You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-dev@portals.apache.org by "Aysegul Aydin Isiktekin (JIRA)" <je...@portals.apache.org> on 2009/06/08 13:34:08 UTC
[jira] Created: (JS2-1030) LDAP configuration property
ldap.user.searchBase (when not empty) makes login impossible
LDAP configuration property ldap.user.searchBase (when not empty) makes login impossible
----------------------------------------------------------------------------------------
Key: JS2-1030
URL: https://issues.apache.org/jira/browse/JS2-1030
Project: Jetspeed 2
Issue Type: Bug
Components: LDAP
Affects Versions: 2.2.0
Environment: Windows XP, JRE 1.6.0.11, Tomcat 6.0.18, Apache DS 1.0.2 (also tested with ApacheDS 1.5.4)
Reporter: Aysegul Aydin Isiktekin
LDAP configuration property ldap.user.searchBase makes login impossible. When left empty, login is possible. But, when specified as:
ldap.user.searchBase=ou=Peoples
Exception occurs:
----------------------------
WARNING: Login exception authenticating username "admin"
javax.security.auth.login.LoginException: javax.naming.NameNotFoundException: [LDAP: error code 32 - failed on search operation: ou=Peoples:
SearchRequest
baseDn : 'ou=Peoples'
filter : '(& (2.5.4.3=admin) (2.5.4.0=person) ) '
scope : whole subtree
typesOnly : false
no limit
Time Limit : no limit
Deref Aliases : deref Always
attributes : 'javaCodeBase', 'javaReferenceAddress', 'javaClassName', 'javaSerializedData', 'javaRemoteLocation', 'javaFactory', 'javaClassNames', 'objectClass'
:
org.apache.directory.shared.ldap.exception.LdapNameNotFoundException: ou=Peoples
at org.apache.directory.server.core.partition.DefaultPartitionNexus.getBackend(DefaultPartitionNexus.java:987)
at org.apache.directory.server.core.partition.DefaultPartitionNexus.hasEntry(DefaultPartitionNexus.java:920)
at org.apache.directory.server.core.interceptor.InterceptorChain$1.hasEntry(InterceptorChain.java:157)
---- more
----------------------------
>From the exception and the logs of ApacheDS LDAP server, I can deduce the baseDn='ou=Peoples' cannot be found. It makes sense since the entry's dn is 'ou=Peoples,o=lbs' not 'ou=Peoples'. When specified as:
ldap.user.searchBase=ou=Peoples,o=lbs
Another Exception occurs:
-------------------------
WARNING: Login exception authenticating username "admin"
javax.security.auth.login.LoginException: [LDAP: error code 32 - failed on search operation: Attempt to search under non-existant entry: 2.5.4.11=peoples,2.5.4.10=lbs,2.5.4.10=lbs:
SearchRequest
baseDn : 'ou=Peoples,o=lbs,o=lbs'
filter : '(& (2.5.4.0=inetorgperson) (& (2.5.4.0=inetorgperson) (0.9.2342.19200300.100.1.1=admin) ) ) '
scope : whole subtree
typesOnly : false
no limit
Time Limit : no limit
Deref Aliases : deref Always
attributes :
:
org.apache.directory.shared.ldap.exception.LdapNameNotFoundException: Attempt to search under non-existant entry: 2.5.4.11=peoples,2.5.4.10=lbs,2.5.4.10=lbs
at org.apache.directory.server.core.exception.ExceptionService.assertHasEntry(ExceptionService.java:416)
at org.apache.directory.server.core.exception.ExceptionService.search(ExceptionService.java:392)
---more
-------------------------
When debugging code, I figured out getSearchDomain() method of org.apache.jetspeed.security.impl.LdapAuthenticationProvider class is not working properly. So when specifying the search base without ldap.base suffixed, search (lookupByUid(String userName) method) fails since ldap.base (o=lbs) is not added to search domain. But when specifying the search base with ldap.base added, this time getUser(String userName) method fails, since it adds ldap.base once more resulting in invalid search string 'ou=Peoples,o=lbs,o=lbs'.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
[jira] Resolved: (JS2-1030) LDAP configuration property
ldap.user.searchBase (when not empty) makes login impossible
Posted by "Ate Douma (JIRA)" <je...@portals.apache.org>.
[ https://issues.apache.org/jira/browse/JS2-1030?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ate Douma resolved JS2-1030.
----------------------------
Resolution: Fixed
Considering this one fixed now, working fine with the new configuration AFAIK.
> LDAP configuration property ldap.user.searchBase (when not empty) makes login impossible
> ----------------------------------------------------------------------------------------
>
> Key: JS2-1030
> URL: https://issues.apache.org/jira/browse/JS2-1030
> Project: Jetspeed 2
> Issue Type: Bug
> Components: LDAP
> Affects Versions: 2.2.0
> Environment: Windows XP, JRE 1.6.0.11, Tomcat 6.0.18, Apache DS 1.0.2 (also tested with ApacheDS 1.5.4)
> Reporter: Aysegul Aydin Isiktekin
> Assignee: Ate Douma
> Fix For: 2.2.1
>
>
> LDAP configuration property ldap.user.searchBase makes login impossible. When left empty, login is possible. But, when specified as:
> ldap.user.searchBase=ou=Peoples
> Exception occurs:
> ----------------------------
> WARNING: Login exception authenticating username "admin"
> javax.security.auth.login.LoginException: javax.naming.NameNotFoundException: [LDAP: error code 32 - failed on search operation: ou=Peoples:
> SearchRequest
> baseDn : 'ou=Peoples'
> filter : '(& (2.5.4.3=admin) (2.5.4.0=person) ) '
> scope : whole subtree
> typesOnly : false
> no limit
> Time Limit : no limit
> Deref Aliases : deref Always
> attributes : 'javaCodeBase', 'javaReferenceAddress', 'javaClassName', 'javaSerializedData', 'javaRemoteLocation', 'javaFactory', 'javaClassNames', 'objectClass'
> :
> org.apache.directory.shared.ldap.exception.LdapNameNotFoundException: ou=Peoples
> at org.apache.directory.server.core.partition.DefaultPartitionNexus.getBackend(DefaultPartitionNexus.java:987)
> at org.apache.directory.server.core.partition.DefaultPartitionNexus.hasEntry(DefaultPartitionNexus.java:920)
> at org.apache.directory.server.core.interceptor.InterceptorChain$1.hasEntry(InterceptorChain.java:157)
> ---- more
> ----------------------------
> From the exception and the logs of ApacheDS LDAP server, I can deduce the baseDn='ou=Peoples' cannot be found. It makes sense since the entry's dn is 'ou=Peoples,o=lbs' not 'ou=Peoples'. When specified as:
> ldap.user.searchBase=ou=Peoples,o=lbs
> Another Exception occurs:
> -------------------------
> WARNING: Login exception authenticating username "admin"
> javax.security.auth.login.LoginException: [LDAP: error code 32 - failed on search operation: Attempt to search under non-existant entry: 2.5.4.11=peoples,2.5.4.10=lbs,2.5.4.10=lbs:
> SearchRequest
> baseDn : 'ou=Peoples,o=lbs,o=lbs'
> filter : '(& (2.5.4.0=inetorgperson) (& (2.5.4.0=inetorgperson) (0.9.2342.19200300.100.1.1=admin) ) ) '
> scope : whole subtree
> typesOnly : false
> no limit
> Time Limit : no limit
> Deref Aliases : deref Always
> attributes :
> :
> org.apache.directory.shared.ldap.exception.LdapNameNotFoundException: Attempt to search under non-existant entry: 2.5.4.11=peoples,2.5.4.10=lbs,2.5.4.10=lbs
> at org.apache.directory.server.core.exception.ExceptionService.assertHasEntry(ExceptionService.java:416)
> at org.apache.directory.server.core.exception.ExceptionService.search(ExceptionService.java:392)
> ---more
> -------------------------
> When debugging code, I figured out getSearchDomain() method of org.apache.jetspeed.security.impl.LdapAuthenticationProvider class is not working properly. So when specifying the search base without ldap.base suffixed, search (lookupByUid(String userName) method) fails since ldap.base (o=lbs) is not added to search domain. But when specifying the search base with ldap.base added, this time getUser(String userName) method fails, since it adds ldap.base once more resulting in invalid search string 'ou=Peoples,o=lbs,o=lbs'.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
[jira] Updated: (JS2-1030) LDAP configuration property
ldap.user.searchBase (when not empty) makes login impossible
Posted by "Ate Douma (JIRA)" <je...@portals.apache.org>.
[ https://issues.apache.org/jira/browse/JS2-1030?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ate Douma updated JS2-1030:
---------------------------
Fix Version/s: 2.2.1
> LDAP configuration property ldap.user.searchBase (when not empty) makes login impossible
> ----------------------------------------------------------------------------------------
>
> Key: JS2-1030
> URL: https://issues.apache.org/jira/browse/JS2-1030
> Project: Jetspeed 2
> Issue Type: Bug
> Components: LDAP
> Affects Versions: 2.2.0
> Environment: Windows XP, JRE 1.6.0.11, Tomcat 6.0.18, Apache DS 1.0.2 (also tested with ApacheDS 1.5.4)
> Reporter: Aysegul Aydin Isiktekin
> Assignee: Ate Douma
> Fix For: 2.2.1
>
>
> LDAP configuration property ldap.user.searchBase makes login impossible. When left empty, login is possible. But, when specified as:
> ldap.user.searchBase=ou=Peoples
> Exception occurs:
> ----------------------------
> WARNING: Login exception authenticating username "admin"
> javax.security.auth.login.LoginException: javax.naming.NameNotFoundException: [LDAP: error code 32 - failed on search operation: ou=Peoples:
> SearchRequest
> baseDn : 'ou=Peoples'
> filter : '(& (2.5.4.3=admin) (2.5.4.0=person) ) '
> scope : whole subtree
> typesOnly : false
> no limit
> Time Limit : no limit
> Deref Aliases : deref Always
> attributes : 'javaCodeBase', 'javaReferenceAddress', 'javaClassName', 'javaSerializedData', 'javaRemoteLocation', 'javaFactory', 'javaClassNames', 'objectClass'
> :
> org.apache.directory.shared.ldap.exception.LdapNameNotFoundException: ou=Peoples
> at org.apache.directory.server.core.partition.DefaultPartitionNexus.getBackend(DefaultPartitionNexus.java:987)
> at org.apache.directory.server.core.partition.DefaultPartitionNexus.hasEntry(DefaultPartitionNexus.java:920)
> at org.apache.directory.server.core.interceptor.InterceptorChain$1.hasEntry(InterceptorChain.java:157)
> ---- more
> ----------------------------
> From the exception and the logs of ApacheDS LDAP server, I can deduce the baseDn='ou=Peoples' cannot be found. It makes sense since the entry's dn is 'ou=Peoples,o=lbs' not 'ou=Peoples'. When specified as:
> ldap.user.searchBase=ou=Peoples,o=lbs
> Another Exception occurs:
> -------------------------
> WARNING: Login exception authenticating username "admin"
> javax.security.auth.login.LoginException: [LDAP: error code 32 - failed on search operation: Attempt to search under non-existant entry: 2.5.4.11=peoples,2.5.4.10=lbs,2.5.4.10=lbs:
> SearchRequest
> baseDn : 'ou=Peoples,o=lbs,o=lbs'
> filter : '(& (2.5.4.0=inetorgperson) (& (2.5.4.0=inetorgperson) (0.9.2342.19200300.100.1.1=admin) ) ) '
> scope : whole subtree
> typesOnly : false
> no limit
> Time Limit : no limit
> Deref Aliases : deref Always
> attributes :
> :
> org.apache.directory.shared.ldap.exception.LdapNameNotFoundException: Attempt to search under non-existant entry: 2.5.4.11=peoples,2.5.4.10=lbs,2.5.4.10=lbs
> at org.apache.directory.server.core.exception.ExceptionService.assertHasEntry(ExceptionService.java:416)
> at org.apache.directory.server.core.exception.ExceptionService.search(ExceptionService.java:392)
> ---more
> -------------------------
> When debugging code, I figured out getSearchDomain() method of org.apache.jetspeed.security.impl.LdapAuthenticationProvider class is not working properly. So when specifying the search base without ldap.base suffixed, search (lookupByUid(String userName) method) fails since ldap.base (o=lbs) is not added to search domain. But when specifying the search base with ldap.base added, this time getUser(String userName) method fails, since it adds ldap.base once more resulting in invalid search string 'ou=Peoples,o=lbs,o=lbs'.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
[jira] Commented: (JS2-1030) LDAP configuration property
ldap.user.searchBase (when not empty) makes login impossible
Posted by "Ate Douma (JIRA)" <je...@portals.apache.org>.
[ https://issues.apache.org/jira/browse/JS2-1030?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12799522#action_12799522 ]
Ate Douma commented on JS2-1030:
--------------------------------
Aysegul, with JS2-1096 I committed a rewrite of LdapAuthenticationProvider which AFAIK should as side-effect solved this issue too.
I would appreciate it if you can find the time to review and validate the changes for JS2-1096 and report if it indeed fixes this issue too.
Regards,
Ate
> LDAP configuration property ldap.user.searchBase (when not empty) makes login impossible
> ----------------------------------------------------------------------------------------
>
> Key: JS2-1030
> URL: https://issues.apache.org/jira/browse/JS2-1030
> Project: Jetspeed 2
> Issue Type: Bug
> Components: LDAP
> Affects Versions: 2.2.0
> Environment: Windows XP, JRE 1.6.0.11, Tomcat 6.0.18, Apache DS 1.0.2 (also tested with ApacheDS 1.5.4)
> Reporter: Aysegul Aydin Isiktekin
> Assignee: Ate Douma
>
> LDAP configuration property ldap.user.searchBase makes login impossible. When left empty, login is possible. But, when specified as:
> ldap.user.searchBase=ou=Peoples
> Exception occurs:
> ----------------------------
> WARNING: Login exception authenticating username "admin"
> javax.security.auth.login.LoginException: javax.naming.NameNotFoundException: [LDAP: error code 32 - failed on search operation: ou=Peoples:
> SearchRequest
> baseDn : 'ou=Peoples'
> filter : '(& (2.5.4.3=admin) (2.5.4.0=person) ) '
> scope : whole subtree
> typesOnly : false
> no limit
> Time Limit : no limit
> Deref Aliases : deref Always
> attributes : 'javaCodeBase', 'javaReferenceAddress', 'javaClassName', 'javaSerializedData', 'javaRemoteLocation', 'javaFactory', 'javaClassNames', 'objectClass'
> :
> org.apache.directory.shared.ldap.exception.LdapNameNotFoundException: ou=Peoples
> at org.apache.directory.server.core.partition.DefaultPartitionNexus.getBackend(DefaultPartitionNexus.java:987)
> at org.apache.directory.server.core.partition.DefaultPartitionNexus.hasEntry(DefaultPartitionNexus.java:920)
> at org.apache.directory.server.core.interceptor.InterceptorChain$1.hasEntry(InterceptorChain.java:157)
> ---- more
> ----------------------------
> From the exception and the logs of ApacheDS LDAP server, I can deduce the baseDn='ou=Peoples' cannot be found. It makes sense since the entry's dn is 'ou=Peoples,o=lbs' not 'ou=Peoples'. When specified as:
> ldap.user.searchBase=ou=Peoples,o=lbs
> Another Exception occurs:
> -------------------------
> WARNING: Login exception authenticating username "admin"
> javax.security.auth.login.LoginException: [LDAP: error code 32 - failed on search operation: Attempt to search under non-existant entry: 2.5.4.11=peoples,2.5.4.10=lbs,2.5.4.10=lbs:
> SearchRequest
> baseDn : 'ou=Peoples,o=lbs,o=lbs'
> filter : '(& (2.5.4.0=inetorgperson) (& (2.5.4.0=inetorgperson) (0.9.2342.19200300.100.1.1=admin) ) ) '
> scope : whole subtree
> typesOnly : false
> no limit
> Time Limit : no limit
> Deref Aliases : deref Always
> attributes :
> :
> org.apache.directory.shared.ldap.exception.LdapNameNotFoundException: Attempt to search under non-existant entry: 2.5.4.11=peoples,2.5.4.10=lbs,2.5.4.10=lbs
> at org.apache.directory.server.core.exception.ExceptionService.assertHasEntry(ExceptionService.java:416)
> at org.apache.directory.server.core.exception.ExceptionService.search(ExceptionService.java:392)
> ---more
> -------------------------
> When debugging code, I figured out getSearchDomain() method of org.apache.jetspeed.security.impl.LdapAuthenticationProvider class is not working properly. So when specifying the search base without ldap.base suffixed, search (lookupByUid(String userName) method) fails since ldap.base (o=lbs) is not added to search domain. But when specifying the search base with ldap.base added, this time getUser(String userName) method fails, since it adds ldap.base once more resulting in invalid search string 'ou=Peoples,o=lbs,o=lbs'.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
[jira] Assigned: (JS2-1030) LDAP configuration property
ldap.user.searchBase (when not empty) makes login impossible
Posted by "Ate Douma (JIRA)" <je...@portals.apache.org>.
[ https://issues.apache.org/jira/browse/JS2-1030?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ate Douma reassigned JS2-1030:
------------------------------
Assignee: Ate Douma (was: Vivek Kumar)
> LDAP configuration property ldap.user.searchBase (when not empty) makes login impossible
> ----------------------------------------------------------------------------------------
>
> Key: JS2-1030
> URL: https://issues.apache.org/jira/browse/JS2-1030
> Project: Jetspeed 2
> Issue Type: Bug
> Components: LDAP
> Affects Versions: 2.2.0
> Environment: Windows XP, JRE 1.6.0.11, Tomcat 6.0.18, Apache DS 1.0.2 (also tested with ApacheDS 1.5.4)
> Reporter: Aysegul Aydin Isiktekin
> Assignee: Ate Douma
>
> LDAP configuration property ldap.user.searchBase makes login impossible. When left empty, login is possible. But, when specified as:
> ldap.user.searchBase=ou=Peoples
> Exception occurs:
> ----------------------------
> WARNING: Login exception authenticating username "admin"
> javax.security.auth.login.LoginException: javax.naming.NameNotFoundException: [LDAP: error code 32 - failed on search operation: ou=Peoples:
> SearchRequest
> baseDn : 'ou=Peoples'
> filter : '(& (2.5.4.3=admin) (2.5.4.0=person) ) '
> scope : whole subtree
> typesOnly : false
> no limit
> Time Limit : no limit
> Deref Aliases : deref Always
> attributes : 'javaCodeBase', 'javaReferenceAddress', 'javaClassName', 'javaSerializedData', 'javaRemoteLocation', 'javaFactory', 'javaClassNames', 'objectClass'
> :
> org.apache.directory.shared.ldap.exception.LdapNameNotFoundException: ou=Peoples
> at org.apache.directory.server.core.partition.DefaultPartitionNexus.getBackend(DefaultPartitionNexus.java:987)
> at org.apache.directory.server.core.partition.DefaultPartitionNexus.hasEntry(DefaultPartitionNexus.java:920)
> at org.apache.directory.server.core.interceptor.InterceptorChain$1.hasEntry(InterceptorChain.java:157)
> ---- more
> ----------------------------
> From the exception and the logs of ApacheDS LDAP server, I can deduce the baseDn='ou=Peoples' cannot be found. It makes sense since the entry's dn is 'ou=Peoples,o=lbs' not 'ou=Peoples'. When specified as:
> ldap.user.searchBase=ou=Peoples,o=lbs
> Another Exception occurs:
> -------------------------
> WARNING: Login exception authenticating username "admin"
> javax.security.auth.login.LoginException: [LDAP: error code 32 - failed on search operation: Attempt to search under non-existant entry: 2.5.4.11=peoples,2.5.4.10=lbs,2.5.4.10=lbs:
> SearchRequest
> baseDn : 'ou=Peoples,o=lbs,o=lbs'
> filter : '(& (2.5.4.0=inetorgperson) (& (2.5.4.0=inetorgperson) (0.9.2342.19200300.100.1.1=admin) ) ) '
> scope : whole subtree
> typesOnly : false
> no limit
> Time Limit : no limit
> Deref Aliases : deref Always
> attributes :
> :
> org.apache.directory.shared.ldap.exception.LdapNameNotFoundException: Attempt to search under non-existant entry: 2.5.4.11=peoples,2.5.4.10=lbs,2.5.4.10=lbs
> at org.apache.directory.server.core.exception.ExceptionService.assertHasEntry(ExceptionService.java:416)
> at org.apache.directory.server.core.exception.ExceptionService.search(ExceptionService.java:392)
> ---more
> -------------------------
> When debugging code, I figured out getSearchDomain() method of org.apache.jetspeed.security.impl.LdapAuthenticationProvider class is not working properly. So when specifying the search base without ldap.base suffixed, search (lookupByUid(String userName) method) fails since ldap.base (o=lbs) is not added to search domain. But when specifying the search base with ldap.base added, this time getUser(String userName) method fails, since it adds ldap.base once more resulting in invalid search string 'ou=Peoples,o=lbs,o=lbs'.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
[jira] Assigned: (JS2-1030) LDAP configuration property
ldap.user.searchBase (when not empty) makes login impossible
Posted by "Vivek Kumar (JIRA)" <je...@portals.apache.org>.
[ https://issues.apache.org/jira/browse/JS2-1030?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Vivek Kumar reassigned JS2-1030:
--------------------------------
Assignee: Vivek Kumar
> LDAP configuration property ldap.user.searchBase (when not empty) makes login impossible
> ----------------------------------------------------------------------------------------
>
> Key: JS2-1030
> URL: https://issues.apache.org/jira/browse/JS2-1030
> Project: Jetspeed 2
> Issue Type: Bug
> Components: LDAP
> Affects Versions: 2.2.0
> Environment: Windows XP, JRE 1.6.0.11, Tomcat 6.0.18, Apache DS 1.0.2 (also tested with ApacheDS 1.5.4)
> Reporter: Aysegul Aydin Isiktekin
> Assignee: Vivek Kumar
>
> LDAP configuration property ldap.user.searchBase makes login impossible. When left empty, login is possible. But, when specified as:
> ldap.user.searchBase=ou=Peoples
> Exception occurs:
> ----------------------------
> WARNING: Login exception authenticating username "admin"
> javax.security.auth.login.LoginException: javax.naming.NameNotFoundException: [LDAP: error code 32 - failed on search operation: ou=Peoples:
> SearchRequest
> baseDn : 'ou=Peoples'
> filter : '(& (2.5.4.3=admin) (2.5.4.0=person) ) '
> scope : whole subtree
> typesOnly : false
> no limit
> Time Limit : no limit
> Deref Aliases : deref Always
> attributes : 'javaCodeBase', 'javaReferenceAddress', 'javaClassName', 'javaSerializedData', 'javaRemoteLocation', 'javaFactory', 'javaClassNames', 'objectClass'
> :
> org.apache.directory.shared.ldap.exception.LdapNameNotFoundException: ou=Peoples
> at org.apache.directory.server.core.partition.DefaultPartitionNexus.getBackend(DefaultPartitionNexus.java:987)
> at org.apache.directory.server.core.partition.DefaultPartitionNexus.hasEntry(DefaultPartitionNexus.java:920)
> at org.apache.directory.server.core.interceptor.InterceptorChain$1.hasEntry(InterceptorChain.java:157)
> ---- more
> ----------------------------
> From the exception and the logs of ApacheDS LDAP server, I can deduce the baseDn='ou=Peoples' cannot be found. It makes sense since the entry's dn is 'ou=Peoples,o=lbs' not 'ou=Peoples'. When specified as:
> ldap.user.searchBase=ou=Peoples,o=lbs
> Another Exception occurs:
> -------------------------
> WARNING: Login exception authenticating username "admin"
> javax.security.auth.login.LoginException: [LDAP: error code 32 - failed on search operation: Attempt to search under non-existant entry: 2.5.4.11=peoples,2.5.4.10=lbs,2.5.4.10=lbs:
> SearchRequest
> baseDn : 'ou=Peoples,o=lbs,o=lbs'
> filter : '(& (2.5.4.0=inetorgperson) (& (2.5.4.0=inetorgperson) (0.9.2342.19200300.100.1.1=admin) ) ) '
> scope : whole subtree
> typesOnly : false
> no limit
> Time Limit : no limit
> Deref Aliases : deref Always
> attributes :
> :
> org.apache.directory.shared.ldap.exception.LdapNameNotFoundException: Attempt to search under non-existant entry: 2.5.4.11=peoples,2.5.4.10=lbs,2.5.4.10=lbs
> at org.apache.directory.server.core.exception.ExceptionService.assertHasEntry(ExceptionService.java:416)
> at org.apache.directory.server.core.exception.ExceptionService.search(ExceptionService.java:392)
> ---more
> -------------------------
> When debugging code, I figured out getSearchDomain() method of org.apache.jetspeed.security.impl.LdapAuthenticationProvider class is not working properly. So when specifying the search base without ldap.base suffixed, search (lookupByUid(String userName) method) fails since ldap.base (o=lbs) is not added to search domain. But when specifying the search base with ldap.base added, this time getUser(String userName) method fails, since it adds ldap.base once more resulting in invalid search string 'ou=Peoples,o=lbs,o=lbs'.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org