<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
</head>
<body bgcolor="#ffffff" text="#000000">
<br>
<br>
Hi,<br>
<br>
I'm trying to set up the ocee-ldap module. Everything works, except
getting groups from ldap. <br>
<br>
I can synchronize users i.e. import them to the database, but when I
try to do the same with the groups I get nothing (an empty list).<br>
<br>
<br>
It is also possible to authenticate against the ldap, but when a valid
combination of username and password is given, while logging in to the
open cms explorer, I get a 500 error message.<br>
<br>
The logs tells me this:<br>
<font size="-1"><tt>Aug 17, 2009 3:04:08 PM
org.apache.catalina.core.ApplicationDispatcher invoke<br>
SEVERE: Servlet.service() for servlet jsp threw exception<br>
java.lang.NullPointerException<br>
        at
org.opencms.ocee.ldap.CmsLdapGroupDefinition.getFilterByMember(CmsLdapGroupDefinition.java:145)<br>
        at
org.opencms.ocee.ldap.CmsLdapManager.lookupGroupNames(CmsLdapManager.java:789)<br>
        at
org.opencms.ocee.ldap.CmsLdapUserDriver.o0000000000000000000000000000000000000000000000000000000000000000000<br>
00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000<br>
000000000000000000000000000000000000000000000000000000000000000000000super(CmsLdapUserDriver.java:1376)<br>
        at
org.opencms.ocee.ldap.CmsLdapUserDriver.o0000000000000000000000000000000000000000000000000000000000000000000<br>
00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000<br>
000000000000000000000000000000000000000000000000000000000000000000000super(CmsLdapUserDriver.java:1197)<br>
        at
org.opencms.ocee.ldap.CmsLdapUserDriver.readUser(CmsLdapUserDriver.java:833)<br>
        at
org.opencms.ocee.ldap.CmsLdapUserDriver.readUser(CmsLdapUserDriver.java:844)<br>
        at
org.opencms.db.CmsDriverManager.loginUser(CmsDriverManager.java:4700)<br>
        at
org.opencms.db.CmsSecurityManager.loginUser(CmsSecurityManager.java:2884)<br>
        at org.opencms.file.CmsObject.loginUser(CmsObject.java:2267)<br>
        at
org.opencms.jsp.CmsJspLoginBean.login(CmsJspLoginBean.java:189)<br>
        at
org.opencms.jsp.CmsJspLoginBean.login(CmsJspLoginBean.java:169)<br>
        at
org.opencms.workplace.CmsLogin.displayDialog(CmsLogin.java:293)<br>
        at
org.apache.jsp.WEB_002dINF.jsp.online.system.login.index_html_jsp._jspService(index_html_jsp.java:59)<br>
        at
org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)<br>
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)<br>
        at
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:374)<br>
        at
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:342)<br>
        at
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:267)<br>
[snip]<br>
</tt></font><br>
The ldap server I'm using is Sun Java System Directory Server
Enterprise Edition 6.3. It supports RFC 2798, and it looks as it
supports 2256 also, although that RFC  number seems to be obsolete, see
link below. <br>
<a class="moz-txt-link-freetext"
 href="http://docs.sun.com/app/docs/doc/820-2766/gdutg?a=view">http://docs.sun.com/app/docs/doc/820-2766/gdutg?a=view</a><br>
<br>
My ocee-ldap.xml has the following enteries:<br>
<font size="-1"><tt>      <ou-definition> <!-- Splendid --><br>
        <ou-name></tt></font><font size="-1"><tt>org1</tt></font><font
 size="-1"><tt></ou-name><br>
        <group-definitions><br>
          <group-definition membersformat="fulldn"><br>
            <group-access><br>
              <group-filters><br>
                <all>(objectclass=groupofuniquenames)</all><br>
               
<by-name>(&amp;(objectclass=groupofuniquenames)(cn=?))</by-name><br>
              </group-filters><br>
              <contexts><br>
               
<context>ou=Groups,o=org1,o=comms,dc=domain,dc=com</context><br>
              </contexts><br>
            </group-access><br>
            <group-mappings><br>
              <groupid>cn</groupid><br>
              <groupname>cn</groupname><br>
              <member>uniquemember</member><br>
            </group-mappings><br>
            <editable>false</editable><br>
          </group-definition><br>
        </group-definitions><br>
</tt></font><br>
I have looked at a the groups in ldap-browser, which tells me that the
group has the following classes: inetlocalmailrecipient, inetmailgroup,
groupofuniquenames, ipgroup, inetmailgroupmanagement, inetgroup. The
query <font size="-1"><tt>(objectclass=groupofuniquenames)</tt></font>
work in the ldapbrowser I use (Soft terra ldapbrowser).<br>
<br>
Any ideas why I don't get any groups from ldap?<br>
<br>
<br>
</body>
</html>