Skip to main content


Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Modeling » EMF "Technology" (Ecore Tools, EMFatic, etc)  » [EMFStore] LDAP connection fails
[EMFStore] LDAP connection fails [message #1323525] Wed, 30 April 2014 09:52 Go to next message
Kristof Zalecki is currently offline Kristof ZaleckiFriend
Messages: 23
Registered: October 2013
Junior Member
Hi,

I configured my EMFStore server to connect to an Actice Directory using
the right configuration and login credentials of the AD server, but
every time I try to login to my EMFStore server with a user I previously
added it simply fails to connect.
The server adress is correct, since I am able to login using ldap
browser 4.5. I even tried loging into ldap servers which do not need any
login credentials and also failed (like the one shown in the stack
trace). Connecting to the emfstore server from a different machine and
working on the projects works so far, which would take out the firewall
as a source for the faults.
I am still using emfstore 1.1 btw.

My configuration in the es.properties files looks like this:

emfstore.accesscontrol.authentication.ldap.1.url=ldap://x500.bund.de:389
emfstore.accesscontrol.authentication.ldap.1.base=o=Bund,c=DE
emfstore.accesscontrol.authentication.ldap.1.searchdn=sAMAccountName
emfstore.accesscontrol.authentication.ldap.1.authuser=peter
emfstore.accesscontrol.authentication.ldap.1.authpass=wurst

Regards,
Kristof

Here the stack trace:
LDAP Directory ldap://x500.bund.de:389 not found.
javax.naming.CommunicationException: simple bind failed:
x500.bund.de:389 [Root exception is java.net.SocketException: Connection
reset]
at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:195)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2720)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:296)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
at
com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
at
com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
at javax.naming.InitialContext.init(InitialContext.java:223)
at javax.naming.InitialContext.<init>(InitialContext.java:197)
at
javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:82)
at
org.eclipse.emf.emfstore.internal.server.accesscontrol.authentication.verifiers.LDAPVerifier.verifyPassword(LDAPVerifier.java:84)
at
org.eclipse.emf.emfstore.internal.server.accesscontrol.authentication.verifiers.VerifierChain.verifyPassword(VerifierChain.java:57)
at
org.eclipse.emf.emfstore.internal.server.accesscontrol.authentication.verifiers.AbstractAuthenticationControl.logIn(AbstractAuthenticationControl.java:70)
at
org.eclipse.emf.emfstore.internal.server.accesscontrol.AccessControlImpl.logIn(AccessControlImpl.java:128)
at
org.eclipse.emf.emfstore.internal.server.connection.xmlrpc.XmlRpcEmfStoreImpl.logIn(XmlRpcEmfStoreImpl.java:76)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at
org.apache.xmlrpc.server.ReflectiveXmlRpcHandler.invoke(ReflectiveXmlRpcHandler.java:115)
at
org.apache.xmlrpc.server.ReflectiveXmlRpcHandler.execute(ReflectiveXmlRpcHandler.java:106)
at
org.apache.xmlrpc.server.XmlRpcServerWorker.execute(XmlRpcServerWorker.java:46)
at org.apache.xmlrpc.server.XmlRpcServer.execute(XmlRpcServer.java:86)
at
org.apache.xmlrpc.server.XmlRpcStreamServer.execute(XmlRpcStreamServer.java:200)
at org.apache.xmlrpc.webserver.Connection.run(Connection.java:208)
at org.apache.xmlrpc.util.ThreadPool$Poolable$1.run(ThreadPool.java:68)
Caused by: java.net.SocketException: Connection reset
at java.net.SocketInputStream.read(SocketInputStream.java:168)
at com.sun.net.ssl.internal.ssl.InputRecord.readFully(InputRecord.java:293)
at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:331)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:830)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1170)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:637)
at
com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:88)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:400)
at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:373)
at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:332)
at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:190)
... 27 more
Re: [EMFStore] LDAP connection fails [message #1327846 is a reply to message #1323525] Fri, 02 May 2014 11:17 Go to previous messageGo to next message
Maximilian Koegel is currently offline Maximilian KoegelFriend
Messages: 253
Registered: July 2009
Senior Member
Hi,

do you use authenticated LDAP or LDAP only?
The authuser is for authenticated LDAP only and will be used to initally
connect to the LDAP server. It is not related to the actual user
credentials to be authenticated by EMFStore.

Cheers,
Maximilian

Am 30.04.2014 11:52, schrieb Zalecki, Kristof:
> Hi,
>
> I configured my EMFStore server to connect to an Actice Directory using
> the right configuration and login credentials of the AD server, but
> every time I try to login to my EMFStore server with a user I previously
> added it simply fails to connect.
> The server adress is correct, since I am able to login using ldap
> browser 4.5. I even tried loging into ldap servers which do not need any
> login credentials and also failed (like the one shown in the stack
> trace). Connecting to the emfstore server from a different machine and
> working on the projects works so far, which would take out the firewall
> as a source for the faults.
> I am still using emfstore 1.1 btw.
>
> My configuration in the es.properties files looks like this:
>
> emfstore.accesscontrol.authentication.ldap.1.url=ldap://x500.bund.de:389
> emfstore.accesscontrol.authentication.ldap.1.base=o=Bund,c=DE
> emfstore.accesscontrol.authentication.ldap.1.searchdn=sAMAccountName
> emfstore.accesscontrol.authentication.ldap.1.authuser=peter
> emfstore.accesscontrol.authentication.ldap.1.authpass=wurst
>
> Regards,
> Kristof
>
> Here the stack trace:
> LDAP Directory ldap://x500.bund.de:389 not found.
> javax.naming.CommunicationException: simple bind failed:
> x500.bund.de:389 [Root exception is java.net.SocketException: Connection
> reset]
> at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:195)
> at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2720)
> at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:296)
> at
> com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
> at
> com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
> at
> com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
>
> at
> com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
> at
> javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
> at
> javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
> at javax.naming.InitialContext.init(InitialContext.java:223)
> at javax.naming.InitialContext.<init>(InitialContext.java:197)
> at
> javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:82)
> at
> org.eclipse.emf.emfstore.internal.server.accesscontrol.authentication.verifiers.LDAPVerifier.verifyPassword(LDAPVerifier.java:84)
>
> at
> org.eclipse.emf.emfstore.internal.server.accesscontrol.authentication.verifiers.VerifierChain.verifyPassword(VerifierChain.java:57)
>
> at
> org.eclipse.emf.emfstore.internal.server.accesscontrol.authentication.verifiers.AbstractAuthenticationControl.logIn(AbstractAuthenticationControl.java:70)
>
> at
> org.eclipse.emf.emfstore.internal.server.accesscontrol.AccessControlImpl.logIn(AccessControlImpl.java:128)
>
> at
> org.eclipse.emf.emfstore.internal.server.connection.xmlrpc.XmlRpcEmfStoreImpl.logIn(XmlRpcEmfStoreImpl.java:76)
>
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>
> at java.lang.reflect.Method.invoke(Method.java:597)
> at
> org.apache.xmlrpc.server.ReflectiveXmlRpcHandler.invoke(ReflectiveXmlRpcHandler.java:115)
>
> at
> org.apache.xmlrpc.server.ReflectiveXmlRpcHandler.execute(ReflectiveXmlRpcHandler.java:106)
>
> at
> org.apache.xmlrpc.server.XmlRpcServerWorker.execute(XmlRpcServerWorker.java:46)
>
> at org.apache.xmlrpc.server.XmlRpcServer.execute(XmlRpcServer.java:86)
> at
> org.apache.xmlrpc.server.XmlRpcStreamServer.execute(XmlRpcStreamServer.java:200)
>
> at org.apache.xmlrpc.webserver.Connection.run(Connection.java:208)
> at org.apache.xmlrpc.util.ThreadPool$Poolable$1.run(ThreadPool.java:68)
> Caused by: java.net.SocketException: Connection reset
> at java.net.SocketInputStream.read(SocketInputStream.java:168)
> at
> com.sun.net.ssl.internal.ssl.InputRecord.readFully(InputRecord.java:293)
> at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:331)
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:830)
>
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1170)
>
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:637)
>
> at
> com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:88)
> at
> java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
> at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
> at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:400)
> at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:373)
> at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:332)
> at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:190)
> ... 27 more
>


--
Maximilian Kögel

Get Professional Eclipse Support: http://eclipsesource.com/munich
Re: [EMFStore] LDAP connection fails [message #1333716 is a reply to message #1327846] Mon, 05 May 2014 07:33 Go to previous messageGo to next message
Kristof Zalecki is currently offline Kristof ZaleckiFriend
Messages: 23
Registered: October 2013
Junior Member
Hi Maximilian,

I actually tried both on different servers. The one I need is
the authenticated server though.
I use the login credentials of the ldap server for the ldap connection
and then I am trying to log into emfstore using a user from the active
directory whom I also saved in my emfstore.

The example from the stack trace is an open server I found online and
should work without any login credentials, but every time I try to
connect I get the same result, regardless of whether I am using
authenticated ldap or not.

Regards,
Kristof


Am 02.05.2014 13:17, schrieb Maximilian Koegel:
> Hi,
>
> do you use authenticated LDAP or LDAP only?
> The authuser is for authenticated LDAP only and will be used to initally
> connect to the LDAP server. It is not related to the actual user
> credentials to be authenticated by EMFStore.
>
> Cheers,
> Maximilian
>
> Am 30.04.2014 11:52, schrieb Zalecki, Kristof:
>> Hi,
>>
>> I configured my EMFStore server to connect to an Actice Directory using
>> the right configuration and login credentials of the AD server, but
>> every time I try to login to my EMFStore server with a user I previously
>> added it simply fails to connect.
>> The server adress is correct, since I am able to login using ldap
>> browser 4.5. I even tried loging into ldap servers which do not need any
>> login credentials and also failed (like the one shown in the stack
>> trace). Connecting to the emfstore server from a different machine and
>> working on the projects works so far, which would take out the firewall
>> as a source for the faults.
>> I am still using emfstore 1.1 btw.
>>
>> My configuration in the es.properties files looks like this:
>>
>> emfstore.accesscontrol.authentication.ldap.1.url=ldap://x500.bund.de:389
>> emfstore.accesscontrol.authentication.ldap.1.base=o=Bund,c=DE
>> emfstore.accesscontrol.authentication.ldap.1.searchdn=sAMAccountName
>> emfstore.accesscontrol.authentication.ldap.1.authuser=peter
>> emfstore.accesscontrol.authentication.ldap.1.authpass=wurst
>>
>> Regards,
>> Kristof
>>
>> Here the stack trace:
>> LDAP Directory ldap://x500.bund.de:389 not found.
>> javax.naming.CommunicationException: simple bind failed:
>> x500.bund.de:389 [Root exception is java.net.SocketException: Connection
>> reset]
>> at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:195)
>> at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2720)
>> at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:296)
>> at
>> com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
>> at
>> com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
>> at
>> com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
>>
>> at
>> com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
>> at
>> javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
>> at
>> javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
>> at javax.naming.InitialContext.init(InitialContext.java:223)
>> at javax.naming.InitialContext.<init>(InitialContext.java:197)
>> at
>> javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:82)
>> at
>> org.eclipse.emf.emfstore.internal.server.accesscontrol.authentication.verifiers.LDAPVerifier.verifyPassword(LDAPVerifier.java:84)
>>
>> at
>> org.eclipse.emf.emfstore.internal.server.accesscontrol.authentication.verifiers.VerifierChain.verifyPassword(VerifierChain.java:57)
>>
>> at
>> org.eclipse.emf.emfstore.internal.server.accesscontrol.authentication.verifiers.AbstractAuthenticationControl.logIn(AbstractAuthenticationControl.java:70)
>>
>> at
>> org.eclipse.emf.emfstore.internal.server.accesscontrol.AccessControlImpl.logIn(AccessControlImpl.java:128)
>>
>> at
>> org.eclipse.emf.emfstore.internal.server.connection.xmlrpc.XmlRpcEmfStoreImpl.logIn(XmlRpcEmfStoreImpl.java:76)
>>
>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>>
>> at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>>
>> at java.lang.reflect.Method.invoke(Method.java:597)
>> at
>> org.apache.xmlrpc.server.ReflectiveXmlRpcHandler.invoke(ReflectiveXmlRpcHandler.java:115)
>>
>> at
>> org.apache.xmlrpc.server.ReflectiveXmlRpcHandler.execute(ReflectiveXmlRpcHandler.java:106)
>>
>> at
>> org.apache.xmlrpc.server.XmlRpcServerWorker.execute(XmlRpcServerWorker.java:46)
>>
>> at org.apache.xmlrpc.server.XmlRpcServer.execute(XmlRpcServer.java:86)
>> at
>> org.apache.xmlrpc.server.XmlRpcStreamServer.execute(XmlRpcStreamServer.java:200)
>>
>> at org.apache.xmlrpc.webserver.Connection.run(Connection.java:208)
>> at org.apache.xmlrpc.util.ThreadPool$Poolable$1.run(ThreadPool.java:68)
>> Caused by: java.net.SocketException: Connection reset
>> at java.net.SocketInputStream.read(SocketInputStream.java:168)
>> at
>> com.sun.net.ssl.internal.ssl.InputRecord.readFully(InputRecord.java:293)
>> at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:331)
>> at
>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:830)
>>
>> at
>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1170)
>>
>> at
>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:637)
>>
>> at
>> com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:88)
>> at
>> java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
>> at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
>> at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:400)
>> at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:373)
>> at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:332)
>> at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:190)
>> ... 27 more
>>
>
>
Re: [EMFStore] LDAP connection fails [message #1334562 is a reply to message #1333716] Mon, 05 May 2014 16:50 Go to previous messageGo to next message
Maximilian Koegel is currently offline Maximilian KoegelFriend
Messages: 253
Registered: July 2009
Senior Member
Hi Kristof,

we have customers which use both the authenticated and the
non-authenticated LDAP with EMFStore, so to my understanding it should
work generally. However I am aware that we debugged these kind of
problems for customers in the past and it always turned out to be some
kind of misconfiguration.
Would it be possible for you to test against a self-hosted LDAP server
such as https://directory.apache.org/ to make sure the problem is not
configuration related?

Cheers,
Maximilian

Am 05.05.2014 09:33, schrieb Zalecki, Kristof:
> Hi Maximilian,
>
> I actually tried both on different servers. The one I need is
> the authenticated server though.
> I use the login credentials of the ldap server for the ldap connection
> and then I am trying to log into emfstore using a user from the active
> directory whom I also saved in my emfstore.
>
> The example from the stack trace is an open server I found online and
> should work without any login credentials, but every time I try to
> connect I get the same result, regardless of whether I am using
> authenticated ldap or not.
>
> Regards,
> Kristof
>
>
> Am 02.05.2014 13:17, schrieb Maximilian Koegel:
>> Hi,
>>
>> do you use authenticated LDAP or LDAP only?
>> The authuser is for authenticated LDAP only and will be used to initally
>> connect to the LDAP server. It is not related to the actual user
>> credentials to be authenticated by EMFStore.
>>
>> Cheers,
>> Maximilian
>>
>> Am 30.04.2014 11:52, schrieb Zalecki, Kristof:
>>> Hi,
>>>
>>> I configured my EMFStore server to connect to an Actice Directory using
>>> the right configuration and login credentials of the AD server, but
>>> every time I try to login to my EMFStore server with a user I previously
>>> added it simply fails to connect.
>>> The server adress is correct, since I am able to login using ldap
>>> browser 4.5. I even tried loging into ldap servers which do not need any
>>> login credentials and also failed (like the one shown in the stack
>>> trace). Connecting to the emfstore server from a different machine and
>>> working on the projects works so far, which would take out the firewall
>>> as a source for the faults.
>>> I am still using emfstore 1.1 btw.
>>>
>>> My configuration in the es.properties files looks like this:
>>>
>>> emfstore.accesscontrol.authentication.ldap.1.url=ldap://x500.bund.de:389
>>> emfstore.accesscontrol.authentication.ldap.1.base=o=Bund,c=DE
>>> emfstore.accesscontrol.authentication.ldap.1.searchdn=sAMAccountName
>>> emfstore.accesscontrol.authentication.ldap.1.authuser=peter
>>> emfstore.accesscontrol.authentication.ldap.1.authpass=wurst
>>>
>>> Regards,
>>> Kristof
>>>
>>> Here the stack trace:
>>> LDAP Directory ldap://x500.bund.de:389 not found.
>>> javax.naming.CommunicationException: simple bind failed:
>>> x500.bund.de:389 [Root exception is java.net.SocketException: Connection
>>> reset]
>>> at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:195)
>>> at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2720)
>>> at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:296)
>>> at
>>> com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
>>> at
>>> com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
>>> at
>>> com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
>>>
>>>
>>> at
>>> com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
>>>
>>> at
>>> javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
>>> at
>>> javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
>>> at javax.naming.InitialContext.init(InitialContext.java:223)
>>> at javax.naming.InitialContext.<init>(InitialContext.java:197)
>>> at
>>> javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:82)
>>>
>>> at
>>> org.eclipse.emf.emfstore.internal.server.accesscontrol.authentication.verifiers.LDAPVerifier.verifyPassword(LDAPVerifier.java:84)
>>>
>>>
>>> at
>>> org.eclipse.emf.emfstore.internal.server.accesscontrol.authentication.verifiers.VerifierChain.verifyPassword(VerifierChain.java:57)
>>>
>>>
>>> at
>>> org.eclipse.emf.emfstore.internal.server.accesscontrol.authentication.verifiers.AbstractAuthenticationControl.logIn(AbstractAuthenticationControl.java:70)
>>>
>>>
>>> at
>>> org.eclipse.emf.emfstore.internal.server.accesscontrol.AccessControlImpl.logIn(AccessControlImpl.java:128)
>>>
>>>
>>> at
>>> org.eclipse.emf.emfstore.internal.server.connection.xmlrpc.XmlRpcEmfStoreImpl.logIn(XmlRpcEmfStoreImpl.java:76)
>>>
>>>
>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>> at
>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>>>
>>>
>>> at
>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>>>
>>>
>>> at java.lang.reflect.Method.invoke(Method.java:597)
>>> at
>>> org.apache.xmlrpc.server.ReflectiveXmlRpcHandler.invoke(ReflectiveXmlRpcHandler.java:115)
>>>
>>>
>>> at
>>> org.apache.xmlrpc.server.ReflectiveXmlRpcHandler.execute(ReflectiveXmlRpcHandler.java:106)
>>>
>>>
>>> at
>>> org.apache.xmlrpc.server.XmlRpcServerWorker.execute(XmlRpcServerWorker.java:46)
>>>
>>>
>>> at
>>> org.apache.xmlrpc.server.XmlRpcServer.execute(XmlRpcServer.java:86)
>>> at
>>> org.apache.xmlrpc.server.XmlRpcStreamServer.execute(XmlRpcStreamServer.java:200)
>>>
>>>
>>> at org.apache.xmlrpc.webserver.Connection.run(Connection.java:208)
>>> at
>>> org.apache.xmlrpc.util.ThreadPool$Poolable$1.run(ThreadPool.java:68)
>>> Caused by: java.net.SocketException: Connection reset
>>> at java.net.SocketInputStream.read(SocketInputStream.java:168)
>>> at
>>> com.sun.net.ssl.internal.ssl.InputRecord.readFully(InputRecord.java:293)
>>> at
>>> com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:331)
>>> at
>>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:830)
>>>
>>>
>>> at
>>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1170)
>>>
>>>
>>> at
>>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:637)
>>>
>>>
>>> at
>>> com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:88)
>>>
>>> at
>>> java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
>>> at
>>> java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
>>> at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:400)
>>> at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:373)
>>> at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:332)
>>> at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:190)
>>> ... 27 more
>>>
>>
>>
>


--
Maximilian Kögel

Get Professional Eclipse Support: http://eclipsesource.com/munich
Re: [EMFStore] LDAP connection fails [message #1343492 is a reply to message #1334562] Fri, 09 May 2014 10:07 Go to previous messageGo to next message
Kristof Zalecki is currently offline Kristof ZaleckiFriend
Messages: 23
Registered: October 2013
Junior Member
Hi Maximilian,

I have tried ApacheDS Studio for quiet a while now and I am not able to
get a connection. The problem seems to be, that emfstore is always
trying to establish a SSL connection. Even when the server is set to
create a simple ldap://xxxxxxxx:389 connection I get the following error
stack trace message:

javax.naming.CommunicationException: simple bind failed: localHost:389
[Root exception is javax.net.ssl.SSLException: Unrecognized SSL message,
plaintext connection?]


And on the non-local server I get the following error stack trace message:

javax.naming.CommunicationException: simple bind failed:
ldap01.xxxx.xxxx:389 [Root exception is javax.net.ssl.SSLException:
java.net.SocketException: Connection reset]


Unfortunately the ldap server I need to connect with does not have the
option for SSL connections.

Regards,
Kristof

Am 05.05.2014 18:50, schrieb Maximilian Koegel:
> Hi Kristof,
>
> we have customers which use both the authenticated and the
> non-authenticated LDAP with EMFStore, so to my understanding it should
> work generally. However I am aware that we debugged these kind of
> problems for customers in the past and it always turned out to be some
> kind of misconfiguration.
> Would it be possible for you to test against a self-hosted LDAP server
> such as https://directory.apache.org/ to make sure the problem is not
> configuration related?
>
> Cheers,
> Maximilian
>
> Am 05.05.2014 09:33, schrieb Zalecki, Kristof:
>> Hi Maximilian,
>>
>> I actually tried both on different servers. The one I need is
>> the authenticated server though.
>> I use the login credentials of the ldap server for the ldap connection
>> and then I am trying to log into emfstore using a user from the active
>> directory whom I also saved in my emfstore.
>>
>> The example from the stack trace is an open server I found online and
>> should work without any login credentials, but every time I try to
>> connect I get the same result, regardless of whether I am using
>> authenticated ldap or not.
>>
>> Regards,
>> Kristof
>>
>>
>> Am 02.05.2014 13:17, schrieb Maximilian Koegel:
>>> Hi,
>>>
>>> do you use authenticated LDAP or LDAP only?
>>> The authuser is for authenticated LDAP only and will be used to initally
>>> connect to the LDAP server. It is not related to the actual user
>>> credentials to be authenticated by EMFStore.
>>>
>>> Cheers,
>>> Maximilian
>>>
>>> Am 30.04.2014 11:52, schrieb Zalecki, Kristof:
>>>> Hi,
>>>>
>>>> I configured my EMFStore server to connect to an Actice Directory using
>>>> the right configuration and login credentials of the AD server, but
>>>> every time I try to login to my EMFStore server with a user I previously
>>>> added it simply fails to connect.
>>>> The server adress is correct, since I am able to login using ldap
>>>> browser 4.5. I even tried loging into ldap servers which do not need any
>>>> login credentials and also failed (like the one shown in the stack
>>>> trace). Connecting to the emfstore server from a different machine and
>>>> working on the projects works so far, which would take out the firewall
>>>> as a source for the faults.
>>>> I am still using emfstore 1.1 btw.
>>>>
>>>> My configuration in the es.properties files looks like this:
>>>>
>>>> emfstore.accesscontrol.authentication.ldap.1.url=ldap://x500.bund.de:389
>>>> emfstore.accesscontrol.authentication.ldap.1.base=o=Bund,c=DE
>>>> emfstore.accesscontrol.authentication.ldap.1.searchdn=sAMAccountName
>>>> emfstore.accesscontrol.authentication.ldap.1.authuser=peter
>>>> emfstore.accesscontrol.authentication.ldap.1.authpass=wurst
>>>>
>>>> Regards,
>>>> Kristof
>>>>
>>>> Here the stack trace:
>>>> LDAP Directory ldap://x500.bund.de:389 not found.
>>>> javax.naming.CommunicationException: simple bind failed:
>>>> x500.bund.de:389 [Root exception is java.net.SocketException: Connection
>>>> reset]
>>>> at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:195)
>>>> at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2720)
>>>> at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:296)
>>>> at
>>>> com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
>>>> at
>>>> com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
>>>> at
>>>> com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
>>>>
>>>>
>>>> at
>>>> com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
>>>>
>>>> at
>>>> javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
>>>> at
>>>> javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
>>>> at javax.naming.InitialContext.init(InitialContext.java:223)
>>>> at javax.naming.InitialContext.<init>(InitialContext.java:197)
>>>> at
>>>> javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:82)
>>>>
>>>> at
>>>> org.eclipse.emf.emfstore.internal.server.accesscontrol.authentication.verifiers.LDAPVerifier.verifyPassword(LDAPVerifier.java:84)
>>>>
>>>>
>>>> at
>>>> org.eclipse.emf.emfstore.internal.server.accesscontrol.authentication.verifiers.VerifierChain.verifyPassword(VerifierChain.java:57)
>>>>
>>>>
>>>> at
>>>> org.eclipse.emf.emfstore.internal.server.accesscontrol.authentication.verifiers.AbstractAuthenticationControl.logIn(AbstractAuthenticationControl.java:70)
>>>>
>>>>
>>>> at
>>>> org.eclipse.emf.emfstore.internal.server.accesscontrol.AccessControlImpl.logIn(AccessControlImpl.java:128)
>>>>
>>>>
>>>> at
>>>> org.eclipse.emf.emfstore.internal.server.connection.xmlrpc.XmlRpcEmfStoreImpl.logIn(XmlRpcEmfStoreImpl.java:76)
>>>>
>>>>
>>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>>> at
>>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>>>>
>>>>
>>>> at
>>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>>>>
>>>>
>>>> at java.lang.reflect.Method.invoke(Method.java:597)
>>>> at
>>>> org.apache.xmlrpc.server.ReflectiveXmlRpcHandler.invoke(ReflectiveXmlRpcHandler.java:115)
>>>>
>>>>
>>>> at
>>>> org.apache.xmlrpc.server.ReflectiveXmlRpcHandler.execute(ReflectiveXmlRpcHandler.java:106)
>>>>
>>>>
>>>> at
>>>> org.apache.xmlrpc.server.XmlRpcServerWorker.execute(XmlRpcServerWorker.java:46)
>>>>
>>>>
>>>> at
>>>> org.apache.xmlrpc.server.XmlRpcServer.execute(XmlRpcServer.java:86)
>>>> at
>>>> org.apache.xmlrpc.server.XmlRpcStreamServer.execute(XmlRpcStreamServer.java:200)
>>>>
>>>>
>>>> at org.apache.xmlrpc.webserver.Connection.run(Connection.java:208)
>>>> at
>>>> org.apache.xmlrpc.util.ThreadPool$Poolable$1.run(ThreadPool.java:68)
>>>> Caused by: java.net.SocketException: Connection reset
>>>> at java.net.SocketInputStream.read(SocketInputStream.java:168)
>>>> at
>>>> com.sun.net.ssl.internal.ssl.InputRecord.readFully(InputRecord.java:293)
>>>> at
>>>> com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:331)
>>>> at
>>>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:830)
>>>>
>>>>
>>>> at
>>>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1170)
>>>>
>>>>
>>>> at
>>>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:637)
>>>>
>>>>
>>>> at
>>>> com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:88)
>>>>
>>>> at
>>>> java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
>>>> at
>>>> java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
>>>> at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:400)
>>>> at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:373)
>>>> at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:332)
>>>> at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:190)
>>>> ... 27 more
>>>>
>>>
>>>
>>
>
>
Re: [EMFStore] LDAP connection fails [message #1349576 is a reply to message #1343492] Mon, 12 May 2014 08:54 Go to previous messageGo to next message
Kristof Zalecki is currently offline Kristof ZaleckiFriend
Messages: 23
Registered: October 2013
Junior Member
Hi,

I finally found a partly solution which at least lets me connect via SSL.

I debugged the emfstore during login and found out, that the principal
for the user I try to log in with is not set, so I added a line in
the class LDAPVerifier.java in the package
org.eclipse.emf.emfstore.internal.server.accesscontrol.authentication.verifiers
and now it is working fine:

private Properties authenticatedBind(String principal, String credentials) {
final Properties bind = anonymousBind();
bind.put(Context.SECURITY_PRINCIPAL, principal + "," + ldapBase);
bind.put(Context.SECURITY_AUTHENTICATION, "simple");
bind.put(Context.SECURITY_CREDENTIALS, credentials);

return bind;
}

However, connecting without SSL is still not possible.

Regards,
Kristof

Am 09.05.2014 12:07, schrieb Zalecki, Kristof:
> Hi Maximilian,
>
> I have tried ApacheDS Studio for quiet a while now and I am not able to
> get a connection. The problem seems to be, that emfstore is always
> trying to establish a SSL connection. Even when the server is set to
> create a simple ldap://xxxxxxxx:389 connection I get the following error
> stack trace message:
>
> javax.naming.CommunicationException: simple bind failed: localHost:389
> [Root exception is javax.net.ssl.SSLException: Unrecognized SSL message,
> plaintext connection?]
>
>
> And on the non-local server I get the following error stack trace message:
>
> javax.naming.CommunicationException: simple bind failed:
> ldap01.xxxx.xxxx:389 [Root exception is javax.net.ssl.SSLException:
> java.net.SocketException: Connection reset]
>
>
> Unfortunately the ldap server I need to connect with does not have the
> option for SSL connections.
>
> Regards,
> Kristof
>
> Am 05.05.2014 18:50, schrieb Maximilian Koegel:
>> Hi Kristof,
>>
>> we have customers which use both the authenticated and the
>> non-authenticated LDAP with EMFStore, so to my understanding it should
>> work generally. However I am aware that we debugged these kind of
>> problems for customers in the past and it always turned out to be some
>> kind of misconfiguration.
>> Would it be possible for you to test against a self-hosted LDAP server
>> such as https://directory.apache.org/ to make sure the problem is not
>> configuration related?
>>
>> Cheers,
>> Maximilian
>>
>> Am 05.05.2014 09:33, schrieb Zalecki, Kristof:
>>> Hi Maximilian,
>>>
>>> I actually tried both on different servers. The one I need is
>>> the authenticated server though.
>>> I use the login credentials of the ldap server for the ldap connection
>>> and then I am trying to log into emfstore using a user from the active
>>> directory whom I also saved in my emfstore.
>>>
>>> The example from the stack trace is an open server I found online and
>>> should work without any login credentials, but every time I try to
>>> connect I get the same result, regardless of whether I am using
>>> authenticated ldap or not.
>>>
>>> Regards,
>>> Kristof
>>>
>>>
>>> Am 02.05.2014 13:17, schrieb Maximilian Koegel:
>>>> Hi,
>>>>
>>>> do you use authenticated LDAP or LDAP only?
>>>> The authuser is for authenticated LDAP only and will be used to
>>>> initally
>>>> connect to the LDAP server. It is not related to the actual user
>>>> credentials to be authenticated by EMFStore.
>>>>
>>>> Cheers,
>>>> Maximilian
>>>>
>>>> Am 30.04.2014 11:52, schrieb Zalecki, Kristof:
>>>>> Hi,
>>>>>
>>>>> I configured my EMFStore server to connect to an Actice Directory
>>>>> using
>>>>> the right configuration and login credentials of the AD server, but
>>>>> every time I try to login to my EMFStore server with a user I
>>>>> previously
>>>>> added it simply fails to connect.
>>>>> The server adress is correct, since I am able to login using ldap
>>>>> browser 4.5. I even tried loging into ldap servers which do not
>>>>> need any
>>>>> login credentials and also failed (like the one shown in the stack
>>>>> trace). Connecting to the emfstore server from a different machine and
>>>>> working on the projects works so far, which would take out the
>>>>> firewall
>>>>> as a source for the faults.
>>>>> I am still using emfstore 1.1 btw.
>>>>>
>>>>> My configuration in the es.properties files looks like this:
>>>>>
>>>>> emfstore.accesscontrol.authentication.ldap.1.url=ldap://x500.bund.de:389
>>>>>
>>>>> emfstore.accesscontrol.authentication.ldap.1.base=o=Bund,c=DE
>>>>> emfstore.accesscontrol.authentication.ldap.1.searchdn=sAMAccountName
>>>>> emfstore.accesscontrol.authentication.ldap.1.authuser=peter
>>>>> emfstore.accesscontrol.authentication.ldap.1.authpass=wurst
>>>>>
>>>>> Regards,
>>>>> Kristof
>>>>>
>>>>> Here the stack trace:
>>>>> LDAP Directory ldap://x500.bund.de:389 not found.
>>>>> javax.naming.CommunicationException: simple bind failed:
>>>>> x500.bund.de:389 [Root exception is java.net.SocketException:
>>>>> Connection
>>>>> reset]
>>>>> at
>>>>> com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:195)
>>>>> at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2720)
>>>>> at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:296)
>>>>> at
>>>>> com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
>>>>> at
>>>>> com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
>>>>> at
>>>>> com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
>>>>>
>>>>>
>>>>>
>>>>> at
>>>>> com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
>>>>>
>>>>>
>>>>> at
>>>>> javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
>>>>>
>>>>> at
>>>>> javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
>>>>> at javax.naming.InitialContext.init(InitialContext.java:223)
>>>>> at javax.naming.InitialContext.<init>(InitialContext.java:197)
>>>>> at
>>>>> javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:82)
>>>>>
>>>>>
>>>>> at
>>>>> org.eclipse.emf.emfstore.internal.server.accesscontrol.authentication.verifiers.LDAPVerifier.verifyPassword(LDAPVerifier.java:84)
>>>>>
>>>>>
>>>>>
>>>>> at
>>>>> org.eclipse.emf.emfstore.internal.server.accesscontrol.authentication.verifiers.VerifierChain.verifyPassword(VerifierChain.java:57)
>>>>>
>>>>>
>>>>>
>>>>> at
>>>>> org.eclipse.emf.emfstore.internal.server.accesscontrol.authentication.verifiers.AbstractAuthenticationControl.logIn(AbstractAuthenticationControl.java:70)
>>>>>
>>>>>
>>>>>
>>>>> at
>>>>> org.eclipse.emf.emfstore.internal.server.accesscontrol.AccessControlImpl.logIn(AccessControlImpl.java:128)
>>>>>
>>>>>
>>>>>
>>>>> at
>>>>> org.eclipse.emf.emfstore.internal.server.connection.xmlrpc.XmlRpcEmfStoreImpl.logIn(XmlRpcEmfStoreImpl.java:76)
>>>>>
>>>>>
>>>>>
>>>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>>>> at
>>>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>>>>>
>>>>>
>>>>>
>>>>> at
>>>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>>>>>
>>>>>
>>>>>
>>>>> at java.lang.reflect.Method.invoke(Method.java:597)
>>>>> at
>>>>> org.apache.xmlrpc.server.ReflectiveXmlRpcHandler.invoke(ReflectiveXmlRpcHandler.java:115)
>>>>>
>>>>>
>>>>>
>>>>> at
>>>>> org.apache.xmlrpc.server.ReflectiveXmlRpcHandler.execute(ReflectiveXmlRpcHandler.java:106)
>>>>>
>>>>>
>>>>>
>>>>> at
>>>>> org.apache.xmlrpc.server.XmlRpcServerWorker.execute(XmlRpcServerWorker.java:46)
>>>>>
>>>>>
>>>>>
>>>>> at
>>>>> org.apache.xmlrpc.server.XmlRpcServer.execute(XmlRpcServer.java:86)
>>>>> at
>>>>> org.apache.xmlrpc.server.XmlRpcStreamServer.execute(XmlRpcStreamServer.java:200)
>>>>>
>>>>>
>>>>>
>>>>> at
>>>>> org.apache.xmlrpc.webserver.Connection.run(Connection.java:208)
>>>>> at
>>>>> org.apache.xmlrpc.util.ThreadPool$Poolable$1.run(ThreadPool.java:68)
>>>>> Caused by: java.net.SocketException: Connection reset
>>>>> at java.net.SocketInputStream.read(SocketInputStream.java:168)
>>>>> at
>>>>> com.sun.net.ssl.internal.ssl.InputRecord.readFully(InputRecord.java:293)
>>>>>
>>>>> at
>>>>> com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:331)
>>>>> at
>>>>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:830)
>>>>>
>>>>>
>>>>>
>>>>> at
>>>>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1170)
>>>>>
>>>>>
>>>>>
>>>>> at
>>>>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:637)
>>>>>
>>>>>
>>>>>
>>>>> at
>>>>> com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:88)
>>>>>
>>>>>
>>>>> at
>>>>> java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
>>>>> at
>>>>> java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
>>>>> at
>>>>> com.sun.jndi.ldap.Connection.writeRequest(Connection.java:400)
>>>>> at
>>>>> com.sun.jndi.ldap.Connection.writeRequest(Connection.java:373)
>>>>> at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:332)
>>>>> at
>>>>> com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:190)
>>>>> ... 27 more
>>>>>
>>>>
>>>>
>>>
>>
>>
>
Re: [EMFStore] LDAP connection fails [message #1349666 is a reply to message #1349576] Mon, 12 May 2014 09:41 Go to previous messageGo to next message
Kristof Zalecki is currently offline Kristof ZaleckiFriend
Messages: 23
Registered: October 2013
Junior Member
Update:

Finally found the solution for the SSL problem.

The following line is only needed for SSL connections and therefore
needs to be placed inside the IF-statement:

props.put("java.naming.ldap.factory.socket",
LDAPSSLSocketFactory.class.getCanonicalName());

, which looks like this:

private Properties anonymousBind() {
final Properties props = new Properties();
props.put("java.naming.ldap.version", "3");
props.put(Context.INITIAL_CONTEXT_FACTORY, DEFAULT_CTX);
props.put(Context.PROVIDER_URL, ldapUrl);

if (useSSL()) {
props.put("java.naming.ldap.factory.socket",
LDAPSSLSocketFactory.class.getCanonicalName());
props.put(Context.SECURITY_PROTOCOL, "ssl");
}

return props;
}

I' appending the corrected class if someone faces the same problems.


Am 12.05.2014 10:54, schrieb Zalecki, Kristof:
> Hi,
>
> I finally found a partly solution which at least lets me connect via SSL.
>
> I debugged the emfstore during login and found out, that the principal
> for the user I try to log in with is not set, so I added a line in
> the class LDAPVerifier.java in the package
> org.eclipse.emf.emfstore.internal.server.accesscontrol.authentication.verifiers
> and now it is working fine:
>
> private Properties authenticatedBind(String principal, String
> credentials) {
> final Properties bind = anonymousBind();
> bind.put(Context.SECURITY_PRINCIPAL, principal + "," + ldapBase);
> bind.put(Context.SECURITY_AUTHENTICATION, "simple");
> bind.put(Context.SECURITY_CREDENTIALS, credentials);
>
> return bind;
> }
>
> However, connecting without SSL is still not possible.
>
> Regards,
> Kristof
>
> Am 09.05.2014 12:07, schrieb Zalecki, Kristof:
>> Hi Maximilian,
>>
>> I have tried ApacheDS Studio for quiet a while now and I am not able to
>> get a connection. The problem seems to be, that emfstore is always
>> trying to establish a SSL connection. Even when the server is set to
>> create a simple ldap://xxxxxxxx:389 connection I get the following error
>> stack trace message:
>>
>> javax.naming.CommunicationException: simple bind failed: localHost:389
>> [Root exception is javax.net.ssl.SSLException: Unrecognized SSL message,
>> plaintext connection?]
>>
>>
>> And on the non-local server I get the following error stack trace
>> message:
>>
>> javax.naming.CommunicationException: simple bind failed:
>> ldap01.xxxx.xxxx:389 [Root exception is javax.net.ssl.SSLException:
>> java.net.SocketException: Connection reset]
>>
>>
>> Unfortunately the ldap server I need to connect with does not have the
>> option for SSL connections.
>>
>> Regards,
>> Kristof
>>
>> Am 05.05.2014 18:50, schrieb Maximilian Koegel:
>>> Hi Kristof,
>>>
>>> we have customers which use both the authenticated and the
>>> non-authenticated LDAP with EMFStore, so to my understanding it should
>>> work generally. However I am aware that we debugged these kind of
>>> problems for customers in the past and it always turned out to be some
>>> kind of misconfiguration.
>>> Would it be possible for you to test against a self-hosted LDAP server
>>> such as https://directory.apache.org/ to make sure the problem is not
>>> configuration related?
>>>
>>> Cheers,
>>> Maximilian
>>>
>>> Am 05.05.2014 09:33, schrieb Zalecki, Kristof:
>>>> Hi Maximilian,
>>>>
>>>> I actually tried both on different servers. The one I need is
>>>> the authenticated server though.
>>>> I use the login credentials of the ldap server for the ldap connection
>>>> and then I am trying to log into emfstore using a user from the active
>>>> directory whom I also saved in my emfstore.
>>>>
>>>> The example from the stack trace is an open server I found online and
>>>> should work without any login credentials, but every time I try to
>>>> connect I get the same result, regardless of whether I am using
>>>> authenticated ldap or not.
>>>>
>>>> Regards,
>>>> Kristof
>>>>
>>>>
>>>> Am 02.05.2014 13:17, schrieb Maximilian Koegel:
>>>>> Hi,
>>>>>
>>>>> do you use authenticated LDAP or LDAP only?
>>>>> The authuser is for authenticated LDAP only and will be used to
>>>>> initally
>>>>> connect to the LDAP server. It is not related to the actual user
>>>>> credentials to be authenticated by EMFStore.
>>>>>
>>>>> Cheers,
>>>>> Maximilian
>>>>>
>>>>> Am 30.04.2014 11:52, schrieb Zalecki, Kristof:
>>>>>> Hi,
>>>>>>
>>>>>> I configured my EMFStore server to connect to an Actice Directory
>>>>>> using
>>>>>> the right configuration and login credentials of the AD server, but
>>>>>> every time I try to login to my EMFStore server with a user I
>>>>>> previously
>>>>>> added it simply fails to connect.
>>>>>> The server adress is correct, since I am able to login using ldap
>>>>>> browser 4.5. I even tried loging into ldap servers which do not
>>>>>> need any
>>>>>> login credentials and also failed (like the one shown in the stack
>>>>>> trace). Connecting to the emfstore server from a different machine
>>>>>> and
>>>>>> working on the projects works so far, which would take out the
>>>>>> firewall
>>>>>> as a source for the faults.
>>>>>> I am still using emfstore 1.1 btw.
>>>>>>
>>>>>> My configuration in the es.properties files looks like this:
>>>>>>
>>>>>> emfstore.accesscontrol.authentication.ldap.1.url=ldap://x500.bund.de:389
>>>>>>
>>>>>>
>>>>>> emfstore.accesscontrol.authentication.ldap.1.base=o=Bund,c=DE
>>>>>> emfstore.accesscontrol.authentication.ldap.1.searchdn=sAMAccountName
>>>>>> emfstore.accesscontrol.authentication.ldap.1.authuser=peter
>>>>>> emfstore.accesscontrol.authentication.ldap.1.authpass=wurst
>>>>>>
>>>>>> Regards,
>>>>>> Kristof
>>>>>>
>>>>>> Here the stack trace:
>>>>>> LDAP Directory ldap://x500.bund.de:389 not found.
>>>>>> javax.naming.CommunicationException: simple bind failed:
>>>>>> x500.bund.de:389 [Root exception is java.net.SocketException:
>>>>>> Connection
>>>>>> reset]
>>>>>> at
>>>>>> com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:195)
>>>>>> at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2720)
>>>>>> at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:296)
>>>>>> at
>>>>>> com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
>>>>>> at
>>>>>> com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
>>>>>>
>>>>>> at
>>>>>> com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> at
>>>>>> com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
>>>>>>
>>>>>>
>>>>>>
>>>>>> at
>>>>>> javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
>>>>>>
>>>>>>
>>>>>> at
>>>>>> javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
>>>>>>
>>>>>> at javax.naming.InitialContext.init(InitialContext.java:223)
>>>>>> at javax.naming.InitialContext.<init>(InitialContext.java:197)
>>>>>> at
>>>>>> javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:82)
>>>>>>
>>>>>>
>>>>>>
>>>>>> at
>>>>>> org.eclipse.emf.emfstore.internal.server.accesscontrol.authentication.verifiers.LDAPVerifier.verifyPassword(LDAPVerifier.java:84)
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> at
>>>>>> org.eclipse.emf.emfstore.internal.server.accesscontrol.authentication.verifiers.VerifierChain.verifyPassword(VerifierChain.java:57)
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> at
>>>>>> org.eclipse.emf.emfstore.internal.server.accesscontrol.authentication.verifiers.AbstractAuthenticationControl.logIn(AbstractAuthenticationControl.java:70)
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> at
>>>>>> org.eclipse.emf.emfstore.internal.server.accesscontrol.AccessControlImpl.logIn(AccessControlImpl.java:128)
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> at
>>>>>> org.eclipse.emf.emfstore.internal.server.connection.xmlrpc.XmlRpcEmfStoreImpl.logIn(XmlRpcEmfStoreImpl.java:76)
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>>>>> at
>>>>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> at
>>>>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> at java.lang.reflect.Method.invoke(Method.java:597)
>>>>>> at
>>>>>> org.apache.xmlrpc.server.ReflectiveXmlRpcHandler.invoke(ReflectiveXmlRpcHandler.java:115)
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> at
>>>>>> org.apache.xmlrpc.server.ReflectiveXmlRpcHandler.execute(ReflectiveXmlRpcHandler.java:106)
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> at
>>>>>> org.apache.xmlrpc.server.XmlRpcServerWorker.execute(XmlRpcServerWorker.java:46)
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> at
>>>>>> org.apache.xmlrpc.server.XmlRpcServer.execute(XmlRpcServer.java:86)
>>>>>> at
>>>>>> org.apache.xmlrpc.server.XmlRpcStreamServer.execute(XmlRpcStreamServer.java:200)
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> at
>>>>>> org.apache.xmlrpc.webserver.Connection.run(Connection.java:208)
>>>>>> at
>>>>>> org.apache.xmlrpc.util.ThreadPool$Poolable$1.run(ThreadPool.java:68)
>>>>>> Caused by: java.net.SocketException: Connection reset
>>>>>> at java.net.SocketInputStream.read(SocketInputStream.java:168)
>>>>>> at
>>>>>> com.sun.net.ssl.internal.ssl.InputRecord.readFully(InputRecord.java:293)
>>>>>>
>>>>>>
>>>>>> at
>>>>>> com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:331)
>>>>>> at
>>>>>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:830)
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> at
>>>>>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1170)
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> at
>>>>>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:637)
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> at
>>>>>> com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:88)
>>>>>>
>>>>>>
>>>>>>
>>>>>> at
>>>>>> java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
>>>>>>
>>>>>> at
>>>>>> java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
>>>>>> at
>>>>>> com.sun.jndi.ldap.Connection.writeRequest(Connection.java:400)
>>>>>> at
>>>>>> com.sun.jndi.ldap.Connection.writeRequest(Connection.java:373)
>>>>>> at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:332)
>>>>>> at
>>>>>> com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:190)
>>>>>> ... 27 more
>>>>>>
>>>>>
>>>>>
>>>>
>>>
>>>
>>


/*******************************************************************************
* Copyright (c) 2008-2011 Chair for Applied Software Engineering,
* Technische Universitaet Muenchen.
* All rights reserved. This program and the accompanying materials
* are made available under the terms of the Eclipse Public License v1.0
* which accompanies this distribution, and is available at
* http://www.eclipse.org/legal/epl-v10.html
*
* Contributors:
* Otto von Wesendonk - initial API and implementation
******************************************************************************/
package org.eclipse.emf.emfstore.internal.server.accesscontrol.authentication.verifiers;

import java.util.Properties;

import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;

import org.eclipse.emf.emfstore.internal.common.model.util.ModelUtil;
import org.eclipse.emf.emfstore.internal.server.connection.ServerKeyStoreManager;
import org.eclipse.emf.emfstore.internal.server.exceptions.AccessControlException;
import org.eclipse.emf.emfstore.internal.server.model.accesscontrol.ACUser;

/**
* Verifies username/password using LDAP.
*
* @author Wesendonk
*/
public class LDAPVerifier extends AbstractAuthenticationControl {

private final String ldapUrl;
private final String ldapBase;
private final String searchDn;
private boolean useSSL;

private static final String DEFAULT_CTX = "com.sun.jndi.ldap.LdapCtxFactory";
private final String authUser;
private final String authPassword;

/**
* Default constructor.
*
* @param ldapUrl url, if url starts with ldaps:// SSL is used.
* @param ldapBase base
* @param searchDn dn
* @param authUser user to allow access to server
* @param authPassword password of user to allow access to server
*/
public LDAPVerifier(String ldapUrl, String ldapBase, String searchDn, String authUser, String authPassword) {
this.ldapUrl = ldapUrl;
this.ldapBase = ldapBase;
this.searchDn = searchDn;
this.authUser = authUser;
this.authPassword = authPassword;

if (ldapUrl.startsWith("ldaps://")) {
useSSL = true;
ServerKeyStoreManager.getInstance().setJavaSSLProperties();
}
}

/**
*
* {@inheritDoc}
*
* @see org.eclipse.emf.emfstore.internal.server.accesscontrol.authentication.verifiers.AbstractAuthenticationControl#verifyPassword(org.eclipse.emf.emfstore.internal.server.model.accesscontrol.ACUser,
* java.lang.String, java.lang.String)
*/
@Override
public boolean verifyPassword(ACUser resolvedUser, String username, String password) throws AccessControlException {
DirContext dirContext = null;

// anonymous bind and resolve user
try {
if (authUser != null && authPassword != null) {
// authenticated bind and resolve user
final Properties authenticatedBind = authenticatedBind(authUser, authPassword);
authenticatedBind.put(Context.SECURITY_PRINCIPAL, authUser);
dirContext = new InitialDirContext(authenticatedBind);
} else {
// anonymous bind and resolve user
dirContext = new InitialDirContext(anonymousBind());
}
} catch (final NamingException e) {
ModelUtil.logWarning("LDAP Directory " + ldapUrl + " not found.", e);
return false;
}
final String resolvedName = resolveUser(username, dirContext);
if (resolvedName == null) {
return false;
}

// Authenticated bind and check user's password
try {
dirContext = new InitialDirContext(authenticatedBind(resolvedName, password));
} catch (final NamingException e) {
e.printStackTrace();
ModelUtil.logWarning("Login failed on " + ldapBase + " .", e);
return false;
}
return true;
}

private Properties anonymousBind() {
final Properties props = new Properties();
props.put("java.naming.ldap.version", "3");
props.put(Context.INITIAL_CONTEXT_FACTORY, DEFAULT_CTX);
props.put(Context.PROVIDER_URL, ldapUrl);

if (useSSL()) {
props.put("java.naming.ldap.factory.socket",
LDAPSSLSocketFactory.class.getCanonicalName());
props.put(Context.SECURITY_PROTOCOL, "ssl");
}

return props;
}

private boolean useSSL() {
return useSSL;
}

private Properties authenticatedBind(String principal, String credentials) {
final Properties bind = anonymousBind();
bind.put(Context.SECURITY_AUTHENTICATION, "simple");
bind.put(Context.SECURITY_PRINCIPAL, principal + "," + ldapBase);
bind.put(Context.SECURITY_CREDENTIALS, credentials);

return bind;
}

private String resolveUser(String username, DirContext dirContext) {
final SearchControls constraints = new SearchControls();
constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
NamingEnumeration<SearchResult> results = null;
try {
results = dirContext.search(ldapBase, "(& (" + searchDn + "=" + username + ") (objectclass=*))",
constraints);
} catch (final NamingException e) {
ModelUtil.logWarning("Search failed, base = " + ldapBase, e);
return null;
}

if (results == null) {
return null;
}

String resolvedName = null;
try {
while (results.hasMoreElements()) {
final SearchResult sr = results.next();
if (sr != null) {
resolvedName = sr.getName();
}
break;
}
} catch (final NamingException e) {
ModelUtil.logException("Search returned invalid results, base = " + ldapBase, e);
return null;
}

if (resolvedName == null) {
ModelUtil.logWarning("Distinguished name not found on " + ldapBase);
return null;
}
return resolvedName;
}

}
Re: [EMFStore] LDAP connection fails [message #1352587 is a reply to message #1349666] Tue, 13 May 2014 14:33 Go to previous messageGo to next message
Edgar Mueller is currently offline Edgar MuellerFriend
Messages: 89
Registered: March 2011
Member
Hi Kristof,

thanks for spotting the error! We will integrate the fix for this issue
into the 1st 1.3.0 milestone release, which is to be released this
friday, 16th of May.

Thanks!

Cheers,
Edgar


Am 12.05.2014 11:41, schrieb Zalecki, Kristof:
> Update:
>
> Finally found the solution for the SSL problem.
>
> The following line is only needed for SSL connections and therefore
> needs to be placed inside the IF-statement:
>
> props.put("java.naming.ldap.factory.socket",
> LDAPSSLSocketFactory.class.getCanonicalName());
>
> , which looks like this:
>
> private Properties anonymousBind() {
> final Properties props = new Properties();
> props.put("java.naming.ldap.version", "3");
> props.put(Context.INITIAL_CONTEXT_FACTORY, DEFAULT_CTX);
> props.put(Context.PROVIDER_URL, ldapUrl);
>
> if (useSSL()) {
> props.put("java.naming.ldap.factory.socket",
> LDAPSSLSocketFactory.class.getCanonicalName());
> props.put(Context.SECURITY_PROTOCOL, "ssl");
> }
>
> return props;
> }
>
> I' appending the corrected class if someone faces the same problems.
>
>
> Am 12.05.2014 10:54, schrieb Zalecki, Kristof:
>> Hi,
>>
>> I finally found a partly solution which at least lets me connect via SSL.
>>
>> I debugged the emfstore during login and found out, that the principal
>> for the user I try to log in with is not set, so I added a line in
>> the class LDAPVerifier.java in the package
>> org.eclipse.emf.emfstore.internal.server.accesscontrol.authentication.verifiers
>>
>> and now it is working fine:
>>
>> private Properties authenticatedBind(String principal, String
>> credentials) {
>> final Properties bind = anonymousBind();
>> bind.put(Context.SECURITY_PRINCIPAL, principal + "," +
>> ldapBase);
>> bind.put(Context.SECURITY_AUTHENTICATION, "simple");
>> bind.put(Context.SECURITY_CREDENTIALS, credentials);
>>
>> return bind;
>> }
>>
>> However, connecting without SSL is still not possible.
>>
>> Regards,
>> Kristof
>>
>> Am 09.05.2014 12:07, schrieb Zalecki, Kristof:
>>> Hi Maximilian,
>>>
>>> I have tried ApacheDS Studio for quiet a while now and I am not able to
>>> get a connection. The problem seems to be, that emfstore is always
>>> trying to establish a SSL connection. Even when the server is set to
>>> create a simple ldap://xxxxxxxx:389 connection I get the following error
>>> stack trace message:
>>>
>>> javax.naming.CommunicationException: simple bind failed: localHost:389
>>> [Root exception is javax.net.ssl.SSLException: Unrecognized SSL message,
>>> plaintext connection?]
>>>
>>>
>>> And on the non-local server I get the following error stack trace
>>> message:
>>>
>>> javax.naming.CommunicationException: simple bind failed:
>>> ldap01.xxxx.xxxx:389 [Root exception is javax.net.ssl.SSLException:
>>> java.net.SocketException: Connection reset]
>>>
>>>
>>> Unfortunately the ldap server I need to connect with does not have the
>>> option for SSL connections.
>>>
>>> Regards,
>>> Kristof
>>>
>>> Am 05.05.2014 18:50, schrieb Maximilian Koegel:
>>>> Hi Kristof,
>>>>
>>>> we have customers which use both the authenticated and the
>>>> non-authenticated LDAP with EMFStore, so to my understanding it should
>>>> work generally. However I am aware that we debugged these kind of
>>>> problems for customers in the past and it always turned out to be some
>>>> kind of misconfiguration.
>>>> Would it be possible for you to test against a self-hosted LDAP server
>>>> such as https://directory.apache.org/ to make sure the problem is not
>>>> configuration related?
>>>>
>>>> Cheers,
>>>> Maximilian
>>>>
>>>> Am 05.05.2014 09:33, schrieb Zalecki, Kristof:
>>>>> Hi Maximilian,
>>>>>
>>>>> I actually tried both on different servers. The one I need is
>>>>> the authenticated server though.
>>>>> I use the login credentials of the ldap server for the ldap connection
>>>>> and then I am trying to log into emfstore using a user from the active
>>>>> directory whom I also saved in my emfstore.
>>>>>
>>>>> The example from the stack trace is an open server I found online and
>>>>> should work without any login credentials, but every time I try to
>>>>> connect I get the same result, regardless of whether I am using
>>>>> authenticated ldap or not.
>>>>>
>>>>> Regards,
>>>>> Kristof
>>>>>
>>>>>
>>>>> Am 02.05.2014 13:17, schrieb Maximilian Koegel:
>>>>>> Hi,
>>>>>>
>>>>>> do you use authenticated LDAP or LDAP only?
>>>>>> The authuser is for authenticated LDAP only and will be used to
>>>>>> initally
>>>>>> connect to the LDAP server. It is not related to the actual user
>>>>>> credentials to be authenticated by EMFStore.
>>>>>>
>>>>>> Cheers,
>>>>>> Maximilian
>>>>>>
>>>>>> Am 30.04.2014 11:52, schrieb Zalecki, Kristof:
>>>>>>> Hi,
>>>>>>>
>>>>>>> I configured my EMFStore server to connect to an Actice Directory
>>>>>>> using
>>>>>>> the right configuration and login credentials of the AD server, but
>>>>>>> every time I try to login to my EMFStore server with a user I
>>>>>>> previously
>>>>>>> added it simply fails to connect.
>>>>>>> The server adress is correct, since I am able to login using ldap
>>>>>>> browser 4.5. I even tried loging into ldap servers which do not
>>>>>>> need any
>>>>>>> login credentials and also failed (like the one shown in the stack
>>>>>>> trace). Connecting to the emfstore server from a different machine
>>>>>>> and
>>>>>>> working on the projects works so far, which would take out the
>>>>>>> firewall
>>>>>>> as a source for the faults.
>>>>>>> I am still using emfstore 1.1 btw.
>>>>>>>
>>>>>>> My configuration in the es.properties files looks like this:
>>>>>>>
>>>>>>> emfstore.accesscontrol.authentication.ldap.1.url=ldap://x500.bund.de:389
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> emfstore.accesscontrol.authentication.ldap.1.base=o=Bund,c=DE
>>>>>>> emfstore.accesscontrol.authentication.ldap.1.searchdn=sAMAccountName
>>>>>>> emfstore.accesscontrol.authentication.ldap.1.authuser=peter
>>>>>>> emfstore.accesscontrol.authentication.ldap.1.authpass=wurst
>>>>>>>
>>>>>>> Regards,
>>>>>>> Kristof
>>>>>>>
>>>>>>> Here the stack trace:
>>>>>>> LDAP Directory ldap://x500.bund.de:389 not found.
>>>>>>> javax.naming.CommunicationException: simple bind failed:
>>>>>>> x500.bund.de:389 [Root exception is java.net.SocketException:
>>>>>>> Connection
>>>>>>> reset]
>>>>>>> at
>>>>>>> com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:195)
>>>>>>> at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2720)
>>>>>>> at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:296)
>>>>>>> at
>>>>>>> com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
>>>>>>>
>>>>>>> at
>>>>>>> com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
>>>>>>>
>>>>>>>
>>>>>>> at
>>>>>>> com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> at
>>>>>>> com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> at
>>>>>>> javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> at
>>>>>>> javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
>>>>>>>
>>>>>>>
>>>>>>> at javax.naming.InitialContext.init(InitialContext.java:223)
>>>>>>> at javax.naming.InitialContext.<init>(InitialContext.java:197)
>>>>>>> at
>>>>>>> javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:82)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> at
>>>>>>> org.eclipse.emf.emfstore.internal.server.accesscontrol.authentication.verifiers.LDAPVerifier.verifyPassword(LDAPVerifier.java:84)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> at
>>>>>>> org.eclipse.emf.emfstore.internal.server.accesscontrol.authentication.verifiers.VerifierChain.verifyPassword(VerifierChain.java:57)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> at
>>>>>>> org.eclipse.emf.emfstore.internal.server.accesscontrol.authentication.verifiers.AbstractAuthenticationControl.logIn(AbstractAuthenticationControl.java:70)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> at
>>>>>>> org.eclipse.emf.emfstore.internal.server.accesscontrol.AccessControlImpl.logIn(AccessControlImpl.java:128)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> at
>>>>>>> org.eclipse.emf.emfstore.internal.server.connection.xmlrpc.XmlRpcEmfStoreImpl.logIn(XmlRpcEmfStoreImpl.java:76)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>>>>>> at
>>>>>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> at
>>>>>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> at java.lang.reflect.Method.invoke(Method.java:597)
>>>>>>> at
>>>>>>> org.apache.xmlrpc.server.ReflectiveXmlRpcHandler.invoke(ReflectiveXmlRpcHandler.java:115)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> at
>>>>>>> org.apache.xmlrpc.server.ReflectiveXmlRpcHandler.execute(ReflectiveXmlRpcHandler.java:106)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> at
>>>>>>> org.apache.xmlrpc.server.XmlRpcServerWorker.execute(XmlRpcServerWorker.java:46)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> at
>>>>>>> org.apache.xmlrpc.server.XmlRpcServer.execute(XmlRpcServer.java:86)
>>>>>>> at
>>>>>>> org.apache.xmlrpc.server.XmlRpcStreamServer.execute(XmlRpcStreamServer.java:200)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> at
>>>>>>> org.apache.xmlrpc.webserver.Connection.run(Connection.java:208)
>>>>>>> at
>>>>>>> org.apache.xmlrpc.util.ThreadPool$Poolable$1.run(ThreadPool.java:68)
>>>>>>> Caused by: java.net.SocketException: Connection reset
>>>>>>> at java.net.SocketInputStream.read(SocketInputStream.java:168)
>>>>>>> at
>>>>>>> com.sun.net.ssl.internal.ssl.InputRecord.readFully(InputRecord.java:293)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> at
>>>>>>> com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:331)
>>>>>>> at
>>>>>>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:830)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> at
>>>>>>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1170)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> at
>>>>>>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:637)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> at
>>>>>>> com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:88)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> at
>>>>>>> java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
>>>>>>>
>>>>>>>
>>>>>>> at
>>>>>>> java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
>>>>>>> at
>>>>>>> com.sun.jndi.ldap.Connection.writeRequest(Connection.java:400)
>>>>>>> at
>>>>>>> com.sun.jndi.ldap.Connection.writeRequest(Connection.java:373)
>>>>>>> at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:332)
>>>>>>> at
>>>>>>> com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:190)
>>>>>>> ... 27 more
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>
>>>>
>>>
>


--
Edgar Mueller

Get Professional Eclipse Support: http://eclipsesource.com/munich
Re: [EMFStore] LDAP connection fails [message #1354441 is a reply to message #1349666] Wed, 14 May 2014 08:57 Go to previous message
Maximilian Koegel is currently offline Maximilian KoegelFriend
Messages: 253
Registered: July 2009
Senior Member
Hi Kristof,

sorry for the delayed reply, we will open a bug and accept this change
as a contribution with your consent. Edgar will get in contact with you.

Cheers,
Maximilian

Am 12.05.2014 11:41, schrieb Zalecki, Kristof:
> Update:
>
> Finally found the solution for the SSL problem.
>
> The following line is only needed for SSL connections and therefore
> needs to be placed inside the IF-statement:
>
> props.put("java.naming.ldap.factory.socket",
> LDAPSSLSocketFactory.class.getCanonicalName());
>
> , which looks like this:
>
> private Properties anonymousBind() {
> final Properties props = new Properties();
> props.put("java.naming.ldap.version", "3");
> props.put(Context.INITIAL_CONTEXT_FACTORY, DEFAULT_CTX);
> props.put(Context.PROVIDER_URL, ldapUrl);
>
> if (useSSL()) {
> props.put("java.naming.ldap.factory.socket",
> LDAPSSLSocketFactory.class.getCanonicalName());
> props.put(Context.SECURITY_PROTOCOL, "ssl");
> }
>
> return props;
> }
>
> I' appending the corrected class if someone faces the same problems.
>
>
> Am 12.05.2014 10:54, schrieb Zalecki, Kristof:
>> Hi,
>>
>> I finally found a partly solution which at least lets me connect via SSL.
>>
>> I debugged the emfstore during login and found out, that the principal
>> for the user I try to log in with is not set, so I added a line in
>> the class LDAPVerifier.java in the package
>> org.eclipse.emf.emfstore.internal.server.accesscontrol.authentication.verifiers
>>
>> and now it is working fine:
>>
>> private Properties authenticatedBind(String principal, String
>> credentials) {
>> final Properties bind = anonymousBind();
>> bind.put(Context.SECURITY_PRINCIPAL, principal + "," +
>> ldapBase);
>> bind.put(Context.SECURITY_AUTHENTICATION, "simple");
>> bind.put(Context.SECURITY_CREDENTIALS, credentials);
>>
>> return bind;
>> }
>>
>> However, connecting without SSL is still not possible.
>>
>> Regards,
>> Kristof
>>
>> Am 09.05.2014 12:07, schrieb Zalecki, Kristof:
>>> Hi Maximilian,
>>>
>>> I have tried ApacheDS Studio for quiet a while now and I am not able to
>>> get a connection. The problem seems to be, that emfstore is always
>>> trying to establish a SSL connection. Even when the server is set to
>>> create a simple ldap://xxxxxxxx:389 connection I get the following error
>>> stack trace message:
>>>
>>> javax.naming.CommunicationException: simple bind failed: localHost:389
>>> [Root exception is javax.net.ssl.SSLException: Unrecognized SSL message,
>>> plaintext connection?]
>>>
>>>
>>> And on the non-local server I get the following error stack trace
>>> message:
>>>
>>> javax.naming.CommunicationException: simple bind failed:
>>> ldap01.xxxx.xxxx:389 [Root exception is javax.net.ssl.SSLException:
>>> java.net.SocketException: Connection reset]
>>>
>>>
>>> Unfortunately the ldap server I need to connect with does not have the
>>> option for SSL connections.
>>>
>>> Regards,
>>> Kristof
>>>
>>> Am 05.05.2014 18:50, schrieb Maximilian Koegel:
>>>> Hi Kristof,
>>>>
>>>> we have customers which use both the authenticated and the
>>>> non-authenticated LDAP with EMFStore, so to my understanding it should
>>>> work generally. However I am aware that we debugged these kind of
>>>> problems for customers in the past and it always turned out to be some
>>>> kind of misconfiguration.
>>>> Would it be possible for you to test against a self-hosted LDAP server
>>>> such as https://directory.apache.org/ to make sure the problem is not
>>>> configuration related?
>>>>
>>>> Cheers,
>>>> Maximilian
>>>>
>>>> Am 05.05.2014 09:33, schrieb Zalecki, Kristof:
>>>>> Hi Maximilian,
>>>>>
>>>>> I actually tried both on different servers. The one I need is
>>>>> the authenticated server though.
>>>>> I use the login credentials of the ldap server for the ldap connection
>>>>> and then I am trying to log into emfstore using a user from the active
>>>>> directory whom I also saved in my emfstore.
>>>>>
>>>>> The example from the stack trace is an open server I found online and
>>>>> should work without any login credentials, but every time I try to
>>>>> connect I get the same result, regardless of whether I am using
>>>>> authenticated ldap or not.
>>>>>
>>>>> Regards,
>>>>> Kristof
>>>>>
>>>>>
>>>>> Am 02.05.2014 13:17, schrieb Maximilian Koegel:
>>>>>> Hi,
>>>>>>
>>>>>> do you use authenticated LDAP or LDAP only?
>>>>>> The authuser is for authenticated LDAP only and will be used to
>>>>>> initally
>>>>>> connect to the LDAP server. It is not related to the actual user
>>>>>> credentials to be authenticated by EMFStore.
>>>>>>
>>>>>> Cheers,
>>>>>> Maximilian
>>>>>>
>>>>>> Am 30.04.2014 11:52, schrieb Zalecki, Kristof:
>>>>>>> Hi,
>>>>>>>
>>>>>>> I configured my EMFStore server to connect to an Actice Directory
>>>>>>> using
>>>>>>> the right configuration and login credentials of the AD server, but
>>>>>>> every time I try to login to my EMFStore server with a user I
>>>>>>> previously
>>>>>>> added it simply fails to connect.
>>>>>>> The server adress is correct, since I am able to login using ldap
>>>>>>> browser 4.5. I even tried loging into ldap servers which do not
>>>>>>> need any
>>>>>>> login credentials and also failed (like the one shown in the stack
>>>>>>> trace). Connecting to the emfstore server from a different machine
>>>>>>> and
>>>>>>> working on the projects works so far, which would take out the
>>>>>>> firewall
>>>>>>> as a source for the faults.
>>>>>>> I am still using emfstore 1.1 btw.
>>>>>>>
>>>>>>> My configuration in the es.properties files looks like this:
>>>>>>>
>>>>>>> emfstore.accesscontrol.authentication.ldap.1.url=ldap://x500.bund.de:389
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> emfstore.accesscontrol.authentication.ldap.1.base=o=Bund,c=DE
>>>>>>> emfstore.accesscontrol.authentication.ldap.1.searchdn=sAMAccountName
>>>>>>> emfstore.accesscontrol.authentication.ldap.1.authuser=peter
>>>>>>> emfstore.accesscontrol.authentication.ldap.1.authpass=wurst
>>>>>>>
>>>>>>> Regards,
>>>>>>> Kristof
>>>>>>>
>>>>>>> Here the stack trace:
>>>>>>> LDAP Directory ldap://x500.bund.de:389 not found.
>>>>>>> javax.naming.CommunicationException: simple bind failed:
>>>>>>> x500.bund.de:389 [Root exception is java.net.SocketException:
>>>>>>> Connection
>>>>>>> reset]
>>>>>>> at
>>>>>>> com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:195)
>>>>>>> at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2720)
>>>>>>> at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:296)
>>>>>>> at
>>>>>>> com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
>>>>>>>
>>>>>>> at
>>>>>>> com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
>>>>>>>
>>>>>>>
>>>>>>> at
>>>>>>> com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> at
>>>>>>> com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> at
>>>>>>> javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> at
>>>>>>> javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
>>>>>>>
>>>>>>>
>>>>>>> at javax.naming.InitialContext.init(InitialContext.java:223)
>>>>>>> at javax.naming.InitialContext.<init>(InitialContext.java:197)
>>>>>>> at
>>>>>>> javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:82)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> at
>>>>>>> org.eclipse.emf.emfstore.internal.server.accesscontrol.authentication.verifiers.LDAPVerifier.verifyPassword(LDAPVerifier.java:84)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> at
>>>>>>> org.eclipse.emf.emfstore.internal.server.accesscontrol.authentication.verifiers.VerifierChain.verifyPassword(VerifierChain.java:57)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> at
>>>>>>> org.eclipse.emf.emfstore.internal.server.accesscontrol.authentication.verifiers.AbstractAuthenticationControl.logIn(AbstractAuthenticationControl.java:70)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> at
>>>>>>> org.eclipse.emf.emfstore.internal.server.accesscontrol.AccessControlImpl.logIn(AccessControlImpl.java:128)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> at
>>>>>>> org.eclipse.emf.emfstore.internal.server.connection.xmlrpc.XmlRpcEmfStoreImpl.logIn(XmlRpcEmfStoreImpl.java:76)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>>>>>> at
>>>>>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> at
>>>>>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> at java.lang.reflect.Method.invoke(Method.java:597)
>>>>>>> at
>>>>>>> org.apache.xmlrpc.server.ReflectiveXmlRpcHandler.invoke(ReflectiveXmlRpcHandler.java:115)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> at
>>>>>>> org.apache.xmlrpc.server.ReflectiveXmlRpcHandler.execute(ReflectiveXmlRpcHandler.java:106)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> at
>>>>>>> org.apache.xmlrpc.server.XmlRpcServerWorker.execute(XmlRpcServerWorker.java:46)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> at
>>>>>>> org.apache.xmlrpc.server.XmlRpcServer.execute(XmlRpcServer.java:86)
>>>>>>> at
>>>>>>> org.apache.xmlrpc.server.XmlRpcStreamServer.execute(XmlRpcStreamServer.java:200)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> at
>>>>>>> org.apache.xmlrpc.webserver.Connection.run(Connection.java:208)
>>>>>>> at
>>>>>>> org.apache.xmlrpc.util.ThreadPool$Poolable$1.run(ThreadPool.java:68)
>>>>>>> Caused by: java.net.SocketException: Connection reset
>>>>>>> at java.net.SocketInputStream.read(SocketInputStream.java:168)
>>>>>>> at
>>>>>>> com.sun.net.ssl.internal.ssl.InputRecord.readFully(InputRecord.java:293)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> at
>>>>>>> com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:331)
>>>>>>> at
>>>>>>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:830)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> at
>>>>>>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1170)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> at
>>>>>>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:637)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> at
>>>>>>> com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:88)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> at
>>>>>>> java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
>>>>>>>
>>>>>>>
>>>>>>> at
>>>>>>> java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
>>>>>>> at
>>>>>>> com.sun.jndi.ldap.Connection.writeRequest(Connection.java:400)
>>>>>>> at
>>>>>>> com.sun.jndi.ldap.Connection.writeRequest(Connection.java:373)
>>>>>>> at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:332)
>>>>>>> at
>>>>>>> com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:190)
>>>>>>> ... 27 more
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>
>>>>
>>>
>


--
Maximilian Kögel

Get Professional Eclipse Support: http://eclipsesource.com/munich
Previous Topic:ecore model migration
Next Topic:Deploy ECP RAP Demo with warproducts
Goto Forum:
  


Current Time: Sun Feb 28 12:19:46 GMT 2021

Powered by FUDForum. Page generated in 0.02346 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software

Back to the top