Build Forge LDAP integration login error
Hello,
I'm trying to setup LDAP integration for Build Forge 7.1.1.4. I'm getting an error when logging in with a user in the domain. Can anyone help with this?
I have entered the following details under Administration -> LDAP
LDAP Domain : DEV
Admin DN: CN=Service Account AU\, ABCD RAM WAS DM Svc,OU=AU,OU=Service Accounts,OU=ABC Security Objects,DC=dev,DC=corptst,DC=ABC,DC=com
Host: dev.corptst.abc.com:389
Bind User Account: Yes
Map Access Groups: No
Protocol: LDAP
Search Base : DC=dev,DC=corptst,DC=abc,DC=com
Unique Identifier: (sAMAccountName=%)
When I test the connection of this domain in Build Forge it connects OK.
When I try to login to Build Forge with a user from this domain I get the following error:
Build Forge Error
Access is denied to the BuildForge console.
Error authenticating: com.buildforge.services.common.api.APIException - API: Authentication Error.
Please click here to try the same type of login again, or click here to force a form login (user ID/password).
And in the app server (we're using WebSphere) log:
00000025 SSOManager I Authenticating user 'dev/cdevine' for UI access.
00000025 LdapSession W Exception during LdapSession.findMultiple(DC=dev,DC=corptst,DC=abc,DC=com, (sAMAccountName=cdevine)) : javax.naming.CommunicationException: connection closed ; Remaining name: 'DC=dev,DC=corptst,DC=abc,DC=com'
00000025 LdapSession W Exception during LdapSession.findMultiple(DC=dev,DC=corptst,DC=abc,DC=com, (sAMAccountName=cdevine)) : javax.naming.NamingException: ; Remaining name: 'DC=dev,DC=corptst,DC=abc,DC=com'
00000025 AuthContext W Login failed - no LDAP record
00000025 SSOManager W An exception occurred authenticating user 'dev/cdevine'. The message is: 'API: Authentication Error.'.
com.buildforge.services.common.api.APIException: API: Authentication Error.
at com.buildforge.services.server.api.AuthContext.loginLdap(AuthContext.java:892)
at com.buildforge.services.server.api.AuthContext.loginBase(AuthContext.java:787)
at com.buildforge.services.server.api.AuthContext.login(AuthContext.java:687)
at com.buildforge.services.server.sso.SSOManager.authenticate(SSOManager.java:288)
at com.buildforge.services.server.web.AuthServlet.authenticate(AuthServlet.java:59)
at com.buildforge.services.server.web.AuthServlet.doPost(AuthServlet.java:161)
at com.buildforge.services.server.web.AuthServlet.service(AuthServlet.java:171)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:831)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1583)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:870)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:475)
at com.ibm.ws.webcontainer.servlet.ServletWrapperImpl.handleRequest(ServletWrapperImpl.java:175)
at com.ibm.ws.webcontainer.servlet.CacheServletWrapper.handleRequest(CacheServletWrapper.java:91)
at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:863)
at com.ibm.ws.webcontainer.WSWebContainer.handleRequest(WSWebContainer.java:1583)
at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:182)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:455)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewInformation(HttpInboundLink.java:384)
at com.ibm.ws.http.channel.inbound.impl.HttpICLReadCallback.complete(HttpICLReadCallback.java:83)
at com.ibm.ws.ssl.channel.impl.SSLReadServiceContext$SSLReadCompletedCallback.complete(SSLReadServiceContext.java:1772)
at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:165)
at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:217)
at com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannelFuture.java:161)
at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:138)
at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:204)
at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:775)
at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:905)
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1550)
I've used a command line tool called AdFind (http://www.joeware.net/freetools/tools/adfind/index.htm) on the Build Forge server to perform a search using the details above and it can find the user in samaccountname:
ADFind.exe -u "CN=Service Account AU\, ABCD RAM WAS DM Svc,OU=AU,OU=Service Accounts,OU=ABC Security Objects,DC=dev,DC=corptst,DC=abc,DC=com" -simple -up * -b DC=dev,DC=corptst,DC=abc,DC=com -f "(samaccountname=cdevine)"
Where
-u is the Userid for authentication
-up * prompts for a password for the user ID specified with -u
-simple is a simple bind
-b is the base DN to search from
-f is the filter
I'm trying to setup LDAP integration for Build Forge 7.1.1.4. I'm getting an error when logging in with a user in the domain. Can anyone help with this?
I have entered the following details under Administration -> LDAP
When I test the connection of this domain in Build Forge it connects OK.
When I try to login to Build Forge with a user from this domain I get the following error:
Build Forge Error
Access is denied to the BuildForge console.
Error authenticating: com.buildforge.services.common.api.APIException - API: Authentication Error.
Please click here to try the same type of login again, or click here to force a form login (user ID/password).
And in the app server (we're using WebSphere) log:
00000025 SSOManager I Authenticating user 'dev/cdevine' for UI access.
00000025 LdapSession W Exception during LdapSession.findMultiple(DC=dev,DC=corptst,DC=abc,DC=com, (sAMAccountName=cdevine)) : javax.naming.CommunicationException: connection closed ; Remaining name: 'DC=dev,DC=corptst,DC=abc,DC=com'
00000025 LdapSession W Exception during LdapSession.findMultiple(DC=dev,DC=corptst,DC=abc,DC=com, (sAMAccountName=cdevine)) : javax.naming.NamingException: ; Remaining name: 'DC=dev,DC=corptst,DC=abc,DC=com'
00000025 AuthContext W Login failed - no LDAP record
00000025 SSOManager W An exception occurred authenticating user 'dev/cdevine'. The message is: 'API: Authentication Error.'.
com.buildforge.services.common.api.APIException: API: Authentication Error.
at com.buildforge.services.server.api.AuthContext.loginLdap(AuthContext.java:892)
at com.buildforge.services.server.api.AuthContext.loginBase(AuthContext.java:787)
at com.buildforge.services.server.api.AuthContext.login(AuthContext.java:687)
at com.buildforge.services.server.sso.SSOManager.authenticate(SSOManager.java:288)
at com.buildforge.services.server.web.AuthServlet.authenticate(AuthServlet.java:59)
at com.buildforge.services.server.web.AuthServlet.doPost(AuthServlet.java:161)
at com.buildforge.services.server.web.AuthServlet.service(AuthServlet.java:171)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:831)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1583)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:870)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:475)
at com.ibm.ws.webcontainer.servlet.ServletWrapperImpl.handleRequest(ServletWrapperImpl.java:175)
at com.ibm.ws.webcontainer.servlet.CacheServletWrapper.handleRequest(CacheServletWrapper.java:91)
at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:863)
at com.ibm.ws.webcontainer.WSWebContainer.handleRequest(WSWebContainer.java:1583)
at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:182)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:455)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewInformation(HttpInboundLink.java:384)
at com.ibm.ws.http.channel.inbound.impl.HttpICLReadCallback.complete(HttpICLReadCallback.java:83)
at com.ibm.ws.ssl.channel.impl.SSLReadServiceContext$SSLReadCompletedCallback.complete(SSLReadServiceContext.java:1772)
at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:165)
at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:217)
at com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannelFuture.java:161)
at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:138)
at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:204)
at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:775)
at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:905)
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1550)
I've used a command line tool called AdFind (http://www.joeware.net/freetools/tools/adfind/index.htm) on the Build Forge server to perform a search using the details above and it can find the user in samaccountname:
ADFind.exe -u "CN=Service Account AU\, ABCD RAM WAS DM Svc,OU=AU,OU=Service Accounts,OU=ABC Security Objects,DC=dev,DC=corptst,DC=abc,DC=com" -simple -up * -b DC=dev,DC=corptst,DC=abc,DC=com -f "(samaccountname=cdevine)"
Where
-u is the Userid for authentication
-up * prompts for a password for the user ID specified with -u
-simple is a simple bind
-b is the base DN to search from
-f is the filter
16 answers
Until you specify the "Group Search Base" and "Group Unique Identifier" properly to lookup the groups in LDAP, it doesn't matter if the groups exist there or not, Build Forge doesn't know about them until it's able to query them properly.
After some other tests, we are almost get it, but looks need something else:
here is our ldap group:
log output:
Apr 18, 2011 6:24:20 PM com.buildforge.services.server.sso.SSOManager authenticate
INFO: CRRBF1414I: Authenticating user 'MUTUA/rrono0s' for UI access.
Apr 18, 2011 6:24:20 PM com.buildforge.services.server.ldap.LdapSession findMultiple
FINE: Searching for searchBase: dc=mutua,dc=es, filter: uid=rrono0s, control: javax.naming.directory.SearchControls@1690169
Apr 18, 2011 6:24:20 PM com.buildforge.services.server.ldap.LdapSession findMultiple
FINE: Found elements? com.sun.jndi.ldap.LdapSearchEnumeration@14e914e9
Apr 18, 2011 6:24:20 PM com.buildforge.services.server.ldap.LdapSession getUserDN
FINE: User login maps to DN
Apr 18, 2011 6:24:20 PM com.buildforge.services.server.ldap.LdapSession findMultiple
FINE: Searching for searchBase: dc=mutua,dc=es, filter: uid=rrono0s, control: javax.naming.directory.SearchControls@31f931f9
Apr 18, 2011 6:24:20 PM com.buildforge.services.server.ldap.LdapSession findMultiple
FINE: Found elements? com.sun.jndi.ldap.LdapSearchEnumeration@44a544a5
Apr 18, 2011 6:24:20 PM com.buildforge.services.server.ldap.LdapSession getUserDN
FINE: User login maps to DN
Apr 18, 2011 6:24:20 PM com.buildforge.services.server.ldap.LdapSession getGroupDNsForUser
FINE: Group name: memberof
Apr 18, 2011 6:24:20 PM com.buildforge.services.server.ldap.LdapSession getGroupDNsForUserDN
FINE: Group search base: ou=desarrolloweb,ou=servicios,dc=mutua,dc=es
Apr 18, 2011 6:24:20 PM com.buildforge.services.server.ldap.LdapSession getGroupDNsForUserDN
FINE: Group attribute filter: uniqueMember=*%uid%*
Apr 18, 2011 6:24:20 PM com.buildforge.services.server.ldap.LdapSession getGroupDNsForUserDN
FINE: User attribute name: uid
Apr 18, 2011 6:24:20 PM com.buildforge.services.server.ldap.LdapSession getGroupDNsForUserDN
FINE: User attribute value: RRONO0S
Apr 18, 2011 6:24:20 PM com.buildforge.services.server.ldap.LdapSession findMultiple
FINE: Searching for searchBase: ou=desarrolloweb,ou=servicios,dc=mutua,dc=es, filter: uniqueMember=*RRONO0S*, control: javax.naming.directory.SearchControls@28072807
Apr 18, 2011 6:24:20 PM com.buildforge.services.server.ldap.LdapSession findMultiple
FINE: Found elements? com.sun.jndi.ldap.LdapSearchEnumeration@37183718
Apr 18, 2011 6:24:20 PM com.buildforge.services.server.ldap.LdapSession getGroupDNsForUser
FINE: Groups found:
Apr 18, 2011 6:24:20 PM com.buildforge.services.server.api.AuthContext checkAuthorizedGroupDN
WARNING: Login failed - User 'rrono0s' is not in the Authorized Group DN for Domain 'MUTUA'
Apr 18, 2011 6:24:20 PM com.buildforge.services.server.sso.SSOManager authenticate
WARNING: CRRBF1417I: An exception occurred authenticating user 'MUTUA/rrono0s'. The message is: 'API: Authentication Error.'.
Throwable occurred: com.buildforge.services.common.api.APIException: API: Authentication Error.
at com.buildforge.services.server.api.AuthContext.checkAuthorizedGroupDN(AuthContext.java:839)
at com.buildforge.services.server.api.AuthContext.loginLdap(AuthContext.java:918)
at com.buildforge.services.server.api.AuthContext.loginBase(AuthContext.java:784)
at com.buildforge.services.server.api.AuthContext.login(AuthContext.java:696)
at com.buildforge.services.server.sso.SSOManager.authenticate(SSOManager.java:294)
at com.buildforge.services.server.web.AuthServlet.authenticate(AuthServlet.java:59)
at com.buildforge.services.server.web.AuthServlet.doPost(AuthServlet.java:162)
at com.buildforge.services.server.web.AuthServlet.service(AuthServlet.java:172)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:744)
at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
at java.lang.Thread.run(Thread.java:736)
I already found it:
my Authorized DN group is: cn=desarrolloWebUsuariosRBF,ou=desarrolloweb,ou=servicios,dc=mutua,dc=es
but bf's query returns:
cn=desarrolloWebUsuariosRBF,ou=desarrolloweb,ou=servicios,dc=mutua, dc=es (with a space between dc=mutua, dc=es)
i declared my Autorized DN group with spaces and it works.
probably a bug?
my Authorized DN group is: cn=desarrolloWebUsuariosRBF,ou=desarrolloweb,ou=servicios,dc=mutua,dc=es
but bf's query returns:
cn=desarrolloWebUsuariosRBF,ou=desarrolloweb,ou=servicios,dc=mutua, dc=es (with a space between dc=mutua, dc=es)
i declared my Autorized DN group with spaces and it works.
probably a bug?
Note that Build Forge does not "normalize" the DN. You have to make sure it's entered exactly as it appears in the trace. Make sure you have a space between "dc=mutua," and "dc=es".
FINE: Groups found:
yes, i found it.
Thanks very much for ur help and ur patience :wink:
page 2of 1 pagesof 2 pages