Hi again, Can you please search for traces org.nuxeo.ecm.directory.ldap in $JBoss_Home/server/default/log/server.log
If you can't find anything, please check the log4j configuration file ($JBoss_Home/server/default/conf/log4j.xml and check if you don't have a filter on org.nuxeo). NB : LDAP Binding does work, so there must be either a deployment issue or a configuration issue. Le vendredi 08 juin 2007 à 17:18 +0200, Pascal Vuylsteker a écrit : > > > On 6/8/07, Tiry <[EMAIL PROTECTED]> wrote: > So when you submit the login screen, you have a return message > on the > screen saying that authentication failed, right ? > > Yes, both on the screen and within the log > > > What is strange is that I don't see any LDAP trace in your > log. > Can you grep the log for org.nuxeo.ecm.directory.ldap, > please ? > > true, I can't find any track, > > My two files default-ldap-users-directory-bundle.xml > default-virtual-groups-bundle.xml > are in /opt/nuxeo/server/default/deploy/nuxeo.ear/config > > > Have you checked that your configuration fragment is > deployed ? > - it should be viewable in the log > > Can not see any ldap in the log (you are talking about the trace > displayed when we run.sh, aren't you ?) > > > - you should not be anymore able to log as > Administrator/Administrator > > I am not, as expected. > And there is a correct track of the nuxeo request within the ldap > server log : > [08/Jun/2007:16:52:58 +0200] conn=1114 op=5 msgId=6 - SRCH > base="o=ina" > scope=2 filter="(&(objectClass=inaorga > nizationalperson)(uid=mtest))" > attrs="o sn groups userPassword uid mail givenName" > [08/Jun/2007:16:52:58 +0200] conn=1114 op=5 msgId=6 - RESULT err=0 > tag=101 nentries=1 etime=0 > > > Pascal. > > > Tiry > > Le vendredi 08 juin 2007 à 15:46 +0200, Pascal Vuylsteker a > écrit : > > > > > > On 6/8/07, Tiry <[EMAIL PROTECTED]> wrote: > > Hi, > > > > When do you get this error ? > > - when the login form is displayed ? > > - when you submit the login form ? > > > > Both case > > > > > > If this is case 1 : this error log is "normal", this > is > > because one of > > the seam component is automatically started at > session startup > > and that > > component try to do an ejb call before auth is done. > > => It does not prevent you from loging in > > > > > > So the short info is that when I try a new authentification, > I get > > just the following added to the log : > > (and by the way, the LDAP sever is a Sun one) > > > > 15:41:44,548 ERROR [STDERR] > javax.security.auth.login.LoginException : > > Authentication Failed > > 15:41:44,548 ERROR [STDERR] at > > > > org.nuxeo.ecm.platform.login.NuxeoLoginModule.login(NuxeoLoginModule.java:247) > > 15:41:44,548 ERROR [STDERR] at > > sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) > > 15:41:44,549 ERROR [STDERR] at > > > > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) > > 15:41:44,549 ERROR [STDERR] at > > sun.reflect.DelegatingMethodAccessorImpl.invoke > (DelegatingMethodAccessorImpl.java :25) > > 15:41:44,549 ERROR [STDERR] at > > java.lang.reflect.Method.invoke(Method.java:585) > > 15:41:44,549 ERROR [STDERR] at > > javax.security.auth.login.LoginContext.invoke > (LoginContext.java:769) > > 15:41:44,549 ERROR [STDERR] at > > javax.security.auth.login.LoginContext.access > > $000(LoginContext.java:186) > > 15:41:44,549 ERROR [STDERR] at > > javax.security.auth.login.LoginContext$4.run > (LoginContext.java:683) > > 15:41:44,549 ERROR [STDERR] at > > java.security.AccessController.doPrivileged (Native Method) > > 15:41:44,549 ERROR [STDERR] at > > javax.security.auth.login.LoginContext.invokePriv > (LoginContext.java:680) > > 15:41:44,549 ERROR [STDERR] at > > > javax.security.auth.login.LoginContext.login(LoginContext.java :579) > > 15:41:44,549 ERROR [STDERR] at > > > > org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter.doAuthenticate > (NuxeoAuthenticationFilter.java:90) > > 15:41:44,549 ERROR [STDERR] at > > > org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter.doFilter > > (NuxeoAuthenticationFilter.java:163) > > 15:41:44,549 ERROR [STDERR] at > > > > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202) > > 15:41:44,550 ERROR [STDERR] at > > org.apache.catalina.core.ApplicationFilterChain.doFilter > > ( ApplicationFilterChain.java:173) > > 15:41:44,550 ERROR [STDERR] at > > > > org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96) > > 15:41:44,550 ERROR [STDERR] at > > > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter > > (ApplicationFilterChain.java:202) > > 15:41:44,550 ERROR [STDERR] at > > > > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) > > 15:41:44,550 ERROR [STDERR] at > > org.apache.catalina.core.StandardWrapperValve.invoke > > (StandardWrapperValve.java:213) > > 15:41:44,550 ERROR [STDERR] at > > > > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java > :178) > > 15:41:44,550 ERROR [STDERR] at > > > org.jboss.web.tomcat.security.SecurityAssociationValve.invoke > > (SecurityAssociationValve.java:175) > > 15:41:44,550 ERROR [STDERR] at > > org.jboss.web.tomcat.security.JaccContextValve.invoke > (JaccContextValve.java:74) > > 15:41:44,550 ERROR [STDERR] at > > org.apache.catalina.core.StandardHostValve.invoke > > (StandardHostValve.java:126) > > 15:41:44,550 ERROR [STDERR] at > > org.apache.catalina.valves.ErrorReportValve.invoke > (ErrorReportValve.java:105) > > 15:41:44,550 ERROR [STDERR] at > > org.apache.catalina.core.StandardEngineValve.invoke > > (StandardEngineValve.java:107) > > 15:41:44,550 ERROR [STDERR] at > > > > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148) > > 15:41:44,550 ERROR [STDERR] at > > org.apache.coyote.http11.Http11Processor.process > > (Http11Processor.java:869) > > 15:41:44,551 ERROR [STDERR] at > > org.apache.coyote.http11.Http11BaseProtocol > > > > $Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664) > > 15:41:44,551 ERROR [STDERR] at > > org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket > > (PoolTcpEndpoint.java:527) > > 15:41:44,551 ERROR [STDERR] at > > > > org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112) > > 15:41:44,551 ERROR [STDERR] at > > java.lang.Thread.run(Thread.java :613) > > > > > > > > As a complement, here is the file I am using : > > > > <?xml version="1.0"?> > > > > <component name="org.nuxeo.ecm.directory.ldap.storage.users > "> > > <implementation class=" > > org.nuxeo.ecm.directory.ldap.LDAPDirectoryDescriptor" /> > > <implementation > > class="org.nuxeo.ecm.directory.ldap.LDAPServerDescriptor > " /> > > <require>org.nuxeo.ecm.directory.ldap.LDAPDirectoryFactory > > </require> > > > > <!-- the groups SQL directories are required to make this > bundle > > work --> > > <require>org.nuxeo.ecm.directory.sql.storage</require> > > > > <extension > target="org.nuxeo.ecm.directory.ldap.LDAPDirectoryFactory > > " > > point="servers"> > > > > <!-- Configuration of a server connection > > > > A single server declaration can point to a cluster of > replicated > > servers (using OpenLDAP's slapd + sluprd for > instance). To > > leverage > > such a cluster and improve availibility, please > provide one > > <ldapUrl/> tag for each replica of the cluster. > > --> > > <server name="default"> > > > > <!-- modif PVK --> > > <ldapUrl>ldap://sunset.ina.fr:389</ldapUrl> > > <!-- Optional servers from the same cluster for > failover > > and load balancing: > > <ldapUrl>ldap://ldap.ina.fr:389</ldapUrl> > > > > <ldapUrl>ldaps://server3:389</ldapUrl> > > > > "ldaps" means TLS/SSL connection. > > --> > > > > <!-- Credentials used by Nuxeo5 to browse the > directory, create > > and modify entries. > > > > Only the authentication of users (bind) use the > credentials > > entered > > through the login form if any. > > > > --> > > <!-- modif PVK > > > <bindDn>cn=nuxeo5,ou=applications,dc=example,dc=com</bindDn> > > <bindPassword>changeme</bindPassword> > > --> > > > > <bindDn>uid=mtest,ou=personnes,o=ina</bindDn> > > <bindPassword>achanger</bindPassword> > > > > </server> > > > > </extension> > > > > <extension > > target="org.nuxeo.ecm.directory.ldap.LDAPDirectoryFactory" > > point="directories"> > > > > <directory name="userDirectory"> > > <server>default</server> > > <schema>user</schema> > > <idField>username</idField> > > <passwordField>password</passwordField> > > > > <!-- PVK > <searchBaseDn>ou=people,dc=example,dc=com</searchBaseDn> > > --> > > <searchBaseDn>o=ina</searchBaseDn> > > <!-- PVK <searchClass>person</searchClass> --> > > <!-- PVK <searchClass>*</searchClass> --> > > <searchClass>inetOrgPerson</searchClass> > > > > <!-- > > > <searchBaseDn>ou=people,dc=example,dc=com</searchBaseDn> > > <searchClass>person</searchClass> > > --> > > > > <!-- To additionally restricte entries you can add an > > arbitrary search filter such as the following: > > > > > > > > <searchFilter>(&(sn=toto*)(myCustomAttribute=somevalue))</searchFilter> > > > > Beware that "&" writes "&" in XML. > > --> > > > > <!-- use subtree if the people branch is nested --> > > <!-- PVK <searchScope>onelevel</searchScope> --> > > <searchScope>subtree</searchScope> > > > > <!-- PVK > > <creationBaseDn>ou=people,dc=example,dc=com</creationBaseDn> > --> > > <creationBaseDn>ou=personnes</creationBaseDn> > > <creationClass>top</creationClass> > > <creationClass>person</creationClass> > > <creationClass>organizationalPerson</creationClass> > > <creationClass>inetOrgPerson</creationClass> > > <rdnAttribute>uid</rdnAttribute> > > > > <fieldMapping name="username">uid</fieldMapping> > > <fieldMapping > name="password">userPassword</fieldMapping> > > <fieldMapping > name="firstName">givenName</fieldMapping> > > <fieldMapping name="lastName">sn</fieldMapping> > > <fieldMapping name="company">o</fieldMapping> > > <fieldMapping name="email">mail</fieldMapping> > > > > <references> > > > > <inverseReference field="groups" > directory="groupDirectory" > > dualReferenceField="members" /> > > > > </references> > > > > </directory> > > > > </extension> > > > > </component> > > > > > > > -- > Pascal Vuylsteker - consultant Opsomai > --- > Mob: 06 89 98 31 38 | Tel: +33 (0)1 58 39 38 26 | Fax: +33 (0)1 43 70 > 70 72 > eWork: [EMAIL PROTECTED] > eHome: [EMAIL PROTECTED] | callto://pascalpvk > gmail talk : [EMAIL PROTECTED] > --- > Work: http://www.opsomai.com/ > CV: http://www.vuylsteker.net/CV/index.fr.html > Contacts:vCard (3.0): http://www.vuylsteker.net/Pascal_Vuylsteker.vcf > Professional sphere: http://www.vrarchitect.net/ > LinkedIn: http://www.linkedin.com/in/pascalv > Bookmarks: http://del.icio.us/pvk > Work sphere: http://escience.anu.edu.au/ > Personal sphere: http://www.vuylsteker.net/ > Photos: http://www.flickr.com/photos/pvk/ > Blog: http://blog.vrarchitect.net/ > Plazes: http://beta.plazes.com/whereis/pvk > --- > La seule révolution possible, c'est d'essayer de s'améliorer > soi-même, > en espérant que les autres fassent la même démarche. > Le monde ira mieux alors. [ Georges > Brassens ] _______________________________________________ ECM mailing list [email protected] http://lists.nuxeo.com/mailman/listinfo/ecm
