10 Replies Latest reply on Oct 25, 2007 2:01 AM by Marius Venter

    Portal and using openxchange ldap for users

    Marius Venter Newbie

      Hi All

      First off, I am using

      Portal 2.6.2
      JBoss AS 4.2.1 GA

      I have changed portal to authenticate using my openldap directory. Users can authenticate no problem, but however I can not seem to pick up the admin user from the Admin role.

      I have created a Role called Admin in my ldap server.
      I am getting no errors and are stuck.

      My ldap_identity_config.xml file looks like this at the moment:

      <?xml version="1.0" encoding="UTF-8"?>
      <!--~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
       ~ JBoss, a division of Red Hat ~
       ~ Copyright 2006, Red Hat Middleware, LLC, and individual ~
       ~ contributors as indicated by the @authors tag. See the ~
       ~ copyright.txt in the distribution for a full listing of ~
       ~ individual contributors. ~
       ~ ~
       ~ This is free software; you can redistribute it and/or modify it ~
       ~ under the terms of the GNU Lesser General Public License as ~
       ~ published by the Free Software Foundation; either version 2.1 of ~
       ~ the License, or (at your option) any later version. ~
       ~ ~
       ~ This software is distributed in the hope that it will be useful, ~
       ~ but WITHOUT ANY WARRANTY; without even the implied warranty of ~
       ~ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ~
       ~ Lesser General Public License for more details. ~
       ~ ~
       ~ You should have received a copy of the GNU Lesser General Public ~
       ~ License along with this software; if not, write to the Free ~
       ~ Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA ~
       ~ 02110-1301 USA, or see the FSF site: http://www.fsf.org. ~
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~-->
      
      <!--<!DOCTYPE identity-configuration PUBLIC
       "-//JBoss Portal//DTD JBoss Identity Configuration 1.0//EN"
       "http://www.jboss.org/portal/dtd/identity-config_1_0.dtd">-->
      
      <identity-configuration>
       <datasources>
       <datasource>
       <name>LDAP</name>
       <config>
       <option>
       <name>host</name>
       <value>192.168.0.2</value>
       </option>
       <option>
       <name>port</name>
       <value>389</value>
       </option>
       <option>
       <name>adminDN</name>
       <value>
       uid=xxxx,ou=people,dc=symbiotics,dc=co,dc=za
       </value>
       </option>
       <option>
       <name>adminPassword</name>
       <value>xxxx</value>
       </option>
       <!--<option>
       <name>protocol</name>
       <value>ssl</value>
       </option>-->
       </config>
       </datasource>
       </datasources>
       <modules>
      
       <module>
       <!--type used to correctly map in IdentityContext registry-->
       <type>User</type>
       <implementation>LDAP</implementation>
       <config />
       </module>
       <module>
       <type>Role</type>
       <implementation>LDAP</implementation>
       <config />
       </module>
       <module>
       <type>Membership</type>
       <implementation>LDAP</implementation>
       <config />
       </module>
       <module>
       <type>UserProfile</type>
       <implementation>DELEGATING</implementation>
       <config>
       <option>
       <name>ldapModuleJNDIName</name>
       <value>java:/portal/LDAPUserProfileModule</value>
       </option>
       </config>
       </module>
       <module>
       <type>DBDelegateUserProfile</type>
       <implementation>DB</implementation>
       <config>
       <option>
       <name>randomSynchronizePassword</name>
       <value>true</value>
       </option>
       </config>
       </module>
       <module>
       <type>LDAPDelegateUserProfile</type>
       <implementation>LDAP</implementation>
       <config />
       </module>
       </modules>
      
       <options>
      
       <option-group>
       <group-name>common</group-name>
       <option>
       <name>userCtxDN</name>
       <value>ou=people,dc=symbiotics,dc=co,dc=za</value>
       </option>
       <option>
       <name>roleCtxDN</name>
       <value>
       ou=Roles,o=Portal,dc=symbiotics,dc=co,dc=za
       </value>
       </option>
       </option-group>
      
      
       </options>
      
      
       <option-group>
       <group-name>userCreateAttibutes</group-name>
       <option>
       <name>objectClass</name>
       <!--This objectclasses should work with Red Hat Directory-->
       <value>top</value>
       <value>person</value>
       <value>inetOrgPerson</value>
       </option>
       <!--Schema requires those to have initial value-->
       <option>
       <name>cn</name>
       <value>none</value>
       </option>
       <option>
       <name>sn</name>
       <value>none</value>
       </option>
       </option-group>
       <option-group>
       <group-name>roleCreateAttibutes</group-name>
       <!--Schema requires those to have initial value-->
       <option>
       <name>cn</name>
       <value>none</value>
       </option>
       <!--Some directory servers require this attribute to be valid DN-->
       <!--For safety reasons point to the admin user here-->
       <option>
       <name>member</name>
       <value>uid=admin,ou=people,dc=symbiotics,dc=co,dc=za</value>
       </option>
       </option-group>
      
      
      </identity-configuration>
      


      A extract of my ldif looks like this

      dn: ou=people, dc=symbiotics,dc=co,dc=za
      ou: people
      objectClass: top
      objectClass: organizationalUnit
      
      
      dn: uid=admin, ou=people, dc=symbiotics,dc=co,dc=za
      preferredLanguage: EN
      userCountry: US
      objectClass: top
      objectClass: shadowAccount
      objectClass: posixAccount
      objectClass: person
      objectClass: inetOrgPerson
      objectClass: OXUserObject
      objectClass: organizationalPerson
      lnetMailAccess: OK
      imapServer: 127.0.0.1
      userPassword:: e1NIQX0wRFBpS3VOSXJyVm1EOElVQ3V3MWhReE5xWmM9
      OXAppointmentDays: 5
      smtpServer: 127.0.0.1
      uid: admin
      mail: admin@symbiotics.co.za
      uidNumber: 1008
      cn: admin
      colocRouteAddr: admin@localhost
      loginShell: /bin/false
      alias: admin@symbiotics.co.za
      gidNumber: 1100
      o: symbiotics
      mailDomain: symbiotics.co.za
      OXTaskDays: 5
      homeDirectory: /home/admin
      sn: admin
      OXTimeZone: America/New_York
      mailEnabled: OK
      
      dn: ou=addr,uid=admin, ou=people, dc=symbiotics,dc=co,dc=za
      ou: addr
      objectClass: top
      objectClass: organizationalUnit
      
      
      dn: o=Portal, dc=symbiotics,dc=co,dc=za
      objectClass: top
      objectClass: organization
      o: Portal
      
      dn: ou=Roles, o=Portal, dc=symbiotics,dc=co,dc=za
      ou: Roles
      objectClass: top
      objectClass: organizationalUnit
      
      dn: cn=Admin,ou=Roles, o=Portal, dc=symbiotics,dc=co,dc=za
      objectClass: top
      objectClass: groupOfNames
      description: Admin
      member: uid=admin,ou=people,dc=symbiotics,dc=co,dc=za
      cn: Admin
      
      


      I have no idea what I have checked the default-object.xml and the viewrecursive still points to Admin.

      Any help will be greatly appreciated.

      Thanks
      Marius

        • 2. Re: Portal and using openxchange ldap for users
          Marius Venter Newbie

           

          "roth" wrote:
          Check out http://wiki.jboss.org/wiki/Wiki.jsp?page=GiveAdminPrivileges


          I did. The role name in my ldap server is called "Admin", so the name did not change. That is where I am getting confused.

          Thanks for the reply

          • 3. Re: Portal and using openxchange ldap for users
            tl le Newbie

            check out this link

            http://jboss.com/index.html?module=bb&op=viewtopic&t=120031

            hope this will answer your question

            SGM

            • 4. Re: Portal and using openxchange ldap for users
              Marius Venter Newbie

              Hi

              I have checked the link you posted and changed my login-confix.xml as per http://wiki.jboss.org/wiki/Wiki.jsp?page=UsingAnLDAPSourceForPortalAuthentication

              However, I now get a NullPointer when I try to log in:

              10:21:40,514 ERROR [STDERR] java.lang.NullPointerException
              10:21:40,515 ERROR [STDERR] at javax.naming.InitialContext.getURLScheme(InitialContext.java:228)
              10:21:40,515 ERROR [STDERR] at javax.naming.InitialContext.getURLOrDefaultInitCtx(InitialContext.java:277)
              10:21:40,515 ERROR [STDERR] at javax.naming.InitialContext.lookup(InitialContext.java:351)
              10:21:40,515 ERROR [STDERR] at org.jboss.portal.identity.auth.IdentityLoginModule.getUserProfileModule(IdentityLoginModule.java:129)
              10:21:40,515 ERROR [STDERR] at org.jboss.portal.identity.auth.IdentityLoginModule$1.run(IdentityLoginModule.java:239)
              10:21:40,515 ERROR [STDERR] at org.jboss.portal.common.transaction.Transactions.apply(Transactions.java:219)
              10:21:40,515 ERROR [STDERR] at org.jboss.portal.common.transaction.Transactions.required(Transactions.java:289)
              10:21:40,515 ERROR [STDERR] at org.jboss.portal.identity.auth.IdentityLoginModule.getUserStatus(IdentityLoginModule.java:223)
              10:21:40,515 ERROR [STDERR] at org.jboss.portal.identity.auth.IdentityLoginModule.validatePassword(IdentityLoginModule.java:177)
              10:21:40,515 ERROR [STDERR] at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:210)
              10:21:40,515 ERROR [STDERR] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
              10:21:40,515 ERROR [STDERR] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
              10:21:40,515 ERROR [STDERR] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
              10:21:40,515 ERROR [STDERR] at java.lang.reflect.Method.invoke(Method.java:585)
              10:21:40,515 ERROR [STDERR] at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
              10:21:40,515 ERROR [STDERR] at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
              10:21:40,515 ERROR [STDERR] at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
              10:21:40,515 ERROR [STDERR] at java.security.AccessController.doPrivileged(Native Method)
              10:21:40,516 ERROR [STDERR] at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
              10:21:40,516 ERROR [STDERR] at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
              10:21:40,516 ERROR [STDERR] at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:603)
              10:21:40,516 ERROR [STDERR] at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:537)
              10:21:40,516 ERROR [STDERR] at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:344)
              10:21:40,516 ERROR [STDERR] at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:491)
              10:21:40,516 ERROR [STDERR] at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:258)
              10:21:40,516 ERROR [STDERR] at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:417)
              10:21:40,516 ERROR [STDERR] at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
              10:21:40,516 ERROR [STDERR] at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
              10:21:40,516 ERROR [STDERR] at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
              10:21:40,516 ERROR [STDERR] at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
              10:21:40,516 ERROR [STDERR] at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
              10:21:40,516 ERROR [STDERR] at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:241)
              10:21:40,516 ERROR [STDERR] at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
              10:21:40,516 ERROR [STDERR] at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:580)
              10:21:40,516 ERROR [STDERR] at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
              10:21:40,516 ERROR [STDERR] at java.lang.Thread.run(Thread.java:595)
              


              • 5. Re: Portal and using openxchange ldap for users
                tl le Newbie

                follow the two links for tutorials of using ldap someone posted in that message first. In my case, I am using OpenDS as ldap sever

                SGM

                • 6. Re: Portal and using openxchange ldap for users
                  Marius Venter Newbie

                  Nope, no luck yet.

                  Is there somewhere I can turn up the logging so I can hopefully see a better message for the reason for failure?

                  • 7. Re: Portal and using openxchange ldap for users
                    Marius Venter Newbie

                    To add to my post, even if I use an invalid roleCtxDN I still don't get any error messages like I do with an invalid userCtxDN.

                    • 8. Re: Portal and using openxchange ldap for users
                      Marius Venter Newbie

                      OK

                      By modifying my login-config.xml it looks like I can get portal to search for my roles, i.e. when I specify an invalid roleCtxDN I get a error message.

                      However, it is not finding any of my roles, so I assume my roleFilter is incorrect: (member={1})

                      The exception is: org.jboss.portal.identity.IdentityException: No role found with name: User

                      I have added a role with name User to my ldap.

                      Based on my ldif file in previous post can anybody maybe tell me what my filter should look like?

                      Thanks in advance
                      Marius

                      • 9. Re: Portal and using openxchange ldap for users
                        tl le Newbie

                        which ldap server are you using? Make sure you are using the supported ldap server as specified in the documentation. I assume you are using Jboss portal 2.6.1
                        I don't need to change anything in my login-config.xml. All you need to do is to change the connection using the ldap_identity-config.xml instead of using identity-config.xml
                        Then you need to modify this ldap_identity-config.xml to fit to your ldap server configuration. I think that's all you would need to do. Check the link that I posted for more info

                        SGM

                        • 10. Re: Portal and using openxchange ldap for users
                          Marius Venter Newbie

                          I am using openldap 2.2.6 and portal 2.6.1

                          I have followed the links and are at wits end at the moment.