Open Microscopy Environment

The OME community
https://www.openmicroscopy.org/community/

ldap AuthenticationException after fresh installing

https://www.openmicroscopy.org/community/viewtopic.php?f=5&t=8158

Page 1 of 2

ldap AuthenticationException after fresh installing

PostPosted: Tue Nov 22, 2016 2:11 pm
by saleht
Hi all,
after fresh installing to Omero system i am trying to integrate it with our ldap server, but i have a strange Erro Exception
Using session 585ea86c-2749-4e1b-b64a-b6f43ef1819a (root@localhost:4064). Idle timeout: 10 min. Current group: system
Traceback (most recent call last):
File "bin/omero", line 125, in <module>
rv = omero.cli.argv()
File "/home/omero/OMERO.server-5.2.6-ice36-b35/lib/python/omero/cli.py", line 1438, in argv
cli.invoke(args[1:])
File "/home/omero/OMERO.server-5.2.6-ice36-b35/lib/python/omero/cli.py", line 952, in invoke
stop = self.onecmd(line, previous_args)
File "/home/omero/OMERO.server-5.2.6-ice36-b35/lib/python/omero/cli.py", line 1029, in onecmd
self.execute(line, previous_args)
File "/home/omero/OMERO.server-5.2.6-ice36-b35/lib/python/omero/cli.py", line 1111, in execute
args.func(args)
File "/home/omero/OMERO.server-5.2.6-ice36-b35/lib/python/omero/cli.py", line 595, in _check_admin
return func(*args, **kwargs)
File "/home/omero/OMERO.server-5.2.6-ice36-b35/lib/python/omero/plugins/ldap.py", line 235, in create
exp = ildap.createUser(args.username)
File "/home/omero/OMERO.server-5.2.6-ice36-b35/lib/python/omero_api_ILdap_ice.py", line 637, in createUser
return _M_omero.api.ILdap._op_createUser.invoke(self, ((username, ), _ctx))
omero.InternalException: exception ::omero::InternalException
{
serverStackTrace = ome.conditions.InternalException: Wrapped Exception: (org.springframework.ldap.AuthenticationException):
[LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1]; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1]
at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:180)
at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:266)
at org.springframework.ldap.core.support.AbstractContextSource.getContext(AbstractContextSource.java:106)
at org.springframework.ldap.core.support.AbstractContextSource.getReadOnlyContext(AbstractContextSource.java:125)
at sun.reflect.GeneratedMethodAccessor506.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:196)
at com.sun.proxy.$Proxy65.getReadOnlyContext(Unknown Source)
at ome.logic.LdapImpl.getBase(LdapImpl.java:797)
at ome.logic.LdapImpl.getPersonContextMapper(LdapImpl.java:747)
at ome.logic.LdapImpl.findExperimenter(LdapImpl.java:173)
at ome.logic.LdapImpl.createUser(LdapImpl.java:477)
at ome.logic.LdapImpl.createUser(LdapImpl.java:439)
at sun.reflect.GeneratedMethodAccessor520.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
at ome.security.basic.EventHandler.invoke(EventHandler.java:154)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.springframework.orm.hibernate3.HibernateInterceptor.invoke(HibernateInterceptor.java:111)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:108)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at ome.tools.hibernate.ProxyCleanupFilter$Interceptor.invoke(ProxyCleanupFilter.java:249)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at ome.services.util.ServiceHandler.invoke(ServiceHandler.java:121)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
at com.sun.proxy.$Proxy95.createUser(Unknown Source)
at sun.reflect.GeneratedMethodAccessor520.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
at ome.security.basic.BasicSecurityWiring.invoke(BasicSecurityWiring.java:93)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at ome.services.blitz.fire.AopContextInitializer.invoke(AopContextInitializer.java:43)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
at com.sun.proxy.$Proxy95.createUser(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at ome.services.blitz.util.IceMethodInvoker.invoke(IceMethodInvoker.java:172)
at ome.services.throttling.Callback.run(Callback.java:56)
at ome.services.throttling.InThreadThrottlingStrategy.callInvokerOnRawArgs(InThreadThrottlingStrategy.java:56)
at ome.services.blitz.impl.AbstractAmdServant.callInvokerOnRawArgs(AbstractAmdServant.java:140)
at ome.services.blitz.impl.LdapI.createUser_async(LdapI.java:116)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
at omero.cmd.CallContext.invoke(CallContext.java:78)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
at com.sun.proxy.$Proxy96.createUser_async(Unknown Source)
at omero.api._ILdapTie.createUser_async(_ILdapTie.java:66)
at omero.api._ILdapDisp.___createUser(_ILdapDisp.java:535)
at omero.api._ILdapDisp.__dispatch(_ILdapDisp.java:579)
at IceInternal.Incoming.invoke(Incoming.java:221)
at Ice.ConnectionI.invokeAll(ConnectionI.java:2536)
at Ice.ConnectionI.dispatch(ConnectionI.java:1145)
at Ice.ConnectionI.message(ConnectionI.java:1056)
at IceInternal.ThreadPool.run(ThreadPool.java:395)
at IceInternal.ThreadPool.access$300(ThreadPool.java:12)
at IceInternal.ThreadPool$EventHandlerThread.run(ThreadPool.java:832)
at java.lang.Thread.run(Thread.java:745)

serverExceptionClass = ome.conditions.InternalException
message = Wrapped Exception: (org.springframework.ldap.AuthenticationException):
[LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1]; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1]


my configuration are listed here :

[omero@localhost OMERO.server]$ bin/omero config get --hide-password
omero.data.dir=/mnt/data/OMERO
omero.db.name=omero_database
omero.db.pass=********
omero.db.user=omero_user
omero.ldap.base=ou=FileShares,ou=Zentrum für Informations-und Medientechnologie,ou=Heinrich-Heine-Universität,dc=AD,dc=hhu,dc=de
omero.ldap.config=true
omero.ldap.group_mapping=name=cn
omero.ldap.new_user_group=:dn_attribute:memberOf
omero.ldap.password=********
omero.ldap.referral=follow
omero.ldap.sync_on_login=true
omero.ldap.urls=ldap://SVR-HHU-DC-1.ad.hhu.de:389
omero.ldap.user_filter=(memberOf=CN=CAi_Allgemein)
omero.ldap.user_mapping=omeName=sAMAccountName,firstName=givenName,lastName=sn,email=mail,institution=department,middleName=middleName
omero.ldap.username=cn=SVC_Omero,dc=ad,dc=hhu,dc=de
omero.web.application_server=wsgi-tcp
omero.web.debug=True


and one thing more i did a query from linux command line it seems works fine
ldapsearch -x -LLL -h SVR-HHU-DC-1.ad.hhu.de -D Svc_Omero -w xxxxxxxxxxxxx -b"dc=ad,dc=hhu,dc=de" -s sub "(cn=CAi_Allgemein)"

Re: ldap AuthenticationException after fresh installing

PostPosted: Tue Nov 22, 2016 10:08 pm
by atarkowska
Hi,

data 52e means invalid credentials

are you sure password is correct?

Is your base correct?
Code: Select all
omero.ldap.base=ou=FileShares,ou=Zentrum für Informations-und Medientechnologie,ou=Heinrich-Heine-Universität,dc=AD,dc=hhu,dc=de
Shouldn't that be just
Code: Select all
dc=ad,dc=hhu,dc=de


Ola

Re: ldap AuthenticationException after fresh installing

PostPosted: Wed Nov 23, 2016 7:00 am
by saleht
i did two changes
old config
omero.ldap.username=cn=SVC_Omero,dc=ad,dc=hhu,dc=de
omero.ldap.base=ou=FileShares,ou=Zentrum für Informations-und Medientechnologie,ou=Heinrich-Heine-Universität,dc=AD,dc=hhu,dc=de


new
omero.ldap.username SVC_Omero
omero.ldap.base=dc=AD,dc=hhu,dc=de


now there is no Exception, but users from ldap till now not working "i mean i can not sign in by ldap users"
do you have any idea ?!!!
query from linux command line works fine

Re: ldap AuthenticationException after fresh installing

PostPosted: Wed Nov 23, 2016 7:16 am
by atarkowska
Hi,

Could you show us step by step how are you trying to log in as ldap user? What is a user DN?
What exactly logs says?
Could you show me your var/log/Blitz-0.log?

Ola

Re: ldap AuthenticationException after fresh installing

PostPosted: Wed Nov 23, 2016 7:54 am
by saleht
Hi,
i am opening the web page and putting my ldap account
i tried
saleht@ad.hhu.de my domain name is ad.hhu.de
it tried saleht
both same error "Error: Connection not available, please check your user name and password."

the last page of my file
2016-11-23 08:42:59,085 INFO [ ome.services.util.ServiceHandler] (.Server-18) Executor.doWork -- ome.services.sessions.SessionManagerImpl.createSession[]
2016-11-23 08:42:59,085 INFO [ ome.services.util.ServiceHandler] (.Server-18) Args: [null, InternalSF@658369552]
2016-11-23 08:42:59,086 INFO [ ome.security.basic.BasicEventContext] (.Server-18) cctx: group=0
2016-11-23 08:42:59,095 INFO [ ome.security.basic.EventHandler] (.Server-18) Auth: user=0,group=0,event=4568(Sessions),sess=68f7c8c9-39ae-4809-8e51-30fbb1f23269
2016-11-23 08:42:59,101 INFO [ ome.security.basic.CurrentDetails] (.Server-18) Adding log:INSERT,class ome.model.meta.Session,1782
2016-11-23 08:42:59,111 INFO [ org.perf4j.TimingLogger] (.Server-18) start[1479886979085] time[26] tag[omero.call.success.ome.services.sessions.SessionManagerImpl$2.doWork]
2016-11-23 08:42:59,111 INFO [ ome.services.util.ServiceHandler] (.Server-18) Rslt: (ome.model.meta.Experimenter:Id_1, ome.model.meta.ExperimenterGroup:Id_2, (2), ... 4 more)
2016-11-23 08:42:59,113 INFO [ ome.services.blitz.fire.SessionManagerI] (.Server-18) Created session ServiceFactoryI(session-19a21c9a-6e49-451c-8c61-a4439566ac55/40f08985-8196-41a2-9788-4ff31042b478) for user guest (agent=OMERO.web)
2016-11-23 08:42:59,118 INFO [ omero.cmd.SessionI] (.Server-16) Added servant to adapter: 40f08985-8196-41a2-9788-4ff31042b478/19a21c9a-6e49-451c-8c61-a4439566ac55omero.api.ISession(omero.api._ISessionTie@716ba636)
2016-11-23 08:42:59,119 INFO [ ome.services.util.ServiceHandler] (.Server-18) Meth: interface ome.api.ISession.getSession
2016-11-23 08:42:59,119 INFO [ ome.services.util.ServiceHandler] (.Server-18) Args: [40f08985-8196-41a2-9788-4ff31042b478]
2016-11-23 08:42:59,119 INFO [ org.perf4j.TimingLogger] (.Server-18) start[1479886979119] time[0] tag[omero.call.success.ome.services.sessions.SessionBean.getSession]
2016-11-23 08:42:59,119 INFO [ ome.services.util.ServiceHandler] (.Server-18) Rslt: ome.model.meta.Session:Id_1782
2016-11-23 08:42:59,124 INFO [ omero.cmd.SessionI] (.Server-16) Added servant to adapter: 40f08985-8196-41a2-9788-4ff31042b478/19a21c9a-6e49-451c-8c61-a4439566ac55omero.api.IConfig(omero.api._IConfigTie@8546d505)
2016-11-23 08:42:59,125 INFO [ ome.services.util.ServiceHandler] (.Server-18) Meth: interface ome.api.IConfig.getConfigValue
2016-11-23 08:42:59,125 INFO [ ome.services.util.ServiceHandler] (.Server-18) Args: [omero.router.insecure]
2016-11-23 08:42:59,134 INFO [ ome.security.basic.EventHandler] (.Server-18) Auth: user=1,group=2,event=4569(User),sess=40f08985-8196-41a2-9788-4ff31042b478
2016-11-23 08:42:59,137 INFO [ org.perf4j.TimingLogger] (.Server-18) start[1479886979125] time[11] tag[omero.call.success.ome.logic.ConfigImpl.getConfigValue]
2016-11-23 08:42:59,137 INFO [ ome.services.util.ServiceHandler] (.Server-18) Rslt: OMERO.Glacier2/router:tcp -p 4063 -h @omero.host@
2016-11-23 08:42:59,145 INFO [ ome.services.blitz.fire.SessionManagerI] (.Server-18) Found session locally: 40f08985-8196-41a2-9788-4ff31042b478
2016-11-23 08:42:59,146 INFO [ ome.services.blitz.fire.SessionManagerI] (.Server-18) Rejoining session ServiceFactoryI(session-fb77a471-4bef-4ff3-8fb5-a812b2873b81/40f08985-8196-41a2-9788-4ff31042b478) (agent=OMERO.web;secure=False)
2016-11-23 08:42:59,149 INFO [o.services.sessions.SessionContext$Count] (.Server-18) -Reference count: 40f08985-8196-41a2-9788-4ff31042b478=1
2016-11-23 08:42:59,149 INFO [ omero.cmd.SessionI] (.Server-18) cleanupSelf(ServiceFactoryI(session-19a21c9a-6e49-451c-8c61-a4439566ac55/40f08985-8196-41a2-9788-4ff31042b478)).
2016-11-23 08:42:59,149 INFO [ omero.cmd.SessionI] (.Server-18) Unregistered servant:40f08985-8196-41a2-9788-4ff31042b478/19a21c9a-6e49-451c-8c61-a4439566ac55omero.api.ISession(omero.api._ISessionTie@716ba636)
2016-11-23 08:42:59,149 INFO [ omero.cmd.SessionI] (.Server-18) Removed servant from adapter: 19a21c9a-6e49-451c-8c61-a4439566ac55omero.api.ISession
2016-11-23 08:42:59,149 INFO [ omero.cmd.SessionI] (.Server-18) Unregistered servant:40f08985-8196-41a2-9788-4ff31042b478/19a21c9a-6e49-451c-8c61-a4439566ac55omero.api.IConfig(omero.api._IConfigTie@8546d505)
2016-11-23 08:42:59,149 INFO [ omero.cmd.SessionI] (.Server-18) Removed servant from adapter: 19a21c9a-6e49-451c-8c61-a4439566ac55omero.api.IConfig
2016-11-23 08:42:59,153 INFO [ omero.cmd.SessionI] (.Server-18) Added servant to adapter: 40f08985-8196-41a2-9788-4ff31042b478/fb77a471-4bef-4ff3-8fb5-a812b2873b81omero.api.IConfig(omero.api._IConfigTie@8a8143ce)
2016-11-23 08:42:59,154 INFO [ ome.services.util.ServiceHandler] (.Server-16) Meth: interface ome.api.IConfig.getConfigValue
2016-11-23 08:42:59,154 INFO [ ome.services.util.ServiceHandler] (.Server-16) Args: [omero.version]
2016-11-23 08:42:59,163 INFO [ ome.security.basic.EventHandler] (.Server-16) Auth: user=1,group=2,event=4570(User),sess=40f08985-8196-41a2-9788-4ff31042b478
2016-11-23 08:42:59,164 INFO [ org.perf4j.TimingLogger] (.Server-16) start[1479886979154] time[10] tag[omero.call.success.ome.logic.ConfigImpl.getConfigValue]
2016-11-23 08:42:59,165 INFO [ ome.services.util.ServiceHandler] (.Server-16) Rslt: 5.2.6-ice36-b35


can i do query from OMERO itself from command line to be sure that my OMERO can comunicate with ldap server

Re: ldap AuthenticationException after fresh installing

PostPosted: Wed Nov 23, 2016 8:04 am
by saleht
i am also trying to do
bin/omero ldap discovers


i got
Created session 622da69a-e8dd-43b4-be54-bdddba639961 (root@localhost:4064). Idle timeout: 10 min. Current group: system

Re: ldap AuthenticationException after fresh installing

PostPosted: Wed Nov 23, 2016 9:05 am
by atarkowska
Hi,

I think commands are:

Code: Select all
$ bin/omero ldap active
$ bin/omero ldap discover


What
Code: Select all
bin/omero ldap list
says?

can you get DN for user saleht?
Code: Select all
bin/omero ldap getdn --user-name saleht


Ola

Re: ldap AuthenticationException after fresh installing

PostPosted: Wed Nov 23, 2016 9:15 am
by saleht
i have tried
bin/omero ldap getdn --user-name saleht


i got
Using session 7466000c-1cf0-4e62-b2da-57dafed22eba (root@localhost:4064). Idle timeout: 10 min. Current group: system
Unknown user: saleht

Re: ldap AuthenticationException after fresh installing

PostPosted: Wed Nov 23, 2016 9:29 am
by atarkowska
What
Code: Select all
bin/omero ldap list
says? is saleht on the list already?

Did you try
Code: Select all
bin/omero ldap create saleht
?

Ola

Re: ldap AuthenticationException after fresh installing

PostPosted: Wed Nov 23, 2016 9:42 am
by saleht
this show me empty table
bin/omero ldap list



this give me
bin/omero ldap create saleht


Created session a0b6dc25-a249-47df-9a30-ea1eaf7e28da (root@localhost:4064). Idle timeout: 10 min. Current group: system
All times are UTC
Page 1 of 2
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
http://www.phpbb.com/