Hello everyone, 

We have on our production server, the version 2.3.4 of cmdbuild (since this morning).

But we have a problem. We are using the active directory authentification and all my users have a problem during the first login.

When they write their user account and password, they click on login. Then, they stay " stuck " on the "open source configuration management database " window and they have to delete the cache of their browser if they want it works.

 

I tried to check on cmdbuild.log and every time they connect for the first time I have this error :

 

INFO  2015-11-13 11:49:23 [cmdbuild] trying to login user name.surname with group null

WARN  2015-11-13 11:49:23 [auth    ] error while binding

javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1 ]; remaining name ''

at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3087)

at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3033)

at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2835)

at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2749)

at com.sun.jndi.ldap.LdapCtx.ensureOpen(LdapCtx.java:2648)

at com.sun.jndi.ldap.LdapCtx.ensureOpen(LdapCtx.java:2622)

at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1942)

at com.sun.jndi.ldap.LdapCtx.doSearchOnce(LdapCtx.java:1934)

at com.sun.jndi.ldap.LdapCtx.c_getAttributes(LdapCtx.java:1327)

at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_getAttributes(ComponentDirContext.java:231)

at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(PartialCompositeDirContext.java:139)

at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(PartialCompositeDirContext.java:127)

at javax.naming.directory.InitialDirContext.getAttributes(InitialDirContext.java:142)

at org.cmdbuild.auth.LdapAuthenticator.bind(LdapAuthenticator.java:124)

at org.cmdbuild.auth.LdapAuthenticator.checkPassword(LdapAuthenticator.java:59)

at org.cmdbuild.auth.DefaultAuthenticationService.authenticate(DefaultAuthenticationService.java:140)

at org.cmdbuild.logic.auth.DefaultAuthenticationLogic.login(DefaultAuthenticationLogic.java:131)

at org.cmdbuild.servlets.json.Login.login(Login.java:42)

at sun.reflect.GeneratedMethodAccessor212.invoke(Unknown Source)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

at java.lang.reflect.Method.invoke(Method.java:606)

at org.cmdbuild.servlets.JSONDispatcher.dispatch(JSONDispatcher.java:107)

at org.cmdbuild.servlets.JSONDispatcher.doPost(JSONDispatcher.java:67)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:650)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)

at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)

at org.cmdbuild.filters.AuthFilter.doFilter(AuthFilter.java:158)

at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)

at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)

at org.cmdbuild.filters.PatchManagerFilter.doFilter(PatchManagerFilter.java:48)

at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)

at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)

at org.cmdbuild.filters.ConfCheckFilter.doFilter(ConfCheckFilter.java:31)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)

at org.cmdbuild.filters.TranslationFilter.doFilter(TranslationFilter.java:52)

at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)

at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)

at org.cmdbuild.filters.LocalizationFilter.doFilter(LocalizationFilter.java:127)

at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)

at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)

at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)

at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)

at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:505)

at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)

at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)

at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:957)

at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)

at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:423)

at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1079)

at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:620)

at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:316)

at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)

at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)

at java.lang.Thread.run(Thread.java:745)

Do you have an idea ?

Previously Quentin Varquet wrote:

Hello everyone, 

We have on our production server, the version 2.3.4 of cmdbuild (since this morning).

But we have a problem. We are using the active directory authentification and all my users have a problem during the first login.

When they write their user account and password, they click on login. Then, they stay " stuck " on the "open source configuration management database " window and they have to delete the cache of their browser if they want it works.

 

I tried to check on cmdbuild.log and every time they connect for the first time I have this error :

 

INFO  2015-11-13 11:49:23 [cmdbuild] trying to login user name.surname with group null

WARN  2015-11-13 11:49:23 [auth    ] error while binding

javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1 ]; remaining name ''

at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3087)

at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3033)

at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2835)

at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2749)

at com.sun.jndi.ldap.LdapCtx.ensureOpen(LdapCtx.java:2648)

at com.sun.jndi.ldap.LdapCtx.ensureOpen(LdapCtx.java:2622)

at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1942)

at com.sun.jndi.ldap.LdapCtx.doSearchOnce(LdapCtx.java:1934)

at com.sun.jndi.ldap.LdapCtx.c_getAttributes(LdapCtx.java:1327)

at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_getAttributes(ComponentDirContext.java:231)

at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(PartialCompositeDirContext.java:139)

at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(PartialCompositeDirContext.java:127)

at javax.naming.directory.InitialDirContext.getAttributes(InitialDirContext.java:142)

at org.cmdbuild.auth.LdapAuthenticator.bind(LdapAuthenticator.java:124)

at org.cmdbuild.auth.LdapAuthenticator.checkPassword(LdapAuthenticator.java:59)

at org.cmdbuild.auth.DefaultAuthenticationService.authenticate(DefaultAuthenticationService.java:140)

at org.cmdbuild.logic.auth.DefaultAuthenticationLogic.login(DefaultAuthenticationLogic.java:131)

at org.cmdbuild.servlets.json.Login.login(Login.java:42)

at sun.reflect.GeneratedMethodAccessor212.invoke(Unknown Source)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

at java.lang.reflect.Method.invoke(Method.java:606)

at org.cmdbuild.servlets.JSONDispatcher.dispatch(JSONDispatcher.java:107)

at org.cmdbuild.servlets.JSONDispatcher.doPost(JSONDispatcher.java:67)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:650)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)

at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)

at org.cmdbuild.filters.AuthFilter.doFilter(AuthFilter.java:158)

at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)

at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)

at org.cmdbuild.filters.PatchManagerFilter.doFilter(PatchManagerFilter.java:48)

at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)

at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)

at org.cmdbuild.filters.ConfCheckFilter.doFilter(ConfCheckFilter.java:31)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)

at org.cmdbuild.filters.TranslationFilter.doFilter(TranslationFilter.java:52)

at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)

at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)

at org.cmdbuild.filters.LocalizationFilter.doFilter(LocalizationFilter.java:127)

at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)

at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)

at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)

at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)

at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:505)

at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)

at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)

at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:957)

at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)

at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:423)

at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1079)

at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:620)

at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:316)

at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)

at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)

at java.lang.Thread.run(Thread.java:745)

Do you have an idea ?

 

remaining name ''

 

Previously Quentin Varquet wrote:

Hello, 

 

Thank you for your answer.

 

The "stuck" condition is not related with the LDAP error. For diagnose the "stuck" condition you should also look at the JavaScript debugger for some errors and/or delays in the server-client configuration.

 

I think this is just a problem with the cache. When they delete it it works perfectly.

 

 

The LDAP issue is about a binding problem with the current user. Looking at the extract we can figure a configuration issue. Are you able to post the LDAP section of the auth.conf file? Of course you can skip the authentication fields.

 

Yes I can, we are using it since almost 3 years and we never had any problem

 

auth.methods=LdapAuthenticator,DBAuthenticator

force.ws.password.digest=false

ldap.server.address=OUR_LDAP_SERVER (example ldap.servers.com)

ldap.server.port=OUR_PORT

ldap.use.ssl=false

ldap.basedn=OU=-FR,DC=PART_OF_OUR_ADDRESS,DC=PART_OF_OUR_ADDRESS,DC=PART_OF_OUR_ADDRESS,DC=PART_OF_OUR_ADDRESS

ldap.bind.attribute=samaccountname

#ldap.search.filter=(&(ObjectCategory=Person)(samaccountname=*))

##Accept only none (anonymous bind) and simple (simple bind)

ldap.search.auth.method=simple

##This section is only for simple bind

ldap.search.auth.principal=CN=srv.cmdbuild,OU=SERVICE ACCOUNR,OU=_Admin,OU=-PART_OF_OUR_ADDRESS,DC=PART_OF_OUR_ADDRESS,DC=PART_OF_OUR_ADDRESS,DC=PART_OF_OUR_ADDRESS,DC=PART_OF_OUR_ADDRESS

ldap.search.auth.password=OUR_LDAP_SERVER

With this configuration it's working well, we just have the error on log files, but our users can log with their AD accounts

 

 

was related at some configuration issue. If others can login then we can exclude some kind of bug of CMDBuild. The usernames of the users who cannot login have some special characters?

Previously Quentin Varquet wrote:

was related at some configuration issue. If others can login then we can exclude some kind of bug of CMDBuild. The usernames of the users who cannot login have some special characters?

Hello, no the user don't have some special characters, and even if they have this error in the log, they can login without problem.

 

 

 

Hi all,

 

can't use ldap on cmdbuild 2.3.4 too. This is my auth.conf:

 

ldap.server.address=ip

ldap.server.port=389

ldap.use.ssl=false

ldap.basedn=DC=domain,DC=com

ldap.bind.attribute=sAMAccountName

 

ldap.search.filter=(objectCategory=person)

##Accept only none (anonymous bind) and simple (simple bind)

#ldap.search.auth.method=

##This section is only for simple bind

ldap.search.auth.method=simple

ldap.search.auth.principal=CN=xy name,OU=xx,OU=yy,DC=domain,DC=com

ldap.search.auth.password=xy name.password

 

 

After trying to login, I get this error here:

 

INFO  2015-11-28 10:30:20 [jsonrpc ] Calling url /login/login

INFO  2015-11-28 10:30:20 [cmdbuild] trying to login user xyuser with group null

DEBUG 2015-11-28 10:30:20 [auth    ] restoring defaults

DEBUG 2015-11-28 10:30:20 [auth    ] LDAP generated search query: (&(objectCategory=person)(sAMAccountName=xy name))

DEBUG 2015-11-28 10:30:20 [auth    ] setting simple bind to authenticate

DEBUG 2015-11-28 10:30:20 [auth    ] binding with username 'CN=xy name,OU=xx,OU=yy,DC=domain,DC=com'

ERROR 2015-11-28 10:30:20 [cmdbuild] Login failed

ERROR 2015-11-28 10:30:20 [jsonrpc ] A org.cmdbuild.exception.AuthException occurred calling method class org.cmdbuild.servlets.json.Login.login: AUTH_LOGIN_WRONG

org.cmdbuild.exception.AuthException: AUTH_LOGIN_WRONG

        at org.cmdbuild.exception.AuthException$AuthExceptionType.createException(AuthException.java:24)

        at org.cmdbuild.logic.auth.DefaultAuthenticationLogic.login(DefaultAuthenticationLogic.java:147)

        at org.cmdbuild.servlets.json.Login.login(Login.java:42)

        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

        at java.lang.reflect.Method.invoke(Method.java:497)

        at org.cmdbuild.servlets.JSONDispatcher.dispatch(JSONDispatcher.java:107)

        at org.cmdbuild.servlets.JSONDispatcher.doPost(JSONDispatcher.java:67)

        at javax.servlet.http.HttpServlet.service(HttpServlet.java:646)

        at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)

 

And my user & passwd is 100% ok.

 

Do you know what it can be?

 

Thanks,

Samko

Previously Tecnoteca wrote:

We did not change LDAP authentication mechanics in the last release, but we would like to be sure if the WARN

 

remaining name ''

 

was related at some configuration issue. If others can login then we can exclude some kind of bug of CMDBuild. The usernames of the users who cannot login have some special characters?

 

--

CMDBuild Team

 

Previously Quentin Varquet wrote:

Hello, 

 

Thank you for your answer.

 

The "stuck" condition is not related with the LDAP error. For diagnose the "stuck" condition you should also look at the JavaScript debugger for some errors and/or delays in the server-client configuration.

 

I think this is just a problem with the cache. When they delete it it works perfectly.

 

 

The LDAP issue is about a binding problem with the current user. Looking at the extract we can figure a configuration issue. Are you able to post the LDAP section of the auth.conf file? Of course you can skip the authentication fields.

 

Yes I can, we are using it since almost 3 years and we never had any problem

 

auth.methods=LdapAuthenticator,DBAuthenticator

force.ws.password.digest=false

ldap.server.address=OUR_LDAP_SERVER (example ldap.servers.com)

ldap.server.port=OUR_PORT

ldap.use.ssl=false

ldap.basedn=OU=-FR,DC=PART_OF_OUR_ADDRESS,DC=PART_OF_OUR_ADDRESS,DC=PART_OF_OUR_ADDRESS,DC=PART_OF_OUR_ADDRESS

ldap.bind.attribute=samaccountname

#ldap.search.filter=(&(ObjectCategory=Person)(samaccountname=*))

##Accept only none (anonymous bind) and simple (simple bind)

ldap.search.auth.method=simple

##This section is only for simple bind

ldap.search.auth.principal=CN=srv.cmdbuild,OU=SERVICE ACCOUNR,OU=_Admin,OU=-PART_OF_OUR_ADDRESS,DC=PART_OF_OUR_ADDRESS,DC=PART_OF_OUR_ADDRESS,DC=PART_OF_OUR_ADDRESS,DC=PART_OF_OUR_ADDRESS

ldap.search.auth.password=OUR_LDAP_SERVER

With this configuration it's working well, we just have the error on log files, but our users can log with their AD accounts

 

 

 

Hi all,

 

we are facing same problem with 2.3.4. version of cmdbuilld. We cannot login via ldap (our AD is win2012r2). We are using tomcat7 and psql 9.2 on centos7. This is our auth.conf:

 

auth.methods=LdapAuthenticator,DBAuthenticator

ldap.server.address=ipaddr

ldap.server.port=389

ldap.use.ssl=false

ldap.basedn=DC=zzdomain,DC=com

ldap.bind.attribute=sAMAccountName

 

ldap.search.filter=(objectCategory=person)

ldap.search.auth.method=simple

ldap.search.auth.principal=CN=Surname Name,OU=xx,OU=yy,DC=zzdomain,DC=com

ldap.search.auth.password=password of surname name

 

Error we get:

 

INFO  2015-11-28 10:30:20 [jsonrpc ] Calling url /login/login

INFO  2015-11-28 10:30:20 [cmdbuild] trying to login user surname.name with group null

DEBUG 2015-11-28 10:30:20 [auth    ] restoring defaults

DEBUG 2015-11-28 10:30:20 [auth    ] LDAP generated search query: (&(objectCategory=person)(sAMAccountName=surname.name))

DEBUG 2015-11-28 10:30:20 [auth    ] setting simple bind to authenticate

DEBUG 2015-11-28 10:30:20 [auth    ] binding with username 'CN=Surname Name,OU=xx,OU=yy,DC=zzdomain,DC=com'

ERROR 2015-11-28 10:30:20 [cmdbuild] Login failed

ERROR 2015-11-28 10:30:20 [jsonrpc ] A org.cmdbuild.exception.AuthException occurred calling method class org.cmdbuild.servlets.json.Login.login: AUTH_LOGIN_WRONG

org.cmdbuild.exception.AuthException: AUTH_LOGIN_WRONG

        at org.cmdbuild.exception.AuthException$AuthExceptionType.createException(AuthException.java:24)

        at org.cmdbuild.logic.auth.DefaultAuthenticationLogic.login(DefaultAuthenticationLogic.java:147)

        at org.cmdbuild.servlets.json.Login.login(Login.java:42)

        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

        at java.lang.reflect.Method.invoke(Method.java:497)

        at org.cmdbuild.servlets.JSONDispatcher.dispatch(JSONDispatcher.java:107)

        at org.cmdbuild.servlets.JSONDispatcher.doPost(JSONDispatcher.java:67)

        at javax.servlet.http.HttpServlet.service(HttpServlet.java:646)

        at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)

        at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)

        at org.cmdbuild.filters.AuthFilter.doFilter(AuthFilter.java:158)

        at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)

        at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)

        at org.cmdbuild.filters.PatchManagerFilter.doFilter(PatchManagerFilter.java:48)

        at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)

        at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)

        at org.cmdbuild.filters.ConfCheckFilter.doFilter(ConfCheckFilter.java:31)

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)

        at org.cmdbuild.filters.TranslationFilter.doFilter(TranslationFilter.java:52)

        at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)

        at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)

        at org.cmdbuild.filters.LocalizationFilter.doFilter(LocalizationFilter.java:127)

        at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)

        at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)

        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)

        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)

        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501)

        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)

        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)

        at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)

        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)

        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)

        at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1040)

        at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:607)

        at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:314)

        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)

        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)

        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)

        at java.lang.Thread.run(Thread.java:745)

 

I hope someone know how to fix this error. Any help would be greatly appreciated.

 

Thanks in advanced

Samko

 

 

Previously Tecnoteca wrote:

Unfortunately we cannot diagnose or solve problems like this just talking on the forum. In fact, for some users the login is successful. You should consider to buy some commercial support from the project's maintainer.

 

Best regards.

 

-- CMDBuild Team

 

Previously Quentin Varquet wrote:

was related at some configuration issue. If others can login then we can exclude some kind of bug of CMDBuild. The usernames of the users who cannot login have some special characters?

Hello, no the user don't have some special characters, and even if they have this error in the log, they can login without problem.

 

 

 

 

Hi all,

 

we are facing same problem with 2.3.4. version of cmdbuilld. We cannot login via ldap (our AD is win2012r2). We are using tomcat7 and psql 9.2 on centos7. This is our auth.conf:

 

auth.methods=LdapAuthenticator,DBAuthenticator

ldap.server.address=ipaddr

ldap.server.port=389

ldap.use.ssl=false

ldap.basedn=DC=zzdomain,DC=com

ldap.bind.attribute=sAMAccountName

 

ldap.search.filter=(objectCategory=person)

ldap.search.auth.method=simple

ldap.search.auth.principal=CN=Surname Name,OU=xx,OU=yy,DC=zzdomain,DC=com

ldap.search.auth.password=password of surname name

 

Error we get:

 

INFO  2015-11-28 10:30:20 [jsonrpc ] Calling url /login/login

INFO  2015-11-28 10:30:20 [cmdbuild] trying to login user surname.name with group null

DEBUG 2015-11-28 10:30:20 [auth    ] restoring defaults

DEBUG 2015-11-28 10:30:20 [auth    ] LDAP generated search query: (&(objectCategory=person)(sAMAccountName=surname.name))

DEBUG 2015-11-28 10:30:20 [auth    ] setting simple bind to authenticate

DEBUG 2015-11-28 10:30:20 [auth    ] binding with username 'CN=Surname Name,OU=xx,OU=yy,DC=zzdomain,DC=com'

ERROR 2015-11-28 10:30:20 [cmdbuild] Login failed

ERROR 2015-11-28 10:30:20 [jsonrpc ] A org.cmdbuild.exception.AuthException occurred calling method class org.cmdbuild.servlets.json.Login.login: AUTH_LOGIN_WRONG

org.cmdbuild.exception.AuthException: AUTH_LOGIN_WRONG

        at org.cmdbuild.exception.AuthException$AuthExceptionType.createException(AuthException.java:24)

        at org.cmdbuild.logic.auth.DefaultAuthenticationLogic.login(DefaultAuthenticationLogic.java:147)

        at org.cmdbuild.servlets.json.Login.login(Login.java:42)

        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

        at java.lang.reflect.Method.invoke(Method.java:497)

        at org.cmdbuild.servlets.JSONDispatcher.dispatch(JSONDispatcher.java:107)

        at org.cmdbuild.servlets.JSONDispatcher.doPost(JSONDispatcher.java:67)

        at javax.servlet.http.HttpServlet.service(HttpServlet.java:646)

        at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)

        at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)

        at org.cmdbuild.filters.AuthFilter.doFilter(AuthFilter.java:158)

        at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)

        at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)

        at org.cmdbuild.filters.PatchManagerFilter.doFilter(PatchManagerFilter.java:48)

        at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)

        at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)

        at org.cmdbuild.filters.ConfCheckFilter.doFilter(ConfCheckFilter.java:31)

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)

        at org.cmdbuild.filters.TranslationFilter.doFilter(TranslationFilter.java:52)

        at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)

        at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)

        at org.cmdbuild.filters.LocalizationFilter.doFilter(LocalizationFilter.java:127)

        at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)

        at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)

        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)

        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)

        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501)

        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)

        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)

        at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)

        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)

        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)

        at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1040)

        at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:607)

        at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:314)

        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)

        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)

        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)

        at java.lang.Thread.run(Thread.java:745)

 

I hope someone know how to fix this error. Any help would be greatly appreciated.

 

Thanks in advanced

Samko

 

Previously Tecnoteca wrote:

Unfortunately we cannot diagnose or solve problems like this just talking on the forum. In fact, for some users the login is successful. You should consider to buy some commercial support from the project's maintainer.

 

Best regards.

 

-- CMDBuild Team

 

Previously Quentin Varquet wrote:

was related at some configuration issue. If others can login then we can exclude some kind of bug of CMDBuild. The usernames of the users who cannot login have some special characters?

Hello, no the user don't have some special characters, and even if they have this error in the log, they can login without problem.

 

 

 

 

Hi all,

 

I was posting yesterday that we got similliar issue with cmdbuild 2.3.4, but we have fixed it today.

 

Create for example normal user in your Active Directory like 'ad.service', set password and please try all with this configuration:

 

auth.methods=LdapAuthenticator,DBAuthenticator
ldap.server.address=ipaddr or hostname.com
ldap.server.port=port
ldap.use.ssl=false
ldap.basedn=dc=domain,dc=com
ldap.bind.attribute=samaccountname

 

 

ldap.search.filter=(objectCategory=person)
ldap.search.auth.method=simple
ldap.search.auth.principal=ad.service@yourdomain.com
ldap.search.auth.password=ad.servicepassword

 

 

Remember: Groups in AD should be replicated in CMDBuild groups (you cannot create groups in cmdb with space). If you have for example group "DevOps" in your AD, you have to create it in cmdb too and add users to that group, after that just reload cmdbuild via tomcat and thats it.

 

And set DEBUG in log4j.conf for auth:

vi /var/lib/tomcat/cmdbuild/WEB-INF/conf/log4j.conf

 

log4j.logger.auth=DEBUG

 

 

Save, reload cmdbuild, try to login and watch cmdbuild log, so you can have a look what is going on with:

tailf -f /var/log/tomcat/cmdbuild.log

 

 

Successful login should look like this in cmdbuild.log:

 

INFO  2015-11-29 07:17:48 [jsonrpc ] Calling url /login/login

INFO  2015-11-29 07:17:48 [cmdbuild] trying to login user surname.name

with group null

DEBUG 2015-11-29 07:17:48 [auth    ] restoring defaults

DEBUG 2015-11-29 07:17:48 [auth    ] LDAP generated search query: (&(objectCategory=person)(sAMAccountName=surname.name))

 

DEBUG 2015-11-29 07:17:48 [auth    ] setting simple bind to authenticate

DEBUG 2015-11-29 07:17:48 [auth    ] binding with username 'CN=Surname Name,OU=Department,OU=DevOps,DC=domain,DC=com'

 

INFO  2015-11-29 07:17:48 [jsonrpc ] Calling url /utils/gettranslationobject

INFO  2015-11-29 07:17:49 [jsonrpc ] Calling url /schema/modclass/getfunctions

INFO  2015-11-29 07:17:50 [jsonrpc ] Calling url /schema/modsecurity/getuiconfiguration

 

Hope it helps!

 

Best regards,

Samko

Previously Quentin Varquet wrote:

Hello, 

 

Thank you for your answer.

 

The "stuck" condition is not related with the LDAP error. For diagnose the "stuck" condition you should also look at the JavaScript debugger for some errors and/or delays in the server-client configuration.

 

I think this is just a problem with the cache. When they delete it it works perfectly.

 

 

The LDAP issue is about a binding problem with the current user. Looking at the extract we can figure a configuration issue. Are you able to post the LDAP section of the auth.conf file? Of course you can skip the authentication fields.

 

Yes I can, we are using it since almost 3 years and we never had any problem

 

auth.methods=LdapAuthenticator,DBAuthenticator

force.ws.password.digest=false

ldap.server.address=OUR_LDAP_SERVER (example ldap.servers.com)

ldap.server.port=OUR_PORT

ldap.use.ssl=false

ldap.basedn=OU=-FR,DC=PART_OF_OUR_ADDRESS,DC=PART_OF_OUR_ADDRESS,DC=PART_OF_OUR_ADDRESS,DC=PART_OF_OUR_ADDRESS

ldap.bind.attribute=samaccountname

#ldap.search.filter=(&(ObjectCategory=Person)(samaccountname=*))

##Accept only none (anonymous bind) and simple (simple bind)

ldap.search.auth.method=simple

##This section is only for simple bind

ldap.search.auth.principal=CN=srv.cmdbuild,OU=SERVICE ACCOUNR,OU=_Admin,OU=-PART_OF_OUR_ADDRESS,DC=PART_OF_OUR_ADDRESS,DC=PART_OF_OUR_ADDRESS,DC=PART_OF_OUR_ADDRESS,DC=PART_OF_OUR_ADDRESS

ldap.search.auth.password=OUR_LDAP_SERVER

With this configuration it's working well, we just have the error on log files, but our users can log with their AD accounts