You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@lenya.apache.org by Ben Kinney <bk...@paloshillsweb.org> on 2014/04/03 23:55:24 UTC
Active Directory Authentication Integration - Connection Resets
Hello all,
I have searched high and low on Google, and I am unable to find any
direction as how to proceed to my problem. As always, any help is
greatly appreciated.
I am running Lenya 2.0.4 within Tomcat 6.0.37 and Oracle JDK 1.7.0 51 on
an Ubuntu Linux x64 - 12.04.4 LTS kernel 3.2.0-59-generic.
I am trying to setup user LDAP authentication against Active Directory.
Active Directory runs in a Windows 2008 Server in an internal network,
and Lenya runs in a DMZ.
LDAP is enabled within the access-control.xml file, and I have the
ldap.properties file populated with the connection settings. Each time I
attempt to add a LDAP user, I receive a message stating the connection
has been reset.
Connection reset stack trace:
2014-04-03 16:24:18,560 [TP-Processor6] ERROR lenya.admin -
org.apache.lenya.ac.AccessControlException: Exception during search:
org.apache.lenya.cms.usecase.UsecaseException:
org.apache.lenya.ac.AccessControlException: Exception during search: at
org.apache.lenya.cms.ac.usecases.AddUser.validate(AddUser.java:79) at
org.apache.lenya.cms.ac.usecases.AddUser.doCheckExecutionConditions(AddUser.java:96)
at
org.apache.lenya.cms.usecase.AbstractUsecase.checkExecutionConditions(AbstractUsecase.java:235)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606) at
org.apache.avalon.excalibur.component.ComponentProxyGenerator$ComponentInvocationHandler.invoke(ComponentProxyGenerator.java:143)
at com.sun.proxy.$Proxy53.checkExecutionConditions(Unknown Source) at
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606) at
org.mozilla.javascript.MemberBox.invoke(MemberBox.java:145) at
org.mozilla.javascript.NativeJavaMethod.call(NativeJavaMethod.java:204)
at
org.mozilla.javascript.Interpreter.interpretLoop(Interpreter.java:3085)
at org.mozilla.javascript.Interpreter.interpret(Interpreter.java:2251)
at
org.mozilla.javascript.InterpretedFunction.call(InterpretedFunction.java:161)
at
org.mozilla.javascript.ContextFactory.doTopCall(ContextFactory.java:340)
at
org.mozilla.javascript.ScriptRuntime.doTopCall(ScriptRuntime.java:2758)
at
org.mozilla.javascript.InterpretedFunction.call(InterpretedFunction.java:159)
at org.mozilla.javascript.Context.call(Context.java:489) at
org.mozilla.javascript.ScriptableObject.callMethod(ScriptableObject.java:1556)
at
org.mozilla.javascript.ScriptableObject.callMethod(ScriptableObject.java:1526)
at
org.apache.cocoon.components.flow.javascript.fom.FOM_JavaScriptInterpreter.handleContinuation(FOM_JavaScriptInterpreter.java:842)
at
org.apache.cocoon.components.treeprocessor.sitemap.CallFunctionNode.invoke(CallFunctionNode.java:124)
at
org.apache.cocoon.components.treeprocessor.AbstractParentProcessingNode.invokeNodes(AbstractParentProcessingNode.java:47)
at
org.apache.cocoon.components.treeprocessor.sitemap.MatchNode.invoke(MatchNode.java:108)
at
org.apache.cocoon.components.treeprocessor.AbstractParentProcessingNode.invokeNodes(AbstractParentProcessingNode.java:69)
at
org.apache.cocoon.components.treeprocessor.sitemap.PipelineNode.invoke(PipelineNode.java:143)
at
org.apache.cocoon.components.treeprocessor.AbstractParentProcessingNode.invokeNodes(AbstractParentProcessingNode.java:69)
at
org.apache.cocoon.components.treeprocessor.sitemap.PipelinesNode.invoke(PipelinesNode.java:93)
at
org.apache.cocoon.components.treeprocessor.ConcreteTreeProcessor.process(ConcreteTreeProcessor.java:235)
at
org.apache.cocoon.components.treeprocessor.ConcreteTreeProcessor.process(ConcreteTreeProcessor.java:177)
at
org.apache.cocoon.components.treeprocessor.TreeProcessor.process(TreeProcessor.java:254)
at
org.apache.cocoon.components.treeprocessor.sitemap.MountNode.invoke(MountNode.java:118)
at
org.apache.cocoon.components.treeprocessor.AbstractParentProcessingNode.invokeNodes(AbstractParentProcessingNode.java:47)
at
org.apache.cocoon.components.treeprocessor.sitemap.MatchNode.invoke(MatchNode.java:108)
at
org.apache.cocoon.components.treeprocessor.AbstractParentProcessingNode.invokeNodes(AbstractParentProcessingNode.java:69)
at
org.apache.cocoon.components.treeprocessor.sitemap.PipelineNode.invoke(PipelineNode.java:143)
at
org.apache.cocoon.components.treeprocessor.AbstractParentProcessingNode.invokeNodes(AbstractParentProcessingNode.java:69)
at
org.apache.cocoon.components.treeprocessor.sitemap.PipelinesNode.invoke(PipelinesNode.java:93)
at
org.apache.cocoon.components.treeprocessor.ConcreteTreeProcessor.process(ConcreteTreeProcessor.java:235)
at
org.apache.cocoon.components.treeprocessor.ConcreteTreeProcessor.process(ConcreteTreeProcessor.java:177)
at
org.apache.cocoon.components.treeprocessor.TreeProcessor.process(TreeProcessor.java:254)
at
org.apache.cocoon.components.treeprocessor.sitemap.MountNode.invoke(MountNode.java:118)
at
org.apache.cocoon.components.treeprocessor.AbstractParentProcessingNode.invokeNodes(AbstractParentProcessingNode.java:47)
at
org.apache.cocoon.components.treeprocessor.sitemap.MatchNode.invoke(MatchNode.java:108)
at
org.apache.cocoon.components.treeprocessor.AbstractParentProcessingNode.invokeNodes(AbstractParentProcessingNode.java:69)
at
org.apache.cocoon.components.treeprocessor.sitemap.PipelineNode.invoke(PipelineNode.java:143)
at
org.apache.cocoon.components.treeprocessor.AbstractParentProcessingNode.invokeNodes(AbstractParentProcessingNode.java:69)
at
org.apache.cocoon.components.treeprocessor.sitemap.PipelinesNode.invoke(PipelinesNode.java:93)
at
org.apache.cocoon.components.treeprocessor.ConcreteTreeProcessor.process(ConcreteTreeProcessor.java:235)
at
org.apache.cocoon.components.treeprocessor.ConcreteTreeProcessor.process(ConcreteTreeProcessor.java:177)
at
org.apache.cocoon.components.treeprocessor.TreeProcessor.process(TreeProcessor.java:254)
at
org.apache.cocoon.components.treeprocessor.sitemap.MountNode.invoke(MountNode.java:118)
at
org.apache.cocoon.components.treeprocessor.AbstractParentProcessingNode.invokeNodes(AbstractParentProcessingNode.java:47)
at
org.apache.cocoon.components.treeprocessor.sitemap.ActTypeNode.invoke(ActTypeNode.java:139)
at
org.apache.cocoon.components.treeprocessor.AbstractParentProcessingNode.invokeNodes(AbstractParentProcessingNode.java:47)
at
org.apache.cocoon.components.treeprocessor.sitemap.MatchNode.invoke(MatchNode.java:108)
at
org.apache.cocoon.components.treeprocessor.AbstractParentProcessingNode.invokeNodes(AbstractParentProcessingNode.java:69)
at
org.apache.cocoon.components.treeprocessor.sitemap.PipelineNode.invoke(PipelineNode.java:143)
at
org.apache.cocoon.components.treeprocessor.AbstractParentProcessingNode.invokeNodes(AbstractParentProcessingNode.java:69)
at
org.apache.cocoon.components.treeprocessor.sitemap.PipelinesNode.invoke(PipelinesNode.java:93)
at
org.apache.cocoon.components.treeprocessor.ConcreteTreeProcessor.process(ConcreteTreeProcessor.java:235)
at
org.apache.cocoon.components.treeprocessor.ConcreteTreeProcessor.process(ConcreteTreeProcessor.java:177)
at
org.apache.cocoon.components.treeprocessor.TreeProcessor.process(TreeProcessor.java:254)
at org.apache.cocoon.Cocoon.process(Cocoon.java:699) at
org.apache.cocoon.servlet.CocoonServlet.service(CocoonServlet.java:1154)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:723) at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at
org.apache.catalina.ha.session.JvmRouteBinderValve.invoke(JvmRouteBinderValve.java:227)
at
org.apache.catalina.ha.tcp.ReplicationValve.invoke(ReplicationValve.java:347)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:190)
at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:311)
at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:776) at
org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:705)
at
org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:898)
at
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:690)
at java.lang.Thread.run(Thread.java:744)
Caused by: org.apache.lenya.ac.AccessControlException: Exception during
search: at
org.apache.lenya.ac.ldap.LDAPUser.existsUser(LDAPUser.java:156) at
org.apache.lenya.cms.ac.usecases.AddUser.validate(AddUser.java:75) ...
86 more
Caused by: javax.naming.CommunicationException: simple bind failed:
10.100.100.133:389 [Root exception is java.net.SocketException:
Connection reset] at
com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:218) at
com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2740) at
com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:316) at
com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:193) at
com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:211)
at
com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:154)
at
com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:84)
at
javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
at
javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:307)
at javax.naming.InitialContext.init(InitialContext.java:242) at
javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:153)
at org.apache.lenya.ac.ldap.LDAPUser.bind(LDAPUser.java:364) at
org.apache.lenya.ac.ldap.LDAPUser.getDirectoryEntry(LDAPUser.java:434)
at org.apache.lenya.ac.ldap.LDAPUser.existsUser(LDAPUser.java:146) ...
87 more
Caused by: java.net.SocketException: Connection reset at
java.net.SocketInputStream.read(SocketInputStream.java:196) at
java.net.SocketInputStream.read(SocketInputStream.java:122) at
sun.security.ssl.InputRecord.readFully(InputRecord.java:442) at
sun.security.ssl.InputRecord.read(InputRecord.java:480) at
sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:927) at
sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:702) at
sun.security.ssl.AppOutputStream.write(AppOutputStream.java:122) at
java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140) at
com.sun.jndi.ldap.Connection.writeRequest(Connection.java:431) at
com.sun.jndi.ldap.Connection.writeRequest(Connection.java:404) at
com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:358) at
com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:213) ... 100 more
When I run Wireshark on the server running Active Directory, I can see
the initial handshake. After the SYN exchange, when Lenya sends anACK
packet, and then a PSH ACK packet immediately right after, Active
Directory immediately responds with a RST, which is the cause of the
exception. No LDAP connection properties are ever exchanged as the
initial handshake can never be completed.
I have another web application running on the same machine in the same
Tomcat instancethat performs LDAP lookups against the same Active
Directoryusingthe javax.naming library that is a part of the SDK. It
does not have a problem connecting at all. Henceforth, there are no
issues regarding the network, or the firewall that seperates the DMZ
from the internal network.
At this point, it is my feeling that Active Directory may be the culprit
here. I know this may not be the fault of Lenya. I am just looking if
anyone else has dealt with a similar problem, and the steps they took to
resolve the issue.
Thanks again,
Ben
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@lenya.apache.org
For additional commands, e-mail: user-help@lenya.apache.org