6 Replies Latest reply on Aug 18, 2011 10:00 AM by krokodylowy

    LDAP Problem "LDAP entry doesn't contain proper attribute:cn"

    leolo
    leolo Apr 28, 2010 8:28 AM

      Hi,

       

      I try to connect GateIn 3.0 final to a Novell-eDirectory-LDAP-Server (read only).

       

      My requirements:

      1. All LDAP-users should be able to login into the portal

      2. The LDAP-groups of the users should be accessible by the portal-server

       

      I took the following document as a template: http://community.jboss.org/wiki/GateInwithLDAPinreadonlymode.

       

      If I just map the users all works well, if I also map the groups I get the appended exception "LDAP entry doesn't contain proper attribute:cn",

      when accessing the groupsmanagement-page of GateIn.

       

      The config is exactly the one of http://community.jboss.org/wiki/GateInwithLDAPinreadonlymode except that I don't map a identity object "acme_ou_type".

       

      Unfortunately the log-file doesn't tell me which LDAP-entry is invalid.

       

      Any ideas, how to figure out the LDAP entry?

       

      Regards, LeoLo


      2010-04-28 13:29:54,505 DEBUG [org.hibernate.cache.StandardQueryCache] caching query results in region: org.hibernate.cache.StandardQueryCache; timestamp=5211972128342016
      2010-04-28 13:29:54,599 INFO  [org.exoplatform.services.organization.idm.GroupDAOImpl] Identity operation error:
      org.picketlink.idm.common.exception.IdentityException: IdentityObject search failed.
          at org.picketlink.idm.impl.store.ldap.LDAPIdentityStoreImpl.findIdentityObject(LDAPIdentityStoreImpl.java:765)
          at org.picketlink.idm.impl.repository.FallbackIdentityStoreRepository.findIdentityObject(FallbackIdentityStoreRepository.java:606)
          at org.picketlink.idm.impl.api.session.managers.PersistenceManagerImpl.findGroup(PersistenceManagerImpl.java:442)
          at org.picketlink.idm.impl.api.session.managers.PersistenceManagerImpl.findGroup(PersistenceManagerImpl.java:468)
          at org.exoplatform.services.organization.idm.GroupDAOImpl.getAllGroups(GroupDAOImpl.java:450)
          at org.exoplatform.portal.config.UserPortalConfigService.getUserPortalConfig(UserPortalConfigService.java:128)
          at org.exoplatform.portal.application.PortalStateManager.getUserPortalConfig(PortalStateManager.java:150)
          at org.exoplatform.portal.application.PortalStateManager.restoreUIRootComponent(PortalStateManager.java:92)
          at org.exoplatform.portal.application.PortalRequestHandler.execute(PortalRequestHandler.java:96)
          at org.exoplatform.web.WebAppController.service(WebAppController.java:143)
          at org.exoplatform.portal.application.PortalController.onService(PortalController.java:127)
          at org.exoplatform.container.web.AbstractHttpServlet.service(AbstractHttpServlet.java:116)
          at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
          at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
          at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
          at org.exoplatform.web.CacheUserProfileFilter.doFilter(CacheUserProfileFilter.java:68)
          at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
          at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
          at org.exoplatform.services.security.web.SetCurrentIdentityFilter.doFilter(SetCurrentIdentityFilter.java:76)
          at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
          at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
          at org.exoplatform.web.filter.ExtensibleFilter$ExtensibleFilterChain.doFilter(ExtensibleFilter.java:112)
          at org.exoplatform.web.filter.ExtensibleFilter.doFilter(ExtensibleFilter.java:84)
          at org.exoplatform.web.filter.GenericFilter.doFilter(GenericFilter.java:66)
          at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
          at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
          at org.exoplatform.web.login.ClusteredSSOFilter.doFilter(ClusteredSSOFilter.java:73)
          at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
          at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
          at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
          at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
          at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
          at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:235)
          at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
          at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:190)
          at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:525)
          at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
          at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
          at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
          at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
          at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
          at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
          at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
          at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
          at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
          at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598)
          at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
          at java.lang.Thread.run(Thread.java:619)
      Caused by: org.picketlink.idm.common.exception.IdentityException: Couldn't create LDAPIdentityObjectImpl object from ldap entry (SearchResult)
          at org.picketlink.idm.impl.store.ldap.LDAPIdentityStoreImpl.createIdentityObjectInstance(LDAPIdentityStoreImpl.java:2825)
          at org.picketlink.idm.impl.store.ldap.LDAPIdentityStoreImpl.findIdentityObject(LDAPIdentityStoreImpl.java:751)
          ... 47 more
      Caused by: org.picketlink.idm.common.exception.IdentityException: LDAP entry doesn't contain proper attribute:cn
          at org.picketlink.idm.impl.store.ldap.LDAPIdentityStoreImpl.createIdentityObjectInstance(LDAPIdentityStoreImpl.java:2816)
          ... 48 more

      • 9323 Views
      • Tags:
        • 1. Re: LDAP Problem "LDAP entry doesn't contain proper attribute:cn"
          bdaw
          bdaw Apr 28, 2010 10:52 AM (in response to leolo)

          Are you sure your ldap entries related to mapped groups are containing cn attributes that is mapped in sample config? Could you paste sample group entry?

            • Actions
          • 2. Re: LDAP Problem "LDAP entry doesn't contain proper attribute:cn"
            leolo
            leolo Apr 29, 2010 9:25 AM (in response to bdaw)

            Hi,

             

            hard times using the forum today. ;-)


            I attached two files to this post, each containing the LDIF-export of one sample-group.


            Two things come up to my mind:


            1.

            Users are saved in the LDAP tree cn=*,ou=edv,ou=user,ou=ze,o=de, which is mapped in the GateIn-config.


            The attribute creatorsName references to a tree cn=*,ou=EDV,o=ZE, this tree-name is written in upper case and is missing o=de.

             

            2.

            Some groups contain backLink-attributes. I didn't map the back-link-cn-entries in the GateIn-LDAP-Config. (e.g. ou=services,ou=ab,o=de)


            Example:

             

            backLink: 34842#cn=server1,ou=services,ou=ab,o=de
            backLink: 36004#cn=server2,ou=services,ou=ac,o=de
            backLink: 32874#cn=server3,ou=services,ou=ad,o=de


            Do you know if the creatorsName-cn-values and the back-link-cn-values are evaluated by GateIn-LDAP-Modules?


            Regards,


            LeoLo

              • Actions
            • 3. Re: LDAP Problem "LDAP entry doesn't contain proper attribute:cn"
              bdaw
              bdaw Apr 30, 2010 5:08 AM (in response to leolo)

              Hard to tell for me after the quick look. Backlink attribue is not evaluated internally for sure. I would advise you to try build GateIn from the latest trunk (http://anonsvn.jboss.org/repos/gatein/portal/trunk/) and then turn on debugging for PicketLink as described here:

               

              http://community.jboss.org/wiki/HowtoenableFINESTjavautillogginginGateInonJBoss

               

              Latest version should be more verbose about config errors in debug mode.

                • Actions
              • 4. Re: LDAP Problem "LDAP entry doesn't contain proper attribute:cn"
                leolo
                leolo May 5, 2010 10:10 AM (in response to bdaw)

                Hi Boris,

                 

                thanks for your advice.

                 

                I tried tracing with the latest svn-version, but I've still got no clue, where the problem is:

                 

                I've appended the relevant stacktrace-part to this message:

                 

                The error appears, when I try to log in with the LDAP-User WILLI into gatein. Willi is member of 6 groups, when accessing the group cn=Programmierer-LASSE the IDM thinks the cn is not proper (whatever this means). I first assumend the "-" character in the cn breaks the game, but I''ve setup a local LDAP-server with a "-" in the cn and there it worked.

                 

                Is there a length-restriction on the cn-attributes? Maybe it's to long?

                 

                Regards,


                LeoLo

                 

                 

                15:58:06,019 DEBUG [StatefulPersistenceContext] initializing non-lazy collections
                15:58:06,019 FINER [LDAPIdentityStoreImpl] org.picketlink.idm.impl.store.ldap.LDAPIdentityStoreImpl[PortalLDAPStore].findIdentityObject with name: WILLI; and type: SimpleIdentityObjectType{name='USER'}
                15:58:06,019 FINER [LDAPIdentityStoreImpl] Prepared LDAP Search ; contexts: [ou=edv,ou=user,ou=ze,o=de]; filter: (uid=WILLI); returning attributes: [uid]
                15:58:06,019 FINER [JBossCacheIdentityStoreCacheProviderImpl] org.picketlink.idm.impl.cache.JBossCacheIdentityStoreCacheProviderImpl@1bfb6c7Object found in cache: hash-1654043336;namespace=PortalLDAPStore
                15:58:06,019 FINER [LDAPIdentityStoreImpl] LDAP search results found in cache. size=1
                15:58:06,035 FINER [LDAPIdentityStoreImpl] Prepared LDAP Search ; contexts: [ou=gruppen,ou=ze,o=de]; filter: (&((cn=*))(member=cn=WILLI,ou=edv,ou=user,ou=ze,o=de)); returning attributes: [cn]
                15:58:06,035 FINER [LDAPIdentityStoreImpl] Search in ou=gruppen,ou=ze,o=de returned 6 entries
                15:58:06,035 FINER [JBossCacheIdentityStoreCacheProviderImpl] org.picketlink.idm.impl.cache.JBossCacheIdentityStoreCacheProviderImpl@1bfb6c7Object stored in cache: hash=1467259619; value=[cn=Helpdesk: com.sun.jndi.ldap.LdapCtx:com.sun.jndi.ldap.LdapCtx@14658ec:{cn=cn: Helpdesk}, cn=AGH-Beamer: com.sun.jndi.ldap.LdapCtx:com.sun.jndi.ldap.LdapCtx@1781389:{cn=cn: AGH-Beamer}, cn=Programmierer-LASSE: com.sun.jndi.ldap.LdapCtx:com.sun.jndi.ldap.LdapCtx@4a9ca4:No attributes, cn=Programmierer-ASAD: com.sun.jndi.ldap.LdapCtx:com.sun.jndi.ldap.LdapCtx@71d843:{cn=cn: Programmierer-ASAD}, cn=Programmierer-AB: com.sun.jndi.ldap.LdapCtx:com.sun.jndi.ldap.LdapCtx@2d2b73:{cn=cn: Programmierer-AB}, cn=ABG-IT: com.sun.jndi.ldap.LdapCtx:com.sun.jndi.ldap.LdapCtx@17fb110:No attributes];namespace=PortalLDAPStore
                15:58:06,035 FINER [LDAPIdentityStoreImpl] LDAP search results stored in cache. size=6
                15:58:06,035 FINER [LDAPIdentityStoreImpl] Exception occurred:
                org.picketlink.idm.common.exception.IdentityException: LDAP entry doesn't contain proper attribute: cn; dn=cn=Programmierer-LASSE,ou=gruppen,ou=ze,o=de
                    at org.picketlink.idm.impl.store.ldap.LDAPIdentityStoreImpl.createIdentityObjectInstance(LDAPIdentityStoreImpl.java:3188)
                    at org.picketlink.idm.impl.store.ldap.LDAPIdentityStoreImpl.findRelatedIdentityObjects(LDAPIdentityStoreImpl.java:1299)
                    at org.picketlink.idm.impl.store.ldap.LDAPIdentityStoreImpl.findIdentityObject(LDAPIdentityStoreImpl.java:1041)
                    at org.picketlink.idm.impl.repository.FallbackIdentityStoreRepository.findIdentityObject(FallbackIdentityStoreRepository.java:742)
                    at org.picketlink.idm.impl.api.session.managers.RelationshipManagerImpl.findAssociatedGroups(RelationshipManagerImpl.java:1085)
                    at org.picketlink.idm.impl.api.session.managers.RelationshipManagerImpl.findAssociatedGroups(RelationshipManagerImpl.java:1125)
                    at org.exoplatform.services.organization.idm.MembershipDAOImpl.findMembershipsByUser(MembershipDAOImpl.java:542)
                    at org.exoplatform.services.organization.auth.OrganizationAuthenticatorImpl.createIdentity(OrganizationAuthenticatorImpl.java:95)
                    at org.exoplatform.services.security.jaas.SharedStateLoginModule.login(SharedStateLoginModule.java:69)
                    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
                    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
                    at java.lang.reflect.Method.invoke(Method.java:597)
                    at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
                    at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
                    at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
                    at java.security.AccessController.doPrivileged(Native Method)
                    at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
                    at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
                    at org.jboss.security.plugins.auth.JaasSecurityManagerBase.defaultLogin(JaasSecurityManagerBase.java:552)
                    at org.jboss.security.plugins.auth.JaasSecurityManagerBase.authenticate(JaasSecurityManagerBase.java:486)
                    at org.jboss.security.plugins.auth.JaasSecurityManagerBase.isValid(JaasSecurityManagerBase.java:365)
                    at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:160)
                    at org.jboss.web.tomcat.security.JBossWebRealm.authenticate(JBossWebRealm.java:384)
                    at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:258)
                    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:417)
                    at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
                    at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
                    at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
                    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
                    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
                    at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
                    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
                    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
                    at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
                    at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598)
                    at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
                    at java.lang.Thread.run(Thread.java:619)
                15:58:06,050 FINER [FallbackIdentityStoreRepository] Exception occurred:
                org.picketlink.idm.common.exception.IdentityException: Couldn't create LDAPIdentityObjectImpl object from ldap entry (SearchResult)
                    at org.picketlink.idm.impl.store.ldap.LDAPIdentityStoreImpl.createIdentityObjectInstance(LDAPIdentityStoreImpl.java:3203)
                    at org.picketlink.idm.impl.store.ldap.LDAPIdentityStoreImpl.findRelatedIdentityObjects(LDAPIdentityStoreImpl.java:1299)
                    at org.picketlink.idm.impl.store.ldap.LDAPIdentityStoreImpl.findIdentityObject(LDAPIdentityStoreImpl.java:1041)
                    at org.picketlink.idm.impl.repository.FallbackIdentityStoreRepository.findIdentityObject(FallbackIdentityStoreRepository.java:742)
                    at org.picketlink.idm.impl.api.session.managers.RelationshipManagerImpl.findAssociatedGroups(RelationshipManagerImpl.java:1085)
                    at org.picketlink.idm.impl.api.session.managers.RelationshipManagerImpl.findAssociatedGroups(RelationshipManagerImpl.java:1125)
                    at org.exoplatform.services.organization.idm.MembershipDAOImpl.findMembershipsByUser(MembershipDAOImpl.java:542)
                    at org.exoplatform.services.organization.auth.OrganizationAuthenticatorImpl.createIdentity(OrganizationAuthenticatorImpl.java:95)
                    at org.exoplatform.services.security.jaas.SharedStateLoginModule.login(SharedStateLoginModule.java:69)
                    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
                    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
                    at java.lang.reflect.Method.invoke(Method.java:597)
                    at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
                    at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
                    at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
                    at java.security.AccessController.doPrivileged(Native Method)
                    at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
                    at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
                    at org.jboss.security.plugins.auth.JaasSecurityManagerBase.defaultLogin(JaasSecurityManagerBase.java:552)
                    at org.jboss.security.plugins.auth.JaasSecurityManagerBase.authenticate(JaasSecurityManagerBase.java:486)
                    at org.jboss.security.plugins.auth.JaasSecurityManagerBase.isValid(JaasSecurityManagerBase.java:365)
                    at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:160)
                    at org.jboss.web.tomcat.security.JBossWebRealm.authenticate(JBossWebRealm.java:384)
                    at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:258)
                    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:417)
                    at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
                    at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
                    at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
                    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
                    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
                    at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
                    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
                    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
                    at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
                    at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598)
                    at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
                    at java.lang.Thread.run(Thread.java:619)
                Caused by: org.picketlink.idm.common.exception.IdentityException: LDAP entry doesn't contain proper attribute: cn; dn=cn=Programmierer-LASSE,ou=gruppen,ou=ze,o=de
                    at org.picketlink.idm.impl.store.ldap.LDAPIdentityStoreImpl.createIdentityObjectInstance(LDAPIdentityStoreImpl.java:3188)
                    ... 37 more
                15:58:06,050 FINER [RelationshipManagerImpl] Exception occurred:
                org.picketlink.idm.common.exception.IdentityException: Couldn't create LDAPIdentityObjectImpl object from ldap entry (SearchResult)
                    at org.picketlink.idm.impl.store.ldap.LDAPIdentityStoreImpl.createIdentityObjectInstance(LDAPIdentityStoreImpl.java:3203)
                    at org.picketlink.idm.impl.store.ldap.LDAPIdentityStoreImpl.findRelatedIdentityObjects(LDAPIdentityStoreImpl.java:1299)
                    at org.picketlink.idm.impl.store.ldap.LDAPIdentityStoreImpl.findIdentityObject(LDAPIdentityStoreImpl.java:1041)
                    at org.picketlink.idm.impl.repository.FallbackIdentityStoreRepository.findIdentityObject(FallbackIdentityStoreRepository.java:742)
                    at org.picketlink.idm.impl.api.session.managers.RelationshipManagerImpl.findAssociatedGroups(RelationshipManagerImpl.java:1085)
                    at org.picketlink.idm.impl.api.session.managers.RelationshipManagerImpl.findAssociatedGroups(RelationshipManagerImpl.java:1125)
                    at org.exoplatform.services.organization.idm.MembershipDAOImpl.findMembershipsByUser(MembershipDAOImpl.java:542)
                    at org.exoplatform.services.organization.auth.OrganizationAuthenticatorImpl.createIdentity(OrganizationAuthenticatorImpl.java:95)
                    at org.exoplatform.services.security.jaas.SharedStateLoginModule.login(SharedStateLoginModule.java:69)
                    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
                    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
                    at java.lang.reflect.Method.invoke(Method.java:597)
                    at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
                    at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
                    at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
                    at java.security.AccessController.doPrivileged(Native Method)
                    at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
                    at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
                    at org.jboss.security.plugins.auth.JaasSecurityManagerBase.defaultLogin(JaasSecurityManagerBase.java:552)
                    at org.jboss.security.plugins.auth.JaasSecurityManagerBase.authenticate(JaasSecurityManagerBase.java:486)
                    at org.jboss.security.plugins.auth.JaasSecurityManagerBase.isValid(JaasSecurityManagerBase.java:365)
                    at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:160)
                    at org.jboss.web.tomcat.security.JBossWebRealm.authenticate(JBossWebRealm.java:384)
                    at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:258)
                    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:417)
                    at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
                    at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
                    at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
                    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
                    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
                    at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
                    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
                    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
                    at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
                    at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598)
                    at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
                    at java.lang.Thread.run(Thread.java:619)
                Caused by: org.picketlink.idm.common.exception.IdentityException: LDAP entry doesn't contain proper attribute: cn; dn=cn=Programmierer-LASSE,ou=gruppen,ou=ze,o=de
                    at org.picketlink.idm.impl.store.ldap.LDAPIdentityStoreImpl.createIdentityObjectInstance(LDAPIdentityStoreImpl.java:3188)
                    ... 37 more
                15:58:06,050 INFO  [MembershipDAOImpl] Identity operation error:
                org.picketlink.idm.common.exception.IdentityException: Couldn't create LDAPIdentityObjectImpl object from ldap entry (SearchResult)
                    at org.picketlink.idm.impl.store.ldap.LDAPIdentityStoreImpl.createIdentityObjectInstance(LDAPIdentityStoreImpl.java:3203)
                    at org.picketlink.idm.impl.store.ldap.LDAPIdentityStoreImpl.findRelatedIdentityObjects(LDAPIdentityStoreImpl.java:1299)
                    at org.picketlink.idm.impl.store.ldap.LDAPIdentityStoreImpl.findIdentityObject(LDAPIdentityStoreImpl.java:1041)
                    at org.picketlink.idm.impl.repository.FallbackIdentityStoreRepository.findIdentityObject(FallbackIdentityStoreRepository.java:742)
                    at org.picketlink.idm.impl.api.session.managers.RelationshipManagerImpl.findAssociatedGroups(RelationshipManagerImpl.java:1085)
                    at org.picketlink.idm.impl.api.session.managers.RelationshipManagerImpl.findAssociatedGroups(RelationshipManagerImpl.java:1125)
                    at org.exoplatform.services.organization.idm.MembershipDAOImpl.findMembershipsByUser(MembershipDAOImpl.java:542)
                    at org.exoplatform.services.organization.auth.OrganizationAuthenticatorImpl.createIdentity(OrganizationAuthenticatorImpl.java:95)
                    at org.exoplatform.services.security.jaas.SharedStateLoginModule.login(SharedStateLoginModule.java:69)
                    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
                    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
                    at java.lang.reflect.Method.invoke(Method.java:597)
                    at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
                    at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
                    at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
                    at java.security.AccessController.doPrivileged(Native Method)
                    at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
                    at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
                    at org.jboss.security.plugins.auth.JaasSecurityManagerBase.defaultLogin(JaasSecurityManagerBase.java:552)
                    at org.jboss.security.plugins.auth.JaasSecurityManagerBase.authenticate(JaasSecurityManagerBase.java:486)
                    at org.jboss.security.plugins.auth.JaasSecurityManagerBase.isValid(JaasSecurityManagerBase.java:365)
                    at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:160)
                    at org.jboss.web.tomcat.security.JBossWebRealm.authenticate(JBossWebRealm.java:384)
                    at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:258)
                    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:417)
                    at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
                    at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
                    at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
                    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
                    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
                    at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
                    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
                    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
                    at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
                    at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598)
                    at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
                    at java.lang.Thread.run(Thread.java:619)
                Caused by: org.picketlink.idm.common.exception.IdentityException: LDAP entry doesn't contain proper attribute: cn; dn=cn=Programmierer-LASSE,ou=gruppen,ou=ze,o=de
                    at org.picketlink.idm.impl.store.ldap.LDAPIdentityStoreImpl.createIdentityObjectInstance(LDAPIdentityStoreImpl.java:3188)
                    ... 37 more
                15:58:06,050 DEBUG [JDBCTransaction] commit
                15:58:06,050 DEBUG [AbstractFlushingEventListener] processing flush-time cascades
                15:58:06,050 DEBUG [AbstractFlushingEventListener] dirty checking collections
                15:58:06,050 DEBUG [Collections] Collection found: [org.picketlink.idm.impl.model.hibernate.HibernateIdentityObject.attributes#38], was: [org.picketlink.idm.impl.model.hibernate.HibernateIdentityObject.attributes#38] (uninitialized)
                15:58:06,050 DEBUG [Collections] Collection found: [org.picketlink.idm.impl.model.hibernate.HibernateIdentityObject.credentials#38], was: [org.picketlink.idm.impl.model.hibernate.HibernateIdentityObject.credentials#38] (uninitialized)
                15:58:06,050 DEBUG [Collections] Collection found: [org.picketlink.idm.impl.model.hibernate.HibernateIdentityObject.fromRelationships#38], was: [org.picketlink.idm.impl.model.hibernate.HibernateIdentityObject.fromRelationships#38] (uninitialized)
                15:58:06,050 DEBUG [Collections] Collection found: [org.picketlink.idm.impl.model.hibernate.HibernateIdentityObject.properties#38], was: [org.picketlink.idm.impl.model.hibernate.HibernateIdentityObject.properties#38] (uninitialized)
                15:58:06,050 DEBUG [Collections] Collection found: [org.picketlink.idm.impl.model.hibernate.HibernateIdentityObject.toRelationships#38], was: [org.picketlink.idm.impl.model.hibernate.HibernateIdentityObject.toRelationships#38] (uninitialized)
                15:58:06,050 DEBUG [AbstractFlushingEventListener] Flushed: 0 insertions, 0 updates, 0 deletions to 2 objects
                15:58:06,050 DEBUG [AbstractFlushingEventListener] Flushed: 0 (re)creations, 0 updates, 0 removals to 5 collections

                  • Actions
                • 5. Re: LDAP Problem "LDAP entry doesn't contain proper attribute:cn"
                  krokodylowy
                  krokodylowy Aug 18, 2011 9:59 AM (in response to leolo)

                  I can confirm this issue on ConsoleOne. By default ConsoleOne doesn't return cn or uid attribute for group.

                  So INFO stacktrace is printed and groups are not loaded. (EPP5.1&Gatein3.1)

                    • Actions
                  • 6. Re: LDAP Problem "LDAP entry doesn't contain proper attribute:cn"
                    krokodylowy
                    krokodylowy Aug 18, 2011 10:00 AM (in response to krokodylowy)

                    This exception is unnecesary and broke flow

                     

                    		at org.picketlink.idm.impl.store.ldap.LDAPIdentityStoreImpl.createIdentityObjectInstance(LDAPIdentityStoreImpl.java:3710)
                      • Actions