Я могу аутентифицировать пользователя с помощью сервера LDAP, но я не могу получить сведения о группе для пользователя в LDAP, и, следовательно, я не могу ВХОДИТЬ в Magnolia Admin Central.
Может кто-нибудь, пожалуйста, направьте меня на то же самое
Вот файлы конфигурации, которые я использовал:
JASS.CONFIG
magnolia {
info.magnolia.jaas.sp.jcr.JCRAuthenticationModule optional;
info.magnolia.jaas.sp.ldap.LDAPAuthenticationModule requisite
skip_on_previous_success=true;
info.magnolia.jaas.sp.jcr.JCRAuthorizationModule required;
};
LDAP.Properties:
#Initial factory class
java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
# LDAP url
java.naming.provider.url=ldap://localhost:1389/
java.naming.security.principal=uid=admin,ou=system
java.naming.security.credentials=xxxxxx
java.naming.security.authentication=simple
initialSearchAttributes=dc=xyz,dc=co,dc=uk
Organization=o
OrganizationUnit=ou
CommonName=cn
Surname=sn
GivenName=givenname
uid=uid
dn=dn
mail=mail
Password=userPassword
Language=language
roleResolverClass=info.magnolia.jaas.sp.ldap.resolver.MagnoliaRoleResolver
groupResolverClass=info.magnolia.jaas.sp.ldap.resolver.OpenLDAPGroupResolver
groupSearchContext=ou=groups,o=xyz,dc=xyz,dc=co,dc=uk
groupSearchFilter=(&(objectClass=groupOfNames)(member=member))
groupMembershipAttributeValue=dn
GroupId=cn
Я добавил настроенные ldap.properties внутрь magnolia.properties и создал один диспетчер пользователей «Внешний», как определено в документации в магнолии, кроме этого я не делал никаких изменений в центре администрирования Magnolia.
При использовании jar LDAP-Tester, представленного в документации, я могу подключиться к LDAP, но группы не возвращаются.
ЖУРНАЛ ОТЛАДКИ МАГНОЛИИ
DEBUG info.magnolia.cms.security.auth.login.FormLogin 16.11.2016 13:57:26 -- handle login for pagrawa
DEBUG info.magnolia.jaas.sp.jcr.JCRAuthenticationModule 16.11.2016 13:57:26 -- initializing user pagrawa
DEBUG info.magnolia.jaas.sp.jcr.JCRAuthenticationModule 16.11.2016 13:57:26 -- getting user manager for realm all
DEBUG info.magnolia.context.AbstractRepositoryStrategy 16.11.2016 13:57:26 -- creating jcr session users by thread http-bio-8080-exec-3
DEBUG info.magnolia.cms.core.MagnoliaAccessProvider 16.11.2016 13:57:26 -- getEditor(session-admin-452)
DEBUG info.magnolia.cms.core.MagnoliaAccessProvider 16.11.2016 13:57:26 -- compile permissions for admin[info.magnolia.jaas.sp.jcr.MagnoliaJRAdminPrincipal] at users
DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 13:57:26 -- Executing query "select * from [mgnl:user] where name() = 'pagrawa' and isdescendantnode(['/system'])".
DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 13:57:26 -- Retrieving node took 1ms (isInstallationPhase: false): path = <null>
DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 13:57:26 -- Could not find principal node 'pagrawa' of primary type 'mgnl:user' under startnode '/system' in workspace 'users'.
DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 13:57:26 -- Executing query "select * from [mgnl:user] where name() = 'pagrawa' and isdescendantnode(['/admin'])".
DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 13:57:26 -- Retrieving node took 1ms (isInstallationPhase: false): path = <null>
DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 13:57:26 -- Could not find principal node 'pagrawa' of primary type 'mgnl:user' under startnode '/admin' in workspace 'users'.
DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 13:57:26 -- Executing query "select * from [mgnl:user] where name() = 'pagrawa' and isdescendantnode(['/public'])".
DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 13:57:26 -- Retrieving node took 2ms (isInstallationPhase: false): path = <null>
DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 13:57:26 -- Could not find principal node 'pagrawa' of primary type 'mgnl:user' under startnode '/public' in workspace 'users'.
DEBUG info.magnolia.jaas.sp.ldap.LDAPUtils 16.11.2016 13:57:26 -- JNDI config file [WEB-INF/config/ldap.properties] defined under key [jndi.ldap.config.ldap] will be used.
DEBUG info.magnolia.jaas.sp.ldap.ConnectionFactory 16.11.2016 13:57:26 -- Trying to log in as uid=admin,ou=system with a password.
DEBUG info.magnolia.jaas.sp.ldap.ConnectionFactory 16.11.2016 13:57:26 -- Successful initialization dirContext.
DEBUG info.magnolia.jaas.sp.ldap.resolver.OpenLDAPGroupResolver 16.11.2016 13:57:26 -- Searching groups for pagrawa with: (&(objectClass=groupOfNames)(member=member))
DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 13:57:26 -- Executing query "select * from [mgnl:user] where name() = 'pagrawa' and isdescendantnode(['/admin'])".
DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 13:57:26 -- Retrieving node took 1ms (isInstallationPhase: false): path = <null>
DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 13:57:26 -- Could not find principal node 'pagrawa' of primary type 'mgnl:user' under startnode '/admin' in workspace 'users'.
DEBUG info.magnolia.jaas.sp.ldap.resolver.MagnoliaRoleResolver 16.11.2016 13:57:26 -- LDAP User pagrawa doesn't exist in magnolia repository. Create this user in admin realm and attach to him appropriate groups/roles. If you want get groups/roles attached to this user directly from ldap/ad use OpenLDAPGroupResolver/ADGroupResolver.
DEBUG info.magnolia.jaas.sp.jcr.JCRAuthenticationModule 16.11.2016 13:57:26 -- initialized user pagrawa in 85ms
DEBUG info.magnolia.jaas.sp.jcr.JCRAuthenticationModule 16.11.2016 13:57:26 -- initializing user pagrawa
DEBUG info.magnolia.jaas.sp.jcr.JCRAuthenticationModule 16.11.2016 13:57:26 -- getting user manager for realm all
DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 13:57:26 -- Executing query "select * from [mgnl:user] where name() = 'pagrawa' and isdescendantnode(['/system'])".
DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 13:57:26 -- Retrieving node took 1ms (isInstallationPhase: false): path = <null>
DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 13:57:26 -- Could not find principal node 'pagrawa' of primary type 'mgnl:user' under startnode '/system' in workspace 'users'.
DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 13:57:26 -- Executing query "select * from [mgnl:user] where name() = 'pagrawa' and isdescendantnode(['/admin'])".
DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 13:57:26 -- Retrieving node took 0ms (isInstallationPhase: false): path = <null>
DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 13:57:26 -- Could not find principal node 'pagrawa' of primary type 'mgnl:user' under startnode '/admin' in workspace 'users'.
DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 13:57:26 -- Executing query "select * from [mgnl:user] where name() = 'pagrawa' and isdescendantnode(['/public'])".
DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 13:57:26 -- Retrieving node took 2ms (isInstallationPhase: false): path = <null>
DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 13:57:26 -- Could not find principal node 'pagrawa' of primary type 'mgnl:user' under startnode '/public' in workspace 'users'.
DEBUG info.magnolia.jaas.sp.ldap.LDAPUtils 16.11.2016 13:57:26 -- JNDI config file [WEB-INF/config/ldap.properties] defined under key [jndi.ldap.config.ldap] will be used.
DEBUG info.magnolia.jaas.sp.ldap.ConnectionFactory 16.11.2016 13:57:26 -- Trying to log in as uid=admin,ou=system with a password.
DEBUG info.magnolia.jaas.sp.ldap.ConnectionFactory 16.11.2016 13:57:26 -- Successful initialization dirContext.
DEBUG info.magnolia.jaas.sp.ldap.resolver.OpenLDAPGroupResolver 16.11.2016 13:57:26 -- Searching groups for pagrawa with: (&(objectClass=groupOfNames)(member=member))
DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 13:57:26 -- Executing query "select * from [mgnl:user] where name() = 'pagrawa' and isdescendantnode(['/admin'])".
DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 13:57:26 -- Retrieving node took 2ms (isInstallationPhase: false): path = <null>
DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 13:57:26 -- Could not find principal node 'pagrawa' of primary type 'mgnl:user' under startnode '/admin' in workspace 'users'.
DEBUG info.magnolia.jaas.sp.ldap.resolver.MagnoliaRoleResolver 16.11.2016 13:57:26 -- LDAP User pagrawa doesn't exist in magnolia repository. Create this user in admin realm and attach to him appropriate groups/roles. If you want get groups/roles attached to this user directly from ldap/ad use OpenLDAPGroupResolver/ADGroupResolver.
DEBUG info.magnolia.jaas.sp.jcr.JCRAuthenticationModule 16.11.2016 13:57:26 -- initialized user pagrawa in 21ms
DEBUG info.magnolia.jaas.sp.ldap.LDAPUtils 16.11.2016 13:57:26 -- JNDI config file [WEB-INF/config/ldap.properties] defined under key [jndi.ldap.config.ldap] will be used.
INFO info.magnolia.jaas.sp.ldap.ConnectionFactory 16.11.2016 13:57:26 -- Trying to log in as cn=prateek,ou=users,o=diligenta,dc=diligenta,dc=co,dc=uk with a password.
DEBUG info.magnolia.jaas.sp.ldap.ConnectionFactory 16.11.2016 13:57:26 -- Login succeeded.
DEBUG info.magnolia.jaas.sp.jcr.JCRAuthorizationModule 16.11.2016 13:57:26 -- Roles: {}
DEBUG info.magnolia.jaas.sp.jcr.JCRAuthorizationModule 16.11.2016 13:57:26 -- Groups: {}
DEBUG info.magnolia.monitoring.SystemMonitor 16.11.2016 13:57:26 -- Memory values: max = 475mb, total = 475mb, free = 48mb -> remaining = 48mb / thresholds = 50mb or 10%
DEBUG info.magnolia.context.RequestAttributeStrategy 16.11.2016 13:57:26 -- Session initialized in order to set attribute 'javax.security.auth.Subject' to 'Subject:
Principal: info.magnolia.cms.security.ExternalUser@3c82d1f9
Principal: info.magnolia.cms.security.Realm$RealmImpl@179a1
Principal: RoleListImpl[name=roles,list=[]]
Principal: GroupListImpl[name=groups,list=[]]
Principal: PrincipalCollectionImpl[name=PrincipalCollection]
'. You should avoid using session when possible!
DEBUG info.magnolia.cms.filters.ContentTypeFilter 16.11.2016 13:57:26 -- Content type for http://localhost:8080/magnoliaAuthor/ is not set, status code of response is 302.
DEBUG info.magnolia.context.AbstractRepositoryStrategy 16.11.2016 13:57:26 -- releasing jcr sessions
DEBUG info.magnolia.context.AbstractRepositoryStrategy 16.11.2016 13:57:26 -- releasing jcr sessions
DEBUG info.magnolia.context.AbstractRepositoryStrategy 16.11.2016 13:57:26 -- logged out jcr session: session-admin-452 by thread http-bio-8080-exec-3
DEBUG info.magnolia.cms.filters.MgnlMainFilter 16.11.2016 13:57:26 -- Handling URI: /magnoliaAuthor/ - Path info: null
DEBUG info.magnolia.context.WebContextImpl 16.11.2016 13:57:26 -- new WebContextImpl() info.magnolia.context.WebContextFactoryImpl$1@1667e673
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter [: not] fired 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote is now 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter [: pattern: /.magnolia] fired 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote is now 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter [: not] fired 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote is now 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter [: pattern: /.magnolia] fired 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote is now 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter [: not] fired 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote is now 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter [: pattern: /.magnolia] fired 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote is now 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter [: not] fired 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote is now 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter [: pattern: /.magnolia] fired 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote is now 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter [admincentralFileUpload: pattern: /.magnolia/admincentral] fired 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote is now 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter [registrationCss: pattern: /.resources/enterprise/css/registration.css] fired 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote is now 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter [registrationImages: pattern: /.resources/enterprise/images/registration/*.gif] fired 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote is now 0
DEBUG info.magnolia.cms.security.auth.login.FormLogin 16.11.2016 13:57:26 -- handle login for null
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter [allButActivationHandler: not pattern: /.magnolia/activation] fired 21
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote is now 21
DEBUG info.magnolia.multisite.filters.MultiSiteFilter 16.11.2016 13:57:26 -- Determined domain as localhost on address 0:0:0:0:0:0:0:1. The assigned site is fallback.
DEBUG info.magnolia.module.site.filters.SiteMergeFilter 16.11.2016 13:57:26 -- There's no variation named 'all'. Serving site 'fallback'.
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter [BypassWhenNotInAdminCentral: not pattern: /.magnolia] fired 10
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote is now 10
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter [BypassWhenNotAuthenticated: not] fired 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter [BypassWhenNoQueryParameters: not] fired 1
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter [BypassWhenVaadinRequest: pattern: /.magnolia/admincentral] fired 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter [dotMagnolia: pattern: /.magnolia] fired 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote is now 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter [resources: pattern: /.resources] fired 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote is now 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter [login: pattern: /.resources/defaultMagnoliaLoginForm] fired 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote is now 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter [logout: pattern: /.magnolia/pages/logout.html] fired 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote is now 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter [adminJavascript: pattern: /.magnolia/pages/javascript.js] fired 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote is now 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter [registrationCss: pattern: /.resources/enterprise/css/registration.css] fired 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote is now 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter [registrationImages: pattern: /.resources/enterprise/images/registration/*.gif] fired 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote is now 0
WARN info.magnolia.cms.security.PermissionUtil 16.11.2016 13:57:26 -- no permissions found for [info.magnolia.cms.security.ExternalUser@3c82d1f9]
DEBUG info.magnolia.multisite.filters.SiteUriSecurityFilter 16.11.2016 13:57:26 -- Skipping site permission check for user pagrawa, permission read to access uri / on site fallback
DEBUG info.magnolia.multisite.filters.SiteUriSecurityFilter 16.11.2016 13:57:26 -- User pagrawa has NOT been granted permission read to access uri /
DEBUG info.magnolia.context.AbstractRepositoryStrategy 16.11.2016 13:57:26 -- releasing jcr sessions
DEBUG info.magnolia.context.AbstractRepositoryStrategy 16.11.2016 13:57:26 -- releasing jcr sessions
заранее спасибо