I just purchased the LDAP plugin today and I cant get connected. I was experimenting with settings and now no account can connect. I tried to remove the plugin from the plugins folder and then i can log in with my admin user but as soon as i reload the plugin its locks me out. Where do the settings for the plugins get stored? Also I have copied the errors I am getting in my logs below.
Aug 5, 2011 2:24:42 PM org.joget.plugin.directory.DirectoryManagerLDAPImpl debug
INFO: Authentication fail!
INFO 05 Aug 2011 14:24:42 org.joget.workflow.security.WorkflowHttpAuthProcessingFilter - Authentication for user jcervantes: false
Aug 5, 2011 2:24:42 PM org.joget.plugin.directory.DirectoryManagerLDAPImpl debug
INFO: URL: ldap://dsmds1.senecaco.com:389
Admin Username: administrator@senecacco.com
Root DN: DC=senecaco,DC=com
User Base DN:
Group Base DN:
Department Base DN:
Role Admin Base DN:
User Attr Mapping: username=sAMAccountName, firstName=givenName, lastName=sn, email=userPrincipalName, active=, timeZone=
Group Attr Mapping: id=cn, name=cn, description=description, users=member, mappedToUserAttr=distinguishedName
Department Attr Mapping: id=cn, name=cn, description=description, hod=, users=member, mappedToUserAttr=distinguishedName
Role Admin Attr Mapping: users=member, mappedToUserAttr=distinguishedName
Aug 5, 2011 2:24:42 PM org.joget.plugin.directory.DirectoryManagerLDAPImpl debug
INFO: authenticate(username:jcervantes)
Aug 5, 2011 2:24:42 PM org.joget.plugin.directory.DirectoryManagerLDAPImpl debug
INFO: filter: (&(objectClass=person)(sAMAccountName=*)(sAMAccountName=jcervantes))
Aug 5, 2011 2:24:42 PM org.joget.plugin.directory.DirectoryManagerLDAPImpl debug
INFO: User:jcervantes not found in LDAP server.
Aug 5, 2011 2:24:42 PM org.joget.plugin.directory.DirectoryManagerLDAPImpl authenticate
SEVERE: User:jcervantes not Found!
org.springframework.ldap.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 525, v1772]; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 525, v1772]
at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:180)
at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:266)
at org.springframework.ldap.core.support.AbstractContextSource.getContext(AbstractContextSource.java:106)
at org.springframework.ldap.core.support.AbstractContextSource.getReadOnlyContext(AbstractContextSource.java:125)
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:287)
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:237)
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:624)
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:535)
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:462)
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:483)
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:503)
at org.springframework.ldap.core.LdapTemplate.authenticate(LdapTemplate.java:1424)
at org.springframework.ldap.core.LdapTemplate.authenticate(LdapTemplate.java:1386)
at org.joget.plugin.directory.DirectoryManagerLDAPImpl.authenticate(DirectoryManagerLDAPImpl.java:83)
at org.joget.directory.model.service.DirectoryManagerProxyImpl.authenticate(DirectoryManagerProxyImpl.java:62)
at org.joget.workflow.security.WorkflowAuthenticationProvider.authenticate(WorkflowAuthenticationProvider.java:56)
at org.springframework.security.providers.ProviderManager.doAuthentication(ProviderManager.java:195)
at org.springframework.security.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:46)
at org.springframework.security.ui.webapp.AuthenticationProcessingFilter.attemptAuthentication(AuthenticationProcessingFilter.java:82)
at org.joget.workflow.security.WorkflowHttpAuthProcessingFilter.attemptAuthentication(WorkflowHttpAuthProcessingFilter.java:27)
at org.springframework.security.ui.AbstractProcessingFilter.doFilterHttp(AbstractProcessingFilter.java:252)
at org.joget.workflow.security.WorkflowHttpAuthProcessingFilter.doFilterHttp(WorkflowHttpAuthProcessingFilter.java:39)
at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:371)
at org.springframework.security.ui.logout.LogoutFilter.doFilterHttp(LogoutFilter.java:89)
at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:371)
at org.springframework.security.context.HttpSessionContextIntegrationFilter.doFilterHttp(HttpSessionContextIntegrationFilter.java:235)
at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:371)
at org.springframework.security.util.FilterChainProxy.doFilter(FilterChainProxy.java:174)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:236)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:96)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Thread.java:679)
Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 525, v1772]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3032)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2978)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2780)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2694)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:306)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:193)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:211)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:154)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:84)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:305)
at javax.naming.InitialContext.init(InitialContext.java:240)
at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:151)
at org.springframework.ldap.core.support.LdapContextSource.getDirContextInstance(LdapContextSource.java:43)
at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:254)
... 47 more
Aug 5, 2011 2:24:42 PM org.joget.plugin.directory.DirectoryManagerLDAPImpl debug
INFO: Authentication fail!
Aug 5, 2011 2:24:42 PM org.joget.plugin.directory.DirectoryManagerLDAPImpl debug
INFO: Authentication fail!
INFO 05 Aug 2011 14:24:42 org.joget.workflow.security.WorkflowHttpAuthProcessingFilter - Authentication for user jcervantes: false
Aug 5, 2011 2:24:42 PM org.joget.plugin.directory.DirectoryManagerLDAPImpl debug
INFO: URL: ldap://dsmds1.senecaco.com:389
Admin Username: administrator@senecacco.com
Root DN: DC=senecaco,DC=com
User Base DN:
Group Base DN:
Department Base DN:
Role Admin Base DN:
User Attr Mapping: username=sAMAccountName, firstName=givenName, lastName=sn, email=userPrincipalName, active=, timeZone
Group Attr Mapping: id=cn, name=cn, description=description, users=member, mappedToUserAttr=distinguishedName
Department Attr Mapping: id=cn, name=cn, description=description, hod=, users=member, mappedToUserAttr=distinguishedName
Role Admin Attr Mapping: users=member, mappedToUserAttr=distinguishedName
Aug 5, 2011 2:24:42 PM org.joget.plugin.directory.DirectoryManagerLDAPImpl debug
INFO: authenticate(username:jcervantes)
Aug 5, 2011 2:24:42 PM org.joget.plugin.directory.DirectoryManagerLDAPImpl debug
INFO: filter: (&(objectClass=person)(sAMAccountName=*)(sAMAccountName=jcervantes))
Aug 5, 2011 2:24:42 PM org.joget.plugin.directory.DirectoryManagerLDAPImpl debug
INFO: User:jcervantes not found in LDAP server.
Aug 5, 2011 2:24:42 PM org.joget.plugin.directory.DirectoryManagerLDAPImpl authenticate
SEVERE: User:jcervantes not Found!
org.springframework.ldap.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 525, v1772]; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 525, v1772]
at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:180)
at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:266)
at org.springframework.ldap.core.support.AbstractContextSource.getContext(AbstractContextSource.java:106)
at org.springframework.ldap.core.support.AbstractContextSource.getReadOnlyContext(AbstractContextSource.java:125)
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:287)
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:237)
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:624)
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:535)
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:462)
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:483)
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:503)
at org.springframework.ldap.core.LdapTemplate.authenticate(LdapTemplate.java:1424)
at org.springframework.ldap.core.LdapTemplate.authenticate(LdapTemplate.java:1386)
at org.joget.plugin.directory.DirectoryManagerLDAPImpl.authenticate(DirectoryManagerLDAPImpl.java:83)
at org.joget.directory.model.service.DirectoryManagerProxyImpl.authenticate(DirectoryManagerProxyImpl.java:62)
at org.joget.workflow.security.WorkflowAuthenticationProvider.authenticate(WorkflowAuthenticationProvider.java:56)
at org.springframework.security.providers.ProviderManager.doAuthentication(ProviderManager.java:195)
at org.springframework.security.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:46)
at org.springframework.security.ui.webapp.AuthenticationProcessingFilter.attemptAuthentication(AuthenticationProcessingFilter.java:82)
at org.joget.workflow.security.WorkflowHttpAuthProcessingFilter.attemptAuthentication(WorkflowHttpAuthProcessingFilter.java:27)
at org.springframework.security.ui.AbstractProcessingFilter.doFilterHttp(AbstractProcessingFilter.java:252)
at org.joget.workflow.security.WorkflowHttpAuthProcessingFilter.doFilterHttp(WorkflowHttpAuthProcessingFilter.java:39)
at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:371)
at org.springframework.security.ui.logout.LogoutFilter.doFilterHttp(LogoutFilter.java:89)
at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:371)
at org.springframework.security.context.HttpSessionContextIntegrationFilter.doFilterHttp(HttpSessionContextIntegrationFilter.java:235)
at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:371)
at org.springframework.security.util.FilterChainProxy.doFilter(FilterChainProxy.java:174)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:236)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:96)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Thread.java:679)
Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 525, v1772]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3032)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2978)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2780)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2694)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:306)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:193)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:211)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:154)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:84)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:305)
at javax.naming.InitialContext.init(InitialContext.java:240)
at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:151)
at org.springframework.ldap.core.support.LdapContextSource.getDirContextInstance(LdapContextSource.java:43)
at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:254)
... 47 more
Aug 5, 2011 2:24:42 PM org.joget.plugin.directory.DirectoryManagerLDAPImpl debug
INFO: Authentication fail!
Thanks
1 Comment
Tiensoon
Hi Joe Cervantes, thanks for your support purchasing the LDAP Plugin.
The LDAP Plugin settings are kept in wf_setup table. To avoid being "locked up" from configuration set that doesn't work, you may open 2 browsers -- first one to configure the LDAP DirectoryManager settings, and second one to test the login. If login failed, then you can remove the plugin, or change configurations in the first browser.
According to the log you have shared with us, the configurations looks fine. However, according to "User Attr Mapping", this configuration set is expecting the "sAMAccountName" LDAP user attribute to be used as login username. In your experiment, is "jcervantes" the sAMAccountName kept in LDAP server? Or is it "senecaco\jcervantes"? It could also be jcervantes@senecaco.com, depending on your LDAP structure.
If you require further assistance, please feel free to send your LDIF sample to us via email. We will be more than happy to make sure your LDAP Plugin works in your environment.
Thanks