Home » Modeling » EMF "Technology" (Ecore Tools, EMFatic, etc) » [EMFStore] LDAP connection fails
|
| Re: [EMFStore] LDAP connection fails [message #1327846 is a reply to message #1323525] |
Fri, 02 May 2014 11:17   |
 Maximilian Koegel
Messages: 253
Registered: July 2009 |
Senior Member |
|
|
Hi,
do you use authenticated LDAP or LDAP only?
The authuser is for authenticated LDAP only and will be used to initally
connect to the LDAP server. It is not related to the actual user
credentials to be authenticated by EMFStore.
Cheers,
Maximilian
Am 30.04.2014 11:52, schrieb Zalecki, Kristof:
> Hi,
>
> I configured my EMFStore server to connect to an Actice Directory using
> the right configuration and login credentials of the AD server, but
> every time I try to login to my EMFStore server with a user I previously
> added it simply fails to connect.
> The server adress is correct, since I am able to login using ldap
> browser 4.5. I even tried loging into ldap servers which do not need any
> login credentials and also failed (like the one shown in the stack
> trace). Connecting to the emfstore server from a different machine and
> working on the projects works so far, which would take out the firewall
> as a source for the faults.
> I am still using emfstore 1.1 btw.
>
> My configuration in the es.properties files looks like this:
>
> emfstore.accesscontrol.authentication.ldap.1.url=ldap://x500.bund.de:389
> emfstore.accesscontrol.authentication.ldap.1.base=o=Bund,c=DE
> emfstore.accesscontrol.authentication.ldap.1.searchdn=sAMAccountName
> emfstore.accesscontrol.authentication.ldap.1.authuser=peter
> emfstore.accesscontrol.authentication.ldap.1.authpass=wurst
>
> Regards,
> Kristof
>
> Here the stack trace:
> LDAP Directory ldap://x500.bund.de:389 not found.
> javax.naming.CommunicationException: simple bind failed:
> x500.bund.de:389 [Root exception is java.net.SocketException: Connection
> reset]
> at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:195)
> at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2720)
> at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:296)
> at
> com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
> at
> com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
> at
> com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
>
> at
> com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
> at
> javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
> at
> javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
> at javax.naming.InitialContext.init(InitialContext.java:223)
> at javax.naming.InitialContext.<init>(InitialContext.java:197)
> at
> javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:82)
> at
> org.eclipse.emf.emfstore.internal.server.accesscontrol.authentication.verifiers.LDAPVerifier.verifyPassword(LDAPVerifier.java:84)
>
> at
> org.eclipse.emf.emfstore.internal.server.accesscontrol.authentication.verifiers.VerifierChain.verifyPassword(VerifierChain.java:57)
>
> at
> org.eclipse.emf.emfstore.internal.server.accesscontrol.authentication.verifiers.AbstractAuthenticationControl.logIn(AbstractAuthenticationControl.java:70)
>
> at
> org.eclipse.emf.emfstore.internal.server.accesscontrol.AccessControlImpl.logIn(AccessControlImpl.java:128)
>
> at
> org.eclipse.emf.emfstore.internal.server.connection.xmlrpc.XmlRpcEmfStoreImpl.logIn(XmlRpcEmfStoreImpl.java:76)
>
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>
> at java.lang.reflect.Method.invoke(Method.java:597)
> at
> org.apache.xmlrpc.server.ReflectiveXmlRpcHandler.invoke(ReflectiveXmlRpcHandler.java:115)
>
> at
> org.apache.xmlrpc.server.ReflectiveXmlRpcHandler.execute(ReflectiveXmlRpcHandler.java:106)
>
> at
> org.apache.xmlrpc.server.XmlRpcServerWorker.execute(XmlRpcServerWorker.java:46)
>
> at org.apache.xmlrpc.server.XmlRpcServer.execute(XmlRpcServer.java:86)
> at
> org.apache.xmlrpc.server.XmlRpcStreamServer.execute(XmlRpcStreamServer.java:200)
>
> at org.apache.xmlrpc.webserver.Connection.run(Connection.java:208)
> at org.apache.xmlrpc.util.ThreadPool$Poolable$1.run(ThreadPool.java:68)
> Caused by: java.net.SocketException: Connection reset
> at java.net.SocketInputStream.read(SocketInputStream.java:168)
> at
> com.sun.net.ssl.internal.ssl.InputRecord.readFully(InputRecord.java:293)
> at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:331)
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:830)
>
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1170)
>
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:637)
>
> at
> com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:88)
> at
> java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
> at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
> at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:400)
> at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:373)
> at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:332)
> at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:190)
> ... 27 more
>
--
Maximilian Kögel
Get Professional Eclipse Support: http://eclipsesource.com/munich
|
|
|
| Re: [EMFStore] LDAP connection fails [message #1333716 is a reply to message #1327846] |
Mon, 05 May 2014 07:33 |
Kristof Zalecki
Messages: 23
Registered: October 2013 |
Junior Member |
|
|
Hi Maximilian,
I actually tried both on different servers. The one I need is
the authenticated server though.
I use the login credentials of the ldap server for the ldap connection
and then I am trying to log into emfstore using a user from the active
directory whom I also saved in my emfstore.
The example from the stack trace is an open server I found online and
should work without any login credentials, but every time I try to
connect I get the same result, regardless of whether I am using
authenticated ldap or not.
Regards,
Kristof
Am 02.05.2014 13:17, schrieb Maximilian Koegel:
> Hi,
>
> do you use authenticated LDAP or LDAP only?
> The authuser is for authenticated LDAP only and will be used to initally
> connect to the LDAP server. It is not related to the actual user
> credentials to be authenticated by EMFStore.
>
> Cheers,
> Maximilian
>
> Am 30.04.2014 11:52, schrieb Zalecki, Kristof:
>> Hi,
>>
>> I configured my EMFStore server to connect to an Actice Directory using
>> the right configuration and login credentials of the AD server, but
>> every time I try to login to my EMFStore server with a user I previously
>> added it simply fails to connect.
>> The server adress is correct, since I am able to login using ldap
>> browser 4.5. I even tried loging into ldap servers which do not need any
>> login credentials and also failed (like the one shown in the stack
>> trace). Connecting to the emfstore server from a different machine and
>> working on the projects works so far, which would take out the firewall
>> as a source for the faults.
>> I am still using emfstore 1.1 btw.
>>
>> My configuration in the es.properties files looks like this:
>>
>> emfstore.accesscontrol.authentication.ldap.1.url=ldap://x500.bund.de:389
>> emfstore.accesscontrol.authentication.ldap.1.base=o=Bund,c=DE
>> emfstore.accesscontrol.authentication.ldap.1.searchdn=sAMAccountName
>> emfstore.accesscontrol.authentication.ldap.1.authuser=peter
>> emfstore.accesscontrol.authentication.ldap.1.authpass=wurst
>>
>> Regards,
>> Kristof
>>
>> Here the stack trace:
>> LDAP Directory ldap://x500.bund.de:389 not found.
>> javax.naming.CommunicationException: simple bind failed:
>> x500.bund.de:389 [Root exception is java.net.SocketException: Connection
>> reset]
>> at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:195)
>> at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2720)
>> at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:296)
>> at
>> com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
>> at
>> com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
>> at
>> com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
>>
>> at
>> com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
>> at
>> javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
>> at
>> javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
>> at javax.naming.InitialContext.init(InitialContext.java:223)
>> at javax.naming.InitialContext.<init>(InitialContext.java:197)
>> at
>> javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:82)
>> at
>> org.eclipse.emf.emfstore.internal.server.accesscontrol.authentication.verifiers.LDAPVerifier.verifyPassword(LDAPVerifier.java:84)
>>
>> at
>> org.eclipse.emf.emfstore.internal.server.accesscontrol.authentication.verifiers.VerifierChain.verifyPassword(VerifierChain.java:57)
>>
>> at
>> org.eclipse.emf.emfstore.internal.server.accesscontrol.authentication.verifiers.AbstractAuthenticationControl.logIn(AbstractAuthenticationControl.java:70)
>>
>> at
>> org.eclipse.emf.emfstore.internal.server.accesscontrol.AccessControlImpl.logIn(AccessControlImpl.java:128)
>>
>> at
>> org.eclipse.emf.emfstore.internal.server.connection.xmlrpc.XmlRpcEmfStoreImpl.logIn(XmlRpcEmfStoreImpl.java:76)
>>
>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>>
>> at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>>
>> at java.lang.reflect.Method.invoke(Method.java:597)
>> at
>> org.apache.xmlrpc.server.ReflectiveXmlRpcHandler.invoke(ReflectiveXmlRpcHandler.java:115)
>>
>> at
>> org.apache.xmlrpc.server.ReflectiveXmlRpcHandler.execute(ReflectiveXmlRpcHandler.java:106)
>>
>> at
>> org.apache.xmlrpc.server.XmlRpcServerWorker.execute(XmlRpcServerWorker.java:46)
>>
>> at org.apache.xmlrpc.server.XmlRpcServer.execute(XmlRpcServer.java:86)
>> at
>> org.apache.xmlrpc.server.XmlRpcStreamServer.execute(XmlRpcStreamServer.java:200)
>>
>> at org.apache.xmlrpc.webserver.Connection.run(Connection.java:208)
>> at org.apache.xmlrpc.util.ThreadPool$Poolable$1.run(ThreadPool.java:68)
>> Caused by: java.net.SocketException: Connection reset
>> at java.net.SocketInputStream.read(SocketInputStream.java:168)
>> at
>> com.sun.net.ssl.internal.ssl.InputRecord.readFully(InputRecord.java:293)
>> at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:331)
>> at
>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:830)
>>
>> at
>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1170)
>>
>> at
>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:637)
>>
>> at
>> com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:88)
>> at
>> java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
>> at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
>> at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:400)
>> at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:373)
>> at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:332)
>> at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:190)
>> ... 27 more
>>
>
>
|
|
|
| Re: [EMFStore] LDAP connection fails [message #1334562 is a reply to message #1333716] |
Mon, 05 May 2014 16:50 |
Maximilian Koegel
Messages: 253
Registered: July 2009 |
Senior Member |
|
|
Hi Kristof,
we have customers which use both the authenticated and the
non-authenticated LDAP with EMFStore, so to my understanding it should
work generally. However I am aware that we debugged these kind of
problems for customers in the past and it always turned out to be some
kind of misconfiguration.
Would it be possible for you to test against a self-hosted LDAP server
such as https://directory.apache.org/ to make sure the problem is not
configuration related?
Cheers,
Maximilian
Am 05.05.2014 09:33, schrieb Zalecki, Kristof:
> Hi Maximilian,
>
> I actually tried both on different servers. The one I need is
> the authenticated server though.
> I use the login credentials of the ldap server for the ldap connection
> and then I am trying to log into emfstore using a user from the active
> directory whom I also saved in my emfstore.
>
> The example from the stack trace is an open server I found online and
> should work without any login credentials, but every time I try to
> connect I get the same result, regardless of whether I am using
> authenticated ldap or not.
>
> Regards,
> Kristof
>
>
> Am 02.05.2014 13:17, schrieb Maximilian Koegel:
>> Hi,
>>
>> do you use authenticated LDAP or LDAP only?
>> The authuser is for authenticated LDAP only and will be used to initally
>> connect to the LDAP server. It is not related to the actual user
>> credentials to be authenticated by EMFStore.
>>
>> Cheers,
>> Maximilian
>>
>> Am 30.04.2014 11:52, schrieb Zalecki, Kristof:
>>> Hi,
>>>
>>> I configured my EMFStore server to connect to an Actice Directory using
>>> the right configuration and login credentials of the AD server, but
>>> every time I try to login to my EMFStore server with a user I previously
>>> added it simply fails to connect.
>>> The server adress is correct, since I am able to login using ldap
>>> browser 4.5. I even tried loging into ldap servers which do not need any
>>> login credentials and also failed (like the one shown in the stack
>>> trace). Connecting to the emfstore server from a different machine and
>>> working on the projects works so far, which would take out the firewall
>>> as a source for the faults.
>>> I am still using emfstore 1.1 btw.
>>>
>>> My configuration in the es.properties files looks like this:
>>>
>>> emfstore.accesscontrol.authentication.ldap.1.url=ldap://x500.bund.de:389
>>> emfstore.accesscontrol.authentication.ldap.1.base=o=Bund,c=DE
>>> emfstore.accesscontrol.authentication.ldap.1.searchdn=sAMAccountName
>>> emfstore.accesscontrol.authentication.ldap.1.authuser=peter
>>> emfstore.accesscontrol.authentication.ldap.1.authpass=wurst
>>>
>>> Regards,
>>> Kristof
>>>
>>> Here the stack trace:
>>> LDAP Directory ldap://x500.bund.de:389 not found.
>>> javax.naming.CommunicationException: simple bind failed:
>>> x500.bund.de:389 [Root exception is java.net.SocketException: Connection
>>> reset]
>>> at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:195)
>>> at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2720)
>>> at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:296)
>>> at
>>> com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
>>> at
>>> com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
>>> at
>>> com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
>>>
>>>
>>> at
>>> com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
>>>
>>> at
>>> javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
>>> at
>>> javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
>>> at javax.naming.InitialContext.init(InitialContext.java:223)
>>> at javax.naming.InitialContext.<init>(InitialContext.java:197)
>>> at
>>> javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:82)
>>>
>>> at
>>> org.eclipse.emf.emfstore.internal.server.accesscontrol.authentication.verifiers.LDAPVerifier.verifyPassword(LDAPVerifier.java:84)
>>>
>>>
>>> at
>>> org.eclipse.emf.emfstore.internal.server.accesscontrol.authentication.verifiers.VerifierChain.verifyPassword(VerifierChain.java:57)
>>>
>>>
>>> at
>>> org.eclipse.emf.emfstore.internal.server.accesscontrol.authentication.verifiers.AbstractAuthenticationControl.logIn(AbstractAuthenticationControl.java:70)
>>>
>>>
>>> at
>>> org.eclipse.emf.emfstore.internal.server.accesscontrol.AccessControlImpl.logIn(AccessControlImpl.java:128)
>>>
>>>
>>> at
>>> org.eclipse.emf.emfstore.internal.server.connection.xmlrpc.XmlRpcEmfStoreImpl.logIn(XmlRpcEmfStoreImpl.java:76)
>>>
>>>
>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>> at
>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>>>
>>>
>>> at
>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>>>
>>>
>>> at java.lang.reflect.Method.invoke(Method.java:597)
>>> at
>>> org.apache.xmlrpc.server.ReflectiveXmlRpcHandler.invoke(ReflectiveXmlRpcHandler.java:115)
>>>
>>>
>>> at
>>> org.apache.xmlrpc.server.ReflectiveXmlRpcHandler.execute(ReflectiveXmlRpcHandler.java:106)
>>>
>>>
>>> at
>>> org.apache.xmlrpc.server.XmlRpcServerWorker.execute(XmlRpcServerWorker.java:46)
>>>
>>>
>>> at
>>> org.apache.xmlrpc.server.XmlRpcServer.execute(XmlRpcServer.java:86)
>>> at
>>> org.apache.xmlrpc.server.XmlRpcStreamServer.execute(XmlRpcStreamServer.java:200)
>>>
>>>
>>> at org.apache.xmlrpc.webserver.Connection.run(Connection.java:208)
>>> at
>>> org.apache.xmlrpc.util.ThreadPool$Poolable$1.run(ThreadPool.java:68)
>>> Caused by: java.net.SocketException: Connection reset
>>> at java.net.SocketInputStream.read(SocketInputStream.java:168)
>>> at
>>> com.sun.net.ssl.internal.ssl.InputRecord.readFully(InputRecord.java:293)
>>> at
>>> com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:331)
>>> at
>>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:830)
>>>
>>>
>>> at
>>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1170)
>>>
>>>
>>> at
>>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:637)
>>>
>>>
>>> at
>>> com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:88)
>>>
>>> at
>>> java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
>>> at
>>> java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
>>> at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:400)
>>> at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:373)
>>> at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:332)
>>> at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:190)
>>> ... 27 more
>>>
>>
>>
>
--
Maximilian Kögel
Get Professional Eclipse Support: http://eclipsesource.com/munich
|
|
|
| Re: [EMFStore] LDAP connection fails [message #1343492 is a reply to message #1334562] |
Fri, 09 May 2014 10:07 |
Kristof Zalecki
Messages: 23
Registered: October 2013 |
Junior Member |
|
|
Hi Maximilian,
I have tried ApacheDS Studio for quiet a while now and I am not able to
get a connection. The problem seems to be, that emfstore is always
trying to establish a SSL connection. Even when the server is set to
create a simple ldap://xxxxxxxx:389 connection I get the following error
stack trace message:
javax.naming.CommunicationException: simple bind failed: localHost:389
[Root exception is javax.net.ssl.SSLException: Unrecognized SSL message,
plaintext connection?]
And on the non-local server I get the following error stack trace message:
javax.naming.CommunicationException: simple bind failed:
ldap01.xxxx.xxxx:389 [Root exception is javax.net.ssl.SSLException:
java.net.SocketException: Connection reset]
Unfortunately the ldap server I need to connect with does not have the
option for SSL connections.
Regards,
Kristof
Am 05.05.2014 18:50, schrieb Maximilian Koegel:
> Hi Kristof,
>
> we have customers which use both the authenticated and the
> non-authenticated LDAP with EMFStore, so to my understanding it should
> work generally. However I am aware that we debugged these kind of
> problems for customers in the past and it always turned out to be some
> kind of misconfiguration.
> Would it be possible for you to test against a self-hosted LDAP server
> such as https://directory.apache.org/ to make sure the problem is not
> configuration related?
>
> Cheers,
> Maximilian
>
> Am 05.05.2014 09:33, schrieb Zalecki, Kristof:
>> Hi Maximilian,
>>
>> I actually tried both on different servers. The one I need is
>> the authenticated server though.
>> I use the login credentials of the ldap server for the ldap connection
>> and then I am trying to log into emfstore using a user from the active
>> directory whom I also saved in my emfstore.
>>
>> The example from the stack trace is an open server I found online and
>> should work without any login credentials, but every time I try to
>> connect I get the same result, regardless of whether I am using
>> authenticated ldap or not.
>>
>> Regards,
>> Kristof
>>
>>
>> Am 02.05.2014 13:17, schrieb Maximilian Koegel:
>>> Hi,
>>>
>>> do you use authenticated LDAP or LDAP only?
>>> The authuser is for authenticated LDAP only and will be used to initally
>>> connect to the LDAP server. It is not related to the actual user
>>> credentials to be authenticated by EMFStore.
>>>
>>> Cheers,
>>> Maximilian
>>>
>>> Am 30.04.2014 11:52, schrieb Zalecki, Kristof:
>>>> Hi,
>>>>
>>>> I configured my EMFStore server to connect to an Actice Directory using
>>>> the right configuration and login credentials of the AD server, but
>>>> every time I try to login to my EMFStore server with a user I previously
>>>> added it simply fails to connect.
>>>> The server adress is correct, since I am able to login using ldap
>>>> browser 4.5. I even tried loging into ldap servers which do not need any
>>>> login credentials and also failed (like the one shown in the stack
>>>> trace). Connecting to the emfstore server from a different machine and
>>>> working on the projects works so far, which would take out the firewall
>>>> as a source for the faults.
>>>> I am still using emfstore 1.1 btw.
>>>>
>>>> My configuration in the es.properties files looks like this:
>>>>
>>>> emfstore.accesscontrol.authentication.ldap.1.url=ldap://x500.bund.de:389
>>>> emfstore.accesscontrol.authentication.ldap.1.base=o=Bund,c=DE
>>>> emfstore.accesscontrol.authentication.ldap.1.searchdn=sAMAccountName
>>>> emfstore.accesscontrol.authentication.ldap.1.authuser=peter
>>>> emfstore.accesscontrol.authentication.ldap.1.authpass=wurst
>>>>
>>>> Regards,
>>>> Kristof
>>>>
>>>> Here the stack trace:
>>>> LDAP Directory ldap://x500.bund.de:389 not found.
>>>> javax.naming.CommunicationException: simple bind failed:
>>>> x500.bund.de:389 [Root exception is java.net.SocketException: Connection
>>>> reset]
>>>> at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:195)
>>>> at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2720)
>>>> at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:296)
>>>> at
>>>> com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
>>>> at
>>>> com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
>>>> at
>>>> com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
>>>>
>>>>
>>>> at
>>>> com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
>>>>
>>>> at
>>>> javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
>>>> at
>>>> javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
>>>> at javax.naming.InitialContext.init(InitialContext.java:223)
>>>> at javax.naming.InitialContext.<init>(InitialContext.java:197)
>>>> at
>>>> javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:82)
>>>>
>>>> at
>>>> org.eclipse.emf.emfstore.internal.server.accesscontrol.authentication.verifiers.LDAPVerifier.verifyPassword(LDAPVerifier.java:84)
>>>>
>>>>
>>>> at
>>>> org.eclipse.emf.emfstore.internal.server.accesscontrol.authentication.verifiers.VerifierChain.verifyPassword(VerifierChain.java:57)
>>>>
>>>>
>>>> at
>>>> org.eclipse.emf.emfstore.internal.server.accesscontrol.authentication.verifiers.AbstractAuthenticationControl.logIn(AbstractAuthenticationControl.java:70)
>>>>
>>>>
>>>> at
>>>> org.eclipse.emf.emfstore.internal.server.accesscontrol.AccessControlImpl.logIn(AccessControlImpl.java:128)
>>>>
>>>>
>>>> at
>>>> org.eclipse.emf.emfstore.internal.server.connection.xmlrpc.XmlRpcEmfStoreImpl.logIn(XmlRpcEmfStoreImpl.java:76)
>>>>
>>>>
>>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>>> at
>>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>>>>
>>>>
>>>> at
>>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>>>>
>>>>
>>>> at java.lang.reflect.Method.invoke(Method.java:597)
>>>> at
>>>> org.apache.xmlrpc.server.ReflectiveXmlRpcHandler.invoke(ReflectiveXmlRpcHandler.java:115)
>>>>
>>>>
>>>> at
>>>> org.apache.xmlrpc.server.ReflectiveXmlRpcHandler.execute(ReflectiveXmlRpcHandler.java:106)
>>>>
>>>>
>>>> at
>>>> org.apache.xmlrpc.server.XmlRpcServerWorker.execute(XmlRpcServerWorker.java:46)
>>>>
>>>>
>>>> at
>>>> org.apache.xmlrpc.server.XmlRpcServer.execute(XmlRpcServer.java:86)
>>>> at
>>>> org.apache.xmlrpc.server.XmlRpcStreamServer.execute(XmlRpcStreamServer.java:200)
>>>>
>>>>
>>>> at org.apache.xmlrpc.webserver.Connection.run(Connection.java:208)
>>>> at
>>>> org.apache.xmlrpc.util.ThreadPool$Poolable$1.run(ThreadPool.java:68)
>>>> Caused by: java.net.SocketException: Connection reset
>>>> at java.net.SocketInputStream.read(SocketInputStream.java:168)
>>>> at
>>>> com.sun.net.ssl.internal.ssl.InputRecord.readFully(InputRecord.java:293)
>>>> at
>>>> com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:331)
>>>> at
>>>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:830)
>>>>
>>>>
>>>> at
>>>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1170)
>>>>
>>>>
>>>> at
>>>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:637)
>>>>
>>>>
>>>> at
>>>> com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:88)
>>>>
>>>> at
>>>> java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
>>>> at
>>>> java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
>>>> at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:400)
>>>> at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:373)
>>>> at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:332)
>>>> at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:190)
>>>> ... 27 more
>>>>
>>>
>>>
>>
>
>
|
|
|
| Re: [EMFStore] LDAP connection fails [message #1349576 is a reply to message #1343492] |
Mon, 12 May 2014 08:54 |
Kristof Zalecki
Messages: 23
Registered: October 2013 |
Junior Member |
|
|
Hi,
I finally found a partly solution which at least lets me connect via SSL.
I debugged the emfstore during login and found out, that the principal
for the user I try to log in with is not set, so I added a line in
the class LDAPVerifier.java in the package
org.eclipse.emf.emfstore.internal.server.accesscontrol.authentication.verifiers
and now it is working fine:
private Properties authenticatedBind(String principal, String credentials) {
final Properties bind = anonymousBind();
bind.put(Context.SECURITY_PRINCIPAL, principal + "," + ldapBase);
bind.put(Context.SECURITY_AUTHENTICATION, "simple");
bind.put(Context.SECURITY_CREDENTIALS, credentials);
return bind;
}
However, connecting without SSL is still not possible.
Regards,
Kristof
Am 09.05.2014 12:07, schrieb Zalecki, Kristof:
> Hi Maximilian,
>
> I have tried ApacheDS Studio for quiet a while now and I am not able to
> get a connection. The problem seems to be, that emfstore is always
> trying to establish a SSL connection. Even when the server is set to
> create a simple ldap://xxxxxxxx:389 connection I get the following error
> stack trace message:
>
> javax.naming.CommunicationException: simple bind failed: localHost:389
> [Root exception is javax.net.ssl.SSLException: Unrecognized SSL message,
> plaintext connection?]
>
>
> And on the non-local server I get the following error stack trace message:
>
> javax.naming.CommunicationException: simple bind failed:
> ldap01.xxxx.xxxx:389 [Root exception is javax.net.ssl.SSLException:
> java.net.SocketException: Connection reset]
>
>
> Unfortunately the ldap server I need to connect with does not have the
> option for SSL connections.
>
> Regards,
> Kristof
>
> Am 05.05.2014 18:50, schrieb Maximilian Koegel:
>> Hi Kristof,
>>
>> we have customers which use both the authenticated and the
>> non-authenticated LDAP with EMFStore, so to my understanding it should
>> work generally. However I am aware that we debugged these kind of
>> problems for customers in the past and it always turned out to be some
>> kind of misconfiguration.
>> Would it be possible for you to test against a self-hosted LDAP server
>> such as https://directory.apache.org/ to make sure the problem is not
>> configuration related?
>>
>> Cheers,
>> Maximilian
>>
>> Am 05.05.2014 09:33, schrieb Zalecki, Kristof:
>>> Hi Maximilian,
>>>
>>> I actually tried both on different servers. The one I need is
>>> the authenticated server though.
>>> I use the login credentials of the ldap server for the ldap connection
>>> and then I am trying to log into emfstore using a user from the active
>>> directory whom I also saved in my emfstore.
>>>
>>> The example from the stack trace is an open server I found online and
>>> should work without any login credentials, but every time I try to
>>> connect I get the same result, regardless of whether I am using
>>> authenticated ldap or not.
>>>
>>> Regards,
>>> Kristof
>>>
>>>
>>> Am 02.05.2014 13:17, schrieb Maximilian Koegel:
>>>> Hi,
>>>>
>>>> do you use authenticated LDAP or LDAP only?
>>>> The authuser is for authenticated LDAP only and will be used to
>>>> initally
>>>> connect to the LDAP server. It is not related to the actual user
>>>> credentials to be authenticated by EMFStore.
>>>>
>>>> Cheers,
>>>> Maximilian
>>>>
>>>> Am 30.04.2014 11:52, schrieb Zalecki, Kristof:
>>>>> Hi,
>>>>>
>>>>> I configured my EMFStore server to connect to an Actice Directory
>>>>> using
>>>>> the right configuration and login credentials of the AD server, but
>>>>> every time I try to login to my EMFStore server with a user I
>>>>> previously
>>>>> added it simply fails to connect.
>>>>> The server adress is correct, since I am able to login using ldap
>>>>> browser 4.5. I even tried loging into ldap servers which do not
>>>>> need any
>>>>> login credentials and also failed (like the one shown in the stack
>>>>> trace). Connecting to the emfstore server from a different machine and
>>>>> working on the projects works so far, which would take out the
>>>>> firewall
>>>>> as a source for the faults.
>>>>> I am still using emfstore 1.1 btw.
>>>>>
>>>>> My configuration in the es.properties files looks like this:
>>>>>
>>>>> emfstore.accesscontrol.authentication.ldap.1.url=ldap://x500.bund.de:389
>>>>>
>>>>> emfstore.accesscontrol.authentication.ldap.1.base=o=Bund,c=DE
>>>>> emfstore.accesscontrol.authentication.ldap.1.searchdn=sAMAccountName
>>>>> emfstore.accesscontrol.authentication.ldap.1.authuser=peter
>>>>> emfstore.accesscontrol.authentication.ldap.1.authpass=wurst
>>>>>
>>>>> Regards,
>>>>> Kristof
>>>>>
>>>>> Here the stack trace:
>>>>> LDAP Directory ldap://x500.bund.de:389 not found.
>>>>> javax.naming.CommunicationException: simple bind failed:
>>>>> x500.bund.de:389 [Root exception is java.net.SocketException:
>>>>> Connection
>>>>> reset]
>>>>> at
>>>>> com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:195)
>>>>> at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2720)
>>>>> at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:296)
>>>>> at
>>>>> com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
>>>>> at
>>>>> com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
>>>>> at
>>>>> com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
>>>>>
>>>>>
>>>>>
>>>>> at
>>>>> com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
>>>>>
>>>>>
>>>>> at
>>>>> javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
>>>>>
>>>>> at
>>>>> javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
>>>>> at javax.naming.InitialContext.init(InitialContext.java:223)
>>>>> at javax.naming.InitialContext.<init>(InitialContext.java:197)
>>>>> at
>>>>> javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:82)
>>>>>
>>>>>
>>>>> at
>>>>> org.eclipse.emf.emfstore.internal.server.accesscontrol.authentication.verifiers.LDAPVerifier.verifyPassword(LDAPVerifier.java:84)
>>>>>
>>>>>
>>>>>
>>>>> at
>>>>> org.eclipse.emf.emfstore.internal.server.accesscontrol.authentication.verifiers.VerifierChain.verifyPassword(VerifierChain.java:57)
>>>>>
>>>>>
>>>>>
>>>>> at
>>>>> org.eclipse.emf.emfstore.internal.server.accesscontrol.authentication.verifiers.AbstractAuthenticationControl.logIn(AbstractAuthenticationControl.java:70)
>>>>>
>>>>>
>>>>>
>>>>> at
>>>>> org.eclipse.emf.emfstore.internal.server.accesscontrol.AccessControlImpl.logIn(AccessControlImpl.java:128)
>>>>>
>>>>>
>>>>>
>>>>> at
>>>>> org.eclipse.emf.emfstore.internal.server.connection.xmlrpc.XmlRpcEmfStoreImpl.logIn(XmlRpcEmfStoreImpl.java:76)
>>>>>
>>>>>
>>>>>
>>>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>>>> at
>>>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>>>>>
>>>>>
>>>>>
>>>>> at
>>>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>>>>>
>>>>>
>>>>>
>>>>> at java.lang.reflect.Method.invoke(Method.java:597)
>>>>> at
>>>>> org.apache.xmlrpc.server.ReflectiveXmlRpcHandler.invoke(ReflectiveXmlRpcHandler.java:115)
>>>>>
>>>>>
>>>>>
>>>>> at
>>>>> org.apache.xmlrpc.server.ReflectiveXmlRpcHandler.execute(ReflectiveXmlRpcHandler.java:106)
>>>>>
>>>>>
>>>>>
>>>>> at
>>>>> org.apache.xmlrpc.server.XmlRpcServerWorker.execute(XmlRpcServerWorker.java:46)
>>>>>
>>>>>
>>>>>
>>>>> at
>>>>> org.apache.xmlrpc.server.XmlRpcServer.execute(XmlRpcServer.java:86)
>>>>> at
>>>>> org.apache.xmlrpc.server.XmlRpcStreamServer.execute(XmlRpcStreamServer.java:200)
>>>>>
>>>>>
>>>>>
>>>>> at
>>>>> org.apache.xmlrpc.webserver.Connection.run(Connection.java:208)
>>>>> at
>>>>> org.apache.xmlrpc.util.ThreadPool$Poolable$1.run(ThreadPool.java:68)
>>>>> Caused by: java.net.SocketException: Connection reset
>>>>> at java.net.SocketInputStream.read(SocketInputStream.java:168)
>>>>> at
>>>>> com.sun.net.ssl.internal.ssl.InputRecord.readFully(InputRecord.java:293)
>>>>>
>>>>> at
>>>>> com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:331)
>>>>> at
>>>>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:830)
>>>>>
>>>>>
>>>>>
>>>>> at
>>>>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1170)
>>>>>
>>>>>
>>>>>
>>>>> at
>>>>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:637)
>>>>>
>>>>>
>>>>>
>>>>> at
>>>>> com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:88)
>>>>>
>>>>>
>>>>> at
>>>>> java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
>>>>> at
>>>>> java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
>>>>> at
>>>>> com.sun.jndi.ldap.Connection.writeRequest(Connection.java:400)
>>>>> at
>>>>> com.sun.jndi.ldap.Connection.writeRequest(Connection.java:373)
>>>>> at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:332)
>>>>> at
>>>>> com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:190)
>>>>> ... 27 more
>>>>>
>>>>
>>>>
>>>
>>
>>
>
|
|
|
| Re: [EMFStore] LDAP connection fails [message #1349666 is a reply to message #1349576] |
Mon, 12 May 2014 09:41 |
Kristof Zalecki
Messages: 23
Registered: October 2013 |
Junior Member |
|
|
Update:
Finally found the solution for the SSL problem.
The following line is only needed for SSL connections and therefore
needs to be placed inside the IF-statement:
props.put("java.naming.ldap.factory.socket",
LDAPSSLSocketFactory.class.getCanonicalName());
, which looks like this:
private Properties anonymousBind() {
final Properties props = new Properties();
props.put("java.naming.ldap.version", "3");
props.put(Context.INITIAL_CONTEXT_FACTORY, DEFAULT_CTX);
props.put(Context.PROVIDER_URL, ldapUrl);
if (useSSL()) {
props.put("java.naming.ldap.factory.socket",
LDAPSSLSocketFactory.class.getCanonicalName());
props.put(Context.SECURITY_PROTOCOL, "ssl");
}
return props;
}
I' appending the corrected class if someone faces the same problems.
Am 12.05.2014 10:54, schrieb Zalecki, Kristof:
> Hi,
>
> I finally found a partly solution which at least lets me connect via SSL.
>
> I debugged the emfstore during login and found out, that the principal
> for the user I try to log in with is not set, so I added a line in
> the class LDAPVerifier.java in the package
> org.eclipse.emf.emfstore.internal.server.accesscontrol.authentication.verifiers
> and now it is working fine:
>
> private Properties authenticatedBind(String principal, String
> credentials) {
> final Properties bind = anonymousBind();
> bind.put(Context.SECURITY_PRINCIPAL, principal + "," + ldapBase);
> bind.put(Context.SECURITY_AUTHENTICATION, "simple");
> bind.put(Context.SECURITY_CREDENTIALS, credentials);
>
> return bind;
> }
>
> However, connecting without SSL is still not possible.
>
> Regards,
> Kristof
>
> Am 09.05.2014 12:07, schrieb Zalecki, Kristof:
>> Hi Maximilian,
>>
>> I have tried ApacheDS Studio for quiet a while now and I am not able to
>> get a connection. The problem seems to be, that emfstore is always
>> trying to establish a SSL connection. Even when the server is set to
>> create a simple ldap://xxxxxxxx:389 connection I get the following error
>> stack trace message:
>>
>> javax.naming.CommunicationException: simple bind failed: localHost:389
>> [Root exception is javax.net.ssl.SSLException: Unrecognized SSL message,
>> plaintext connection?]
>>
>>
>> And on the non-local server I get the following error stack trace
>> message:
>>
>> javax.naming.CommunicationException: simple bind failed:
>> ldap01.xxxx.xxxx:389 [Root exception is javax.net.ssl.SSLException:
>> java.net.SocketException: Connection reset]
>>
>>
>> Unfortunately the ldap server I need to connect with does not have the
>> option for SSL connections.
>>
>> Regards,
>> Kristof
>>
>> Am 05.05.2014 18:50, schrieb Maximilian Koegel:
>>> Hi Kristof,
>>>
>>> we have customers which use both the authenticated and the
>>> non-authenticated LDAP with EMFStore, so to my understanding it should
>>> work generally. However I am aware that we debugged these kind of
>>> problems for customers in the past and it always turned out to be some
>>> kind of misconfiguration.
>>> Would it be possible for you to test against a self-hosted LDAP server
>>> such as https://directory.apache.org/ to make sure the problem is not
>>> configuration related?
>>>
>>> Cheers,
>>> Maximilian
>>>
>>> Am 05.05.2014 09:33, schrieb Zalecki, Kristof:
>>>> Hi Maximilian,
>>>>
>>>> I actually tried both on different servers. The one I need is
>>>> the authenticated server though.
>>>> I use the login credentials of the ldap server for the ldap connection
>>>> and then I am trying to log into emfstore using a user from the active
>>>> directory whom I also saved in my emfstore.
>>>>
>>>> The example from the stack trace is an open server I found online and
>>>> should work without any login credentials, but every time I try to
>>>> connect I get the same result, regardless of whether I am using
>>>> authenticated ldap or not.
>>>>
>>>> Regards,
>>>> Kristof
>>>>
>>>>
>>>> Am 02.05.2014 13:17, schrieb Maximilian Koegel:
>>>>> Hi,
>>>>>
>>>>> do you use authenticated LDAP or LDAP only?
>>>>> The authuser is for authenticated LDAP only and will be used to
>>>>> initally
>>>>> connect to the LDAP server. It is not related to the actual user
>>>>> credentials to be authenticated by EMFStore.
>>>>>
>>>>> Cheers,
>>>>> Maximilian
>>>>>
>>>>> Am 30.04.2014 11:52, schrieb Zalecki, Kristof:
>>>>>> Hi,
>>>>>>
>>>>>> I configured my EMFStore server to connect to an Actice Directory
>>>>>> using
>>>>>> the right configuration and login credentials of the AD server, but
>>>>>> every time I try to login to my EMFStore server with a user I
>>>>>> previously
>>>>>> added it simply fails to connect.
>>>>>> The server adress is correct, since I am able to login using ldap
>>>>>> browser 4.5. I even tried loging into ldap servers which do not
>>>>>> need any
>>>>>> login credentials and also failed (like the one shown in the stack
>>>>>> trace). Connecting to the emfstore server from a different machine
>>>>>> and
>>>>>> working on the projects works so far, which would take out the
>>>>>> firewall
>>>>>> as a source for the faults.
>>>>>> I am still using emfstore 1.1 btw.
>>>>>>
>>>>>> My configuration in the es.properties files looks like this:
>>>>>>
>>>>>> emfstore.accesscontrol.authentication.ldap.1.url=ldap://x500.bund.de:389
>>>>>>
>>>>>>
>>>>>> emfstore.accesscontrol.authentication.ldap.1.base=o=Bund,c=DE
>>>>>> emfstore.accesscontrol.authentication.ldap.1.searchdn=sAMAccountName
>>>>>> emfstore.accesscontrol.authentication.ldap.1.authuser=peter
>>>>>> emfstore.accesscontrol.authentication.ldap.1.authpass=wurst
>>>>>>
>>>>>> Regards,
>>>>>> Kristof
>>>>>>
>>>>>> Here the stack trace:
>>>>>> LDAP Directory ldap://x500.bund.de:389 not found.
>>>>>> javax.naming.CommunicationException: simple bind failed:
>>>>>> x500.bund.de:389 [Root exception is java.net.SocketException:
>>>>>> Connection
>>>>>> reset]
>>>>>> at
>>>>>> com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:195)
>>>>>> at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2720)
>>>>>> at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:296)
>>>>>> at
>>>>>> com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
>>>>>> at
>>>>>> com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
>>>>>>
>>>>>> at
>>>>>> com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> at
>>>>>> com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
>>>>>>
>>>>>>
>>>>>>
>>>>>> at
>>>>>> javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
>>>>>>
>>>>>>
>>>>>> at
>>>>>> javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
>>>>>>
>>>>>> at javax.naming.InitialContext.init(InitialContext.java:223)
>>>>>> at javax.naming.InitialContext.<init>(InitialContext.java:197)
>>>>>> at
>>>>>> javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:82)
>>>>>>
>>>>>>
>>>>>>
>>>>>> at
>>>>>> org.eclipse.emf.emfstore.internal.server.accesscontrol.authentication.verifiers.LDAPVerifier.verifyPassword(LDAPVerifier.java:84)
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> at
>>>>>> org.eclipse.emf.emfstore.internal.server.accesscontrol.authentication.verifiers.VerifierChain.verifyPassword(VerifierChain.java:57)
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> at
>>>>>> org.eclipse.emf.emfstore.internal.server.accesscontrol.authentication.verifiers.AbstractAuthenticationControl.logIn(AbstractAuthenticationControl.java:70)
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> at
>>>>>> org.eclipse.emf.emfstore.internal.server.accesscontrol.AccessControlImpl.logIn(AccessControlImpl.java:128)
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> at
>>>>>> org.eclipse.emf.emfstore.internal.server.connection.xmlrpc.XmlRpcEmfStoreImpl.logIn(XmlRpcEmfStoreImpl.java:76)
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>>>>> at
>>>>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> at
>>>>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> at java.lang.reflect.Method.invoke(Method.java:597)
>>>>>> at
>>>>>> org.apache.xmlrpc.server.ReflectiveXmlRpcHandler.invoke(ReflectiveXmlRpcHandler.java:115)
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> at
>>>>>> org.apache.xmlrpc.server.ReflectiveXmlRpcHandler.execute(ReflectiveXmlRpcHandler.java:106)
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> at
>>>>>> org.apache.xmlrpc.server.XmlRpcServerWorker.execute(XmlRpcServerWorker.java:46)
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> at
>>>>>> org.apache.xmlrpc.server.XmlRpcServer.execute(XmlRpcServer.java:86)
>>>>>> at
>>>>>> org.apache.xmlrpc.server.XmlRpcStreamServer.execute(XmlRpcStreamServer.java:200)
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> at
>>>>>> org.apache.xmlrpc.webserver.Connection.run(Connection.java:208)
>>>>>> at
>>>>>> org.apache.xmlrpc.util.ThreadPool$Poolable$1.run(ThreadPool.java:68)
>>>>>> Caused by: java.net.SocketException: Connection reset
>>>>>> at java.net.SocketInputStream.read(SocketInputStream.java:168)
>>>>>> at
>>>>>> com.sun.net.ssl.internal.ssl.InputRecord.readFully(InputRecord.java:293)
>>>>>>
>>>>>>
>>>>>> at
>>>>>> com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:331)
>>>>>> at
>>>>>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:830)
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> at
>>>>>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1170)
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> at
>>>>>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:637)
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> at
>>>>>> com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:88)
>>>>>>
>>>>>>
>>>>>>
>>>>>> at
>>>>>> java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
>>>>>>
>>>>>> at
>>>>>> java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
>>>>>> at
>>>>>> com.sun.jndi.ldap.Connection.writeRequest(Connection.java:400)
>>>>>> at
>>>>>> com.sun.jndi.ldap.Connection.writeRequest(Connection.java:373)
>>>>>> at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:332)
>>>>>> at
>>>>>> com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:190)
>>>>>> ... 27 more
>>>>>>
>>>>>
>>>>>
>>>>
>>>
>>>
>>
/*******************************************************************************
* Copyright (c) 2008-2011 Chair for Applied Software Engineering,
* Technische Universitaet Muenchen.
* All rights reserved. This program and the accompanying materials
* are made available under the terms of the Eclipse Public License v1.0
* which accompanies this distribution, and is available at
* http://www.eclipse.org/legal/epl-v10.html
*
* Contributors:
* Otto von Wesendonk - initial API and implementation
******************************************************************************/
package org.eclipse.emf.emfstore.internal.server.accesscontrol.authentication.verifiers;
import java.util.Properties;
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import org.eclipse.emf.emfstore.internal.common.model.util.ModelUtil;
import org.eclipse.emf.emfstore.internal.server.connection.ServerKeyStoreManager;
import org.eclipse.emf.emfstore.internal.server.exceptions.AccessControlException;
import org.eclipse.emf.emfstore.internal.server.model.accesscontrol.ACUser;
/**
* Verifies username/password using LDAP.
*
* @author Wesendonk
*/
public class LDAPVerifier extends AbstractAuthenticationControl {
private final String ldapUrl;
private final String ldapBase;
private final String searchDn;
private boolean useSSL;
private static final String DEFAULT_CTX = "com.sun.jndi.ldap.LdapCtxFactory";
private final String authUser;
private final String authPassword;
/**
* Default constructor.
*
* @param ldapUrl url, if url starts with ldaps:// SSL is used.
* @param ldapBase base
* @param searchDn dn
* @param authUser user to allow access to server
* @param authPassword password of user to allow access to server
*/
public LDAPVerifier(String ldapUrl, String ldapBase, String searchDn, String authUser, String authPassword) {
this.ldapUrl = ldapUrl;
this.ldapBase = ldapBase;
this.searchDn = searchDn;
this.authUser = authUser;
this.authPassword = authPassword;
if (ldapUrl.startsWith("ldaps://")) {
useSSL = true;
ServerKeyStoreManager.getInstance().setJavaSSLProperties();
}
}
/**
*
* {@inheritDoc}
*
* @see org.eclipse.emf.emfstore.internal.server.accesscontrol.authentication.verifiers.AbstractAuthenticationControl#verifyPassword(org.eclipse.emf.emfstore.internal.server.model.accesscontrol.ACUser,
* java.lang.String, java.lang.String)
*/
@Override
public boolean verifyPassword(ACUser resolvedUser, String username, String password) throws AccessControlException {
DirContext dirContext = null;
// anonymous bind and resolve user
try {
if (authUser != null && authPassword != null) {
// authenticated bind and resolve user
final Properties authenticatedBind = authenticatedBind(authUser, authPassword);
authenticatedBind.put(Context.SECURITY_PRINCIPAL, authUser);
dirContext = new InitialDirContext(authenticatedBind);
} else {
// anonymous bind and resolve user
dirContext = new InitialDirContext(anonymousBind());
}
} catch (final NamingException e) {
ModelUtil.logWarning("LDAP Directory " + ldapUrl + " not found.", e);
return false;
}
final String resolvedName = resolveUser(username, dirContext);
if (resolvedName == null) {
return false;
}
// Authenticated bind and check user's password
try {
dirContext = new InitialDirContext(authenticatedBind(resolvedName, password));
} catch (final NamingException e) {
e.printStackTrace();
ModelUtil.logWarning("Login failed on " + ldapBase + " .", e);
return false;
}
return true;
}
private Properties anonymousBind() {
final Properties props = new Properties();
props.put("java.naming.ldap.version", "3");
props.put(Context.INITIAL_CONTEXT_FACTORY, DEFAULT_CTX);
props.put(Context.PROVIDER_URL, ldapUrl);
if (useSSL()) {
props.put("java.naming.ldap.factory.socket",
LDAPSSLSocketFactory.class.getCanonicalName());
props.put(Context.SECURITY_PROTOCOL, "ssl");
}
return props;
}
private boolean useSSL() {
return useSSL;
}
private Properties authenticatedBind(String principal, String credentials) {
final Properties bind = anonymousBind();
bind.put(Context.SECURITY_AUTHENTICATION, "simple");
bind.put(Context.SECURITY_PRINCIPAL, principal + "," + ldapBase);
bind.put(Context.SECURITY_CREDENTIALS, credentials);
return bind;
}
private String resolveUser(String username, DirContext dirContext) {
final SearchControls constraints = new SearchControls();
constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
NamingEnumeration<SearchResult> results = null;
try {
results = dirContext.search(ldapBase, "(& (" + searchDn + "=" + username + ") (objectclass=*))",
constraints);
} catch (final NamingException e) {
ModelUtil.logWarning("Search failed, base = " + ldapBase, e);
return null;
}
if (results == null) {
return null;
}
String resolvedName = null;
try {
while (results.hasMoreElements()) {
final SearchResult sr = results.next();
if (sr != null) {
resolvedName = sr.getName();
}
break;
}
} catch (final NamingException e) {
ModelUtil.logException("Search returned invalid results, base = " + ldapBase, e);
return null;
}
if (resolvedName == null) {
ModelUtil.logWarning("Distinguished name not found on " + ldapBase);
return null;
}
return resolvedName;
}
}
|
|
|
| Re: [EMFStore] LDAP connection fails [message #1352587 is a reply to message #1349666] |
Tue, 13 May 2014 14:33 |
Edgar Mueller
Messages: 89
Registered: March 2011 |
Member |
|
|
Hi Kristof,
thanks for spotting the error! We will integrate the fix for this issue
into the 1st 1.3.0 milestone release, which is to be released this
friday, 16th of May.
Thanks!
Cheers,
Edgar
Am 12.05.2014 11:41, schrieb Zalecki, Kristof:
> Update:
>
> Finally found the solution for the SSL problem.
>
> The following line is only needed for SSL connections and therefore
> needs to be placed inside the IF-statement:
>
> props.put("java.naming.ldap.factory.socket",
> LDAPSSLSocketFactory.class.getCanonicalName());
>
> , which looks like this:
>
> private Properties anonymousBind() {
> final Properties props = new Properties();
> props.put("java.naming.ldap.version", "3");
> props.put(Context.INITIAL_CONTEXT_FACTORY, DEFAULT_CTX);
> props.put(Context.PROVIDER_URL, ldapUrl);
>
> if (useSSL()) {
> props.put("java.naming.ldap.factory.socket",
> LDAPSSLSocketFactory.class.getCanonicalName());
> props.put(Context.SECURITY_PROTOCOL, "ssl");
> }
>
> return props;
> }
>
> I' appending the corrected class if someone faces the same problems.
>
>
> Am 12.05.2014 10:54, schrieb Zalecki, Kristof:
>> Hi,
>>
>> I finally found a partly solution which at least lets me connect via SSL.
>>
>> I debugged the emfstore during login and found out, that the principal
>> for the user I try to log in with is not set, so I added a line in
>> the class LDAPVerifier.java in the package
>> org.eclipse.emf.emfstore.internal.server.accesscontrol.authentication.verifiers
>>
>> and now it is working fine:
>>
>> private Properties authenticatedBind(String principal, String
>> credentials) {
>> final Properties bind = anonymousBind();
>> bind.put(Context.SECURITY_PRINCIPAL, principal + "," +
>> ldapBase);
>> bind.put(Context.SECURITY_AUTHENTICATION, "simple");
>> bind.put(Context.SECURITY_CREDENTIALS, credentials);
>>
>> return bind;
>> }
>>
>> However, connecting without SSL is still not possible.
>>
>> Regards,
>> Kristof
>>
>> Am 09.05.2014 12:07, schrieb Zalecki, Kristof:
>>> Hi Maximilian,
>>>
>>> I have tried ApacheDS Studio for quiet a while now and I am not able to
>>> get a connection. The problem seems to be, that emfstore is always
>>> trying to establish a SSL connection. Even when the server is set to
>>> create a simple ldap://xxxxxxxx:389 connection I get the following error
>>> stack trace message:
>>>
>>> javax.naming.CommunicationException: simple bind failed: localHost:389
>>> [Root exception is javax.net.ssl.SSLException: Unrecognized SSL message,
>>> plaintext connection?]
>>>
>>>
>>> And on the non-local server I get the following error stack trace
>>> message:
>>>
>>> javax.naming.CommunicationException: simple bind failed:
>>> ldap01.xxxx.xxxx:389 [Root exception is javax.net.ssl.SSLException:
>>> java.net.SocketException: Connection reset]
>>>
>>>
>>> Unfortunately the ldap server I need to connect with does not have the
>>> option for SSL connections.
>>>
>>> Regards,
>>> Kristof
>>>
>>> Am 05.05.2014 18:50, schrieb Maximilian Koegel:
>>>> Hi Kristof,
>>>>
>>>> we have customers which use both the authenticated and the
>>>> non-authenticated LDAP with EMFStore, so to my understanding it should
>>>> work generally. However I am aware that we debugged these kind of
>>>> problems for customers in the past and it always turned out to be some
>>>> kind of misconfiguration.
>>>> Would it be possible for you to test against a self-hosted LDAP server
>>>> such as https://directory.apache.org/ to make sure the problem is not
>>>> configuration related?
>>>>
>>>> Cheers,
>>>> Maximilian
>>>>
>>>> Am 05.05.2014 09:33, schrieb Zalecki, Kristof:
>>>>> Hi Maximilian,
>>>>>
>>>>> I actually tried both on different servers. The one I need is
>>>>> the authenticated server though.
>>>>> I use the login credentials of the ldap server for the ldap connection
>>>>> and then I am trying to log into emfstore using a user from the active
>>>>> directory whom I also saved in my emfstore.
>>>>>
>>>>> The example from the stack trace is an open server I found online and
>>>>> should work without any login credentials, but every time I try to
>>>>> connect I get the same result, regardless of whether I am using
>>>>> authenticated ldap or not.
>>>>>
>>>>> Regards,
>>>>> Kristof
>>>>>
>>>>>
>>>>> Am 02.05.2014 13:17, schrieb Maximilian Koegel:
>>>>>> Hi,
>>>>>>
>>>>>> do you use authenticated LDAP or LDAP only?
>>>>>> The authuser is for authenticated LDAP only and will be used to
>>>>>> initally
>>>>>> connect to the LDAP server. It is not related to the actual user
>>>>>> credentials to be authenticated by EMFStore.
>>>>>>
>>>>>> Cheers,
>>>>>> Maximilian
>>>>>>
>>>>>> Am 30.04.2014 11:52, schrieb Zalecki, Kristof:
>>>>>>> Hi,
>>>>>>>
>>>>>>> I configured my EMFStore server to connect to an Actice Directory
>>>>>>> using
>>>>>>> the right configuration and login credentials of the AD server, but
>>>>>>> every time I try to login to my EMFStore server with a user I
>>>>>>> previously
>>>>>>> added it simply fails to connect.
>>>>>>> The server adress is correct, since I am able to login using ldap
>>>>>>> browser 4.5. I even tried loging into ldap servers which do not
>>>>>>> need any
>>>>>>> login credentials and also failed (like the one shown in the stack
>>>>>>> trace). Connecting to the emfstore server from a different machine
>>>>>>> and
>>>>>>> working on the projects works so far, which would take out the
>>>>>>> firewall
>>>>>>> as a source for the faults.
>>>>>>> I am still using emfstore 1.1 btw.
>>>>>>>
>>>>>>> My configuration in the es.properties files looks like this:
>>>>>>>
>>>>>>> emfstore.accesscontrol.authentication.ldap.1.url=ldap://x500.bund.de:389
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> emfstore.accesscontrol.authentication.ldap.1.base=o=Bund,c=DE
>>>>>>> emfstore.accesscontrol.authentication.ldap.1.searchdn=sAMAccountName
>>>>>>> emfstore.accesscontrol.authentication.ldap.1.authuser=peter
>>>>>>> emfstore.accesscontrol.authentication.ldap.1.authpass=wurst
>>>>>>>
>>>>>>> Regards,
>>>>>>> Kristof
>>>>>>>
>>>>>>> Here the stack trace:
>>>>>>> LDAP Directory ldap://x500.bund.de:389 not found.
>>>>>>> javax.naming.CommunicationException: simple bind failed:
>>>>>>> x500.bund.de:389 [Root exception is java.net.SocketException:
>>>>>>> Connection
>>>>>>> reset]
>>>>>>> at
>>>>>>> com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:195)
>>>>>>> at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2720)
>>>>>>> at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:296)
>>>>>>> at
>>>>>>> com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
>>>>>>>
>>>>>>> at
>>>>>>> com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
>>>>>>>
>>>>>>>
>>>>>>> at
>>>>>>> com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> at
>>>>>>> com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> at
>>>>>>> javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> at
>>>>>>> javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
>>>>>>>
>>>>>>>
>>>>>>> at javax.naming.InitialContext.init(InitialContext.java:223)
>>>>>>> at javax.naming.InitialContext.<init>(InitialContext.java:197)
>>>>>>> at
>>>>>>> javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:82)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> at
>>>>>>> org.eclipse.emf.emfstore.internal.server.accesscontrol.authentication.verifiers.LDAPVerifier.verifyPassword(LDAPVerifier.java:84)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> at
>>>>>>> org.eclipse.emf.emfstore.internal.server.accesscontrol.authentication.verifiers.VerifierChain.verifyPassword(VerifierChain.java:57)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> at
>>>>>>> org.eclipse.emf.emfstore.internal.server.accesscontrol.authentication.verifiers.AbstractAuthenticationControl.logIn(AbstractAuthenticationControl.java:70)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> at
>>>>>>> org.eclipse.emf.emfstore.internal.server.accesscontrol.AccessControlImpl.logIn(AccessControlImpl.java:128)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> at
>>>>>>> org.eclipse.emf.emfstore.internal.server.connection.xmlrpc.XmlRpcEmfStoreImpl.logIn(XmlRpcEmfStoreImpl.java:76)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>>>>>> at
>>>>>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> at
>>>>>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> at java.lang.reflect.Method.invoke(Method.java:597)
>>>>>>> at
>>>>>>> org.apache.xmlrpc.server.ReflectiveXmlRpcHandler.invoke(ReflectiveXmlRpcHandler.java:115)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> at
>>>>>>> org.apache.xmlrpc.server.ReflectiveXmlRpcHandler.execute(ReflectiveXmlRpcHandler.java:106)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> at
>>>>>>> org.apache.xmlrpc.server.XmlRpcServerWorker.execute(XmlRpcServerWorker.java:46)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> at
>>>>>>> org.apache.xmlrpc.server.XmlRpcServer.execute(XmlRpcServer.java:86)
>>>>>>> at
>>>>>>> org.apache.xmlrpc.server.XmlRpcStreamServer.execute(XmlRpcStreamServer.java:200)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> at
>>>>>>> org.apache.xmlrpc.webserver.Connection.run(Connection.java:208)
>>>>>>> at
>>>>>>> org.apache.xmlrpc.util.ThreadPool$Poolable$1.run(ThreadPool.java:68)
>>>>>>> Caused by: java.net.SocketException: Connection reset
>>>>>>> at java.net.SocketInputStream.read(SocketInputStream.java:168)
>>>>>>> at
>>>>>>> com.sun.net.ssl.internal.ssl.InputRecord.readFully(InputRecord.java:293)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> at
>>>>>>> com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:331)
>>>>>>> at
>>>>>>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:830)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> at
>>>>>>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1170)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> at
>>>>>>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:637)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> at
>>>>>>> com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:88)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> at
>>>>>>> java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
>>>>>>>
>>>>>>>
>>>>>>> at
>>>>>>> java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
>>>>>>> at
>>>>>>> com.sun.jndi.ldap.Connection.writeRequest(Connection.java:400)
>>>>>>> at
>>>>>>> com.sun.jndi.ldap.Connection.writeRequest(Connection.java:373)
>>>>>>> at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:332)
>>>>>>> at
>>>>>>> com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:190)
>>>>>>> ... 27 more
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>
>>>>
>>>
>
--
Edgar Mueller
Get Professional Eclipse Support: http://eclipsesource.com/munich
|
|
|
| Re: [EMFStore] LDAP connection fails [message #1354441 is a reply to message #1349666] |
Wed, 14 May 2014 08:57 |
Maximilian Koegel
Messages: 253
Registered: July 2009 |
Senior Member |
|
|
Hi Kristof,
sorry for the delayed reply, we will open a bug and accept this change
as a contribution with your consent. Edgar will get in contact with you.
Cheers,
Maximilian
Am 12.05.2014 11:41, schrieb Zalecki, Kristof:
> Update:
>
> Finally found the solution for the SSL problem.
>
> The following line is only needed for SSL connections and therefore
> needs to be placed inside the IF-statement:
>
> props.put("java.naming.ldap.factory.socket",
> LDAPSSLSocketFactory.class.getCanonicalName());
>
> , which looks like this:
>
> private Properties anonymousBind() {
> final Properties props = new Properties();
> props.put("java.naming.ldap.version", "3");
> props.put(Context.INITIAL_CONTEXT_FACTORY, DEFAULT_CTX);
> props.put(Context.PROVIDER_URL, ldapUrl);
>
> if (useSSL()) {
> props.put("java.naming.ldap.factory.socket",
> LDAPSSLSocketFactory.class.getCanonicalName());
> props.put(Context.SECURITY_PROTOCOL, "ssl");
> }
>
> return props;
> }
>
> I' appending the corrected class if someone faces the same problems.
>
>
> Am 12.05.2014 10:54, schrieb Zalecki, Kristof:
>> Hi,
>>
>> I finally found a partly solution which at least lets me connect via SSL.
>>
>> I debugged the emfstore during login and found out, that the principal
>> for the user I try to log in with is not set, so I added a line in
>> the class LDAPVerifier.java in the package
>> org.eclipse.emf.emfstore.internal.server.accesscontrol.authentication.verifiers
>>
>> and now it is working fine:
>>
>> private Properties authenticatedBind(String principal, String
>> credentials) {
>> final Properties bind = anonymousBind();
>> bind.put(Context.SECURITY_PRINCIPAL, principal + "," +
>> ldapBase);
>> bind.put(Context.SECURITY_AUTHENTICATION, "simple");
>> bind.put(Context.SECURITY_CREDENTIALS, credentials);
>>
>> return bind;
>> }
>>
>> However, connecting without SSL is still not possible.
>>
>> Regards,
>> Kristof
>>
>> Am 09.05.2014 12:07, schrieb Zalecki, Kristof:
>>> Hi Maximilian,
>>>
>>> I have tried ApacheDS Studio for quiet a while now and I am not able to
>>> get a connection. The problem seems to be, that emfstore is always
>>> trying to establish a SSL connection. Even when the server is set to
>>> create a simple ldap://xxxxxxxx:389 connection I get the following error
>>> stack trace message:
>>>
>>> javax.naming.CommunicationException: simple bind failed: localHost:389
>>> [Root exception is javax.net.ssl.SSLException: Unrecognized SSL message,
>>> plaintext connection?]
>>>
>>>
>>> And on the non-local server I get the following error stack trace
>>> message:
>>>
>>> javax.naming.CommunicationException: simple bind failed:
>>> ldap01.xxxx.xxxx:389 [Root exception is javax.net.ssl.SSLException:
>>> java.net.SocketException: Connection reset]
>>>
>>>
>>> Unfortunately the ldap server I need to connect with does not have the
>>> option for SSL connections.
>>>
>>> Regards,
>>> Kristof
>>>
>>> Am 05.05.2014 18:50, schrieb Maximilian Koegel:
>>>> Hi Kristof,
>>>>
>>>> we have customers which use both the authenticated and the
>>>> non-authenticated LDAP with EMFStore, so to my understanding it should
>>>> work generally. However I am aware that we debugged these kind of
>>>> problems for customers in the past and it always turned out to be some
>>>> kind of misconfiguration.
>>>> Would it be possible for you to test against a self-hosted LDAP server
>>>> such as https://directory.apache.org/ to make sure the problem is not
>>>> configuration related?
>>>>
>>>> Cheers,
>>>> Maximilian
>>>>
>>>> Am 05.05.2014 09:33, schrieb Zalecki, Kristof:
>>>>> Hi Maximilian,
>>>>>
>>>>> I actually tried both on different servers. The one I need is
>>>>> the authenticated server though.
>>>>> I use the login credentials of the ldap server for the ldap connection
>>>>> and then I am trying to log into emfstore using a user from the active
>>>>> directory whom I also saved in my emfstore.
>>>>>
>>>>> The example from the stack trace is an open server I found online and
>>>>> should work without any login credentials, but every time I try to
>>>>> connect I get the same result, regardless of whether I am using
>>>>> authenticated ldap or not.
>>>>>
>>>>> Regards,
>>>>> Kristof
>>>>>
>>>>>
>>>>> Am 02.05.2014 13:17, schrieb Maximilian Koegel:
>>>>>> Hi,
>>>>>>
>>>>>> do you use authenticated LDAP or LDAP only?
>>>>>> The authuser is for authenticated LDAP only and will be used to
>>>>>> initally
>>>>>> connect to the LDAP server. It is not related to the actual user
>>>>>> credentials to be authenticated by EMFStore.
>>>>>>
>>>>>> Cheers,
>>>>>> Maximilian
>>>>>>
>>>>>> Am 30.04.2014 11:52, schrieb Zalecki, Kristof:
>>>>>>> Hi,
>>>>>>>
>>>>>>> I configured my EMFStore server to connect to an Actice Directory
>>>>>>> using
>>>>>>> the right configuration and login credentials of the AD server, but
>>>>>>> every time I try to login to my EMFStore server with a user I
>>>>>>> previously
>>>>>>> added it simply fails to connect.
>>>>>>> The server adress is correct, since I am able to login using ldap
>>>>>>> browser 4.5. I even tried loging into ldap servers which do not
>>>>>>> need any
>>>>>>> login credentials and also failed (like the one shown in the stack
>>>>>>> trace). Connecting to the emfstore server from a different machine
>>>>>>> and
>>>>>>> working on the projects works so far, which would take out the
>>>>>>> firewall
>>>>>>> as a source for the faults.
>>>>>>> I am still using emfstore 1.1 btw.
>>>>>>>
>>>>>>> My configuration in the es.properties files looks like this:
>>>>>>>
>>>>>>> emfstore.accesscontrol.authentication.ldap.1.url=ldap://x500.bund.de:389
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> emfstore.accesscontrol.authentication.ldap.1.base=o=Bund,c=DE
>>>>>>> emfstore.accesscontrol.authentication.ldap.1.searchdn=sAMAccountName
>>>>>>> emfstore.accesscontrol.authentication.ldap.1.authuser=peter
>>>>>>> emfstore.accesscontrol.authentication.ldap.1.authpass=wurst
>>>>>>>
>>>>>>> Regards,
>>>>>>> Kristof
>>>>>>>
>>>>>>> Here the stack trace:
>>>>>>> LDAP Directory ldap://x500.bund.de:389 not found.
>>>>>>> javax.naming.CommunicationException: simple bind failed:
>>>>>>> x500.bund.de:389 [Root exception is java.net.SocketException:
>>>>>>> Connection
>>>>>>> reset]
>>>>>>> at
>>>>>>> com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:195)
>>>>>>> at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2720)
>>>>>>> at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:296)
>>>>>>> at
>>>>>>> com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
>>>>>>>
>>>>>>> at
>>>>>>> com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
>>>>>>>
>>>>>>>
>>>>>>> at
>>>>>>> com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> at
>>>>>>> com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> at
>>>>>>> javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> at
>>>>>>> javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
>>>>>>>
>>>>>>>
>>>>>>> at javax.naming.InitialContext.init(InitialContext.java:223)
>>>>>>> at javax.naming.InitialContext.<init>(InitialContext.java:197)
>>>>>>> at
>>>>>>> javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:82)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> at
>>>>>>> org.eclipse.emf.emfstore.internal.server.accesscontrol.authentication.verifiers.LDAPVerifier.verifyPassword(LDAPVerifier.java:84)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> at
>>>>>>> org.eclipse.emf.emfstore.internal.server.accesscontrol.authentication.verifiers.VerifierChain.verifyPassword(VerifierChain.java:57)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> at
>>>>>>> org.eclipse.emf.emfstore.internal.server.accesscontrol.authentication.verifiers.AbstractAuthenticationControl.logIn(AbstractAuthenticationControl.java:70)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> at
>>>>>>> org.eclipse.emf.emfstore.internal.server.accesscontrol.AccessControlImpl.logIn(AccessControlImpl.java:128)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> at
>>>>>>> org.eclipse.emf.emfstore.internal.server.connection.xmlrpc.XmlRpcEmfStoreImpl.logIn(XmlRpcEmfStoreImpl.java:76)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>>>>>> at
>>>>>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> at
>>>>>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> at java.lang.reflect.Method.invoke(Method.java:597)
>>>>>>> at
>>>>>>> org.apache.xmlrpc.server.ReflectiveXmlRpcHandler.invoke(ReflectiveXmlRpcHandler.java:115)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> at
>>>>>>> org.apache.xmlrpc.server.ReflectiveXmlRpcHandler.execute(ReflectiveXmlRpcHandler.java:106)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> at
>>>>>>> org.apache.xmlrpc.server.XmlRpcServerWorker.execute(XmlRpcServerWorker.java:46)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> at
>>>>>>> org.apache.xmlrpc.server.XmlRpcServer.execute(XmlRpcServer.java:86)
>>>>>>> at
>>>>>>> org.apache.xmlrpc.server.XmlRpcStreamServer.execute(XmlRpcStreamServer.java:200)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> at
>>>>>>> org.apache.xmlrpc.webserver.Connection.run(Connection.java:208)
>>>>>>> at
>>>>>>> org.apache.xmlrpc.util.ThreadPool$Poolable$1.run(ThreadPool.java:68)
>>>>>>> Caused by: java.net.SocketException: Connection reset
>>>>>>> at java.net.SocketInputStream.read(SocketInputStream.java:168)
>>>>>>> at
>>>>>>> com.sun.net.ssl.internal.ssl.InputRecord.readFully(InputRecord.java:293)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> at
>>>>>>> com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:331)
>>>>>>> at
>>>>>>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:830)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> at
>>>>>>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1170)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> at
>>>>>>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:637)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> at
>>>>>>> com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:88)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> at
>>>>>>> java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
>>>>>>>
>>>>>>>
>>>>>>> at
>>>>>>> java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
>>>>>>> at
>>>>>>> com.sun.jndi.ldap.Connection.writeRequest(Connection.java:400)
>>>>>>> at
>>>>>>> com.sun.jndi.ldap.Connection.writeRequest(Connection.java:373)
>>>>>>> at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:332)
>>>>>>> at
>>>>>>> com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:190)
>>>>>>> ... 27 more
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>
>>>>
>>>
>
--
Maximilian Kögel
Get Professional Eclipse Support: http://eclipsesource.com/munich
|
|
|
Goto Forum:
Current Time: Fri Apr 19 22:16:53 GMT 2024
Powered by FUDForum. Page generated in 0.03752 seconds |
] 
Search
Help
Register
Login
Home
