Hi Team,
I have followed the magnolia documentation for LDAP module, I am using magnolia
enterprise edition 5.4.9,I am able to Authenticate user from LDAP but I am
unable to retrieve the Group details present for the users in LDAP, and hence I
am unable to authorize the user in Magnolia.
Here are the config files which I have used:
-----------------------------------
JASS.CONFIG
magnolia {
info.magnolia.jaas.sp.jcr.JCRAuthenticationModule optional;
info.magnolia.jaas.sp.ldap.LDAPAuthenticationModule requisite
skip_on_previous_success=true;
info.magnolia.jaas.sp.jcr.JCRAuthorizationModule required;
};
-----------------------------------
LDAP.Properties:
#Initial factory class
java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
# LDAP url
java.naming.provider.url=ldap://localhost:1389/
java.naming.security.principal=uid=admin,ou=system
java.naming.security.credentials=xxxxxx
java.naming.security.authentication=simple
initialSearchAttributes=dc=xyz,dc=co,dc=uk
Organization=o
OrganizationUnit=ou
CommonName=cn
Surname=sn
GivenName=givenname
uid=uid
dn=dn
mail=mail
Password=userPassword
Language=language
roleResolverClass=info.magnolia.jaas.sp.ldap.resolver.MagnoliaRoleResolver
groupResolverClass=info.magnolia.jaas.sp.ldap.resolver.OpenLDAPGroupResolver
groupSearchContext=ou=groups,o=xyz,dc=xyz,dc=co,dc=uk
groupSearchFilter=(&(objectClass=groupOfNames)(member=member))
groupMembershipAttributeValue=dn
GroupId=cn
-----------------------------------
Debug logs for magnolia:
DEBUG info.magnolia.cms.security.auth.login.FormLogin 16.11.2016 13:57:26 --
handle login for pagrawa
DEBUG info.magnolia.jaas.sp.jcr.JCRAuthenticationModule 16.11.2016 13:57:26 --
initializing user pagrawa
DEBUG info.magnolia.jaas.sp.jcr.JCRAuthenticationModule 16.11.2016 13:57:26 --
getting user manager for realm all
DEBUG info.magnolia.context.AbstractRepositoryStrategy 16.11.2016 13:57:26 --
creating jcr session users by thread http-bio-8080-exec-3
DEBUG info.magnolia.cms.core.MagnoliaAccessProvider 16.11.2016 13:57:26 --
getEditor(session-admin-452)
DEBUG info.magnolia.cms.core.MagnoliaAccessProvider 16.11.2016 13:57:26 --
compile permissions for
admin[info.magnolia.jaas.sp.jcr.MagnoliaJRAdminPrincipal] at users
DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016
13:57:26 -- Executing query "select * from [mgnl:user] where name() = 'pagrawa'
and isdescendantnode(['/system'])".
DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016
13:57:26 -- Retrieving node took 1ms (isInstallationPhase: false): path = <null>
DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016
13:57:26 -- Could not find principal node 'pagrawa' of primary type 'mgnl:user'
under startnode '/system' in workspace 'users'.
DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016
13:57:26 -- Executing query "select * from [mgnl:user] where name() = 'pagrawa'
and isdescendantnode(['/admin'])".
DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016
13:57:26 -- Retrieving node took 1ms (isInstallationPhase: false): path = <null>
DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016
13:57:26 -- Could not find principal node 'pagrawa' of primary type 'mgnl:user'
under startnode '/admin' in workspace 'users'.
DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016
13:57:26 -- Executing query "select * from [mgnl:user] where name() = 'pagrawa'
and isdescendantnode(['/public'])".
DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016
13:57:26 -- Retrieving node took 2ms (isInstallationPhase: false): path = <null>
DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016
13:57:26 -- Could not find principal node 'pagrawa' of primary type 'mgnl:user'
under startnode '/public' in workspace 'users'.
DEBUG info.magnolia.jaas.sp.ldap.LDAPUtils 16.11.2016 13:57:26 -- JNDI config
file [WEB-INF/config/ldap.properties] defined under key [jndi.ldap.config.ldap]
will be used.
DEBUG info.magnolia.jaas.sp.ldap.ConnectionFactory 16.11.2016 13:57:26 --
Trying to log in as uid=admin,ou=system with a password.
DEBUG info.magnolia.jaas.sp.ldap.ConnectionFactory 16.11.2016 13:57:26 --
Successful initialization dirContext.
DEBUG info.magnolia.jaas.sp.ldap.resolver.OpenLDAPGroupResolver 16.11.2016
13:57:26 -- Searching groups for pagrawa with:
(&(objectClass=groupOfNames)(member=member))
DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016
13:57:26 -- Executing query "select * from [mgnl:user] where name() = 'pagrawa'
and isdescendantnode(['/admin'])".
DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016
13:57:26 -- Retrieving node took 1ms (isInstallationPhase: false): path = <null>
DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016
13:57:26 -- Could not find principal node 'pagrawa' of primary type 'mgnl:user'
under startnode '/admin' in workspace 'users'.
DEBUG info.magnolia.jaas.sp.ldap.resolver.MagnoliaRoleResolver 16.11.2016
13:57:26 -- LDAP User pagrawa doesn't exist in magnolia repository. Create this
user in admin realm and attach to him appropriate groups/roles. If you want get
groups/roles attached to this user directly from ldap/ad use
OpenLDAPGroupResolver/ADGroupResolver.
DEBUG info.magnolia.jaas.sp.jcr.JCRAuthenticationModule 16.11.2016 13:57:26 --
initialized user pagrawa in 85ms
DEBUG info.magnolia.jaas.sp.jcr.JCRAuthenticationModule 16.11.2016 13:57:26 --
initializing user pagrawa
DEBUG info.magnolia.jaas.sp.jcr.JCRAuthenticationModule 16.11.2016 13:57:26 --
getting user manager for realm all
DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016
13:57:26 -- Executing query "select * from [mgnl:user] where name() = 'pagrawa'
and isdescendantnode(['/system'])".
DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016
13:57:26 -- Retrieving node took 1ms (isInstallationPhase: false): path = <null>
DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016
13:57:26 -- Could not find principal node 'pagrawa' of primary type 'mgnl:user'
under startnode '/system' in workspace 'users'.
DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016
13:57:26 -- Executing query "select * from [mgnl:user] where name() = 'pagrawa'
and isdescendantnode(['/admin'])".
DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016
13:57:26 -- Retrieving node took 0ms (isInstallationPhase: false): path = <null>
DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016
13:57:26 -- Could not find principal node 'pagrawa' of primary type 'mgnl:user'
under startnode '/admin' in workspace 'users'.
DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016
13:57:26 -- Executing query "select * from [mgnl:user] where name() = 'pagrawa'
and isdescendantnode(['/public'])".
DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016
13:57:26 -- Retrieving node took 2ms (isInstallationPhase: false): path = <null>
DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016
13:57:26 -- Could not find principal node 'pagrawa' of primary type 'mgnl:user'
under startnode '/public' in workspace 'users'.
DEBUG info.magnolia.jaas.sp.ldap.LDAPUtils 16.11.2016 13:57:26 -- JNDI config
file [WEB-INF/config/ldap.properties] defined under key [jndi.ldap.config.ldap]
will be used.
DEBUG info.magnolia.jaas.sp.ldap.ConnectionFactory 16.11.2016 13:57:26 --
Trying to log in as uid=admin,ou=system with a password.
DEBUG info.magnolia.jaas.sp.ldap.ConnectionFactory 16.11.2016 13:57:26 --
Successful initialization dirContext.
DEBUG info.magnolia.jaas.sp.ldap.resolver.OpenLDAPGroupResolver 16.11.2016
13:57:26 -- Searching groups for pagrawa with:
(&(objectClass=groupOfNames)(member=member))
DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016
13:57:26 -- Executing query "select * from [mgnl:user] where name() = 'pagrawa'
and isdescendantnode(['/admin'])".
DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016
13:57:26 -- Retrieving node took 2ms (isInstallationPhase: false): path = <null>
DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016
13:57:26 -- Could not find principal node 'pagrawa' of primary type 'mgnl:user'
under startnode '/admin' in workspace 'users'.
DEBUG info.magnolia.jaas.sp.ldap.resolver.MagnoliaRoleResolver 16.11.2016
13:57:26 -- LDAP User pagrawa doesn't exist in magnolia repository. Create this
user in admin realm and attach to him appropriate groups/roles. If you want get
groups/roles attached to this user directly from ldap/ad use
OpenLDAPGroupResolver/ADGroupResolver.
DEBUG info.magnolia.jaas.sp.jcr.JCRAuthenticationModule 16.11.2016 13:57:26 --
initialized user pagrawa in 21ms
DEBUG info.magnolia.jaas.sp.ldap.LDAPUtils 16.11.2016 13:57:26 -- JNDI config
file [WEB-INF/config/ldap.properties] defined under key [jndi.ldap.config.ldap]
will be used.
INFO info.magnolia.jaas.sp.ldap.ConnectionFactory 16.11.2016 13:57:26 --
Trying to log in as cn=prateek,ou=users,o=diligenta,dc=diligenta,dc=co,dc=uk
with a password.
DEBUG info.magnolia.jaas.sp.ldap.ConnectionFactory 16.11.2016 13:57:26 --
Login succeeded.
DEBUG info.magnolia.jaas.sp.jcr.JCRAuthorizationModule 16.11.2016 13:57:26 --
Roles: {}
DEBUG info.magnolia.jaas.sp.jcr.JCRAuthorizationModule 16.11.2016 13:57:26 --
Groups: {}
DEBUG info.magnolia.monitoring.SystemMonitor 16.11.2016 13:57:26 -- Memory
values: max = 475mb, total = 475mb, free = 48mb -> remaining = 48mb /
thresholds = 50mb or 10%
DEBUG info.magnolia.context.RequestAttributeStrategy 16.11.2016 13:57:26 --
Session initialized in order to set attribute 'javax.security.auth.Subject' to
'Subject:
Principal: info.magnolia.cms.security.ExternalUser@3c82d1f9
Principal: info.magnolia.cms.security.Realm$RealmImpl@179a1
Principal: RoleListImpl[name=roles,list=[]]
Principal: GroupListImpl[name=groups,list=[]]
Principal: PrincipalCollectionImpl[name=PrincipalCollection]
'. You should avoid using session when possible!
DEBUG info.magnolia.cms.filters.ContentTypeFilter 16.11.2016 13:57:26 --
Content type for http://localhost:8080/magnoliaAuthor/ is not set, status code
of response is 302.
DEBUG info.magnolia.context.AbstractRepositoryStrategy 16.11.2016 13:57:26 --
releasing jcr sessions
DEBUG info.magnolia.context.AbstractRepositoryStrategy 16.11.2016 13:57:26 --
releasing jcr sessions
DEBUG info.magnolia.context.AbstractRepositoryStrategy 16.11.2016 13:57:26 --
logged out jcr session: session-admin-452 by thread http-bio-8080-exec-3
DEBUG info.magnolia.cms.filters.MgnlMainFilter 16.11.2016 13:57:26 -- Handling
URI: /magnoliaAuthor/ - Path info: null
DEBUG info.magnolia.context.WebContextImpl 16.11.2016 13:57:26 -- new
WebContextImpl() info.magnolia.context.WebContextFactoryImpl$1@1667e673
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter [: not]
fired 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote
is now 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter [:
pattern: /.magnolia] fired 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote
is now 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter [: not]
fired 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote
is now 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter [:
pattern: /.magnolia] fired 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote
is now 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter [: not]
fired 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote
is now 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter [:
pattern: /.magnolia] fired 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote
is now 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter [: not]
fired 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote
is now 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter [:
pattern: /.magnolia] fired 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote
is now 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter
[admincentralFileUpload: pattern: /.magnolia/admincentral] fired 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote
is now 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter
[registrationCss: pattern: /.resources/enterprise/css/registration.css] fired 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote
is now 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter
[registrationImages: pattern:
/.resources/enterprise/images/registration/*.gif] fired 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote
is now 0
DEBUG info.magnolia.cms.security.auth.login.FormLogin 16.11.2016 13:57:26 --
handle login for null
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter
[allButActivationHandler: not pattern: /.magnolia/activation] fired 21
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote
is now 21
DEBUG info.magnolia.multisite.filters.MultiSiteFilter 16.11.2016 13:57:26 --
Determined domain as localhost on address 0:0:0:0:0:0:0:1. The assigned site is
fallback.
DEBUG info.magnolia.module.site.filters.SiteMergeFilter 16.11.2016 13:57:26 --
There's no variation named 'all'. Serving site 'fallback'.
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter
[BypassWhenNotInAdminCentral: not pattern: /.magnolia] fired 10
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote
is now 10
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter
[BypassWhenNotAuthenticated: not] fired 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter
[BypassWhenNoQueryParameters: not] fired 1
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter
[BypassWhenVaadinRequest: pattern: /.magnolia/admincentral] fired 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter
[dotMagnolia: pattern: /.magnolia] fired 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote
is now 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter
[resources: pattern: /.resources] fired 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote
is now 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter [login:
pattern: /.resources/defaultMagnoliaLoginForm] fired 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote
is now 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter [logout:
pattern: /.magnolia/pages/logout.html] fired 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote
is now 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter
[adminJavascript: pattern: /.magnolia/pages/javascript.js] fired 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote
is now 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter
[registrationCss: pattern: /.resources/enterprise/css/registration.css] fired 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote
is now 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter
[registrationImages: pattern:
/.resources/enterprise/images/registration/*.gif] fired 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote
is now 0
WARN info.magnolia.cms.security.PermissionUtil 16.11.2016 13:57:26 -- no
permissions found for [info.magnolia.cms.security.ExternalUser@3c82d1f9]
DEBUG info.magnolia.multisite.filters.SiteUriSecurityFilter 16.11.2016
13:57:26 -- Skipping site permission check for user pagrawa, permission read to
access uri / on site fallback
DEBUG info.magnolia.multisite.filters.SiteUriSecurityFilter 16.11.2016
13:57:26 -- User pagrawa has NOT been granted permission read to access uri /
DEBUG info.magnolia.context.AbstractRepositoryStrategy 16.11.2016 13:57:26 --
releasing jcr sessions
DEBUG info.magnolia.context.AbstractRepositoryStrategy 16.11.2016 13:57:26 --
releasing jcr sessions
-----------------------------------
I have added entry for ldap.properties inside magnolia.properties and also
created one user manager "External" as defined in the documentation in
magnolia, apart from this I have not done any changes in Magnolia admin central.
I have also done the testing with LDAP-Tester.jar provided in the documentation
and I am able to connect to LDAP but no groups are returned.
Please help.
Thanks in advance....
--
Context is everything:
http://forum.magnolia-cms.com/forum/thread.html?threadId=5b84b2e6-2098-4584-8cc0-6b781e393021
----------------------------------------------------------------
For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html
Alternatively, use our forums: http://forum.magnolia-cms.com/
To unsubscribe, E-mail to: <[email protected]>
----------------------------------------------------------------
