Main Content

Magnolia Community Forums: Get help with Magnolia: need help with LDAP


  • mahor
    mahor
    Full name: Mark Horowiz
    Posts: 17
    Last post: Jul 19, 2012 11:47:10 PM
    Registered on: Jul 7, 2012
    need help with LDAP
    #1 by mahor on Jul 7, 2012 10:18:35 PM

    I try to run the LDAP module to see if it works (eval).

    I configured the AD Server like this (ad.properties):

    java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
    java.naming.security.principal=CN=LDAP_USER_ID,OU=Coworker,DC=office,dc=test,dc=com

    java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory

    # LDAP url
    java.naming.provider.url=ldap://testad.com

    adminUserDN = CN=myaccount,OU=Coworker,DC=office,dc=test,dc=com
    ssoSlave = false

    # admin user password
    adminUserPassword = XXX

    java.naming.security.authentication=simple

    initialSearchAttributes=OU=Coworker,DC=office,dc=test,dc=com
    Organization=o
    OrganizationUnit=ou
    CommonName=cn
    Surname=sn
    GivenName=givenname
    uid=sAMAccountName
    dn=dn
    mail=mail
    Password=pass
    Language=language

    groupResolverClass=info.magnolia.jaas.sp.ldap.resolver.ADGroupResolver
    GroupId=memberOf

    jaas.config:

    magnolia {
    info.magnolia.jaas.sp.jcr.JCRAuthenticationModule optional;
    info.magnolia.jaas.sp.ldap.ADAuthenticationModule requisite skip_on_previous_success=true;
    info.magnolia.jaas.sp.jcr.JCRAuthorizationModule required;
    };

    test it with: java -jar magnolia-ldap-tester-1.4.4.jar info.magnolia.jaas.sp.ldap.ADAuthenticationModule ad.properties myaccount pwd

    2012-07-07 21:42:18,394 DEBUG i.m.j.s.l.Tester$MockSecuritySupport - Mocking group Administrators
    2012-07-07 21:42:18,394 DEBUG i.m.j.s.l.Tester$MockSecuritySupport - Mocking group Administrators

    looks good ... ;-)

    Also created the security conf (under Configuration security for LDAP 1.4) in Magnolia

    And created group and role "Administrators" ...

    I always get (what's wrong?):

    java.lang.IllegalArgumentException: When logging in the Subject must have a info.magnolia.cms.security.User principal.
    at info.magnolia.context.UserContextImpl.login(UserContextImpl.java:109)
    at info.magnolia.context.MgnlContext.login(MgnlContext.java:115)
    at info.magnolia.cms.security.auth.login.LoginFilter.doFilter(LoginFilter.java:82)
    at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:91)
    at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:83)
    at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:85)
    at info.magnolia.cms.filters.CosMultipartRequestFilter.doFilter(CosMultipartRequestFilter.java:87)
    at info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:61)
    at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:83)
    at info.magnolia.module.devicedetection.filter.DeviceDetectionFilter.doFilter(DeviceDetectionFilter.java:73)
    at info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:61)
    at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:83)
    at info.magnolia.cms.filters.ContentTypeFilter.doFilter(ContentTypeFilter.java:102)
    at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:91)
    at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:83)
    at info.magnolia.cms.filters.ContextFilter.doFilter(ContextFilter.java:131)
    at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:91)
    at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:83)
    at info.magnolia.cms.filters.CompositeFilter.doFilter(CompositeFilter.java:67)
    at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:91)
    at info.magnolia.cms.filters.SafeDestroyMgnlFilterWrapper.doFilter(SafeDestroyMgnlFilterWrapper.java:108)
    at info.magnolia.cms.filters.MgnlFilterDispatcher.doDispatch(MgnlFilterDispatcher.java:67)
    at info.magnolia.cms.filters.MgnlMainFilter.doFilter(MgnlMainFilter.java:108)
    at info.magnolia.cms.filters.MgnlMainFilter.doFilter(MgnlMainFilter.java:94)


    With AD and LDAP config ... ;-( (it's an AD Server)

    Thanx for your help!

  • mahor
    mahor
    Full name: Mark Horowiz
    Posts: 17
    Last post: Jul 19, 2012 11:47:10 PM
    Registered on: Jul 7, 2012
    Re: need help with LDAP
    #2 by mahor on Jul 8, 2012 2:02:36 PM

    The catalina log show this Exception:

    2012-07-08 13:29:38,700 WARN nfo.magnolia.jaas.sp.ldap.LDAPAuthenticationModule: Exception caught
    java.lang.UnsupportedOperationException: Use manager to modify this group
    at info.magnolia.cms.security.MgnlGroup.getAllGroups(MgnlGroup.java:133)
    at info.magnolia.jaas.sp.ldap.LDAPAuthenticationModule.collectGroupNames(LDAPAuthenticationModule.java:256)
    at info.magnolia.jaas.sp.ldap.LDAPAuthenticationModule.updateJCRGroups(LDAPAuthenticationModule.java:227)
    at info.magnolia.jaas.sp.ldap.LDAPAuthenticationModule.setEntity(LDAPAuthenticationModule.java:177)
    at info.magnolia.jaas.sp.AbstractLoginModule.commit(AbstractLoginModule.java:229)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
    at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
    at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
    at java.security.AccessController.doPrivileged(Native Method)
    at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
    at javax.security.auth.login.LoginContext.login(LoginContext.java:580)
    at info.magnolia.cms.security.SecuritySupportBase.authenticate(SecuritySupportBase.java:63)
    at info.magnolia.cms.security.SecuritySupportImpl$$EnhancerByCGLIB$$160357b.authenticate(<generated>)
    at info.magnolia.cms.security.auth.login.LoginHandlerBase.authenticate(LoginHandlerBase.java:47)
    at info.magnolia.cms.security.auth.login.FormLogin.handle(FormLogin.java:76)
    at info.magnolia.cms.security.auth.login.LoginFilter.doFilter(LoginFilter.java:66)
    at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:91)
    at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:83)
    at info.magnolia.enterprise.registration.RegistrationFilter.doFilter(RegistrationFilter.java:52)
    at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:91)
    at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:83)
    at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:85)
    at info.magnolia.cms.filters.CosMultipartRequestFilter.doFilter(CosMultipartRequestFilter.java:87)
    at info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:61)
    at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:83)
    at info.magnolia.module.devicedetection.filter.DeviceDetectionFilter.doFilter(DeviceDetectionFilter.java:73)
    at info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:61)
    at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:83)
    at info.magnolia.cms.filters.ContentTypeFilter.doFilter(ContentTypeFilter.java:102)
    at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:91)
    at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:83)
    at info.magnolia.cms.filters.ContextFilter.doFilter(ContextFilter.java:131)
    at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:91)
    at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:83)
    at info.magnolia.cms.filters.CompositeFilter.doFilter(CompositeFilter.java:67)
    at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:91)
    at info.magnolia.cms.filters.SafeDestroyMgnlFilterWrapper.doFilter(SafeDestroyMgnlFilterWrapper.java:108)
    at info.magnolia.cms.filters.MgnlFilterDispatcher.doDispatch(MgnlFilterDispatcher.java:67)
    at info.magnolia.cms.filters.MgnlMainFilter.doFilter(MgnlMainFilter.java:108)
    at info.magnolia.cms.filters.MgnlMainFilter.doFilter(MgnlMainFilter.java:94)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
    at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:859)
    at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588)
    at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
    at java.lang.Thread.run(Thread.java:680)
    2012-07-08 13:29:38,730 INFO info.magnolia.cms.security.DummyUser : Initializing dummy user - Anonymous
    2012-07-08 13:29:38,730 INFO info.magnolia.cms.security.DummyUser : This area and/or instance is not secured

    I don't know if my magnolia config is right or is there something to do with the ad groups?

    Thanx!

  • mahor
    mahor
    Full name: Mark Horowiz
    Posts: 17
    Last post: Jul 19, 2012 11:47:10 PM
    Registered on: Jul 7, 2012
    Re: need help with LDAP
    #3 by mahor on Jul 9, 2012 8:30:47 AM

    OMG, sry there were several bugs in my configuration ;-( (i.e. info.magnolia.jaas.sp.ldap.ADUserManager) now all works fine !

  • pmayank1991
    pmayank1991
    Full name: Mayank Parashar
    Posts: 4
    Last post: Jan 6, 2017 1:17:15 PM
    Registered on: Nov 11, 2016
    Re: need help with LDAP
    #4 by pmayank1991 on Nov 11, 2016 12:42:08 PM

    Hello,

    I am new to Magnolia and trying the same in magnolia enterprise 5.4.9, I have done all the configurations in the ad.properties and jass.config file as mentioned above, also tested the local active directory connection with ldap-tester.jar, it's working fine.

    I have created ou=Demo in my active directory and the same Demo group in Magnolia and assigned all the required roles to it but I am not able to login to magnolia with ad user.

    Do I need to do any other configuration in magnolia apart from creating a 'external' node in server-security-usermanager.

    Please advice

You don't have the permission to post on this thread

Sign in

To login on this forum, you can use your Magnolia Forge, Support or Partner account, or, below, your Google, Yahoo! or OpenID account. If you have trouble logging in, or any other sort of issue, please let us know in the Meta forum, on the user-list, or simply by email at forum-admin at magnolia-cms dot com.

* Required

... or sign in with:

  • icon http://{your-openid-url}
  • icon
  • icon https://me.yahoo.com/