Webdav + LDAP

fabrice_ — Tue, 19 Feb 2013 11:31:58 GMT

Hello,

I'm trying to setup webdav authentication with LDAP on a Nuxeo 5.4.2 instance. I follow these two threads because I get a "Digest authentication failed. Stored HA1 is empty" error :

Here are my configuration files :

default-ldap-users-directory-bundle.xml :

<?xml version="1.0"?>
<component name="org.nuxeo.ecm.directory.ldap.storage.users">
    <implementation />
    <implementation />
    <require>org.nuxeo.ecm.directory.ldap.LDAPDirectoryFactory</require>
    <require>org.nuxeo.ecm.directory.sql.storage</require>

    <extension target="org.nuxeo.ecm.directory.ldap.LDAPDirectoryFactory"
        point="servers">
        <server name="default">
            <ldapUrl>ldap://ldap.mydomain.fr:389</ldapUrl>

      <!-- Credentials used by Nuxeo5 to browse the directory, create
        and modify entries.

        Only the authentication of users (bind) use the credentials entered
        through the login form if any.-->
          <!--
      <bindDn>@ldap.bindDn@</bindDn>
      <bindPassword>@ldap.bindPassword@</bindPassword>
       -->
        </server>
    </extension>

    <extension target="org.nuxeo.ecm.directory.ldap.LDAPDirectoryFactory" point="directories">
        <directory name="userLdapDirectory">
            <server>default</server>
            <schema>user</schema>
                <idField>username</idField>
                <!-- <passwordField>password</passwordField> -->
                <searchBaseDn>ou=people,dc=univ-valenciennes,dc=fr</searchBaseDn>
                <searchClass>person</searchClass>
                <!-- To additionally restricte entries you can add an
                    arbitrary search filter such as the following:

                    <searchFilter>(|(eduPersonAffiliation=employee)(eduPersonAffiliation=faculty))</searchFilter>

                    Beware that "&" writes "&amp;" in XML.
                -->
                <!-- use subtree if the people branch is nested -->
                <searchScope>onelevel</searchScope>
                <readOnly>true</readOnly>
                <!-- comment <cache* /> tags to disable the cache -->
                <!-- cache timeout in seconds -->
                <cacheTimeout>3600</cacheTimeout>
                <!-- maximum number of cached entries before global invalidation -->
                <cacheMaxSize>1000</cacheMaxSize>
                <creationBaseDn>ou=people,dc=univ-valenciennes,dc=fr</creationBaseDn>
                <creationClass>top</creationClass>
                <creationClass>person</creationClass>
                <creationClass>organizationalPerson</creationClass>
                <creationClass>inetOrgPerson</creationClass>
                <rdnAttribute>uid</rdnAttribute>

                <fieldMapping name="username">uid</fieldMapping>
                <!-- pour l'authentification via le ldap pour webdav -->
                <fieldMapping name="password">userPassword</fieldMapping>
                <fieldMapping name="firstName">givenName</fieldMapping>
                <fieldMapping name="lastName">sn</fieldMapping>
                <fieldMapping name="company">supannOrganisme</fieldMapping>
                <fieldMapping name="email">mail</fieldMapping>

                <references>
                    <inverseReference field="groups" directory="groupLdapDirectory" dualReferenceField="members" />
                </references>
        </directory>
    </extension>

</component>

and login-digest-config.xml

<?xml version="1.0"?>
<component name="org.nuxeo.ecm.platform.digestauth.config">

  <require>org.nuxeo.ecm.platform.login.digest</require>

  <extension target="org.nuxeo.ecm.directory.sql.SQLDirectoryFactory"
    point="directories">
    <directory name="digestauth">
      <schema>digestauth</schema>
      <table>digestauth</table>
      <autoincrementIdField>false</autoincrementIdField>
      <dataSource>java:/nxsqldirectory</dataSource>
      <idField>username</idField>
      <passwordField>password</passwordField>
      <createTablePolicy>on_missing_columns</createTablePolicy>
    </directory>
  </extension>

  <!-- <extension target="org.nuxeo.ecm.platform.usermanager.UserService" point="userManager">
    <userManager>
      <digestAuthDirectory>digestauth</digestAuthDirectory>
      <digestAuthRealm>NUXEO</digestAuthRealm>
    </userManager>
  </extension> -->

 <extension
    target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService"
    point="authenticators">
    <authenticationPlugin name="DIGEST_AUTH"
      enabled="true" class="org.nuxeo.ecm.ui.web.auth.digest.DigestAuthenticator">
      <stateful>false</stateful>
      <loginModulePlugin>DigestLoginPlugin</loginModulePlugin>
       <parameters>
         <parameter name="RealmName">UVHC</parameter>
       </parameters>
    </authenticationPlugin>
  </extension>

  <extension target="org.nuxeo.ecm.platform.usermanager.UserService" point="userManager">
    <userManager>
      <digestAuthDirectory>userLdapDirectory</digestAuthDirectory>
      <digestAuthRealm>UVHC</digestAuthRealm>
    </userManager>
  </extension>

  <extension target="org.nuxeo.ecm.platform.login.LoginPluginRegistry"
    point="plugin">
    <LoginPlugin name="DigestLoginPlugin"
      class="org.nuxeo.ecm.ui.web.auth.digest.DigestLoginPlugin">
      <enabled>true</enabled>
      <parameters name="passwordField">password</parameters>
    </LoginPlugin>
  </extension>

</component>

And here is the log with an error I don't really understand :

2013-02-19 11:24:24,581 DEBUG [org.nuxeo.ecm.directory.ldap.LDAPSession] LDAPSession.getLdapEntry(fblin, false): LDAP search base='ou=people,dc=univ-valenciennes,dc=fr' filter='(&(uid={0})(&(objectClass=person)(uid=*)))'  args='fblin' scope='1' [LDAPSession '-1010039942807551476' for directory userLdapDirectory]
2013-02-19 11:24:24,585 DEBUG [org.nuxeo.ecm.directory.ldap.LDAPSession] LDAPSession.getLdapEntry(fblin, false): LDAP search base='ou=people,dc=univ-valenciennes,dc=fr' filter='(&(uid={0})(&(objectClass=person)(uid=*)))'  args='fblin' scope='1' => found: uid=fblin,ou=people,dc=univ-valenciennes,dc=fr [LDAPSession '-1010039942807551476' for directory userLdapDirectory]
2013-02-19 11:24:24,585 DEBUG [org.nuxeo.ecm.directory.ldap.LDAPSession] LDAPSession.getLdapEntry(fblin, true): LDAP search base='ou=people,dc=univ-valenciennes,dc=fr' filter='(&(uid={0})(&(objectClass=person)(uid=*)))'  args='fblin' scope='1' [LDAPSession '-1010039925627682291' for directory userLdapDirectory]
2013-02-19 11:24:24,588 DEBUG [org.nuxeo.ecm.directory.ldap.LDAPSession] LDAPSession.getLdapEntry(fblin, true): LDAP search base='ou=people,dc=univ-valenciennes,dc=fr' filter='(&(uid={0})(&(objectClass=person)(uid=*)))'  args='fblin' scope='1' => found: uid=fblin,ou=people,dc=univ-valenciennes,dc=fr [LDAPSession '-1010039925627682291' for directory userLdapDirectory]
2013-02-19 11:24:24,588 DEBUG [org.nuxeo.ecm.directory.ldap.LDAPReference] LDAPReference.getSourceIdsForTarget(fblin): LDAP search search base='ou=groups,dc=univ-valenciennes,dc=fr' filter='(&(member={0})(&(&(|(objectClass=groupOfNames)(objectClass=groupOfURLs)))(cn=*)))' args='uid=fblin,ou=people,dc=univ-valenciennes,dc=fr' scope='2' [LDAPReference to resolve field='members' of sourceDirectory='groupLdapDirectory' with targetDirectory='userLdapDirectory' and staticAttributeId='member', dynamicAttributeId='memberURL']
2013-02-19 11:24:24,689 DEBUG [org.nuxeo.ecm.directory.ldap.LDAPReference] LDAPReference.getSourceIdsForTarget(fblin): LDAP search search base='ou=groups,dc=univ-valenciennes,dc=fr' filter='memberURL=*' scope='2' [LDAPReference to resolve field='members' of sourceDirectory='groupLdapDirectory' with targetDirectory='userLdapDirectory' and staticAttributeId='member', dynamicAttributeId='memberURL']
2013-02-19 11:24:24,692 ERROR [org.nuxeo.ecm.ui.web.auth.digest.DigestLoginPlugin] Digest authentication failed
java.lang.NullPointerException
        at org.nuxeo.common.utils.Path.collapseSlashes(Path.java:281)
        at org.nuxeo.common.utils.Path.initialize(Path.java:457)
        at org.nuxeo.common.utils.Path.<init>(Path.java:77)
        at org.nuxeo.ecm.core.api.model.impl.AbstractProperty.resolvePath(AbstractProperty.java:394)
        at org.nuxeo.ecm.core.api.model.impl.AbstractProperty.getValue(AbstractProperty.java:356)
        at org.nuxeo.ecm.core.api.impl.DataModelImpl.getData(DataModelImpl.java:91)
        at org.nuxeo.ecm.core.api.impl.DocumentModelImpl.getProperty(DocumentModelImpl.java:719)
        at org.nuxeo.ecm.ui.web.auth.digest.DigestLoginPlugin.getStoredHA1(DigestLoginPlugin.java:131)
        at org.nuxeo.ecm.ui.web.auth.digest.DigestLoginPlugin.validatedUserIdentity(DigestLoginPlugin.java:63)
        at org.nuxeo.ecm.platform.login.NuxeoLoginModule.validateUserIdentity(NuxeoLoginModule.java:355)
        at org.nuxeo.ecm.platform.login.NuxeoLoginModule.getPrincipal(NuxeoLoginModule.java:209)
        at org.nuxeo.ecm.platform.login.NuxeoLoginModule.login(NuxeoLoginModule.java:262)
        at org.nuxeo.runtime.api.LoginModuleWrapper.login(LoginModuleWrapper.java:77)
        at sun.reflect.GeneratedMethodAccessor91.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
        at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
        at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
        at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
        at org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter.doAuthenticate(NuxeoAuthenticationFilter.java:225)
        at org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter.doFilterInternal(NuxeoAuthenticationFilter.java:464)
        at org.nuxeo.ecm.platform.ui.web.auth.service.NuxeoAuthFilterChain.doFilter(NuxeoAuthFilterChain.java:35)
        at org.nuxeo.ecm.platform.ui.web.auth.oauth.NuxeoOAuthFilter.doFilter(NuxeoOAuthFilter.java:114)
        at org.nuxeo.ecm.platform.ui.web.auth.service.NuxeoAuthFilterChain.doFilter(NuxeoAuthFilterChain.java:33)
        at org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter.doFilter(NuxeoAuthenticationFilter.java:338)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at org.nuxeo.ecm.platform.web.common.exceptionhandling.NuxeoExceptionFilter.doFilter(NuxeoExceptionFilter.java:80)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at org.nuxeo.ecm.platform.web.common.encoding.NuxeoEncodingFilter.doFilter(NuxeoEncodingFilter.java:59)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
        at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:190)
        at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:291)
        at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:769)
        at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:698)
        at org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:891)
        at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:690)
        at java.lang.Thread.run(Thread.java:619)

Thank you for your help

Fabrice

topic Webdav + LDAP in Nuxeo Forum

Webdav + LDAP