4.4.1 LDAP authentication problem
I tried to follow the tutorial to enable LDAP authentication, but I am getting errors when I try to connect. The user I am trying to access is valid (uid=hsir,ou=Users,o=htg).
I can see that if I have an invalid password that I get the expected errors stating such. The problem is that when I try to login to the webconsole using the hsir user, I get an error back stating that it can't get the roles for the user (LDAP error code 53). Below is the ldap-module.xml I put in the deploy directory and the error from the servicemix.log file. I am using apache-servicemix-4.4.1 in windows 7 (JDK 1.6_29).
I want to allow logins for anyone in the cn=webAdmin,ou=Roles,o=htg role.
Any help with this would be greatly appreciated.
ldap-module.xml is:
The error from the servicemix.log is
javax.security.auth.login.LoginException: Can't get user hsir roles: LDAP: error code 53 - Unwilling To Perform
at org.apache.karaf.jaas.modules.ldap.LDAPLoginModule.doLogin(LDAPLoginModule.java:239)
at org.apache.karaf.jaas.modules.ldap.LDAPLoginModule.login(LDAPLoginModule.java:128)
at org.apache.karaf.jaas.boot.ProxyLoginModule.login(ProxyLoginModule.java:83)[karaf-jaas-boot.jar:]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)[:1.6.0_29]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)[:1.6.0_29]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)[:1.6.0_29]
at java.lang.reflect.Method.invoke(Method.java:597)[:1.6.0_29]
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)[:1.6.0_29]
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)[:1.6.0_29]
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)[:1.6.0_29]
at java.security.AccessController.doPrivileged(Native Method)[:1.6.0_29]
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)[:1.6.0_29]
at javax.security.auth.login.LoginContext.login(LoginContext.java:579)[:1.6.0_29]
at org.apache.karaf.webconsole.JaasSecurityProvider.doAuthenticate(JaasSecurityProvider.java:91)[159:org.apache.karaf.webconsole.console:2.2.4]
at org.apache.karaf.webconsole.JaasSecurityProvider.authenticate(JaasSecurityProvider.java:156)[159:org.apache.karaf.webconsole.console:2.2.4]
at org.apache.felix.webconsole.internal.servlet.OsgiManagerHttpContext.handleSecurity(OsgiManagerHttpContext.java:104)[159:org.apache.karaf.webconsole.console:2.2.4]
at org.ops4j.pax.web.service.jetty.internal.HttpServiceServletHandler.doHandle(HttpServiceServletHandler.java:68)[112:org.ops4j.pax.web.pax-web-jetty:1.0.7]
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:119)[97:org.eclipse.jetty.server:7.4.5.v20110725]
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:517)[100:org.eclipse.jetty.security:7.4.5.v20110725]
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:225)[97:org.eclipse.jetty.server:7.4.5.v20110725]
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:937)[97:org.eclipse.jetty.server:7.4.5.v20110725]
at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doHandle(HttpServiceContext.java:116)[112:org.ops4j.pax.web.pax-web-jetty:1.0.7]
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:406)[98:org.eclipse.jetty.servlet:7.4.5.v20110725]
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:183)[97:org.eclipse.jetty.server:7.4.5.v20110725]
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:871)[97:org.eclipse.jetty.server:7.4.5.v20110725]
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:117)[97:org.eclipse.jetty.server:7.4.5.v20110725]
at org.ops4j.pax.web.service.jetty.internal.JettyServerHandlerCollection.handle(JettyServerHandlerCollection.java:72)[112:org.ops4j.pax.web.pax-web-jetty:1.0.7]
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:110)[97:org.eclipse.jetty.server:7.4.5.v20110725]
at org.eclipse.jetty.server.Server.handle(Server.java:346)[97:org.eclipse.jetty.server:7.4.5.v20110725]
at org.eclipse.jetty.server.HttpConnection.handleRequest(HttpConnection.java:589)[97:org.eclipse.jetty.server:7.4.5.v20110725]
at org.eclipse.jetty.server.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:1048)[97:org.eclipse.jetty.server:7.4.5.v20110725]
at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:601)[101:org.eclipse.jetty.http:7.4.5.v20110725]
at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:214)[101:org.eclipse.jetty.http:7.4.5.v20110725]
at org.eclipse.jetty.server.HttpConnection.handle(HttpConnection.java:411)[97:org.eclipse.jetty.server:7.4.5.v20110725]
at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:535)[99:org.eclipse.jetty.io:7.4.5.v20110725]
at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:40)[99:org.eclipse.jetty.io:7.4.5.v20110725]
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:529)[109:org.eclipse.jetty.util:7.4.5.v20110725]
at java.lang.Thread.run(Thread.java:662)[:1.6.0_29]
12:42:05,084 | ERROR | qtp15083736-67 | JaasSecurityProvider | 159 - org.apache.karaf.webconsole.console - 2.2.4 | General Security Exception
javax.security.auth.login.LoginException: Can't get user hsir roles: LDAP: error code 53 - Unwilling To Perform
at org.apache.karaf.jaas.modules.ldap.LDAPLoginModule.doLogin(LDAPLoginModule.java:239)
at org.apache.karaf.jaas.modules.ldap.LDAPLoginModule.login(LDAPLoginModule.java:128)
at org.apache.karaf.jaas.boot.ProxyLoginModule.login(ProxyLoginModule.java:83)[karaf-jaas-boot.jar:]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)[:1.6.0_29]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)[:1.6.0_29]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)[:1.6.0_29]
at java.lang.reflect.Method.invoke(Method.java:597)[:1.6.0_29]
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)[:1.6.0_29]
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)[:1.6.0_29]
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)[:1.6.0_29]
at java.security.AccessController.doPrivileged(Native Method)[:1.6.0_29]
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)[:1.6.0_29]
at javax.security.auth.login.LoginContext.login(LoginContext.java:579)[:1.6.0_29]
at org.apache.karaf.webconsole.JaasSecurityProvider.doAuthenticate(JaasSecurityProvider.java:91)[159:org.apache.karaf.webconsole.console:2.2.4]
at org.apache.karaf.webconsole.JaasSecurityProvider.authenticate(JaasSecurityProvider.java:156)[159:org.apache.karaf.webconsole.console:2.2.4]
at org.apache.felix.webconsole.internal.servlet.OsgiManagerHttpContext.handleSecurity(OsgiManagerHttpContext.java:104)[159:org.apache.karaf.webconsole.console:2.2.4]
at org.ops4j.pax.web.service.jetty.internal.HttpServiceServletHandler.doHandle(HttpServiceServletHandler.java:68)[112:org.ops4j.pax.web.pax-web-jetty:1.0.7]
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:119)[97:org.eclipse.jetty.server:7.4.5.v20110725]
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:517)[100:org.eclipse.jetty.security:7.4.5.v20110725]
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:225)[97:org.eclipse.jetty.server:7.4.5.v20110725]
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:937)[97:org.eclipse.jetty.server:7.4.5.v20110725]
at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doHandle(HttpServiceContext.java:116)[112:org.ops4j.pax.web.pax-web-jetty:1.0.7]
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:406)[98:org.eclipse.jetty.servlet:7.4.5.v20110725]
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:183)[97:org.eclipse.jetty.server:7.4.5.v20110725]
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:871)[97:org.eclipse.jetty.server:7.4.5.v20110725]
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:117)[97:org.eclipse.jetty.server:7.4.5.v20110725]
at org.ops4j.pax.web.service.jetty.internal.JettyServerHandlerCollection.handle(JettyServerHandlerCollection.java:72)[112:org.ops4j.pax.web.pax-web-jetty:1.0.7]
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:110)[97:org.eclipse.jetty.server:7.4.5.v20110725]
at org.eclipse.jetty.server.Server.handle(Server.java:346)[97:org.eclipse.jetty.server:7.4.5.v20110725]
at org.eclipse.jetty.server.HttpConnection.handleRequest(HttpConnection.java:589)[97:org.eclipse.jetty.server:7.4.5.v20110725]
at org.eclipse.jetty.server.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:1048)[97:org.eclipse.jetty.server:7.4.5.v20110725]
at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:601)[101:org.eclipse.jetty.http:7.4.5.v20110725]
at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:214)[101:org.eclipse.jetty.http:7.4.5.v20110725]
at org.eclipse.jetty.server.HttpConnection.handle(HttpConnection.java:411)[97:org.eclipse.jetty.server:7.4.5.v20110725]
at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:535)[99:org.eclipse.jetty.io:7.4.5.v20110725]
at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:40)[99:org.eclipse.jetty.io:7.4.5.v20110725]
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:529)[109:org.eclipse.jetty.util:7.4.5.v20110725]
at java.lang.Thread.run(Thread.java:662)[:1.6.0_29]