On 6/8/07, Tiry <[EMAIL PROTECTED]> wrote:
So when you submit the login screen, you have a return message on the screen saying that authentication failed, right ?
Yes, both on the screen and within the log What is strange is that I don't see any LDAP trace in your log.
Can you grep the log for org.nuxeo.ecm.directory.ldap, please ?
true, I can't find any track, My two files default-ldap-users-directory-bundle.xml default-virtual-groups-bundle.xml are in /opt/nuxeo/server/default/deploy/nuxeo.ear/config Have you checked that your configuration fragment is deployed ?
- it should be viewable in the log
Can not see any ldap in the log (you are talking about the trace displayed when we run.sh, aren't you ?) - you should not be anymore able to log as Administrator/Administrator I am not, as expected. And there is a correct track of the nuxeo request within the ldap server log : [08/Jun/2007:16:52:58 +0200] conn=1114 op=5 msgId=6 - SRCH base="o=ina" scope=2 filter="(&(objectClass=inaorganizationalperson)(uid=mtest))" attrs="o sn groups userPassword uid mail givenName" [08/Jun/2007:16:52:58 +0200] conn=1114 op=5 msgId=6 - RESULT err=0 tag=101 nentries=1 etime=0 Pascal. Tiry
Le vendredi 08 juin 2007 à 15:46 +0200, Pascal Vuylsteker a écrit : > > > On 6/8/07, Tiry <[EMAIL PROTECTED]> wrote: > Hi, > > When do you get this error ? > - when the login form is displayed ? > - when you submit the login form ? > > Both case > > > If this is case 1 : this error log is "normal", this is > because one of > the seam component is automatically started at session startup > and that > component try to do an ejb call before auth is done. > => It does not prevent you from loging in > > > So the short info is that when I try a new authentification, I get > just the following added to the log : > (and by the way, the LDAP sever is a Sun one) > > 15:41:44,548 ERROR [STDERR] javax.security.auth.login.LoginException : > Authentication Failed > 15:41:44,548 ERROR [STDERR] at > org.nuxeo.ecm.platform.login.NuxeoLoginModule.login( NuxeoLoginModule.java:247) > 15:41:44,548 ERROR [STDERR] at > sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) > 15:41:44,549 ERROR [STDERR] at > sun.reflect.NativeMethodAccessorImpl.invoke( NativeMethodAccessorImpl.java:39) > 15:41:44,549 ERROR [STDERR] at > sun.reflect.DelegatingMethodAccessorImpl.invoke( DelegatingMethodAccessorImpl.java :25) > 15:41:44,549 ERROR [STDERR] at > java.lang.reflect.Method.invoke(Method.java:585) > 15:41:44,549 ERROR [STDERR] at > javax.security.auth.login.LoginContext.invoke(LoginContext.java:769) > 15:41:44,549 ERROR [STDERR] at > javax.security.auth.login.LoginContext.access > $000(LoginContext.java:186) > 15:41:44,549 ERROR [STDERR] at > javax.security.auth.login.LoginContext$4.run(LoginContext.java:683) > 15:41:44,549 ERROR [STDERR] at > java.security.AccessController.doPrivileged (Native Method) > 15:41:44,549 ERROR [STDERR] at > javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) > 15:41:44,549 ERROR [STDERR] at > javax.security.auth.login.LoginContext.login(LoginContext.java :579) > 15:41:44,549 ERROR [STDERR] at > org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter.doAuthenticate (NuxeoAuthenticationFilter.java:90) > 15:41:44,549 ERROR [STDERR] at > org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter.doFilter > (NuxeoAuthenticationFilter.java:163) > 15:41:44,549 ERROR [STDERR] at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter( ApplicationFilterChain.java:202) > 15:41:44,550 ERROR [STDERR] at > org.apache.catalina.core.ApplicationFilterChain.doFilter > (ApplicationFilterChain.java:173) > 15:41:44,550 ERROR [STDERR] at > org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter( ReplyHeaderFilter.java:96) > 15:41:44,550 ERROR [STDERR] at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter > (ApplicationFilterChain.java:202) > 15:41:44,550 ERROR [STDERR] at > org.apache.catalina.core.ApplicationFilterChain.doFilter( ApplicationFilterChain.java:173) > 15:41:44,550 ERROR [STDERR] at > org.apache.catalina.core.StandardWrapperValve.invoke > (StandardWrapperValve.java:213) > 15:41:44,550 ERROR [STDERR] at > org.apache.catalina.core.StandardContextValve.invoke( StandardContextValve.java:178) > 15:41:44,550 ERROR [STDERR] at > org.jboss.web.tomcat.security.SecurityAssociationValve.invoke > (SecurityAssociationValve.java:175) > 15:41:44,550 ERROR [STDERR] at > org.jboss.web.tomcat.security.JaccContextValve.invoke( JaccContextValve.java:74) > 15:41:44,550 ERROR [STDERR] at > org.apache.catalina.core.StandardHostValve.invoke > (StandardHostValve.java:126) > 15:41:44,550 ERROR [STDERR] at > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java :105) > 15:41:44,550 ERROR [STDERR] at > org.apache.catalina.core.StandardEngineValve.invoke > (StandardEngineValve.java:107) > 15:41:44,550 ERROR [STDERR] at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java :148) > 15:41:44,550 ERROR [STDERR] at > org.apache.coyote.http11.Http11Processor.process > (Http11Processor.java:869) > 15:41:44,551 ERROR [STDERR] at > org.apache.coyote.http11.Http11BaseProtocol > $Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664) > 15:41:44,551 ERROR [STDERR] at > org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket > (PoolTcpEndpoint.java:527) > 15:41:44,551 ERROR [STDERR] at > org.apache.tomcat.util.net.MasterSlaveWorkerThread.run( MasterSlaveWorkerThread.java:112) > 15:41:44,551 ERROR [STDERR] at > java.lang.Thread.run(Thread.java :613) > > > > As a complement, here is the file I am using : > > <?xml version="1.0"?> > > <component name="org.nuxeo.ecm.directory.ldap.storage.users"> > <implementation class=" > org.nuxeo.ecm.directory.ldap.LDAPDirectoryDescriptor" /> > <implementation > class="org.nuxeo.ecm.directory.ldap.LDAPServerDescriptor" /> > <require>org.nuxeo.ecm.directory.ldap.LDAPDirectoryFactory > </require> > > <!-- the groups SQL directories are required to make this bundle > work --> > <require>org.nuxeo.ecm.directory.sql.storage</require> > > <extension target="org.nuxeo.ecm.directory.ldap.LDAPDirectoryFactory > " > point="servers"> > > <!-- Configuration of a server connection > > A single server declaration can point to a cluster of replicated > servers (using OpenLDAP's slapd + sluprd for instance). To > leverage > such a cluster and improve availibility, please provide one > <ldapUrl/> tag for each replica of the cluster. > --> > <server name="default"> > > <!-- modif PVK --> > <ldapUrl>ldap://sunset.ina.fr:389</ldapUrl> > <!-- Optional servers from the same cluster for failover > and load balancing: > <ldapUrl>ldap://ldap.ina.fr:389</ldapUrl> > > <ldapUrl>ldaps://server3:389</ldapUrl> > > "ldaps" means TLS/SSL connection. > --> > > <!-- Credentials used by Nuxeo5 to browse the directory, create > and modify entries. > > Only the authentication of users (bind) use the credentials > entered > through the login form if any. > > --> > <!-- modif PVK > <bindDn>cn=nuxeo5,ou=applications,dc=example,dc=com</bindDn> > <bindPassword>changeme</bindPassword> > --> > > <bindDn>uid=mtest,ou=personnes,o=ina</bindDn> > <bindPassword>achanger</bindPassword> > > </server> > > </extension> > > <extension > target="org.nuxeo.ecm.directory.ldap.LDAPDirectoryFactory" > point="directories"> > > <directory name="userDirectory"> > <server>default</server> > <schema>user</schema> > <idField>username</idField> > <passwordField>password</passwordField> > > <!-- PVK <searchBaseDn>ou=people,dc=example,dc=com</searchBaseDn> > --> > <searchBaseDn>o=ina</searchBaseDn> > <!-- PVK <searchClass>person</searchClass> --> > <!-- PVK <searchClass>*</searchClass> --> > <searchClass>inetOrgPerson</searchClass> > > <!-- > <searchBaseDn>ou=people,dc=example,dc=com</searchBaseDn> > <searchClass>person</searchClass> > --> > > <!-- To additionally restricte entries you can add an > arbitrary search filter such as the following: > > > <searchFilter>(&(sn=toto*)(myCustomAttribute=somevalue))</searchFilter> > > Beware that "&" writes "&" in XML. > --> > > <!-- use subtree if the people branch is nested --> > <!-- PVK <searchScope>onelevel</searchScope> --> > <searchScope>subtree</searchScope> > > <!-- PVK > <creationBaseDn>ou=people,dc=example,dc=com</creationBaseDn> --> > <creationBaseDn>ou=personnes</creationBaseDn> > <creationClass>top</creationClass> > <creationClass>person</creationClass> > <creationClass>organizationalPerson</creationClass> > <creationClass>inetOrgPerson</creationClass> > <rdnAttribute>uid</rdnAttribute> > > <fieldMapping name="username">uid</fieldMapping> > <fieldMapping name="password">userPassword</fieldMapping> > <fieldMapping name="firstName">givenName</fieldMapping> > <fieldMapping name="lastName">sn</fieldMapping> > <fieldMapping name="company">o</fieldMapping> > <fieldMapping name="email">mail</fieldMapping> > > <references> > > <inverseReference field="groups" directory="groupDirectory" > dualReferenceField="members" /> > > </references> > > </directory> > > </extension> > > </component> >
-- Pascal Vuylsteker - consultant Opsomai --- Mob: 06 89 98 31 38 | Tel: +33 (0)1 58 39 38 26 | Fax: +33 (0)1 43 70 70 72 eWork: [EMAIL PROTECTED] eHome: [EMAIL PROTECTED] | callto://pascalpvk gmail talk : [EMAIL PROTECTED] --- Work: http://www.opsomai.com/ CV: http://www.vuylsteker.net/CV/index.fr.html Contacts:vCard (3.0): http://www.vuylsteker.net/Pascal_Vuylsteker.vcf Professional sphere: http://www.vrarchitect.net/ LinkedIn: http://www.linkedin.com/in/pascalv Bookmarks: http://del.icio.us/pvk Work sphere: http://escience.anu.edu.au/ Personal sphere: http://www.vuylsteker.net/ Photos: http://www.flickr.com/photos/pvk/ Blog: http://blog.vrarchitect.net/ Plazes: http://beta.plazes.com/whereis/pvk --- La seule révolution possible, c'est d'essayer de s'améliorer soi-même, en espérant que les autres fassent la même démarche. Le monde ira mieux alors. [ Georges Brassens ]
_______________________________________________ ECM mailing list [email protected] http://lists.nuxeo.com/mailman/listinfo/ecm
