[opencms-dev] Unable to fetch groups from ldap with ocee-ldap

Michael Moossen m.moossen at alkacon.com
Wed Aug 19 11:03:34 CEST 2009 

Hi Per-Olof!

it seems to be that there is a problem in your configuration file.

any group definition of type(membersformat) fulldn or userid needs a 
filter by member, like:
<by-member>(&(objectclass=groupofuniquenames)(uniquemember=?))</by-member>

see the documentation and sample configuration files for more details.

by the way, your evaluation license also expired already 1 month ago, if 
you ask kindly we could give a second one...

HTH
-------------------
Michael Moossen

Alkacon Software GmbH  - The OpenCms Experts
http://www.alkacon.com - http://www.opencms.org

Per-Olof Widström schrieb:
> 
> 
> Hi,
> 
> I'm trying to set up the ocee-ldap module. Everything works, except 
> getting groups from ldap.
> 
> I can synchronize users i.e. import them to the database, but when I try 
> to do the same with the groups I get nothing (an empty list).
> 
> 
> It is also possible to authenticate against the ldap, but when a valid 
> combination of username and password is given, while logging in to the 
> open cms explorer, I get a 500 error message.
> 
> The logs tells me this:
> Aug 17, 2009 3:04:08 PM org.apache.catalina.core.ApplicationDispatcher 
> invoke
> SEVERE: Servlet.service() for servlet jsp threw exception
> java.lang.NullPointerException
>         at 
> org.opencms.ocee.ldap.CmsLdapGroupDefinition.getFilterByMember(CmsLdapGroupDefinition.java:145)
>         at 
> org.opencms.ocee.ldap.CmsLdapManager.lookupGroupNames(CmsLdapManager.java:789)
>         at 
> org.opencms.ocee.ldap.CmsLdapUserDriver.o0000000000000000000000000000000000000000000000000000000000000000000
> 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
> 000000000000000000000000000000000000000000000000000000000000000000000super(CmsLdapUserDriver.java:1376)
>         at 
> org.opencms.ocee.ldap.CmsLdapUserDriver.o0000000000000000000000000000000000000000000000000000000000000000000
> 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
> 000000000000000000000000000000000000000000000000000000000000000000000super(CmsLdapUserDriver.java:1197)
>         at 
> org.opencms.ocee.ldap.CmsLdapUserDriver.readUser(CmsLdapUserDriver.java:833)
>         at 
> org.opencms.ocee.ldap.CmsLdapUserDriver.readUser(CmsLdapUserDriver.java:844)
>         at 
> org.opencms.db.CmsDriverManager.loginUser(CmsDriverManager.java:4700)
>         at 
> org.opencms.db.CmsSecurityManager.loginUser(CmsSecurityManager.java:2884)
>         at org.opencms.file.CmsObject.loginUser(CmsObject.java:2267)
>         at org.opencms.jsp.CmsJspLoginBean.login(CmsJspLoginBean.java:189)
>         at org.opencms.jsp.CmsJspLoginBean.login(CmsJspLoginBean.java:169)
>         at org.opencms.workplace.CmsLogin.displayDialog(CmsLogin.java:293)
>         at 
> org.apache.jsp.WEB_002dINF.jsp.online.system.login.index_html_jsp._jspService(index_html_jsp.java:59)
>         at 
> org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
>         at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
>         at 
> org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:374)
>         at 
> org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:342)
>         at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:267)
> [snip]
> 
> The ldap server I'm using is Sun Java System Directory Server Enterprise 
> Edition 6.3. It supports RFC 2798, and it looks as it supports 2256 
> also, although that RFC  number seems to be obsolete, see link below.
> http://docs.sun.com/app/docs/doc/820-2766/gdutg?a=view
> 
> My ocee-ldap.xml has the following enteries:
>       <ou-definition> <!-- Splendid -->
>         <ou-name>org1</ou-name>
>         <group-definitions>
>           <group-definition membersformat="fulldn">
>             <group-access>
>               <group-filters>
>                 <all>(objectclass=groupofuniquenames)</all>
>                 
> <by-name>(&(objectclass=groupofuniquenames)(cn=?))</by-name>
>               </group-filters>
>               <contexts>
>                 <context>ou=Groups,o=org1,o=comms,dc=domain,dc=com</context>
>               </contexts>
>             </group-access>
>             <group-mappings>
>               <groupid>cn</groupid>
>               <groupname>cn</groupname>
>               <member>uniquemember</member>
>             </group-mappings>
>             <editable>false</editable>
>           </group-definition>
>         </group-definitions>
> 
> I have looked at a the groups in ldap-browser, which tells me that the 
> group has the following classes: inetlocalmailrecipient, inetmailgroup, 
> groupofuniquenames, ipgroup, inetmailgroupmanagement, inetgroup. The 
> query (objectclass=groupofuniquenames) work in the ldapbrowser I use 
> (Soft terra ldapbrowser).
> 
> Any ideas why I don't get any groups from ldap?
> 
> 
> 
> ------------------------------------------------------------------------
> 
> 
> _______________________________________________
> This mail is sent to you from the opencms-dev mailing list
> To change your list options, or to unsubscribe from the list, please visit
> http://lists.opencms.org/mailman/listinfo/opencms-dev

More information about the opencms-dev mailing list