Forum Home » Fuse Distributions » Fuse ESB

Thread: 4.4.1 LDAP authentication problem

 
This question is answered. Helpful answers available: 2. Correct answers available: 1.

Reply to this Thread Reply to this Thread Search Forum Search Forum Back to Thread List Back to Thread List

Permlink Replies: 1 - Last Post: Jan 31, 2012 5:37 PM Last Post By: hellosir1979
hellosir1979

Posts: 14
Registered: 01/04/12
4.4.1 LDAP authentication problem
Posted: Jan 24, 2012 6:53 PM 		 
  Click to reply to this thread Reply
I tried to follow the tutorial to enable LDAP authentication, but I am getting errors when I try to connect. The user I am trying to access is valid (uid=hsir,ou=Users,o=htg).

I can see that if I have an invalid password that I get the expected errors stating such. The problem is that when I try to login to the webconsole using the hsir user, I get an error back stating that it can't get the roles for the user (LDAP error code 53). Below is the ldap-module.xml I put in the deploy directory and the error from the servicemix.log file. I am using apache-servicemix-4.4.1 in windows 7 (JDK 1.6_29).

I want to allow logins for anyone in the cn=webAdmin,ou=Roles,o=htg role.

Any help with this would be greatly appreciated.

ldap-module.xml is:

<?xml version="1.0" encoding="UTF-8"?>
<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
xmlns:jaas="http://karaf.apache.org/xmlns/jaas/v1.0.0"
xmlns:ext="http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.0.0">

<jaas:config name="karaf" rank="1">
<jaas:module className="org.apache.karaf.jaas.modules.ldap.LDAPLoginModule"
flags="required">
initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
connection.username=uid=jhg,ou=ions,o=htg
connection.password=password
connection.protocol=
connection.url=ldap://localhost:10389
user.base.dn=ou=Users,o=htg
user.filter=(uid=%u)
user.search.subtree=true
role.base.dn=ou=Roles,o=htg
role.name.attribute=cn
role.filter=(uniqueMember:=uid=%u)
role.search.subtree=true
authentication=simple
</jaas:module>
</jaas:config>
</blueprint>

The error from the servicemix.log is

javax.security.auth.login.LoginException: Can't get user hsir roles: LDAP: error code 53 - Unwilling To Perform
at org.apache.karaf.jaas.modules.ldap.LDAPLoginModule.doLogin(LDAPLoginModule.java:239)
at org.apache.karaf.jaas.modules.ldap.LDAPLoginModule.login(LDAPLoginModule.java:128)
at org.apache.karaf.jaas.boot.ProxyLoginModule.login(ProxyLoginModule.java:83)karaf-jaas-boot.jar:
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method):1.6.0_29
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39):1.6.0_29
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25):1.6.0_29
at java.lang.reflect.Method.invoke(Method.java:597):1.6.0_29
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769):1.6.0_29
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186):1.6.0_29
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683):1.6.0_29
at java.security.AccessController.doPrivileged(Native Method):1.6.0_29
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680):1.6.0_29
at javax.security.auth.login.LoginContext.login(LoginContext.java:579):1.6.0_29
at org.apache.karaf.webconsole.JaasSecurityProvider.doAuthenticate(JaasSecurityProvider.java:91)159:org.apache.karaf.webconsole.console:2.2.4
at org.apache.karaf.webconsole.JaasSecurityProvider.authenticate(JaasSecurityProvider.java:156)159:org.apache.karaf.webconsole.console:2.2.4
at org.apache.felix.webconsole.internal.servlet.OsgiManagerHttpContext.handleSecurity(OsgiManagerHttpContext.java:104)159:org.apache.karaf.webconsole.console:2.2.4
at org.ops4j.pax.web.service.jetty.internal.HttpServiceServletHandler.doHandle(HttpServiceServletHandler.java:68)112:org.ops4j.pax.web.pax-web-jetty:1.0.7
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:119)97:org.eclipse.jetty.server:7.4.5.v20110725
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:517)100:org.eclipse.jetty.security:7.4.5.v20110725
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:225)97:org.eclipse.jetty.server:7.4.5.v20110725
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:937)97:org.eclipse.jetty.server:7.4.5.v20110725
at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doHandle(HttpServiceContext.java:116)112:org.ops4j.pax.web.pax-web-jetty:1.0.7
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:406)98:org.eclipse.jetty.servlet:7.4.5.v20110725
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:183)97:org.eclipse.jetty.server:7.4.5.v20110725
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:871)97:org.eclipse.jetty.server:7.4.5.v20110725
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:117)97:org.eclipse.jetty.server:7.4.5.v20110725
at org.ops4j.pax.web.service.jetty.internal.JettyServerHandlerCollection.handle(JettyServerHandlerCollection.java:72)112:org.ops4j.pax.web.pax-web-jetty:1.0.7
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:110)97:org.eclipse.jetty.server:7.4.5.v20110725
at org.eclipse.jetty.server.Server.handle(Server.java:346)97:org.eclipse.jetty.server:7.4.5.v20110725
at org.eclipse.jetty.server.HttpConnection.handleRequest(HttpConnection.java:589)97:org.eclipse.jetty.server:7.4.5.v20110725
at org.eclipse.jetty.server.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:1048)97:org.eclipse.jetty.server:7.4.5.v20110725
at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:601)101:org.eclipse.jetty.http:7.4.5.v20110725
at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:214)101:org.eclipse.jetty.http:7.4.5.v20110725
at org.eclipse.jetty.server.HttpConnection.handle(HttpConnection.java:411)97:org.eclipse.jetty.server:7.4.5.v20110725
at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:535)99:org.eclipse.jetty.io:7.4.5.v20110725
at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:40)99:org.eclipse.jetty.io:7.4.5.v20110725
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:529)109:org.eclipse.jetty.util:7.4.5.v20110725
at java.lang.Thread.run(Thread.java:662):1.6.0_29
12:42:05,084 | ERROR | qtp15083736-67 | JaasSecurityProvider | 159 - org.apache.karaf.webconsole.console - 2.2.4 | General Security Exception
javax.security.auth.login.LoginException: Can't get user hsir roles: LDAP: error code 53 - Unwilling To Perform
at org.apache.karaf.jaas.modules.ldap.LDAPLoginModule.doLogin(LDAPLoginModule.java:239)
at org.apache.karaf.jaas.modules.ldap.LDAPLoginModule.login(LDAPLoginModule.java:128)
at org.apache.karaf.jaas.boot.ProxyLoginModule.login(ProxyLoginModule.java:83)karaf-jaas-boot.jar:
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method):1.6.0_29
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39):1.6.0_29
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25):1.6.0_29
at java.lang.reflect.Method.invoke(Method.java:597):1.6.0_29
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769):1.6.0_29
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186):1.6.0_29
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683):1.6.0_29
at java.security.AccessController.doPrivileged(Native Method):1.6.0_29
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680):1.6.0_29
at javax.security.auth.login.LoginContext.login(LoginContext.java:579):1.6.0_29
at org.apache.karaf.webconsole.JaasSecurityProvider.doAuthenticate(JaasSecurityProvider.java:91)159:org.apache.karaf.webconsole.console:2.2.4
at org.apache.karaf.webconsole.JaasSecurityProvider.authenticate(JaasSecurityProvider.java:156)159:org.apache.karaf.webconsole.console:2.2.4
at org.apache.felix.webconsole.internal.servlet.OsgiManagerHttpContext.handleSecurity(OsgiManagerHttpContext.java:104)159:org.apache.karaf.webconsole.console:2.2.4
at org.ops4j.pax.web.service.jetty.internal.HttpServiceServletHandler.doHandle(HttpServiceServletHandler.java:68)112:org.ops4j.pax.web.pax-web-jetty:1.0.7
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:119)97:org.eclipse.jetty.server:7.4.5.v20110725
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:517)100:org.eclipse.jetty.security:7.4.5.v20110725
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:225)97:org.eclipse.jetty.server:7.4.5.v20110725
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:937)97:org.eclipse.jetty.server:7.4.5.v20110725
at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doHandle(HttpServiceContext.java:116)112:org.ops4j.pax.web.pax-web-jetty:1.0.7
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:406)98:org.eclipse.jetty.servlet:7.4.5.v20110725
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:183)97:org.eclipse.jetty.server:7.4.5.v20110725
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:871)97:org.eclipse.jetty.server:7.4.5.v20110725
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:117)97:org.eclipse.jetty.server:7.4.5.v20110725
at org.ops4j.pax.web.service.jetty.internal.JettyServerHandlerCollection.handle(JettyServerHandlerCollection.java:72)112:org.ops4j.pax.web.pax-web-jetty:1.0.7
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:110)97:org.eclipse.jetty.server:7.4.5.v20110725
at org.eclipse.jetty.server.Server.handle(Server.java:346)97:org.eclipse.jetty.server:7.4.5.v20110725
at org.eclipse.jetty.server.HttpConnection.handleRequest(HttpConnection.java:589)97:org.eclipse.jetty.server:7.4.5.v20110725
at org.eclipse.jetty.server.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:1048)97:org.eclipse.jetty.server:7.4.5.v20110725
at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:601)101:org.eclipse.jetty.http:7.4.5.v20110725
at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:214)101:org.eclipse.jetty.http:7.4.5.v20110725
at org.eclipse.jetty.server.HttpConnection.handle(HttpConnection.java:411)97:org.eclipse.jetty.server:7.4.5.v20110725
at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:535)99:org.eclipse.jetty.io:7.4.5.v20110725
at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:40)99:org.eclipse.jetty.io:7.4.5.v20110725
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:529)109:org.eclipse.jetty.util:7.4.5.v20110725
at java.lang.Thread.run(Thread.java:662):1.6.0_29
hellosir1979

Posts: 14
Registered: 01/04/12
Re: 4.4.1 LDAP authentication problem
Posted: Jan 31, 2012 5:37 PM   in response to: hellosir1979 in response to: hellosir1979 		 
  Click to reply to this thread Reply
Figured out the problem. Had to change the user password and then LDAP error code 53 went away.

Point your RSS reader here for a feed of the latest messages in all forums
Go Back Back to Thread List



Contact Us | About This Site | Privacy Policy | Terms of Use | Site Index

FUSE Open Source Community is a community resource for open source service oriented architecture (SOA) and application integration products and technologies. FUSE offers products based on Apache ServiceMix, Apache ActiveMQ, Apache CXF and Apache Camel which are certified, productized and fully supported by the people who wrote the code. Learn about ActiveMQ with our training, support, and consulting on ActiveMQ performance. FUSE also offers integration software that allows developers to service-enable existing components or build new services with preconfigured enterprise integration patterns. FUSE ESB 4 for enterprise service bus is an open source integration platform for BPEL components that supports the latest emerging standards like OSGi and JBI 2.0. FUSE Services Framework allows Java developers to create reusable RESTful services using front-end programming APIs like JAX-WS. Our powerful message oriented middleware solution, FUSE Message Broker, offers a cost-effective and flexible open source messaging platform. FUSE also works to enhance your SOA using content based routing with FUSE Mediation Router.