Forum Home » Fuse Distributions » Fuse ESB

Thread: 4.4.1 LDAP authentication problem

 
This question is answered. Helpful answers available: 2. Correct answers available: 1.


Permlink Replies: 1 - Last Post: Jan 31, 2012 5:37 PM Last Post By: hellosir1979
hellosir1979

Posts: 14
Registered: 01/04/12
4.4.1 LDAP authentication problem
Posted: Jan 24, 2012 6:53 PM
 
  Click to reply to this thread Reply
I tried to follow the tutorial to enable LDAP authentication, but I am getting errors when I try to connect. The user I am trying to access is valid (uid=hsir,ou=Users,o=htg).

I can see that if I have an invalid password that I get the expected errors stating such. The problem is that when I try to login to the webconsole using the hsir user, I get an error back stating that it can't get the roles for the user (LDAP error code 53). Below is the ldap-module.xml I put in the deploy directory and the error from the servicemix.log file. I am using apache-servicemix-4.4.1 in windows 7 (JDK 1.6_29).

I want to allow logins for anyone in the cn=webAdmin,ou=Roles,o=htg role.

Any help with this would be greatly appreciated.

ldap-module.xml is:

<?xml version="1.0" encoding="UTF-8"?>
<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
xmlns:jaas="http://karaf.apache.org/xmlns/jaas/v1.0.0"
xmlns:ext="http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.0.0">

<jaas:config name="karaf" rank="1">
<jaas:module className="org.apache.karaf.jaas.modules.ldap.LDAPLoginModule"
flags="required">
initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
connection.username=uid=jhg,ou=ions,o=htg
connection.password=password
connection.protocol=
connection.url=ldap://localhost:10389
user.base.dn=ou=Users,o=htg
user.filter=(uid=%u)
user.search.subtree=true
role.base.dn=ou=Roles,o=htg
role.name.attribute=cn
role.filter=(uniqueMember:=uid=%u)
role.search.subtree=true
authentication=simple
</jaas:module>
</jaas:config>
</blueprint>

The error from the servicemix.log is

javax.security.auth.login.LoginException: Can't get user hsir roles: LDAP: error code 53 - Unwilling To Perform
at org.apache.karaf.jaas.modules.ldap.LDAPLoginModule.doLogin(LDAPLoginModule.java:239)
at org.apache.karaf.jaas.modules.ldap.LDAPLoginModule.login(LDAPLoginModule.java:128)
at org.apache.karaf.jaas.boot.ProxyLoginModule.login(ProxyLoginModule.java:83)karaf-jaas-boot.jar:
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method):1.6.0_29
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39):1.6.0_29
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25):1.6.0_29
at java.lang.reflect.Method.invoke(Method.java:597):1.6.0_29
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769):1.6.0_29
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186):1.6.0_29
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683):1.6.0_29
at java.security.AccessController.doPrivileged(Native Method):1.6.0_29
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680):1.6.0_29
at javax.security.auth.login.LoginContext.login(LoginContext.java:579):1.6.0_29
at org.apache.karaf.webconsole.JaasSecurityProvider.doAuthenticate(JaasSecurityProvider.java:91)159:org.apache.karaf.webconsole.console:2.2.4
at org.apache.karaf.webconsole.JaasSecurityProvider.authenticate(JaasSecurityProvider.java:156)159:org.apache.karaf.webconsole.console:2.2.4
at org.apache.felix.webconsole.internal.servlet.OsgiManagerHttpContext.handleSecurity(OsgiManagerHttpContext.java:104)159:org.apache.karaf.webconsole.console:2.2.4
at org.ops4j.pax.web.service.jetty.internal.HttpServiceServletHandler.doHandle(HttpServiceServletHandler.java:68)112:org.ops4j.pax.web.pax-web-jetty:1.0.7
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:119)97:org.eclipse.jetty.server:7.4.5.v20110725
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:517)100:org.eclipse.jetty.security:7.4.5.v20110725
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:225)97:org.eclipse.jetty.server:7.4.5.v20110725
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:937)97:org.eclipse.jetty.server:7.4.5.v20110725
at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doHandle(HttpServiceContext.java:116)112:org.ops4j.pax.web.pax-web-jetty:1.0.7
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:406)98:org.eclipse.jetty.servlet:7.4.5.v20110725
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:183)97:org.eclipse.jetty.server:7.4.5.v20110725
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:871)97:org.eclipse.jetty.server:7.4.5.v20110725
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:117)97:org.eclipse.jetty.server:7.4.5.v20110725
at org.ops4j.pax.web.service.jetty.internal.JettyServerHandlerCollection.handle(JettyServerHandlerCollection.java:72)112:org.ops4j.pax.web.pax-web-jetty:1.0.7
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:110)97:org.eclipse.jetty.server:7.4.5.v20110725
at org.eclipse.jetty.server.Server.handle(Server.java:346)97:org.eclipse.jetty.server:7.4.5.v20110725
at org.eclipse.jetty.server.HttpConnection.handleRequest(HttpConnection.java:589)97:org.eclipse.jetty.server:7.4.5.v20110725
at org.eclipse.jetty.server.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:1048)97:org.eclipse.jetty.server:7.4.5.v20110725
at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:601)101:org.eclipse.jetty.http:7.4.5.v20110725
at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:214)101:org.eclipse.jetty.http:7.4.5.v20110725
at org.eclipse.jetty.server.HttpConnection.handle(HttpConnection.java:411)97:org.eclipse.jetty.server:7.4.5.v20110725
at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:535)99:org.eclipse.jetty.io:7.4.5.v20110725
at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:40)99:org.eclipse.jetty.io:7.4.5.v20110725
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:529)109:org.eclipse.jetty.util:7.4.5.v20110725
at java.lang.Thread.run(Thread.java:662):1.6.0_29
12:42:05,084 | ERROR | qtp15083736-67 | JaasSecurityProvider | 159 - org.apache.karaf.webconsole.console - 2.2.4 | General Security Exception
javax.security.auth.login.LoginException: Can't get user hsir roles: LDAP: error code 53 - Unwilling To Perform
at org.apache.karaf.jaas.modules.ldap.LDAPLoginModule.doLogin(LDAPLoginModule.java:239)
at org.apache.karaf.jaas.modules.ldap.LDAPLoginModule.login(LDAPLoginModule.java:128)
at org.apache.karaf.jaas.boot.ProxyLoginModule.login(ProxyLoginModule.java:83)karaf-jaas-boot.jar:
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method):1.6.0_29
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39):1.6.0_29
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25):1.6.0_29
at java.lang.reflect.Method.invoke(Method.java:597):1.6.0_29
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769):1.6.0_29
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186):1.6.0_29
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683):1.6.0_29
at java.security.AccessController.doPrivileged(Native Method):1.6.0_29
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680):1.6.0_29
at javax.security.auth.login.LoginContext.login(LoginContext.java:579):1.6.0_29
at org.apache.karaf.webconsole.JaasSecurityProvider.doAuthenticate(JaasSecurityProvider.java:91)159:org.apache.karaf.webconsole.console:2.2.4
at org.apache.karaf.webconsole.JaasSecurityProvider.authenticate(JaasSecurityProvider.java:156)159:org.apache.karaf.webconsole.console:2.2.4
at org.apache.felix.webconsole.internal.servlet.OsgiManagerHttpContext.handleSecurity(OsgiManagerHttpContext.java:104)159:org.apache.karaf.webconsole.console:2.2.4
at org.ops4j.pax.web.service.jetty.internal.HttpServiceServletHandler.doHandle(HttpServiceServletHandler.java:68)112:org.ops4j.pax.web.pax-web-jetty:1.0.7
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:119)97:org.eclipse.jetty.server:7.4.5.v20110725
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:517)100:org.eclipse.jetty.security:7.4.5.v20110725
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:225)97:org.eclipse.jetty.server:7.4.5.v20110725
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:937)97:org.eclipse.jetty.server:7.4.5.v20110725
at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doHandle(HttpServiceContext.java:116)112:org.ops4j.pax.web.pax-web-jetty:1.0.7
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:406)98:org.eclipse.jetty.servlet:7.4.5.v20110725
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:183)97:org.eclipse.jetty.server:7.4.5.v20110725
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:871)97:org.eclipse.jetty.server:7.4.5.v20110725
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:117)97:org.eclipse.jetty.server:7.4.5.v20110725
at org.ops4j.pax.web.service.jetty.internal.JettyServerHandlerCollection.handle(JettyServerHandlerCollection.java:72)112:org.ops4j.pax.web.pax-web-jetty:1.0.7
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:110)97:org.eclipse.jetty.server:7.4.5.v20110725
at org.eclipse.jetty.server.Server.handle(Server.java:346)97:org.eclipse.jetty.server:7.4.5.v20110725
at org.eclipse.jetty.server.HttpConnection.handleRequest(HttpConnection.java:589)97:org.eclipse.jetty.server:7.4.5.v20110725
at org.eclipse.jetty.server.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:1048)97:org.eclipse.jetty.server:7.4.5.v20110725
at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:601)101:org.eclipse.jetty.http:7.4.5.v20110725
at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:214)101:org.eclipse.jetty.http:7.4.5.v20110725
at org.eclipse.jetty.server.HttpConnection.handle(HttpConnection.java:411)97:org.eclipse.jetty.server:7.4.5.v20110725
at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:535)99:org.eclipse.jetty.io:7.4.5.v20110725
at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:40)99:org.eclipse.jetty.io:7.4.5.v20110725
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:529)109:org.eclipse.jetty.util:7.4.5.v20110725
at java.lang.Thread.run(Thread.java:662):1.6.0_29
hellosir1979

Posts: 14
Registered: 01/04/12
Re: 4.4.1 LDAP authentication problem
Posted: Jan 31, 2012 5:37 PM   in response to: hellosir1979 in response to: hellosir1979
 
  Click to reply to this thread Reply
Figured out the problem. Had to change the user password and then LDAP error code 53 went away.