2 Replies Latest reply on Nov 28, 2012 7:53 PM by Sham HC

    LDAP Configuration - no Groups - Service not available

    kemisch57

      Hello,

       

      I'having trouble to configure LDAP-Authentication against a Customer-LDAP.

       

      LDAP-Server is available. 'ldapsearch'-Command works and returns right data

       

      the strange thing is, that there are no Groups in this LDAP, ldap_login.conf looks like this:

       

      com.day.crx {

          com.day.crx.core.CRXLoginModule sufficient

          trust_credentials_attribute="TrustedInfo";

          com.day.crx.security.ldap.LDAPLoginModule required

          principal_provider.class="com.day.crx.security.ldap.principals.LDAPPrincipalProvider"

          principal_provider.name="ldapDirectory"

          trust_credentials_attribute="TrustedInfo"

          host="ldap-server"

          port="389"

          authDn="uid=Admin,ou=people,ou=common,o=rbb"

          authPw="xxxxx"

          userRoot="o=rdd"

          userIdAttribute="uid"

          autocreate="create"

          autocreate.path="/home/users/ldap"

          autocreate.user.dn="profile/dn"

          autocreate.user.cn="rep:fullname"

          autocreate.user.mail="profile/email"

          autocreate.user.sn="profile/familyName"

          cache.expiration="7200"

          cache.maxsize="1000"

          userFilter="(objectclass=inetOrgPerson)";

      };

       

      repository.xml should be OK, because it worked against my Test-LDAP

       

      <Security appName="com.day.crx">

              <!--

                  security manager:

                  class: FQN of class implementing the JackrabbitSecurityManager interface

              -->

              <!--SecurityManager class="com.day.crx.core.CRXSecurityManager" workspaceName="" -->

              <SecurityManager class="com.day.crx.core.CRXSecurityManager">

                  <WorkspaceAccessManager class= "org.apache.jackrabbit.core.security.simple.SimpleWorkspaceAccessManager"/>

               <!--

              optional user manager configuration

                  -->

                  <UserManager class="org.apache.jackrabbit.core.security.user.UserPerWorkspaceUserManager">

                      <param name="usersPath" value="/home/users"/>

                      <param name="groupsPath" value="/home/groups"/>

                      <param name="defaultDepth" value="1"/>

                      <param name="autoExpandTree" value="true"/>

                      <AuthorizableAction class="org.apache.jackrabbit.core.security.user.action.AccessControlAction">

                        <param name="groupPrivilegeNames" value="jcr:read"/>

                        <param name="userPrivilegeNames" value="jcr:all"/>

                      </AuthorizableAction>

                      <!--AuthorizableAction class="com.day.crx.core.ntlm.NTLMAuthorizableAction"/>-->

                  </UserManager>

       

                  <!--

                  optional workspace access manager configuration

                 -->

              </SecurityManager>

              <!--

              access manager:

              class: FQN of class implementing the AccessManager interface

              -->

              <AccessManager class="org.apache.jackrabbit.core.security.DefaultAccessManager"></AccessManager>

              <!--

              Use LoginModule authenticating against repository itself

           -->

          </Security>

       

      CQ5.5 works without LDAP but it don't work with the LDAP-Configuration when started from commandline:

       

      $JAVA_HOME/bin/java -Djava.security.auth.login.config=crx-quickstart/conf/ldap_login.conf -XX:MaxPermSize=256m -Xmx1024M -jar cq-author-4502.jar

       

      SP2 ist installed

       

      Please help

       

      Regards

       

      Andreas