Homepage | Products | OX Knowledge Base | Support | Try Now | Contact | Company
OX Logo
Results 1 to 9 of 9
  1. #1
    Join Date
    Dec 2009
    Posts
    13

    Default open-xchange-authentication

    Hi all,

    we want to use oxldapsync to synchronize our ox users with active directory. can this only be done in combination with the package open-xchange-authentication-ldap?

    regards,
    sploenix

  2. #2
    Join Date
    Sep 2007
    Location
    Germany
    Posts
    494

    Default

    No, the authentication method is not dependent on it.
    User provisioning as done with oxldapsync is disconnected from authentication.
    So it's still possible to authenticate against IMAP for example as long as the IMAP server is connected to AD (or at least has the same userids and passwords).

  3. #3
    Join Date
    Dec 2009
    Posts
    13

    Default

    ok synchronization is working now.
    but now I can't get ldap authentication to work. I set up ldapauth.properties according to my oxldapsync settings.
    here's the error I get when I try to login (the username you see here is oxadmin, but I get the same error if I use an AD user):

    INFO: Logged at: com.openexchange.ajax.Login$11.doLogin(Login.java: 904)
    Loginxadmin IP:XXX.XXX.XXX.XXX AuthID:e27f264a-5497-48f6-95f9-d77f9e6d68fc Agent:Mozilla/5.0 (X11; Linux x86_64; rv:10.0.1) Gecko/20100101 Firefox/10.0.1 Client:com.openexchange.ox.gui.dhtml(6.20.1 Rev5) Interface:HTTP_JSON Failed.
    Feb 15, 2012 3:24:56 PM com.openexchange.log.internal.LoggerTask call
    SEVERE: Logged at: com.openexchange.ajax.Login.loginOperation(Login.j ava:944)
    LGI-0005 Category=5 Message=Login not possible at the moment. Please try again later. exceptionID=2032259047-6
    com.openexchange.ajp13.remoteAddress=127.0.0.1
    com.openexchange.ajp13.remotePort=51652
    LGI-0005 Category=5 Message=Login not possible at the moment. Please try again later. exceptionID=2032259047-6
    at com.openexchange.authentication.exception.LoginExc eptionFactory.createException(LoginExceptionFactor y.java:76)
    at com.openexchange.authentication.exception.LoginExc eptionFactory.createException(LoginExceptionFactor y.java:62)
    at com.openexchange.exceptions.Exceptions.create(Exce ptions.java:141)
    at com.openexchange.exceptions.Exceptions.create(Exce ptions.java:153)
    at com.openexchange.authentication.LoginExceptionCode s.create(LoginExceptionCodes.java:133)
    at com.openexchange.login.internal.LoginPerformer.doL ogin(LoginPerformer.java:211)
    at com.openexchange.login.internal.LoginPerformer.doL ogin(LoginPerformer.java:128)
    at com.openexchange.ajax.Login$11.doLogin(Login.java: 904)
    at com.openexchange.ajax.Login.loginOperation(Login.j ava:919)
    at com.openexchange.ajax.Login.doLogin(Login.java:901 )
    at com.openexchange.ajax.Login$1.handleRequest(Login. java:184)
    at com.openexchange.ajax.Login.doJSONAuth(Login.java: 738)
    at com.openexchange.ajax.Login.doGet(Login.java:725)
    at com.openexchange.ajax.Login.doPost(Login.java:858)
    at javax.servlet.http.HttpServlet.service(HttpServlet .java:727)
    at com.openexchange.ajax.AJAXServlet.service(AJAXServ let.java:428)
    at javax.servlet.http.HttpServlet.service(HttpServlet .java:820)
    at com.openexchange.ajp13.coyote.AjpProcessor.process (AjpProcessor.java:822)
    at com.openexchange.ajp13.coyote.sockethandler.Coyote Task.call(CoyoteTask.java:184)
    at java.util.concurrent.FutureTask$Sync.innerRun(Unkn own Source)
    at java.util.concurrent.FutureTask.run(Unknown Source)
    at com.openexchange.threadpool.internal.CustomThreadP oolExecutor$Worker.runTask(CustomThreadPoolExecuto r.java:752)
    at com.openexchange.threadpool.internal.CustomThreadP oolExecutor$Worker.run(CustomThreadPoolExecutor.ja va:781)
    at java.lang.Thread.run(Unknown Source)
    Caused by: SRV-0001 Category=4 Message=The required service com.openexchange.authentication.AuthenticationServ ice is temporary not available. Please try again later. exceptionID=2032259047-5
    at com.openexchange.authentication.service.Authentica tion.login(Authentication.java:86)
    at com.openexchange.login.internal.LoginPerformer$1.d oAuthentication(LoginPerformer.java:130)
    at com.openexchange.login.internal.LoginPerformer.doL ogin(LoginPerformer.java:170)
    ... 18 more
    has anybody an idea what can be done to fix this error?

  4. #4
    Join Date
    Sep 2007
    Location
    Germany
    Posts
    494

    Default

    The required service com.openexchange.authentication.AuthenticationServ ice is temporary not available. Please try again later
    Apparently there is no bundle (correctly) loaded which provides AuthenticationService.
    Please check with listbundles if all bundles are ACTIVE. If not check for other errors (especially also in osgi-admin.log).

  5. #5
    Join Date
    Dec 2009
    Posts
    13

    Default

    You are right the ldap module is not loaded:

    bundlename: com.openexchange.authentication.ldap status: RESOLVED
    This is what the osgi log tells me:

    !ENTRY org.eclipse.osgi 4 0 2012-02-15 18:02:53.494
    !MESSAGE Bundle com.openexchange.authentication.ldap_6.20.1.0 [2] is not active.
    !SESSION 2012-02-15 22:08:19.572 -----------------------------------------------
    eclipse.buildId=unknown
    java.version=1.6.0_30
    java.vendor=Sun Microsystems Inc.
    BootLoader constants: OS=linux, ARCH=x86, WS=gtk, NL=en_US
    Command-line arguments: -configuration file:/opt/open-xchange/etc/groupware/osgi
    this message doesn't really help me. may be you have an idea what's wrong..

  6. #6
    Join Date
    Dec 2009
    Posts
    13

    Default

    ok i've made the next step. reading this post gave me the right hint: https://forum.open-xchange.com/showt...undle-RESOLVED

    afterwards I searched the ox-log: cat /var/log/open-xchange/open-xchange.log.0 | grep "authentication.ldap"
    and found this error:
    Start-up of bundle "com.openexchange.authentication.ldap" failed: ???-0009 Category=10 Message=Missing property searchFilter. exceptionID=-2090270552-1
    at com.openexchange.authentication.ldap.LDAPAuthentic ation.init(LDAPAuthentication.java:322)
    at com.openexchange.authentication.ldap.LDAPAuthentic ation.<init>(LDAPAuthentication.java:122)
    at com.openexchange.authentication.ldap.AuthLDAPActiv ator.startBundle(AuthLDAPActivator.java:104)
    Bundle "com.openexchange.authentication.ldap" stopped.
    logging in does still not work... further investigations will follow tomorrow.

  7. #7
    Join Date
    Sep 2007
    Location
    Germany
    Posts
    494

    Default

    Apparently the log tells you that there is no "searchFilter" property set in the configuration file ldapauth.properties?

  8. #8
    Join Date
    Dec 2009
    Posts
    13

    Default

    You are right. right now I am trying what search filter to apply. As I am new to ldap I don't know what to add here. I tried the suggestion "searchFilter=(&(objectclass=posixAccount)(uid=*)) " which does not work. What is the right syntax for all users in a specific OU in an active directory?

    Here's the error from the log:

    SEVERE: Logged at: com.openexchange.authentication.ldap.LDAPAuthentic ation.bind(LDAPAuthentication.java:272)
    Login failed for dn null:
    com.openexchange.ajp13.remoteAddress=127.0.0.1
    com.openexchange.ajp13.remotePort=54593
    javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 525, v1772]
    at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source)
    at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknow n Source)
    at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknow n Source)
    at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)
    at com.sun.jndi.ldap.LdapCtx.<init>(Unknown Source)
    at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unkno wn Source)
    at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Unkn own Source)
    at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstanc e(Unknown Source)
    at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext (Unknown Source)
    at javax.naming.spi.NamingManager.getInitialContext(U nknown Source)
    at javax.naming.InitialContext.getDefaultInitCtx(Unkn own Source)
    at javax.naming.InitialContext.init(Unknown Source)
    at javax.naming.ldap.InitialLdapContext.<init>(Unknow n Source)
    at com.openexchange.authentication.ldap.LDAPAuthentic ation.bind(LDAPAuthentication.java:184)
    at com.openexchange.authentication.ldap.LDAPAuthentic ation.handleLoginInfo(LDAPAuthentication.java:135)
    at com.openexchange.authentication.service.Authentica tion.login(Authentication.java:88)
    at com.openexchange.login.internal.LoginPerformer$1.d oAuthentication(LoginPerformer.java:130)
    at com.openexchange.login.internal.LoginPerformer.doL ogin(LoginPerformer.java:170)
    at com.openexchange.login.internal.LoginPerformer.doL ogin(LoginPerformer.java:128)
    at com.openexchange.ajax.Login$11.doLogin(Login.java: 904)
    at com.openexchange.ajax.Login.loginOperation(Login.j ava:919)
    at com.openexchange.ajax.Login.doLogin(Login.java:901 )
    at com.openexchange.ajax.Login$1.handleRequest(Login. java:184)
    at com.openexchange.ajax.Login.doJSONAuth(Login.java: 738)
    at com.openexchange.ajax.Login.doGet(Login.java:725)
    at com.openexchange.ajax.Login.doPost(Login.java:858)
    at javax.servlet.http.HttpServlet.service(HttpServlet .java:727)
    at com.openexchange.ajax.AJAXServlet.service(AJAXServ let.java:428)
    at javax.servlet.http.HttpServlet.service(HttpServlet .java:820)
    at com.openexchange.ajp13.coyote.AjpProcessor.process (AjpProcessor.java:822)
    at com.openexchange.ajp13.coyote.sockethandler.Coyote Task.call(CoyoteTask.java:184)
    at java.util.concurrent.FutureTask$Sync.innerRun(Unkn own Source)
    at java.util.concurrent.FutureTask.run(Unknown Source)
    at com.openexchange.threadpool.internal.CustomThreadP oolExecutor$Worker.runTask(CustomThreadPoolExecuto r.java:752)
    at com.openexchange.threadpool.internal.CustomThreadP oolExecutor$Worker.run(CustomThreadPoolExecutor.ja va:781)
    at java.lang.Thread.run(Unknown Source)
    Last edited by sploenix; 02-16-2012 at 11:53 AM.

  9. #9
    Join Date
    Dec 2009
    Posts
    13

    Default

    As nobody replied to my question, I tried to find and alternative way to authenticate my users. I'm now using imap authentication, which works very well. The problem is now that I can't use users in the database (like oxadmin) - so I now have a working OX with no admin user. Here's the log message:

    INFO: Logged at: com.openexchange.authentication.imap.impl.IMAPAuth entication.handleLoginInfo(IMAPAuthentication.java :354)
    Authentication error on host MY.IMAP.SERVER:993 for user oxadmin
    javax.mail.AuthenticationFailedException: [AUTHENTICATIONFAILED] Authentication failed.
    at com.sun.mail.imap.IMAPStore.protocolConnect(IMAPSt ore.java:624)
    at javax.mail.Service.connect(Service.java:291)
    at com.openexchange.authentication.imap.impl.IMAPAuth entication.handleLoginInfo(IMAPAuthentication.java :324)
    at com.openexchange.authentication.service.Authentica tion.login(Authentication.java:88)
    at com.openexchange.login.internal.LoginPerformer$1.d oAuthentication(LoginPerformer.java:130)
    at com.openexchange.login.internal.LoginPerformer.doL ogin(LoginPerformer.java:170)
    at com.openexchange.login.internal.LoginPerformer.doL ogin(LoginPerformer.java:128)
    at com.openexchange.ajax.Login$11.doLogin(Login.java: 904)
    at com.openexchange.ajax.Login.loginOperation(Login.j ava:919)
    at com.openexchange.ajax.Login.doLogin(Login.java:901 )
    at com.openexchange.ajax.Login$1.handleRequest(Login. java:184)
    at com.openexchange.ajax.Login.doJSONAuth(Login.java: 738)
    at com.openexchange.ajax.Login.doGet(Login.java:725)
    at com.openexchange.ajax.Login.doPost(Login.java:858)
    at javax.servlet.http.HttpServlet.service(HttpServlet .java:727)
    at com.openexchange.ajax.AJAXServlet.service(AJAXServ let.java:428)
    at javax.servlet.http.HttpServlet.service(HttpServlet .java:820)
    at com.openexchange.ajp13.coyote.AjpProcessor.process (AjpProcessor.java:822)
    at com.openexchange.ajp13.coyote.sockethandler.Coyote Task.call(CoyoteTask.java:184)
    at java.util.concurrent.FutureTask$Sync.innerRun(Unkn own Source)
    at java.util.concurrent.FutureTask.run(Unknown Source)
    at com.openexchange.threadpool.internal.CustomThreadP oolExecutor$Worker.runTask(CustomThreadPoolExecuto r.java:752)
    at com.openexchange.threadpool.internal.CustomThreadP oolExecutor$Worker.run(CustomThreadPoolExecutor.ja va:781)
    at java.lang.Thread.run(Unknown Source)
    The problem is, that ox tries to authenticate the oxadmin user against the imap server. How can this be changed?

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •