|

Daisy - General

Daisy 2.3 upgrade LDAP issue

View: New views

13 Messages — Rating Filter: Alert me

	Daisy 2.3 upgrade LDAP issue by Mario Brackeva :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Some parts of this message have been removed. Learn more about Nabble's security policy. After upgrading our Daisy from 2.2 to 2.3 (on a test server), the repository won’t start anymore. Apparently it has an issue with LDAP. We use our Active Directory to authenticate users in Daisy. This config has been working fine as of Daisy 1.5, and it still does in 2.2. Excerpt from the file daisy-repository-server-service.log: … (all is well up to here) INFO \| jvm 1 \| 2009/06/22 11:39:07 \| [WrapperSimpleAppMain] INFO org.outerj.daisy.runtime.info - Starting container ntlm - /appl/daisy/daisy/lib/daisy/jars/daisy-auth-ntlm-2.3.jar INFO \| jvm 1 \| 2009/06/22 11:39:07 \| [WrapperSimpleAppMain] INFO org.outerj.daisy.runtime.info - Starting container ldap - /appl/daisy/daisy/lib/daisy/jars/daisy-auth-ldap-2.3.jar INFO \| jvm 1 \| 2009/06/22 11:39:07 \| org.outerj.daisy.runtime.DaisyRTException: Error constructing component container defined at /appl/daisy/daisy/lib/daisy/jars/daisy-auth-ldap-2.3.jar INFO \| jvm 1 \| 2009/06/22 11:39:07 \| at org.outerj.daisy.runtime.component.ContainerConfigImpl.build(ContainerConfigImpl.java:114) INFO \| jvm 1 \| 2009/06/22 11:39:07 \| at org.outerj.daisy.runtime.DaisyRuntime.init(DaisyRuntime.java:91) INFO \| jvm 1 \| 2009/06/22 11:39:07 \| at org.outerj.daisy.runtime.cli.DaisyRuntimeCli.run(DaisyRuntimeCli.java:177) INFO \| jvm 1 \| 2009/06/22 11:39:07 \| at org.outerj.daisy.runtime.cli.DaisyRuntimeCli.main(DaisyRuntimeCli.java:37) INFO \| jvm 1 \| 2009/06/22 11:39:07 \| at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) INFO \| jvm 1 \| 2009/06/22 11:39:07 \| at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) INFO \| jvm 1 \| 2009/06/22 11:39:07 \| at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) INFO \| jvm 1 \| 2009/06/22 11:39:07 \| at java.lang.reflect.Method.invoke(Method.java:585) INFO \| jvm 1 \| 2009/06/22 11:39:07 \| at org.outerj.daisy.launcher.repository.RuntimeCliLauncher.run(RuntimeCliLauncher.java:61) INFO \| jvm 1 \| 2009/06/22 11:39:07 \| at org.outerj.daisy.launcher.repository.RuntimeCliLauncher.launch(RuntimeCliLauncher.java:41) INFO \| jvm 1 \| 2009/06/22 11:39:07 \| at org.outerj.daisy.launcher.repository.RuntimeCliLauncher.main(RuntimeCliLauncher.java:37) INFO \| jvm 1 \| 2009/06/22 11:39:07 \| at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) INFO \| jvm 1 \| 2009/06/22 11:39:07 \| at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) INFO \| jvm 1 \| 2009/06/22 11:39:07 \| at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) INFO \| jvm 1 \| 2009/06/22 11:39:07 \| at java.lang.reflect.Method.invoke(Method.java:585) INFO \| jvm 1 \| 2009/06/22 11:39:07 \| at org.tanukisoftware.wrapper.WrapperSimpleApp.run(WrapperSimpleApp.java:240) INFO \| jvm 1 \| 2009/06/22 11:39:07 \| at java.lang.Thread.run(Thread.java:595) INFO \| jvm 1 \| 2009/06/22 11:39:07 \| Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'ldapAuthFactory' defined in DAISY-INF/spring/applicationContext.xml in /appl/daisy/daisy/lib/daisy/jars/daisy-auth-ldap-2.3.jar: Instantiation of bean failed; nested exception is org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [org.outerj.daisy.authentication.impl.LdapAuthenticationFactory]: Constructor threw exception; nested exception is org.apache.avalon.framework.configuration.ConfigurationException: No value is associated with the configuration element "searchBase" at <generated>file:/appl/daisy/daisydata/conf/myconfig.xml:135:58 INFO \| jvm 1 \| 2009/06/22 11:39:07 \| at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:231) INFO \| jvm 1 \| 2009/06/22 11:39:07 \| at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:957) INFO \| jvm 1 \| 2009/06/22 11:39:07 \| at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:869) INFO \| jvm 1 \| 2009/06/22 11:39:07 \| at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:514) INFO \| jvm 1 \| 2009/06/22 11:39:07 \| at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory$1.run(AbstractAutowireCapableBeanFactory.java:485) INFO \| jvm 1 \| 2009/06/22 11:39:07 \| at java.security.AccessController.doPrivileged(Native Method) INFO \| jvm 1 \| 2009/06/22 11:39:07 \| at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:455) INFO \| jvm 1 \| 2009/06/22 11:39:07 \| at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:251) INFO \| jvm 1 \| 2009/06/22 11:39:07 \| at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:169) INFO \| jvm 1 \| 2009/06/22 11:39:07 \| at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:248) INFO \| jvm 1 \| 2009/06/22 11:39:07 \| at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:170) INFO \| jvm 1 \| 2009/06/22 11:39:07 \| at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:413) INFO \| jvm 1 \| 2009/06/22 11:39:07 \| at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:735) INFO \| jvm 1 \| 2009/06/22 11:39:07 \| at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:369) INFO \| jvm 1 \| 2009/06/22 11:39:07 \| at org.outerj.daisy.runtime.component.ContainerConfigImpl.build(ContainerConfigImpl.java:87) INFO \| jvm 1 \| 2009/06/22 11:39:07 \| ... 16 more INFO \| jvm 1 \| 2009/06/22 11:39:07 \| Caused by: org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [org.outerj.daisy.authentication.impl.LdapAuthenticationFactory]: Constructor threw exception; nested exception is org.apache.avalon.framework.configuration.ConfigurationException: No value is associated with the configuration element "searchBase" at <generated>file:/appl/daisy/daisydata/conf/myconfig.xml:135:58 INFO \| jvm 1 \| 2009/06/22 11:39:07 \| at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:98) INFO \| jvm 1 \| 2009/06/22 11:39:07 \| at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:87) INFO \| jvm 1 \| 2009/06/22 11:39:07 \| at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:225) INFO \| jvm 1 \| 2009/06/22 11:39:07 \| ... 30 more INFO \| jvm 1 \| 2009/06/22 11:39:07 \| Caused by: org.apache.avalon.framework.configuration.ConfigurationException: No value is associated with the configuration element "searchBase" at <generated>file:/appl/daisy/daisydata/conf/myconfig.xml:135:58 INFO \| jvm 1 \| 2009/06/22 11:39:07 \| at org.apache.avalon.framework.configuration.DefaultConfiguration.getValue(DefaultConfiguration.java:214) INFO \| jvm 1 \| 2009/06/22 11:39:07 \| at org.outerj.daisy.authentication.impl.LdapAuthenticationFactory.configure(LdapAuthenticationFactory.java:68) INFO \| jvm 1 \| 2009/06/22 11:39:07 \| at org.outerj.daisy.authentication.impl.LdapAuthenticationFactory.<init>(LdapAuthenticationFactory.java:36) INFO \| jvm 1 \| 2009/06/22 11:39:07 \| at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) INFO \| jvm 1 \| 2009/06/22 11:39:07 \| at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39) INFO \| jvm 1 \| 2009/06/22 11:39:07 \| at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27) INFO \| jvm 1 \| 2009/06/22 11:39:07 \| at java.lang.reflect.Constructor.newInstance(Constructor.java:494) INFO \| jvm 1 \| 2009/06/22 11:39:07 \| at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:83) INFO \| jvm 1 \| 2009/06/22 11:39:07 \| ... 32 more INFO \| jvm 1 \| 2009/06/22 11:39:07 \| Startup failed. Will try to shutdown and exit. INFO \| jvm 1 \| 2009/06/22 11:39:07 \| [WrapperSimpleAppMain] INFO org.outerj.daisy.runtime.info - Shutting down component containers. INFO \| wrapperp \| 2009/06/22 11:39:10 \| port 31008 already in use, using port 32000 instead. STATUS \| wrapper \| 2009/06/22 11:39:11 \| <-- Wrapper Stopped It complains about the following part of the myconfig.xml: <scheme name="secret" description="LDAP Secret"> <environment> <property name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/> <property name="java.naming.provider.url" value="ldap://server.domain.be:389"/> <property name="java.naming.security.authentication" value="simple"/> <!--property name="java.naming.security.protocol" value="ssl"/--> <property name="java.naming.security.principal" value="$daisyLogin@ntdomain"/> </environment> <cache enabled="true" maxCacheSize="3000" maxCacheDuration="1800000"/> <autoCreateUser> <roles> <role>Guest</role> </roles> <defaultRole>Guest</defaultRole> <updateableByUser>true</updateableByUser> </autoCreateUser> </scheme> Kind regards, Mario. _______________________________________________ daisy community mailing list Professional Daisy support: http://outerthought.org/en/services/daisy/support.html mail to: daisy@... list information: http://lists.cocoondev.org/mailman/listinfo/daisy
	Re: Daisy 2.3 upgrade LDAP issue by Karel Vervaeke :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Try adding this line (of course change to match your environment). <scheme name="secret" description="LDAP Secret"> <environment> <property name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/> <property name="java.naming.provider.url" value="ldap://server.domain.be:389"/> <property name="java.naming.security.authentication" value="simple"/> <!--property name="java.naming.security.protocol" value="ssl"/--> <property name="java.naming.security.principal" value="$daisyLogin@ntdomain"/> </environment> + <searchBase>dc=outerthought,dc=org</searchBase> <cache enabled="true" maxCacheSize="3000" maxCacheDuration="1800000"/> <autoCreateUser> <roles> <role>Guest</role> </roles> <defaultRole>Guest</defaultRole> <updateableByUser>true</updateableByUser> </autoCreateUser> </scheme> I'll have the documentation updated soon: http://www.daisycms.org/daisydocs-2_3/13-cd/591-cd.html HTH, Karel _______________________________________________ daisy community mailing list Professional Daisy support: http://outerthought.org/en/services/daisy/support.html mail to: daisy@... list information: http://lists.cocoondev.org/mailman/listinfo/daisy
	RE: Daisy 2.3 upgrade LDAP issue by Mario Brackeva :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Yep, now the repository server starts. However, I can only log in with local Daisy users. If I try a LDAP user it gives me the general "Authentication failed for login ..." error. Mario. -----Original Message----- From: daisy-bounces@... [mailto:daisy-bounces@...] On Behalf Of Karel Vervaeke Sent: maandag 22 juni 2009 16:43 To: Daisy: open source CMS - general mailinglist Subject: Re: [daisy] Daisy 2.3 upgrade LDAP issue Try adding this line (of course change to match your environment). <scheme name="secret" description="LDAP Secret"> <environment> <property name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/> <property name="java.naming.provider.url" value="ldap://server.domain.be:389"/> <property name="java.naming.security.authentication" value="simple"/> <!--property name="java.naming.security.protocol" value="ssl"/--> <property name="java.naming.security.principal" value="$daisyLogin@ntdomain"/> </environment> + <searchBase>dc=outerthought,dc=org</searchBase> <cache enabled="true" maxCacheSize="3000" maxCacheDuration="1800000"/> <autoCreateUser> <roles> <role>Guest</role> </roles> <defaultRole>Guest</defaultRole> <updateableByUser>true</updateableByUser> </autoCreateUser> </scheme> I'll have the documentation updated soon: http://www.daisycms.org/daisydocs-2_3/13-cd/591-cd.html HTH, Karel _______________________________________________ daisy community mailing list Professional Daisy support: http://outerthought.org/en/services/daisy/support.html mail to: daisy@... list information: http://lists.cocoondev.org/mailman/listinfo/daisy _______________________________________________ daisy community mailing list Professional Daisy support: http://outerthought.org/en/services/daisy/support.html mail to: daisy@... list information: http://lists.cocoondev.org/mailman/listinfo/daisy
	Re: Daisy 2.3 upgrade LDAP issue by Karel Vervaeke :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hm, unfortunately that's really general. Is there anything more in the logs? Karel On Wed, Jun 24, 2009 at 3:03 PM, Mario Brackeva<Mario.Brackeva@...> wrote: > Yep, now the repository server starts. However, I can only log in with > local Daisy users. If I try a LDAP user it gives me the general > "Authentication failed for login ..." error. > > Mario. > > -----Original Message----- > From: daisy-bounces@... > [mailto:daisy-bounces@...] On Behalf Of Karel Vervaeke > Sent: maandag 22 juni 2009 16:43 > To: Daisy: open source CMS - general mailinglist > Subject: Re: [daisy] Daisy 2.3 upgrade LDAP issue > > Try adding this line (of course change to match your environment). > > <scheme name="secret" description="LDAP Secret"> > <environment> > <property name="java.naming.factory.initial" > value="com.sun.jndi.ldap.LdapCtxFactory"/> > <property name="java.naming.provider.url" > value="ldap://server.domain.be:389"/> > <property name="java.naming.security.authentication" > value="simple"/> > <!--property name="java.naming.security.protocol" > value="ssl"/--> > <property name="java.naming.security.principal" > value="$daisyLogin@ntdomain"/> > </environment> > + <searchBase>dc=outerthought,dc=org</searchBase> > <cache enabled="true" maxCacheSize="3000" > maxCacheDuration="1800000"/> > <autoCreateUser> > <roles> > <role>Guest</role> > </roles> > <defaultRole>Guest</defaultRole> > <updateableByUser>true</updateableByUser> > </autoCreateUser> > </scheme> > > I'll have the documentation updated soon: > http://www.daisycms.org/daisydocs-2_3/13-cd/591-cd.html > > HTH, > Karel > _______________________________________________ > daisy community mailing list > Professional Daisy support: > http://outerthought.org/en/services/daisy/support.html > mail to: daisy@... > list information: http://lists.cocoondev.org/mailman/listinfo/daisy > _______________________________________________ > daisy community mailing list > Professional Daisy support: http://outerthought.org/en/services/daisy/support.html > mail to: daisy@... > list information: http://lists.cocoondev.org/mailman/listinfo/daisy > _______________________________________________ daisy community mailing list Professional Daisy support: http://outerthought.org/en/services/daisy/support.html mail to: daisy@... list information: http://lists.cocoondev.org/mailman/listinfo/daisy
	RE: Daisy 2.3 upgrade LDAP issue by Mario Brackeva :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Logs attached. Actions: - stop all - clear log directories - start all - login with LDAP account Mario. -----Original Message----- From: daisy-bounces@... [mailto:daisy-bounces@...] On Behalf Of Karel Vervaeke Sent: woensdag 24 juni 2009 15:14 To: Daisy: open source CMS - general mailinglist Subject: Re: [daisy] Daisy 2.3 upgrade LDAP issue Hm, unfortunately that's really general. Is there anything more in the logs? Karel On Wed, Jun 24, 2009 at 3:03 PM, Mario Brackeva<Mario.Brackeva@...> wrote: > Yep, now the repository server starts. However, I can only log in with > local Daisy users. If I try a LDAP user it gives me the general > "Authentication failed for login ..." error. > > Mario. > > -----Original Message----- > From: daisy-bounces@... > [mailto:daisy-bounces@...] On Behalf Of Karel Vervaeke > Sent: maandag 22 juni 2009 16:43 > To: Daisy: open source CMS - general mailinglist > Subject: Re: [daisy] Daisy 2.3 upgrade LDAP issue > > Try adding this line (of course change to match your environment). > > <scheme name="secret" description="LDAP Secret"> > <environment> > <property name="java.naming.factory.initial" > value="com.sun.jndi.ldap.LdapCtxFactory"/> > <property name="java.naming.provider.url" > value="ldap://server.domain.be:389"/> > <property name="java.naming.security.authentication" > value="simple"/> > <!--property name="java.naming.security.protocol" > value="ssl"/--> > <property name="java.naming.security.principal" > value="$daisyLogin@ntdomain"/> > </environment> > + <searchBase>dc=outerthought,dc=org</searchBase> > <cache enabled="true" maxCacheSize="3000" > maxCacheDuration="1800000"/> > <autoCreateUser> > <roles> > <role>Guest</role> > </roles> > <defaultRole>Guest</defaultRole> > <updateableByUser>true</updateableByUser> > </autoCreateUser> > </scheme> > > I'll have the documentation updated soon: > http://www.daisycms.org/daisydocs-2_3/13-cd/591-cd.html > > HTH, > Karel > _______________________________________________ > daisy community mailing list > Professional Daisy support: > http://outerthought.org/en/services/daisy/support.html > mail to: daisy@... > list information: http://lists.cocoondev.org/mailman/listinfo/daisy > _______________________________________________ > daisy community mailing list > Professional Daisy support: http://outerthought.org/en/services/daisy/support.html > mail to: daisy@... > list information: http://lists.cocoondev.org/mailman/listinfo/daisy > _______________________________________________ daisy community mailing list Professional Daisy support: http://outerthought.org/en/services/daisy/support.html mail to: daisy@... list information: http://lists.cocoondev.org/mailman/listinfo/daisy _______________________________________________ daisy community mailing list Professional Daisy support: http://outerthought.org/en/services/daisy/support.html mail to: daisy@... list information: http://lists.cocoondev.org/mailman/listinfo/daisy wiki.zip (7K) Download Attachment
	Re: Daisy 2.3 upgrade LDAP issue by Karel Vervaeke :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hmm, there isn't much more in the logs. From daisy-request-errors I can only see confirmation that we're not looking at some completely different problem, but unfortunately it doesn't tell any details about the ldap login. Here's one more thing that might help: in {repodata}/conf/repository-log4j.properties, change the line "log4j.rootLogger=WARN, serverlog" to this: log4j.rootLogger=DEBUG, serverlog Then repeat the process - it should give more details about the ldap authentication problems. (in {repodata}/logs/daisy if I'm not mistaken. I'll have a closer look soon, sorry for the inconvenience... Karel On Wed, Jun 24, 2009 at 4:44 PM, Mario Brackeva<Mario.Brackeva@...> wrote: > Logs attached. > Actions: > - stop all > - clear log directories > - start all > - login with LDAP account > > Mario. > > -----Original Message----- > From: daisy-bounces@... [mailto:daisy-bounces@...] On Behalf Of Karel Vervaeke > Sent: woensdag 24 juni 2009 15:14 > To: Daisy: open source CMS - general mailinglist > Subject: Re: [daisy] Daisy 2.3 upgrade LDAP issue > > Hm, unfortunately that's really general. Is there anything more in the logs? > > Karel > > On Wed, Jun 24, 2009 at 3:03 PM, Mario > Brackeva<Mario.Brackeva@...> wrote: >> Yep, now the repository server starts. However, I can only log in with >> local Daisy users. If I try a LDAP user it gives me the general >> "Authentication failed for login ..." error. >> >> Mario. >> >> -----Original Message----- >> From: daisy-bounces@... >> [mailto:daisy-bounces@...] On Behalf Of Karel Vervaeke >> Sent: maandag 22 juni 2009 16:43 >> To: Daisy: open source CMS - general mailinglist >> Subject: Re: [daisy] Daisy 2.3 upgrade LDAP issue >> >> Try adding this line (of course change to match your environment). >> >> <scheme name="secret" description="LDAP Secret"> >> <environment> >> <property name="java.naming.factory.initial" >> value="com.sun.jndi.ldap.LdapCtxFactory"/> >> <property name="java.naming.provider.url" >> value="ldap://server.domain.be:389"/> >> <property name="java.naming.security.authentication" >> value="simple"/> >> <!--property name="java.naming.security.protocol" >> value="ssl"/--> >> <property name="java.naming.security.principal" >> value="$daisyLogin@ntdomain"/> >> </environment> >> + <searchBase>dc=outerthought,dc=org</searchBase> >> <cache enabled="true" maxCacheSize="3000" >> maxCacheDuration="1800000"/> >> <autoCreateUser> >> <roles> >> <role>Guest</role> >> </roles> >> <defaultRole>Guest</defaultRole> >> <updateableByUser>true</updateableByUser> >> </autoCreateUser> >> </scheme> >> >> I'll have the documentation updated soon: >> http://www.daisycms.org/daisydocs-2_3/13-cd/591-cd.html >> >> HTH, >> Karel >> _______________________________________________ >> daisy community mailing list >> Professional Daisy support: >> http://outerthought.org/en/services/daisy/support.html >> mail to: daisy@... >> list information: http://lists.cocoondev.org/mailman/listinfo/daisy >> _______________________________________________ >> daisy community mailing list >> Professional Daisy support: http://outerthought.org/en/services/daisy/support.html >> mail to: daisy@... >> list information: http://lists.cocoondev.org/mailman/listinfo/daisy >> > _______________________________________________ > daisy community mailing list > Professional Daisy support: http://outerthought.org/en/services/daisy/support.html > mail to: daisy@... > list information: http://lists.cocoondev.org/mailman/listinfo/daisy > > _______________________________________________ > daisy community mailing list > Professional Daisy support: http://outerthought.org/en/services/daisy/support.html > mail to: daisy@... > list information: http://lists.cocoondev.org/mailman/listinfo/daisy > > _______________________________________________ daisy community mailing list Professional Daisy support: http://outerthought.org/en/services/daisy/support.html mail to: daisy@... list information: http://lists.cocoondev.org/mailman/listinfo/daisy
	Re: Daisy 2.3 upgrade LDAP issue by Bauer Matthias (IFD AIM MC ATM NVTD) :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi *, Mario Brackeva wrote: > Yep, now the repository server starts. However, I can only log in with > local Daisy users. If I try a LDAP user it gives me the general > "Authentication failed for login ..." error. I've always had that problem with our LDAP server (Win2k3 AD => LDAP) when trying to log in with a plain username: > <property name="java.naming.security.principal" > value="$daisyLogin@ntdomain"/> I noticed, I always need to give a DN here. So, I got us a special user account with read-only permissions on LDAP and put it there. My config looks like that: > <scheme name="ldap-1" description="LDAP Config"> > <environment> > <property name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/> > <property name="java.naming.provider.url" value="ldap://ldap.example.com:389"/> > <property name="java.naming.security.authentication" value="simple"/> > <property name="java.naming.security.protocol" value="ldap"/> > <property name="java.naming.security.principal" value="CN=user-to-search-ldap,DC=test,DC=example,DC=com"/> > <property name="java.naming.security.credentials" value="xxxVerySecretPasswordxxx"/> > </environment> > <searchBase>DC=test,DC=example,DC=com</searchBase> > <filter>cn=$daisyLogin</filter> > <cache enabled="true" maxCacheSize="3000" maxCacheDuration="1800000"/> > <autoCreateUser> > <roles> > <role>User</role> > </roles> > <defaultRole>User</defaultRole> > <updateableByUser>true</updateableByUser> > </autoCreateUser> > </scheme> I don't know whether that will solve your problem. But it should show you, whether you are able to get any access to your LDAP server at all. Regards Matthias Bauer -- Matthias Bauer Infineon Technologies Dresden GmbH eNVM Technology Development and Process Integration Koenigsbruecker Str. 180 D-01099 Dresden Geschäftsführer: Pantelis Haidas, Helmut Warnecke Sitz der Gesellschaft: Dresden Registergericht: Dresden, HRB 27169 _______________________________________________ daisy community mailing list Professional Daisy support: http://outerthought.org/en/services/daisy/support.html mail to: daisy@... list information: http://lists.cocoondev.org/mailman/listinfo/daisy
	RE: Daisy 2.3 upgrade LDAP issue by Mario Brackeva :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message I changed the log entry like you advised, but it doesn't make a difference. I cleaned up the test server and restored the production backup from last night. I then started daisy (2.2) and all is well. I then upgraded (link to the 2.3 directory instead of 2.2 and run the upgrade sql script) and applied your "searchBase" patch to the myconfig.xml file. Started again, but can't log in anymore with LDAP users. I then replaced the file lib/daisy/jars/daisy-auth-ldap-2.3.jar with the old one from 2.2, and ... ... it works fine now! Some other issues: - When I edit a document, I don't get the WYSIWYG editor, just the plain text editor - I don't see the "search&replace" option Mario. -----Original Message----- From: daisy-bounces@... [mailto:daisy-bounces@...] On Behalf Of Karel Vervaeke Sent: woensdag 24 juni 2009 17:08 To: Daisy: open source CMS - general mailinglist Subject: Re: [daisy] Daisy 2.3 upgrade LDAP issue Hmm, there isn't much more in the logs. From daisy-request-errors I can only see confirmation that we're not looking at some completely different problem, but unfortunately it doesn't tell any details about the ldap login. Here's one more thing that might help: in {repodata}/conf/repository-log4j.properties, change the line "log4j.rootLogger=WARN, serverlog" to this: log4j.rootLogger=DEBUG, serverlog Then repeat the process - it should give more details about the ldap authentication problems. (in {repodata}/logs/daisy if I'm not mistaken. I'll have a closer look soon, sorry for the inconvenience... Karel On Wed, Jun 24, 2009 at 4:44 PM, Mario Brackeva<Mario.Brackeva@...> wrote: > Logs attached. > Actions: > - stop all > - clear log directories > - start all > - login with LDAP account > > Mario. > > -----Original Message----- > From: daisy-bounces@... [mailto:daisy-bounces@...] On Behalf Of Karel Vervaeke > Sent: woensdag 24 juni 2009 15:14 > To: Daisy: open source CMS - general mailinglist > Subject: Re: [daisy] Daisy 2.3 upgrade LDAP issue > > Hm, unfortunately that's really general. Is there anything more in the logs? > > Karel > > On Wed, Jun 24, 2009 at 3:03 PM, Mario > Brackeva<Mario.Brackeva@...> wrote: >> Yep, now the repository server starts. However, I can only log in with >> local Daisy users. If I try a LDAP user it gives me the general >> "Authentication failed for login ..." error. >> >> Mario. >> >> -----Original Message----- >> From: daisy-bounces@... >> [mailto:daisy-bounces@...] On Behalf Of Karel Vervaeke >> Sent: maandag 22 juni 2009 16:43 >> To: Daisy: open source CMS - general mailinglist >> Subject: Re: [daisy] Daisy 2.3 upgrade LDAP issue >> >> Try adding this line (of course change to match your environment). >> >> <scheme name="secret" description="LDAP Secret"> >> <environment> >> <property name="java.naming.factory.initial" >> value="com.sun.jndi.ldap.LdapCtxFactory"/> >> <property name="java.naming.provider.url" >> value="ldap://server.domain.be:389"/> >> <property name="java.naming.security.authentication" >> value="simple"/> >> <!--property name="java.naming.security.protocol" >> value="ssl"/--> >> <property name="java.naming.security.principal" >> value="$daisyLogin@ntdomain"/> >> </environment> >> + <searchBase>dc=outerthought,dc=org</searchBase> >> <cache enabled="true" maxCacheSize="3000" >> maxCacheDuration="1800000"/> >> <autoCreateUser> >> <roles> >> <role>Guest</role> >> </roles> >> <defaultRole>Guest</defaultRole> >> <updateableByUser>true</updateableByUser> >> </autoCreateUser> >> </scheme> >> >> I'll have the documentation updated soon: >> http://www.daisycms.org/daisydocs-2_3/13-cd/591-cd.html >> >> HTH, >> Karel >> _______________________________________________ >> daisy community mailing list >> Professional Daisy support: >> http://outerthought.org/en/services/daisy/support.html >> mail to: daisy@... >> list information: http://lists.cocoondev.org/mailman/listinfo/daisy >> _______________________________________________ >> daisy community mailing list >> Professional Daisy support: http://outerthought.org/en/services/daisy/support.html >> mail to: daisy@... >> list information: http://lists.cocoondev.org/mailman/listinfo/daisy >> > _______________________________________________ > daisy community mailing list > Professional Daisy support: http://outerthought.org/en/services/daisy/support.html > mail to: daisy@... > list information: http://lists.cocoondev.org/mailman/listinfo/daisy > > _______________________________________________ > daisy community mailing list > Professional Daisy support: http://outerthought.org/en/services/daisy/support.html > mail to: daisy@... > list information: http://lists.cocoondev.org/mailman/listinfo/daisy > > _______________________________________________ daisy community mailing list Professional Daisy support: http://outerthought.org/en/services/daisy/support.html mail to: daisy@... list information: http://lists.cocoondev.org/mailman/listinfo/daisy _______________________________________________ daisy community mailing list Professional Daisy support: http://outerthought.org/en/services/daisy/support.html mail to: daisy@... list information: http://lists.cocoondev.org/mailman/listinfo/daisy
	RE: Daisy 2.3 upgrade LDAP issue by Mario Brackeva :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Never mind the other issues, these are just skinning problems... Mario. -----Original Message----- From: daisy-bounces@... [mailto:daisy-bounces@...] On Behalf Of Mario Brackeva Sent: donderdag 25 juni 2009 13:39 To: Daisy: open source CMS - general mailinglist Subject: RE: [daisy] Daisy 2.3 upgrade LDAP issue I changed the log entry like you advised, but it doesn't make a difference. I cleaned up the test server and restored the production backup from last night. I then started daisy (2.2) and all is well. I then upgraded (link to the 2.3 directory instead of 2.2 and run the upgrade sql script) and applied your "searchBase" patch to the myconfig.xml file. Started again, but can't log in anymore with LDAP users. I then replaced the file lib/daisy/jars/daisy-auth-ldap-2.3.jar with the old one from 2.2, and ... ... it works fine now! Some other issues: - When I edit a document, I don't get the WYSIWYG editor, just the plain text editor - I don't see the "search&replace" option Mario. -----Original Message----- From: daisy-bounces@... [mailto:daisy-bounces@...] On Behalf Of Karel Vervaeke Sent: woensdag 24 juni 2009 17:08 To: Daisy: open source CMS - general mailinglist Subject: Re: [daisy] Daisy 2.3 upgrade LDAP issue Hmm, there isn't much more in the logs. From daisy-request-errors I can only see confirmation that we're not looking at some completely different problem, but unfortunately it doesn't tell any details about the ldap login. Here's one more thing that might help: in {repodata}/conf/repository-log4j.properties, change the line "log4j.rootLogger=WARN, serverlog" to this: log4j.rootLogger=DEBUG, serverlog Then repeat the process - it should give more details about the ldap authentication problems. (in {repodata}/logs/daisy if I'm not mistaken. I'll have a closer look soon, sorry for the inconvenience... Karel On Wed, Jun 24, 2009 at 4:44 PM, Mario Brackeva<Mario.Brackeva@...> wrote: > Logs attached. > Actions: > - stop all > - clear log directories > - start all > - login with LDAP account > > Mario. > > -----Original Message----- > From: daisy-bounces@... [mailto:daisy-bounces@...] On Behalf Of Karel Vervaeke > Sent: woensdag 24 juni 2009 15:14 > To: Daisy: open source CMS - general mailinglist > Subject: Re: [daisy] Daisy 2.3 upgrade LDAP issue > > Hm, unfortunately that's really general. Is there anything more in the logs? > > Karel > > On Wed, Jun 24, 2009 at 3:03 PM, Mario > Brackeva<Mario.Brackeva@...> wrote: >> Yep, now the repository server starts. However, I can only log in with >> local Daisy users. If I try a LDAP user it gives me the general >> "Authentication failed for login ..." error. >> >> Mario. >> >> -----Original Message----- >> From: daisy-bounces@... >> [mailto:daisy-bounces@...] On Behalf Of Karel Vervaeke >> Sent: maandag 22 juni 2009 16:43 >> To: Daisy: open source CMS - general mailinglist >> Subject: Re: [daisy] Daisy 2.3 upgrade LDAP issue >> >> Try adding this line (of course change to match your environment). >> >> <scheme name="secret" description="LDAP Secret"> >> <environment> >> <property name="java.naming.factory.initial" >> value="com.sun.jndi.ldap.LdapCtxFactory"/> >> <property name="java.naming.provider.url" >> value="ldap://server.domain.be:389"/> >> <property name="java.naming.security.authentication" >> value="simple"/> >> <!--property name="java.naming.security.protocol" >> value="ssl"/--> >> <property name="java.naming.security.principal" >> value="$daisyLogin@ntdomain"/> >> </environment> >> + <searchBase>dc=outerthought,dc=org</searchBase> >> <cache enabled="true" maxCacheSize="3000" >> maxCacheDuration="1800000"/> >> <autoCreateUser> >> <roles> >> <role>Guest</role> >> </roles> >> <defaultRole>Guest</defaultRole> >> <updateableByUser>true</updateableByUser> >> </autoCreateUser> >> </scheme> >> >> I'll have the documentation updated soon: >> http://www.daisycms.org/daisydocs-2_3/13-cd/591-cd.html >> >> HTH, >> Karel >> _______________________________________________ >> daisy community mailing list >> Professional Daisy support: >> http://outerthought.org/en/services/daisy/support.html >> mail to: daisy@... >> list information: http://lists.cocoondev.org/mailman/listinfo/daisy >> _______________________________________________ >> daisy community mailing list >> Professional Daisy support: http://outerthought.org/en/services/daisy/support.html >> mail to: daisy@... >> list information: http://lists.cocoondev.org/mailman/listinfo/daisy >> > _______________________________________________ > daisy community mailing list > Professional Daisy support: http://outerthought.org/en/services/daisy/support.html > mail to: daisy@... > list information: http://lists.cocoondev.org/mailman/listinfo/daisy > > _______________________________________________ > daisy community mailing list > Professional Daisy support: http://outerthought.org/en/services/daisy/support.html > mail to: daisy@... > list information: http://lists.cocoondev.org/mailman/listinfo/daisy > > _______________________________________________ daisy community mailing list Professional Daisy support: http://outerthought.org/en/services/daisy/support.html mail to: daisy@... list information: http://lists.cocoondev.org/mailman/listinfo/daisy _______________________________________________ daisy community mailing list Professional Daisy support: http://outerthought.org/en/services/daisy/support.html mail to: daisy@... list information: http://lists.cocoondev.org/mailman/listinfo/daisy _______________________________________________ daisy community mailing list Professional Daisy support: http://outerthought.org/en/services/daisy/support.html mail to: daisy@... list information: http://lists.cocoondev.org/mailman/listinfo/daisy
	Re: Daisy 2.3 upgrade LDAP issue by Karel Vervaeke :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Thu, Jun 25, 2009 at 1:38 PM, Mario Brackeva<Mario.Brackeva@...> wrote: > I changed the log entry like you advised, but it doesn't make a difference. > > I cleaned up the test server and restored the production backup from last night. I then started daisy (2.2) and all is well. > I then upgraded (link to the 2.3 directory instead of 2.2 and run the upgrade sql script) and applied your "searchBase" patch to the myconfig.xml file. Started again, but can't log in anymore with LDAP users. > > I then replaced the file lib/daisy/jars/daisy-auth-ldap-2.3.jar with the old one from 2.2, and ... > ... it works fine now! That's cool. I'll try to investigate why it doesn't work as expected 2.3 though. Next week I'll have access to a windows 2008 environment for testing - I'll keep you posted. > Some other issues: > - When I edit a document, I don't get the WYSIWYG editor, just the plain text editor It is possible that changes in the default skin are causing problems. You should check for differences between daisy 2.2 and daisy 2.3. A good place to start looking is {}/daisywiki/webapp/daisy/resources/skins/default/xslt/layout.xsl -- most imporantly the part where a jquery javascript snippet is loaded > - I don't see the "search&replace" option You need to be logged in. It's the second item under 'tools' in the horizontal menu bar (check demo.daisycms.org for example). It may also be due to a skin change (check menu.xsl, search for 'querySearch') HTH, Karel > > Mario. > > -----Original Message----- > From: daisy-bounces@... [mailto:daisy-bounces@...] On Behalf Of Karel Vervaeke > Sent: woensdag 24 juni 2009 17:08 > To: Daisy: open source CMS - general mailinglist > Subject: Re: [daisy] Daisy 2.3 upgrade LDAP issue > > Hmm, there isn't much more in the logs. From daisy-request-errors I > can only see confirmation that we're not looking at some completely > different problem, > but unfortunately it doesn't tell any details about the ldap login. > > Here's one more thing that might help: in > {repodata}/conf/repository-log4j.properties, change the line > "log4j.rootLogger=WARN, serverlog" > to this: > log4j.rootLogger=DEBUG, serverlog > > Then repeat the process - it should give more details about the ldap > authentication problems. (in {repodata}/logs/daisy if I'm not > mistaken. > > I'll have a closer look soon, sorry for the inconvenience... > Karel > > On Wed, Jun 24, 2009 at 4:44 PM, Mario > Brackeva<Mario.Brackeva@...> wrote: >> Logs attached. >> Actions: >> - stop all >> - clear log directories >> - start all >> - login with LDAP account >> >> Mario. >> >> -----Original Message----- >> From: daisy-bounces@... [mailto:daisy-bounces@...] On Behalf Of Karel Vervaeke >> Sent: woensdag 24 juni 2009 15:14 >> To: Daisy: open source CMS - general mailinglist >> Subject: Re: [daisy] Daisy 2.3 upgrade LDAP issue >> >> Hm, unfortunately that's really general. Is there anything more in the logs? >> >> Karel >> >> On Wed, Jun 24, 2009 at 3:03 PM, Mario >> Brackeva<Mario.Brackeva@...> wrote: >>> Yep, now the repository server starts. However, I can only log in with >>> local Daisy users. If I try a LDAP user it gives me the general >>> "Authentication failed for login ..." error. >>> >>> Mario. >>> >>> -----Original Message----- >>> From: daisy-bounces@... >>> [mailto:daisy-bounces@...] On Behalf Of Karel Vervaeke >>> Sent: maandag 22 juni 2009 16:43 >>> To: Daisy: open source CMS - general mailinglist >>> Subject: Re: [daisy] Daisy 2.3 upgrade LDAP issue >>> >>> Try adding this line (of course change to match your environment). >>> >>> <scheme name="secret" description="LDAP Secret"> >>> <environment> >>> <property name="java.naming.factory.initial" >>> value="com.sun.jndi.ldap.LdapCtxFactory"/> >>> <property name="java.naming.provider.url" >>> value="ldap://server.domain.be:389"/> >>> <property name="java.naming.security.authentication" >>> value="simple"/> >>> <!--property name="java.naming.security.protocol" >>> value="ssl"/--> >>> <property name="java.naming.security.principal" >>> value="$daisyLogin@ntdomain"/> >>> </environment> >>> + <searchBase>dc=outerthought,dc=org</searchBase> >>> <cache enabled="true" maxCacheSize="3000" >>> maxCacheDuration="1800000"/> >>> <autoCreateUser> >>> <roles> >>> <role>Guest</role> >>> </roles> >>> <defaultRole>Guest</defaultRole> >>> <updateableByUser>true</updateableByUser> >>> </autoCreateUser> >>> </scheme> >>> >>> I'll have the documentation updated soon: >>> http://www.daisycms.org/daisydocs-2_3/13-cd/591-cd.html >>> >>> HTH, >>> Karel >>> _______________________________________________ >>> daisy community mailing list >>> Professional Daisy support: >>> http://outerthought.org/en/services/daisy/support.html >>> mail to: daisy@... >>> list information: http://lists.cocoondev.org/mailman/listinfo/daisy >>> _______________________________________________ >>> daisy community mailing list >>> Professional Daisy support: http://outerthought.org/en/services/daisy/support.html >>> mail to: daisy@... >>> list information: http://lists.cocoondev.org/mailman/listinfo/daisy >>> >> _______________________________________________ >> daisy community mailing list >> Professional Daisy support: http://outerthought.org/en/services/daisy/support.html >> mail to: daisy@... >> list information: http://lists.cocoondev.org/mailman/listinfo/daisy >> >> _______________________________________________ >> daisy community mailing list >> Professional Daisy support: http://outerthought.org/en/services/daisy/support.html >> mail to: daisy@... >> list information: http://lists.cocoondev.org/mailman/listinfo/daisy >> >> > _______________________________________________ > daisy community mailing list > Professional Daisy support: http://outerthought.org/en/services/daisy/support.html > mail to: daisy@... > list information: http://lists.cocoondev.org/mailman/listinfo/daisy > _______________________________________________ > daisy community mailing list > Professional Daisy support: http://outerthought.org/en/services/daisy/support.html > mail to: daisy@... > list information: http://lists.cocoondev.org/mailman/listinfo/daisy > _______________________________________________ daisy community mailing list Professional Daisy support: http://outerthought.org/en/services/daisy/support.html mail to: daisy@... list information: http://lists.cocoondev.org/mailman/listinfo/daisy
	Re: Daisy 2.3 upgrade LDAP issue by Karel Vervaeke :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Our mails just crossed :) On Thu, Jun 25, 2009 at 2:18 PM, Mario Brackeva<Mario.Brackeva@...> wrote: > Never mind the other issues, these are just skinning problems... > > > Mario. > > -----Original Message----- > From: daisy-bounces@... [mailto:daisy-bounces@...] On Behalf Of Mario Brackeva > Sent: donderdag 25 juni 2009 13:39 > To: Daisy: open source CMS - general mailinglist > Subject: RE: [daisy] Daisy 2.3 upgrade LDAP issue > > I changed the log entry like you advised, but it doesn't make a difference. > > I cleaned up the test server and restored the production backup from last night. I then started daisy (2.2) and all is well. > I then upgraded (link to the 2.3 directory instead of 2.2 and run the upgrade sql script) and applied your "searchBase" patch to the myconfig.xml file. Started again, but can't log in anymore with LDAP users. > > I then replaced the file lib/daisy/jars/daisy-auth-ldap-2.3.jar with the old one from 2.2, and ... > ... it works fine now! > > Some other issues: > - When I edit a document, I don't get the WYSIWYG editor, just the plain text editor > - I don't see the "search&replace" option > > > Mario. > > -----Original Message----- > From: daisy-bounces@... [mailto:daisy-bounces@...] On Behalf Of Karel Vervaeke > Sent: woensdag 24 juni 2009 17:08 > To: Daisy: open source CMS - general mailinglist > Subject: Re: [daisy] Daisy 2.3 upgrade LDAP issue > > Hmm, there isn't much more in the logs. From daisy-request-errors I > can only see confirmation that we're not looking at some completely > different problem, > but unfortunately it doesn't tell any details about the ldap login. > > Here's one more thing that might help: in > {repodata}/conf/repository-log4j.properties, change the line > "log4j.rootLogger=WARN, serverlog" > to this: > log4j.rootLogger=DEBUG, serverlog > > Then repeat the process - it should give more details about the ldap > authentication problems. (in {repodata}/logs/daisy if I'm not > mistaken. > > I'll have a closer look soon, sorry for the inconvenience... > Karel > > On Wed, Jun 24, 2009 at 4:44 PM, Mario > Brackeva<Mario.Brackeva@...> wrote: >> Logs attached. >> Actions: >> - stop all >> - clear log directories >> - start all >> - login with LDAP account >> >> Mario. >> >> -----Original Message----- >> From: daisy-bounces@... [mailto:daisy-bounces@...] On Behalf Of Karel Vervaeke >> Sent: woensdag 24 juni 2009 15:14 >> To: Daisy: open source CMS - general mailinglist >> Subject: Re: [daisy] Daisy 2.3 upgrade LDAP issue >> >> Hm, unfortunately that's really general. Is there anything more in the logs? >> >> Karel >> >> On Wed, Jun 24, 2009 at 3:03 PM, Mario >> Brackeva<Mario.Brackeva@...> wrote: >>> Yep, now the repository server starts. However, I can only log in with >>> local Daisy users. If I try a LDAP user it gives me the general >>> "Authentication failed for login ..." error. >>> >>> Mario. >>> >>> -----Original Message----- >>> From: daisy-bounces@... >>> [mailto:daisy-bounces@...] On Behalf Of Karel Vervaeke >>> Sent: maandag 22 juni 2009 16:43 >>> To: Daisy: open source CMS - general mailinglist >>> Subject: Re: [daisy] Daisy 2.3 upgrade LDAP issue >>> >>> Try adding this line (of course change to match your environment). >>> >>> <scheme name="secret" description="LDAP Secret"> >>> <environment> >>> <property name="java.naming.factory.initial" >>> value="com.sun.jndi.ldap.LdapCtxFactory"/> >>> <property name="java.naming.provider.url" >>> value="ldap://server.domain.be:389"/> >>> <property name="java.naming.security.authentication" >>> value="simple"/> >>> <!--property name="java.naming.security.protocol" >>> value="ssl"/--> >>> <property name="java.naming.security.principal" >>> value="$daisyLogin@ntdomain"/> >>> </environment> >>> + <searchBase>dc=outerthought,dc=org</searchBase> >>> <cache enabled="true" maxCacheSize="3000" >>> maxCacheDuration="1800000"/> >>> <autoCreateUser> >>> <roles> >>> <role>Guest</role> >>> </roles> >>> <defaultRole>Guest</defaultRole> >>> <updateableByUser>true</updateableByUser> >>> </autoCreateUser> >>> </scheme> >>> >>> I'll have the documentation updated soon: >>> http://www.daisycms.org/daisydocs-2_3/13-cd/591-cd.html >>> >>> HTH, >>> Karel >>> _______________________________________________ >>> daisy community mailing list >>> Professional Daisy support: >>> http://outerthought.org/en/services/daisy/support.html >>> mail to: daisy@... >>> list information: http://lists.cocoondev.org/mailman/listinfo/daisy >>> _______________________________________________ >>> daisy community mailing list >>> Professional Daisy support: http://outerthought.org/en/services/daisy/support.html >>> mail to: daisy@... >>> list information: http://lists.cocoondev.org/mailman/listinfo/daisy >>> >> _______________________________________________ >> daisy community mailing list >> Professional Daisy support: http://outerthought.org/en/services/daisy/support.html >> mail to: daisy@... >> list information: http://lists.cocoondev.org/mailman/listinfo/daisy >> >> _______________________________________________ >> daisy community mailing list >> Professional Daisy support: http://outerthought.org/en/services/daisy/support.html >> mail to: daisy@... >> list information: http://lists.cocoondev.org/mailman/listinfo/daisy >> >> > _______________________________________________ > daisy community mailing list > Professional Daisy support: http://outerthought.org/en/services/daisy/support.html > mail to: daisy@... > list information: http://lists.cocoondev.org/mailman/listinfo/daisy > _______________________________________________ > daisy community mailing list > Professional Daisy support: http://outerthought.org/en/services/daisy/support.html > mail to: daisy@... > list information: http://lists.cocoondev.org/mailman/listinfo/daisy > _______________________________________________ > daisy community mailing list > Professional Daisy support: http://outerthought.org/en/services/daisy/support.html > mail to: daisy@... > list information: http://lists.cocoondev.org/mailman/listinfo/daisy > _______________________________________________ daisy community mailing list Professional Daisy support: http://outerthought.org/en/services/daisy/support.html mail to: daisy@... list information: http://lists.cocoondev.org/mailman/listinfo/daisy
	Re: Daisy 2.3 upgrade LDAP issue by Bruno Dumon :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message If the LDAP authentication failed, whatever the reason, you should see a line in the log starting with the text "Failed to authenticate user with following environment:" followed by the settings and the exception, if any. This is logged to the repository log on DEBUG level, thus to the file {repodata}/logs/daisy The LDAP exception is not forwarded to the client in order not to reveal any sensitive information. On Thu, Jun 25, 2009 at 1:38 PM, Mario Brackeva<Mario.Brackeva@...> wrote: > I changed the log entry like you advised, but it doesn't make a difference. > > I cleaned up the test server and restored the production backup from last night. I then started daisy (2.2) and all is well. > I then upgraded (link to the 2.3 directory instead of 2.2 and run the upgrade sql script) and applied your "searchBase" patch to the myconfig.xml file. Started again, but can't log in anymore with LDAP users. > > I then replaced the file lib/daisy/jars/daisy-auth-ldap-2.3.jar with the old one from 2.2, and ... > ... it works fine now! > > Some other issues: > - When I edit a document, I don't get the WYSIWYG editor, just the plain text editor > - I don't see the "search&replace" option > > > Mario. > -- Bruno Dumon Outerthought ~ http://outerthought.org/ Daisy ~ http://www.daisycms.org/ Kauri ~ http://www.kauriproject.org/ _______________________________________________ daisy community mailing list Professional Daisy support: http://outerthought.org/en/services/daisy/support.html mail to: daisy@... list information: http://lists.cocoondev.org/mailman/listinfo/daisy
	Re: Daisy 2.3 upgrade LDAP issue by Karel Vervaeke :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi, I experimented with Daisy + ldap (on a local windows 2008 active directory) today; First off, my earlier suggestion was not complete - as you may have guessed by comparing with Matthias' suggestions... Here's what changed between Daisiy 2.2 and Daisy 2.3. In Daisy 2.2, the authentication check was nothing more than a simple authentication check (a 'bind' in ldap terminology), using the credentials entered in the daisy login screen as the user's DN and password. In Daisy 2.3, the authentication check has two phases: First user object is searched (hence the searchBase and filter) (in order to find the user's DN) and only then the password is checked. The main use case for the new approach is when an organisation's users are not all in the same unit (e.g. dc=unit1users,dc=example,dc=com & dc=unit2users,dc=example,dc=com) Hence, this configuration snippet should work: <scheme name="secret" description="LDAP Secret"> <environment> <property name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/> <property name="java.naming.provider.url" value="ldap://server.domain.be:389"/> <property name="java.naming.security.authentication" value="simple"/> <property name="java.naming.security.principal" value="cn=daisyauth,cn=Users,dc=server,dc=domain,dc=be"/> <property name="java.naming.security.credentials" value="xxverysecretxx"/> </environment> <searchBase>cn=Users,dc=server,dc=domain,dc=be</searchBase> <filter>cn=$daisyLogin</filter> <cache enabled="true" maxCacheSize="3000" maxCacheDuration="1800000"/> <autoCreateUser>...</autoCreateUser> </scheme> One gotcha that I ran into: You have to be careful about the user names, because the windows logon name may be different from the cn in the ldap directory - for example I have a user which looks like this: LDAP DN: cn=Karel Vervaeke,cn=Users,... User logon name: karel@... User logon name (pre-Windows 2000): KRB\karel With the configuration snippet above, I have to use "Karel Vervaeke" when logging in to daisy. "karel" is not the correct Daisy user name. If you need the Daisy user name to be "karel", try using the following filter: <filter>sAMAccountName=$daisyLogin</filter> or <filter>userPrincipalName=$daisyLogin@...</filter> HTH, Karel On Thu, Jun 25, 2009 at 2:31 PM, Bruno Dumon<bruno@...> wrote: > If the LDAP authentication failed, whatever the reason, you should see > a line in the log starting with the text "Failed to authenticate user > with following environment:" followed by the settings and the > exception, if any. > > This is logged to the repository log on DEBUG level, thus to the file > {repodata}/logs/daisy > > The LDAP exception is not forwarded to the client in order not to > reveal any sensitive information. > > On Thu, Jun 25, 2009 at 1:38 PM, Mario > Brackeva<Mario.Brackeva@...> wrote: >> I changed the log entry like you advised, but it doesn't make a difference. >> >> I cleaned up the test server and restored the production backup from last night. I then started daisy (2.2) and all is well. >> I then upgraded (link to the 2.3 directory instead of 2.2 and run the upgrade sql script) and applied your "searchBase" patch to the myconfig.xml file. Started again, but can't log in anymore with LDAP users. >> >> I then replaced the file lib/daisy/jars/daisy-auth-ldap-2.3.jar with the old one from 2.2, and ... >> ... it works fine now! >> >> Some other issues: >> - When I edit a document, I don't get the WYSIWYG editor, just the plain text editor >> - I don't see the "search&replace" option >> >> >> Mario. >> > > > -- > Bruno Dumon > Outerthought ~ http://outerthought.org/ > Daisy ~ http://www.daisycms.org/ > Kauri ~ http://www.kauriproject.org/ > _______________________________________________ > daisy community mailing list > Professional Daisy support: http://outerthought.org/en/services/daisy/support.html > mail to: daisy@... > list information: http://lists.cocoondev.org/mailman/listinfo/daisy > _______________________________________________ daisy community mailing list Professional Daisy support: http://outerthought.org/en/services/daisy/support.html mail to: daisy@... list information: http://lists.cocoondev.org/mailman/listinfo/daisy