portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Eric Peukert (JIRA)" <jetspeed-...@portals.apache.org>
Subject [jira] Commented: (JS2-188) Implement the LDAP
Date Thu, 30 Jun 2005 09:22:01 GMT
    [ http://issues.apache.org/jira/browse/JS2-188?page=comments#action_12314745 ] 

Eric Peukert commented on JS2-188:
----------------------------------

I was successful in plugging the securitymodules together so that authentication is done in
LDAP and the authorization on the default  RDBMS.
Authentication works fine.

I tried to create a new user "TestUser" on LDAP using the Administrative Portlet.
Unfortunately, this action failed.
Jetspeed seems to build DN with worng syntax. First there is a missing space after "uid=TestUser".
Even if I try to resolve that missing space, it still prints out this Error.


ERROR: javax.naming.InvalidNameException: uid=TestUserdc=guessant,dc=org: [LDAP: error code
34 - invalid DN]; remaining name 'uid=TestUserdc=guessant,dc=org'
org.apache.jetspeed.security.SecurityException: javax.naming.InvalidNameException: uid=TestUserdc=guessant,dc=org:
[LDAP: error code 34 - invalid DN]; remaining name 'uid=TestUserdc=guessant,dc=org'
	at org.apache.jetspeed.security.spi.impl.ldap.LdapPrincipalDaoImpl.create(LdapPrincipalDaoImpl.java:114)
	at org.apache.jetspeed.security.spi.impl.LdapUserSecurityHandler.addUserPrincipal(LdapUserSecurityHandler.java:158)
	at org.apache.jetspeed.security.impl.AuthenticationProviderProxyImpl.addUserPrincipal(AuthenticationProviderProxyImpl.java:163)
	at org.apache.jetspeed.security.impl.AuthenticationProviderProxyImpl.addUserPrincipal(AuthenticationProviderProxyImpl.java:179)
	at org.apache.jetspeed.security.impl.UserManagerImpl.addUser(UserManagerImpl.java:234)
	at org.apache.jetspeed.security.impl.UserManagerImpl.addUser(UserManagerImpl.java:195)
	at org.apache.jetspeed.portlets.security.users.UserDetailsPortlet.addUser(UserDetailsPortlet.java:992)
	at org.apache.jetspeed.portlets.security.users.UserDetailsPortlet.processAction(UserDetailsPortlet.java:487)
	at org.apache.jetspeed.factory.JetspeedPortletInstance.processAction(JetspeedPortletInstance.java:90)
	at org.apache.jetspeed.container.JetspeedContainerServlet.doGet(JetspeedContainerServlet.java:215)
	at org.apache.jetspeed.container.JetspeedContainerServlet.doPost(JetspeedContainerServlet.java:289)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:709)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
	at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:672)
	at org.apache.catalina.core.ApplicationDispatcher.doInclude(ApplicationDispatcher.java:574)
	at org.apache.catalina.core.ApplicationDispatcher.include(ApplicationDispatcher.java:499)
	at org.apache.jetspeed.container.invoker.ServletPortletInvoker.invoke(ServletPortletInvoker.java:212)
	at org.apache.jetspeed.container.invoker.ServletPortletInvoker.action(ServletPortletInvoker.java:133)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
	at java.lang.reflect.Method.invoke(Unknown Source)
	at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:284)
	at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:163)
	at $Proxy8.action(Unknown Source)
	at org.apache.pluto.PortletContainerImpl.processPortletAction(PortletContainerImpl.java:150)
	at org.apache.jetspeed.container.JetspeedPortletContainerWrapper.processPortletAction(JetspeedPortletContainerWrapper.java:100)
	at org.apache.jetspeed.pipeline.valve.impl.ActionValveImpl.invoke(ActionValveImpl.java:75)
	at org.apache.jetspeed.pipeline.JetspeedPipeline.invokeNext(JetspeedPipeline.java:203)
	at org.apache.jetspeed.container.ContainerValve.invoke(ContainerValve.java:76)
	at org.apache.jetspeed.pipeline.JetspeedPipeline.invokeNext(JetspeedPipeline.java:203)
	at org.apache.jetspeed.profiler.impl.ProfilerValveImpl.invoke(ProfilerValveImpl.java:134)
	at org.apache.jetspeed.pipeline.JetspeedPipeline.invokeNext(JetspeedPipeline.java:203)
	at org.apache.jetspeed.security.impl.LoginValidationValveImpl.invoke(LoginValidationValveImpl.java:109)
	at org.apache.jetspeed.pipeline.JetspeedPipeline.invokeNext(JetspeedPipeline.java:203)
	at org.apache.jetspeed.security.impl.PasswordCredentialValveImpl.invoke(PasswordCredentialValveImpl.java:131)
	at org.apache.jetspeed.pipeline.JetspeedPipeline.invokeNext(JetspeedPipeline.java:203)
	at org.apache.jetspeed.security.impl.AbstractSecurityValve$1.run(AbstractSecurityValve.java:117)
	at java.security.AccessController.doPrivileged(Native Method)
	at javax.security.auth.Subject.doAsPrivileged(Unknown Source)
	at org.apache.jetspeed.security.impl.AbstractSecurityValve.invoke(AbstractSecurityValve.java:111)
	at org.apache.jetspeed.pipeline.JetspeedPipeline.invokeNext(JetspeedPipeline.java:203)
	at org.apache.jetspeed.container.url.impl.PortalURLValveImpl.invoke(PortalURLValveImpl.java:55)
	at org.apache.jetspeed.pipeline.JetspeedPipeline.invokeNext(JetspeedPipeline.java:203)
	at org.apache.jetspeed.capabilities.impl.CapabilityValveImpl.invoke(CapabilityValveImpl.java:127)
	at org.apache.jetspeed.pipeline.JetspeedPipeline.invokeNext(JetspeedPipeline.java:203)
	at org.apache.jetspeed.localization.impl.LocalizationValveImpl.invoke(LocalizationValveImpl.java:124)
	at org.apache.jetspeed.pipeline.JetspeedPipeline.invokeNext(JetspeedPipeline.java:203)
	at org.apache.jetspeed.pipeline.JetspeedPipeline.invoke(JetspeedPipeline.java:185)
	at org.apache.jetspeed.engine.AbstractEngine.service(AbstractEngine.java:264)
	at org.apache.jetspeed.engine.JetspeedServlet.doGet(JetspeedServlet.java:225)
	at org.apache.jetspeed.engine.JetspeedServlet.doPost(JetspeedServlet.java:252)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:709)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:407)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856)
	at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:744)
	at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
	at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
	at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
	at java.lang.Thread.run(Unknown Source)
Caused by: javax.naming.InvalidNameException: uid=TestUserdc=guessant,dc=org: [LDAP: error
code 34 - invalid DN]; remaining name 'uid=TestUserdc=guessant,dc=org'
	at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
	at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
	at com.sun.jndi.ldap.LdapCtx.c_createSubcontext(Unknown Source)
	at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_createSubcontext(Unknown Source)
	at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.createSubcontext(Unknown Source)
	at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.createSubcontext(Unknown Source)
	at javax.naming.directory.InitialDirContext.createSubcontext(Unknown Source)
	at org.apache.jetspeed.security.spi.impl.ldap.LdapPrincipalDaoImpl.create(LdapPrincipalDaoImpl.java:110)


What happens on LDAP:

LDAP seems to get a totally wrong DN, where the base DN "dc=guessant,dc=org" occurs twice.

do_add: invalid dn (uid=TestUserdc=guessant,dc=org,dc=guessant,dc=org)
send_ldap_result: conn=0 op=42 p=3
send_ldap_response: msgid=43 tag=105 err=34
ber_flush: 24 bytes to sd 1220
connection_get(1220): got connid=0
connection_read(1220): checking for input on id=0
ber_get_next
ber_get_next: tag 0x30 len 239 contents:
do_add
ber_get_next
ber_get_next on fd 1220 failed errno=10035 (WSAEWOULDBLOCK)
ber_scanf fmt ({m) ber:
>>> dnPrettyNormal: <uid=TestUserdc=guessant,dc=org,dc=guessant,dc=org>
=> ldap_bv2dn(uid=TestUserdc=guessant,dc=org,dc=guessant,dc=org,0)
ldap_err2string
<= ldap_bv2dn(uid=TestUserdc=guessant,dc=org,dc=guessant,dc=org)=-4 Decoding err
or
do_add: invalid dn (uid=TestUserdc=guessant,dc=org,dc=guessant,dc=org)
send_ldap_result: conn=0 op=43 p=3
send_ldap_response: msgid=44 tag=105 err=34
ber_flush: 24 bytes to sd 1220

Thanks for your interest.
eric


> Implement the LDAP
> ------------------
>
>          Key: JS2-188
>          URL: http://issues.apache.org/jira/browse/JS2-188
>      Project: Jetspeed 2
>         Type: Improvement
>   Components: Security
>     Reporter: J, Edgar Zavala
>  Attachments: assembly.zip, jetspeed-2-ldap-authentication.tar.gz
>
> Implement the LDAP integration using the SPI, provide the LDAP authenitcation option.
> TODO:
> 1.- Complete the current implementation and complete the David work in:
>    a) org.apache.jetspeed.security.spi.impl.LdapCredentialHandler
>    b) org.apache.jetspeed.security.spi.impl.LdapUserSecurityHandler

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira


---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org


Mime
View raw message