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:116)
	at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:101)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:182)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:173)
	at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
	at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:225)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:169)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
	at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
	at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:999)
	at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:565)
	at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:309)
	at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
	at java.lang.Thread.run(Thread.java:662)
2013-01-09 14:36:00,751 [http-bio-0.0.0.0-8080-exec-10] DEBUG org.springframework.security.web.access.ExceptionTranslationFilter - Chain processed normally
2013-01-09 14:36:00,751 [http-bio-0.0.0.0-8080-exec-10] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - HttpSession is now null, but was not null at start of request; session was invalidated, so do not create a new session
2013-01-09 14:36:00,751 [http-bio-0.0.0.0-8080-exec-10] DEBUG org.springframework.security.web.context.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
2013-01-09 14:36:00,867 [http-bio-0.0.0.0-8080-exec-1] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/logo/login'; against '/services/**'
2013-01-09 14:36:00,867 [http-bio-0.0.0.0-8080-exec-1] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/logo/login'; against '/status'
2013-01-09 14:36:00,868 [http-bio-0.0.0.0-8080-exec-1] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/logo/login'; against '/download'
2013-01-09 14:36:00,868 [http-bio-0.0.0.0-8080-exec-1] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/logo/login'; against '/workflow-register'
2013-01-09 14:36:00,868 [http-bio-0.0.0.0-8080-exec-1] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/logo/login'; against '/webdav/**'
2013-01-09 14:36:00,868 [http-bio-0.0.0.0-8080-exec-1] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/logo/login'; against '/feed/**'
2013-01-09 14:36:00,868 [http-bio-0.0.0.0-8080-exec-1] DEBUG org.springframework.security.web.FilterChainProxy - /logo/login at position 1 of 8 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2013-01-09 14:36:00,868 [http-bio-0.0.0.0-8080-exec-1] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - No HttpSession currently exists
2013-01-09 14:36:00,868 [http-bio-0.0.0.0-8080-exec-1] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - No SecurityContext was available from the HttpSession: null. A new one will be created.
2013-01-09 14:36:00,868 [http-bio-0.0.0.0-8080-exec-1] DEBUG org.springframework.security.web.FilterChainProxy - /logo/login at position 2 of 8 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
2013-01-09 14:36:00,868 [http-bio-0.0.0.0-8080-exec-1] DEBUG org.springframework.security.web.FilterChainProxy - /logo/login at position 3 of 8 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
2013-01-09 14:36:00,868 [http-bio-0.0.0.0-8080-exec-1] DEBUG org.springframework.security.web.FilterChainProxy - /logo/login at position 4 of 8 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2013-01-09 14:36:00,868 [http-bio-0.0.0.0-8080-exec-1] DEBUG org.springframework.security.web.FilterChainProxy - /logo/login at position 5 of 8 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2013-01-09 14:36:00,868 [http-bio-0.0.0.0-8080-exec-1] DEBUG org.springframework.security.web.authentication.AnonymousAuthenticationFilter - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@90550640: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@7798: RemoteIpAddress: 141.76.61.150; SessionId: null; Granted Authorities: ROLE_ANONYMOUS'
2013-01-09 14:36:00,868 [http-bio-0.0.0.0-8080-exec-1] DEBUG org.springframework.security.web.FilterChainProxy - /logo/login at position 6 of 8 in additional filter chain; firing Filter: 'SessionManagementFilter'
2013-01-09 14:36:00,868 [http-bio-0.0.0.0-8080-exec-1] DEBUG org.springframework.security.web.session.SessionManagementFilter - Requested session ID7582415DE11DB4738EC911861599CF0F is invalid.
2013-01-09 14:36:00,869 [http-bio-0.0.0.0-8080-exec-1] DEBUG org.springframework.security.web.FilterChainProxy - /logo/login at position 7 of 8 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2013-01-09 14:36:00,869 [http-bio-0.0.0.0-8080-exec-1] DEBUG org.springframework.security.web.FilterChainProxy - /logo/login at position 8 of 8 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2013-01-09 14:36:00,869 [http-bio-0.0.0.0-8080-exec-1] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/logo/login'; against '/frontend/**'
2013-01-09 14:36:00,869 [http-bio-0.0.0.0-8080-exec-1] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/logo/login'; against '/login.jsp'
2013-01-09 14:36:00,869 [http-bio-0.0.0.0-8080-exec-1] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/logo/login'; against '/admin/**'
2013-01-09 14:36:00,869 [http-bio-0.0.0.0-8080-exec-1] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/logo/login'; against '/repositorystartup'
2013-01-09 14:36:00,869 [http-bio-0.0.0.0-8080-exec-1] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/logo/login'; against '/test'
2013-01-09 14:36:00,869 [http-bio-0.0.0.0-8080-exec-1] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/logo/login'; against '/extension/**'
2013-01-09 14:36:00,869 [http-bio-0.0.0.0-8080-exec-1] DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor - Public object - authentication not attempted
2013-01-09 14:36:00,869 [http-bio-0.0.0.0-8080-exec-1] DEBUG org.springframework.security.web.FilterChainProxy - /logo/login reached end of additional filter chain; proceeding with original chain
2013-01-09 14:36:00,873 [http-bio-0.0.0.0-8080-exec-1] DEBUG org.springframework.security.web.access.ExceptionTranslationFilter - Chain processed normally
2013-01-09 14:36:00,873 [http-bio-0.0.0.0-8080-exec-1] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2013-01-09 14:36:00,873 [http-bio-0.0.0.0-8080-exec-1] DEBUG org.springframework.security.web.context.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed

Re: LDAP not working correctly in 6.2

PostPosted:Wed Jan 09, 2013 1:57 pm
by dejanfc
You're still not getting the roles correctly. Where are:
Code: Select all
default.user.role   UserRole
default.admin.role   OpenKMAdmins
Located? In cn=Users,dc=mmtopen,dc=de or cn=OpenKMGroups,cn=Users,dc=mmtopen,dc=de ? You can also try using the searchSubtree attribute or just switch to bean configuration.

If you perform the ldapsearch for cn=UserRole , what is the distinguished name?

Re: LDAP not working correctly in 6.2

PostPosted:Wed Jan 09, 2013 2:28 pm
by Catscratch
dejanfc wrote: default.user.role UserRole
default.admin.role OpenKMAdmins
I changed it to
Code: Select all
   default.user.role   OpenKMAllUsers
   default.admin.role   OpenKMAdmins
Because, OpenKMAllUsers should be the right user role. But I wonder why it is working in okm 5.1. UserRole isn't a valid groud in our ldap.
But still the same problem.
dejanfc wrote: Located? In cn=Users,dc=mmtopen,dc=de or cn=OpenKMGroups,cn=Users,dc=mmtopen,dc=de ?
In Both. Every group (CN) is present in Users, but Users also contain a group (OpenKMGroups) which groups all other OpenKM groups.
dejanfc wrote: If you perform the ldapsearch for cn=UserRole , what is the distinguished name?
Nothing, because it doesn't exist.

Re: LDAP not working correctly in 6.2

PostPosted:Wed Jan 09, 2013 2:34 pm
by dejanfc
Catscratch wrote: I changed it to
Code: Select all
   default.user.role   OpenKMAllUsers
   default.admin.role   OpenKMAdmins
dejanfc wrote: If you perform the ldapsearch for cn=UserRole , what is the distinguished name?
Nothing, because it doesn't exist.
if you have OpenKMAllUsers set in OpenKM configuration as default user role, then do ldapsearch for that.

Re: LDAP not working correctly in 6.2

PostPosted:Wed Jan 09, 2013 3:07 pm
by Catscratch
Then I get this:
Code: Select all
"Dn"	
"CN=OpenKMAllUsers,CN=Users,DC=mmtopen,DC=de"

Re: LDAP not working correctly in 6.2

PostPosted:Thu Jan 10, 2013 7:28 am
by dejanfc
Try to disable the RoleVoter bean in applicationContext.xml:
Code: Select all
<!--  Remove prefix to be able of use custom roles
    <beans:bean class="org.springframework.security.access.vote.RoleVoter">
        <beans:property name="rolePrefix" value=""/>
    </beans:bean> -->
And do the ldapsearch for one of your users (maybe rf2, to see if you even get the OpenKMAllUsers group) to check if the group attribute is maybe memberOf (set that in group-search-filter then, or even try with member={0} instead of member={1} ). Beyond that, you could switch to bean configuration and see if that works for you.

Re: LDAP not working correctly in 6.2

PostPosted:Thu Jan 10, 2013 8:08 am
by Catscratch
Thanks for the hint.

I changed the search-filter to member={0} and indeed. The groups are found.
Code: Select all
2013-01-10 09:08:51,559 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.ldap.SpringSecurityLdapTemplate - Using filter: (member=cn=Ronny Fritzsche,ou=Mitarbeiter,ou=MMTOpenUsers,dc=mmtopen,dc=de)
// ...
2013-01-10 09:08:51,627 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator - Roles from search: [OpenKMAllUsers, Domänen-Admins, OpenKMMitarbeiter, OpenKMAdmins]
But the error still is the same:
Code: Select all
2013-01-10 09:08:51,775 [http-bio-0.0.0.0-8080-exec-10] INFO  com.openkm.module.db.DbAuthModule - Create okm:trash/rf2
2013-01-10 09:08:51,897 [http-bio-0.0.0.0-8080-exec-10] ERROR com.openkm.module.db.DbAuthModule - 6b5ca2f3-a901-4caa-878a-402eea293d42 : /okm:trash
com.openkm.core.PathNotFoundException: 6b5ca2f3-a901-4caa-878a-402eea293d42 : /okm:trash
	at com.openkm.module.db.stuff.SecurityHelper.checkRead(SecurityHelper.java:106)
	at com.openkm.dao.NodeFolderDAO.create(NodeFolderDAO.java:102)
	at com.openkm.module.db.DbAuthModule.createBase(DbAuthModule.java:437)
	at com.openkm.module.db.DbAuthModule.loadUserData(DbAuthModule.java:400)
	at com.openkm.module.db.DbAuthModule.login(DbAuthModule.java:81)
	at com.openkm.api.OKMAuth.login(OKMAuth.java:52)
	at org.apache.jsp.frontend.index_jsp._jspService(index_jsp.java:68)
	at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
	at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:432)
	at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:390)
	at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:334)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:311)
	at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:116)
	at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:101)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:182)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:173)
	at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
	at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:225)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:169)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
	at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
	at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:999)
	at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:565)
	at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:309)
	at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
	at java.lang.Thread.run(Thread.java:662)
So what is the problem with this strange ID ( 6b5ca2f3-a901-4caa-878a-402eea293d42 )? Seems like OKM creates a folder in the trash called by the user login (rf2) but then I get a PathNotFound Exception by an ID?

Thanks for your advice.
All times are UTC
Page 1 of 4
Powered by phpBB® Forum Software © phpBB Limited