Hi,
I'm trying to authenticate my slide users via LDAP and ApacheDS (
http://incubator.apache.org/directory/subprojects/apacheds/).
I've downloaded release 0.8 of ApacheDS and I didn't make any real changes
(just added some users with the newuser.ldif example). I'm trying to use
the administrators role which is by default present in ApacheDS and the
user akarasulu/Alex Karasulu (which is by default in the administrators
group).
When I start slide, everything goes fine, but when I login, i get an error
message and a stack trace with a javax.naming.CommunicationException. I'm
not sure whether my LDAP configuration for slide is correct. That's why
I'm posting it on this mailing list and not on the ApacheDS list.
- Can somebody please help me out?
- Is my configuration doamin.xml correct?
- Is this an ApacheDS problem?
I've added the stacktrace i got in the Slide console and my domain.xml
I've enabled auto versioning and authentication in slide. In web.xml I 've
added the same lines for administrators, where 'root' was used (to get
the administrators group of LDAP working).
I'm using with Jaas org.apache.slide.jaas.spi.SlideLoginModule.
=============
20 Jan 2005 10:49:23 - org.apache.slide.store.txjndi.JNDIPrincipalStore -
ERROR
- JNDIPrincipalStore[/users]: Error retrieving /users/akarasulu
javax.naming.CommunicationException: connection closed [Root exception is
java.io.IOException: connection closed]; remaining name
'ou=users,ou=system'
at com.sun.jndi.ldap.LdapCtx.doSearch(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.searchAux(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.c_search(Unknown Source)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(Unknown
Source)
at
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)
at
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)
at javax.naming.directory.InitialDirContext.search(Unknown Source)
at
org.apache.slide.store.txjndi.JNDIPrincipalStore.getObject(JNDIPrincipalStore.java:781)
at
org.apache.slide.store.txjndi.JNDIPrincipalStore.retrieveObject(JNDIPrincipalStore.java:466)
at
org.apache.slide.store.AbstractStore.retrieveObject(AbstractStore.java:611)
at
org.apache.slide.store.ExtendedStore.retrieveObject(ExtendedStore.java:585)
at
org.apache.slide.security.SecurityImpl.getPrincipal(SecurityImpl.java:1004)
at
org.apache.slide.jaas.spi.SlideLoginModule.login(SlideLoginModule.java:177)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at javax.security.auth.login.LoginContext.invoke(Unknown Source)
at javax.security.auth.login.LoginContext.access$000(Unknown
Source)
at javax.security.auth.login.LoginContext$4.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokeModule(Unknown
Source)
at javax.security.auth.login.LoginContext.login(Unknown Source)
at
org.mortbay.jaas.JAASUserRealm.authenticate(JAASUserRealm.java:212)
at
org.mortbay.http.BasicAuthenticator.authenticated(BasicAuthenticator.java:50)
at
org.mortbay.http.SecurityConstraint.check(SecurityConstraint.java:415)
at
org.mortbay.http.HttpContext.checkSecurityConstraints(HttpContext.java:1551)
at
org.mortbay.jetty.servlet.ServletHttpContext.checkSecurityConstraints(ServletHttpContext.java:134)
at
org.mortbay.jetty.servlet.WebApplicationHandler.dispatch(WebApplicationHandler.java:235)
at
org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:567)
at org.mortbay.http.HttpContext.handle(HttpContext.java:1807)
at
org.mortbay.jetty.servlet.WebApplicationContext.handle(WebApplicationContext.java:525)
at org.mortbay.http.HttpContext.handle(HttpContext.java:1757)
at org.mortbay.http.HttpServer.service(HttpServer.java:879)
at
org.mortbay.http.HttpConnection.service(HttpConnection.java:790)
at
org.mortbay.http.HttpConnection.handleNext(HttpConnection.java:961)
at org.mortbay.http.HttpConnection.handle(HttpConnection.java:807)
at
org.mortbay.http.SocketListener.handleConnection(SocketListener.java:197)
at org.mortbay.util.ThreadedServer.handle(ThreadedServer.java:276)
at org.mortbay.util.ThreadPool$PoolThread.run(ThreadPool.java:511)
Caused by: java.io.IOException: connection closed
at com.sun.jndi.ldap.LdapClient.ensureOpen(Unknown Source)
at com.sun.jndi.ldap.LdapClient.search(Unknown Source)
... 40 more
[SlideLoginModule] - Failure loading user object
10:49:23.062 WARN!! javax.security.auth.login.LoginException: Failure
loading user object
10:49:23.062 WARN!! AUTH FAILURE: user akarasulu
=============
<?xml version="1.0"?>
<slide>
<namespace name="slide">
<definition>
<!-- Use the Tx Stores for the main store.
JNDIPrincipalStore *cannot* do this -->
<store name="main">
<nodestore
classname="org.apache.slide.store.txfile.TxXMLFileDescriptorsStore">
<parameter
name="rootpath">main/store/metadata</parameter>
<parameter
name="workpath">main/work/metadata</parameter>
</nodestore>
<securitystore>
<reference store="nodestore"/>
</securitystore>
<lockstore>
<reference store="nodestore"/>
</lockstore>
<revisiondescriptorsstore>
<reference store="nodestore"/>
</revisiondescriptorsstore>
<revisiondescriptorstore>
<reference store="nodestore"/>
</revisiondescriptorstore>
<contentstore
classname="org.apache.slide.store.txfile.TxFileContentStore">
<parameter
name="rootpath">main/store/content</parameter>
<parameter
name="workpath">main/work/content</parameter>
</contentstore>
</store>
<!-- Use a JNDIPrincipalStore to for users -->
<store name="users">
<nodestore
classname="org.apache.slide.store.txjndi.JNDIPrincipalStore">
<parameter
name="jndi.container">ou=users,ou=system</parameter>
<parameter
name="jndi.attributes.rdn">cn</parameter>
<parameter
name="jndi.search.attributes">groupMembership,cn</parameter>
<parameter
name="jndi.attributes.userprincipalname">uid</parameter>
<parameter
name="jndi.search.filter">(objectClass=inetOrgPerson)</parameter>
<parameter
name="jndi.search.scope">ONELEVEL_SCOPE</parameter>
<parameter
name="jndi.search.attributes">cn</parameter>
<parameter
name="java.naming.provider.url">ldap://david:389</parameter>
<parameter
name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</parameter>
<parameter
name="java.naming.security.principal">uid=admin,ou=system</parameter>
<parameter
name="java.naming.security.credentials">secret</parameter>
<parameter
name="java.naming.security.authentication">simple</parameter>
<parameter
name="cache.refresh.checkrate">15</parameter>
<parameter
name="cache.refresh.rate">800</parameter>
<parameter
name="cache.refresh.threshold">15000</parameter>
</nodestore>
<securitystore
classname="org.apache.slide.store.txfile.TxXMLFileDescriptorsStore">
<reference store="nodestore"/>
</securitystore>
<lockstore>
<reference store="nodestore"/>
</lockstore>
<revisiondescriptorsstore>
<reference store="nodestore"/>
</revisiondescriptorsstore>
<revisiondescriptorstore>
<reference store="nodestore"/>
</revisiondescriptorstore>
<contentstore>
<reference store="nodestore"/>
</contentstore>
</store>
<!-- Use a JNDIPrincipalStore for roles -->
<store name="roles">
<nodestore
classname="org.apache.slide.store.txjndi.JNDIPrincipalStore">
<parameter
name="jndi.container">ou=groups,ou=system</parameter>
<parameter
name="jndi.attributes.rdn">uid</parameter>
<parameter
name="jndi.attributes.groupmemberset">uniquemember</parameter>
<parameter
name="jndi.search.filter">(objectClass=groupofuniquenames)</parameter>
<parameter
name="jndi.search.scope">ONELEVEL_SCOPE</parameter>
<parameter
name="jndi.search.attributes">cn</parameter>
<parameter
name="java.naming.provider.url">ldap://david:389</parameter>
<parameter
name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</parameter>
<parameter
name="java.naming.security.principal">uid=admin,ou=system</parameter>
<parameter
name="java.naming.security.authentication">simple</parameter>
<parameter
name="java.naming.security.credentials">secret</parameter>
<parameter
name="cache.refresh.checkrate">15</parameter>
<parameter
name="cache.refresh.rate">800</parameter>
<parameter
name="cache.refresh.threshold">15000</parameter>
</nodestore>
<securitystore
classname="org.apache.slide.store.txfile.TxXMLFileDescriptorsStore">
<reference store="nodestore"/>
</securitystore>
<lockstore>
<reference store="nodestore"/>
</lockstore>
<revisiondescriptorsstore>
<reference store="nodestore"/>
</revisiondescriptorsstore>
<revisiondescriptorstore>
<reference store="nodestore"/>
</revisiondescriptorstore>
<contentstore>
<reference store="nodestore"/>
</contentstore>
</store>
<!-- Mount each store at the appropriate URI -->
<scope match="/" store="main"/>
<scope match="/users" store="users"/>
<scope match="/roles" store="roles"/>
</definition>
<configuration>
<read-object>/actions/read</read-object>
<create-object>/actions/write</create-object>
<remove-object>/actions/write</remove-object>
<grant-permission>/actions/write-acl</grant-permission>
<revoke-permission>/actions/write-acl</revoke-permission>
<read-permissions>/actions/read-acl</read-permissions>
<read-own-permissions>/actions/read-current-user-privilege-set</read-own-permissions>
<lock-object>/actions/write</lock-object>
<kill-lock>/actions/unlock</kill-lock>
<read-locks>/actions/read</read-locks>
<read-revision-metadata>/actions/read</read-revision-metadata>
<create-revision-metadata>/actions/write-properties</create-revision-metadata>
<modify-revision-metadata>/actions/write-properties</modify-revision-metadata>
<remove-revision-metadata>/actions/write-properties</remove-revision-metadata>
<read-revision-content>/actions/read</read-revision-content>
<create-revision-content>/actions/write-content</create-revision-content>
<modify-revision-content>/actions/write-content</modify-revision-content>
<remove-revision-content>/actions/write-content</remove-revision-content>
<bind-member>/actions/bind</bind-member>
<unbind-member>/actions/unbind</unbind-member>
<userspath>/users</userspath>
<rolespath>/roles</rolespath>
<actionspath>/actions</actionspath>
<filespath>/files</filespath>
<parameter name="dav">true</parameter>
<parameter name="standalone">true</parameter>
<parameter name="acl_inheritance_type">path</parameter>
<parameter name="nested_roles_maxdepth">0</parameter>
</configuration>
<data>
<objectnode
classname="org.apache.slide.structure.SubjectNode" uri="/">
<!-- Make sure the subject here is a valid LDAP
group -->
<permission action="all"
subject="/roles/administrators" inheritable="true"/>
<permission action="/actions/read-acl"
subject="all" inheritable="true" negative="true"/>
<permission action="/actions/write-acl"
subject="all" inheritable="true" negative="true"/>
<permission action="/actions/unlock"
subject="all" inheritable="true" negative="true"/>
<permission action="/actions/read"
subject="all" inheritable="true"/>
<objectnode
classname="org.apache.slide.structure.SubjectNode" uri="/users">
<permission action="all"
subject="self" inheritable="true"/>
<permission action="all"
subject="unauthenticated" inheritable="true" negative="true"/>
</objectnode>
<objectnode
classname="org.apache.slide.structure.SubjectNode" uri="/roles">
<permission action="all"
subject="self" inheritable="true"/>
<permission action="all"
subject="unauthenticated" inheritable="true" negative="true"/>
</objectnode>
<objectnode
classname="org.apache.slide.structure.ActionNode" uri="/actions">
<objectnode
classname="org.apache.slide.structure.ActionNode" uri="/actions/read">
<revision>
<property
name="privilege-member-set"><![CDATA[<D:href
xmlns:D='DAV:'>/actions/read-acl</D:href> <D:href
xmlns:D='DAV:'>/actions/read-current-user-privilege-set</D:href>]]></property>
</revision>
</objectnode>
<objectnode
classname="org.apache.slide.structure.ActionNode" uri="/actions/read-acl">
<revision>
<property
name="privilege-member-set"/>
</revision>
</objectnode>
<objectnode
classname="org.apache.slide.structure.ActionNode"
uri="/actions/read-current-user-privilege-set">
<revision>
<property
name="privilege-member-set"/>
</revision>
</objectnode>
<objectnode
classname="org.apache.slide.structure.ActionNode" uri="/actions/write">
<revision>
<property
name="privilege-member-set"><![CDATA[<D:href
xmlns:D='DAV:'>/actions/write-acl</D:href> <D:href
xmlns:D='DAV:'>/actions/write-properties</D:href> <D:href
xmlns:D='DAV:'>/actions/write-content</D:href>]]></property>
</revision>
</objectnode>
<objectnode
classname="org.apache.slide.structure.ActionNode"
uri="/actions/write-acl">
<revision>
<property
name="privilege-member-set"/>
</revision>
</objectnode>
<objectnode
classname="org.apache.slide.structure.ActionNode"
uri="/actions/write-properties">
<revision>
<property
name="privilege-member-set"/>
</revision>
</objectnode>
<objectnode
classname="org.apache.slide.structure.ActionNode"
uri="/actions/write-content">
<revision>
<property
name="privilege-member-set"><![CDATA[<D:href
xmlns:D='DAV:'>/actions/bind</D:href> <D:href
xmlns:D='DAV:'>/actions/unbind</D:href>]]></property>
</revision>
</objectnode>
<objectnode
classname="org.apache.slide.structure.ActionNode" uri="/actions/bind">
<revision>
<property
name="privilege-member-set"/>
</revision>
</objectnode>
<objectnode
classname="org.apache.slide.structure.ActionNode" uri="/actions/unbind">
<revision>
<property
name="privilege-member-set"/>
</revision>
</objectnode>
<objectnode
classname="org.apache.slide.structure.ActionNode" uri="/actions/unlock">
<revision>
<property
name="privilege-member-set"/>
</revision>
</objectnode>
</objectnode>
<objectnode
classname="org.apache.slide.structure.SubjectNode" uri="/files">
<permission action="all"
subject="unauthenticated" inheritable="true"/>
<!-- Make sure the subject here is
a valid LDAP group -->
<!--<permission action="/actions/write"
subject="/roles/connect users" inheritable="true"/>-->
<permission action="/actions/write"
subject="/roles/administrators" inheritable="true"/>
<permission
action="/actions/read-acl" subject="owner" inheritable="true"/>
</objectnode>
<objectnode
classname="org.apache.slide.structure.SubjectNode" uri="/history">
<permission action="all"
subject="unauthenticated" inheritable="true"/>
<!-- Make sure the subject here is
a valid LDAP group -->
<permission action="/actions/write"
subject="/roles/administrators" inheritable="true"/>
<permission
action="/actions/read-acl" subject="owner" inheritable="true"/>
</objectnode>
<objectnode
classname="org.apache.slide.structure.SubjectNode" uri="/workspace">
<permission action="all"
subject="unauthenticated" inheritable="true"/>
<!-- Make sure the subject here is
a valid LDAP group -->
<permission action="/actions/write"
subject="/roles/administrators" inheritable="true"/>
<permission
action="/actions/read-acl" subject="owner" inheritable="true"/>
</objectnode>
<objectnode
classname="org.apache.slide.structure.SubjectNode" uri="/workingresource">
<permission action="all"
subject="unauthenticated" inheritable="true"/>
<!-- Make sure the subject here is a valid
LDAP group -->
<permission action="/actions/write"
subject="/roles/administrators" inheritable="true"/>
<permission
action="/actions/read-acl" subject="owner" inheritable="true"/>
</objectnode>
</objectnode>
</data>
</namespace>
<parameter name="historypath">/history</parameter>
<parameter name="workspacepath">/workspace</parameter>
<parameter name="workingresourcepath">/workingresource</parameter>
<parameter name="auto-version">checkout-checkin</parameter>
<parameter name="auto-version-control">false</parameter>
<parameter name="versioncontrol-exclude"/>
<parameter name="checkout-fork">forbidden</parameter>
<parameter name="checkin-fork">forbidden</parameter>
</slide>
--------------------------------------------------
Inventive Designers' Email Disclaimer:
http://www.inventivedesigners.com/email-disclaimer
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
