-
Bug
-
Resolution: Fixed
-
Blocker
-
1.0-rc2
-
None
After configuring the LDAP module to work with MS Active Directory I am getting following error:
09:12:12,443 INFO [STDOUT] SecurityFilter.java(authenticate:193) failed to authenticate amistric
javax.security.auth.login.LoginException: failed to authenticate amistric
at info.magnolia.jaas.sp.ldap.LDAPAuthenticationModule.login(LDAPAuthenticationModule.java:122)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
at info.magnolia.cms.security.Authenticator.authenticate(Authenticator.java:110)
at info.magnolia.cms.security.SecurityFilter.authenticate(SecurityFilter.java:149)
at info.magnolia.cms.security.SecurityFilter.isAllowed(SecurityFilter.java:123)
at info.magnolia.cms.security.SecurityFilter.doFilter(SecurityFilter.java:99)
at info.magnolia.cms.filters.MagnoliaManagedFilter$CustomFilterChain.doFilter(MagnoliaManagedFilter.java:92)
at info.magnolia.cms.filters.MultipartRequestFilter.doFilter(MultipartRequestFilter.java:80)
at info.magnolia.cms.filters.MagnoliaManagedFilter$CustomFilterChain.doFilter(MagnoliaManagedFilter.java:92)
at info.magnolia.cms.filters.MgnlVirtualUriFilter.doFilter(MgnlVirtualUriFilter.java:83)
at info.magnolia.cms.filters.MagnoliaManagedFilter$CustomFilterChain.doFilter(MagnoliaManagedFilter.java:92)
at info.magnolia.cms.filters.ContentTypeFilter.doFilter(ContentTypeFilter.java:66)
at info.magnolia.cms.filters.MagnoliaManagedFilter$CustomFilterChain.doFilter(MagnoliaManagedFilter.java:92)
at info.magnolia.enterprise.registration.RegistrationFilter.doFilter(RegistrationFilter.java:77)
at info.magnolia.cms.filters.MagnoliaManagedFilter$CustomFilterChain.doFilter(MagnoliaManagedFilter.java:92)
at info.magnolia.cms.filters.MagnoliaManagedFilter.doFilter(MagnoliaManagedFilter.java:65)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:175)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:74)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
at org.jboss.web.tomcat.tc5.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:156)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)
at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112)
at java.lang.Thread.run(Thread.java:619)
09:12:44,641 INFO [STDOUT] LDAPAuthenticationModule.java(queryLDAP:144) Need to specify class name in environment or system property, or as an applet parameter, or in an application resource fil
e: java.naming.factory.initial
javax.naming.NoInitialContextException: Need to specify class name in environment or system property, or as an applet parameter, or in an application resource file: java.naming.factory.initial
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:645)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
at javax.naming.InitialContext.getURLOrDefaultInitCtx(InitialContext.java:325)
at javax.naming.directory.InitialDirContext.getURLOrDefaultInitDirCtx(InitialDirContext.java:87)
at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:248)
at info.magnolia.jaas.sp.ldap.LDAPAuthenticationModule.queryLDAP(LDAPAuthenticationModule.java:139)
at info.magnolia.jaas.sp.ldap.LDAPAuthenticationModule.login(LDAPAuthenticationModule.java:111)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
at info.magnolia.cms.security.Authenticator.authenticate(Authenticator.java:110)
at info.magnolia.cms.security.SecurityFilter.authenticate(SecurityFilter.java:149)
at info.magnolia.cms.security.SecurityFilter.isAllowed(SecurityFilter.java:123)
at info.magnolia.cms.security.SecurityFilter.doFilter(SecurityFilter.java:99)
at info.magnolia.cms.filters.MagnoliaManagedFilter$CustomFilterChain.doFilter(MagnoliaManagedFilter.java:92)
at info.magnolia.cms.filters.MultipartRequestFilter.doFilter(MultipartRequestFilter.java:80)
at info.magnolia.cms.filters.MagnoliaManagedFilter$CustomFilterChain.doFilter(MagnoliaManagedFilter.java:92)
at info.magnolia.cms.filters.MgnlVirtualUriFilter.doFilter(MgnlVirtualUriFilter.java:83)
at info.magnolia.cms.filters.MagnoliaManagedFilter$CustomFilterChain.doFilter(MagnoliaManagedFilter.java:92)
at info.magnolia.cms.filters.ContentTypeFilter.doFilter(ContentTypeFilter.java:66)
at info.magnolia.cms.filters.MagnoliaManagedFilter$CustomFilterChain.doFilter(MagnoliaManagedFilter.java:92)
at info.magnolia.enterprise.registration.RegistrationFilter.doFilter(RegistrationFilter.java:77)
at info.magnolia.cms.filters.MagnoliaManagedFilter$CustomFilterChain.doFilter(MagnoliaManagedFilter.java:92)
at info.magnolia.cms.filters.MagnoliaManagedFilter.doFilter(MagnoliaManagedFilter.java:65)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:175)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:74)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
at org.jboss.web.tomcat.tc5.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:156)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)
at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112)
at java.lang.Thread.run(Thread.java:619)
Also here is my map file (some sections generalized for security):
########################################################################## # # This code is licensed under the Magnolia Visible Source License (MVSL). # Please make sure you understand the terms of the license, as you are # legally bound to it when you make use of this code. # # The MVSL is part of the Magnolia Visible Source Software distribution. # To obtain an additional copy of the license text, please contact # Magnolia International - see www.magnolia.info for current contact details # # Copyright 2005, 2006 Magnolia International Ltd. All rights reserved. # ########################################################################## ########################################################################## # JNDI properties # $Id: map 7623 2006-11-17 16:28:28Z scharles $ ########################################################################## #Initial factory class java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory # LDAP url java.naming.provider.url=ldap://ldapserver.mycompany.org:389/ # Security principle name, remove this line if server is not secured java.naming.security.principal=CN=ldap_user,OU=Service Accounts,OU=Exception Users,DC=mycompany,DC=org # Password, only if security principle is defined java.naming.security.credentials=password ########################################################################## # Name mapping between magnolia defined attributes and how attributes are named # in custom directory ########################################################################## initialSearchAttributes=OU=MYCOMPANY Users,DC=mycompany,DC=org Organization=o OrganizationUnit=ou CommonName=cn Surname=sn GivenName=givenname uid=sAMAccountName dn=dn mail=mail GroupId=memberOf Password=pass Language=language ########################################################################## # Password encryption handler class (implementing info.magnolia.sp.ldap.EncryptionHandler) ########################################################################## encryptionHandler=info.magnolia.sp.ldap.PlainTextEncryptionHandler ########################################################################## # Following is useful for groupId attribute used in LDAP Authorization # attribute format : ldapAttributeName_possibleSeparatorChar # ldapAttributeName_filter ########################################################################## # Possible multivalue separator char memberOf_possibleSeparatorChar=, # group name filter, this will be used while adding assigned group id's memberOf_filter=CN=
Acceptance criteria
