Hi Team, I have followed the magnolia documentation for LDAP module, I am using magnolia enterprise edition 5.4.9,I am able to Authenticate user from LDAP but I am unable to retrieve the Group details present for the users in LDAP, and hence I am unable to authorize the user in Magnolia.
Here are the config files which I have used: ----------------------------------- JASS.CONFIG magnolia { info.magnolia.jaas.sp.jcr.JCRAuthenticationModule optional; info.magnolia.jaas.sp.ldap.LDAPAuthenticationModule requisite skip_on_previous_success=true; info.magnolia.jaas.sp.jcr.JCRAuthorizationModule required; }; ----------------------------------- LDAP.Properties: #Initial factory class java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory # LDAP url java.naming.provider.url=ldap://localhost:1389/ java.naming.security.principal=uid=admin,ou=system java.naming.security.credentials=xxxxxx java.naming.security.authentication=simple initialSearchAttributes=dc=xyz,dc=co,dc=uk Organization=o OrganizationUnit=ou CommonName=cn Surname=sn GivenName=givenname uid=uid dn=dn mail=mail Password=userPassword Language=language roleResolverClass=info.magnolia.jaas.sp.ldap.resolver.MagnoliaRoleResolver groupResolverClass=info.magnolia.jaas.sp.ldap.resolver.OpenLDAPGroupResolver groupSearchContext=ou=groups,o=xyz,dc=xyz,dc=co,dc=uk groupSearchFilter=(&(objectClass=groupOfNames)(member=member)) groupMembershipAttributeValue=dn GroupId=cn ----------------------------------- Debug logs for magnolia: DEBUG info.magnolia.cms.security.auth.login.FormLogin 16.11.2016 13:57:26 -- handle login for pagrawa DEBUG info.magnolia.jaas.sp.jcr.JCRAuthenticationModule 16.11.2016 13:57:26 -- initializing user pagrawa DEBUG info.magnolia.jaas.sp.jcr.JCRAuthenticationModule 16.11.2016 13:57:26 -- getting user manager for realm all DEBUG info.magnolia.context.AbstractRepositoryStrategy 16.11.2016 13:57:26 -- creating jcr session users by thread http-bio-8080-exec-3 DEBUG info.magnolia.cms.core.MagnoliaAccessProvider 16.11.2016 13:57:26 -- getEditor(session-admin-452) DEBUG info.magnolia.cms.core.MagnoliaAccessProvider 16.11.2016 13:57:26 -- compile permissions for admin[info.magnolia.jaas.sp.jcr.MagnoliaJRAdminPrincipal] at users DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 13:57:26 -- Executing query "select * from [mgnl:user] where name() = 'pagrawa' and isdescendantnode(['/system'])". DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 13:57:26 -- Retrieving node took 1ms (isInstallationPhase: false): path = <null> DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 13:57:26 -- Could not find principal node 'pagrawa' of primary type 'mgnl:user' under startnode '/system' in workspace 'users'. DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 13:57:26 -- Executing query "select * from [mgnl:user] where name() = 'pagrawa' and isdescendantnode(['/admin'])". DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 13:57:26 -- Retrieving node took 1ms (isInstallationPhase: false): path = <null> DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 13:57:26 -- Could not find principal node 'pagrawa' of primary type 'mgnl:user' under startnode '/admin' in workspace 'users'. DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 13:57:26 -- Executing query "select * from [mgnl:user] where name() = 'pagrawa' and isdescendantnode(['/public'])". DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 13:57:26 -- Retrieving node took 2ms (isInstallationPhase: false): path = <null> DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 13:57:26 -- Could not find principal node 'pagrawa' of primary type 'mgnl:user' under startnode '/public' in workspace 'users'. DEBUG info.magnolia.jaas.sp.ldap.LDAPUtils 16.11.2016 13:57:26 -- JNDI config file [WEB-INF/config/ldap.properties] defined under key [jndi.ldap.config.ldap] will be used. DEBUG info.magnolia.jaas.sp.ldap.ConnectionFactory 16.11.2016 13:57:26 -- Trying to log in as uid=admin,ou=system with a password. DEBUG info.magnolia.jaas.sp.ldap.ConnectionFactory 16.11.2016 13:57:26 -- Successful initialization dirContext. DEBUG info.magnolia.jaas.sp.ldap.resolver.OpenLDAPGroupResolver 16.11.2016 13:57:26 -- Searching groups for pagrawa with: (&(objectClass=groupOfNames)(member=member)) DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 13:57:26 -- Executing query "select * from [mgnl:user] where name() = 'pagrawa' and isdescendantnode(['/admin'])". DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 13:57:26 -- Retrieving node took 1ms (isInstallationPhase: false): path = <null> DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 13:57:26 -- Could not find principal node 'pagrawa' of primary type 'mgnl:user' under startnode '/admin' in workspace 'users'. DEBUG info.magnolia.jaas.sp.ldap.resolver.MagnoliaRoleResolver 16.11.2016 13:57:26 -- LDAP User pagrawa doesn't exist in magnolia repository. Create this user in admin realm and attach to him appropriate groups/roles. If you want get groups/roles attached to this user directly from ldap/ad use OpenLDAPGroupResolver/ADGroupResolver. DEBUG info.magnolia.jaas.sp.jcr.JCRAuthenticationModule 16.11.2016 13:57:26 -- initialized user pagrawa in 85ms DEBUG info.magnolia.jaas.sp.jcr.JCRAuthenticationModule 16.11.2016 13:57:26 -- initializing user pagrawa DEBUG info.magnolia.jaas.sp.jcr.JCRAuthenticationModule 16.11.2016 13:57:26 -- getting user manager for realm all DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 13:57:26 -- Executing query "select * from [mgnl:user] where name() = 'pagrawa' and isdescendantnode(['/system'])". DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 13:57:26 -- Retrieving node took 1ms (isInstallationPhase: false): path = <null> DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 13:57:26 -- Could not find principal node 'pagrawa' of primary type 'mgnl:user' under startnode '/system' in workspace 'users'. DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 13:57:26 -- Executing query "select * from [mgnl:user] where name() = 'pagrawa' and isdescendantnode(['/admin'])". DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 13:57:26 -- Retrieving node took 0ms (isInstallationPhase: false): path = <null> DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 13:57:26 -- Could not find principal node 'pagrawa' of primary type 'mgnl:user' under startnode '/admin' in workspace 'users'. DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 13:57:26 -- Executing query "select * from [mgnl:user] where name() = 'pagrawa' and isdescendantnode(['/public'])". DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 13:57:26 -- Retrieving node took 2ms (isInstallationPhase: false): path = <null> DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 13:57:26 -- Could not find principal node 'pagrawa' of primary type 'mgnl:user' under startnode '/public' in workspace 'users'. DEBUG info.magnolia.jaas.sp.ldap.LDAPUtils 16.11.2016 13:57:26 -- JNDI config file [WEB-INF/config/ldap.properties] defined under key [jndi.ldap.config.ldap] will be used. DEBUG info.magnolia.jaas.sp.ldap.ConnectionFactory 16.11.2016 13:57:26 -- Trying to log in as uid=admin,ou=system with a password. DEBUG info.magnolia.jaas.sp.ldap.ConnectionFactory 16.11.2016 13:57:26 -- Successful initialization dirContext. DEBUG info.magnolia.jaas.sp.ldap.resolver.OpenLDAPGroupResolver 16.11.2016 13:57:26 -- Searching groups for pagrawa with: (&(objectClass=groupOfNames)(member=member)) DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 13:57:26 -- Executing query "select * from [mgnl:user] where name() = 'pagrawa' and isdescendantnode(['/admin'])". DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 13:57:26 -- Retrieving node took 2ms (isInstallationPhase: false): path = <null> DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 13:57:26 -- Could not find principal node 'pagrawa' of primary type 'mgnl:user' under startnode '/admin' in workspace 'users'. DEBUG info.magnolia.jaas.sp.ldap.resolver.MagnoliaRoleResolver 16.11.2016 13:57:26 -- LDAP User pagrawa doesn't exist in magnolia repository. Create this user in admin realm and attach to him appropriate groups/roles. If you want get groups/roles attached to this user directly from ldap/ad use OpenLDAPGroupResolver/ADGroupResolver. DEBUG info.magnolia.jaas.sp.jcr.JCRAuthenticationModule 16.11.2016 13:57:26 -- initialized user pagrawa in 21ms DEBUG info.magnolia.jaas.sp.ldap.LDAPUtils 16.11.2016 13:57:26 -- JNDI config file [WEB-INF/config/ldap.properties] defined under key [jndi.ldap.config.ldap] will be used. INFO info.magnolia.jaas.sp.ldap.ConnectionFactory 16.11.2016 13:57:26 -- Trying to log in as cn=prateek,ou=users,o=diligenta,dc=diligenta,dc=co,dc=uk with a password. DEBUG info.magnolia.jaas.sp.ldap.ConnectionFactory 16.11.2016 13:57:26 -- Login succeeded. DEBUG info.magnolia.jaas.sp.jcr.JCRAuthorizationModule 16.11.2016 13:57:26 -- Roles: {} DEBUG info.magnolia.jaas.sp.jcr.JCRAuthorizationModule 16.11.2016 13:57:26 -- Groups: {} DEBUG info.magnolia.monitoring.SystemMonitor 16.11.2016 13:57:26 -- Memory values: max = 475mb, total = 475mb, free = 48mb -> remaining = 48mb / thresholds = 50mb or 10% DEBUG info.magnolia.context.RequestAttributeStrategy 16.11.2016 13:57:26 -- Session initialized in order to set attribute 'javax.security.auth.Subject' to 'Subject: Principal: info.magnolia.cms.security.ExternalUser@3c82d1f9 Principal: info.magnolia.cms.security.Realm$RealmImpl@179a1 Principal: RoleListImpl[name=roles,list=[]] Principal: GroupListImpl[name=groups,list=[]] Principal: PrincipalCollectionImpl[name=PrincipalCollection] '. You should avoid using session when possible! DEBUG info.magnolia.cms.filters.ContentTypeFilter 16.11.2016 13:57:26 -- Content type for http://localhost:8080/magnoliaAuthor/ is not set, status code of response is 302. DEBUG info.magnolia.context.AbstractRepositoryStrategy 16.11.2016 13:57:26 -- releasing jcr sessions DEBUG info.magnolia.context.AbstractRepositoryStrategy 16.11.2016 13:57:26 -- releasing jcr sessions DEBUG info.magnolia.context.AbstractRepositoryStrategy 16.11.2016 13:57:26 -- logged out jcr session: session-admin-452 by thread http-bio-8080-exec-3 DEBUG info.magnolia.cms.filters.MgnlMainFilter 16.11.2016 13:57:26 -- Handling URI: /magnoliaAuthor/ - Path info: null DEBUG info.magnolia.context.WebContextImpl 16.11.2016 13:57:26 -- new WebContextImpl() info.magnolia.context.WebContextFactoryImpl$1@1667e673 DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter [: not] fired 0 DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote is now 0 DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter [: pattern: /.magnolia] fired 0 DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote is now 0 DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter [: not] fired 0 DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote is now 0 DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter [: pattern: /.magnolia] fired 0 DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote is now 0 DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter [: not] fired 0 DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote is now 0 DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter [: pattern: /.magnolia] fired 0 DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote is now 0 DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter [: not] fired 0 DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote is now 0 DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter [: pattern: /.magnolia] fired 0 DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote is now 0 DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter [admincentralFileUpload: pattern: /.magnolia/admincentral] fired 0 DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote is now 0 DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter [registrationCss: pattern: /.resources/enterprise/css/registration.css] fired 0 DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote is now 0 DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter [registrationImages: pattern: /.resources/enterprise/images/registration/*.gif] fired 0 DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote is now 0 DEBUG info.magnolia.cms.security.auth.login.FormLogin 16.11.2016 13:57:26 -- handle login for null DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter [allButActivationHandler: not pattern: /.magnolia/activation] fired 21 DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote is now 21 DEBUG info.magnolia.multisite.filters.MultiSiteFilter 16.11.2016 13:57:26 -- Determined domain as localhost on address 0:0:0:0:0:0:0:1. The assigned site is fallback. DEBUG info.magnolia.module.site.filters.SiteMergeFilter 16.11.2016 13:57:26 -- There's no variation named 'all'. Serving site 'fallback'. DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter [BypassWhenNotInAdminCentral: not pattern: /.magnolia] fired 10 DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote is now 10 DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter [BypassWhenNotAuthenticated: not] fired 0 DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter [BypassWhenNoQueryParameters: not] fired 1 DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter [BypassWhenVaadinRequest: pattern: /.magnolia/admincentral] fired 0 DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter [dotMagnolia: pattern: /.magnolia] fired 0 DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote is now 0 DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter [resources: pattern: /.resources] fired 0 DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote is now 0 DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter [login: pattern: /.resources/defaultMagnoliaLoginForm] fired 0 DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote is now 0 DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter [logout: pattern: /.magnolia/pages/logout.html] fired 0 DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote is now 0 DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter [adminJavascript: pattern: /.magnolia/pages/javascript.js] fired 0 DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote is now 0 DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter [registrationCss: pattern: /.resources/enterprise/css/registration.css] fired 0 DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote is now 0 DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter [registrationImages: pattern: /.resources/enterprise/images/registration/*.gif] fired 0 DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote is now 0 WARN info.magnolia.cms.security.PermissionUtil 16.11.2016 13:57:26 -- no permissions found for [info.magnolia.cms.security.ExternalUser@3c82d1f9] DEBUG info.magnolia.multisite.filters.SiteUriSecurityFilter 16.11.2016 13:57:26 -- Skipping site permission check for user pagrawa, permission read to access uri / on site fallback DEBUG info.magnolia.multisite.filters.SiteUriSecurityFilter 16.11.2016 13:57:26 -- User pagrawa has NOT been granted permission read to access uri / DEBUG info.magnolia.context.AbstractRepositoryStrategy 16.11.2016 13:57:26 -- releasing jcr sessions DEBUG info.magnolia.context.AbstractRepositoryStrategy 16.11.2016 13:57:26 -- releasing jcr sessions ----------------------------------- I have added entry for ldap.properties inside magnolia.properties and also created one user manager "External" as defined in the documentation in magnolia, apart from this I have not done any changes in Magnolia admin central. I have also done the testing with LDAP-Tester.jar provided in the documentation and I am able to connect to LDAP but no groups are returned. Please help. Thanks in advance.... -- Context is everything: http://forum.magnolia-cms.com/forum/thread.html?threadId=5b84b2e6-2098-4584-8cc0-6b781e393021 ---------------------------------------------------------------- For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html Alternatively, use our forums: http://forum.magnolia-cms.com/ To unsubscribe, E-mail to: <dev-list-unsubscr...@magnolia-cms.com> ----------------------------------------------------------------