
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>

<head>

</head>

<body bgcolor="#ffffff" text="#000000">

<br>

<br>

Hi,<br>

<br>

I'm trying to set up the ocee-ldap module. Everything works, except

getting groups from ldap. <br>

<br>

I can synchronize users i.e. import them to the database, but when I

try to do the same with the groups I get nothing (an empty list).<br>

<br>

<br>

It is also possible to authenticate against the ldap, but when a valid

combination of username and password is given, while logging in to the

open cms explorer, I get a 500 error message.<br>

<br>

The logs tells me this:<br>

<font size="-1"><tt>Aug 17, 2009 3:04:08 PM

org.apache.catalina.core.ApplicationDispatcher invoke<br>

SEVERE: Servlet.service() for servlet jsp threw exception<br>

java.lang.NullPointerException<br>

        at

org.opencms.ocee.ldap.CmsLdapGroupDefinition.getFilterByMember(CmsLdapGroupDefinition.java:145)<br>

        at

org.opencms.ocee.ldap.CmsLdapManager.lookupGroupNames(CmsLdapManager.java:789)<br>

        at

org.opencms.ocee.ldap.CmsLdapUserDriver.o0000000000000000000000000000000000000000000000000000000000000000000<br>

00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000<br>

000000000000000000000000000000000000000000000000000000000000000000000super(CmsLdapUserDriver.java:1376)<br>

        at

org.opencms.ocee.ldap.CmsLdapUserDriver.o0000000000000000000000000000000000000000000000000000000000000000000<br>

00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000<br>

000000000000000000000000000000000000000000000000000000000000000000000super(CmsLdapUserDriver.java:1197)<br>

        at

org.opencms.ocee.ldap.CmsLdapUserDriver.readUser(CmsLdapUserDriver.java:833)<br>

        at

org.opencms.ocee.ldap.CmsLdapUserDriver.readUser(CmsLdapUserDriver.java:844)<br>

        at

org.opencms.db.CmsDriverManager.loginUser(CmsDriverManager.java:4700)<br>

        at

org.opencms.db.CmsSecurityManager.loginUser(CmsSecurityManager.java:2884)<br>

        at org.opencms.file.CmsObject.loginUser(CmsObject.java:2267)<br>

        at

org.opencms.jsp.CmsJspLoginBean.login(CmsJspLoginBean.java:189)<br>

        at

org.opencms.jsp.CmsJspLoginBean.login(CmsJspLoginBean.java:169)<br>

        at

org.opencms.workplace.CmsLogin.displayDialog(CmsLogin.java:293)<br>

        at

org.apache.jsp.WEB_002dINF.jsp.online.system.login.index_html_jsp._jspService(index_html_jsp.java:59)<br>

        at

org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)<br>

        at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)<br>

        at

org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:374)<br>

        at

org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:342)<br>

        at

org.apache.jasper.servlet.JspServlet.service(JspServlet.java:267)<br>

[snip]<br>

</tt></font><br>

The ldap server I'm using is Sun Java System Directory Server

Enterprise Edition 6.3. It supports RFC 2798, and it looks as it

supports 2256 also, although that RFC  number seems to be obsolete, see

link below. <br>

<a class="moz-txt-link-freetext"

 href="http://docs.sun.com/app/docs/doc/820-2766/gdutg?a=view">http://docs.sun.com/app/docs/doc/820-2766/gdutg?a=view</a><br>

<br>

My ocee-ldap.xml has the following enteries:<br>

<font size="-1"><tt>      <ou-definition> <!-- Splendid --><br>

        <ou-name></tt></font><font size="-1"><tt>org1</tt></font><font

 size="-1"><tt></ou-name><br>

        <group-definitions><br>

          <group-definition membersformat="fulldn"><br>

            <group-access><br>

              <group-filters><br>

                <all>(objectclass=groupofuniquenames)</all><br>

               

<by-name>(&amp;(objectclass=groupofuniquenames)(cn=?))</by-name><br>

              </group-filters><br>

              <contexts><br>

               

<context>ou=Groups,o=org1,o=comms,dc=domain,dc=com</context><br>

              </contexts><br>

            </group-access><br>

            <group-mappings><br>

              <groupid>cn</groupid><br>

              <groupname>cn</groupname><br>

              <member>uniquemember</member><br>

            </group-mappings><br>

            <editable>false</editable><br>

          </group-definition><br>

        </group-definitions><br>

</tt></font><br>

I have looked at a the groups in ldap-browser, which tells me that the

group has the following classes: inetlocalmailrecipient, inetmailgroup,

groupofuniquenames, ipgroup, inetmailgroupmanagement, inetgroup. The

query <font size="-1"><tt>(objectclass=groupofuniquenames)</tt></font>

work in the ldapbrowser I use (Soft terra ldapbrowser).<br>

<br>

Any ideas why I don't get any groups from ldap?<br>

<br>

<br>

</body>

</html>