CMDBuild Forum

LDAP auth problems

Old Versions
#1

Hello, i'm trying to setup LDAP authentication on our CMDBuild setup, but can't seem to get it to work.

I've followed our companies guide for LDAP configuration along with the CMDB guide, here's what i have in auth.conf

 

ldap.server.address=corpad.mycompany.com

ldap.server.port=3268

ldap.use.ssl=false

ldap.basedn=dc=corp,DC=mycompany,dc=com

ldap.bind.attribute=sAMAccountName

 

ldap.search.filter=(&(objectcategory=person)(objectclass=user)(intelflags=1)(samaccountname=XXXXX))

ldap.search.auth.method=simple

ldap.search.auth.principal=myusername

ldap.search.auth.password=mypassword

 

But i just doesn't log me in, as i understand i need to create a user in CMDB with the same username as in ldap, give it a random password, and it will authenticate via LDAP, is the correct?

 

most of the details i got from our companies guide, we cannot perform anonymous queries, so i have to use a username+password.

so i've tried this, with no luck

ldap.server.address=corpadssl.mycompany.com

ldap.server.port=3269

ldap.use.ssl=true

 

 

what exactly do i need to input in ldap.search.auth.principal, can i just input my username like i did? or do i need some more information?

 

#2
Hi, 
I suggest to try all the authentication information from a LDAP editor just to be sure that you are using the correct informations.
You should possibly use a readonly account that has visibility on all the  people you what to give access to, using the filter specified.
 
Of course you need to have also a created account in CMDBuild having tyhe username equals to the LDAP'sAMAccountName
 
Could you post the error you have in the cmdbuild.log?
 
Best regards.
The CMDBuild team
 
#3

Previously Tecnoteca wrote:

Hi, 
I suggest to try all the authentication information from a LDAP editor just to be sure that you are using the correct informations.
You should possibly use a readonly account that has visibility on all the  people you what to give access to, using the filter specified.
 
Of course you need to have also a created account in CMDBuild having tyhe username equals to the LDAP'sAMAccountName
 
Could you post the error you have in the cmdbuild.log?
 
Best regards.
The CMDBuild team
 
Sorry for the long reply, been deploying CMDBuild on a new server.
Her'es the error it gives me:
Call: services/json/login/login
--------------------------------
Error: org.cmdbuild.exception.AuthException: AUTH_LOGIN_WRONG
	at org.cmdbuild.exception.AuthException$AuthExceptionType.createException(AuthException.java:24)
	at org.cmdbuild.logic.auth.DefaultAuthenticationLogic.login(DefaultAuthenticationLogic.java:147)
	at org.cmdbuild.servlets.json.Login.login(Login.java:37)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:606)
	at org.cmdbuild.servlets.JSONDispatcher.dispatch(JSONDispatcher.java:101)
	at org.cmdbuild.servlets.JSONDispatcher.doPost(JSONDispatcher.java:61)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:646)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.cmdbuild.filters.AuthFilter.doFilter(AuthFilter.java:158)
	at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
	at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.cmdbuild.filters.PatchManagerFilter.doFilter(PatchManagerFilter.java:48)
	at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
	at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.cmdbuild.filters.ConfCheckFilter.doFilter(ConfCheckFilter.java:31)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.cmdbuild.filters.TranslationFilter.doFilter(TranslationFilter.java:52)
	at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
	at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.cmdbuild.filters.LocalizationFilter.doFilter(LocalizationFilter.java:127)
	at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
	at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
	at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
	at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1040)
	at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:607)
	at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:315)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
	at java.lang.Thread.run(Thread.java:745)
#4

Previously Tecnoteca wrote:

Hi, 
I suggest to try all the authentication information from a LDAP editor just to be sure that you are using the correct informations.
You should possibly use a readonly account that has visibility on all the  people you what to give access to, using the filter specified.
 
Of course you need to have also a created account in CMDBuild having tyhe username equals to the LDAP'sAMAccountName
 
Could you post the error you have in the cmdbuild.log?
 
Best regards.
The CMDBuild team
 
I'm working with a proxy if that makes a difference.
I've configures the server to work with the proxy without any issues thou.
#5

Previously Alex wrote:

Previously Tecnoteca wrote:
Hi, 
I suggest to try all the authentication information from a LDAP editor just to be sure that you are using the correct informations.
You should possibly use a readonly account that has visibility on all the  people you what to give access to, using the filter specified.
 
Of course you need to have also a created account in CMDBuild having tyhe username equals to the LDAP'sAMAccountName
 
Could you post the error you have in the cmdbuild.log?
 
Best regards.
The CMDBuild team
 
I'm working with a proxy if that makes a difference.
I've configures the server to work with the proxy without any issues thou.
Hi,
the machine where CMDBuild is installed has the visibility of the LDAP server (does it respond if you ping it?).
From the log I cannot see the reason why the authentication failed, could you please try to set a higher log level in the log4j.conf file (${webapp_dir}/WEB-INF/conf/log4j.conf) for the authehtication operations? Just change this line: 
log4j.logger.auth=WARN
to this: 
log4j.logger.auth=DEBUG
Can you please then post again the log portion when the error appears together with the previous information marked as "auth"
Best regards,
The CMDBuild Team
 
 
#6

Previously Tecnoteca wrote:

Previously Alex wrote:
Previously Tecnoteca wrote:
Hi, 
I suggest to try all the authentication information from a LDAP editor just to be sure that you are using the correct informations.
You should possibly use a readonly account that has visibility on all the  people you what to give access to, using the filter specified.
 
Of course you need to have also a created account in CMDBuild having tyhe username equals to the LDAP'sAMAccountName
 
Could you post the error you have in the cmdbuild.log?
 
Best regards.
The CMDBuild team
 
I'm working with a proxy if that makes a difference.
I've configures the server to work with the proxy without any issues thou.
Hi,
the machine where CMDBuild is installed has the visibility of the LDAP server (does it respond if you ping it?).
From the log I cannot see the reason why the authentication failed, could you please try to set a higher log level in the log4j.conf file (${webapp_dir}/WEB-INF/conf/log4j.conf) for the authehtication operations? Just change this line: 
log4j.logger.auth=WARN
to this: 
log4j.logger.auth=DEBUG
Can you please then post again the log portion when the error appears together with the previous information marked as "auth"
Best regards,
The CMDBuild Team
 
 
OK I've check and the server can ping the LDAP server, either via IP or host-name.
I've also changed the logger level, but i don't see any difference in the errors it shows me in the login screen, what error/log exactly do you want me to show you?
 
#7

Previously Alex wrote:

Previously Tecnoteca wrote:
Previously Alex wrote:
Previously Tecnoteca wrote:
Hi, 
I suggest to try all the authentication information from a LDAP editor just to be sure that you are using the correct informations.
You should possibly use a readonly account that has visibility on all the  people you what to give access to, using the filter specified.
 
Of course you need to have also a created account in CMDBuild having tyhe username equals to the LDAP'sAMAccountName
 
Could you post the error you have in the cmdbuild.log?
 
Best regards.
The CMDBuild team
 
I'm working with a proxy if that makes a difference.
I've configures the server to work with the proxy without any issues thou.
Hi,
the machine where CMDBuild is installed has the visibility of the LDAP server (does it respond if you ping it?).
From the log I cannot see the reason why the authentication failed, could you please try to set a higher log level in the log4j.conf file (${webapp_dir}/WEB-INF/conf/log4j.conf) for the authehtication operations? Just change this line: 
log4j.logger.auth=WARN
to this: 
log4j.logger.auth=DEBUG
Can you please then post again the log portion when the error appears together with the previous information marked as "auth"
Best regards,
The CMDBuild Team
 
 
OK I've check and the server can ping the LDAP server, either via IP or host-name.
I've also changed the logger level, but i don't see any difference in the errors it shows me in the login screen, what error/log exactly do you want me to show you?
 
OK i've figured it out, here's the cmdbuild.log file, I've moved the old one (it was way to long, i can post it if you want), rebooted and tried to log in.
 
INFO  2015-08-11 14:14:11 [cmdbuild] loading configurations
WARN  2015-08-11 14:14:14 [org.apache.cxf.bus.spring.OldSpringSupport] Import of META-INF/cxf/cxf-extension-soap.xml has been deprecated and is unnecessary.
INFO  2015-08-11 14:14:17 [cmdbuild] getting all-in-one 'interface org.cmdbuild.services.event.Observer'
INFO  2015-08-11 14:14:17 [cmdbuild] getting all-in-one 'interface org.cmdbuild.services.event.Observer'
INFO  2015-08-11 14:14:17 [cmdbuild] getting all-in-one 'interface org.cmdbuild.services.event.Observer'
INFO  2015-08-11 14:14:17 [cmdbuild] getting all-in-one 'interface org.cmdbuild.services.event.Observer'
INFO  2015-08-11 14:14:17 [cmdbuild] getting all-in-one 'interface org.cmdbuild.services.event.Observer'
INFO  2015-08-11 14:14:17 [cmdbuild] getting all-in-one 'interface org.cmdbuild.services.event.Observer'
INFO  2015-08-11 14:14:17 [cmdbuild] getting all-in-one 'interface org.cmdbuild.services.event.Observer'
INFO  2015-08-11 14:14:17 [cmdbuild] getting all-in-one 'interface org.cmdbuild.services.event.Observer'
INFO  2015-08-11 14:14:17 [cmdbuild] getting all-in-one 'interface org.cmdbuild.services.event.Observer'
INFO  2015-08-11 14:14:17 [cmdbuild] getting all-in-one 'interface org.cmdbuild.services.event.Observer'
INFO  2015-08-11 14:14:18 [cmdbuild] Number of fetched patches: 105
INFO  2015-08-11 14:14:18 [cmdbuild] Last patch /var/lib/tomcat7/webapps/cmdbuild/WEB-INF/patches/2.3.2-02.sql
INFO  2015-08-11 14:14:18 [cmdbuild] Last available patch is 2.3.2-02
INFO  2015-08-11 14:14:18 [cmdbuild] getting all-in-one 'interface org.cmdbuild.services.event.Observer'
INFO  2015-08-11 14:14:18 [cmdbuild] getting all-in-one 'interface org.cmdbuild.services.event.Observer'
INFO  2015-08-11 14:14:18 [cmdbuild] getting all-in-one 'interface org.cmdbuild.services.event.Observer'
INFO  2015-08-11 14:14:18 [cmdbuild] getting all-in-one 'interface org.cmdbuild.services.event.Observer'
INFO  2015-08-11 14:14:18 [cmdbuild] getting all-in-one 'interface org.cmdbuild.services.event.Observer'
INFO  2015-08-11 14:14:18 [cmdbuild] getting all-in-one 'interface org.cmdbuild.services.event.Observer'
INFO  2015-08-11 14:14:18 [cmdbuild] getting all-in-one 'interface org.cmdbuild.services.event.Observer'
INFO  2015-08-11 14:14:18 [cmdbuild] getting all-in-one 'interface org.cmdbuild.services.event.Observer'
INFO  2015-08-11 14:14:18 [cmdbuild] getting all-in-one 'interface org.cmdbuild.services.event.Observer'
INFO  2015-08-11 14:14:18 [cmdbuild] getting all-in-one 'interface org.cmdbuild.services.event.Observer'
INFO  2015-08-11 14:14:19 [cmdbuild] getting all-in-one 'interface org.cmdbuild.services.event.Observer'
INFO  2015-08-11 14:14:19 [cmdbuild] getting all-in-one 'interface org.cmdbuild.services.event.Observer'
INFO  2015-08-11 14:14:19 [cmdbuild] Initializing ParameterTransformers
INFO  2015-08-11 14:14:19 [cmdbuild] Transformer for org.apache.commons.fileupload.FileItem: org.cmdbuild.servlets.utils.transformer.FileItemTransformer
INFO  2015-08-11 14:14:19 [cmdbuild] Transformer for org.json.JSONObject: org.cmdbuild.servlets.utils.transformer.JSONObjectTransformer
INFO  2015-08-11 14:14:19 [cmdbuild] Transformer for org.json.JSONArray: org.cmdbuild.servlets.utils.transformer.JSONArrayTransformer
INFO  2015-08-11 14:14:19 [cmdbuild] Initializer custom ParameterBuilders
INFO  2015-08-11 14:14:19 [cmdbuild] starting scheduler service
INFO  2015-08-11 14:14:19 [cmdbuild] reading all existing tasks
INFO  2015-08-11 14:14:19 [cmdbuild] clearing DMS temporary folder
INFO  2015-08-11 14:14:47 [cmdbuild] trying to login with no username or password
INFO  2015-08-11 14:14:47 [cmdbuild] trying to login with no username or password
INFO  2015-08-11 14:14:47 [cmdbuild] Redirecting to index.jsp
INFO  2015-08-11 14:14:47 [cmdbuild] trying to login with no username or password
INFO  2015-08-11 14:14:47 [cmdbuild] Redirecting to index.jsp
INFO  2015-08-11 14:14:47 [jsonrpc ] Calling url /utils/gettranslationobject
INFO  2015-08-11 14:14:48 [jsonrpc ] Calling url /utils/gettranslationobject
INFO  2015-08-11 14:14:48 [jsonrpc ] Calling url /schema/setup/getconfiguration
INFO  2015-08-11 14:14:48 [cmdbuild] trying to login with no username or password
INFO  2015-08-11 14:14:48 [cmdbuild] Redirecting to index.jsp
INFO  2015-08-11 14:14:48 [cmdbuild] trying to login with no username or password
INFO  2015-08-11 14:14:48 [cmdbuild] Redirecting to index.jsp
INFO  2015-08-11 14:14:48 [cmdbuild] trying to login with no username or password
INFO  2015-08-11 14:14:48 [cmdbuild] Redirecting to index.jsp
INFO  2015-08-11 14:14:48 [cmdbuild] trying to login with no username or password
INFO  2015-08-11 14:14:48 [cmdbuild] Redirecting to index.jsp
INFO  2015-08-11 14:14:48 [cmdbuild] trying to login with no username or password
INFO  2015-08-11 14:14:48 [cmdbuild] Redirecting to index.jsp
INFO  2015-08-11 14:14:48 [cmdbuild] trying to login with no username or password
INFO  2015-08-11 14:14:48 [cmdbuild] Redirecting to index.jsp
INFO  2015-08-11 14:14:48 [cmdbuild] trying to login with no username or password
INFO  2015-08-11 14:14:48 [cmdbuild] Redirecting to index.jsp
INFO  2015-08-11 14:14:48 [cmdbuild] trying to login with no username or password
INFO  2015-08-11 14:14:48 [cmdbuild] Redirecting to index.jsp
INFO  2015-08-11 14:14:48 [cmdbuild] trying to login with no username or password
INFO  2015-08-11 14:14:48 [cmdbuild] Redirecting to index.jsp
INFO  2015-08-11 14:14:48 [cmdbuild] trying to login with no username or password
INFO  2015-08-11 14:14:48 [cmdbuild] Redirecting to index.jsp
INFO  2015-08-11 14:14:48 [cmdbuild] trying to login with no username or password
INFO  2015-08-11 14:14:48 [cmdbuild] Redirecting to index.jsp
INFO  2015-08-11 14:14:48 [cmdbuild] trying to login with no username or password
INFO  2015-08-11 14:14:48 [cmdbuild] Redirecting to index.jsp
INFO  2015-08-11 14:14:48 [cmdbuild] trying to login with no username or password
INFO  2015-08-11 14:14:48 [cmdbuild] Redirecting to index.jsp
INFO  2015-08-11 14:14:48 [cmdbuild] trying to login with no username or password
INFO  2015-08-11 14:14:48 [cmdbuild] Redirecting to index.jsp
INFO  2015-08-11 14:14:48 [cmdbuild] trying to login with no username or password
INFO  2015-08-11 14:14:48 [cmdbuild] Redirecting to index.jsp
INFO  2015-08-11 14:14:48 [cmdbuild] trying to login with no username or password
INFO  2015-08-11 14:14:48 [cmdbuild] Redirecting to index.jsp
INFO  2015-08-11 14:14:48 [cmdbuild] trying to login with no username or password
INFO  2015-08-11 14:14:48 [cmdbuild] Redirecting to index.jsp
INFO  2015-08-11 14:14:48 [cmdbuild] trying to login with no username or password
INFO  2015-08-11 14:14:48 [cmdbuild] Redirecting to index.jsp
INFO  2015-08-11 14:14:48 [cmdbuild] trying to login with no username or password
INFO  2015-08-11 14:14:48 [cmdbuild] Redirecting to index.jsp
INFO  2015-08-11 14:14:48 [cmdbuild] trying to login with no username or password
INFO  2015-08-11 14:14:48 [cmdbuild] Redirecting to index.jsp
INFO  2015-08-11 14:14:48 [cmdbuild] trying to login with no username or password
INFO  2015-08-11 14:14:48 [cmdbuild] Redirecting to index.jsp
INFO  2015-08-11 14:14:55 [jsonrpc ] Calling url /login/login
INFO  2015-08-11 14:14:55 [cmdbuild] trying to login user azeleznx with group null
ERROR 2015-08-11 14:14:55 [cmdbuild] Login failed
ERROR 2015-08-11 14:14:55 [jsonrpc ] A org.cmdbuild.exception.AuthException occurred calling method class org.cmdbuild.servlets.json.Login.login: AUTH_LOGIN_WRONG
org.cmdbuild.exception.AuthException: AUTH_LOGIN_WRONG
at org.cmdbuild.exception.AuthException$AuthExceptionType.createException(AuthException.java:24)
at org.cmdbuild.logic.auth.DefaultAuthenticationLogic.login(DefaultAuthenticationLogic.java:147)
at org.cmdbuild.servlets.json.Login.login(Login.java:37)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.cmdbuild.servlets.JSONDispatcher.dispatch(JSONDispatcher.java:101)
at org.cmdbuild.servlets.JSONDispatcher.doPost(JSONDispatcher.java:61)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:646)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.cmdbuild.filters.AuthFilter.doFilter(AuthFilter.java:158)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.cmdbuild.filters.PatchManagerFilter.doFilter(PatchManagerFilter.java:48)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.cmdbuild.filters.ConfCheckFilter.doFilter(ConfCheckFilter.java:31)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.cmdbuild.filters.TranslationFilter.doFilter(TranslationFilter.java:52)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.cmdbuild.filters.LocalizationFilter.doFilter(LocalizationFilter.java:127)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1040)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:607)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:315)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)
 
#8

Previously Alex wrote:

Previously Tecnoteca wrote:
Previously Alex wrote:
Previously Tecnoteca wrote:
Hi, 
I suggest to try all the authentication information from a LDAP editor just to be sure that you are using the correct informations.
You should possibly use a readonly account that has visibility on all the  people you what to give access to, using the filter specified.
 
Of course you need to have also a created account in CMDBuild having tyhe username equals to the LDAP'sAMAccountName
 
Could you post the error you have in the cmdbuild.log?
 
Best regards.
The CMDBuild team
 
I'm working with a proxy if that makes a difference.
I've configures the server to work with the proxy without any issues thou.
Hi,
the machine where CMDBuild is installed has the visibility of the LDAP server (does it respond if you ping it?).
From the log I cannot see the reason why the authentication failed, could you please try to set a higher log level in the log4j.conf file (${webapp_dir}/WEB-INF/conf/log4j.conf) for the authehtication operations? Just change this line: 
log4j.logger.auth=WARN
to this: 
log4j.logger.auth=DEBUG
Can you please then post again the log portion when the error appears together with the previous information marked as "auth"
Best regards,
The CMDBuild Team
 
 
OK I've check and the server can ping the LDAP server, either via IP or host-name.
I've also changed the logger level, but i don't see any difference in the errors it shows me in the login screen, what error/log exactly do you want me to show you?
 
Hi,
if you put auth at a DEBUG level, then in the CMDBuild log file you should find some rows explaining the authentication process. For example:
[LDAP: error code 49 - NDS error: failed authentication (-669)]; remaining name ''
or
[auth    ] cannot authenticate user 'xxxxxx' on LDAP
before or after your error.
If you don't see anything about LDAP in the logs maybe you only forgot to allow LDAP authentication in the auth.conf file. I mean change this line:
auth.methods=DBAuthenticator
with this line:
auth.methods=LdapAuthenticator,DBAuthenticator
If it is not the case there should be an error in your configuration and I would suggest you to try to acces LDAP with another tool (like Softerra LDAP browser or similar) using exactly the same configuration that you are trying to use in CMDBuild.
 
Best regards,
The CMDBuild Team
#9

Previously Tecnoteca wrote:

Previously Alex wrote:
Previously Tecnoteca wrote:
Previously Alex wrote:
Previously Tecnoteca wrote:
Hi, 
I suggest to try all the authentication information from a LDAP editor just to be sure that you are using the correct informations.
You should possibly use a readonly account that has visibility on all the  people you what to give access to, using the filter specified.
 
Of course you need to have also a created account in CMDBuild having tyhe username equals to the LDAP'sAMAccountName
 
Could you post the error you have in the cmdbuild.log?
 
Best regards.
The CMDBuild team
 
I'm working with a proxy if that makes a difference.
I've configures the server to work with the proxy without any issues thou.
Hi,
the machine where CMDBuild is installed has the visibility of the LDAP server (does it respond if you ping it?).
From the log I cannot see the reason why the authentication failed, could you please try to set a higher log level in the log4j.conf file (${webapp_dir}/WEB-INF/conf/log4j.conf) for the authehtication operations? Just change this line: 
log4j.logger.auth=WARN
to this: 
log4j.logger.auth=DEBUG
Can you please then post again the log portion when the error appears together with the previous information marked as "auth"
Best regards,
The CMDBuild Team
 
 
OK I've check and the server can ping the LDAP server, either via IP or host-name.
I've also changed the logger level, but i don't see any difference in the errors it shows me in the login screen, what error/log exactly do you want me to show you?
 
Hi,
if you put auth at a DEBUG level, then in the CMDBuild log file you should find some rows explaining the authentication process. For example:
[LDAP: error code 49 - NDS error: failed authentication (-669)]; remaining name ''
or
[auth    ] cannot authenticate user 'xxxxxx' on LDAP
before or after your error.
If you don't see anything about LDAP in the logs maybe you only forgot to allow LDAP authentication in the auth.conf file. I mean change this line:
auth.methods=DBAuthenticator
with this line:
auth.methods=LdapAuthenticator,DBAuthenticator
If it is not the case there should be an error in your configuration and I would suggest you to try to acces LDAP with another tool (like Softerra LDAP browser or similar) using exactly the same configuration that you are trying to use in CMDBuild.
 
Best regards,
The CMDBuild Team

 

Well it seems i don't have any information about LDAP in the log file, i've check and the auth.conf seems to be configured correctly with auth.methods=LdapAuthenticator,DBAuthenticator.
I've tried using the Softerra LDAP browser but couldn't figure out how to use it, but with a similiar program i can browse LDAP and make searches with the username i provided in auth.conf.
#10

Previously Alex wrote:

Previously Tecnoteca wrote:
Previously Alex wrote:
Previously Tecnoteca wrote:
Previously Alex wrote:
Previously Tecnoteca wrote:
Hi, 
I suggest to try all the authentication information from a LDAP editor just to be sure that you are using the correct informations.
You should possibly use a readonly account that has visibility on all the  people you what to give access to, using the filter specified.
 
Of course you need to have also a created account in CMDBuild having tyhe username equals to the LDAP'sAMAccountName
 
Could you post the error you have in the cmdbuild.log?
 
Best regards.
The CMDBuild team
 
I'm working with a proxy if that makes a difference.
I've configures the server to work with the proxy without any issues thou.
Hi,
the machine where CMDBuild is installed has the visibility of the LDAP server (does it respond if you ping it?).
From the log I cannot see the reason why the authentication failed, could you please try to set a higher log level in the log4j.conf file (${webapp_dir}/WEB-INF/conf/log4j.conf) for the authehtication operations? Just change this line: 
log4j.logger.auth=WARN
to this: 
log4j.logger.auth=DEBUG
Can you please then post again the log portion when the error appears together with the previous information marked as "auth"
Best regards,
The CMDBuild Team
 
 
OK I've check and the server can ping the LDAP server, either via IP or host-name.
I've also changed the logger level, but i don't see any difference in the errors it shows me in the login screen, what error/log exactly do you want me to show you?
 
Hi,
if you put auth at a DEBUG level, then in the CMDBuild log file you should find some rows explaining the authentication process. For example:
[LDAP: error code 49 - NDS error: failed authentication (-669)]; remaining name ''
or
[auth    ] cannot authenticate user 'xxxxxx' on LDAP
before or after your error.
If you don't see anything about LDAP in the logs maybe you only forgot to allow LDAP authentication in the auth.conf file. I mean change this line:
auth.methods=DBAuthenticator
with this line:
auth.methods=LdapAuthenticator,DBAuthenticator
If it is not the case there should be an error in your configuration and I would suggest you to try to acces LDAP with another tool (like Softerra LDAP browser or similar) using exactly the same configuration that you are trying to use in CMDBuild.
 
Best regards,
The CMDBuild Team

 

Well it seems i don't have any information about LDAP in the log file, i've check and the auth.conf seems to be configured correctly with auth.methods=LdapAuthenticator,DBAuthenticator.
I've tried using the Softerra LDAP browser but couldn't figure out how to use it, but with a similiar program i can browse LDAP and make searches with the username i provided in auth.conf.

 

Hi,
it is strange because if you configured the auth.conf file to use LDAP you should see something related to LDAP in the log file when you try to log-in. Did you restart the system after changing the auth.conf file? In that file the attribute ldap.security.principal should contain the username and ldap.security.credentials should contain the password. 
Is the 'sAMAccountName' attribute in LDAP of the user you are trying to login the same as the username of one of CMDBuild's users? Did you try to change the filter to make it less strict?
 
Regards,
 
The CMDBuild Team
#11

Previously Tecnoteca wrote:

Previously Alex wrote:
Previously Tecnoteca wrote:
Previously Alex wrote:
Previously Tecnoteca wrote:
Previously Alex wrote:
Previously Tecnoteca wrote:
Hi, 
I suggest to try all the authentication information from a LDAP editor just to be sure that you are using the correct informations.
You should possibly use a readonly account that has visibility on all the  people you what to give access to, using the filter specified.
 
Of course you need to have also a created account in CMDBuild having tyhe username equals to the LDAP'sAMAccountName
 
Could you post the error you have in the cmdbuild.log?
 
Best regards.
The CMDBuild team
 
I'm working with a proxy if that makes a difference.
I've configures the server to work with the proxy without any issues thou.
Hi,
the machine where CMDBuild is installed has the visibility of the LDAP server (does it respond if you ping it?).
From the log I cannot see the reason why the authentication failed, could you please try to set a higher log level in the log4j.conf file (${webapp_dir}/WEB-INF/conf/log4j.conf) for the authehtication operations? Just change this line: 
log4j.logger.auth=WARN
to this: 
log4j.logger.auth=DEBUG
Can you please then post again the log portion when the error appears together with the previous information marked as "auth"
Best regards,
The CMDBuild Team
 
 
OK I've check and the server can ping the LDAP server, either via IP or host-name.
I've also changed the logger level, but i don't see any difference in the errors it shows me in the login screen, what error/log exactly do you want me to show you?
 
Hi,
if you put auth at a DEBUG level, then in the CMDBuild log file you should find some rows explaining the authentication process. For example:
[LDAP: error code 49 - NDS error: failed authentication (-669)]; remaining name ''
or
[auth    ] cannot authenticate user 'xxxxxx' on LDAP
before or after your error.
If you don't see anything about LDAP in the logs maybe you only forgot to allow LDAP authentication in the auth.conf file. I mean change this line:
auth.methods=DBAuthenticator
with this line:
auth.methods=LdapAuthenticator,DBAuthenticator
If it is not the case there should be an error in your configuration and I would suggest you to try to acces LDAP with another tool (like Softerra LDAP browser or similar) using exactly the same configuration that you are trying to use in CMDBuild.
 
Best regards,
The CMDBuild Team

 

Well it seems i don't have any information about LDAP in the log file, i've check and the auth.conf seems to be configured correctly with auth.methods=LdapAuthenticator,DBAuthenticator.
I've tried using the Softerra LDAP browser but couldn't figure out how to use it, but with a similiar program i can browse LDAP and make searches with the username i provided in auth.conf.

 

Hi,
it is strange because if you configured the auth.conf file to use LDAP you should see something related to LDAP in the log file when you try to log-in. Did you restart the system after changing the auth.conf file? In that file the attribute ldap.security.principal should contain the username and ldap.security.credentials should contain the password. 
Is the 'sAMAccountName' attribute in LDAP of the user you are trying to login the same as the username of one of CMDBuild's users? Did you try to change the filter to make it less strict?
 
Regards,
 
The CMDBuild Team

 

OK I've shutdown the system, and still no errors for LDAP are showing up.
The username is correct, I've double checked, and I've tried various filters and nothing helped.