Webdav + LDAP
Hello,
I'm trying to setup webdav authentication with LDAP on a Nuxeo 5.4.2 instance. I follow these two threads because I get a “Digest authentication failed. Stored HA1 is empty” error :
Here are my configuration files :
default-ldap-users-directory-bundle.xml :
<?xml version="1.0"?>
<component name="org.nuxeo.ecm.directory.ldap.storage.users">
<implementation />
<implementation />
<require>org.nuxeo.ecm.directory.ldap.LDAPDirectoryFactory</require>
<require>org.nuxeo.ecm.directory.sql.storage</require>
<extension target="org.nuxeo.ecm.directory.ldap.LDAPDirectoryFactory"
point="servers">
<server name="default">
<ldapUrl>ldap://ldap.mydomain.fr:389</ldapUrl>
<!-- Credentials used by Nuxeo5 to browse the directory, create
and modify entries.
Only the authentication of users (bind) use the credentials entered
through the login form if any.-->
<!--
<bindDn>@ldap.bindDn@</bindDn>
<bindPassword>@ldap.bindPassword@</bindPassword>
-->
</server>
</extension>
<extension target="org.nuxeo.ecm.directory.ldap.LDAPDirectoryFactory" point="directories">
<directory name="userLdapDirectory">
<server>default</server>
<schema>user</schema>
<idField>username</idField>
<!-- <passwordField>password</passwordField> -->
<searchBaseDn>ou=people,dc=univ-valenciennes,dc=fr</searchBaseDn>
<searchClass>person</searchClass>
<!-- To additionally restricte entries you can add an
arbitrary search filter such as the following:
<searchFilter>(|(eduPersonAffiliation=employee)(eduPersonAffiliation=faculty))</searchFilter>
Beware that "&" writes "&" in XML.
-->
<!-- use subtree if the people branch is nested -->
<searchScope>onelevel</searchScope>
<readOnly>true</readOnly>
<!-- comment <cache* /> tags to disable the cache -->
<!-- cache timeout in seconds -->
<cacheTimeout>3600</cacheTimeout>
<!-- maximum number of cached entries before global invalidation -->
<cacheMaxSize>1000</cacheMaxSize>
<creationBaseDn>ou=people,dc=univ-valenciennes,dc=fr</creationBaseDn>
<creationClass>top</creationClass>
<creationClass>person</creationClass>
<creationClass>organizationalPerson</creationClass>
<creationClass>inetOrgPerson</creationClass>
<rdnAttribute>uid</rdnAttribute>
<fieldMapping name="username">uid</fieldMapping>
<!-- pour l'authentification via le ldap pour webdav -->
<fieldMapping name="password">userPassword</fieldMapping>
<fieldMapping name="firstName">givenName</fieldMapping>
<fieldMapping name="lastName">sn</fieldMapping>
<fieldMapping name="company">supannOrganisme</fieldMapping>
<fieldMapping name="email">mail</fieldMapping>
<references>
<inverseReference field="groups" directory="groupLdapDirectory" dualReferenceField="members" />
</references>
</directory>
</extension>
</component>
and login-digest-config.xml
<?xml version="1.0"?>
<component name="org.nuxeo.ecm.platform.digestauth.config">
<require>org.nuxeo.ecm.platform.login.digest</require>
<extension target="org.nuxeo.ecm.directory.sql.SQLDirectoryFactory"
point="directories">
<directory name="digestauth">
<schema>digestauth</schema>
<table>digestauth</table>
<autoincrementIdField>false</autoincrementIdField>
<dataSource>java:/nxsqldirectory</dataSource>
<idField>username</idField>
<passwordField>password</passwordField>
<createTablePolicy>on_missing_columns</createTablePolicy>
</directory>
</extension>
<!-- <extension target="org.nuxeo.ecm.platform.usermanager.UserService" point="userManager">
<userManager>
<digestAuthDirectory>digestauth</digestAuthDirectory>
<digestAuthRealm>NUXEO</digestAuthRealm>
</userManager>
</extension> -->
<extension
target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService"
point="authenticators">
<authenticationPlugin name="DIGEST_AUTH"
enabled="true" class="org.nuxeo.ecm.ui.web.auth.digest.DigestAuthenticator">
<stateful>false</stateful>
<loginModulePlugin>DigestLoginPlugin</loginModulePlugin>
<parameters>
<parameter name="RealmName">UVHC</parameter>
</parameters>
</authenticationPlugin>
</extension>
<extension target="org.nuxeo.ecm.platform.usermanager.UserService" point="userManager">
<userManager>
<digestAuthDirectory>userLdapDirectory</digestAuthDirectory>
<digestAuthRealm>UVHC</digestAuthRealm>
</userManager>
</extension>
<extension target="org.nuxeo.ecm.platform.login.LoginPluginRegistry"
point="plugin">
<LoginPlugin name="DigestLoginPlugin"
class="org.nuxeo.ecm.ui.web.auth.digest.DigestLoginPlugin">
<enabled>true</enabled>
<parameters name="passwordField">password</parameters>
</LoginPlugin>
</extension>
</component>
And here is the log with an error I don't really understand :
2013-02-19 11:24:24,581 DEBUG [org.nuxeo.ecm.directory.ldap.LDAPSession] LDAPSession.getLdapEntry(fblin, false): LDAP search base='ou=people,dc=univ-valenciennes,dc=fr' filter='(&(uid={0})(&(objectClass=person)(uid=*)))' args='fblin' scope='1' [LDAPSession '-1010039942807551476' for directory userLdapDirectory]
2013-02-19 11:24:24,585 DEBUG [org.nuxeo.ecm.directory.ldap.LDAPSession] LDAPSession.getLdapEntry(fblin, false): LDAP search base='ou=people,dc=univ-valenciennes,dc=fr' filter='(&(uid={0})(&(objectClass=person)(uid=*)))' args='fblin' scope='1' => found: uid=fblin,ou=people,dc=univ-valenciennes,dc=fr [LDAPSession '-1010039942807551476' for directory userLdapDirectory]
2013-02-19 11:24:24,585 DEBUG [org.nuxeo.ecm.directory.ldap.LDAPSession] LDAPSession.getLdapEntry(fblin, true): LDAP search base='ou=people,dc=univ-valenciennes,dc=fr' filter='(&(uid={0})(&(objectClass=person)(uid=*)))' args='fblin' scope='1' [LDAPSession '-1010039925627682291' for directory userLdapDirectory]
2013-02-19 11:24:24,588 DEBUG [org.nuxeo.ecm.directory.ldap.LDAPSession] LDAPSession.getLdapEntry(fblin, true): LDAP search base='ou=people,dc=univ-valenciennes,dc=fr' filter='(&(uid={0})(&(objectClass=person)(uid=*)))' args='fblin' scope='1' => found: uid=fblin,ou=people,dc=univ-valenciennes,dc=fr [LDAPSession '-1010039925627682291' for directory userLdapDirectory]
2013-02-19 11:24:24,588 DEBUG [org.nuxeo.ecm.directory.ldap.LDAPReference] LDAPReference.getSourceIdsForTarget(fblin): LDAP search search base='ou=groups,dc=univ-valenciennes,dc=fr' filter='(&(member={0})(&(&(|(objectClass=groupOfNames)(objectClass=groupOfURLs)))(cn=*)))' args='uid=fblin,ou=people,dc=univ-valenciennes,dc=fr' scope='2' [LDAPReference to resolve field='members' of sourceDirectory='groupLdapDirectory' with targetDirectory='userLdapDirectory' and staticAttributeId='member', dynamicAttributeId='memberURL']
2013-02-19 11:24:24,689 DEBUG [org.nuxeo.ecm.directory.ldap.LDAPReference] LDAPReference.getSourceIdsForTarget(fblin): LDAP search search base='ou=groups,dc=univ-valenciennes,dc=fr' filter='memberURL=*' scope='2' [LDAPReference to resolve field='members' of sourceDirectory='groupLdapDirectory' with targetDirectory='userLdapDirectory' and staticAttributeId='member', dynamicAttributeId='memberURL']
2013-02-19 11:24:24,692 ERROR [org.nuxeo.ecm.ui.web.auth.digest.DigestLoginPlugin] Digest authentication failed
java.lang.NullPointerException
at org.nuxeo.common.utils.Path.collapseSlashes(Path.java:281)
at org.nuxeo.common.utils.Path.initialize(Path.java:457)
at org.nuxeo.common.utils.Path.<init>(Path.java:77)
at org.nuxeo.ecm.core.api.model.impl.AbstractProperty.resolvePath(AbstractProperty.java:394)
at org.nuxeo.ecm.core.api.model.impl.AbstractProperty.getValue(AbstractProperty.java:356)
at org.nuxeo.ecm.core.api.impl.DataModelImpl.getData(DataModelImpl.java:91)
at org.nuxeo.ecm.core.api.impl.DocumentModelImpl.getProperty(DocumentModelImpl.java:719)
at org.nuxeo.ecm.ui.web.auth.digest.DigestLoginPlugin.getStoredHA1(DigestLoginPlugin.java:131)
at org.nuxeo.ecm.ui.web.auth.digest.DigestLoginPlugin.validatedUserIdentity(DigestLoginPlugin.java:63)
at org.nuxeo.ecm.platform.login.NuxeoLoginModule.validateUserIdentity(NuxeoLoginModule.java:355)
at org.nuxeo.ecm.platform.login.NuxeoLoginModule.getPrincipal(NuxeoLoginModule.java:209)
at org.nuxeo.ecm.platform.login.NuxeoLoginModule.login(NuxeoLoginModule.java:262)
at org.nuxeo.runtime.api.LoginModuleWrapper.login(LoginModuleWrapper.java:77)
at sun.reflect.GeneratedMethodAccessor91.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
at org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter.doAuthenticate(NuxeoAuthenticationFilter.java:225)
at org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter.doFilterInternal(NuxeoAuthenticationFilter.java:464)
at org.nuxeo.ecm.platform.ui.web.auth.service.NuxeoAuthFilterChain.doFilter(NuxeoAuthFilterChain.java:35)
at org.nuxeo.ecm.platform.ui.web.auth.oauth.NuxeoOAuthFilter.doFilter(NuxeoOAuthFilter.java:114)
at org.nuxeo.ecm.platform.ui.web.auth.service.NuxeoAuthFilterChain.doFilter(NuxeoAuthFilterChain.java:33)
at org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter.doFilter(NuxeoAuthenticationFilter.java:338)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.nuxeo.ecm.platform.web.common.exceptionhandling.NuxeoExceptionFilter.doFilter(NuxeoExceptionFilter.java:80)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.nuxeo.ecm.platform.web.common.encoding.NuxeoEncodingFilter.doFilter(NuxeoEncodingFilter.java:59)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:190)
at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:291)
at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:769)
at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:698)
at org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:891)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:690)
at java.lang.Thread.run(Thread.java:619)
Thank you for your help
Fabrice
0 votes
0 answers
2482 views