Adobe Experience Manager Sites & More

Hi,

We are not able to successfully integrate CQ with LDAP. 

Based on the existing LDAP integration documentation, we are unable to get CQ to start when the following updates were done
-updated repository.xml, per the steps outlined in the documentation
-updated quickstart.bat to include the ldap config file
-included the ldap config file

The error logs have this error :

31.03.2014 09:57:20.560 *ERROR* [FelixStartLevel] com.day.crx.sling.server [com.day.crx.sling.server.impl.jmx.ManagedRepository] The activate method has thrown an exception (javax.jcr.RepositoryException: Neither JAAS nor RepositoryConfig contained a valid configuration for com.day.crx) javax.jcr.RepositoryException: Neither JAAS nor RepositoryConfig contained a valid configuration for com.day.crx

Based on what we found, one of the reason for this could be the ldap_login.conf couldn't be found. We tried the following but it did not help

1) Specifying an absolute path to the configuration file (with Djava.security.auth.login.config=...)

We even put the ldap_login.conf file in the same folder where the quickstart.bat is and set Djava.security.auth.login.config=ldap_login.conf.  This also did not work.  Can anyone help give pointers? 

Here is an excerpt of the quickstart.bat file we are using

*******************************************************

::* use jaas.config
set CQ_USE_JAAS=true

::* config for jaas
set CQ_JAAS_CONFIG=ldap_login.conf

::* default JVM options
set CQ_JVM_OPTS=-Xmx1024m -XX:MaxPermSize=256M

::* ------------------------------------------------------------------------------
::* do not configure below this point
::* ------------------------------------------------------------------------------

chdir /D %~dp0
cd ..\..
set START_OPTS=-use-control-port
if defined CQ_PORT            set START_OPTS=%START_OPTS% -p %CQ_PORT%
if defined CQ_GUI             set START_OPTS=%START_OPTS% -gui
if defined CQ_NOBROWSER       set START_OPTS=%START_OPTS% -nobrowser
if defined CQ_VERBOSE         set START_OPTS=%START_OPTS% -verbose
if defined CQ_NOFORK          set START_OPTS=%START_OPTS% -nofork
if defined CQ_FORK            set START_OPTS=%START_OPTS% -fork
if defined CQ_FORKARGS        set START_OPTS=%START_OPTS% -forkargs %CQ_FORKARGS%
if defined CQ_RUNMODE         set START_OPTS=%START_OPTS% -r %CQ_RUNMODE%
if defined CQ_BASEFOLDER      set START_OPTS=%START_OPTS% -b %CQ_BASEFOLDER%
if defined CQ_LOWMEMACTION    set START_OPTS=%START_OPTS% -low-mem-action %CQ_LOWMEMACTION%
if defined CQ_HOST            set CQ_JVM_OPTS=%CQ_JVM_OPTS% -Dorg.apache.felix.http.host=%CQ_HOST%
if defined CQ_HOST            set START_OPTS=%START_OPTS% -a %CQ_HOST%
if defined CQ_USE_JAAS        set CQ_JVM_OPTS=%CQ_JVM_OPTS% -Djava.security.auth.login.config=%CQ_JAAS_CONFIG%
if not defined CQ_JARFILE     for %%X in (*.jar) do set CQ_JARFILE=%%X

tasklist > oldTaskList.txt
start "CQ" cmd.exe /K java %CQ_JVM_OPTS% -jar %CQ_JARFILE% %START_OPTS%
tasklist > newTaskList.txt

*******************************************

Here is an excerpt of the repository.xml file we edited, based on what we could understand from the documentation

********************************************

    <!--
    security configuration
    -->
    <Security appName="com.day.crx">
        <!--
            security manager:
            class: FQN of class implementing the JackrabbitSecurityManager interface
        -->
        <!--SecurityManager class="com.day.crx.core.CRXSecurityManager" workspaceName="" -->
        <SecurityManager class="com.day.crx.core.CRXSecurityManager">
            <WorkspaceAccessManager class="org.apache.jackrabbit.core.security.simple.SimpleWorkspaceAccessManager"/>
            <!--
            optional user manager configuration
            -->
            <UserManager class="org.apache.jackrabbit.core.security.user.UserPerWorkspaceUserManager">
                <param name="usersPath" value="/home/users"/>
                <param name="groupsPath" value="/home/groups"/>
                <param name="defaultDepth" value="1"/>
                <param name="autoExpandTree" value="true"/>
                <AuthorizableAction class="org.apache.jackrabbit.core.security.user.action.AccessControlAction">
                  <param name="groupPrivilegeNames" value="jcr:read"/>
                  <param name="userPrivilegeNames" value="jcr:all"/>
                </AuthorizableAction>
                <!--AuthorizableAction class="com.day.crx.core.ntlm.NTLMAuthorizableAction"/>-->
            </UserManager>

            <!--
            optional workspace access manager configuration
           -->
        </SecurityManager>
        <!--
        access manager:
        class: FQN of class implementing the AccessManager interface
        -->
        <AccessManager class="org.apache.jackrabbit.core.security.DefaultAccessManager"></AccessManager>
        <!--
        Use LoginModule authenticating against repository itself
        -->
        <!-- // see http://dev.day.com/docs/en/cq/current/core/administering/ldap_authentication.html
        <LoginModule class="com.day.crx.core.CRXLoginModule">
            <param name="anonymousId" value="anonymous"/>
            <param name="adminId" value="admin"/>
            <param name="disableNTLMAuth" value="true"/>
            <param name="tokenExpiration" value="43200000"/>
        </LoginModule>
        -->
    </Security>

************************************************

Thank you.