[magnolia-dev] How to retrieve the user group information from LDAP in Magnolia CMS

Mayank Parashar (via Magnolia Forums) Wed, 16 Nov 2016 07:17:14 -0800

Hi Team,
I have followed the magnolia documentation for LDAP module, I am using magnolia 
enterprise edition 5.4.9,I am able to Authenticate user from LDAP but I am 
unable to retrieve the Group details present for the users in LDAP, and hence I 
am unable to authorize the user in Magnolia.


Here are the config files which I have used:
-----------------------------------
JASS.CONFIG
magnolia {
 info.magnolia.jaas.sp.jcr.JCRAuthenticationModule optional;
 info.magnolia.jaas.sp.ldap.LDAPAuthenticationModule requisite
 skip_on_previous_success=true;
 info.magnolia.jaas.sp.jcr.JCRAuthorizationModule required;
 };
-----------------------------------
LDAP.Properties:
#Initial factory class
java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory

# LDAP url
java.naming.provider.url=ldap://localhost:1389/

java.naming.security.principal=uid=admin,ou=system
java.naming.security.credentials=xxxxxx

java.naming.security.authentication=simple

initialSearchAttributes=dc=xyz,dc=co,dc=uk
Organization=o
OrganizationUnit=ou
CommonName=cn
Surname=sn
GivenName=givenname
uid=uid
dn=dn
mail=mail
Password=userPassword
Language=language

roleResolverClass=info.magnolia.jaas.sp.ldap.resolver.MagnoliaRoleResolver

groupResolverClass=info.magnolia.jaas.sp.ldap.resolver.OpenLDAPGroupResolver
groupSearchContext=ou=groups,o=xyz,dc=xyz,dc=co,dc=uk
groupSearchFilter=(&(objectClass=groupOfNames)(member=member))
groupMembershipAttributeValue=dn
GroupId=cn
-----------------------------------
Debug logs for magnolia:

DEBUG  info.magnolia.cms.security.auth.login.FormLogin 16.11.2016 13:57:26 -- 
handle login for pagrawa
DEBUG  info.magnolia.jaas.sp.jcr.JCRAuthenticationModule 16.11.2016 13:57:26 -- 
initializing user pagrawa
DEBUG  info.magnolia.jaas.sp.jcr.JCRAuthenticationModule 16.11.2016 13:57:26 -- 
getting user manager for realm all
DEBUG  info.magnolia.context.AbstractRepositoryStrategy 16.11.2016 13:57:26 -- 
creating jcr session users by thread http-bio-8080-exec-3
DEBUG  info.magnolia.cms.core.MagnoliaAccessProvider 16.11.2016 13:57:26 -- 
getEditor(session-admin-452)
DEBUG  info.magnolia.cms.core.MagnoliaAccessProvider 16.11.2016 13:57:26 -- 
compile permissions for 
admin[info.magnolia.jaas.sp.jcr.MagnoliaJRAdminPrincipal] at users
DEBUG  info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 
13:57:26 -- Executing query "select * from [mgnl:user] where name() = 'pagrawa' 
and isdescendantnode(['/system'])".
DEBUG  info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 
13:57:26 -- Retrieving node took 1ms (isInstallationPhase: false): path = <null>
DEBUG  info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 
13:57:26 -- Could not find principal node 'pagrawa' of primary type 'mgnl:user' 
under startnode '/system' in workspace 'users'.
DEBUG  info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 
13:57:26 -- Executing query "select * from [mgnl:user] where name() = 'pagrawa' 
and isdescendantnode(['/admin'])".
DEBUG  info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 
13:57:26 -- Retrieving node took 1ms (isInstallationPhase: false): path = <null>
DEBUG  info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 
13:57:26 -- Could not find principal node 'pagrawa' of primary type 'mgnl:user' 
under startnode '/admin' in workspace 'users'.
DEBUG  info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 
13:57:26 -- Executing query "select * from [mgnl:user] where name() = 'pagrawa' 
and isdescendantnode(['/public'])".
DEBUG  info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 
13:57:26 -- Retrieving node took 2ms (isInstallationPhase: false): path = <null>
DEBUG  info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 
13:57:26 -- Could not find principal node 'pagrawa' of primary type 'mgnl:user' 
under startnode '/public' in workspace 'users'.
DEBUG  info.magnolia.jaas.sp.ldap.LDAPUtils 16.11.2016 13:57:26 -- JNDI config 
file [WEB-INF/config/ldap.properties] defined under key [jndi.ldap.config.ldap] 
will be used.
DEBUG  info.magnolia.jaas.sp.ldap.ConnectionFactory 16.11.2016 13:57:26 -- 
Trying to log in as uid=admin,ou=system with a password.
DEBUG  info.magnolia.jaas.sp.ldap.ConnectionFactory 16.11.2016 13:57:26 -- 
Successful initialization dirContext.
DEBUG  info.magnolia.jaas.sp.ldap.resolver.OpenLDAPGroupResolver 16.11.2016 
13:57:26 -- Searching groups for pagrawa with: 
(&(objectClass=groupOfNames)(member=member))
DEBUG  info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 
13:57:26 -- Executing query "select * from [mgnl:user] where name() = 'pagrawa' 
and isdescendantnode(['/admin'])".
DEBUG  info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 
13:57:26 -- Retrieving node took 1ms (isInstallationPhase: false): path = <null>
DEBUG  info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 
13:57:26 -- Could not find principal node 'pagrawa' of primary type 'mgnl:user' 
under startnode '/admin' in workspace 'users'.
DEBUG  info.magnolia.jaas.sp.ldap.resolver.MagnoliaRoleResolver 16.11.2016 
13:57:26 -- LDAP User pagrawa doesn't exist in magnolia repository. Create this 
user in admin realm and attach to him appropriate groups/roles. If you want get 
groups/roles attached to this user directly from ldap/ad use 
OpenLDAPGroupResolver/ADGroupResolver.
DEBUG  info.magnolia.jaas.sp.jcr.JCRAuthenticationModule 16.11.2016 13:57:26 -- 
initialized user pagrawa in 85ms
DEBUG  info.magnolia.jaas.sp.jcr.JCRAuthenticationModule 16.11.2016 13:57:26 -- 
initializing user pagrawa
DEBUG  info.magnolia.jaas.sp.jcr.JCRAuthenticationModule 16.11.2016 13:57:26 -- 
getting user manager for realm all
DEBUG  info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 
13:57:26 -- Executing query "select * from [mgnl:user] where name() = 'pagrawa' 
and isdescendantnode(['/system'])".
DEBUG  info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 
13:57:26 -- Retrieving node took 1ms (isInstallationPhase: false): path = <null>
DEBUG  info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 
13:57:26 -- Could not find principal node 'pagrawa' of primary type 'mgnl:user' 
under startnode '/system' in workspace 'users'.
DEBUG  info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 
13:57:26 -- Executing query "select * from [mgnl:user] where name() = 'pagrawa' 
and isdescendantnode(['/admin'])".
DEBUG  info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 
13:57:26 -- Retrieving node took 0ms (isInstallationPhase: false): path = <null>
DEBUG  info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 
13:57:26 -- Could not find principal node 'pagrawa' of primary type 'mgnl:user' 
under startnode '/admin' in workspace 'users'.
DEBUG  info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 
13:57:26 -- Executing query "select * from [mgnl:user] where name() = 'pagrawa' 
and isdescendantnode(['/public'])".
DEBUG  info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 
13:57:26 -- Retrieving node took 2ms (isInstallationPhase: false): path = <null>
DEBUG  info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 
13:57:26 -- Could not find principal node 'pagrawa' of primary type 'mgnl:user' 
under startnode '/public' in workspace 'users'.
DEBUG  info.magnolia.jaas.sp.ldap.LDAPUtils 16.11.2016 13:57:26 -- JNDI config 
file [WEB-INF/config/ldap.properties] defined under key [jndi.ldap.config.ldap] 
will be used.
DEBUG  info.magnolia.jaas.sp.ldap.ConnectionFactory 16.11.2016 13:57:26 -- 
Trying to log in as uid=admin,ou=system with a password.
DEBUG  info.magnolia.jaas.sp.ldap.ConnectionFactory 16.11.2016 13:57:26 -- 
Successful initialization dirContext.
DEBUG  info.magnolia.jaas.sp.ldap.resolver.OpenLDAPGroupResolver 16.11.2016 
13:57:26 -- Searching groups for pagrawa with: 
(&(objectClass=groupOfNames)(member=member))
DEBUG  info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 
13:57:26 -- Executing query "select * from [mgnl:user] where name() = 'pagrawa' 
and isdescendantnode(['/admin'])".
DEBUG  info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 
13:57:26 -- Retrieving node took 2ms (isInstallationPhase: false): path = <null>
DEBUG  info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 
13:57:26 -- Could not find principal node 'pagrawa' of primary type 'mgnl:user' 
under startnode '/admin' in workspace 'users'.
DEBUG  info.magnolia.jaas.sp.ldap.resolver.MagnoliaRoleResolver 16.11.2016 
13:57:26 -- LDAP User pagrawa doesn't exist in magnolia repository. Create this 
user in admin realm and attach to him appropriate groups/roles. If you want get 
groups/roles attached to this user directly from ldap/ad use 
OpenLDAPGroupResolver/ADGroupResolver.
DEBUG  info.magnolia.jaas.sp.jcr.JCRAuthenticationModule 16.11.2016 13:57:26 -- 
initialized user pagrawa in 21ms
DEBUG  info.magnolia.jaas.sp.ldap.LDAPUtils 16.11.2016 13:57:26 -- JNDI config 
file [WEB-INF/config/ldap.properties] defined under key [jndi.ldap.config.ldap] 
will be used.
INFO   info.magnolia.jaas.sp.ldap.ConnectionFactory 16.11.2016 13:57:26 -- 
Trying to log in as cn=prateek,ou=users,o=diligenta,dc=diligenta,dc=co,dc=uk 
with a password.
DEBUG  info.magnolia.jaas.sp.ldap.ConnectionFactory 16.11.2016 13:57:26 -- 
Login succeeded.
DEBUG  info.magnolia.jaas.sp.jcr.JCRAuthorizationModule 16.11.2016 13:57:26 -- 
Roles: {}
DEBUG  info.magnolia.jaas.sp.jcr.JCRAuthorizationModule 16.11.2016 13:57:26 -- 
Groups: {}
DEBUG  info.magnolia.monitoring.SystemMonitor 16.11.2016 13:57:26 -- Memory 
values: max = 475mb, total = 475mb, free = 48mb -> remaining = 48mb / 
thresholds = 50mb or 10%
DEBUG  info.magnolia.context.RequestAttributeStrategy 16.11.2016 13:57:26 -- 
Session initialized in order to set attribute 'javax.security.auth.Subject' to 
'Subject:
    Principal: info.magnolia.cms.security.ExternalUser@3c82d1f9
    Principal: info.magnolia.cms.security.Realm$RealmImpl@179a1
    Principal: RoleListImpl[name=roles,list=[]]
    Principal: GroupListImpl[name=groups,list=[]]
    Principal: PrincipalCollectionImpl[name=PrincipalCollection]
'. You should avoid using session when possible!
DEBUG  info.magnolia.cms.filters.ContentTypeFilter 16.11.2016 13:57:26 -- 
Content type for http://localhost:8080/magnoliaAuthor/ is not set, status code 
of response is 302.
DEBUG  info.magnolia.context.AbstractRepositoryStrategy 16.11.2016 13:57:26 -- 
releasing jcr sessions
DEBUG  info.magnolia.context.AbstractRepositoryStrategy 16.11.2016 13:57:26 -- 
releasing jcr sessions
DEBUG  info.magnolia.context.AbstractRepositoryStrategy 16.11.2016 13:57:26 -- 
logged out jcr session: session-admin-452 by thread http-bio-8080-exec-3
DEBUG  info.magnolia.cms.filters.MgnlMainFilter 16.11.2016 13:57:26 -- Handling 
URI: /magnoliaAuthor/ - Path info: null
DEBUG  info.magnolia.context.WebContextImpl 16.11.2016 13:57:26 -- new 
WebContextImpl() info.magnolia.context.WebContextFactoryImpl$1@1667e673
DEBUG  info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter [: not] 
fired 0
DEBUG  info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote 
is now 0
DEBUG  info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter [:  
pattern: /.magnolia] fired 0
DEBUG  info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote 
is now 0
DEBUG  info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter [: not] 
fired 0
DEBUG  info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote 
is now 0
DEBUG  info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter [:  
pattern: /.magnolia] fired 0
DEBUG  info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote 
is now 0
DEBUG  info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter [: not] 
fired 0
DEBUG  info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote 
is now 0
DEBUG  info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter [:  
pattern: /.magnolia] fired 0
DEBUG  info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote 
is now 0
DEBUG  info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter [: not] 
fired 0
DEBUG  info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote 
is now 0
DEBUG  info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter [:  
pattern: /.magnolia] fired 0
DEBUG  info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote 
is now 0
DEBUG  info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter 
[admincentralFileUpload:  pattern: /.magnolia/admincentral] fired 0
DEBUG  info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote 
is now 0
DEBUG  info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter 
[registrationCss:  pattern: /.resources/enterprise/css/registration.css] fired 0
DEBUG  info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote 
is now 0
DEBUG  info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter 
[registrationImages:  pattern: 
/.resources/enterprise/images/registration/*.gif] fired 0
DEBUG  info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote 
is now 0
DEBUG  info.magnolia.cms.security.auth.login.FormLogin 16.11.2016 13:57:26 -- 
handle login for null
DEBUG  info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter 
[allButActivationHandler: not pattern: /.magnolia/activation] fired 21
DEBUG  info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote 
is now 21
DEBUG  info.magnolia.multisite.filters.MultiSiteFilter 16.11.2016 13:57:26 -- 
Determined domain as localhost on address 0:0:0:0:0:0:0:1. The assigned site is 
fallback.
DEBUG  info.magnolia.module.site.filters.SiteMergeFilter 16.11.2016 13:57:26 -- 
There's no variation named 'all'. Serving site 'fallback'.
DEBUG  info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter 
[BypassWhenNotInAdminCentral: not pattern: /.magnolia] fired 10
DEBUG  info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote 
is now 10
DEBUG  info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter 
[BypassWhenNotAuthenticated: not] fired 0
DEBUG  info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter 
[BypassWhenNoQueryParameters: not] fired 1
DEBUG  info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter 
[BypassWhenVaadinRequest:  pattern: /.magnolia/admincentral] fired 0
DEBUG  info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter 
[dotMagnolia:  pattern: /.magnolia] fired 0
DEBUG  info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote 
is now 0
DEBUG  info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter 
[resources:  pattern: /.resources] fired 0
DEBUG  info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote 
is now 0
DEBUG  info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter [login:  
pattern: /.resources/defaultMagnoliaLoginForm] fired 0
DEBUG  info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote 
is now 0
DEBUG  info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter [logout: 
 pattern: /.magnolia/pages/logout.html] fired 0
DEBUG  info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote 
is now 0
DEBUG  info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter 
[adminJavascript:  pattern: /.magnolia/pages/javascript.js] fired 0
DEBUG  info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote 
is now 0
DEBUG  info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter 
[registrationCss:  pattern: /.resources/enterprise/css/registration.css] fired 0
DEBUG  info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote 
is now 0
DEBUG  info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter 
[registrationImages:  pattern: 
/.resources/enterprise/images/registration/*.gif] fired 0
DEBUG  info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote 
is now 0
WARN   info.magnolia.cms.security.PermissionUtil 16.11.2016 13:57:26 -- no 
permissions found for [info.magnolia.cms.security.ExternalUser@3c82d1f9]
DEBUG  info.magnolia.multisite.filters.SiteUriSecurityFilter 16.11.2016 
13:57:26 -- Skipping site permission check for user pagrawa, permission read to 
access uri / on site fallback
DEBUG  info.magnolia.multisite.filters.SiteUriSecurityFilter 16.11.2016 
13:57:26 -- User pagrawa has NOT been granted permission read to access uri /
DEBUG  info.magnolia.context.AbstractRepositoryStrategy 16.11.2016 13:57:26 -- 
releasing jcr sessions
DEBUG  info.magnolia.context.AbstractRepositoryStrategy 16.11.2016 13:57:26 -- 
releasing jcr sessions
-----------------------------------
I have added entry for  ldap.properties inside magnolia.properties and also 
created one user manager "External" as defined in the documentation in 
magnolia, apart from this I have not done any changes in Magnolia admin central.

I have also done the testing with LDAP-Tester.jar provided in the documentation 
and I am able to connect to LDAP but no groups are returned.

Please help.

Thanks in advance....

-- 
Context is everything: 
http://forum.magnolia-cms.com/forum/thread.html?threadId=5b84b2e6-2098-4584-8cc0-6b781e393021


----------------------------------------------------------------
For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html
Alternatively, use our forums: http://forum.magnolia-cms.com/
To unsubscribe, E-mail to: <dev-list-unsubscr...@magnolia-cms.com>
----------------------------------------------------------------

[magnolia-dev] How to retrieve the user group information from LDAP in Magnolia CMS

Reply via email to