-
Bug
-
Resolution: Fixed
-
Blocker
-
1.0-rc2
-
None
After configuring the LDAP module to work with MS Active Directory I am getting following error:
09:12:12,443 INFO [STDOUT] SecurityFilter.java(authenticate:193) failed to authenticate amistric javax.security.auth.login.LoginException: failed to authenticate amistric at info.magnolia.jaas.sp.ldap.LDAPAuthenticationModule.login(LDAPAuthenticationModule.java:122) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769) at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186) at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) at javax.security.auth.login.LoginContext.login(LoginContext.java:579) at info.magnolia.cms.security.Authenticator.authenticate(Authenticator.java:110) at info.magnolia.cms.security.SecurityFilter.authenticate(SecurityFilter.java:149) at info.magnolia.cms.security.SecurityFilter.isAllowed(SecurityFilter.java:123) at info.magnolia.cms.security.SecurityFilter.doFilter(SecurityFilter.java:99) at info.magnolia.cms.filters.MagnoliaManagedFilter$CustomFilterChain.doFilter(MagnoliaManagedFilter.java:92) at info.magnolia.cms.filters.MultipartRequestFilter.doFilter(MultipartRequestFilter.java:80) at info.magnolia.cms.filters.MagnoliaManagedFilter$CustomFilterChain.doFilter(MagnoliaManagedFilter.java:92) at info.magnolia.cms.filters.MgnlVirtualUriFilter.doFilter(MgnlVirtualUriFilter.java:83) at info.magnolia.cms.filters.MagnoliaManagedFilter$CustomFilterChain.doFilter(MagnoliaManagedFilter.java:92) at info.magnolia.cms.filters.ContentTypeFilter.doFilter(ContentTypeFilter.java:66) at info.magnolia.cms.filters.MagnoliaManagedFilter$CustomFilterChain.doFilter(MagnoliaManagedFilter.java:92) at info.magnolia.enterprise.registration.RegistrationFilter.doFilter(RegistrationFilter.java:77) at info.magnolia.cms.filters.MagnoliaManagedFilter$CustomFilterChain.doFilter(MagnoliaManagedFilter.java:92) at info.magnolia.cms.filters.MagnoliaManagedFilter.doFilter(MagnoliaManagedFilter.java:65) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178) at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:175) at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:74) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105) at org.jboss.web.tomcat.tc5.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:156) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869) at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664) at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527) at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112) at java.lang.Thread.run(Thread.java:619) 09:12:44,641 INFO [STDOUT] LDAPAuthenticationModule.java(queryLDAP:144) Need to specify class name in environment or system property, or as an applet parameter, or in an application resource fil e: java.naming.factory.initial javax.naming.NoInitialContextException: Need to specify class name in environment or system property, or as an applet parameter, or in an application resource file: java.naming.factory.initial at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:645) at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288) at javax.naming.InitialContext.getURLOrDefaultInitCtx(InitialContext.java:325) at javax.naming.directory.InitialDirContext.getURLOrDefaultInitDirCtx(InitialDirContext.java:87) at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:248) at info.magnolia.jaas.sp.ldap.LDAPAuthenticationModule.queryLDAP(LDAPAuthenticationModule.java:139) at info.magnolia.jaas.sp.ldap.LDAPAuthenticationModule.login(LDAPAuthenticationModule.java:111) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769) at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186) at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) at javax.security.auth.login.LoginContext.login(LoginContext.java:579) at info.magnolia.cms.security.Authenticator.authenticate(Authenticator.java:110) at info.magnolia.cms.security.SecurityFilter.authenticate(SecurityFilter.java:149) at info.magnolia.cms.security.SecurityFilter.isAllowed(SecurityFilter.java:123) at info.magnolia.cms.security.SecurityFilter.doFilter(SecurityFilter.java:99) at info.magnolia.cms.filters.MagnoliaManagedFilter$CustomFilterChain.doFilter(MagnoliaManagedFilter.java:92) at info.magnolia.cms.filters.MultipartRequestFilter.doFilter(MultipartRequestFilter.java:80) at info.magnolia.cms.filters.MagnoliaManagedFilter$CustomFilterChain.doFilter(MagnoliaManagedFilter.java:92) at info.magnolia.cms.filters.MgnlVirtualUriFilter.doFilter(MgnlVirtualUriFilter.java:83) at info.magnolia.cms.filters.MagnoliaManagedFilter$CustomFilterChain.doFilter(MagnoliaManagedFilter.java:92) at info.magnolia.cms.filters.ContentTypeFilter.doFilter(ContentTypeFilter.java:66) at info.magnolia.cms.filters.MagnoliaManagedFilter$CustomFilterChain.doFilter(MagnoliaManagedFilter.java:92) at info.magnolia.enterprise.registration.RegistrationFilter.doFilter(RegistrationFilter.java:77) at info.magnolia.cms.filters.MagnoliaManagedFilter$CustomFilterChain.doFilter(MagnoliaManagedFilter.java:92) at info.magnolia.cms.filters.MagnoliaManagedFilter.doFilter(MagnoliaManagedFilter.java:65) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178) at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:175) at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:74) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105) at org.jboss.web.tomcat.tc5.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:156) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869) at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664) at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527) at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112) at java.lang.Thread.run(Thread.java:619)
Also here is my map file (some sections generalized for security):
########################################################################## # # This code is licensed under the Magnolia Visible Source License (MVSL). # Please make sure you understand the terms of the license, as you are # legally bound to it when you make use of this code. # # The MVSL is part of the Magnolia Visible Source Software distribution. # To obtain an additional copy of the license text, please contact # Magnolia International - see www.magnolia.info for current contact details # # Copyright 2005, 2006 Magnolia International Ltd. All rights reserved. # ########################################################################## ########################################################################## # JNDI properties # $Id: map 7623 2006-11-17 16:28:28Z scharles $ ########################################################################## #Initial factory class java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory # LDAP url java.naming.provider.url=ldap://ldapserver.mycompany.org:389/ # Security principle name, remove this line if server is not secured java.naming.security.principal=CN=ldap_user,OU=Service Accounts,OU=Exception Users,DC=mycompany,DC=org # Password, only if security principle is defined java.naming.security.credentials=password ########################################################################## # Name mapping between magnolia defined attributes and how attributes are named # in custom directory ########################################################################## initialSearchAttributes=OU=MYCOMPANY Users,DC=mycompany,DC=org Organization=o OrganizationUnit=ou CommonName=cn Surname=sn GivenName=givenname uid=sAMAccountName dn=dn mail=mail GroupId=memberOf Password=pass Language=language ########################################################################## # Password encryption handler class (implementing info.magnolia.sp.ldap.EncryptionHandler) ########################################################################## encryptionHandler=info.magnolia.sp.ldap.PlainTextEncryptionHandler ########################################################################## # Following is useful for groupId attribute used in LDAP Authorization # attribute format : ldapAttributeName_possibleSeparatorChar # ldapAttributeName_filter ########################################################################## # Possible multivalue separator char memberOf_possibleSeparatorChar=, # group name filter, this will be used while adding assigned group id's memberOf_filter=CN=
Acceptance criteria