I can't see anything that would be causing that exception, but here are a few things to try:
1) Use Tomcat's JNDIRealm for authentication rather than the JAAS module. The JNDIPrincipalStore doesn't expose a password attribute for users, so the JAAS module won't work (this is by design). 2) Double check the values you've set for jndi.attributes.rdn, jndi.attributes.userprincipalname and jndi.search.attributes. You might try looking at your LDAP repository with the LDAP Browser/Editor [http://www-unix.mcs.anl.gov/~gawor/ldap/] to double check the values. -James On Thu, 2005-01-20 at 11:35 +0100, [EMAIL PROTECTED] wrote: > Hi, > > I'm trying to authenticate my slide users via LDAP and ApacheDS ( > http://incubator.apache.org/directory/subprojects/apacheds/). > > I've downloaded release 0.8 of ApacheDS and I didn't make any real changes > (just added some users with the newuser.ldif example). I'm trying to use > the administrators role which is by default present in ApacheDS and the > user akarasulu/Alex Karasulu (which is by default in the administrators > group). > > When I start slide, everything goes fine, but when I login, i get an error > message and a stack trace with a javax.naming.CommunicationException. I'm > not sure whether my LDAP configuration for slide is correct. That's why > I'm posting it on this mailing list and not on the ApacheDS list. > - Can somebody please help me out? > - Is my configuration doamin.xml correct? > - Is this an ApacheDS problem? > > I've added the stacktrace i got in the Slide console and my domain.xml > > I've enabled auto versioning and authentication in slide. In web.xml I 've > added the same lines for administrators, where 'root' was used (to get > the administrators group of LDAP working). > > I'm using with Jaas org.apache.slide.jaas.spi.SlideLoginModule. > > ============= > > 20 Jan 2005 10:49:23 - org.apache.slide.store.txjndi.JNDIPrincipalStore - > ERROR > - JNDIPrincipalStore[/users]: Error retrieving /users/akarasulu > javax.naming.CommunicationException: connection closed [Root exception is > java.io.IOException: connection closed]; remaining name > 'ou=users,ou=system' > at com.sun.jndi.ldap.LdapCtx.doSearch(Unknown Source) > at com.sun.jndi.ldap.LdapCtx.searchAux(Unknown Source) > at com.sun.jndi.ldap.LdapCtx.c_search(Unknown Source) > at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(Unknown > Source) > at > com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source) > at > com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source) > at javax.naming.directory.InitialDirContext.search(Unknown Source) > at > org.apache.slide.store.txjndi.JNDIPrincipalStore.getObject(JNDIPrincipalStore.java:781) > at > org.apache.slide.store.txjndi.JNDIPrincipalStore.retrieveObject(JNDIPrincipalStore.java:466) > at > org.apache.slide.store.AbstractStore.retrieveObject(AbstractStore.java:611) > at > org.apache.slide.store.ExtendedStore.retrieveObject(ExtendedStore.java:585) > at > org.apache.slide.security.SecurityImpl.getPrincipal(SecurityImpl.java:1004) > at > org.apache.slide.jaas.spi.SlideLoginModule.login(SlideLoginModule.java:177) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) > at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) > at java.lang.reflect.Method.invoke(Unknown Source) > at javax.security.auth.login.LoginContext.invoke(Unknown Source) > at javax.security.auth.login.LoginContext.access$000(Unknown > Source) > at javax.security.auth.login.LoginContext$4.run(Unknown Source) > at java.security.AccessController.doPrivileged(Native Method) > at javax.security.auth.login.LoginContext.invokeModule(Unknown > Source) > at javax.security.auth.login.LoginContext.login(Unknown Source) > at > org.mortbay.jaas.JAASUserRealm.authenticate(JAASUserRealm.java:212) > at > org.mortbay.http.BasicAuthenticator.authenticated(BasicAuthenticator.java:50) > at > org.mortbay.http.SecurityConstraint.check(SecurityConstraint.java:415) > at > org.mortbay.http.HttpContext.checkSecurityConstraints(HttpContext.java:1551) > at > org.mortbay.jetty.servlet.ServletHttpContext.checkSecurityConstraints(ServletHttpContext.java:134) > at > org.mortbay.jetty.servlet.WebApplicationHandler.dispatch(WebApplicationHandler.java:235) > at > org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:567) > at org.mortbay.http.HttpContext.handle(HttpContext.java:1807) > at > org.mortbay.jetty.servlet.WebApplicationContext.handle(WebApplicationContext.java:525) > at org.mortbay.http.HttpContext.handle(HttpContext.java:1757) > at org.mortbay.http.HttpServer.service(HttpServer.java:879) > at > org.mortbay.http.HttpConnection.service(HttpConnection.java:790) > at > org.mortbay.http.HttpConnection.handleNext(HttpConnection.java:961) > at org.mortbay.http.HttpConnection.handle(HttpConnection.java:807) > at > org.mortbay.http.SocketListener.handleConnection(SocketListener.java:197) > at org.mortbay.util.ThreadedServer.handle(ThreadedServer.java:276) > at org.mortbay.util.ThreadPool$PoolThread.run(ThreadPool.java:511) > Caused by: java.io.IOException: connection closed > at com.sun.jndi.ldap.LdapClient.ensureOpen(Unknown Source) > at com.sun.jndi.ldap.LdapClient.search(Unknown Source) > ... 40 more > [SlideLoginModule] - Failure loading user object > 10:49:23.062 WARN!! javax.security.auth.login.LoginException: Failure > loading user object > 10:49:23.062 WARN!! AUTH FAILURE: user akarasulu > > ============= > > <?xml version="1.0"?> > <slide> > <namespace name="slide"> > <definition> > <!-- Use the Tx Stores for the main store. > JNDIPrincipalStore *cannot* do this --> > <store name="main"> > <nodestore > classname="org.apache.slide.store.txfile.TxXMLFileDescriptorsStore"> > <parameter > name="rootpath">main/store/metadata</parameter> > <parameter > name="workpath">main/work/metadata</parameter> > </nodestore> > <securitystore> > <reference store="nodestore"/> > </securitystore> > <lockstore> > <reference store="nodestore"/> > </lockstore> > <revisiondescriptorsstore> > <reference store="nodestore"/> > </revisiondescriptorsstore> > <revisiondescriptorstore> > <reference store="nodestore"/> > </revisiondescriptorstore> > <contentstore > classname="org.apache.slide.store.txfile.TxFileContentStore"> > <parameter > name="rootpath">main/store/content</parameter> > <parameter > name="workpath">main/work/content</parameter> > </contentstore> > </store> > > <!-- Use a JNDIPrincipalStore to for users --> > <store name="users"> > <nodestore > classname="org.apache.slide.store.txjndi.JNDIPrincipalStore"> > <parameter > name="jndi.container">ou=users,ou=system</parameter> > <parameter > name="jndi.attributes.rdn">cn</parameter> > <parameter > name="jndi.search.attributes">groupMembership,cn</parameter> > <parameter > name="jndi.attributes.userprincipalname">uid</parameter> > <parameter > name="jndi.search.filter">(objectClass=inetOrgPerson)</parameter> > <parameter > name="jndi.search.scope">ONELEVEL_SCOPE</parameter> > <parameter > name="jndi.search.attributes">cn</parameter> > <parameter > name="java.naming.provider.url">ldap://david:389</parameter> > <parameter > name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</parameter> > <parameter > name="java.naming.security.principal">uid=admin,ou=system</parameter> > <parameter > name="java.naming.security.credentials">secret</parameter> > <parameter > name="java.naming.security.authentication">simple</parameter> > <parameter > name="cache.refresh.checkrate">15</parameter> > <parameter > name="cache.refresh.rate">800</parameter> > <parameter > name="cache.refresh.threshold">15000</parameter> > </nodestore> > <securitystore > classname="org.apache.slide.store.txfile.TxXMLFileDescriptorsStore"> > <reference store="nodestore"/> > </securitystore> > <lockstore> > <reference store="nodestore"/> > </lockstore> > <revisiondescriptorsstore> > <reference store="nodestore"/> > </revisiondescriptorsstore> > <revisiondescriptorstore> > <reference store="nodestore"/> > </revisiondescriptorstore> > <contentstore> > <reference store="nodestore"/> > </contentstore> > </store> > > <!-- Use a JNDIPrincipalStore for roles --> > <store name="roles"> > <nodestore > classname="org.apache.slide.store.txjndi.JNDIPrincipalStore"> > <parameter > name="jndi.container">ou=groups,ou=system</parameter> > <parameter > name="jndi.attributes.rdn">uid</parameter> > <parameter > name="jndi.attributes.groupmemberset">uniquemember</parameter> > <parameter > name="jndi.search.filter">(objectClass=groupofuniquenames)</parameter> > <parameter > name="jndi.search.scope">ONELEVEL_SCOPE</parameter> > <parameter > name="jndi.search.attributes">cn</parameter> > <parameter > name="java.naming.provider.url">ldap://david:389</parameter> > <parameter > name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</parameter> > <parameter > name="java.naming.security.principal">uid=admin,ou=system</parameter> > <parameter > name="java.naming.security.authentication">simple</parameter> > <parameter > name="java.naming.security.credentials">secret</parameter> > <parameter > name="cache.refresh.checkrate">15</parameter> > <parameter > name="cache.refresh.rate">800</parameter> > <parameter > name="cache.refresh.threshold">15000</parameter> > </nodestore> > <securitystore > classname="org.apache.slide.store.txfile.TxXMLFileDescriptorsStore"> > <reference store="nodestore"/> > </securitystore> > <lockstore> > <reference store="nodestore"/> > </lockstore> > <revisiondescriptorsstore> > <reference store="nodestore"/> > </revisiondescriptorsstore> > <revisiondescriptorstore> > <reference store="nodestore"/> > </revisiondescriptorstore> > <contentstore> > <reference store="nodestore"/> > </contentstore> > </store> > > <!-- Mount each store at the appropriate URI --> > <scope match="/" store="main"/> > <scope match="/users" store="users"/> > <scope match="/roles" store="roles"/> > </definition> > > <configuration> > <read-object>/actions/read</read-object> > <create-object>/actions/write</create-object> > <remove-object>/actions/write</remove-object> > <grant-permission>/actions/write-acl</grant-permission> > <revoke-permission>/actions/write-acl</revoke-permission> > <read-permissions>/actions/read-acl</read-permissions> > > > <read-own-permissions>/actions/read-current-user-privilege-set</read-own-permissions> > <lock-object>/actions/write</lock-object> > <kill-lock>/actions/unlock</kill-lock> > <read-locks>/actions/read</read-locks> > <read-revision-metadata>/actions/read</read-revision-metadata> > > > <create-revision-metadata>/actions/write-properties</create-revision-metadata> > > <modify-revision-metadata>/actions/write-properties</modify-revision-metadata> > > > <remove-revision-metadata>/actions/write-properties</remove-revision-metadata> > > <read-revision-content>/actions/read</read-revision-content> > > <create-revision-content>/actions/write-content</create-revision-content> > > <modify-revision-content>/actions/write-content</modify-revision-content> > > <remove-revision-content>/actions/write-content</remove-revision-content> > <bind-member>/actions/bind</bind-member> > <unbind-member>/actions/unbind</unbind-member> > <userspath>/users</userspath> > <rolespath>/roles</rolespath> > <actionspath>/actions</actionspath> > <filespath>/files</filespath> > <parameter name="dav">true</parameter> > <parameter name="standalone">true</parameter> > <parameter name="acl_inheritance_type">path</parameter> > <parameter name="nested_roles_maxdepth">0</parameter> > </configuration> > <data> > <objectnode > classname="org.apache.slide.structure.SubjectNode" uri="/"> > <!-- Make sure the subject here is a valid LDAP > group --> > <permission action="all" > subject="/roles/administrators" inheritable="true"/> > <permission action="/actions/read-acl" > subject="all" inheritable="true" negative="true"/> > <permission action="/actions/write-acl" > subject="all" inheritable="true" negative="true"/> > <permission action="/actions/unlock" > subject="all" inheritable="true" negative="true"/> > <permission action="/actions/read" > subject="all" inheritable="true"/> > <objectnode > classname="org.apache.slide.structure.SubjectNode" uri="/users"> > <permission action="all" > subject="self" inheritable="true"/> > <permission action="all" > subject="unauthenticated" inheritable="true" negative="true"/> > </objectnode> > <objectnode > classname="org.apache.slide.structure.SubjectNode" uri="/roles"> > <permission action="all" > subject="self" inheritable="true"/> > <permission action="all" > subject="unauthenticated" inheritable="true" negative="true"/> > </objectnode> > <objectnode > classname="org.apache.slide.structure.ActionNode" uri="/actions"> > <objectnode > classname="org.apache.slide.structure.ActionNode" uri="/actions/read"> > <revision> > <property > name="privilege-member-set"><![CDATA[<D:href > xmlns:D='DAV:'>/actions/read-acl</D:href> <D:href > xmlns:D='DAV:'>/actions/read-current-user-privilege-set</D:href>]]></property> > </revision> > </objectnode> > <objectnode > classname="org.apache.slide.structure.ActionNode" uri="/actions/read-acl"> > <revision> > <property > name="privilege-member-set"/> > </revision> > </objectnode> > <objectnode > classname="org.apache.slide.structure.ActionNode" > uri="/actions/read-current-user-privilege-set"> > <revision> > <property > name="privilege-member-set"/> > </revision> > </objectnode> > <objectnode > classname="org.apache.slide.structure.ActionNode" uri="/actions/write"> > <revision> > <property > name="privilege-member-set"><![CDATA[<D:href > xmlns:D='DAV:'>/actions/write-acl</D:href> <D:href > xmlns:D='DAV:'>/actions/write-properties</D:href> <D:href > xmlns:D='DAV:'>/actions/write-content</D:href>]]></property> > </revision> > </objectnode> > <objectnode > classname="org.apache.slide.structure.ActionNode" > uri="/actions/write-acl"> > <revision> > <property > name="privilege-member-set"/> > </revision> > </objectnode> > <objectnode > classname="org.apache.slide.structure.ActionNode" > uri="/actions/write-properties"> > <revision> > <property > name="privilege-member-set"/> > </revision> > </objectnode> > <objectnode > classname="org.apache.slide.structure.ActionNode" > uri="/actions/write-content"> > <revision> > <property > name="privilege-member-set"><![CDATA[<D:href > xmlns:D='DAV:'>/actions/bind</D:href> <D:href > xmlns:D='DAV:'>/actions/unbind</D:href>]]></property> > </revision> > </objectnode> > <objectnode > classname="org.apache.slide.structure.ActionNode" uri="/actions/bind"> > <revision> > <property > name="privilege-member-set"/> > </revision> > </objectnode> > <objectnode > classname="org.apache.slide.structure.ActionNode" uri="/actions/unbind"> > <revision> > <property > name="privilege-member-set"/> > </revision> > </objectnode> > <objectnode > classname="org.apache.slide.structure.ActionNode" uri="/actions/unlock"> > <revision> > <property > name="privilege-member-set"/> > </revision> > </objectnode> > </objectnode> > <objectnode > classname="org.apache.slide.structure.SubjectNode" uri="/files"> > <permission action="all" > subject="unauthenticated" inheritable="true"/> > <!-- Make sure the subject here is > a valid LDAP group --> > <!--<permission action="/actions/write" > subject="/roles/connect users" inheritable="true"/>--> > <permission action="/actions/write" > subject="/roles/administrators" inheritable="true"/> > <permission > action="/actions/read-acl" subject="owner" inheritable="true"/> > </objectnode> > <objectnode > classname="org.apache.slide.structure.SubjectNode" uri="/history"> > <permission action="all" > subject="unauthenticated" inheritable="true"/> > <!-- Make sure the subject here is > a valid LDAP group --> > <permission action="/actions/write" > subject="/roles/administrators" inheritable="true"/> > <permission > action="/actions/read-acl" subject="owner" inheritable="true"/> > </objectnode> > <objectnode > classname="org.apache.slide.structure.SubjectNode" uri="/workspace"> > <permission action="all" > subject="unauthenticated" inheritable="true"/> > <!-- Make sure the subject here is > a valid LDAP group --> > <permission action="/actions/write" > subject="/roles/administrators" inheritable="true"/> > <permission > action="/actions/read-acl" subject="owner" inheritable="true"/> > </objectnode> > <objectnode > classname="org.apache.slide.structure.SubjectNode" uri="/workingresource"> > <permission action="all" > subject="unauthenticated" inheritable="true"/> > <!-- Make sure the subject here is a valid > LDAP group --> > <permission action="/actions/write" > subject="/roles/administrators" inheritable="true"/> > <permission > action="/actions/read-acl" subject="owner" inheritable="true"/> > </objectnode> > </objectnode> > </data> > </namespace> > <parameter name="historypath">/history</parameter> > <parameter name="workspacepath">/workspace</parameter> > <parameter name="workingresourcepath">/workingresource</parameter> > <parameter name="auto-version">checkout-checkin</parameter> > <parameter name="auto-version-control">false</parameter> > <parameter name="versioncontrol-exclude"/> > <parameter name="checkout-fork">forbidden</parameter> > <parameter name="checkin-fork">forbidden</parameter> > </slide> > > -------------------------------------------------- > Inventive Designers' Email Disclaimer: > http://www.inventivedesigners.com/email-disclaimer > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
