LDAP Nuxeo 5.9.4

Hello, how are you? Should we define these fields?

   <bindDn> </ binddn>
   <bindPassword> </ bindPassword>

I can not connect to the LDAP version number 5.9.4

Do you have a default-ldap-users-directory-config.xml file?

Thank you very much. Andrés.

0 votes

4 answers

901 views

ANSWER



I am not too familiar with LDAP + Nuxeo, but typically the structure of LDAP authentication bind is

cn=administrator,dc=prueba,dc=edu,dc=ar

but you would have to check the documentation for it to see how Nuxeo needs the info sent to it.

It could be also

cn=administrator,dc=prueba.edu.ar

as you said, but that does not match the standard for LDAP.

0 votes



This is the log

2014-07-21 10:51:49,025 ERROR [http-bio-172.20.4.95-8080-exec-4] [org.nuxeo.ecm.platform.login.NuxeoLoginModule] Authentication failed: Cannot connect to LDAP directory 'userDirectory': [LDAP: error code 49 - Invalid Credentials] org.nuxeo.ecm.directory.DirectoryException: Cannot connect to LDAP directory 'userDirectory': [LDAP: error code 49 - Invalid Credentials]

    at org.nuxeo.ecm.directory.ldap.LDAPDirectory.createContext(LDAPDirectory.java:316)
    at org.nuxeo.ecm.directory.ldap.LDAPDirectory.getSession(LDAPDirectory.java:360)
    at org.nuxeo.ecm.directory.ldap.LDAPDirectoryProxy.getSession(LDAPDirectoryProxy.java:79)
    at org.nuxeo.ecm.directory.DirectoryServiceImpl.open(DirectoryServiceImpl.java:272)
    at org.nuxeo.ecm.platform.usermanager.UserManagerImpl.checkUsernamePassword(UserManagerImpl.java:394)
    at org.nuxeo.ecm.platform.login.NuxeoLoginModule.validateUserIdentity(NuxeoLoginModule.java:321)
    at org.nuxeo.ecm.platform.login.NuxeoLoginModule.getPrincipal(NuxeoLoginModule.java:210)
    at org.nuxeo.ecm.platform.login.NuxeoLoginModule.login(NuxeoLoginModule.java:261)
    at org.nuxeo.runtime.api.LoginModuleWrapper.login(LoginModuleWrapper.java:77)
    at sun.reflect.GeneratedMethodAccessor60.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:606)
    at javax.security.auth.login.LoginContext.invoke(LoginContext.java:762)
    at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203)
    at javax.security.auth.login.LoginContext$4.run(LoginContext.java:690)
    at javax.security.auth.login.LoginContext$4.run(LoginContext.java:688)
    at java.security.AccessController.doPrivileged(Native Method)
    at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:687)
    at javax.security.auth.login.LoginContext.login(LoginContext.java:595)
    at org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter.doAuthenticate(NuxeoAuthenticationFilter.java:290)
    at org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter.doFilterInternal(NuxeoAuthenticationFilter.java:550)
    at org.nuxeo.ecm.platform.ui.web.auth.service.NuxeoAuthFilterChain.doFilter(NuxeoAuthFilterChain.java:35)
    at org.nuxeo.ecm.platform.ui.web.auth.oauth2.NuxeoOAuth2Filter.doFilter(NuxeoOAuth2Filter.java:68)
    at org.nuxeo.ecm.platform.ui.web.auth.service.NuxeoAuthFilterChain.doFilter(NuxeoAuthFilterChain.java:33)
    at org.nuxeo.ecm.platform.ui.web.auth.oauth.NuxeoOAuthFilter.doFilter(NuxeoOAuthFilter.java:119)
    at org.nuxeo.ecm.platform.ui.web.auth.service.NuxeoAuthFilterChain.doFilter(NuxeoAuthFilterChain.java:33)
    at org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter.doFilter(NuxeoAuthenticationFilter.java:410)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
    at org.nuxeo.ecm.platform.web.common.requestcontroller.filter.NuxeoCorsFilter.doFilter(NuxeoCorsFilter.java:51)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
    at org.nuxeo.ecm.platform.web.common.exceptionhandling.NuxeoExceptionFilter.doFilter(NuxeoExceptionFilter.java:79)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
    at org.nuxeo.ecm.platform.web.common.encoding.NuxeoEncodingFilter.doFilter(NuxeoEncodingFilter.java:69)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1023)
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
    at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
    at java.lang.Thread.run(Thread.java:744)

Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]

    at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3087)
    at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3033)
    at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2835)
    at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2749)
    at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:316)
    at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:193)
    at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:211)
    at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:154)
    at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:84)
    at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
    at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:307)
    at javax.naming.InitialContext.init(InitialContext.java:242)
    at javax.naming.InitialContext.<init>(InitialContext.java:216)
    at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:101)
    at org.nuxeo.ecm.directory.ldap.LDAPDirectory.createContext(LDAPDirectory.java:314)
    ... 50 more

2014-07-21 10:51:49,027 INFO [http-bio-172.20.4.95-8080-exec-4] [org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter] Login failed for atarrio

0 votes



Thanks! im trying.

The LDAP server structure:

dc=prueba.edu.ar –cn=administrator –ou=Users —uid=pepe

I have no more information than this. As should fill the XML?

Thanks

0 votes



Hello,

This may help:

http://explorer.nuxeo.org/nuxeo/site/distribution/current/viewExtensionPoint/org.nuxeo.ecm.directory.ldap.LDAPDirectoryFactory–servers

Yes you may (should?) need credentials to bind.

if you use Linux you can try to debug binding using LDAPUtils before contributing the extension point.

0 votes