-
Improvement
-
Resolution: Fixed
-
Major
-
None
-
Magnolia Enterprise 3.5.8 running on Centos 5.1 32bit
I am setting up the AD connection as ssoSlave following CAS authorisation. I have some success using these settings:
initialSearchAttributes=cn=AdminAccounts,dc=rtsi,dc=ch
uid=userPrincipalName
in ad.properties. Using these and a account in the AdminAccounts subtree I can login.
I guess that users could also be in other subtrees if they are not Administrators therefor I would actually like to do something similar to this search:
[tboesch@server-03-11 config]$ ldapsearch -a never -H ldap://ip-of-ldap -x -W -D 'cnldap-read-cn' -b 'dc=rtsi,dc=ch' userPrincipalName=G*****CH@rtsi.ch
ie. use dc=rtsi,dc=ch as searchbase. This leads to this settings in ad.properties:
initialSearchAttributes=dc=rtsi,dc=ch
uid=userPrincipalName
When I change to these I however get the following: Unprocessed Continuation Reference(s) (full trace at the end)
Which could mean that the search is not following referrals, but this should not be the problem, since ldapsearch does not follow referrals either. I added these anyway:
java.naming.referral=follow
java.naming.ldap.referral.limit=10
to ad.properties, but without any luck. So they are either not picked up or something else goes wrong here.
I found this on the net: http://forums.sun.com/thread.jspa?messageID=1679534 (see attached picture)
Trace:
ERROR info.magnolia.cms.security.SecuritySupportBase SecuritySupportBase.java(logLoginException:85) 09.08.2008 13:44:18 Can't login due to:
javax.security.auth.login.LoginException: Unprocessed Continuation Reference(s)
at info.magnolia.jaas.sp.ldap.ADAuthenticationModule.validateUser(ADAuthenticationModule.java:74)
at info.magnolia.jaas.sp.AbstractLoginModule.login(AbstractLoginModule.java:194)
at sun.reflect.GeneratedMethodAccessor94.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
at info.magnolia.cms.security.SecuritySupportBase.authenticate(SecuritySupportBase.java:61)
at info.magnolia.cms.security.auth.login.CASLogin.handle(CASLogin.java:66)
at info.magnolia.cms.security.auth.login.LoginFilter.doFilter(LoginFilter.java:65)
at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:70)
at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:71)
at info.magnolia.enterprise.registration.RegistrationFilter.doFilter(RegistrationFilter.java:54)
at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:70)
at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:71)
at info.magnolia.cms.filters.ContentTypeFilter.doFilter(ContentTypeFilter.java:73)
at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:70)
at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:71)
at info.magnolia.cms.filters.ContextFilter.doFilter(ContextFilter.java:72)
at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:70)
at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:71)
at info.magnolia.cms.filters.CompositeFilter.doFilter(CompositeFilter.java:64)
at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:70)
at info.magnolia.cms.filters.MgnlMainFilter.doFilter(MgnlMainFilter.java:98)
at info.magnolia.cms.filters.MgnlMainFilter.doFilter(MgnlMainFilter.java:199)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:210)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:151)
at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:200)
at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:283)
at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:773)
at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:703)
at org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:895)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:685)
at java.lang.Thread.run(Thread.java:595)