AnsweredAssumed Answered

Not able to login using OpenLDAP Credentials

Question asked by naveenalfresco on Apr 20, 2009
Latest reply on Apr 22, 2009 by naveenalfresco
Can someone help me to config the OpenLDAP + Alfresco.  I have been trying since 7 days but not able to config properly.  Please someone help me.

When i try to login in using alfresco users then its correctly getting logged in and when try to login using LDAP users then its throwing the below error


javax.faces.FacesException: Error calling action method of component with id loginForm:submit
caused by:
javax.faces.el.EvaluationException: Exception while invoking expression #{LoginBean.login}
caused by:
java.lang.SecurityException: Unable to locate a login configuration
caused by:
java.io.IOException: Unable to locate a login configuration

Hide Details

javax.faces.FacesException: Error calling action method of component with id loginForm:submit
at org.apache.myfaces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:72)
at javax.faces.component.UICommand.broadcast(UICommand.java:109)
at javax.faces.component.UIViewRoot._broadcastForPhase(UIViewRoot.java:97)
at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:171)
at org.apache.myfaces.lifecycle.InvokeApplicationExecutor.execute(InvokeApplicationExecutor.java:32)
at org.apache.myfaces.lifecycle.LifecycleImpl.executePhase(LifecycleImpl.java:95)
at org.apache.myfaces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:70)
at javax.faces.webapp.FacesServlet.service(FacesServlet.java:139)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.alfresco.web.app.servlet.AuthenticationFilter.doFilter(AuthenticationFilter.java:94)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Thread.java:619)
Caused by: javax.faces.el.EvaluationException: Exception while invoking expression #{LoginBean.login}
at org.apache.myfaces.el.MethodBindingImpl.invoke(MethodBindingImpl.java:156)
at org.apache.myfaces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:61)
… 22 more
Caused by: java.lang.SecurityException: Unable to locate a login configuration
at com.sun.security.auth.login.ConfigFile.<init>(ConfigFile.java:93)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at java.lang.Class.newInstance0(Class.java:355)
at java.lang.Class.newInstance(Class.java:308)
at javax.security.auth.login.Configuration$3.run(Configuration.java:246)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.Configuration.getConfiguration(Configuration.java:241)
at javax.security.auth.login.LoginContext$1.run(LoginContext.java:237)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.init(LoginContext.java:234)
at javax.security.auth.login.LoginContext.<init>(LoginContext.java:403)
at org.alfresco.repo.security.authentication.jaas.JAASAuthenticationComponent.authenticateImpl(JAASAuthenticationComponent.java:135)
at org.alfresco.repo.security.authentication.AbstractAuthenticationComponent.authenticate(AbstractAuthenticationComponent.java:130)
at org.alfresco.repo.security.authentication.AuthenticationServiceImpl.authenticate(AuthenticationServiceImpl.java:118)
at org.alfresco.repo.security.authentication.ChainingAuthenticationServiceImpl.authenticate(ChainingAuthenticationServiceImpl.java:166)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:296)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:177)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:144)
at net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:80)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:166)
at org.alfresco.repo.security.permissions.impl.ExceptionTranslatorMethodInterceptor.invoke(ExceptionTranslatorMethodInterceptor.java:49)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:166)
at org.alfresco.repo.audit.AuditComponentImpl.audit(AuditComponentImpl.java:275)
at org.alfresco.repo.audit.AuditMethodInterceptor.invoke(AuditMethodInterceptor.java:69)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:166)
at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:107)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:166)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at $Proxy24.authenticate(Unknown Source)
at org.alfresco.web.bean.LoginBean.login(LoginBean.java:274)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.myfaces.el.MethodBindingImpl.invoke(MethodBindingImpl.java:132)
… 23 more
Caused by: java.io.IOException: Unable to locate a login configuration
at com.sun.security.auth.login.ConfigFile.init(ConfigFile.java:250)
at com.sun.security.auth.login.ConfigFile.<init>(ConfigFile.java:91)
… 64 more
Return to application
Logout

I am providing the config details i have used to setup the OpenLDAP + Alfresco

C:\Alfresco\tomcat\webapps\alfresco\WEB-INF\classes\alfresco\file-servers.xml

<alfresco-config area="file-servers">

   <config evaluator="string-compare" condition="CIFS Server">
     <serverEnable enabled="true"/>
      <host name="${cifs.localname}A" domain="${cifs.domain}"/>
      <comment>Alfresco CIFS Server</comment>

      <!– Set to the broadcast mask for the subnet –>
      <broadcast>${cifs.broadcast}</broadcast>

      <!– Use Java socket based NetBIOS over TCP/IP and native SMB on linux –>
      <tcpipSMB platforms="linux,solaris,macosx"/>
      <netBIOSSMB platforms="linux,solaris,macosx"/>

      <!– Can be mapped to non-privileged ports, then use firewall rules to forward
          requests from the standard ports –>
     <!–      
      <tcpipSMB port="1445" platforms="linux,solaris,macosx"/>
      <netBIOSSMB sessionPort="1139" namePort="1137" datagramPort="1138" platforms="linux,solaris,macosx"/>
     –>
      
      <hostAnnounce interval="5"/>

      <!– Use Win32 NetBIOS interface on Windows –>
      <Win32NetBIOS/>
      <Win32Announce interval="5"/>

      <!– CIFS authentication –>
      <!–  <authenticator type="enterprise"></authenticator>    –>

      <authenticator type="alfresco">
        <Server>ADSRV1,ALFRESCO\ADSRV1</Server>
      </authenticator>
     
<!–
      <WINS>
         <primary>1.2.3.4</primary>
         <secondary>5.6.7.8</secondary>
      </WINS>

      <sessionDebug flags="Negotiate,Socket"/>
–>    
   <sessionDebug flags="Negotiate,Notify"/>

   </config>

   <config evaluator="string-compare" condition="FTP Server">
     <serverEnable enabled="true"/>
    
     <!– Run on a non-privileged port –>
     <!–
     <port>1121</port>
     –>

      <!– FTP authentication –>
      <authenticator type="alfresco"/>
          
<!–      <debug flags="File,Search,Error,Directory,Info,DataPort"/> –>
   </config>
  
   <config evaluator="string-compare" condition="NFS Server">
     <serverEnable enabled="false"/>
   </config>
   
   <config evaluator="string-compare" condition="Filesystems">
     <filesystems>
       
       <!– Alfresco repository access shared filesystem –>
         <filesystem name="Alfresco">
            <store>workspace://SpacesStore</store>
            <rootPath>/app:company_home</rootPath>

         <!– Add a URL file to each folder that links back to the web client –>
         <urlFile>
               <filename>__AlfrescoClient.url</filename>
               <webpath>http://${localname}:8080/alfresco/</webpath>
            </urlFile>

         <!– Mark locked files as offline –>
          <offlineFiles/>

         <!– Desktop actions –>
         <!– Uses a client-side application to trigger a server-side action                         –>
         <!–   Echo - displays a message echoed from the server                                     –>
         <!–   URL  - launches a URL via the Windows shell                                          –>
         <!–   CmdLine - launches the Notepad application                                           –>
         <!–   CheckInOut - checks files in/out, drag and drop files onto the application           –>
         <!–   JavaScript - run a server-side script                                                –>
         <!–   JavaScriptURL - server-side script that generates a URL to the folder using a ticket –>
         <!–                   to avoid having to logon                                             –>

<!–
         <desktopActions>
            <global>
                    <path>alfresco/desktop/Alfresco.exe</path>
               <webpath>http://${localname}:8080/alfresco/</webpath>
            </global>
            <action>
               <class>org.alfresco.filesys.repo.desk.EchoDesktopAction</class>
               <name>Echo</name>
                 <filename>__AlfrescoEcho.exe</filename>
            </action>
            <action>
               <class>org.alfresco.filesys.repo.desk.URLDesktopAction</class>
               <name>URL</name>
                 <filename>__AlfrescoURL.exe</filename>
            </action>
            <action>
               <class>org.alfresco.filesys.repo.desk.CmdLineDesktopAction</class>
               <name>CmdLine</name>
                 <filename>__AlfrescoCmd.exe</filename>
            </action>
            <action>
               <class>org.alfresco.filesys.repo.desk.CheckInOutDesktopAction</class>
               <name>CheckInOut</name>
                 <filename>__AlfrescoCheckInOut.exe</filename>
            </action>
            <action>
               <class>org.alfresco.filesys.repo.desk.JavaScriptDesktopAction</class>
               <name>JavaScript</name>
               <filename>__AlfrescoScript.exe</filename>
               <script>alfresco/desktop/dumpRequest.js</script>
               <attributes>anyFiles, multiplePaths , allowNoParams</attributes>
               <preprocess>confirm, copyToTarget</preprocess>
            </action>
            <action>
               <class>org.alfresco.filesys.repo.desk.JavaScriptDesktopAction</class>
               <name>JavaScriptURL</name>
               <filename>__AlfrescoDetails.exe</filename>
               <script>alfresco/desktop/showDetails.js</script>
               <attributes>anyFiles</attributes>
               <preprocess>copyToTarget</preprocess>
            </action>

         </desktopActions>
–>         
                   
<!–
            <accessControl default="Write">
               <user name="admin" access="Write"/>
               <address subnet="90.1.0.0" mask="255.255.0.0" access="Write"/>
            </accessControl>
–>
         </filesystem>
        
         <!– AVM virtualization view of all stores/versions for WCM –>
         <!– virtual view can be any of the following: normal, site, staging, author, preview –>
         <avmfilesystem name="AVM">
            <virtualView stores="site,staging,author" />
         </avmfilesystem>
        
      </filesystems>
   </config>

   <config evaluator="string-compare" condition="Filesystem Security">
      <!– Domain mappings used for passthri authentication routing –>
      <!–
      <DomainMappings>
         <Domain name="ALFRESCO" subnet="192.168.1.0" mask="192.168.1.255"/>
      </DomainMappings>
      –>
     
      <!– Custom share mapper when multi-tenancy is enabled –>
      <!–
     <shareMapper type="multi-tenant">
       <debug/>
     </shareMapper>
      –>
<!–
      <globalAccessControl default="None">
         <user name="admin" access="Write"/>
         <address ip="90.1.0.90" access="Write"/>
      </globalAccessControl>
–>
   </config>

</alfresco-config>

C:\Alfresco\tomcat\shared\classes\alfresco\extension\ldap-authentication.properties

ldap.authentication.userNameFormat=uid=%s,dc=someco,dc=com
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://172.22.3.134:389
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.java.naming.security.principal=cn=Manager,dc=someco,dc=com
ldap.authentication.java.naming.security.credentials=insoft
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false

C:\Alfresco\tomcat\shared\classes\alfresco\extension\ldap-authentication-context.xml

<?xml version='1.0' encoding='UTF-8'?>
    <!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>
    <beans>
        <!– The main configuration has moved into a properties file –>
        <bean name="ldapAuthenticationPlaceholderConfigurer" class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
            <property name="ignoreUnresolvablePlaceholders">
                <value>true</value>
            </property>
            <property name="locations">
                <value>classpath:alfresco/extension/ldap-authentication.properties</value>
            </property>
        </bean>

        <!– DAO that rejects changes - LDAP is read only at the moment. It does allow users to be deleted with out warnings from the UI. 

        <bean name="authenticationDaoLDAP" class="org.alfresco.repo.security.authentication.DefaultMutableAuthenticationDao" >
            <property name="allowDeleteUser">
                <value>false</value>
            </property>
        </bean>  
                   –>

        <!– LDAP authentication configuration –>
        <!–
        You can also use JAAS authentication for Kerberos against Active Directory or NTLM if you also require single sign on from the
        web browser. You do not have to use LDAP authentication to synchronise groups and users from an LDAP store if it supports other
        authentication routes, like Active Directory.
        –>

        <bean id="authenticationComponentLDAP" class="org.alfresco.repo.security.authentication.ldap.LDAPAuthenticationComponentImpl" parent="authenticationComponentBase">
            <property name="LDAPInitialDirContextFactory">
                <ref bean="ldapInitialDirContextFactory"/>
            </property>
            <property name="userNameFormat">
                <value>${ldap.authentication.userNameFormat}</value>
            </property>
            <property name="nodeService">
                <ref bean="nodeService" />
            </property>
            <property name="personService">
                <ref bean="personService" />
            </property>
            <property name="transactionService">
                <ref bean="transactionService" />
            </property>  
            <property name="escapeCommasInBind">
                <value>${ldap.authentication.escapeCommasInBind}</value>
            </property>
            <property name="escapeCommasInUid">
                <value>${ldap.authentication.escapeCommasInUid}</value>
            </property>
        </bean>

        <!–
        This bean is used to support general LDAP authentication. It is also used to provide read only access to users and groups
        to pull them out of the LDAP reopsitory
        –>

        <bean id="ldapInitialDirContextFactory" class="org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl">
            <property name="initialDirContextEnvironment">
                <map>
                    <!– The LDAP provider –>
                    <entry key="java.naming.factory.initial">
                        <value>${ldap.authentication.java.naming.factory.initial}</value>
                    </entry>
                 
                    <!– The url to the LDAP server –>
                    <!– Note you can use space separated urls - they will be tried in turn until one works –>
                    <!– This could be used to authenticate against one or more ldap servers (you will not know which one ….) –>
                    <entry key="java.naming.provider.url">
                        <value>${ldap.authentication.java.naming.provider.url}</value>
                    </entry>

                    <!– The authentication mechanism to use      –>
                    <!– Some sasl authentication mechanisms may require a realm to be set –>
                    <!–                java.naming.security.sasl.realm –>
                    <!– The available options will depend on your LDAP provider –>
                    <entry key="java.naming.security.authentication">
                        <value>${ldap.authentication.java.naming.security.authentication}</value>
                    </entry>

                    <!– The id of a user who can read group and user information –>
                    <!– This does not go through the pattern substitution defined above and is used "as is" –>
                    <entry key="java.naming.security.principal">
                        <value>${ldap.authentication.java.naming.security.principal}</value>
                    </entry>

                    <!– The password for the user defined above –>
                    <entry key="java.naming.security.credentials">
                        <value>${ldap.authentication.java.naming.security.credentials}</value>
                    </entry>
                </map>
            </property>
        </bean>
    </beans>
Please someone help me, its will be helpfull.

Thanks

Outcomes