[ome-users] Blitz errors with ldap authentication

Huw Lynes lynesh at cardiff.ac.uk
Thu Jun 11 14:34:38 BST 2009 

We are currently trying to hook OMERO up to our local LDAP system for
authentication. The only errors we can see are in the Blitz log.

Our ldap config looks like:
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE map SYSTEM "http://java.sun.com/dtd/preferences.dtd">
<map MAP_XML_VERSION="1.0">
  <entry key="omero.ldap.base" value="t=faraway"/>
  <entry key="omero.ldap.config" value="true"/>
  <entry key="omero.ldap.keyStore"
value="/opt/omero/omero_dist/etc/omero_keystore"/>
  <entry key="omero.ldap.keyStorePassword" value="xxxx"/>
  <entry key="omero.ldap.keystore"
value="/opt/omero/omero_dist/etc/omero_keystore"/>
  <entry key="omero.ldap.urls" value="ldap://ldap.cf.ac.uk"/>
  <entry key="omero.ldap.values" value="true.true"/>
</map>

When trying to log in to OMERO.web with an LDAP login I see the
following in the Blitz log:
2009-06-11 14:26:24,305 INFO  [        ome.services.util.ServiceHandler]
(l.Server-1)  Excp:	org.springframework.ldap.UncategorizedLdapException:
Uncategorized exception occured during LDAP processing; nested exception
is javax.naming.NamingException: problem generating object using object
factory [Root exception is
org.springframework.ldap.BadLdapGrammarException: Failed to parse DN;
nested exception is org.springframework.ldap.core.TokenMgrError: Lexical
error at line 1, column 5.  Encountered: ":" (58), after : ""];
remaining name ''
org.springframework.ldap.UncategorizedLdapException: Uncategorized
exception occured during LDAP processing; nested exception is
javax.naming.NamingException: problem generating object using object
factory [Root exception is
org.springframework.ldap.BadLdapGrammarException: Failed to parse DN;
nested exception is org.springframework.ldap.core.TokenMgrError: Lexical
error at line 1, column 5.  Encountered: ":" (58), after : ""];
remaining name ''
	at
org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:193)
	at
org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:295)
	at
org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:234)
	at
org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:583)
	at
org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:497)
	at
org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:447)
	at
org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:468)
	at
org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:486)
	at ome.logic.LdapImpl.findExperimenter(LdapImpl.java:169)
	at ome.logic.LdapImpl.createUserFromLdap(LdapImpl.java:446)
	at
ome.security.auth.LdapPasswordProvider.checkPassword(LdapPasswordProvider.java:93)
Caused by: javax.naming.NamingException: problem generating object using
object factory [Root exception is
org.springframework.ldap.BadLdapGrammarException: Failed to parse DN;
nested exception is org.springframework.ldap.core.TokenMgrError: Lexical
error at line 1, column 5.  Encountered: ":" (58), after : ""];
remaining name ''
	at
com.sun.jndi.ldap.LdapSearchEnumeration.createItem(LdapSearchEnumeration.java:111)
	at
com.sun.jndi.ldap.LdapNamingEnumeration.nextAux(LdapNamingEnumeration.java:256)
	at
com.sun.jndi.ldap.LdapNamingEnumeration.nextImpl(LdapNamingEnumeration.java:236)
	at
com.sun.jndi.ldap.LdapNamingEnumeration.next(LdapNamingEnumeration.java:184)
	at
org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:275)
Caused by: org.springframework.ldap.BadLdapGrammarException: Failed to
parse DN; nested exception is
org.springframework.ldap.core.TokenMgrError: Lexical error at line 1,
column 5.  Encountered: ":" (58), after : ""
	at
org.springframework.ldap.core.DistinguishedName.parse(DistinguishedName.java:145)
	at
org.springframework.ldap.core.DistinguishedName.<init>(DistinguishedName.java:100)
	at
org.springframework.ldap.core.DirContextAdapter.<init>(DirContextAdapter.java:139)
	at
org.springframework.ldap.core.support.DefaultDirObjectFactory.getObjectInstance(DefaultDirObjectFactory.java:61)
	at
com.sun.jndi.ldap.LdapSearchEnumeration.createItem(LdapSearchEnumeration.java:105)
Caused by: org.springframework.ldap.core.TokenMgrError: Lexical error at
line 1, column 5.  Encountered: ":" (58), after : ""
	at
org.springframework.ldap.core.DnParserImplTokenManager.getNextToken(DnParserImplTokenManager.java:690)
	at
org.springframework.ldap.core.DnParserImpl.jj_consume_token(DnParserImpl.java:219)
	at
org.springframework.ldap.core.DnParserImpl.SpacedEquals(DnParserImpl.java:114)
	at
org.springframework.ldap.core.DnParserImpl.attributeTypeAndValue(DnParserImpl.java:94)
	at org.springframework.ldap.core.DnParserImpl.rdn(DnParserImpl.java:58)
	at org.springframework.ldap.core.DnParserImpl.dn(DnParserImpl.java:23)
	at
org.springframework.ldap.core.DistinguishedName.parse(DistinguishedName.java:139)
2009-06-11 14:26:24,397 INFO  [        ome.services.util.ServiceHandler]
(l.Server-1)  Excp:	org.springframework.ldap.UncategorizedLdapException:
Uncategorized exception occured during LDAP processing; nested exception
is javax.naming.NamingException: problem generating object using object
factory [Root exception is
org.springframework.ldap.BadLdapGrammarException: Failed to parse DN;
nested exception is org.springframework.ldap.core.TokenMgrError: Lexical
error at line 1, column 5.  Encountered: ":" (58), after : ""];
remaining name ''
ome.conditions.InternalException:  Wrapped Exception:
(org.springframework.ldap.UncategorizedLdapException):
Uncategorized exception occured during LDAP processing; nested exception
is javax.naming.NamingException: problem generating object using object
factory [Root exception is
org.springframework.ldap.BadLdapGrammarException: Failed to parse DN;
nested exception is org.springframework.ldap.core.TokenMgrError: Lexical
error at line 1, column 5.  Encountered: ":" (58), after : ""];
remaining name ''
	at
org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:193)
	at
org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:295)
	at
org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:234)
	at
org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:583)
	at
org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:497)
	at
org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:447)
	at
org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:468)
	at
org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:486)
	at ome.logic.LdapImpl.findExperimenter(LdapImpl.java:169)
	at ome.logic.LdapImpl.createUserFromLdap(LdapImpl.java:446)
	at
ome.security.auth.LdapPasswordProvider.checkPassword(LdapPasswordProvider.java:93)


Just as an example here is my entry from that LDAP tree as reported by
ldapsearch:

dn: cn=scmhl2,ou=STF,ou=INFOS,ou=MAIN,o=CF
CardiffJCCSTransDept: INSRV
CardiffJCCSTransType: STF
loginShell: /bin/bash
homeDirectory: /home/scmhl2
gidNumber: 63
uidNumber: 20243
mail: lynesh at cardiff.ac.uk
uid: scmhl2
givenName: Huw
fullName: Huw Lynes
telephoneNumber: +44 29208 70626
sn: Lynes
ou: Staff in Information Services
objectClass: inetOrgPerson
objectClass: CardiffUserProperties
objectClass: organizationalPerson
objectClass: Person
objectClass: Top
objectClass: ndsLoginProperties
objectClass: posixAccount
objectClass: pwmUser
objectClass: DirXML-PasswordSyncStatusUser
cn: scmhl2


Any idea what we've done wrong?

Thanks,
Huw


-- 
Huw Lynes                       | Advanced Research Computing
HEC Sysadmin                    | Cardiff University
                                | Redwood Building, 
Tel: +44 (0) 29208 70626        | King Edward VII Avenue, CF10 3NB

More information about the ome-users mailing list