[jboss-user] [JBoss Portal] - JBOSS Portal 2.6 and OpenLDAP (looking for an example ldap_i

egandt do-not-reply at jboss.com
Mon Jul 2 16:19:52 EDT 2007 

I am trying to move from portal 2.4 to portal 2.6, and I can not get OpenLDAP to authenticate the logins, while it connects to the LDAP Server, it seems to be unable to locate the user admin which exists as:
cn=admin,ou=People,dc=example,dc=com
Saddly all the examples for 2.6 are for LDAP's other than openLDAP, so I am winging it.  Also teh error messages are not helpful at this time.


Thanks,
ERIC

RELATED DATA:
I get the following message from JBOSS:
14:17:02,817 ERROR [IdentityLoginModule] Error when validating password
org.jboss.portal.common.transaction.NestedException: javax.security.auth.login.LoginException: org.jboss.portal.identity.IdentityException: User search failed.
        at org.jboss.portal.common.transaction.Transactions.apply(Transactions.java:253)


OpenLDAP shows:
connection_get(15): got connid=2
connection_read(15): checking for input on id=2
ber_get_next
ber_get_next: tag 0x30 len 48 contents:
ber_get_next
ber_get_next on fd 15 failed errno=11 (Resource temporarily unavailable)
do_bind
ber_scanf fmt ({imt) ber:
ber_scanf fmt (m}) ber:
>>> dnPrettyNormal: <cn=Manager,dc=example,dc=com>
<<< dnPrettyNormal: <cn=Manager,dc=example,dc=com>, <cn=manager,dc=fatwire,dc=com>
do_bind: version=3 dn="cn=Manager,dc=example,dc=com" method=128
do_bind: v3 bind: "cn=Manager,dc=example,dc=com" to "cn=Manager,dc=example,dc=com"
send_ldap_result: conn=2 op=0 p=3
send_ldap_response: msgid=1 tag=97 err=0
ber_flush: 14 bytes to sd 15
connection_get(15): got connid=2
connection_read(15): checking for input on id=2
ber_get_next
ber_get_next: tag 0x30 len 90 contents:
ber_get_next
ber_get_next on fd 15 failed errno=11 (Resource temporarily unavailable)
do_search
ber_scanf fmt ({miiiib) ber:
>>> dnPrettyNormal: <ou=People,dc=example.com>
<<< dnPrettyNormal: <ou=People,dc=example.com>, <ou=people,dc=fatwire.com>
ber_scanf fmt ({mm}) ber:
ber_scanf fmt ({M}}) ber:
=> get_ctrls
ber_scanf fmt ({m) ber:
=> get_ctrls: oid="2.16.840.1.113730.3.4.2" (noncritical)
<= get_ctrls: n=1 rc=0 err=""
send_ldap_result: conn=2 op=1 p=3
send_ldap_response: msgid=2 tag=101 err=32
ber_flush: 14 bytes to sd 15

My ldap_identity-config.xml coptions section looks like:
   
      <option-group>
         <group-name>common</group-name>
         
            userCtxDN
            ou=People,dc=fatwire.com
         
         
            uidAttributeID
            cn
         
         
            passwordAttributeID
            userPassword
         
         
            roleCtxDN
            ou=Groups,dc=fatwire,dc=com
         
         
            ridAttributeId
            cn
         
         
            roleDisplayNameAttributeID
            cn
         
         
            membershipAttributeID
            uniqueMember
         
         
            membershipAttributeIsDN
            true
         
      </option-group>
      <option-group>
         <group-name>userCreateAttibutes</group-name>
         
            objectClass
            <!--This objectclasses should work with Red Hat Directory-->
            top
            person
            organizationalPerson
         
         <!--Schema requires those to have initial value-->
         
            cn
            none
         
         
            sn
            none
         
      </option-group>

      <option-group>
         <group-name>roleCreateAttibutes</group-name>
         
            objectClass
            top
            groupOfUniqueNames
         
         <!--Schema requires those to have initial value-->
         
            cn
            none
         
         
            member
            cn=admin,ou=People,dc=example,dc=com
         
      </option-group>



Current OpenLDAP LDIF:
dn: ou=People,dc=example,dc=com
ou: People
objectclass: organizationalUnit
objectclass: top

dn: cn=admin,ou=People,dc=example,dc=com
userPassword: {SSHA}XXXXXXX
objectclass: top
objectclass: organizationalPerson
objectclass: person
cn: admin
sn: admin

dn: cn=ldapuser,ou=People, dc=example,dc=com
userPassword: {SSHA}XXXXXX
description: JBoss Portal ldapuser User for test LDAP integration password=username
objectClass: top
objectClass: organizationalPerson
objectClass: person
sn: ldapuser
cn: ldapuser

dn: ou=Groups,dc=example,dc=com
ou: Groups
objectclass: organizationalUnit
objectclass: top

dn: cn=User,ou=Groups,dc=example,dc=com
description: the JBoss Portal user group
objectClass: top
objectClass: groupOfUniqueNames
cn: User
uniqueMember: cn=ldapuser,ou=People,dc=example,dc=com

dn: cn=Admin,ou=Groups,dc=example,dc=com
description: the JBoss Portal admin group
objectClass: top
objectClass: groupOfUniqueNames
cn: Admin
uniqueMember: cn=admin,ou=People,dc=example,dc=com



View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4059725#4059725

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4059725

More information about the jboss-user mailing list