Open Source Document Management System | OpenKM

Because information matters
https://forum.openkm.com/

Issues configuring LDAP on OpenKM 6.2

https://forum.openkm.com/viewtopic.php?t=9765

Page 1 of 1

Issues configuring LDAP on OpenKM 6.2

PostPosted:Fri Apr 12, 2013 7:02 am
by jaseeey
Hi,

I am having problems with configuring LDAP with OpenKM 6.2. I have configured the variables based on the example posted here: http://wiki.openkm.com/index.php/LDAP_a ... r_examples

However, I continue to receive the following in the catalina.out log file:
Code: Select all
2013-04-12 16:25:06,352 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/j_spring_security_check'; agai                        nst '/services/**'
2013-04-12 16:25:06,352 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/j_spring_security_check'; agai                        nst '/status'
2013-04-12 16:25:06,352 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/j_spring_security_check'; agai                        nst '/download'
2013-04-12 16:25:06,352 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/j_spring_security_check'; agai                        nst '/workflow-register'
2013-04-12 16:25:06,353 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/j_spring_security_check'; agai                        nst '/webdav/**'
2013-04-12 16:25:06,353 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/j_spring_security_check'; agai                        nst '/feed/**'
2013-04-12 16:25:06,353 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.FilterChainProxy - /j_spring_security_check at position 1 of 8 in additional filter chain                        ; firing Filter: 'SecurityContextPersistenceFilter'
2013-04-12 16:25:06,353 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - HttpSession returned null object for SPRIN                        G_SECURITY_CONTEXT
2013-04-12 16:25:06,353 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - No SecurityContext was available from the                         HttpSession: org.apache.catalina.session.StandardSessionFacade@2030f202. A new one will be created.
2013-04-12 16:25:06,353 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.FilterChainProxy - /j_spring_security_check at position 2 of 8 in additional filter chain                        ; firing Filter: 'UsernamePasswordAuthenticationFilter'
2013-04-12 16:25:06,353 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter - Request is to process authenticatio                        n
2013-04-12 16:25:06,355 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.authentication.ProviderManager - Authentication attempt using org.springframework.security.au                        thentication.dao.DaoAuthenticationProvider
2013-04-12 16:25:06,356 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.provisioning.JdbcUserDetailsManager - Query returned no results for user 'jason'
2013-04-12 16:25:06,356 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.authentication.dao.DaoAuthenticationProvider - User 'jason' not found
2013-04-12 16:25:06,356 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter - Authentication request failed: org.                        springframework.security.authentication.BadCredentialsException: Bad credentials
2013-04-12 16:25:06,360 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter - Updated SecurityContextHolder to co                        ntain null Authentication
2013-04-12 16:25:06,360 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter - Delegating to authentication failur                        e handlerorg.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler@1a643473
2013-04-12 16:25:06,360 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler - Redirecting to /login.jsp?error=1
2013-04-12 16:25:06,361 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.DefaultRedirectStrategy - Redirecting to '/OpenKM/login.jsp?error=1'
2013-04-12 16:25:06,361 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - SecurityContext is empty or contents are a                        nonymous - context will not be stored in HttpSession.
2013-04-12 16:25:06,361 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.context.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request                         processing completed
2013-04-12 16:25:06,366 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/login.jsp'; against '/services                        /**'
2013-04-12 16:25:06,366 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/login.jsp'; against '/status'
2013-04-12 16:25:06,366 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/login.jsp'; against '/download                        '
2013-04-12 16:25:06,366 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/login.jsp'; against '/workflow                        -register'
2013-04-12 16:25:06,366 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/login.jsp'; against '/webdav/*                        *'
2013-04-12 16:25:06,366 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/login.jsp'; against '/feed/**'
2013-04-12 16:25:06,366 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.FilterChainProxy - /login.jsp?error=1 at position 1 of 8 in additional filter chain; firi                        ng Filter: 'SecurityContextPersistenceFilter'
2013-04-12 16:25:06,366 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - HttpSession returned null object for SPRIN                        G_SECURITY_CONTEXT
2013-04-12 16:25:06,366 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - No SecurityContext was available from the                         HttpSession: org.apache.catalina.session.StandardSessionFacade@2030f202. A new one will be created.
2013-04-12 16:25:06,366 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.FilterChainProxy - /login.jsp?error=1 at position 2 of 8 in additional filter chain; firi                        ng Filter: 'UsernamePasswordAuthenticationFilter'
2013-04-12 16:25:06,366 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.FilterChainProxy - /login.jsp?error=1 at position 3 of 8 in additional filter chain; firi                        ng Filter: 'RequestCacheAwareFilter'
2013-04-12 16:25:06,366 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.savedrequest.DefaultSavedRequest - pathInfo: both null (property equals)
2013-04-12 16:25:06,366 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.savedrequest.DefaultSavedRequest - queryString: arg1=null; arg2=error=1 (property not equ                        als)
2013-04-12 16:25:06,366 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.savedrequest.HttpSessionRequestCache - saved request doesn't match
2013-04-12 16:25:06,366 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.FilterChainProxy - /login.jsp?error=1 at position 4 of 8 in additional filter chain; firi                        ng Filter: 'SecurityContextHolderAwareRequestFilter'
2013-04-12 16:25:06,367 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.FilterChainProxy - /login.jsp?error=1 at position 5 of 8 in additional filter chain; firi                        ng Filter: 'AnonymousAuthenticationFilter'
2013-04-12 16:25:06,367 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.authentication.AnonymousAuthenticationFilter - Populated SecurityContextHolder with anony                        mous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@90550640: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.s                        pringframework.security.web.authentication.WebAuthenticationDetails@7798: RemoteIpAddress: 192.168.1.43; SessionId: AC3390A3E137F0F0615A889B07C58B68; Granted Authorities: ROLE_ANONYMO                        US'
2013-04-12 16:25:06,367 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.FilterChainProxy - /login.jsp?error=1 at position 6 of 8 in additional filter chain; firi                        ng Filter: 'SessionManagementFilter'
2013-04-12 16:25:06,367 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.FilterChainProxy - /login.jsp?error=1 at position 7 of 8 in additional filter chain; firi                        ng Filter: 'ExceptionTranslationFilter'
2013-04-12 16:25:06,367 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.FilterChainProxy - /login.jsp?error=1 at position 8 of 8 in additional filter chain; firi                        ng Filter: 'FilterSecurityInterceptor'
2013-04-12 16:25:06,367 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/login.jsp'; against '/frontend                        /**'
2013-04-12 16:25:06,367 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/login.jsp'; against '/login.js                        p'
2013-04-12 16:25:06,367 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor - Secure object: FilterInvocation: URL: /login                        .jsp?error=1; Attributes: [IS_AUTHENTICATED_ANONYMOUSLY]
2013-04-12 16:25:06,367 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor - Previously Authenticated: org.springframewor                        k.security.authentication.AnonymousAuthenticationToken@90550640: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.aut                        hentication.WebAuthenticationDetails@7798: RemoteIpAddress: 192.168.1.43; SessionId: AC3390A3E137F0F0615A889B07C58B68; Granted Authorities: ROLE_ANONYMOUS
2013-04-12 16:25:06,367 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.access.vote.AffirmativeBased - Voter: org.springframework.security.access.vote.RoleVoter@2b87                        514a, returned: 0
2013-04-12 16:25:06,367 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.access.vote.AffirmativeBased - Voter: org.springframework.security.access.vote.AuthenticatedV                        oter@40e9e799, returned: 1
2013-04-12 16:25:06,367 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor - Authorization successful
2013-04-12 16:25:06,367 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor - RunAsManager did not change Authentication o                        bject
2013-04-12 16:25:06,367 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.FilterChainProxy - /login.jsp?error=1 reached end of additional filter chain; proceeding                         with original chain
2013-04-12 16:25:06,402 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.access.ExceptionTranslationFilter - Chain processed normally
2013-04-12 16:25:06,403 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - SecurityContext is empty or contents are a                        nonymous - context will not be stored in HttpSession.
2013-04-12 16:25:06,403 [http-bio-0.0.0.0-8080-exec-8] DEBUG org.springframework.security.web.context.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request                         processing completed
It almost seems like it's not even trying LDAP to authenticate the user, even though I am successfully seeing a user list and a role list in the OpenKM user management area. It's definitely authenticating to LDAP correctly and retrieving the user list, but it does not seem to want to find the user.

I'm hoping someone is able to shed some light who has been able to configure this, as I am very keen to use this piece of software. If I am unable to get it working, then I'll need to start looking for an alternative for our document/file management system.

Thank you in advance,

Jason.

Re: Issues configuring LDAP on OpenKM 6.2

PostPosted:Fri Apr 12, 2013 9:32 am
by dejanfc
Did you change the authentication manager in OpenKM.xml?

Re: Issues configuring LDAP on OpenKM 6.2

PostPosted:Sun Apr 14, 2013 10:53 am
by jllort
for your phrase "It's definitely authenticating to LDAP correctly and retrieving the user list, but it does not seem to want to find the user." I understand login to ldap is correctly and in administrators user view table you see ldap users ... if it's not the case explain with more deatil. But what do you mean with "does not seem to want to find the user". Have you enabled in profile filtering ? and then you're not able to see roles and user list in desktop UI ?

Give us some screenshot to get more closer idea about which is the problem.

Re: Issues configuring LDAP on OpenKM 6.2

PostPosted:Mon Apr 15, 2013 12:19 am
by jaseeey
Hi,

I was able to get this going using dejanfc's suggestion about adding the LDAP configuration to the OpenKM.xml file. I was able to do this and get LDAP logins working successfully using the guide here: http://wiki.openkm.com/index.php/Active ... figuration

Thank you for your help,

Jason.

Re: Issues configuring LDAP on OpenKM 6.2

PostPosted:Fri May 03, 2013 9:37 am
by dgutierrez
I have a similar problem,
What do you put on authenticator-manager? (OpenKM.xml)
My problem is that I can see the users in Administrator --> users but I can't login with that users, I can login with the users who are on the embeded database.

Re: Issues configuring LDAP on OpenKM 6.2

PostPosted:Sat May 04, 2013 8:28 pm
by jllort
Sometimes the problem is with ldap dns name resolution from server, take a look here http://wiki.openkm.com/index.php/Troubl ... _with_LDAP

I suggest increase log level adding the package org.springframework.security.ldap ( modify log4j.properties into conf folder )

Re: Issues configuring LDAP on OpenKM 6.2

PostPosted:Tue May 28, 2013 4:21 pm
by zubidoobi
Hello Folks,

i have similar problem. i have integrated the OpenKM 6.2.2 community with Active Directory by help of this link: http://wiki.openkm.com/index.php/Active ... figuration
but i am getting below error while getting login with administrator account. if i use okmAdmin account it says authentication error...

can someone help please...:(
Code: Select all
2013-05-28 20:05:58,377 [http-bio-0.0.0.0-8080-exec-4] INFO  org.springframework.security.ldap.SpringSecurityLdapTemplate - Ignoring PartialResultException
2013-05-28 20:06:03,160 [http-bio-0.0.0.0-8080-exec-6] INFO  org.springframework.security.ldap.SpringSecurityLdapTemplate - Ignoring PartialResultException
2013-05-28 20:06:07,769 [http-bio-0.0.0.0-8080-exec-9] INFO  org.springframework.security.ldap.SpringSecurityLdapTemplate - Ignoring PartialResultException
this is the exact message i am getting after clicking login:

Class: org.springframwork.ldap.partialResultException
Message: Unprocessed continuation Reference(s); nested exception is javax.naming. PartialResultException: Unprocessed continuation Reference(s); remaining name"

Thanks!

Regards,
Z

Re: Issues configuring LDAP on OpenKM 6.2

PostPosted:Tue May 28, 2013 4:31 pm
by zubidoobi
Hello i have similar problem to yours can you please explain how did you fix your problem.

Thanks.

jaseeey wrote:Hi,

I was able to get this going using dejanfc's suggestion about adding the LDAP configuration to the OpenKM.xml file. I was able to do this and get LDAP logins working successfully using the guide here: http://wiki.openkm.com/index.php/Active ... figuration

Thank you for your help,

Jason.

Re: Issues configuring LDAP on OpenKM 6.2

PostPosted:Wed May 29, 2013 8:01 pm
by jllort
Here you got tree full examples http://wiki.openkm.com/index.php/LDAP_examples and here something you should take in consideration http://wiki.openkm.com/index.php/Troubl ... _with_LDAP with it you should be able to login ( obviously is not trivial task, and you'll need several hours or days depending your ldap knowledge and skill working on it ). If you understand the examples in wiki you should not get problems on it.
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited