Hi Boris,
thanks for your advice.
I tried tracing with the latest svn-version, but I've still got no clue, where the problem is:
I've appended the relevant stacktrace-part to this message:
The error appears, when I try to log in with the LDAP-User WILLI into gatein. Willi is member of 6 groups, when accessing the group cn=Programmierer-LASSE the IDM thinks the cn is not proper (whatever this means). I first assumend the "-" character in the cn breaks the game, but I''ve setup a local LDAP-server with a "-" in the cn and there it worked.
Is there a length-restriction on the cn-attributes? Maybe it's to long?
Regards,
LeoLo
15:58:06,019 DEBUG [StatefulPersistenceContext] initializing non-lazy collections
15:58:06,019 FINER [LDAPIdentityStoreImpl] org.picketlink.idm.impl.store.ldap.LDAPIdentityStoreImpl[PortalLDAPStore].findIdentityObject with name: WILLI; and type: SimpleIdentityObjectType{name='USER'}
15:58:06,019 FINER [LDAPIdentityStoreImpl] Prepared LDAP Search ; contexts: [ou=edv,ou=user,ou=ze,o=de]; filter: (uid=WILLI); returning attributes: [uid]
15:58:06,019 FINER [JBossCacheIdentityStoreCacheProviderImpl] org.picketlink.idm.impl.cache.JBossCacheIdentityStoreCacheProviderImpl@1bfb6c7Object found in cache: hash-1654043336;namespace=PortalLDAPStore
15:58:06,019 FINER [LDAPIdentityStoreImpl] LDAP search results found in cache. size=1
15:58:06,035 FINER [LDAPIdentityStoreImpl] Prepared LDAP Search ; contexts: [ou=gruppen,ou=ze,o=de]; filter: (&((cn=*))(member=cn=WILLI,ou=edv,ou=user,ou=ze,o=de)); returning attributes: [cn]
15:58:06,035 FINER [LDAPIdentityStoreImpl] Search in ou=gruppen,ou=ze,o=de returned 6 entries
15:58:06,035 FINER [JBossCacheIdentityStoreCacheProviderImpl] org.picketlink.idm.impl.cache.JBossCacheIdentityStoreCacheProviderImpl@1bfb6c7Object stored in cache: hash=1467259619; value=[cn=Helpdesk: com.sun.jndi.ldap.LdapCtx:com.sun.jndi.ldap.LdapCtx@14658ec:{cn=cn: Helpdesk}, cn=AGH-Beamer: com.sun.jndi.ldap.LdapCtx:com.sun.jndi.ldap.LdapCtx@1781389:{cn=cn: AGH-Beamer}, cn=Programmierer-LASSE: com.sun.jndi.ldap.LdapCtx:com.sun.jndi.ldap.LdapCtx@4a9ca4:No attributes, cn=Programmierer-ASAD: com.sun.jndi.ldap.LdapCtx:com.sun.jndi.ldap.LdapCtx@71d843:{cn=cn: Programmierer-ASAD}, cn=Programmierer-AB: com.sun.jndi.ldap.LdapCtx:com.sun.jndi.ldap.LdapCtx@2d2b73:{cn=cn: Programmierer-AB}, cn=ABG-IT: com.sun.jndi.ldap.LdapCtx:com.sun.jndi.ldap.LdapCtx@17fb110:No attributes];namespace=PortalLDAPStore
15:58:06,035 FINER [LDAPIdentityStoreImpl] LDAP search results stored in cache. size=6
15:58:06,035 FINER [LDAPIdentityStoreImpl] Exception occurred:
org.picketlink.idm.common.exception.IdentityException: LDAP entry doesn't contain proper attribute: cn; dn=cn=Programmierer-LASSE,ou=gruppen,ou=ze,o=de
at org.picketlink.idm.impl.store.ldap.LDAPIdentityStoreImpl.createIdentityObjectInstance(LDAPIdentityStoreImpl.java:3188)
at org.picketlink.idm.impl.store.ldap.LDAPIdentityStoreImpl.findRelatedIdentityObjects(LDAPIdentityStoreImpl.java:1299)
at org.picketlink.idm.impl.store.ldap.LDAPIdentityStoreImpl.findIdentityObject(LDAPIdentityStoreImpl.java:1041)
at org.picketlink.idm.impl.repository.FallbackIdentityStoreRepository.findIdentityObject(FallbackIdentityStoreRepository.java:742)
at org.picketlink.idm.impl.api.session.managers.RelationshipManagerImpl.findAssociatedGroups(RelationshipManagerImpl.java:1085)
at org.picketlink.idm.impl.api.session.managers.RelationshipManagerImpl.findAssociatedGroups(RelationshipManagerImpl.java:1125)
at org.exoplatform.services.organization.idm.MembershipDAOImpl.findMembershipsByUser(MembershipDAOImpl.java:542)
at org.exoplatform.services.organization.auth.OrganizationAuthenticatorImpl.createIdentity(OrganizationAuthenticatorImpl.java:95)
at org.exoplatform.services.security.jaas.SharedStateLoginModule.login(SharedStateLoginModule.java:69)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
at org.jboss.security.plugins.auth.JaasSecurityManagerBase.defaultLogin(JaasSecurityManagerBase.java:552)
at org.jboss.security.plugins.auth.JaasSecurityManagerBase.authenticate(JaasSecurityManagerBase.java:486)
at org.jboss.security.plugins.auth.JaasSecurityManagerBase.isValid(JaasSecurityManagerBase.java:365)
at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:160)
at org.jboss.web.tomcat.security.JBossWebRealm.authenticate(JBossWebRealm.java:384)
at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:258)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:417)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Thread.java:619)
15:58:06,050 FINER [FallbackIdentityStoreRepository] Exception occurred:
org.picketlink.idm.common.exception.IdentityException: Couldn't create LDAPIdentityObjectImpl object from ldap entry (SearchResult)
at org.picketlink.idm.impl.store.ldap.LDAPIdentityStoreImpl.createIdentityObjectInstance(LDAPIdentityStoreImpl.java:3203)
at org.picketlink.idm.impl.store.ldap.LDAPIdentityStoreImpl.findRelatedIdentityObjects(LDAPIdentityStoreImpl.java:1299)
at org.picketlink.idm.impl.store.ldap.LDAPIdentityStoreImpl.findIdentityObject(LDAPIdentityStoreImpl.java:1041)
at org.picketlink.idm.impl.repository.FallbackIdentityStoreRepository.findIdentityObject(FallbackIdentityStoreRepository.java:742)
at org.picketlink.idm.impl.api.session.managers.RelationshipManagerImpl.findAssociatedGroups(RelationshipManagerImpl.java:1085)
at org.picketlink.idm.impl.api.session.managers.RelationshipManagerImpl.findAssociatedGroups(RelationshipManagerImpl.java:1125)
at org.exoplatform.services.organization.idm.MembershipDAOImpl.findMembershipsByUser(MembershipDAOImpl.java:542)
at org.exoplatform.services.organization.auth.OrganizationAuthenticatorImpl.createIdentity(OrganizationAuthenticatorImpl.java:95)
at org.exoplatform.services.security.jaas.SharedStateLoginModule.login(SharedStateLoginModule.java:69)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
at org.jboss.security.plugins.auth.JaasSecurityManagerBase.defaultLogin(JaasSecurityManagerBase.java:552)
at org.jboss.security.plugins.auth.JaasSecurityManagerBase.authenticate(JaasSecurityManagerBase.java:486)
at org.jboss.security.plugins.auth.JaasSecurityManagerBase.isValid(JaasSecurityManagerBase.java:365)
at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:160)
at org.jboss.web.tomcat.security.JBossWebRealm.authenticate(JBossWebRealm.java:384)
at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:258)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:417)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Thread.java:619)
Caused by: org.picketlink.idm.common.exception.IdentityException: LDAP entry doesn't contain proper attribute: cn; dn=cn=Programmierer-LASSE,ou=gruppen,ou=ze,o=de
at org.picketlink.idm.impl.store.ldap.LDAPIdentityStoreImpl.createIdentityObjectInstance(LDAPIdentityStoreImpl.java:3188)
... 37 more
15:58:06,050 FINER [RelationshipManagerImpl] Exception occurred:
org.picketlink.idm.common.exception.IdentityException: Couldn't create LDAPIdentityObjectImpl object from ldap entry (SearchResult)
at org.picketlink.idm.impl.store.ldap.LDAPIdentityStoreImpl.createIdentityObjectInstance(LDAPIdentityStoreImpl.java:3203)
at org.picketlink.idm.impl.store.ldap.LDAPIdentityStoreImpl.findRelatedIdentityObjects(LDAPIdentityStoreImpl.java:1299)
at org.picketlink.idm.impl.store.ldap.LDAPIdentityStoreImpl.findIdentityObject(LDAPIdentityStoreImpl.java:1041)
at org.picketlink.idm.impl.repository.FallbackIdentityStoreRepository.findIdentityObject(FallbackIdentityStoreRepository.java:742)
at org.picketlink.idm.impl.api.session.managers.RelationshipManagerImpl.findAssociatedGroups(RelationshipManagerImpl.java:1085)
at org.picketlink.idm.impl.api.session.managers.RelationshipManagerImpl.findAssociatedGroups(RelationshipManagerImpl.java:1125)
at org.exoplatform.services.organization.idm.MembershipDAOImpl.findMembershipsByUser(MembershipDAOImpl.java:542)
at org.exoplatform.services.organization.auth.OrganizationAuthenticatorImpl.createIdentity(OrganizationAuthenticatorImpl.java:95)
at org.exoplatform.services.security.jaas.SharedStateLoginModule.login(SharedStateLoginModule.java:69)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
at org.jboss.security.plugins.auth.JaasSecurityManagerBase.defaultLogin(JaasSecurityManagerBase.java:552)
at org.jboss.security.plugins.auth.JaasSecurityManagerBase.authenticate(JaasSecurityManagerBase.java:486)
at org.jboss.security.plugins.auth.JaasSecurityManagerBase.isValid(JaasSecurityManagerBase.java:365)
at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:160)
at org.jboss.web.tomcat.security.JBossWebRealm.authenticate(JBossWebRealm.java:384)
at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:258)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:417)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Thread.java:619)
Caused by: org.picketlink.idm.common.exception.IdentityException: LDAP entry doesn't contain proper attribute: cn; dn=cn=Programmierer-LASSE,ou=gruppen,ou=ze,o=de
at org.picketlink.idm.impl.store.ldap.LDAPIdentityStoreImpl.createIdentityObjectInstance(LDAPIdentityStoreImpl.java:3188)
... 37 more
15:58:06,050 INFO [MembershipDAOImpl] Identity operation error:
org.picketlink.idm.common.exception.IdentityException: Couldn't create LDAPIdentityObjectImpl object from ldap entry (SearchResult)
at org.picketlink.idm.impl.store.ldap.LDAPIdentityStoreImpl.createIdentityObjectInstance(LDAPIdentityStoreImpl.java:3203)
at org.picketlink.idm.impl.store.ldap.LDAPIdentityStoreImpl.findRelatedIdentityObjects(LDAPIdentityStoreImpl.java:1299)
at org.picketlink.idm.impl.store.ldap.LDAPIdentityStoreImpl.findIdentityObject(LDAPIdentityStoreImpl.java:1041)
at org.picketlink.idm.impl.repository.FallbackIdentityStoreRepository.findIdentityObject(FallbackIdentityStoreRepository.java:742)
at org.picketlink.idm.impl.api.session.managers.RelationshipManagerImpl.findAssociatedGroups(RelationshipManagerImpl.java:1085)
at org.picketlink.idm.impl.api.session.managers.RelationshipManagerImpl.findAssociatedGroups(RelationshipManagerImpl.java:1125)
at org.exoplatform.services.organization.idm.MembershipDAOImpl.findMembershipsByUser(MembershipDAOImpl.java:542)
at org.exoplatform.services.organization.auth.OrganizationAuthenticatorImpl.createIdentity(OrganizationAuthenticatorImpl.java:95)
at org.exoplatform.services.security.jaas.SharedStateLoginModule.login(SharedStateLoginModule.java:69)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
at org.jboss.security.plugins.auth.JaasSecurityManagerBase.defaultLogin(JaasSecurityManagerBase.java:552)
at org.jboss.security.plugins.auth.JaasSecurityManagerBase.authenticate(JaasSecurityManagerBase.java:486)
at org.jboss.security.plugins.auth.JaasSecurityManagerBase.isValid(JaasSecurityManagerBase.java:365)
at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:160)
at org.jboss.web.tomcat.security.JBossWebRealm.authenticate(JBossWebRealm.java:384)
at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:258)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:417)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Thread.java:619)
Caused by: org.picketlink.idm.common.exception.IdentityException: LDAP entry doesn't contain proper attribute: cn; dn=cn=Programmierer-LASSE,ou=gruppen,ou=ze,o=de
at org.picketlink.idm.impl.store.ldap.LDAPIdentityStoreImpl.createIdentityObjectInstance(LDAPIdentityStoreImpl.java:3188)
... 37 more
15:58:06,050 DEBUG [JDBCTransaction] commit
15:58:06,050 DEBUG [AbstractFlushingEventListener] processing flush-time cascades
15:58:06,050 DEBUG [AbstractFlushingEventListener] dirty checking collections
15:58:06,050 DEBUG [Collections] Collection found: [org.picketlink.idm.impl.model.hibernate.HibernateIdentityObject.attributes#38], was: [org.picketlink.idm.impl.model.hibernate.HibernateIdentityObject.attributes#38] (uninitialized)
15:58:06,050 DEBUG [Collections] Collection found: [org.picketlink.idm.impl.model.hibernate.HibernateIdentityObject.credentials#38], was: [org.picketlink.idm.impl.model.hibernate.HibernateIdentityObject.credentials#38] (uninitialized)
15:58:06,050 DEBUG [Collections] Collection found: [org.picketlink.idm.impl.model.hibernate.HibernateIdentityObject.fromRelationships#38], was: [org.picketlink.idm.impl.model.hibernate.HibernateIdentityObject.fromRelationships#38] (uninitialized)
15:58:06,050 DEBUG [Collections] Collection found: [org.picketlink.idm.impl.model.hibernate.HibernateIdentityObject.properties#38], was: [org.picketlink.idm.impl.model.hibernate.HibernateIdentityObject.properties#38] (uninitialized)
15:58:06,050 DEBUG [Collections] Collection found: [org.picketlink.idm.impl.model.hibernate.HibernateIdentityObject.toRelationships#38], was: [org.picketlink.idm.impl.model.hibernate.HibernateIdentityObject.toRelationships#38] (uninitialized)
15:58:06,050 DEBUG [AbstractFlushingEventListener] Flushed: 0 insertions, 0 updates, 0 deletions to 2 objects
15:58:06,050 DEBUG [AbstractFlushingEventListener] Flushed: 0 (re)creations, 0 updates, 0 removals to 5 collections