Menu
▾
▴
[Exist-development] Fwd: Any progress on the LDAP implementation for eXist trunk?
|
From: Loren C. <lor...@gm...> - 2010-06-13 20:19:16
|
I found the following and am trying it: http://jetty.codehaus.org/jetty/jetty-6/apidocs/org/mortbay/jetty/plus/jaas/ldap/LdapLoginModule.html I am using the following configuration in tools/jetty/etc/login.conf: eXistDB { org.eclipse.jetty.plus.jaas.spi.LdapLoginModule REQUIRED debug="true" useLdaps="false" contextFactory="com.sun.jndi.ldap.LdapCtxFactory" hostname="127.0.0.1" port="389" bindDn="cn=admin,dc=exist-db,dc=org" bindPassword="1234" authenticationMethod="simple" forceBindingLogin="false" userBaseDn="ou=Users,dc=exist-db,dc=org" userRdnAttribute="uid" userIdAttribute="uid" userPasswordAttribute="userPassword" userObjectClass="posixAccount" roleBaseDn="ou=Groups,dc=exist-db,dc=org" roleNameAttribute="cn" roleMemberAttribute="memberUid" roleObjectClass="posixGroup"; }; I encountered the following error: 13 Jun 2010 15:09:02,633 [qtp1310725808-27] INFO (Slf4jLog.java [info]:92) - Searching for users with filter: '(&(objectClass={0})({1}={2}))' from base dn: ou=Users,dc=exist-db,dc=org 13 Jun 2010 15:09:02,634 [qtp1310725808-27] INFO (Slf4jLog.java [info]:92) - Found user?: true 13 Jun 2010 15:09:02,642 [qtp1310725808-27] WARN (Slf4jLog.java [warn]:124) - EXCEPTION javax.security.auth.login.LoginException: Login Failure: all modules ignored at javax.security.auth.login.LoginContext.invoke(LoginContext.java:936) at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203) at javax.security.auth.login.LoginContext$4.run(LoginContext.java:698) at javax.security.auth.login.LoginContext$4.run(LoginContext.java:696) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:695) at javax.security.auth.login.LoginContext.login(LoginContext.java:594) at org.eclipse.jetty.plus.jaas.JAASLoginService.login(JAASLoginService.java:203) at org.eclipse.jetty.security.authentication.FormAuthenticator.validateRequest(FormAuthenticator.java:174) at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:417) at org.eclipse.jetty.server.session.SessionHandler.handle(SessionHandler.java:182) at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:933) at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:362) at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:867) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:117) at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:126) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:113) at org.eclipse.jetty.server.Server.handle(Server.java:334) at org.eclipse.jetty.server.HttpConnection.handleRequest(HttpConnection.java:559) at org.eclipse.jetty.server.HttpConnection$RequestHandler.content(HttpConnection.java:1007) at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:747) at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:209) at org.eclipse.jetty.server.HttpConnection.handle(HttpConnection.java:406) at org.eclipse.jetty.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:462) at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:436) at java.lang.Thread.run(Thread.java:636) On Jun 12, 2010, at 10:46 PM, Loren Cahlander wrote: > It does not work quite yet. I will figure it out. > > Loren > > On Jun 12, 2010, at 10:38 PM, Dmitriy Shabanov wrote: > >> Good, does it work for you? I plan to use several authentication services. Can you try: >> >> <Call name="addBean"> >> <Arg> >> <New class="org.eclipse.jetty.plus.jaas.JAASLoginService"> >> <Set name="name">JAASLoginService</Set> >> <Set name="eXistDBLogin">eXistDB</Set> >> <Set name="LDAPLogin">LDAP</Set> >> </New> >> </Arg> >> </Call> >> >> tools/jetty/etc/login.conf: >> >> eXistDB { >> org.exist.security.internal.EXistDBLoginModule required >> debug="false"; >> }; >> LDAP { >> com.sun.security.auth.module.LdapLoginModule REQUIRED >> userProvider="ldap://ldap-svr/ou=Users,dc=example,dc=com" >> userFilter="(&(uid={USERNAME})(objectClass=inetOrgPerson))" >> debug=true; >> }; >> >> On Sun, Jun 13, 2010 at 5:07 AM, Loren Cahlander <lor...@gm...> wrote: >> I think that I have figured it out. I have to test it, but this is what I have found: >> >> tools/jetty/etc/jetty.xml contains: >> >> <!-- =========================================================== --> >> <!-- Configure Authentication Login Service --> >> <!-- =========================================================== --> >> <Call class="java.lang.System" name="setProperty"> >> <Arg>java.security.auth.login.config</Arg> >> <Arg><SystemProperty name="jetty.home" default="." />/etc/login.conf</Arg> >> </Call> >> >> <Call name="addBean"> >> <Arg> >> <New class="org.eclipse.jetty.plus.jaas.JAASLoginService"> >> <Set name="name">JAASLoginService</Set> >> <Set name="LoginModuleName">eXistDB</Set> >> </New> >> </Arg> >> </Call> >> >> >> tools/jetty/etc/login.conf contains: >> >> eXistDB { >> org.exist.security.internal.EXistDBLoginModule required >> debug="false"; >> }; >> >> For LDAP, login.conf should be changed to: >> >> eXistDB { >> com.sun.security.auth.module.LdapLoginModule REQUIRED >> userProvider="ldap://ldap-svr/ou=Users,dc=example,dc=com" >> userFilter="(&(uid={USERNAME})(objectClass=inetOrgPerson))" >> debug=true; >> }; >> >> >> On Jun 11, 2010, at 04:44 PM, Loren Cahlander wrote: >> >>> The ZIP file is 1.6 GB. >>> >>> On Jun 11, 2010, at 04:42 PM, Loren Cahlander wrote: >>> >>>> My VMWare image is available at http://support.syntactica.com/exist.zip >>>> >>>> Ubuntu Login is exist >>>> Password is vmware >>>> >>>> the LDAP account manager is available at http://localhost/lam/ and the password is 1234 for both admin and lam >>>> >>>> LDAP Administrator >>>> DN: cn=admin,dc=exist-db,dc=org >>>> PW: 1234 >>>> >>>> eXist Admin user >>>> DN: uid=admin,ou=Users,dc=exist-db,dc=org >>>> PW: admin123 >>>> >>>> >>>> On Jun 11, 2010, at 04:18 PM, Loren Cahlander wrote: >>>> >>>>> Hello Dmitriy, >>>>> >>>>> Are you still working on LDAP for eXist trunk? >>>>> >>>>> I am working on the LEXA stack for eXist. It includes LDAP for authentication. I am trying to get eXist talking to my LDAP server and it looks like eXist is not complaining, but when I go to /administration/ it does not work. I get the following: >>>>> >>>>> >>>>> 11 Jun 2010 16:13:33,320 [qtp2133251039-26] INFO (SecurityManagerImpl.java [getUserByName]:221) - Attempting to get user by: uid=admin,ou=Users,dc=exist-db,dc=org >>>>> 11 Jun 2010 16:13:33,328 [qtp2133251039-26] INFO (SecurityManagerImpl.java [getUser]:353) - User uid=admin,ou=Users,dc=exist-db,dc=org found, attempting to find group and construct... >>>>> 11 Jun 2010 16:13:33,328 [qtp2133251039-26] INFO (SecurityManagerImpl.java [newUserFromAttributes]:283) - Searching for gidNumber=1 in ou=Groups,dc=exist-db,dc=org >>>>> 11 Jun 2010 16:13:33,329 [qtp2133251039-26] INFO (SecurityManagerImpl.java [newUserFromAttributes]:299) - Constructing user admin/1 in group dba >>>>> 11 Jun 2010 16:13:33,330 [qtp2133251039-26] INFO (SecurityManagerImpl.java [newUserFromAttributes]:320) - Finding additional groups... >>>>> 11 Jun 2010 16:13:33,333 [qtp2133251039-26] WARN (Slf4jLog.java [warn]:124) - EXCEPTION >>>>> javax.security.auth.login.FailedLoginException: Wrong password for user [admin] >>>>> at org.exist.security.internal.EXistDBLoginModule.login(EXistDBLoginModule.java:158) >>>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >>>>> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) >>>>> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) >>>>> at java.lang.reflect.Method.invoke(Method.java:616) >>>>> at javax.security.auth.login.LoginContext.invoke(LoginContext.java:784) >>>>> at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203) >>>>> at javax.security.auth.login.LoginContext$4.run(LoginContext.java:698) >>>>> at javax.security.auth.login.LoginContext$4.run(LoginContext.java:696) >>>>> at java.security.AccessController.doPrivileged(Native Method) >>>>> at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:695) >>>>> at javax.security.auth.login.LoginContext.login(LoginContext.java:594) >>>>> at org.eclipse.jetty.plus.jaas.JAASLoginService.login(JAASLoginService.java:203) >>>>> at org.eclipse.jetty.security.authentication.FormAuthenticator.validateRequest(FormAuthenticator.java:174) >>>>> at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:417) >>>>> at org.eclipse.jetty.server.session.SessionHandler.handle(SessionHandler.java:182) >>>>> at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:933) >>>>> at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:362) >>>>> at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:867) >>>>> at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:117) >>>>> at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:126) >>>>> at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:113) >>>>> at org.eclipse.jetty.server.Server.handle(Server.java:334) >>>>> at org.eclipse.jetty.server.HttpConnection.handleRequest(HttpConnection.java:559) >>>>> at org.eclipse.jetty.server.HttpConnection$RequestHandler.content(HttpConnection.java:1007) >>>>> at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:747) >>>>> at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:209) >>>>> at org.eclipse.jetty.server.HttpConnection.handle(HttpConnection.java:406) >>>>> at org.eclipse.jetty.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:462) >>>>> at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:436) >>>>> at java.lang.Thread.run(Thread.java:636) >>>>> >>>> >>> >> >> >> >> >> -- >> Dmitriy Shabanov > |
