Getting exception while Integrating Active Directory With CQ5

Avatar

Avatar

Rajesh_Kamalath

Avatar

Rajesh_Kamalath

Rajesh_Kamalath

15-10-2015

Hi,

I've been struggling with getting Active Directory to integrate with CQ5. I'm currently getting the bellow error message. 

*DEBUG* [10.25.153.101 [1431398640377] POST /libs/granite/core/content/login.html/j_security_check HTTP/1.1] com.day.crx.security.ldap.LDAPEntryResolver search below OU=North America,DC=PEROOT,DC=com with filter (&(uid=PEROOT\vkamara)(objectclass=person))
12.05.2015 02:44:00.601 *WARN* [10.25.153.101 [1431398640377] POST /libs/granite/core/content/login.html/j_security_check HTTP/1.1] com.day.crx.security.ldap.principals.LDAPPrincipalProvider Error finding user PEROOT\vkamara com.day.crx.security.ldap.LDAPRepositoryException: LDAP error: com.day.ldap.LDAPException: error result (49); 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1; Invalid credentials
        at com.day.crx.security.ldap.principals.LDAPPrincipalProvider.findUser(LDAPPrincipalProvider.java:396)
        at com.day.crx.security.ldap.LDAPLoginModule.getPrincipal(LDAPLoginModule.java:505)

 org.apache.jackrabbit.core.security.authentication.AbstractLoginModule.login(AbstractLoginModule.java:319)
        at com.day.crx.security.ldap.LDAPLoginModule.login(LDAPLoginModule.java:234)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at com.day.crx.mount.virtual.VirtualRepository$1.call(VirtualRepository.java:108)
        at com.day.crx.mount.Util.callWithContextClassLoader(Util.java:123)
        at com.day.crx.mount.virtual.VirtualRepository.login(VirtualRepository.java:105)
        at com.day.crx.sling.server.impl.SlingRepositoryWrapper.login(SlingRepositoryWrapper.java:127)
  org.apache.sling.jcr.resource.internal.helper.jcr.JcrResourceProviderFactory.getResourceProviderInternal(JcrResourceProviderFactory.java:144)             org.apache.sling.resourceresolver.impl.ResourceResolverFactoryImpl.getResourceResolver(ResourceResolverFactoryImpl.java:76)
        at org.apache.sling.auth.core.impl.SlingAuthenticator.getResolver(SlingAuthenticator.java:762)
        at org.apache.sling.auth.core.impl.SlingAuthenticator.doHandleSecurity(SlingAuthenticator.java:483)
        at org.apache.sling.auth.core.impl.SlingAuthenticator.handleSecurity(SlingAuthenticator.java:438)
        at org.apache.sling.engine.impl.SlingHttpContext.handleSecurity(SlingHttpContext.java:148)
        at org.apache.felix.http.base.internal.context.ServletContextImpl.handleSecurity(ServletContextImpl.java:272)
      (HttpServlet.java:820)
        at com.day.j2ee.servletengine.ServletRuntimeEnvironment.service(ServletRuntimeEnvironment.java:250)
        at com.day.j2ee.servletengine.RequestDispatcherImpl.doFilter(RequestDispatcherImpl.java:321)
        at com.day.j2ee.servletengine.RequestDispatcherImpl.service(RequestDispatcherImpl.java:340)
        at com.day.j2ee.servletengine.RequestDispatcherImpl.service(RequestDispatcherImpl.java:383)
        at com.day.j2ee.servletengine.ServletHandlerImpl.process(ServletHandlerImpl.java:360)
        at com.day.j2ee.servletengine.HttpListener$Worker.run(HttpListener.java:644)
        at java.lang.Thread.run(Thread.java:662)
Caused by: com.day.ldap.LDAPException: error result (49); 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1; Invalid credentials
        at com.day.ldap.LDAPConnection.checkMsg(LDAPConnection.java:4882)        
        at com.day.crx.security.ldap.principals.LDAPPrincipalProvider.findUser(LDAPPrincipalProvider.java:378)
        ... 71 more
12.05.2015 02:44:00.603 *DEBUG* [10.25.153.101 [1431398640377] POST /libs/granite/core/content/login.html/j_security_check HTTP/1.1] com.day.crx.security.ldap.LDAPLoginModule login: unkown User for ID ''PEROOT\vkamara'' -> set to ignore
12.05.2015 02:44:12.132 *DEBUG* [10.25.153.101 [1431398652127] POST /libs/granite/core/content/login.html/j_security_check HTTP/1.1] com.day.crx.security.ldap.LDAPEntryResolver search below OU=North America,DC=PEROOT,DC=com with filter (&(uid=PEROOT\vkamara)(objectclass=person))
12.05.2015 02:44:12.140 *WARN* [10.25.153.101 [1431398652127] POST /libs/granite/core/content/login.html/j_security_check HTTP/1.1] com.day.crx.security.ldap.principals.LDAPPrincipalProvider Error finding user PEROOT\vkamara com.day.crx.security.ldap.LDAPRepositoryException: LDAP error: com.day.ldap.LDAPException: error result (49); 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1; Invalid credentials
        at com.day.crx.security.ldap.principals.LDAPPrincipalProvider.findUser(LDAPPrincipalProvider.java:396)
        at com.day.crx.security.ldap.LDAPLoginModule.getPrincipal(LDAPLoginModule.java:505)
        at org.apache.jackrabbit.core.security.authentication.AbstractLoginModule.login(AbstractLoginModule.java:319)
        at com.day.crx.security.ldap.LDAPLoginModule.login(LDAPLoginModule.java:234)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
        at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
        at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
        at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
        at org.apache.jackrabbit.core.security.authentication.JAASAuthContext.login(JAASAuthContext.java:60)
        at org.apache.sling.jcr.resource.internal.helper.jcr.JcrResourceProviderFactory.getResourceProviderInternal(JcrResourceProviderFactory.java:144)     
        at org.apache.sling.resourceresolver.impl.tree.ResourceProviderFactoryHandler.login(ResourceProviderFactoryHandler.java:164)
        at org.apache.sling.resourceresolver.impl.tree.RootResourceProviderEntry.loginToRequiredFactories(RootResourceProviderEntry.java:95)
        at org.apache.sling.resourceresolver.impl.ResourceResolverFactoryImpl.getResourceResolverInternal(ResourceResolverFactoryImpl.java:95)
        at org.apache.sling.resourceresolver.impl.ResourceResolverFactoryImpl.getResourceResolver(ResourceResolverFac 
        at com.day.crx.security.ldap.principals.LDAPPrincipalProvider.findUser(LDAPPrincipalProvider.java:378)        ... 71 more
12.05.2015 09:27:32.892 *DEBUG* [10.25.153.113 [1431422852627] POST /libs/granite/core/content/login.html/j_security_check HTTP/1.1] com.day.crx.security.ldap.LDAPLoginModule login: unkown User for ID ''PEROOT\vkamara'' -> set to ignore
12.05.2015 09:28:14.616 *DEBUG* [10.32.144.102 [1431422894613] GET /bin/querybuilder.json?fulltext=.properties&group.path=/apps/shared/giza-configuration/config.author.qa03&p.limit=-1 HTTP/1.1] com.day.crx.security.ldap.LDAPLoginModule ignoring uid=giza-config-user,ou=wcm-users,ou=People,dc=pearson,dc=savvis,dc=net, does not belong to OU=North America,DC=PEROOT,DC=com
12.05.2015 09:31:14.711 *DEBUG* [10.32.144.102 [1431423074706] GET /bin/querybuilder.json?fulltext=.properties&group.path=/apps/shared/giza-configuration/config.author.qa03&p.limit=-1 HTTP/1.1] com.day.crx.security.ldap.LDAPLoginModule ignoring uid=giza-config-user,ou=wcm-users,ou=People,dc=pearson,dc=savvis,dc=net, does not belong to OU=North America,DC=PEROOT,DC=com
12.05.2015 09:34:14.767 *DEBUG* [10.32.144.102 [1431423254764] GET /bin/querybuilder.json?fulltext=.properties&group.path=/apps/shared/giza-configuration/config.author.qa03&p.limit=-1 HTTP/1.1] com.day.crx.security.ldap.LDAPLoginModule ignoring uid=giza-config-user,ou=wcm-users,ou=People,dc=pearson,dc=savvis,dc=net, does not belong to OU=North America,DC=PEROOT,DC=com

My Configuration is below:

I have doubt about this three entries only:

1.userRoot, 2.groupRoot, 3.authDn

principal_provider.class="com.day.crx.security.ldap.principals.LDAPPrincipalProvider"
              host="i have placed valid host entry here "
              port="389"
              secure="false"
              userRoot="OU=North America,DC=PEROOT,DC=com"
              groupRoot="ou=cq-groups,DC=PEROOT,DC=com"
              authDn="uid="valid service account id here",OU=North America,DC=PEROOT,DC=com"
              authPw="Valid password here#"
              groupMembershipAttribute="uniquemember"
              autocreate="create"
              autocreate.user.mail="profile/email"
              autocreate.user.givenname="profile/givenName"
              autocreate.user.sn="profile/familyName"
              autocreate.group.description="profile/aboutMe"
              autocreate.group.mail="profile/email"
              autocreate.group.cn="profile/givenName"
              autocreate.path="direct"
              cache.expiration="600"
              cache.maxsize="100";

 - in groupRoot I have taken this entries in existing configuration (ou=cq-groups) if this one causes the issue. Kindly advice how to sortout this issue.

Thanks,

Rajesh .K 

View Entire Topic

Avatar

Avatar

Rajesh_Kamalath

Avatar

Rajesh_Kamalath

Rajesh_Kamalath

15-10-2015

Hi ClintLundmark,

I was trying with this configuration in Adobe CQ (5.6.0.20130125) version. Is it write approach or anything else I need to follow.

Thanks,

Rajesh.K