Authentication on LDAP
Hi, I am configuring my nuxeo dm on tomcat to conect to ldap but when I try log in on the login form, it search on the bd and not on ldap server. I am reading this doc: http://doc.nuxeo.com/display/NXDOC/Using+a+LDAP+directory but I don't know if here I must configure another thing.
I wrote this file: default-ldap-users-directory-config.xml how the tutorial says, I see this configuration does not require to do a bundle
Here you are a print of my ldap configuration:
After the Pablo Garcia answer: I did all step by step. I did this in my xml file:
<!-- directory for users -->
<directory name="userLdapDirectory">
..
<inverseReference field="groups" directory="groupLdapDirectory"
dualReferenceField="members" />
</directory>
<!-- directory for groups -->
<directory name="groupLdapDirectory">
..
<ldapReference field="members" directory="userLdapDirectory" forceDnConsistencyCheck="false" staticAttributeId="uniqueMember" dynamicAttributeId="memberURL"/>
<ldapReference field="subGroups" directory="groupLdapDirectory" forceDnConsistencyCheck="false" staticAttributeId="uniqueMember" dynamicAttributeId="memberURL"/>
...
</directory>
<!-- definition in the user manager -->
<extension target="org.nuxeo.ecm.platform.usermanager.UserService" point="userManager">
<userManager>
...
<users>
<directory>userLdapDirectory</directory>
</users>
...
<groups>
<directory>groupLdapDirectory</directory>
</groups>
...
</userManager>
</extension>
Also I did this: Quick solution is to put in comments the “” part in templates/common/config/default-sql-directories-bundle.xml (or overwrite that file with a custom template).
Now I try authenticate on nuxeo but it don't pass the login form The log shows me this:
2011-10-21 10:16:16,390 INFO [org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter] Login failed for Administrator
2011-10-21 10:17:03,859 ERROR [org.nuxeo.ecm.platform.login.NuxeoLoginModule] createIdentity failed
java.lang.NullPointerException
at org.nuxeo.ecm.directory.ldap.LDAPDirectory.<init>(LDAPDirectory.java:92)
at org.nuxeo.ecm.directory.ldap.LDAPDirectoryProxy.getDirectory(LDAPDirectoryProxy.java:49)
at org.nuxeo.ecm.directory.ldap.LDAPDirectoryProxy.getReference(LDAPDirectoryProxy.java:95)
at org.nuxeo.ecm.directory.InverseReference.checkDualReference(InverseReference.java:54)
at org.nuxeo.ecm.directory.InverseReference.getTargetIdsForSource(InverseReference.java:97)
at org.nuxeo.ecm.directory.ldap.LDAPSession.ldapResultToDocumentModel(LDAPSession.java:847)
at org.nuxeo.ecm.directory.ldap.LDAPSession.getEntryFromSource(LDAPSession.java:241)
at org.nuxeo.ecm.directory.DirectoryCache.getEntry(DirectoryCache.java:75)
at org.nuxeo.ecm.directory.DirectoryCache.getEntry(DirectoryCache.java:61)
at org.nuxeo.ecm.directory.ldap.LDAPSession.getEntry(LDAPSession.java:226)
at org.nuxeo.ecm.platform.usermanager.UserManagerImpl.getUserModel(UserManagerImpl.java:538)
at org.nuxeo.ecm.platform.usermanager.UserManagerImpl.getPrincipal(UserManagerImpl.java:524)
at org.nuxeo.ecm.platform.login.NuxeoLoginModule.createIdentity(NuxeoLoginModule.java:299)
at org.nuxeo.ecm.platform.login.NuxeoLoginModule.validateUserIdentity(NuxeoLoginModule.java:324)
at org.nuxeo.ecm.platform.login.NuxeoLoginModule.getPrincipal(NuxeoLoginModule.java:209)
at org.nuxeo.ecm.platform.login.NuxeoLoginModule.login(NuxeoLoginModule.java:262)
at org.nuxeo.runtime.api.LoginModuleWrapper.login(LoginModuleWrapper.java:77)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
at org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter.doAuthenticate(NuxeoAuthenticationFilter.java:221)
at org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter.doFilterInternal(NuxeoAuthenticationFilter.java:452)
at org.nuxeo.ecm.platform.ui.web.auth.service.NuxeoAuthFilterChain.doFilter(NuxeoAuthFilterChain.java:35)
at org.nuxeo.ecm.platform.ui.web.auth.oauth.NuxeoOAuthFilter.doFilter(NuxeoOAuthFilter.java:165)
at org.nuxeo.ecm.platform.ui.web.auth.service.NuxeoAuthFilterChain.doFilter(NuxeoAuthFilterChain.java:33)
at org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter.doFilter(NuxeoAuthenticationFilter.java:334)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.nuxeo.platform.login.web.LoginStackCleaner.doFilter(LoginStackCleaner.java:49)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.nuxeo.ecm.platform.web.common.exceptionhandling.NuxeoExceptionFilter.doFilter(NuxeoExceptionFilter.java:80)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.nuxeo.ecm.platform.web.common.encoding.NuxeoEncodingFilter.doFilter(NuxeoEncodingFilter.java:59)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:849)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:454)
at java.lang.Thread.run(Thread.java:662)
 |
murkein Rivas
Member (1.5K) 2 5 4 |
10/20/2011 ( History) |
0 votes
2 answers
3574 views
According the XML you pasted, the problem may come from the groupLdapDirectory definition where you didn't configure any attribute (schema, idField, searchBaseDn, …)
 |
Thierry Martins
Support Manager (6.3K) 3 4 6 |
10/25/2011 ( History) |
FYI: I have improved the LDAPDirectory class on the development version to make the error messages more informative:
10/25/2011
You can try with the last Nuxeo release like that you will have more information from the logs introduced by Olivier…
01/02/2012
Hi,
You must follow reading that page. Look at section “Known Issues”.
That could help you.
Regards,
 |
Pablo Garcia
Member (55) 0 0 0 |
10/21/2011 ( History) |
Can you put the full XML descriptors of your LDAP configuration (without the passwords) on a pastebin?
Hi again guys, thanks to you all, I configured how you said and my configuracion http://pastebin.com/2LT3KQsk works well but, I had to comment the <entryAdaptor> tag because this didn't permit connect to ldap server and showed those errors on the console: 2011-10-25 09:02:24,218 ERROR [org.nuxeo.ecm.platform.login.NuxeoLoginModule] createIdentity failed org.nuxeo.ecm.directory.DirectoryException: Field to adapt entry members from directory groupLdapDirectory