Getting exception while Integrating Active Directory With CQ5

Avatar

Avatar

Rajesh_Kamalath

Avatar

Rajesh_Kamalath

Rajesh_Kamalath

15-10-2015

Hi,

I've been struggling with getting Active Directory to integrate with CQ5. I'm currently getting the bellow error message. 

*DEBUG* [10.25.153.101 [1431398640377] POST /libs/granite/core/content/login.html/j_security_check HTTP/1.1] com.day.crx.security.ldap.LDAPEntryResolver search below OU=North America,DC=PEROOT,DC=com with filter (&(uid=PEROOT\vkamara)(objectclass=person))
12.05.2015 02:44:00.601 *WARN* [10.25.153.101 [1431398640377] POST /libs/granite/core/content/login.html/j_security_check HTTP/1.1] com.day.crx.security.ldap.principals.LDAPPrincipalProvider Error finding user PEROOT\vkamara com.day.crx.security.ldap.LDAPRepositoryException: LDAP error: com.day.ldap.LDAPException: error result (49); 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1; Invalid credentials
        at com.day.crx.security.ldap.principals.LDAPPrincipalProvider.findUser(LDAPPrincipalProvider.java:396)
        at com.day.crx.security.ldap.LDAPLoginModule.getPrincipal(LDAPLoginModule.java:505)

 org.apache.jackrabbit.core.security.authentication.AbstractLoginModule.login(AbstractLoginModule.java:319)
        at com.day.crx.security.ldap.LDAPLoginModule.login(LDAPLoginModule.java:234)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at com.day.crx.mount.virtual.VirtualRepository$1.call(VirtualRepository.java:108)
        at com.day.crx.mount.Util.callWithContextClassLoader(Util.java:123)
        at com.day.crx.mount.virtual.VirtualRepository.login(VirtualRepository.java:105)
        at com.day.crx.sling.server.impl.SlingRepositoryWrapper.login(SlingRepositoryWrapper.java:127)
  org.apache.sling.jcr.resource.internal.helper.jcr.JcrResourceProviderFactory.getResourceProviderInternal(JcrResourceProviderFactory.java:144)             org.apache.sling.resourceresolver.impl.ResourceResolverFactoryImpl.getResourceResolver(ResourceResolverFactoryImpl.java:76)
        at org.apache.sling.auth.core.impl.SlingAuthenticator.getResolver(SlingAuthenticator.java:762)
        at org.apache.sling.auth.core.impl.SlingAuthenticator.doHandleSecurity(SlingAuthenticator.java:483)
        at org.apache.sling.auth.core.impl.SlingAuthenticator.handleSecurity(SlingAuthenticator.java:438)
        at org.apache.sling.engine.impl.SlingHttpContext.handleSecurity(SlingHttpContext.java:148)
        at org.apache.felix.http.base.internal.context.ServletContextImpl.handleSecurity(ServletContextImpl.java:272)
      (HttpServlet.java:820)
        at com.day.j2ee.servletengine.ServletRuntimeEnvironment.service(ServletRuntimeEnvironment.java:250)
        at com.day.j2ee.servletengine.RequestDispatcherImpl.doFilter(RequestDispatcherImpl.java:321)
        at com.day.j2ee.servletengine.RequestDispatcherImpl.service(RequestDispatcherImpl.java:340)
        at com.day.j2ee.servletengine.RequestDispatcherImpl.service(RequestDispatcherImpl.java:383)
        at com.day.j2ee.servletengine.ServletHandlerImpl.process(ServletHandlerImpl.java:360)
        at com.day.j2ee.servletengine.HttpListener$Worker.run(HttpListener.java:644)
        at java.lang.Thread.run(Thread.java:662)
Caused by: com.day.ldap.LDAPException: error result (49); 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1; Invalid credentials
        at com.day.ldap.LDAPConnection.checkMsg(LDAPConnection.java:4882)        
        at com.day.crx.security.ldap.principals.LDAPPrincipalProvider.findUser(LDAPPrincipalProvider.java:378)
        ... 71 more
12.05.2015 02:44:00.603 *DEBUG* [10.25.153.101 [1431398640377] POST /libs/granite/core/content/login.html/j_security_check HTTP/1.1] com.day.crx.security.ldap.LDAPLoginModule login: unkown User for ID ''PEROOT\vkamara'' -> set to ignore
12.05.2015 02:44:12.132 *DEBUG* [10.25.153.101 [1431398652127] POST /libs/granite/core/content/login.html/j_security_check HTTP/1.1] com.day.crx.security.ldap.LDAPEntryResolver search below OU=North America,DC=PEROOT,DC=com with filter (&(uid=PEROOT\vkamara)(objectclass=person))
12.05.2015 02:44:12.140 *WARN* [10.25.153.101 [1431398652127] POST /libs/granite/core/content/login.html/j_security_check HTTP/1.1] com.day.crx.security.ldap.principals.LDAPPrincipalProvider Error finding user PEROOT\vkamara com.day.crx.security.ldap.LDAPRepositoryException: LDAP error: com.day.ldap.LDAPException: error result (49); 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1; Invalid credentials
        at com.day.crx.security.ldap.principals.LDAPPrincipalProvider.findUser(LDAPPrincipalProvider.java:396)
        at com.day.crx.security.ldap.LDAPLoginModule.getPrincipal(LDAPLoginModule.java:505)
        at org.apache.jackrabbit.core.security.authentication.AbstractLoginModule.login(AbstractLoginModule.java:319)
        at com.day.crx.security.ldap.LDAPLoginModule.login(LDAPLoginModule.java:234)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
        at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
        at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
        at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
        at org.apache.jackrabbit.core.security.authentication.JAASAuthContext.login(JAASAuthContext.java:60)
        at org.apache.sling.jcr.resource.internal.helper.jcr.JcrResourceProviderFactory.getResourceProviderInternal(JcrResourceProviderFactory.java:144)     
        at org.apache.sling.resourceresolver.impl.tree.ResourceProviderFactoryHandler.login(ResourceProviderFactoryHandler.java:164)
        at org.apache.sling.resourceresolver.impl.tree.RootResourceProviderEntry.loginToRequiredFactories(RootResourceProviderEntry.java:95)
        at org.apache.sling.resourceresolver.impl.ResourceResolverFactoryImpl.getResourceResolverInternal(ResourceResolverFactoryImpl.java:95)
        at org.apache.sling.resourceresolver.impl.ResourceResolverFactoryImpl.getResourceResolver(ResourceResolverFac 
        at com.day.crx.security.ldap.principals.LDAPPrincipalProvider.findUser(LDAPPrincipalProvider.java:378)        ... 71 more
12.05.2015 09:27:32.892 *DEBUG* [10.25.153.113 [1431422852627] POST /libs/granite/core/content/login.html/j_security_check HTTP/1.1] com.day.crx.security.ldap.LDAPLoginModule login: unkown User for ID ''PEROOT\vkamara'' -> set to ignore
12.05.2015 09:28:14.616 *DEBUG* [10.32.144.102 [1431422894613] GET /bin/querybuilder.json?fulltext=.properties&group.path=/apps/shared/giza-configuration/config.author.qa03&p.limit=-1 HTTP/1.1] com.day.crx.security.ldap.LDAPLoginModule ignoring uid=giza-config-user,ou=wcm-users,ou=People,dc=pearson,dc=savvis,dc=net, does not belong to OU=North America,DC=PEROOT,DC=com
12.05.2015 09:31:14.711 *DEBUG* [10.32.144.102 [1431423074706] GET /bin/querybuilder.json?fulltext=.properties&group.path=/apps/shared/giza-configuration/config.author.qa03&p.limit=-1 HTTP/1.1] com.day.crx.security.ldap.LDAPLoginModule ignoring uid=giza-config-user,ou=wcm-users,ou=People,dc=pearson,dc=savvis,dc=net, does not belong to OU=North America,DC=PEROOT,DC=com
12.05.2015 09:34:14.767 *DEBUG* [10.32.144.102 [1431423254764] GET /bin/querybuilder.json?fulltext=.properties&group.path=/apps/shared/giza-configuration/config.author.qa03&p.limit=-1 HTTP/1.1] com.day.crx.security.ldap.LDAPLoginModule ignoring uid=giza-config-user,ou=wcm-users,ou=People,dc=pearson,dc=savvis,dc=net, does not belong to OU=North America,DC=PEROOT,DC=com

My Configuration is below:

I have doubt about this three entries only:

1.userRoot, 2.groupRoot, 3.authDn

principal_provider.class="com.day.crx.security.ldap.principals.LDAPPrincipalProvider"
              host="i have placed valid host entry here "
              port="389"
              secure="false"
              userRoot="OU=North America,DC=PEROOT,DC=com"
              groupRoot="ou=cq-groups,DC=PEROOT,DC=com"
              authDn="uid="valid service account id here",OU=North America,DC=PEROOT,DC=com"
              authPw="Valid password here#"
              groupMembershipAttribute="uniquemember"
              autocreate="create"
              autocreate.user.mail="profile/email"
              autocreate.user.givenname="profile/givenName"
              autocreate.user.sn="profile/familyName"
              autocreate.group.description="profile/aboutMe"
              autocreate.group.mail="profile/email"
              autocreate.group.cn="profile/givenName"
              autocreate.path="direct"
              cache.expiration="600"
              cache.maxsize="100";

 - in groupRoot I have taken this entries in existing configuration (ou=cq-groups) if this one causes the issue. Kindly advice how to sortout this issue.

Thanks,

Rajesh .K 

View Entire Topic

Avatar

Avatar

Rajesh_Kamalath

Avatar

Rajesh_Kamalath

Rajesh_Kamalath

15-10-2015

Hi Mac/team,

Thanks for your input. After validate the entries in the configuration file still we are facing the authentication issue. if we need to do anything after the the ldap conf file change.

Like anyone of our usergroups i need to upload or need to sync somewhere in crx repository or anything else. could you please help this steps.

Thanks,

Rajesh.K