Announcement

Collapse
No announcement yet.

open-xchange-authentication

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • open-xchange-authentication

    Hi all,

    we want to use oxldapsync to synchronize our ox users with active directory. can this only be done in combination with the package open-xchange-authentication-ldap?

    regards,
    sploenix

  • #2
    No, the authentication method is not dependent on it.
    User provisioning as done with oxldapsync is disconnected from authentication.
    So it's still possible to authenticate against IMAP for example as long as the IMAP server is connected to AD (or at least has the same userids and passwords).

    Comment


    • #3
      ok synchronization is working now.
      but now I can't get ldap authentication to work. I set up ldapauth.properties according to my oxldapsync settings.
      here's the error I get when I try to login (the username you see here is oxadmin, but I get the same error if I use an AD user):

      INFO: Logged at: com.openexchange.ajax.Login$11.doLogin(Login.java: 904)
      Loginxadmin IP:XXX.XXX.XXX.XXX AuthID:e27f264a-5497-48f6-95f9-d77f9e6d68fc Agent:Mozilla/5.0 (X11; Linux x86_64; rv:10.0.1) Gecko/20100101 Firefox/10.0.1 Client:com.openexchange.ox.gui.dhtml(6.20.1 Rev5) Interface:HTTP_JSON Failed.
      Feb 15, 2012 3:24:56 PM com.openexchange.log.internal.LoggerTask call
      SEVERE: Logged at: com.openexchange.ajax.Login.loginOperation(Login.j ava:944)
      LGI-0005 Category=5 Message=Login not possible at the moment. Please try again later. exceptionID=2032259047-6
      com.openexchange.ajp13.remoteAddress=127.0.0.1
      com.openexchange.ajp13.remotePort=51652
      LGI-0005 Category=5 Message=Login not possible at the moment. Please try again later. exceptionID=2032259047-6
      at com.openexchange.authentication.exception.LoginExc eptionFactory.createException(LoginExceptionFactor y.java:76)
      at com.openexchange.authentication.exception.LoginExc eptionFactory.createException(LoginExceptionFactor y.java:62)
      at com.openexchange.exceptions.Exceptions.create(Exce ptions.java:141)
      at com.openexchange.exceptions.Exceptions.create(Exce ptions.java:153)
      at com.openexchange.authentication.LoginExceptionCode s.create(LoginExceptionCodes.java:133)
      at com.openexchange.login.internal.LoginPerformer.doL ogin(LoginPerformer.java:211)
      at com.openexchange.login.internal.LoginPerformer.doL ogin(LoginPerformer.java:128)
      at com.openexchange.ajax.Login$11.doLogin(Login.java: 904)
      at com.openexchange.ajax.Login.loginOperation(Login.j ava:919)
      at com.openexchange.ajax.Login.doLogin(Login.java:901 )
      at com.openexchange.ajax.Login$1.handleRequest(Login. java:184)
      at com.openexchange.ajax.Login.doJSONAuth(Login.java: 738)
      at com.openexchange.ajax.Login.doGet(Login.java:725)
      at com.openexchange.ajax.Login.doPost(Login.java:858)
      at javax.servlet.http.HttpServlet.service(HttpServlet .java:727)
      at com.openexchange.ajax.AJAXServlet.service(AJAXServ let.java:428)
      at javax.servlet.http.HttpServlet.service(HttpServlet .java:820)
      at com.openexchange.ajp13.coyote.AjpProcessor.process (AjpProcessor.java:822)
      at com.openexchange.ajp13.coyote.sockethandler.Coyote Task.call(CoyoteTask.java:184)
      at java.util.concurrent.FutureTask$Sync.innerRun(Unkn own Source)
      at java.util.concurrent.FutureTask.run(Unknown Source)
      at com.openexchange.threadpool.internal.CustomThreadP oolExecutor$Worker.runTask(CustomThreadPoolExecuto r.java:752)
      at com.openexchange.threadpool.internal.CustomThreadP oolExecutor$Worker.run(CustomThreadPoolExecutor.ja va:781)
      at java.lang.Thread.run(Unknown Source)
      Caused by: SRV-0001 Category=4 Message=The required service com.openexchange.authentication.AuthenticationServ ice is temporary not available. Please try again later. exceptionID=2032259047-5
      at com.openexchange.authentication.service.Authentica tion.login(Authentication.java:86)
      at com.openexchange.login.internal.LoginPerformer$1.d oAuthentication(LoginPerformer.java:130)
      at com.openexchange.login.internal.LoginPerformer.doL ogin(LoginPerformer.java:170)
      ... 18 more
      has anybody an idea what can be done to fix this error?

      Comment


      • #4
        The required service com.openexchange.authentication.AuthenticationServ ice is temporary not available. Please try again later
        Apparently there is no bundle (correctly) loaded which provides AuthenticationService.
        Please check with listbundles if all bundles are ACTIVE. If not check for other errors (especially also in osgi-admin.log).

        Comment


        • #5
          You are right the ldap module is not loaded:

          bundlename: com.openexchange.authentication.ldap status: RESOLVED
          This is what the osgi log tells me:

          !ENTRY org.eclipse.osgi 4 0 2012-02-15 18:02:53.494
          !MESSAGE Bundle com.openexchange.authentication.ldap_6.20.1.0 [2] is not active.
          !SESSION 2012-02-15 22:08:19.572 -----------------------------------------------
          eclipse.buildId=unknown
          java.version=1.6.0_30
          java.vendor=Sun Microsystems Inc.
          BootLoader constants: OS=linux, ARCH=x86, WS=gtk, NL=en_US
          Command-line arguments: -configuration file:/opt/open-xchange/etc/groupware/osgi
          this message doesn't really help me. may be you have an idea what's wrong..

          Comment


          • #6
            ok i've made the next step. reading this post gave me the right hint: https://forum.open-xchange.com/showt...undle-RESOLVED

            afterwards I searched the ox-log: cat /var/log/open-xchange/open-xchange.log.0 | grep "authentication.ldap"
            and found this error:
            Start-up of bundle "com.openexchange.authentication.ldap" failed: ???-0009 Category=10 Message=Missing property searchFilter. exceptionID=-2090270552-1
            at com.openexchange.authentication.ldap.LDAPAuthentic ation.init(LDAPAuthentication.java:322)
            at com.openexchange.authentication.ldap.LDAPAuthentic ation.<init>(LDAPAuthentication.java:122)
            at com.openexchange.authentication.ldap.AuthLDAPActiv ator.startBundle(AuthLDAPActivator.java:104)
            Bundle "com.openexchange.authentication.ldap" stopped.
            logging in does still not work... further investigations will follow tomorrow.

            Comment


            • #7
              Apparently the log tells you that there is no "searchFilter" property set in the configuration file ldapauth.properties?

              Comment


              • #8
                You are right. right now I am trying what search filter to apply. As I am new to ldap I don't know what to add here. I tried the suggestion "searchFilter=(&(objectclass=posixAccount)(uid=*)) " which does not work. What is the right syntax for all users in a specific OU in an active directory?

                Here's the error from the log:

                SEVERE: Logged at: com.openexchange.authentication.ldap.LDAPAuthentic ation.bind(LDAPAuthentication.java:272)
                Login failed for dn null:
                com.openexchange.ajp13.remoteAddress=127.0.0.1
                com.openexchange.ajp13.remotePort=54593
                javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 525, v1772]
                at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source)
                at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknow n Source)
                at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknow n Source)
                at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)
                at com.sun.jndi.ldap.LdapCtx.<init>(Unknown Source)
                at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unkno wn Source)
                at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Unkn own Source)
                at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstanc e(Unknown Source)
                at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext (Unknown Source)
                at javax.naming.spi.NamingManager.getInitialContext(U nknown Source)
                at javax.naming.InitialContext.getDefaultInitCtx(Unkn own Source)
                at javax.naming.InitialContext.init(Unknown Source)
                at javax.naming.ldap.InitialLdapContext.<init>(Unknow n Source)
                at com.openexchange.authentication.ldap.LDAPAuthentic ation.bind(LDAPAuthentication.java:184)
                at com.openexchange.authentication.ldap.LDAPAuthentic ation.handleLoginInfo(LDAPAuthentication.java:135)
                at com.openexchange.authentication.service.Authentica tion.login(Authentication.java:88)
                at com.openexchange.login.internal.LoginPerformer$1.d oAuthentication(LoginPerformer.java:130)
                at com.openexchange.login.internal.LoginPerformer.doL ogin(LoginPerformer.java:170)
                at com.openexchange.login.internal.LoginPerformer.doL ogin(LoginPerformer.java:128)
                at com.openexchange.ajax.Login$11.doLogin(Login.java: 904)
                at com.openexchange.ajax.Login.loginOperation(Login.j ava:919)
                at com.openexchange.ajax.Login.doLogin(Login.java:901 )
                at com.openexchange.ajax.Login$1.handleRequest(Login. java:184)
                at com.openexchange.ajax.Login.doJSONAuth(Login.java: 738)
                at com.openexchange.ajax.Login.doGet(Login.java:725)
                at com.openexchange.ajax.Login.doPost(Login.java:858)
                at javax.servlet.http.HttpServlet.service(HttpServlet .java:727)
                at com.openexchange.ajax.AJAXServlet.service(AJAXServ let.java:428)
                at javax.servlet.http.HttpServlet.service(HttpServlet .java:820)
                at com.openexchange.ajp13.coyote.AjpProcessor.process (AjpProcessor.java:822)
                at com.openexchange.ajp13.coyote.sockethandler.Coyote Task.call(CoyoteTask.java:184)
                at java.util.concurrent.FutureTask$Sync.innerRun(Unkn own Source)
                at java.util.concurrent.FutureTask.run(Unknown Source)
                at com.openexchange.threadpool.internal.CustomThreadP oolExecutor$Worker.runTask(CustomThreadPoolExecuto r.java:752)
                at com.openexchange.threadpool.internal.CustomThreadP oolExecutor$Worker.run(CustomThreadPoolExecutor.ja va:781)
                at java.lang.Thread.run(Unknown Source)
                Last edited by sploenix; 02-16-2012, 11:53 AM.

                Comment


                • #9
                  As nobody replied to my question, I tried to find and alternative way to authenticate my users. I'm now using imap authentication, which works very well. The problem is now that I can't use users in the database (like oxadmin) - so I now have a working OX with no admin user. Here's the log message:

                  INFO: Logged at: com.openexchange.authentication.imap.impl.IMAPAuth entication.handleLoginInfo(IMAPAuthentication.java :354)
                  Authentication error on host MY.IMAP.SERVER:993 for user oxadmin
                  javax.mail.AuthenticationFailedException: [AUTHENTICATIONFAILED] Authentication failed.
                  at com.sun.mail.imap.IMAPStore.protocolConnect(IMAPSt ore.java:624)
                  at javax.mail.Service.connect(Service.java:291)
                  at com.openexchange.authentication.imap.impl.IMAPAuth entication.handleLoginInfo(IMAPAuthentication.java :324)
                  at com.openexchange.authentication.service.Authentica tion.login(Authentication.java:88)
                  at com.openexchange.login.internal.LoginPerformer$1.d oAuthentication(LoginPerformer.java:130)
                  at com.openexchange.login.internal.LoginPerformer.doL ogin(LoginPerformer.java:170)
                  at com.openexchange.login.internal.LoginPerformer.doL ogin(LoginPerformer.java:128)
                  at com.openexchange.ajax.Login$11.doLogin(Login.java: 904)
                  at com.openexchange.ajax.Login.loginOperation(Login.j ava:919)
                  at com.openexchange.ajax.Login.doLogin(Login.java:901 )
                  at com.openexchange.ajax.Login$1.handleRequest(Login. java:184)
                  at com.openexchange.ajax.Login.doJSONAuth(Login.java: 738)
                  at com.openexchange.ajax.Login.doGet(Login.java:725)
                  at com.openexchange.ajax.Login.doPost(Login.java:858)
                  at javax.servlet.http.HttpServlet.service(HttpServlet .java:727)
                  at com.openexchange.ajax.AJAXServlet.service(AJAXServ let.java:428)
                  at javax.servlet.http.HttpServlet.service(HttpServlet .java:820)
                  at com.openexchange.ajp13.coyote.AjpProcessor.process (AjpProcessor.java:822)
                  at com.openexchange.ajp13.coyote.sockethandler.Coyote Task.call(CoyoteTask.java:184)
                  at java.util.concurrent.FutureTask$Sync.innerRun(Unkn own Source)
                  at java.util.concurrent.FutureTask.run(Unknown Source)
                  at com.openexchange.threadpool.internal.CustomThreadP oolExecutor$Worker.runTask(CustomThreadPoolExecuto r.java:752)
                  at com.openexchange.threadpool.internal.CustomThreadP oolExecutor$Worker.run(CustomThreadPoolExecutor.ja va:781)
                  at java.lang.Thread.run(Unknown Source)
                  The problem is, that ox tries to authenticate the oxadmin user against the imap server. How can this be changed?

                  Comment

                  Working...
                  X