Authentication on LDAP
Hi, I am configuring my nuxeo dm on tomcat to conect to ldap but when I try log in on the login form, it search on the bd and not on ldap server. I am reading this doc: http://doc.nuxeo.com/display/NXDOC/Using+a+LDAP+directory but I don't know if here I must configure another thing.
I wrote this file: default-ldap-users-directory-config.xml how the tutorial says, I see this configuration does not require to do a bundle
Here you are a print of my ldap configuration:
After the Pablo Garcia answer: I did all step by step. I did this in my xml file:
<!-- directory for users -->
<directory name="userLdapDirectory">
..
<inverseReference field="groups" directory="groupLdapDirectory"
dualReferenceField="members" />
</directory>
<!-- directory for groups -->
<directory name="groupLdapDirectory">
..
<ldapReference field="members" directory="userLdapDirectory" forceDnConsistencyCheck="false" staticAttributeId="uniqueMember" dynamicAttributeId="memberURL"/>
<ldapReference field="subGroups" directory="groupLdapDirectory" forceDnConsistencyCheck="false" staticAttributeId="uniqueMember" dynamicAttributeId="memberURL"/>
...
</directory>
<!-- definition in the user manager -->
<extension target="org.nuxeo.ecm.platform.usermanager.UserService" point="userManager">
<userManager>
...
<users>
<directory>userLdapDirectory</directory>
</users>
...
<groups>
<directory>groupLdapDirectory</directory>
</groups>
...
</userManager>
</extension>
Also I did this: Quick solution is to put in comments the “” part in templates/common/config/default-sql-directories-bundle.xml (or overwrite that file with a custom template).
Now I try authenticate on nuxeo but it don't pass the login form The log shows me this:
2011-10-21 10:16:16,390 INFO [org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter] Login failed for Administrator
2011-10-21 10:17:03,859 ERROR [org.nuxeo.ecm.platform.login.NuxeoLoginModule] createIdentity failed
java.lang.NullPointerException
at org.nuxeo.ecm.directory.ldap.LDAPDirectory.<init>(LDAPDirectory.java:92)
at org.nuxeo.ecm.directory.ldap.LDAPDirectoryProxy.getDirectory(LDAPDirectoryProxy.java:49)
at org.nuxeo.ecm.directory.ldap.LDAPDirectoryProxy.getReference(LDAPDirectoryProxy.java:95)
at org.nuxeo.ecm.directory.InverseReference.checkDualReference(InverseReference.java:54)
at org.nuxeo.ecm.directory.InverseReference.getTargetIdsForSource(InverseReference.java:97)
at org.nuxeo.ecm.directory.ldap.LDAPSession.ldapResultToDocumentModel(LDAPSession.java:847)
at org.nuxeo.ecm.directory.ldap.LDAPSession.getEntryFromSource(LDAPSession.java:241)
at org.nuxeo.ecm.directory.DirectoryCache.getEntry(DirectoryCache.java:75)
at org.nuxeo.ecm.directory.DirectoryCache.getEntry(DirectoryCache.java:61)
at org.nuxeo.ecm.directory.ldap.LDAPSession.getEntry(LDAPSession.java:226)
at org.nuxeo.ecm.platform.usermanager.UserManagerImpl.getUserModel(UserManagerImpl.java:538)
at org.nuxeo.ecm.platform.usermanager.UserManagerImpl.getPrincipal(UserManagerImpl.java:524)
at org.nuxeo.ecm.platform.login.NuxeoLoginModule.createIdentity(NuxeoLoginModule.java:299)
at org.nuxeo.ecm.platform.login.NuxeoLoginModule.validateUserIdentity(NuxeoLoginModule.java:324)
at org.nuxeo.ecm.platform.login.NuxeoLoginModule.getPrincipal(NuxeoLoginModule.java:209)
at org.nuxeo.ecm.platform.login.NuxeoLoginModule.login(NuxeoLoginModule.java:262)
at org.nuxeo.runtime.api.LoginModuleWrapper.login(LoginModuleWrapper.java:77)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
at org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter.doAuthenticate(NuxeoAuthenticationFilter.java:221)
at org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter.doFilterInternal(NuxeoAuthenticationFilter.java:452)
at org.nuxeo.ecm.platform.ui.web.auth.service.NuxeoAuthFilterChain.doFilter(NuxeoAuthFilterChain.java:35)
at org.nuxeo.ecm.platform.ui.web.auth.oauth.NuxeoOAuthFilter.doFilter(NuxeoOAuthFilter.java:165)
at org.nuxeo.ecm.platform.ui.web.auth.service.NuxeoAuthFilterChain.doFilter(NuxeoAuthFilterChain.java:33)
at org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter.doFilter(NuxeoAuthenticationFilter.java:334)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.nuxeo.platform.login.web.LoginStackCleaner.doFilter(LoginStackCleaner.java:49)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.nuxeo.ecm.platform.web.common.exceptionhandling.NuxeoExceptionFilter.doFilter(NuxeoExceptionFilter.java:80)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.nuxeo.ecm.platform.web.common.encoding.NuxeoEncodingFilter.doFilter(NuxeoEncodingFilter.java:59)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:849)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:454)
at java.lang.Thread.run(Thread.java:662)
According the XML you pasted, the problem may come from the groupLdapDirectory definition where you didn't configure any attribute (schema, idField, searchBaseDn, …)
Can you put the full XML descriptors of your LDAP configuration (without the passwords) on a pastebin?
Hi again guys, thanks to you all, I configured how you said and my configuracion http://pastebin.com/2LT3KQsk works well but, I had to comment the <entryAdaptor> tag because this didn't permit connect to ldap server and showed those errors on the console: 2011-10-25 09:02:24,218 ERROR [org.nuxeo.ecm.platform.login.NuxeoLoginModule] createIdentity failed org.nuxeo.ecm.directory.DirectoryException: Field to adapt entry members from directory groupLdapDirectory