2 Replies Latest reply on Aug 17, 2012 7:29 AM by mposolda

    Issues with authenticating LDAP(Active Directory) users

    ian_s
    ian_s Aug 14, 2012 12:39 PM

      Hello all,

       

      Recently I have had an issue authenticating users against my AD. There are also some strange errors in the server.log files that resemble the below:

       

      org.chromattic.api.UndeclaredRepositoryException: javax.jcr.RepositoryException: Illegal path entry: "mop:%03Southwire%03Remote Control View Only

      CNF%0422ede168-1549-43c2-a40f-160ca0c59817": Illegal path entry: "mop:%03Southwire%03Remote Control View Only

      CNF%0422ede168-1549-43c2-a40f-160ca0c59817": Illegal path entry: "mop:%03Southwire%03Remote Control View Only

      CNF%0422ede168-1549-43c2-a40f-160ca0c59817"

          at org.chromattic.core.DomainSession.getChild(DomainSession.java:362)

      ...

      Caused by: javax.jcr.RepositoryException: Illegal path entry: "mop:%03Southwire%03Remote Control View Only

       

      This error occurs when I log in as root. I have included the complete log file as well.

       

      Not sure if it is related but it may be so I will include this as well. After logging in as root and going to the group management page I can see the AD groups and users ported in from AD. However when I try to add one of the users to another group, for instance platform/users, it gives me the following error.

       

      "The field "User Name" can only contain alpha, digit, comma, dash characters. The first and last character must be a letter. " which is strange because these names are only alpha-numeric in the AD.

       

      My only ldap is the active directory and im running local with a mysql db. Production will be an oracle db.

      • 759 Views
      • Tags:
        • 1. Re: Issues with authenticating LDAP(Active Directory) users
          ian_s
          ian_s Aug 14, 2012 12:43 PM (in response to ian_s)

          Just for completeness heres some of my config files. It would error out if I added them to the original message. Thnaks in advance for any help.

            • Actions
          • 2. Re: Issues with authenticating LDAP(Active Directory) users
            mposolda
            mposolda Aug 17, 2012 7:29 AM (in response to ian_s)

            Hi,

             

            from your log I can see that login as user root was successful but exception occurs after login. The error "Caused by: javax.jcr.RepositoryException: Illegal path entry: "mop:%03Southwire%03Remote Control View Only" is not caused by AD itself but it's thrown from eXo JCR. I think you can try to get rid of this error by configure the group mapping path to 2nd level path (so use something like "/acme/Southwire" instead of "/Southwire" in your idm-configuration.xml) and create that 1st level "/acme" group in your organization-configuration.xml before first execution of portal (against clean database).

             

            For user creation, I am seeing that your AD is read-only so when you create user through GateIn UI, this user is not created to your AD but only to your MySQL database. The error message during user creation is talking about "alpha, digit, comma, dash characters" but in fact you can configure through regex what are permitted characters for username.

             

            Marek

              • Actions