CMDBuild Forum

Unable to get LDAP working

Hi

Been trying to get LDAP working on our server for a while now and tried so many things that I think I have confused myself.

I would also like to know what is required for header authentication, as this is something I would like to try and set up. I need to know what information needs to be passed through to the application.

 

ANY Help gratefully received - We have followed the instructions in the Manual but with no luck.

 

We are using Tomcat 7.0.14 and PostgreSQL

Oracle Linux Server release 5.7

Installed CMDBuild 2.0.3

 

Here is the auth.conf file with my personal details removed and replaced with {}.

 

## Authentication method chain (the first match stops the auth chain)

#auth.methods=HeaderAuthenticator,CasAuthenticator,LdapAuthenticator,DBAuthenticator

auth.methods=LdapAuthenticator,DBAuthenticator

 

#serviceusers=portlet

#serviceusers.privileged=workflow

#force.ws.password.digest=true

 

##

## HEADER

##

 

#header.attribute.name=username

 

##

## CAS

##

 

#cas.server.url=https://casserver/cas

#cas.login.page=/login

#cas.service.param=service

#cas.ticket.param=ticket

 

##

## LDAP

##

 

ldap.server.address={LDAP SERVERNAME}.{DOMAIN NAME}.co.uk

ldap.server.port=389

ldap.use.ssl=false

ldap.basedn=ou=HQ Users,dc={DOMAIN NAME},dc=co,dc=uk

ldap.bind.attribute=uid

 

#ldap.search.filter=(&(objectClass=myclass1)(objectClass=myclass2))

##Accept only none (anonymous bind) and simple (simple bind)

#ldap.search.auth.method=none

##This section is only for simple bind

ldap.search.auth.method=simple

ldap.search.auth.principal=uid=SyssvnAdmin,ou=Service Accounts,ou=HQ Domain Admins,dc={DOMAIN NAME},dc=co,dc=uk

ldap.search.auth.password={OUR PASSWORD}

 

I am getting this error

 

org.cmdbuild.exception.AuthException: AUTH_LOGIN_WRONG

       at org.cmdbuild.exception.AuthException$AuthExceptionType.createException(AuthException.java:23)

       at org.cmdbuild.services.auth.AuthenticationFacade.login(AuthenticationFacade.java:36)

       at org.cmdbuild.servlets.json.Login.login(Login.java:31)

       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

       at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)

       at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)

       at java.lang.reflect.Method.invoke(Unknown Source)

       at org.cmdbuild.servlets.JSONDispatcher.dispatch(JSONDispatcher.java:94)

       at org.cmdbuild.servlets.JSONDispatcher.doPost(JSONDispatcher.java:55)

       at javax.servlet.http.HttpServlet.service(HttpServlet.java:641)

       at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)

       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:304)

       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)

       at org.cmdbuild.filters.AuthFilter.doFilter(AuthFilter.java:54)

       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)

       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)

       at org.cmdbuild.filters.PatchManagerFilter.doFilter(PatchManagerFilter.java:28)

       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)

       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)

       at org.cmdbuild.filters.ConfCheckFilter.doFilter(ConfCheckFilter.java:31)

       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)

       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)

       at org.cmdbuild.filters.TranslationFilter.doFilter(TranslationFilter.java:37)

       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)

       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)

       at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:240)

       at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:164)

       at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:462)

       at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:164)

       at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100)

       at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:563)

       at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)

       at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:399)

       at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:317)

       at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:204)

       at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:311)

       at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)

       at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)

       at java.lang.Thread.run(Unknown Source)

Hi Karl
Ldap works fine in our environment
here's our ldap settings for accessing an AD:
<code>
auth.methods=LdapAuthenticator,DBAuthenticator
ldap.server.address=myserver.acme.com
ldap.server.port=389
ldap.use.ssl=false
ldap.basedn=CN=Users,dc=acme,dc=com
ldap.bind.attribute=sAMAccountName
 
ldap.search.filter=(objectClass=*)
ldap.search.auth.method=simple
ldap.search.auth.principal=CN=John Doe,CN=Users,DC=acme,DC=com
ldap.search.auth.password=itsasecret
</code>
then, on the management side, add the user accounts as on your LDAP server, set a password (not used, because it's LDAP authentication)
put them on a group, and voila !
 
Regards,
Oli 
 
Previously Karl wrote:

Hi

Been trying to get LDAP working on our server for a while now and tried so many things that I think I have confused myself.

I would also like to know what is required for header authentication, as this is something I would like to try and set up. I need to know what information needs to be passed through to the application.

 

ANY Help gratefully received - We have followed the instructions in the Manual but with no luck.

 

We are using Tomcat 7.0.14 and PostgreSQL

Oracle Linux Server release 5.7

Installed CMDBuild 2.0.3

 

Here is the auth.conf file with my personal details removed and replaced with {}.

 

## Authentication method chain (the first match stops the auth chain)

#auth.methods=HeaderAuthenticator,CasAuthenticator,LdapAuthenticator,DBAuthenticator

auth.methods=LdapAuthenticator,DBAuthenticator

 

#serviceusers=portlet

#serviceusers.privileged=workflow

#force.ws.password.digest=true

 

##

## HEADER

##

 

#header.attribute.name=username

 

##

## CAS

##

 

#cas.server.url=https://casserver/cas

#cas.login.page=/login

#cas.service.param=service

#cas.ticket.param=ticket

 

##

## LDAP

##

 

ldap.server.address={LDAP SERVERNAME}.{DOMAIN NAME}.co.uk

ldap.server.port=389

ldap.use.ssl=false

ldap.basedn=ou=HQ Users,dc={DOMAIN NAME},dc=co,dc=uk

ldap.bind.attribute=uid

 

#ldap.search.filter=(&(objectClass=myclass1)(objectClass=myclass2))

##Accept only none (anonymous bind) and simple (simple bind)

#ldap.search.auth.method=none

##This section is only for simple bind

ldap.search.auth.method=simple

ldap.search.auth.principal=uid=SyssvnAdmin,ou=Service Accounts,ou=HQ Domain Admins,dc={DOMAIN NAME},dc=co,dc=uk

ldap.search.auth.password={OUR PASSWORD}

 

I am getting this error

 

org.cmdbuild.exception.AuthException: AUTH_LOGIN_WRONG

       at org.cmdbuild.exception.AuthException$AuthExceptionType.createException(AuthException.java:23)

       at org.cmdbuild.services.auth.AuthenticationFacade.login(AuthenticationFacade.java:36)

       at org.cmdbuild.servlets.json.Login.login(Login.java:31)

       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

       at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)

       at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)

       at java.lang.reflect.Method.invoke(Unknown Source)

       at org.cmdbuild.servlets.JSONDispatcher.dispatch(JSONDispatcher.java:94)

       at org.cmdbuild.servlets.JSONDispatcher.doPost(JSONDispatcher.java:55)

       at javax.servlet.http.HttpServlet.service(HttpServlet.java:641)

       at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)

       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:304)

       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)

       at org.cmdbuild.filters.AuthFilter.doFilter(AuthFilter.java:54)

       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)

       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)

       at org.cmdbuild.filters.PatchManagerFilter.doFilter(PatchManagerFilter.java:28)

       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)

       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)

       at org.cmdbuild.filters.ConfCheckFilter.doFilter(ConfCheckFilter.java:31)

       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)

       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)

       at org.cmdbuild.filters.TranslationFilter.doFilter(TranslationFilter.java:37)

       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)

       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)

       at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:240)

       at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:164)

       at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:462)

       at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:164)

       at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100)

       at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:563)

       at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)

       at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:399)

       at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:317)

       at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:204)

       at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:311)

       at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)

       at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)

       at java.lang.Thread.run(Unknown Source)

 

Hi!
I trying connect to LDAP, but receive logs:
 
WARN  2013-05-27 11:28:09 [auth    ] cannot authenticate user 'd.rozhkov' on LDAP
ERROR 2013-05-27 11:28:09 [cmdbuild] Login failed
ERROR 2013-05-27 11:28:09 [jsonrpc ] A org.cmdbuild.exception.AuthException occurred calling method class org.cmdbuild.servlets.json.Login.login: AUTH_LOGIN_WRONG
 
My config:
 
auth.methods=LdapAuthenticator,DBAuthenticator
ldap.server.address=10.1.3.150
ldap.server.port=389
ldap.use.ssl=false
ldap.basedn=DC=nauka,DC=net
ldap.bind.attribute=sAMAccountName
 
ldap.search.filter=(objectClass=*)
ldap.search.auth.method=simple
ldap.search.auth.principal=cn=cmdb_search,ou=bots,dc=nauka,dc=net
ldap.search.auth.password=Wrote_about86
 
Previously Oli v wrote:
Hi Karl
Ldap works fine in our environment
here's our ldap settings for accessing an AD:
<code>
auth.methods=LdapAuthenticator,DBAuthenticator
ldap.server.address=myserver.acme.com
ldap.server.port=389
ldap.use.ssl=false
ldap.basedn=CN=Users,dc=acme,dc=com
ldap.bind.attribute=sAMAccountName
 
ldap.search.filter=(objectClass=*)
ldap.search.auth.method=simple
ldap.search.auth.principal=CN=John Doe,CN=Users,DC=acme,DC=com
ldap.search.auth.password=itsasecret
</code>
then, on the management side, add the user accounts as on your LDAP server, set a password (not used, because it's LDAP authentication)
put them on a group, and voila !
 
Regards,
Oli 
 
Previously Karl wrote:

Hi

Been trying to get LDAP working on our server for a while now and tried so many things that I think I have confused myself.

I would also like to know what is required for header authentication, as this is something I would like to try and set up. I need to know what information needs to be passed through to the application.

 

ANY Help gratefully received - We have followed the instructions in the Manual but with no luck.

 

We are using Tomcat 7.0.14 and PostgreSQL

Oracle Linux Server release 5.7

Installed CMDBuild 2.0.3

 

Here is the auth.conf file with my personal details removed and replaced with {}.

 

## Authentication method chain (the first match stops the auth chain)

#auth.methods=HeaderAuthenticator,CasAuthenticator,LdapAuthenticator,DBAuthenticator

auth.methods=LdapAuthenticator,DBAuthenticator

 

#serviceusers=portlet

#serviceusers.privileged=workflow

#force.ws.password.digest=true

 

##

## HEADER

##

 

#header.attribute.name=username

 

##

## CAS

##

 

#cas.server.url=https://casserver/cas

#cas.login.page=/login

#cas.service.param=service

#cas.ticket.param=ticket

 

##

## LDAP

##

 

ldap.server.address={LDAP SERVERNAME}.{DOMAIN NAME}.co.uk

ldap.server.port=389

ldap.use.ssl=false

ldap.basedn=ou=HQ Users,dc={DOMAIN NAME},dc=co,dc=uk

ldap.bind.attribute=uid

 

#ldap.search.filter=(&(objectClass=myclass1)(objectClass=myclass2))

##Accept only none (anonymous bind) and simple (simple bind)

#ldap.search.auth.method=none

##This section is only for simple bind

ldap.search.auth.method=simple

ldap.search.auth.principal=uid=SyssvnAdmin,ou=Service Accounts,ou=HQ Domain Admins,dc={DOMAIN NAME},dc=co,dc=uk

ldap.search.auth.password={OUR PASSWORD}

 

I am getting this error

 

org.cmdbuild.exception.AuthException: AUTH_LOGIN_WRONG

       at org.cmdbuild.exception.AuthException$AuthExceptionType.createException(AuthException.java:23)

       at org.cmdbuild.services.auth.AuthenticationFacade.login(AuthenticationFacade.java:36)

       at org.cmdbuild.servlets.json.Login.login(Login.java:31)

       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

       at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)

       at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)

       at java.lang.reflect.Method.invoke(Unknown Source)

       at org.cmdbuild.servlets.JSONDispatcher.dispatch(JSONDispatcher.java:94)

       at org.cmdbuild.servlets.JSONDispatcher.doPost(JSONDispatcher.java:55)

       at javax.servlet.http.HttpServlet.service(HttpServlet.java:641)

       at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)

       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:304)

       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)

       at org.cmdbuild.filters.AuthFilter.doFilter(AuthFilter.java:54)

       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)

       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)

       at org.cmdbuild.filters.PatchManagerFilter.doFilter(PatchManagerFilter.java:28)

       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)

       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)

       at org.cmdbuild.filters.ConfCheckFilter.doFilter(ConfCheckFilter.java:31)

       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)

       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)

       at org.cmdbuild.filters.TranslationFilter.doFilter(TranslationFilter.java:37)

       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)

       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)

       at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:240)

       at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:164)

       at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:462)

       at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:164)

       at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100)

       at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:563)

       at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)

       at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:399)

       at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:317)

       at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:204)

       at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:311)

       at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)

       at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)

       at java.lang.Thread.run(Unknown Source)

 

 

I'm having pretty much similar problems

 

Attempting to usie Active Directory.

  CMDBuild 2.1.6 (23/12/2013)

 

auth.methods=LdapAuthenticator,DBAuthenticator
ldap.server.address=ADserver
ldap.server.port=389
ldap.use.ssl=false
ldap.basedn=OU=Users,ou=domain,ou=com
ldap.bind.attribute=sAMAccountName
 
ldap.search.filter=(objectClass=*)
ldap.search.auth.method=simple
ldap.search.auth.principal=cn=cmdb_search,ou=Users,dc=domain,dc=com
ldap.search.auth.password=mysecret

 

 

Error log:

INFO ... [cmdbuild] trying to login user xxxx with group null

ERROR ... [cmdbuild] Login failed

DEBUG ... [jsonrpc] Uncaught exception calling method class org.cmdbuild.servlets.json.Login.login.org.cmdbuild.exception.AuthException: AUTH_LOGIN_WRONG

 

 

If I try the user with the local password then login works.

 

The 'with group null' seems a bit odd

Need some more debugging on the LDAP side.  Any obvious errors?  Any ideas?

Thank you Oli.  That was almost bang of to correct my config.  Only change for my configuration is the ldap.search.auth.principla value:
 
auth.methods=LdapAuthenticator,DBAuthenticator
 
ldap.server.address=myserver.acme.com
ldap.server.port=389
ldap.use.ssl=false
ldap.basedn=CN=Users,dc=acme,dc=com
ldap.bind.attribute=sAMAccountName
 
ldap.search.filter=(objectClass=*)
ldap.search.auth.method=simple
ldap.search.auth.principal=user@myserver.acme.com
ldap.search.auth.password=itsasecret
 
Previously Oli v wrote:
Hi Karl
Ldap works fine in our environment
here's our ldap settings for accessing an AD:
<code>
auth.methods=LdapAuthenticator,DBAuthenticator
ldap.server.address=myserver.acme.com
ldap.server.port=389
ldap.use.ssl=false
ldap.basedn=CN=Users,dc=acme,dc=com
ldap.bind.attribute=sAMAccountName
 
ldap.search.filter=(objectClass=*)
ldap.search.auth.method=simple
ldap.search.auth.principal=CN=John Doe,CN=Users,DC=acme,DC=com
ldap.search.auth.password=itsasecret
</code>
then, on the management side, add the user accounts as on your LDAP server, set a password (not used, because it's LDAP authentication)
put them on a group, and voila !
 
Regards,
Oli 
 
Previously Karl wrote:

Hi

Been trying to get LDAP working on our server for a while now and tried so many things that I think I have confused myself.

I would also like to know what is required for header authentication, as this is something I would like to try and set up. I need to know what information needs to be passed through to the application.

 

ANY Help gratefully received - We have followed the instructions in the Manual but with no luck.

 

We are using Tomcat 7.0.14 and PostgreSQL

Oracle Linux Server release 5.7

Installed CMDBuild 2.0.3

 

Here is the auth.conf file with my personal details removed and replaced with {}.

 

## Authentication method chain (the first match stops the auth chain)

#auth.methods=HeaderAuthenticator,CasAuthenticator,LdapAuthenticator,DBAuthenticator

auth.methods=LdapAuthenticator,DBAuthenticator

 

#serviceusers=portlet

#serviceusers.privileged=workflow

#force.ws.password.digest=true

 

##

## HEADER

##

 

#header.attribute.name=username

 

##

## CAS

##

 

#cas.server.url=https://casserver/cas

#cas.login.page=/login

#cas.service.param=service

#cas.ticket.param=ticket

 

##

## LDAP

##

 

ldap.server.address={LDAP SERVERNAME}.{DOMAIN NAME}.co.uk

ldap.server.port=389

ldap.use.ssl=false

ldap.basedn=ou=HQ Users,dc={DOMAIN NAME},dc=co,dc=uk

ldap.bind.attribute=uid

 

#ldap.search.filter=(&(objectClass=myclass1)(objectClass=myclass2))

##Accept only none (anonymous bind) and simple (simple bind)

#ldap.search.auth.method=none

##This section is only for simple bind

ldap.search.auth.method=simple

ldap.search.auth.principal=uid=SyssvnAdmin,ou=Service Accounts,ou=HQ Domain Admins,dc={DOMAIN NAME},dc=co,dc=uk

ldap.search.auth.password={OUR PASSWORD}

 

I am getting this error

 

org.cmdbuild.exception.AuthException: AUTH_LOGIN_WRONG

       at org.cmdbuild.exception.AuthException$AuthExceptionType.createException(AuthException.java:23)

       at org.cmdbuild.services.auth.AuthenticationFacade.login(AuthenticationFacade.java:36)

       at org.cmdbuild.servlets.json.Login.login(Login.java:31)

       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

       at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)

       at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)

       at java.lang.reflect.Method.invoke(Unknown Source)

       at org.cmdbuild.servlets.JSONDispatcher.dispatch(JSONDispatcher.java:94)

       at org.cmdbuild.servlets.JSONDispatcher.doPost(JSONDispatcher.java:55)

       at javax.servlet.http.HttpServlet.service(HttpServlet.java:641)

       at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)

       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:304)

       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)

       at org.cmdbuild.filters.AuthFilter.doFilter(AuthFilter.java:54)

       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)

       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)

       at org.cmdbuild.filters.PatchManagerFilter.doFilter(PatchManagerFilter.java:28)

       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)

       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)

       at org.cmdbuild.filters.ConfCheckFilter.doFilter(ConfCheckFilter.java:31)

       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)

       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)

       at org.cmdbuild.filters.TranslationFilter.doFilter(TranslationFilter.java:37)

       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)

       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)

       at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:240)

       at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:164)

       at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:462)

       at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:164)

       at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100)

       at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:563)

       at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)

       at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:399)

       at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:317)

       at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:204)

       at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:311)

       at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)

       at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)

       at java.lang.Thread.run(Unknown Source)

 

 

Hi oli,

thanks for your share about ldap config for cmdbuild. Now im facing with ldap problem. i have follow your config. and got no ldap error at tomcat. but how to know is ldap works or not? should it bypass the login form and directly goes to main page when open the site?
this is my auth.conf

preferredPasswordAlgorythm = cm3easy
auth.methods = LdapAuthenticator,DBAuthenticator
ldap.enabled = true
ldap.server.address = 10.x.x.xx
ldap.bind.attribute = cn
ldap.search.auth.password = Paxxxxx
ldap.search.auth.principal = cn=admin,dc=ir-group,dc=local
ldap.basedn = dc=ir-group,dc=local
ldap.search.auth.method = simple
force.ws.password.digest = false
ldap.search.filter =(&(objectClass=myclass1)(objectClass=myclass2))
header.attribute.name = username
ldap.use.ssl = false
ldap.server.port = 389
rsa.enabled = false
file.enabled = false
default.enabled = true

Im so happy if you can help. Thanks

Ayu

Hi Ayu,
It’s not an SSO setting. Users have to fill the login form to log into cmdbuild.
To test:
create a user into cmdbuild that exists in AD.
username=AD username
Set a random password.

Try to log with the user with it’s AD credential and the magical mus happen

Oli

Hi Oli,

Thanks for your response. So with ldap setting, user still have to fill the cmdbuild login form ? if i have created an AD username in cmdbuild with random password, then i can login in cmdbuild with with AD username and password?

also do you have sso setting for cmdbuild oli?