4 Replies Latest reply on Mar 8, 2013 8:11 AM by bigman921

    Gatein 3.5 on JBoss 7 - LDAP

    bigman921
    bigman921 Mar 5, 2013 5:50 PM

      I'm trying to implement GateIn with an existing LDAP directory.  Its built on a virtual directory and is read-only.  I followed the instructions in "Integrating with an existing LDAP store" in the Gatein Cookbook.  After following the directions, I am getting two exceptions in my logs:

       

       

      6:54:22,107 ERROR [exo.kernel.container.MX4JComponentAdapter] (MSC service thread 1-2) Failed to instanciate plugin add.hibernate.mapping for component org.exoplatform.services.organization.idm.CustomHibernateServiceImpl@68752860: null: java.security.PrivilegedActionException: java.lang.reflect.InvocationTargetException

          at org.exoplatform.commons.utils.SecurityHelper.doPrivilegedExceptionAction(SecurityHelper.java:318) [exo.kernel.commons-2.4.0-GA.jar:2.4.0-GA]

          at org.exoplatform.container.jmx.MX4JComponentAdapter.addComponentPlugin(MX4JComponentAdapter.java:169) [exo.kernel.container-2.4.0-GA.jar:2.4.0-GA]

          at org.exoplatform.container.jmx.MX4JComponentAdapter.getComponentInstance(MX4JComponentAdapter.java:114) [exo.kernel.container-2.4.0-GA.jar:2.4.0-GA]

          at org.exoplatform.container.management.ManageableComponentAdapter.getComponentInstance(ManageableComponentAdapter.java:68) [exo.kernel.container-2.4.0-GA.jar:2.4.0-GA]

          at org.exoplatform.container.ConcurrentPicoContainer.getInstance(ConcurrentPicoContainer.java:468) [exo.kernel.container-2.4.0-GA.jar:2.4.0-GA]

          at org.exoplatform.container.ConcurrentPicoContainer.getComponentInstanceOfType(ConcurrentPicoContainer.java:422) [exo.kernel.container-2.4.0-GA.jar:2.4.0-GA]

          at org.exoplatform.container.CachingContainer.getComponentInstanceOfType(CachingContainer.java:139) [exo.kernel.container-2.4.0-GA.jar:2.4.0-GA]

          at org.exoplatform.container.ExoContainer.createComponent(ExoContainer.java:411) [exo.kernel.container-2.4.0-GA.jar:2.4.0-GA]

          at org.exoplatform.container.jmx.MX4JComponentAdapter.getComponentInstance(MX4JComponentAdapter.java:97) [exo.kernel.container-2.4.0-GA.jar:2.4.0-GA]

          at org.exoplatform.container.management.ManageableComponentAdapter.getComponentInstance(ManageableComponentAdapter.java:68) [exo.kernel.container-2.4.0-GA.jar:2.4.0-GA]

          at org.exoplatform.container.ConcurrentPicoContainer.getInstance(ConcurrentPicoContainer.java:468) [exo.kernel.container-2.4.0-GA.jar:2.4.0-GA]

          at org.exoplatform.container.ConcurrentPicoContainer.getComponentInstanceOfType(ConcurrentPicoContainer.java:422) [exo.kernel.container-2.4.0-GA.jar:2.4.0-GA]

          at org.exoplatform.container.CachingContainer.getComponentInstanceOfType(CachingContainer.java:139) [exo.kernel.container-2.4.0-GA.jar:2.4.0-GA]

          at org.exoplatform.container.ExoContainer.createComponent(ExoContainer.java:411) [exo.kernel.container-2.4.0-GA.jar:2.4.0-GA]

          at org.exoplatform.container.jmx.MX4JComponentAdapter.getComponentInstance(MX4JComponentAdapter.java:97) [exo.kernel.container-2.4.0-GA.jar:2.4.0-GA]

          at org.exoplatform.container.management.ManageableComponentAdapter.getComponentInstance(ManageableComponentAdapter.java:68) [exo.kernel.container-2.4.0-GA.jar:2.4.0-GA]

          at org.exoplatform.container.ConcurrentPicoContainer.getInstance(ConcurrentPicoContainer.java:468) [exo.kernel.container-2.4.0-GA.jar:2.4.0-GA]

          at org.exoplatform.container.ConcurrentPicoContainer.getComponentInstancesOfType(ConcurrentPicoContainer.java:366) [exo.kernel.container-2.4.0-GA.jar:2.4.0-GA]

          at org.exoplatform.container.CachingContainer.getComponentInstancesOfType(CachingContainer.java:111) [exo.kernel.container-2.4.0-GA.jar:2.4.0-GA]

          at org.exoplatform.container.LifecycleVisitor.visitContainer(LifecycleVisitor.java:151) [exo.kernel.container-2.4.0-GA.jar:2.4.0-GA]

          at org.exoplatform.container.ConcurrentPicoContainer.accept(ConcurrentPicoContainer.java:615) [exo.kernel.container-2.4.0-GA.jar:2.4.0-GA]

          at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_09-icedtea]

          at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_09-icedtea]

          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_09-icedtea]

          at java.lang.reflect.Method.invoke(Method.java:601) [rt.jar:1.7.0_09-icedtea]

          at org.picocontainer.defaults.AbstractPicoVisitor.traverse(AbstractPicoVisitor.java:32)

          at org.exoplatform.container.LifecycleVisitor.traverse(LifecycleVisitor.java:90) [exo.kernel.container-2.4.0-GA.jar:2.4.0-GA]

          at org.exoplatform.container.LifecycleVisitor.start(LifecycleVisitor.java:170) [exo.kernel.container-2.4.0-GA.jar:2.4.0-GA]

          at org.exoplatform.container.ConcurrentPicoContainer.start(ConcurrentPicoContainer.java:554) [exo.kernel.container-2.4.0-GA.jar:2.4.0-GA]

          at org.exoplatform.container.ExoContainer.start(ExoContainer.java:269) [exo.kernel.container-2.4.0-GA.jar:2.4.0-GA]

          at org.exoplatform.container.PortalContainer.start(PortalContainer.java:656) [exo.kernel.container-2.4.0-GA.jar:2.4.0-GA]

          at org.exoplatform.container.ExoContainer.start(ExoContainer.java:257) [exo.kernel.container-2.4.0-GA.jar:2.4.0-GA]

          at org.exoplatform.container.RootContainer.createPortalContainer(RootContainer.java:674) [exo.kernel.container-2.4.0-GA.jar:2.4.0-GA]

          at org.exoplatform.container.RootContainer.createPortalContainers(RootContainer.java:342) [exo.kernel.container-2.4.0-GA.jar:2.4.0-GA]

          at org.gatein.integration.jboss.as7.web.StartupService.start(StartupService.java:50)

          at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1811)

          at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1746)

          at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_09-icedtea]

          at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_09-icedtea]

          at java.lang.Thread.run(Thread.java:722) [rt.jar:1.7.0_09-icedtea]

      Caused by: java.lang.reflect.InvocationTargetException

          at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_09-icedtea]

          at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_09-icedtea]

          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_09-icedtea]

          at java.lang.reflect.Method.invoke(Method.java:601) [rt.jar:1.7.0_09-icedtea]

          at org.exoplatform.container.jmx.MX4JComponentAdapter$1.run(MX4JComponentAdapter.java:173) [exo.kernel.container-2.4.0-GA.jar:2.4.0-GA]

          at org.exoplatform.container.jmx.MX4JComponentAdapter$1.run(MX4JComponentAdapter.java:170) [exo.kernel.container-2.4.0-GA.jar:2.4.0-GA]

          at org.exoplatform.commons.utils.SecurityHelper.doPrivilegedExceptionAction(SecurityHelper.java:310) [exo.kernel.commons-2.4.0-GA.jar:2.4.0-GA]

          ... 39 more

      Caused by: java.lang.NullPointerException

          at org.hibernate.cfg.Configuration.addURL(Configuration.java:627) [hibernate-core-4.0.1.Final.jar:4.0.1.Final]

          at org.exoplatform.services.database.impl.HibernateServiceImpl.addPlugin(HibernateServiceImpl.java:121) [exo.core.component.database-2.5.0-GA.jar:2.5.0-GA]

          ... 46 more

      and

       

      16:54:57,174 ERROR [exo.kernel.container.RootContainer] (MSC service thread 1-2) Cannot create the portal container 'portal' . ServletContext: org.apache.catalina.core.ApplicationContextFacade@3401185b: org.picocontainer.PicoIntrospectionException: Failed when calling start on org.exoplatform.services.organization.ldap.OrganizationServiceImpl@e1452ee

          at org.exoplatform.container.LifecycleVisitor.traverse(LifecycleVisitor.java:136) [exo.kernel.container-2.4.0-GA.jar:2.4.0-GA]

          at org.exoplatform.container.LifecycleVisitor.start(LifecycleVisitor.java:170) [exo.kernel.container-2.4.0-GA.jar:2.4.0-GA]

          at org.exoplatform.container.ConcurrentPicoContainer.start(ConcurrentPicoContainer.java:554) [exo.kernel.container-2.4.0-GA.jar:2.4.0-GA]

          at org.exoplatform.container.ExoContainer.start(ExoContainer.java:269) [exo.kernel.container-2.4.0-GA.jar:2.4.0-GA]

          at org.exoplatform.container.PortalContainer.start(PortalContainer.java:656) [exo.kernel.container-2.4.0-GA.jar:2.4.0-GA]

          at org.exoplatform.container.ExoContainer.start(ExoContainer.java:257) [exo.kernel.container-2.4.0-GA.jar:2.4.0-GA]

          at org.exoplatform.container.RootContainer.createPortalContainer(RootContainer.java:674) [exo.kernel.container-2.4.0-GA.jar:2.4.0-GA]

          at org.exoplatform.container.RootContainer.createPortalContainers(RootContainer.java:342) [exo.kernel.container-2.4.0-GA.jar:2.4.0-GA]

          at org.gatein.integration.jboss.as7.web.StartupService.start(StartupService.java:50)

          at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1811)

          at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1746)

          at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_09-icedtea]

          at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_09-icedtea]

          at java.lang.Thread.run(Thread.java:722) [rt.jar:1.7.0_09-icedtea]

      Caused by: java.lang.RuntimeException: Failed start Organization Service org.exoplatform.services.organization.ldap.OrganizationServiceImpl, probably because of configuration error. Error occurs when initialize org.exoplatform.services.organization.OrganizationDatabaseInitializer

          at org.exoplatform.services.organization.BaseOrganizationService.start(BaseOrganizationService.java:91) [exo.core.component.organization.api-2.5.0-GA.jar:2.5.0-GA]

          at sun.reflect.GeneratedMethodAccessor38.invoke(Unknown Source) [:1.7.0_09-icedtea]

          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_09-icedtea]

          at java.lang.reflect.Method.invoke(Method.java:601) [rt.jar:1.7.0_09-icedtea]

          at org.exoplatform.container.LifecycleVisitor.traverse(LifecycleVisitor.java:100) [exo.kernel.container-2.4.0-GA.jar:2.4.0-GA]

          ... 13 more

      Caused by: javax.naming.InvalidNameException: Can not create membership record root,manager,/platform/administrators because membership type manager is not exists.

          at org.exoplatform.services.organization.ldap.MembershipDAOImpl.createMembership(MembershipDAOImpl.java:135) [exo.core.component.organization.ldap-2.5.0-GA.jar:2.5.0-GA]

          at org.exoplatform.services.organization.ldap.MembershipDAOImpl.linkMembership(MembershipDAOImpl.java:223) [exo.core.component.organization.ldap-2.5.0-GA.jar:2.5.0-GA]

          at org.exoplatform.services.organization.OrganizationDatabaseInitializer.createUsers(OrganizationDatabaseInitializer.java:184) [exo.core.component.organization.api-2.5.0-GA.jar:2.5.0-GA]

          at org.exoplatform.services.organization.OrganizationDatabaseInitializer.init(OrganizationDatabaseInitializer.java:76) [exo.core.component.organization.api-2.5.0-GA.jar:2.5.0-GA]

          at org.exoplatform.services.organization.BaseOrganizationService.start(BaseOrganizationService.java:83) [exo.core.component.organization.api-2.5.0-GA.jar:2.5.0-GA]

          ... 17 more

      Below is my ldap configuration:

       

      <?xml version="1.0" encoding="ISO-8859-1"?>

      <!--

       

          Copyright (C) 2009 eXo Platform SAS.

         

          This is free software; you can redistribute it and/or modify it

          under the terms of the GNU Lesser General Public License as

          published by the Free Software Foundation; either version 2.1 of

          the License, or (at your option) any later version.

         

          This software is distributed in the hope that it will be useful,

          but WITHOUT ANY WARRANTY; without even the implied warranty of

          MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU

          Lesser General Public License for more details.

         

          You should have received a copy of the GNU Lesser General Public

          License along with this software; if not, write to the Free

          Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA

          02110-1301 USA, or see the FSF site: http://www.fsf.org.

       

      -->

       

      <configuration

          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

          xsi:schemaLocation="http://www.exoplaform.org/xml/ns/kernel_1_2.xsd http://www.exoplaform.org/xml/ns/kernel_1_2.xsd"

          xmlns="http://www.exoplaform.org/xml/ns/kernel_1_2.xsd">

        <component>

          <key>org.exoplatform.services.ldap.LDAPService</key>

          <type>org.exoplatform.services.ldap.impl.LDAPServiceImpl</type>

          <init-params>

            <object-param>

              <name>ldap.config</name>

              <description>Default ldap config</description>

              <object type="org.exoplatform.services.ldap.impl.LDAPConnectionConfig">

       

                <!-- for multiple ldap servers, use comma seperated list of host:port (Ex. ldap://127.0.0.1:389,10.0.0.1:389) -->

                <field name="providerURL">

                  <string>ldap://192.168.122.120:10389</string>

                </field>

       

                <field name="rootdn">

                  <string>CN=JBossUser,CN=Service Accounts,CN=Users,ou=enterprise-domain-com,o=Tremolo</string>

                </field>

       

                <field name="password">

                  <string>XXXXXXXXX</string>

                </field>

       

                <field name="version">

                  <string>3</string>

                </field>

       

                <field name="minConnection">

                  <int>5</int>

                </field>

       

                <field name="maxConnection">

                  <int>10</int>

                </field>

       

                <field name="referralMode">

                  <string>ignore</string>

                </field>

       

                <!--

                          <field  name="referralMode"><string>ignore</string></field>

                -->

       

                <field name="serverName">

                  <string>default</string>

                </field>

       

                <!--

                          LDAP server names : default,

                                              active.directory,

                                              open.ldap,

                                              netscape.directory,

                                              redhat.directory;

                -->

       

       

              </object>

            </object-param>

          </init-params>

        </component>

       

        <component>

          <key>org.exoplatform.services.organization.OrganizationService</key>

          <type>org.exoplatform.services.organization.ldap.OrganizationServiceImpl</type>

          <component-plugins>

            <component-plugin>

              <name>init.service.listener</name>

              <set-method>addListenerPlugin</set-method>

              <type>org.exoplatform.services.organization.ldap.OrganizationLdapInitializer</type>

              <description>this listener populate organization ldap service create default dn</description>

            </component-plugin>

          </component-plugins>

          <init-params>

            <value-param>

              <name>ldap.userDN.key</name>

              <description>The key used to compose user DN</description>

              <value>cn</value>

            </value-param>

       

            <object-param>

              <name>ldap.attribute.mapping</name>

              <description>ldap attribute mapping</description>

              <object type="org.exoplatform.services.organization.ldap.LDAPAttributeMapping">

                <field name="userLDAPClasses">

                  <string>top,person,organizationalPerson,inetOrgPerson</string>

                </field>

                <field name="profileLDAPClasses">

                  <string>top,organizationalPerson</string>

                </field>

                <field name="groupLDAPClasses">

                  <string>top,organizationalUnit</string>

                </field>

                <field name="membershipTypeLDAPClasses">

                  <string>top,organizationalRole</string>

                </field>

                <field name="membershipLDAPClasses">

                  <string>top,groupOfUniqueNames</string>

                </field>

       

                <field name="baseURL">

                  <string>o=Tremolo</string>

                </field>

                <field name="groupsURL">

                  <string>CN=JbossPortal,CN=Application Access Groups,CN=Users,ou=enterprise-domain-com,o=Tremolo</string>

                </field>

                <field name="membershipTypeURL">

                  <string>o=Tremolo</string>

                </field>

                <field name="userURL">

                  <string>o=Tremolo</string>

                </field>

                <field name="profileURL">

                  <string>o=Tremolo</string>

                </field>

       

                <field name="userUsernameAttr">

                  <string>uid</string>

                </field>

                <field name="userPassword">

                  <string>userPassword</string>

                </field>

                <field name="userFirstNameAttr">

                  <string>givenName</string>

                </field>

                <field name="userLastNameAttr">

                  <string>sn</string>

                </field>

                <field name="userDisplayNameAttr">

                  <string>displayName</string>

                </field>

                <field name="userMailAttr">

                  <string>mail</string>

                </field>

                <field name="userObjectClassFilter">

                  <string>objectClass=person</string>

                </field>

       

                <field name="membershipTypeMemberValue">

                  <string>uniqueMember</string>

                </field>

                <field name="membershipTypeRoleNameAttr">

                  <string>cn</string>

                </field>

                <field name="membershipTypeNameAttr">

                  <string>cn</string>

                </field>

                <field name="membershipTypeObjectClassFilter">

                  <string>objectClass=organizationalRole</string>

                </field>

                <field name="membershiptypeObjectClass">

                  <string>organizationalRole</string>

                </field>

       

                <field name="groupObjectClass">

                  <string>organizationalUnit</string>

                </field>

                <field name="groupObjectClassFilter">

                  <string>objectClass=organizationalUnit</string>

                </field>

       

                <field name="membershipObjectClass">

                  <string>groupOfUniqueNames</string>

                </field>

                <field name="membershipObjectClassFilter">

                  <string>objectClass=groupOfUniqueNames</string>

                </field>

       

                <field name="ldapCreatedTimeStampAttr">

                  <string>createdTimeStamp</string>

                </field>

                <field name="ldapModifiedTimeStampAttr">

                  <string>modifiedTimeStamp</string>

                </field>

                <field name="ldapDescriptionAttr">

                  <string>description</string>

                </field>

              </object>

            </object-param>

          </init-params>

        </component>

       

        <external-component-plugins>

          <target-component>org.exoplatform.services.database.HibernateService</target-component>

          <component-plugin>

            <name>add.hibernate.mapping</name>

            <set-method>addPlugin</set-method>

            <type>org.exoplatform.services.database.impl.AddHibernateMappingPlugin</type>

            <init-params>

              <values-param>

                <name>hibernate.mapping</name>

                <value>org/exoplatform/services/organization/impl/UserProfileData.hbm.xml</value>

              </values-param>

            </init-params>

          </component-plugin>

        </external-component-plugins>

       

        <!-- for ldap clean database

        <external-component-plugins>

          <target-component>org.exoplatform.services.ldap.LDAPService</target-component>

          <component-plugin>

            <name>delete.object</name>

            <set-method>addDeleteObject</set-method>

            <type>org.exoplatform.services.ldap.DeleteObjectCommand</type>

            <init-params>

              <values-param>

                <name>objects.to.delete</name>

                <value>cn=demo,ou=users,ou=portal,dc=exoplatform,dc=org</value>

                <value>cn=test,ou=users,ou=portal,dc=exoplatform,dc=org</value>

                <value>cn=Benj,ou=users,ou=portal,dc=exoplatform,dc=org</value>

                <value>cn=tuan,ou=users,ou=portal,dc=exoplatform,dc=org</value>

              </values-param>

            </init-params>

          </component-plugin>

        </external-component-plugins>

        -->

      </configuration>

      The only changes I made from the default file were:

      1.  Added the settings for my virtual directory

      2.  Changed all references from groupOfNames to groupOfUniqueNames

      3.  Changed all references from member to uniqueMember

       

      After starting Gatein tried to create several OUs:

       

      [root@localhost gatein]# ldapsearch -x -h 192.168.122.120 -p 10389 -b 'cn=JbossPortal,cn=Application Access Groups,cn=Users,ou=enterprise-domain-com,o=Tremolo' -s sub '(objectClass=organizationalUnit)' 1.1

      # extended LDIF

      #

      # LDAPv3

      # base <cn=JbossPortal,cn=Application Access Groups,cn=Users,ou=enterprise-domain-com,o=Tremolo> with scope subtree

      # filter: (objectClass=organizationalUnit)

      # requesting: 1.1

      #

       

      # platform, JbossPortal, Application Access Groups, Users, enterprise-domain-

      com, Tremolo

      dn: OU=platform,CN=JbossPortal,CN=Application Access Groups,CN=Users,ou=enterp

      rise-domain-com,o=Tremolo

       

      # administrators, platform, JbossPortal, Application Access Groups, Users, en

      terprise-domain-com, Tremolo

      dn: OU=administrators,OU=platform,CN=JbossPortal,CN=Application Access Groups,

      CN=Users,ou=enterprise-domain-com,o=Tremolo

       

      # users, platform, JbossPortal, Application Access Groups, Users, enterprise-

      domain-com, Tremolo

      dn: OU=users,OU=platform,CN=JbossPortal,CN=Application Access Groups,CN=Users,

      ou=enterprise-domain-com,o=Tremolo

       

      # guests, platform, JbossPortal, Application Access Groups, Users, enterprise

      -domain-com, Tremolo

      dn: OU=guests,OU=platform,CN=JbossPortal,CN=Application Access Groups,CN=Users

      ,ou=enterprise-domain-com,o=Tremolo

       

      # organization, platform, JbossPortal, Application Access Groups, Users, ente

      rprise-domain-com, Tremolo

      dn: OU=organization,OU=platform,CN=JbossPortal,CN=Application Access Groups,CN

      =Users,ou=enterprise-domain-com,o=Tremolo

       

      # organization, JbossPortal, Application Access Groups, Users, enterprise-dom

      ain-com, Tremolo

      dn: OU=organization,CN=JbossPortal,CN=Application Access Groups,CN=Users,ou=en

      terprise-domain-com,o=Tremolo

       

      # management, organization, JbossPortal, Application Access Groups, Users, en

      terprise-domain-com, Tremolo

      dn: OU=management,OU=organization,CN=JbossPortal,CN=Application Access Groups,

      CN=Users,ou=enterprise-domain-com,o=Tremolo

       

      # executive-board, organization, JbossPortal, Application Access Groups, User

      s, enterprise-domain-com, Tremolo

      dn: OU=executive-board,OU=organization,CN=JbossPortal,CN=Application Access Gr

      oups,CN=Users,ou=enterprise-domain-com,o=Tremolo

       

      # executive-board, management, organization, JbossPortal, Application Access

      Groups, Users, enterprise-domain-com, Tremolo

      dn: OU=executive-board,OU=management,OU=organization,CN=JbossPortal,CN=Applica

      tion Access Groups,CN=Users,ou=enterprise-domain-com,o=Tremolo

       

      # human-resources, management, organization, JbossPortal, Application Access

      Groups, Users, enterprise-domain-com, Tremolo

      dn: OU=human-resources,OU=management,OU=organization,CN=JbossPortal,CN=Applica

      tion Access Groups,CN=Users,ou=enterprise-domain-com,o=Tremolo

       

      # communication, management, organization, JbossPortal, Application Access Gr

      oups, Users, enterprise-domain-com, Tremolo

      dn: OU=communication,OU=management,OU=organization,CN=JbossPortal,CN=Applicati

      on Access Groups,CN=Users,ou=enterprise-domain-com,o=Tremolo

       

      # communication, organization, JbossPortal, Application Access Groups, Users,

        enterprise-domain-com, Tremolo

      dn: OU=communication,OU=organization,CN=JbossPortal,CN=Application Access Grou

      ps,CN=Users,ou=enterprise-domain-com,o=Tremolo

       

      # marketing, communication, organization, JbossPortal, Application Access Gro

      ups, Users, enterprise-domain-com, Tremolo

      dn: OU=marketing,OU=communication,OU=organization,CN=JbossPortal,CN=Applicatio

      n Access Groups,CN=Users,ou=enterprise-domain-com,o=Tremolo

       

      # press-and-media, communication, organization, JbossPortal, Application Acce

      ss Groups, Users, enterprise-domain-com, Tremolo

      dn: OU=press-and-media,OU=communication,OU=organization,CN=JbossPortal,CN=Appl

      ication Access Groups,CN=Users,ou=enterprise-domain-com,o=Tremolo

       

      # operations, organization, JbossPortal, Application Access Groups, Users, en

      terprise-domain-com, Tremolo

      dn: OU=operations,OU=organization,CN=JbossPortal,CN=Application Access Groups,

      CN=Users,ou=enterprise-domain-com,o=Tremolo

       

      # sales, operations, organization, JbossPortal, Application Access Groups, Us

      ers, enterprise-domain-com, Tremolo

      dn: OU=sales,OU=operations,OU=organization,CN=JbossPortal,CN=Application Acces

      s Groups,CN=Users,ou=enterprise-domain-com,o=Tremolo

       

      # finances, operations, organization, JbossPortal, Application Access Groups,

        Users, enterprise-domain-com, Tremolo

      dn: OU=finances,OU=operations,OU=organization,CN=JbossPortal,CN=Application Ac

      cess Groups,CN=Users,ou=enterprise-domain-com,o=Tremolo

       

      # customers, JbossPortal, Application Access Groups, Users, enterprise-domain

      -com, Tremolo

      dn: OU=customers,CN=JbossPortal,CN=Application Access Groups,CN=Users,ou=enter

      prise-domain-com,o=Tremolo

       

      # partners, JbossPortal, Application Access Groups, Users, enterprise-domain-

      com, Tremolo

      dn: OU=partners,CN=JbossPortal,CN=Application Access Groups,CN=Users,ou=enterp

      rise-domain-com,o=Tremolo

       

      # search result

      search: 2

      result: 0 Success

      matchedDN: cn=JbossPortal,cn=Application Access Groups,cn=Users,ou=enterprise-

      domain-com,o=Tremolo

       

      # numResponses: 20

      # numEntries: 19

       

      Since the account is read-only I created the ou's manually but I don't understand what they are for.  Also, whats the difference between the groupURL, profileURL and membershipURL?  I've gotten LDAP authentication working on GateIn 3.0 quite some time ago when it was all part of PicketLink but the new configuration doesn't seem to tie.  Any help would be greatly appreciated.

       

      Thanks

      Marc

        • 1. Re: Gatein 3.5 on JBoss 7 - LDAP
          mposolda
          mposolda Mar 6, 2013 3:13 AM (in response to bigman921)

          According to your configuration, it seems that you are trying to use legacy implementation of OrganizationService and you have legacy configuration of LDAP based on it. Instead of it, I would suggest to follow instructions from latest GateIn reference guide: https://docs.jboss.org/author/display/GTNPORTAL35/LDAP+integration

           

          Marek

            • Actions
          • 2. Re: Gatein 3.5 on JBoss 7 - LDAP
            bigman921
            bigman921 Mar 6, 2013 6:15 PM (in response to mposolda)

            OK, so I'm making progress.  Following those instructions I was able to get GateIn to talk to my virtual directory.  However, when I login with a user that isn't one of the standard users (root, demo, etc) I get into gatein but there's no user bar and it doesn't look like i'm actually signed in.  The user is a member of admins and employees ldap groups in the directory.  Also, when Iogin to the user manager the user doesn't exist in GateIn.  I've attached my config files and my logs.  Any help would be greatly appreciated.

             

            Thanks

            Marc

              • Actions
            • 3. Re: Gatein 3.5 on JBoss 7 - LDAP
              mposolda
              mposolda Mar 7, 2013 5:46 AM (in response to bigman921)

              Yes, it seems that your users are not in group /platform/users, so they are not able to see user bar. I've just added new note into GateIn documentation into read-only LDAP setup. Content of note:

               

              In read-only LDAP setup, your LDAP users are usually not member of group /platform/users by default. This means that they are not authorized to see non-public content of portal (like user toolbar on top of the page). To address this issue, we have special login module CustomMembershipLoginModule, which automatically adds each user to group /platform/users after his successful login. See Existing login modules for details about setup of this login module. 

               

              Another option is to use CoreOrganizationInitializer plugin which will enforce running OrganizationService listeners, as one of the listeners is automatically adding users into group /platform/users . See https://github.com/gatein/gatein-toolbox/tree/master/CoreOrganizationInitializer and especially it's README.txt file for more info.

                • Actions
              • 4. Re: Gatein 3.5 on JBoss 7 - LDAP
                bigman921
                bigman921 Mar 8, 2013 8:11 AM (in response to mposolda)

                Thanks Marek.  I configued the CustomMembershipLoginModule and disabled caching and login now works with LDAP groups.

                 

                Thanks

                Marc

                  • Actions