Re: [Dev] [DEV] [IS] [user store] Login failed for user from secondary store when same ldap used for R/W & Read only

Wed, 14 Oct 2015 01:08:25 -0700 

Hi Darshana,

please find the log for login with RW domain.

[2015-10-14 13:25:46,003] DEBUG
{org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} -
 Authenticating user userkavirw2
[2015-10-14 13:25:46,004] DEBUG
{org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} -  Cache hit.
Using DN uid=userkavirw2,ou=People,ou=WSO2,o=Opensource,dc=ITIndustry,dc=sl
[2015-10-14 13:25:46,009] DEBUG
{org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} -  User:
uid=userkavirw2,ou=People,ou=WSO2,o=Opensource,dc=ITIndustry,dc=sl is
authnticated: true
[2015-10-14 13:25:46,009] DEBUG
{org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} -
 Authorization cache miss for username : rwldap.com/userkavirw2 resource
/permission/admin/login action : ui.execute
[2015-10-14 13:25:46,009] DEBUG
{org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} -
 Allowed roles for the ResourceID: /permission/admin/login Action:
ui.execute
[2015-10-14 13:25:46,009] DEBUG
{org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} -  role:
apach.com/role_kavi
[2015-10-14 13:25:46,010] DEBUG
{org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} -  role:
admin
[2015-10-14 13:25:46,010] DEBUG
{org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} -  role:
rw2/rolekavirw3
[2015-10-14 13:25:46,010] DEBUG
{org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} -  role:
rwldap.com/chalitharole
[2015-10-14 13:25:46,010] DEBUG
{org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} -  role:
rwldap.com/rolekavirw
[2015-10-14 13:25:46,010] DEBUG
{org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} -  role:
secondrole1
[2015-10-14 13:25:46,010] DEBUG
{org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} -  Roles
which have permission for resource : /permission/admin/login action :
ui.execute
[2015-10-14 13:25:46,010] DEBUG
{org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} -  Role
:  apach.com/role_kavi
[2015-10-14 13:25:46,010] DEBUG
{org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} -  Role
:  admin
[2015-10-14 13:25:46,010] DEBUG
{org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} -  Role
:  rw2/rolekavirw3
[2015-10-14 13:25:46,010] DEBUG
{org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} -  Role
:  rwldap.com/chalitharole
[2015-10-14 13:25:46,010] DEBUG
{org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} -  Role
:  rwldap.com/rolekavirw
[2015-10-14 13:25:46,011] DEBUG
{org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} -  Role
:  secondrole1
[2015-10-14 13:25:46,011] DEBUG
{org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} -
RWLDAP.COM/userkavirw2 user is not in role :  apach.com/role_kavi
[2015-10-14 13:25:46,011] DEBUG
{org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} -
RWLDAP.COM/userkavirw2 user is not in role :  admin
[2015-10-14 13:25:46,012] DEBUG
{org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} -
RWLDAP.COM/userkavirw2 user is not in role :  rw2/rolekavirw3
[2015-10-14 13:25:46,012] DEBUG
{org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} -  value
after escaping special characters in userkavirw2 : userkavirw2
[2015-10-14 13:25:46,012] DEBUG
{org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} -  Escaped DN
value for filter :
[2015-10-14 13:25:46,012] DEBUG
{org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} -  Do check
whether the user : userkavirw2 is in role: chalitharole
[2015-10-14 13:25:46,013] DEBUG
{org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} -  Search
filter : (&(objectClass=groupOfNames)(member=))
[2015-10-14 13:25:46,013] DEBUG
{org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} -  Requesting
attribute: cn
[2015-10-14 13:25:46,018] DEBUG
{org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} -  Do check
whether the user: userkavirw2 is in role: chalitharole
[2015-10-14 13:25:46,018] DEBUG
{org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} -  Search
filter: (&(objectClass=groupOfNames)(member=))
[2015-10-14 13:25:46,018] DEBUG
{org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} -  Requesting
attribute: cn
[2015-10-14 13:25:46,024] DEBUG
{org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} -  User:
userkavirw2 NOT in role: chalitharole
[2015-10-14 13:25:46,024] DEBUG
{org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} -
RWLDAP.COM/userkavirw2 user is not in role :  rwldap.com/chalitharole
[2015-10-14 13:25:46,025] DEBUG
{org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} -  value
after escaping special characters in userkavirw2 : userkavirw2
[2015-10-14 13:25:46,025] DEBUG
{org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} -  Escaped DN
value for filter :
[2015-10-14 13:25:46,025] DEBUG
{org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} -  Do check
whether the user : userkavirw2 is in role: rolekavirw
[2015-10-14 13:25:46,026] DEBUG
{org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} -  Search
filter : (&(objectClass=groupOfNames)(member=))
[2015-10-14 13:25:46,026] DEBUG
{org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} -  Requesting
attribute: cn
[2015-10-14 13:25:46,034] DEBUG
{org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} -  Do check
whether the user: userkavirw2 is in role: rolekavirw
[2015-10-14 13:25:46,035] DEBUG
{org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} -  Search
filter: (&(objectClass=groupOfNames)(member=))
[2015-10-14 13:25:46,035] DEBUG
{org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} -  Requesting
attribute: cn
[2015-10-14 13:25:46,039] DEBUG
{org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} -  User:
userkavirw2 NOT in role: rolekavirw
[2015-10-14 13:25:46,039] DEBUG
{org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} -
RWLDAP.COM/userkavirw2 user is not in role :  rwldap.com/rolekavirw
[2015-10-14 13:25:46,040] DEBUG
{org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} -
RWLDAP.COM/userkavirw2 user is not in role :  secondrole1
[2015-10-14 13:25:46,040] DEBUG
{org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} -
rwldap.com/userkavirw2 user is not Authorized to perform ui.execute on
/permission/admin/login
[2015-10-14 13:25:46,040]  WARN
{org.wso2.carbon.core.services.util.CarbonAuthenticationUtil} -  Failed
Administrator login attempt 'RWLDAP.COM/userkavirw2[-1234]' at [2015-10-14
13:25:46,040+0530]


Thanks & Kind regards,

On Wed, Oct 14, 2015 at 1:03 PM, Darshana Gunawardana <[email protected]>
wrote:

> And it seems you do not pr used the domain name when authenticating in the
> last case. Can you login providing the domain of the RW userstore and share
> the log.
>
>
> On Wednesday, 14 October 2015, Darshana Gunawardana <[email protected]>
> wrote:
>
>> There seems to issue with domain handling as per following log,
>>
>> DEBUG {org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager}
>> -  ROLDAP.COM/userkavirw2 <http://roldap.com/userkavirw2> user is not in
>> role :  rwldap.com/rolekavirw
>>
>>
>> Please raise a JIRA.
>>
>> Thanks,
>> Darshana
>>
>> On Wednesday, 14 October 2015, Darshana Gunawardana <[email protected]>
>> wrote:
>>
>>>
>>>
>>> On Wednesday, 14 October 2015, Maduranga Siriwardena <[email protected]>
>>> wrote:
>>>
>>>> Hi Kavitha,
>>>>
>>>> Have you assigned login permission to the user?
>>>>
>>>
>>> As Maduranga mentioned, user "http://rwldap.com/userkavirw3"; doesn't
>>> seems to have given login permission caused this behavior.
>>>
>>> Thanks,
>>>
>>>>
>>>> Thanks,
>>>> Maduranga.
>>>>
>>>> On Wed, Oct 14, 2015 at 10:09 AM, Kavitha Subramaniyam <
>>>> [email protected]> wrote:
>>>>
>>>>> Hi IS team,
>>>>>
>>>>> I have configured both R/W and Read only LDAP secondary user store
>>>>> manager by using same ldap connection and I could not be able to login via
>>>>> user created under RW ldap user store. But note that I could view the same
>>>>> user under both secondary store's domain (Users & Roles -> List -> select
>>>>> each domain and search).
>>>>>
>>>>> I want to check with you whether the above behavior is expected or
>>>>> not, please clarify..
>>>>>
>>>>> Steps followed:
>>>>> - Configure R/W secondary user store - ReadWriteLDAPUserStoreManager -
>>>>> using open ldap connectoin 1
>>>>> - Configure Read only secondary user store -
>>>>> ReadOnlyLDAPUserStoreManager - using open ldap connectoin 1
>>>>> - Create a user1 under R/W ldap domain
>>>>> - Login by user1
>>>>>
>>>>> When try to login without domain, log shows as below:
>>>>>
>>>>> ----------------------------------------------------------------------------
>>>>> [2015-10-13 16:32:55,232] DEBUG
>>>>> {org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager} -  SELECT * FROM
>>>>> UM_USER WHERE UM_USER_NAME=? AND UM_TENANT_ID=?
>>>>> [2015-10-13 16:32:55,241] DEBUG
>>>>> {org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager} -  User userkavirw3
>>>>> login attempt. Login success :: false
>>>>> [2015-10-13 16:32:55,241] DEBUG
>>>>> {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} -
>>>>>  Authenticating user userkavirw3
>>>>> [2015-10-13 16:32:55,241] DEBUG
>>>>> {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} -  Cache 
>>>>> hit.
>>>>> Using DN 
>>>>> uid=userkavirw3,ou=People,ou=WSO2,o=Opensource,dc=ITIndustry,dc=sl
>>>>> [2015-10-13 16:32:55,252] DEBUG
>>>>> {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} -  User:
>>>>> uid=userkavirw3,ou=People,ou=WSO2,o=Opensource,dc=ITIndustry,dc=sl is
>>>>> authnticated: true
>>>>> [2015-10-13 16:32:55,253] DEBUG
>>>>> {org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} -
>>>>>  Authorization cache hit. roldap.com/userkavirw3 user is not
>>>>> Authorized to perform ui.execute on /permission/admin/login
>>>>> [2015-10-13 16:32:55,253]  WARN
>>>>> {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil} -  Failed
>>>>> Administrator login attempt 'ROLDAP.COM/userkavirw3[-1234]
>>>>> <http://ROLDAP.COM/userkavirw3%5B-1234%5D>' at [2015-10-13
>>>>> 16:32:55,253+0530]
>>>>>
>>>>>
>>>>> When try to login with domain, log shows as below:
>>>>>
>>>>> ---------------------------------------------------------------------------
>>>>> [2015-10-13 16:33:14,424] DEBUG
>>>>> {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} -
>>>>>  Authenticating user userkavirw3
>>>>> [2015-10-13 16:33:14,425] DEBUG
>>>>> {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} -  Cache 
>>>>> hit.
>>>>> Using DN 
>>>>> uid=userkavirw3,ou=People,ou=WSO2,o=Opensource,dc=ITIndustry,dc=sl
>>>>> [2015-10-13 16:33:14,458] DEBUG
>>>>> {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} -  User:
>>>>> uid=userkavirw3,ou=People,ou=WSO2,o=Opensource,dc=ITIndustry,dc=sl is
>>>>> authnticated: true
>>>>> [2015-10-13 16:33:14,463] DEBUG
>>>>> {org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} -
>>>>>  Authorization cache hit. rwldap.com/userkavirw3 user is not
>>>>> Authorized to perform ui.execute on /permission/admin/login
>>>>> [2015-10-13 16:33:14,463]  WARN
>>>>> {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil} -  Failed
>>>>> Administrator login attempt 'RWLDAP.COM/userkavirw3[-1234]
>>>>> <http://RWLDAP.COM/userkavirw3%5B-1234%5D>' at [2015-10-13
>>>>> 16:33:14,463+0530]
>>>>>
>>>>>
>>>>> Thanks & Kind regards,
>>>>> --
>>>>> Kavitha.S
>>>>> *Software Engineer -QA*
>>>>> Mobile : +94 (0) 771538811 <%2B94%20%280%29%20773%20451194>
>>>>> [email protected]
>>>>>
>>>>> _______________________________________________
>>>>> Dev mailing list
>>>>> [email protected]
>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Maduranga Siriwardena
>>>> Software Engineer
>>>> WSO2 Inc.
>>>>
>>>> email: [email protected]
>>>> mobile: +94718990591
>>>>
>>>
>>>
>>> --
>>> Regards,
>>>
>>>
>>> *Darshana Gunawardana*Senior Software Engineer
>>> WSO2 Inc.; http://wso2.com
>>>
>>> *E-mail: [email protected]*
>>> *Mobile: +94718566859 <%2B94718566859>*Lean . Enterprise . Middleware
>>>
>>>
>>
>> --
>> Regards,
>>
>>
>> *Darshana Gunawardana*Senior Software Engineer
>> WSO2 Inc.; http://wso2.com
>>
>> *E-mail: [email protected]*
>> *Mobile: +94718566859 <%2B94718566859>*Lean . Enterprise . Middleware
>>
>>
>
> --
> Regards,
>
>
> *Darshana Gunawardana*Senior Software Engineer
> WSO2 Inc.; http://wso2.com
>
> *E-mail: [email protected] <[email protected]>*
> *Mobile: +94718566859 <%2B94718566859>*Lean . Enterprise . Middleware
>
>


-- 
Kavitha.S
*Software Engineer -QA*
Mobile : +94 (0) 771538811 <%2B94%20%280%29%20773%20451194>
[email protected] <[email protected]>

_______________________________________________
Dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/dev

Reply via email to