Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Authentication on LDAP

geekonspace
Star Contributor
Star Contributor

‎10-20-2011 01:55 PM

Hi, I am configuring my nuxeo dm on tomcat to conect to ldap but when I try log in on the login form, it search on the bd and not on ldap server. I am reading this doc: http://doc.nuxeo.com/display/NXDOC/Using+a+LDAP+directory but I don't know if here I must configure another thing.

I wrote this file: default-ldap-users-directory-config.xml how the tutorial says, I see this configuration does not require to do a bundle

Here you are a print of my ldap configuration: alt text

After the Pablo Garcia answer: I did all step by step. I did this in my xml file:

<!-- directory for users -->
  <directory name="userLdapDirectory">
  ..
  <inverseReference field="groups" directory="groupLdapDirectory"
          dualReferenceField="members" />
  </directory>
 
<!-- directory for groups -->
  <directory name="groupLdapDirectory">
    ..
    <ldapReference field="members" directory="userLdapDirectory" forceDnConsistencyCheck="false" staticAttributeId="uniqueMember" dynamicAttributeId="memberURL"/>
 
    <ldapReference field="subGroups" directory="groupLdapDirectory" forceDnConsistencyCheck="false" staticAttributeId="uniqueMember" dynamicAttributeId="memberURL"/>
    ...
  </directory>
 
<!-- definition in the user manager -->
  <extension target="org.nuxeo.ecm.platform.usermanager.UserService" point="userManager">
    <userManager>
      ...
      <users>
        <directory>userLdapDirectory</directory>
      </users>
      ...
      <groups>
        <directory>groupLdapDirectory</directory>
      </groups>
      ...
    </userManager>
  </extension>

Also I did this: Quick solution is to put in comments the "..." part in templates/common/config/default-sql-directories-bundle.xml (or overwrite that file with a custom template).

Now I try authenticate on nuxeo but it don't pass the login form The log shows me this:

2011-10-21 10:16:16,390 INFO  [org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter] Login failed for Administrator
2011-10-21 10:17:03,859 ERROR [org.nuxeo.ecm.platform.login.NuxeoLoginModule] createIdentity failed
java.lang.NullPointerException
	at org.nuxeo.ecm.directory.ldap.LDAPDirectory.<init>(LDAPDirectory.java:92)
	at org.nuxeo.ecm.directory.ldap.LDAPDirectoryProxy.getDirectory(LDAPDirectoryProxy.java:49)
	at org.nuxeo.ecm.directory.ldap.LDAPDirectoryProxy.getReference(LDAPDirectoryProxy.java:95)
	at org.nuxeo.ecm.directory.InverseReference.checkDualReference(InverseReference.java:54)
	at org.nuxeo.ecm.directory.InverseReference.getTargetIdsForSource(InverseReference.java:97)
	at org.nuxeo.ecm.directory.ldap.LDAPSession.ldapResultToDocumentModel(LDAPSession.java:847)
	at org.nuxeo.ecm.directory.ldap.LDAPSession.getEntryFromSource(LDAPSession.java:241)
	at org.nuxeo.ecm.directory.DirectoryCache.getEntry(DirectoryCache.java:75)
	at org.nuxeo.ecm.directory.DirectoryCache.getEntry(DirectoryCache.java:61)
	at org.nuxeo.ecm.directory.ldap.LDAPSession.getEntry(LDAPSession.java:226)
	at org.nuxeo.ecm.platform.usermanager.UserManagerImpl.getUserModel(UserManagerImpl.java:538)
	at org.nuxeo.ecm.platform.usermanager.UserManagerImpl.getPrincipal(UserManagerImpl.java:524)
	at org.nuxeo.ecm.platform.login.NuxeoLoginModule.createIdentity(NuxeoLoginModule.java:299)
	at org.nuxeo.ecm.platform.login.NuxeoLoginModule.validateUserIdentity(NuxeoLoginModule.java:324)
	at org.nuxeo.ecm.platform.login.NuxeoLoginModule.getPrincipal(NuxeoLoginModule.java:209)
	at org.nuxeo.ecm.platform.login.NuxeoLoginModule.login(NuxeoLoginModule.java:262)
	at org.nuxeo.runtime.api.LoginModuleWrapper.login(LoginModuleWrapper.java:77)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
	at java.lang.reflect.Method.invoke(Method.java:597)
	at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
	at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
	at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
	at java.security.AccessController.doPrivileged(Native Method)
	at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
	at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
	at org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter.doAuthenticate(NuxeoAuthenticationFilter.java:221)
	at org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter.doFilterInternal(NuxeoAuthenticationFilter.java:452)
	at org.nuxeo.ecm.platform.ui.web.auth.service.NuxeoAuthFilterChain.doFilter(NuxeoAuthFilterChain.java:35)
	at org.nuxeo.ecm.platform.ui.web.auth.oauth.NuxeoOAuthFilter.doFilter(NuxeoOAuthFilter.java:165)
	at org.nuxeo.ecm.platform.ui.web.auth.service.NuxeoAuthFilterChain.doFilter(NuxeoAuthFilterChain.java:33)
	at org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter.doFilter(NuxeoAuthenticationFilter.java:334)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
	at org.nuxeo.platform.login.web.LoginStackCleaner.doFilter(LoginStackCleaner.java:49)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
	at org.nuxeo.ecm.platform.web.common.exceptionhandling.NuxeoExceptionFilter.doFilter(NuxeoExceptionFilter.java:80)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
	at org.nuxeo.ecm.platform.web.common.encoding.NuxeoEncodingFilter.doFilter(NuxeoEncodingFilter.java:59)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:849)
	at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
	at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:454)
	at java.lang.Thread.run(Thread.java:662)
0 Kudos
9 REPLIES 9

Not applicable

‎10-20-2011 03:25 PM

Did you also modify the template as described in the "Known issues" section of that page?

0 Kudos

Not applicable

‎10-21-2011 12:00 PM

Hi,

You must follow reading that page. Look at section "Known Issues".

That could help you.

Regards,

0 Kudos

geekonspace
Star Contributor
Star Contributor
In response to

‎10-21-2011 12:36 PM

I did what you say I edited my question

0 Kudos

Olivier_Grisel
Star Contributor
Star Contributor

‎10-24-2011 08:01 AM

What schema do you use for your users and groups? By reading the source code of [LDAPDirectory line 92](http

0 Kudos

geekonspace
Star Contributor
Star Contributor

‎10-24-2011 10:27 AM

here you are the pastebin

0 Kudos

Thierry_Martins
Star Collaborator
Star Collaborator

‎10-25-2011 06:13 AM

According the XML you pasted, the problem may come from the groupLdapDirectory definition where you didn't configure any attribute (schema, idField, searchBaseDn, ...)

Olivier_Grisel
Star Contributor
Star Contributor
In response to Thierry_Martins

‎10-25-2011 07:49 AM

FYI

0 Kudos

Benjamin_Jalon1
Elite Collaborator
Elite Collaborator
In response to Thierry_Martins

‎01-02-2012 01:46 PM

You can try with the last [Nuxeo release][1] like that you will have more information from the logs introduced by Olivier...

0 Kudos

geekonspace
Star Contributor
Star Contributor

‎10-25-2011 12:13 PM

Hi again guys, thanks to you all, I configured how you said and my configuracion http

0 Kudos
Getting started

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2024 Khoros, LLC