[ome-users] Blitz errors with ldap authentication
Aleksandra Tarkowska
aleksandrat at lifesci.dundee.ac.uk
Fri Jun 12 09:37:52 BST 2009
Hi Huw
Your error says: Lexical error at line 1, column 5. Encountered:
":" (58), after : ""]; remaining name ''
My suspicious is that <entry key="omero.ldap.values"
value="true.true"/> this may cause that problem.
Second thing, your ldap host <entry key="omero.ldap.urls"
value="ldap://ldap.cf.ac.uk"/> is not ssl host. It should be
'ldaps://...'.
You might want to try configuration below.
According to your example of dn:
cn=scmhl2,ou=STF,ou=INFOS,ou=MAIN,o=CF it might me:
omero.ldap.base=ou=MAIN,o=CF
omero.ldap.config=true
omero.ldap.protocol=TLS
omero.ldap.trustStore=/Users/ola/.keystore
omero.ldap.trustStorePassword=xxxx
omero.ldap.urls=ldaps://ldap.cf.ac.uk:636
Only keystore is optional. If you don't set trust store you will face
the problem: 'Root exception is javax.net.ssl.SSLException:
java.lang.RuntimeException: Unexpected error:
java.security.InvalidAlgorithmParameterException: the trustAnchors
parameter must be non-empty'
You might not set any extra parameters on the first stage getting this
working, such as omero.ldap.attributes and omero.ldap.values.
I hope it will help.
Thanks
Ola
On 11 Jun 2009, at 14:34, Huw Lynes wrote:
> We are currently trying to hook OMERO up to our local LDAP system for
> authentication. The only errors we can see are in the Blitz log.
>
> Our ldap config looks like:
> <?xml version="1.0" encoding="UTF-8" standalone="no"?>
> <!DOCTYPE map SYSTEM "http://java.sun.com/dtd/preferences.dtd">
> <map MAP_XML_VERSION="1.0">
> <entry key="omero.ldap.base" value="t=faraway"/>
> <entry key="omero.ldap.config" value="true"/>
> <entry key="omero.ldap.keyStore"
> value="/opt/omero/omero_dist/etc/omero_keystore"/>
> <entry key="omero.ldap.keyStorePassword" value="xxxx"/>
> <entry key="omero.ldap.keystore"
> value="/opt/omero/omero_dist/etc/omero_keystore"/>
> <entry key="omero.ldap.urls" value="ldap://ldap.cf.ac.uk"/>
> <entry key="omero.ldap.values" value="true.true"/>
> </map>
>
> When trying to log in to OMERO.web with an LDAP login I see the
> following in the Blitz log:
> 2009-06-11 14:26:24,305 INFO
> [ ome.services.util.ServiceHandler]
> (l.Server-1) Excp:
> org.springframework.ldap.UncategorizedLdapException:
> Uncategorized exception occured during LDAP processing; nested
> exception
> is javax.naming.NamingException: problem generating object using
> object
> factory [Root exception is
> org.springframework.ldap.BadLdapGrammarException: Failed to parse DN;
> nested exception is org.springframework.ldap.core.TokenMgrError:
> Lexical
> error at line 1, column 5. Encountered: ":" (58), after : ""];
> remaining name ''
> org.springframework.ldap.UncategorizedLdapException: Uncategorized
> exception occured during LDAP processing; nested exception is
> javax.naming.NamingException: problem generating object using object
> factory [Root exception is
> org.springframework.ldap.BadLdapGrammarException: Failed to parse DN;
> nested exception is org.springframework.ldap.core.TokenMgrError:
> Lexical
> error at line 1, column 5. Encountered: ":" (58), after : ""];
> remaining name ''
> at
> org
> .springframework
> .ldap.support.LdapUtils.convertLdapException(LdapUtils.java:193)
> at
> org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:
> 295)
> at
> org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:
> 234)
> at
> org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:
> 583)
> at
> org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:
> 497)
> at
> org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:
> 447)
> at
> org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:
> 468)
> at
> org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:
> 486)
> at ome.logic.LdapImpl.findExperimenter(LdapImpl.java:169)
> at ome.logic.LdapImpl.createUserFromLdap(LdapImpl.java:446)
> at
> ome
> .security
> .auth.LdapPasswordProvider.checkPassword(LdapPasswordProvider.java:93)
> Caused by: javax.naming.NamingException: problem generating object
> using
> object factory [Root exception is
> org.springframework.ldap.BadLdapGrammarException: Failed to parse DN;
> nested exception is org.springframework.ldap.core.TokenMgrError:
> Lexical
> error at line 1, column 5. Encountered: ":" (58), after : ""];
> remaining name ''
> at
> com
> .sun
> .jndi
> .ldap.LdapSearchEnumeration.createItem(LdapSearchEnumeration.java:111)
> at
> com
> .sun
> .jndi.ldap.LdapNamingEnumeration.nextAux(LdapNamingEnumeration.java:
> 256)
> at
> com
> .sun
> .jndi.ldap.LdapNamingEnumeration.nextImpl(LdapNamingEnumeration.java:
> 236)
> at
> com
> .sun.jndi.ldap.LdapNamingEnumeration.next(LdapNamingEnumeration.java:
> 184)
> at
> org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:
> 275)
> Caused by: org.springframework.ldap.BadLdapGrammarException: Failed to
> parse DN; nested exception is
> org.springframework.ldap.core.TokenMgrError: Lexical error at line 1,
> column 5. Encountered: ":" (58), after : ""
> at
> org
> .springframework
> .ldap.core.DistinguishedName.parse(DistinguishedName.java:145)
> at
> org
> .springframework
> .ldap.core.DistinguishedName.<init>(DistinguishedName.java:100)
> at
> org
> .springframework
> .ldap.core.DirContextAdapter.<init>(DirContextAdapter.java:139)
> at
> org
> .springframework
> .ldap
> .core
> .support
> .DefaultDirObjectFactory
> .getObjectInstance(DefaultDirObjectFactory.java:61)
> at
> com
> .sun
> .jndi
> .ldap.LdapSearchEnumeration.createItem(LdapSearchEnumeration.java:105)
> Caused by: org.springframework.ldap.core.TokenMgrError: Lexical
> error at
> line 1, column 5. Encountered: ":" (58), after : ""
> at
> org
> .springframework
> .ldap
> .core
> .DnParserImplTokenManager.getNextToken(DnParserImplTokenManager.java:
> 690)
> at
> org
> .springframework
> .ldap.core.DnParserImpl.jj_consume_token(DnParserImpl.java:219)
> at
> org
> .springframework
> .ldap.core.DnParserImpl.SpacedEquals(DnParserImpl.java:114)
> at
> org
> .springframework
> .ldap.core.DnParserImpl.attributeTypeAndValue(DnParserImpl.java:94)
> at org.springframework.ldap.core.DnParserImpl.rdn(DnParserImpl.java:
> 58)
> at org.springframework.ldap.core.DnParserImpl.dn(DnParserImpl.java:
> 23)
> at
> org
> .springframework
> .ldap.core.DistinguishedName.parse(DistinguishedName.java:139)
> 2009-06-11 14:26:24,397 INFO
> [ ome.services.util.ServiceHandler]
> (l.Server-1) Excp:
> org.springframework.ldap.UncategorizedLdapException:
> Uncategorized exception occured during LDAP processing; nested
> exception
> is javax.naming.NamingException: problem generating object using
> object
> factory [Root exception is
> org.springframework.ldap.BadLdapGrammarException: Failed to parse DN;
> nested exception is org.springframework.ldap.core.TokenMgrError:
> Lexical
> error at line 1, column 5. Encountered: ":" (58), after : ""];
> remaining name ''
> ome.conditions.InternalException: Wrapped Exception:
> (org.springframework.ldap.UncategorizedLdapException):
> Uncategorized exception occured during LDAP processing; nested
> exception
> is javax.naming.NamingException: problem generating object using
> object
> factory [Root exception is
> org.springframework.ldap.BadLdapGrammarException: Failed to parse DN;
> nested exception is org.springframework.ldap.core.TokenMgrError:
> Lexical
> error at line 1, column 5. Encountered: ":" (58), after : ""];
> remaining name ''
> at
> org
> .springframework
> .ldap.support.LdapUtils.convertLdapException(LdapUtils.java:193)
> at
> org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:
> 295)
> at
> org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:
> 234)
> at
> org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:
> 583)
> at
> org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:
> 497)
> at
> org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:
> 447)
> at
> org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:
> 468)
> at
> org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:
> 486)
> at ome.logic.LdapImpl.findExperimenter(LdapImpl.java:169)
> at ome.logic.LdapImpl.createUserFromLdap(LdapImpl.java:446)
> at
> ome
> .security
> .auth.LdapPasswordProvider.checkPassword(LdapPasswordProvider.java:93)
>
>
> Just as an example here is my entry from that LDAP tree as reported by
> ldapsearch:
>
> dn: cn=scmhl2,ou=STF,ou=INFOS,ou=MAIN,o=CF
> CardiffJCCSTransDept: INSRV
> CardiffJCCSTransType: STF
> loginShell: /bin/bash
> homeDirectory: /home/scmhl2
> gidNumber: 63
> uidNumber: 20243
> mail: lynesh at cardiff.ac.uk
> uid: scmhl2
> givenName: Huw
> fullName: Huw Lynes
> telephoneNumber: +44 29208 70626
> sn: Lynes
> ou: Staff in Information Services
> objectClass: inetOrgPerson
> objectClass: CardiffUserProperties
> objectClass: organizationalPerson
> objectClass: Person
> objectClass: Top
> objectClass: ndsLoginProperties
> objectClass: posixAccount
> objectClass: pwmUser
> objectClass: DirXML-PasswordSyncStatusUser
> cn: scmhl2
>
>
> Any idea what we've done wrong?
Thanks
Ola
More information about the ome-users
mailing list