Build Forge LDAP integration login error
Hello,
I'm trying to setup LDAP integration for Build Forge 7.1.1.4. I'm getting an error when logging in with a user in the domain. Can anyone help with this? I have entered the following details under Administration -> LDAP When I test the connection of this domain in Build Forge it connects OK. When I try to login to Build Forge with a user from this domain I get the following error: Build Forge Error Access is denied to the BuildForge console. Error authenticating: com.buildforge.services.common.api.APIException - API: Authentication Error. Please click here to try the same type of login again, or click here to force a form login (user ID/password). And in the app server (we're using WebSphere) log: 00000025 SSOManager I Authenticating user 'dev/cdevine' for UI access. 00000025 LdapSession W Exception during LdapSession.findMultiple(DC=dev,DC=corptst,DC=abc,DC=com, (sAMAccountName=cdevine)) : javax.naming.CommunicationException: connection closed ; Remaining name: 'DC=dev,DC=corptst,DC=abc,DC=com' 00000025 LdapSession W Exception during LdapSession.findMultiple(DC=dev,DC=corptst,DC=abc,DC=com, (sAMAccountName=cdevine)) : javax.naming.NamingException: ; Remaining name: 'DC=dev,DC=corptst,DC=abc,DC=com' 00000025 AuthContext W Login failed - no LDAP record 00000025 SSOManager W An exception occurred authenticating user 'dev/cdevine'. The message is: 'API: Authentication Error.'. com.buildforge.services.common.api.APIException: API: Authentication Error. at com.buildforge.services.server.api.AuthContext.loginLdap(AuthContext.java:892) at com.buildforge.services.server.api.AuthContext.loginBase(AuthContext.java:787) at com.buildforge.services.server.api.AuthContext.login(AuthContext.java:687) at com.buildforge.services.server.sso.SSOManager.authenticate(SSOManager.java:288) at com.buildforge.services.server.web.AuthServlet.authenticate(AuthServlet.java:59) at com.buildforge.services.server.web.AuthServlet.doPost(AuthServlet.java:161) at com.buildforge.services.server.web.AuthServlet.service(AuthServlet.java:171) at javax.servlet.http.HttpServlet.service(HttpServlet.java:831) at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1583) at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:870) at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:475) at com.ibm.ws.webcontainer.servlet.ServletWrapperImpl.handleRequest(ServletWrapperImpl.java:175) at com.ibm.ws.webcontainer.servlet.CacheServletWrapper.handleRequest(CacheServletWrapper.java:91) at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:863) at com.ibm.ws.webcontainer.WSWebContainer.handleRequest(WSWebContainer.java:1583) at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:182) at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:455) at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewInformation(HttpInboundLink.java:384) at com.ibm.ws.http.channel.inbound.impl.HttpICLReadCallback.complete(HttpICLReadCallback.java:83) at com.ibm.ws.ssl.channel.impl.SSLReadServiceContext$SSLReadCompletedCallback.complete(SSLReadServiceContext.java:1772) at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:165) at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:217) at com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannelFuture.java:161) at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:138) at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:204) at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:775) at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:905) at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1550) I've used a command line tool called AdFind (http://www.joeware.net/freetools/tools/adfind/index.htm) on the Build Forge server to perform a search using the details above and it can find the user in samaccountname: ADFind.exe -u "CN=Service Account AU\, ABCD RAM WAS DM Svc,OU=AU,OU=Service Accounts,OU=ABC Security Objects,DC=dev,DC=corptst,DC=abc,DC=com" -simple -up * -b DC=dev,DC=corptst,DC=abc,DC=com -f "(samaccountname=cdevine)" Where -u is the Userid for authentication -up * prompts for a password for the user ID specified with -u -simple is a simple bind -b is the base DN to search from -f is the filter |
16 answers
Sorry,
what do u mean with the group lookup?? I already have this group declared into ldap. There are 5 members in this group. |
Until you specify the "Group Search Base" and "Group Unique Identifier" properly to lookup the groups in LDAP, it doesn't matter if the groups exist there or not, Build Forge doesn't know about them until it's able to query them properly.
|
Until you specify the "Group Search Base" and "Group Unique Identifier" properly to lookup the groups in LDAP, it doesn't matter if the groups exist there or not, Build Forge doesn't know about them until it's able to query them properly. After some other tests, we are almost get it, but looks need something else: here is our ldap group: log output: Apr 18, 2011 6:24:20 PM com.buildforge.services.server.sso.SSOManager authenticate INFO: CRRBF1414I: Authenticating user 'MUTUA/rrono0s' for UI access. Apr 18, 2011 6:24:20 PM com.buildforge.services.server.ldap.LdapSession findMultiple FINE: Searching for searchBase: dc=mutua,dc=es, filter: uid=rrono0s, control: javax.naming.directory.SearchControls@1690169 Apr 18, 2011 6:24:20 PM com.buildforge.services.server.ldap.LdapSession findMultiple FINE: Found elements? com.sun.jndi.ldap.LdapSearchEnumeration@14e914e9 Apr 18, 2011 6:24:20 PM com.buildforge.services.server.ldap.LdapSession getUserDN FINE: User login maps to DN Apr 18, 2011 6:24:20 PM com.buildforge.services.server.ldap.LdapSession findMultiple FINE: Searching for searchBase: dc=mutua,dc=es, filter: uid=rrono0s, control: javax.naming.directory.SearchControls@31f931f9 Apr 18, 2011 6:24:20 PM com.buildforge.services.server.ldap.LdapSession findMultiple FINE: Found elements? com.sun.jndi.ldap.LdapSearchEnumeration@44a544a5 Apr 18, 2011 6:24:20 PM com.buildforge.services.server.ldap.LdapSession getUserDN FINE: User login maps to DN Apr 18, 2011 6:24:20 PM com.buildforge.services.server.ldap.LdapSession getGroupDNsForUser FINE: Group name: memberof Apr 18, 2011 6:24:20 PM com.buildforge.services.server.ldap.LdapSession getGroupDNsForUserDN FINE: Group search base: ou=desarrolloweb,ou=servicios,dc=mutua,dc=es Apr 18, 2011 6:24:20 PM com.buildforge.services.server.ldap.LdapSession getGroupDNsForUserDN FINE: Group attribute filter: uniqueMember=*%uid%* Apr 18, 2011 6:24:20 PM com.buildforge.services.server.ldap.LdapSession getGroupDNsForUserDN FINE: User attribute name: uid Apr 18, 2011 6:24:20 PM com.buildforge.services.server.ldap.LdapSession getGroupDNsForUserDN FINE: User attribute value: RRONO0S Apr 18, 2011 6:24:20 PM com.buildforge.services.server.ldap.LdapSession findMultiple FINE: Searching for searchBase: ou=desarrolloweb,ou=servicios,dc=mutua,dc=es, filter: uniqueMember=*RRONO0S*, control: javax.naming.directory.SearchControls@28072807 Apr 18, 2011 6:24:20 PM com.buildforge.services.server.ldap.LdapSession findMultiple FINE: Found elements? com.sun.jndi.ldap.LdapSearchEnumeration@37183718 Apr 18, 2011 6:24:20 PM com.buildforge.services.server.ldap.LdapSession getGroupDNsForUser FINE: Groups found: Apr 18, 2011 6:24:20 PM com.buildforge.services.server.api.AuthContext checkAuthorizedGroupDN WARNING: Login failed - User 'rrono0s' is not in the Authorized Group DN for Domain 'MUTUA' Apr 18, 2011 6:24:20 PM com.buildforge.services.server.sso.SSOManager authenticate WARNING: CRRBF1417I: An exception occurred authenticating user 'MUTUA/rrono0s'. The message is: 'API: Authentication Error.'. Throwable occurred: com.buildforge.services.common.api.APIException: API: Authentication Error. at com.buildforge.services.server.api.AuthContext.checkAuthorizedGroupDN(AuthContext.java:839) at com.buildforge.services.server.api.AuthContext.loginLdap(AuthContext.java:918) at com.buildforge.services.server.api.AuthContext.loginBase(AuthContext.java:784) at com.buildforge.services.server.api.AuthContext.login(AuthContext.java:696) at com.buildforge.services.server.sso.SSOManager.authenticate(SSOManager.java:294) at com.buildforge.services.server.web.AuthServlet.authenticate(AuthServlet.java:59) at com.buildforge.services.server.web.AuthServlet.doPost(AuthServlet.java:162) at com.buildforge.services.server.web.AuthServlet.service(AuthServlet.java:172) at javax.servlet.http.HttpServlet.service(HttpServlet.java:802) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:744) at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527) at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684) at java.lang.Thread.run(Thread.java:736) |
Note that Build Forge does not "normalize" the DN. You have to make sure it's entered exactly as it appears in the trace. Make sure you have a space between "dc=mutua," and "dc=es".
FINE: Groups found: |
I already found it:
my Authorized DN group is: cn=desarrolloWebUsuariosRBF,ou=desarrolloweb,ou=servicios,dc=mutua,dc=es but bf's query returns: cn=desarrolloWebUsuariosRBF,ou=desarrolloweb,ou=servicios,dc=mutua, dc=es (with a space between dc=mutua, dc=es) i declared my Autorized DN group with spaces and it works. probably a bug? |
Note that Build Forge does not "normalize" the DN. You have to make sure it's entered exactly as it appears in the trace. Make sure you have a space between "dc=mutua," and "dc=es". yes, i found it. Thanks very much for ur help and ur patience :wink: |
Your answer
Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.