<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Hi,<br>
<br>
someone already asked kindly, in a nice way, I presume, so we have a
second trail period (tnx).<br>
<br>
I changed the xml so it has the "by-member" tag, and now I don't get
any exceptions complaining about that it is missing. nice. <br>
<br>
I looked in the docs, and in ou-definitions the by-member tag is
missing, and I'm pretty sure I didn't get them in the xml-file that was
provided in the installation. It wouldn't hurt if someone changed the
ldap-package so it included the "by-member" tag for ou-definitions.<br>
<br>
Copied from ocee-ldap.xml:<br>
<tt><small><ou-definitions><br>
<ou-definition><br>
<ou-name>/test/</ou-name><br>
<group-definitions><br>
<group-definition membersformat="mburl"><br>
<group-access><br>
<group-filters><br>
<all>(objectclass=groupofurls)</all><br>
<by-name>(&(objectclass=groupofurls)(cn=?))</by-name><br>
</group-filters><br>
</small></tt><br>
<br>
My problem is still there, unfortunately, I get no groups to sync. Is
there some way I can troubleshot this, like turning up log levels in
log4j.properties, or something else?<br>
<br>
My ldap xml now looks like this:<br>
<small><tt> <group-definitions><br>
<group-definition membersformat="fulldn"><br>
<group-access><br>
<group-filters><br>
<all>(objectclass=</tt></small><small><tt>groupofuniquenames</tt></small><small><tt>)</all><br>
<by-name>(&(objectclass=groupofuniquenames)(cn=?))</by-name><br>
<by-member>(&(objectclass=groupofuniquenames)(uniquemember=?))</by-member><br>
</group-filters><br>
<contexts><br>
<small> <context>ou=Groups,</small></tt><tt>o=org1,o=comms,dc=domain,dc=com</context></tt></small><br>
<small><tt> </contexts><br>
</group-access><br>
<group-mappings><br>
<groupid>cn</groupid><br>
<groupname>cn</groupname><br>
<member>uniquemember</member><br>
</group-mappings><br>
<editable>false</editable><br>
</group-definition><br>
<br>
</tt></small><br>
Regards<br>
Per-Olof<br>
<br>
<br>
Michael Moossen wrote:
<blockquote cite="mid:4A8BBFE6.8090802@alkacon.com" type="cite">
<pre wrap="">Hi Per-Olof!
it seems to be that there is a problem in your configuration file.
any group definition of type(membersformat) fulldn or userid needs a
filter by member, like:
<by-member>(&(objectclass=groupofuniquenames)(uniquemember=?))</by-member>
see the documentation and sample configuration files for more details.
by the way, your evaluation license also expired already 1 month ago, if
you ask kindly we could give a second one...
HTH
-------------------
Michael Moossen
Alkacon Software GmbH - The OpenCms Experts
<a class="moz-txt-link-freetext" href="http://www.alkacon.com">http://www.alkacon.com</a> - <a class="moz-txt-link-freetext" href="http://www.opencms.org">http://www.opencms.org</a>
Per-Olof Widström schrieb:
</pre>
<blockquote type="cite">
<pre wrap="">
Hi,
I'm trying to set up the ocee-ldap module. Everything works, except
getting groups from ldap.
I can synchronize users i.e. import them to the database, but when I try
to do the same with the groups I get nothing (an empty list).
It is also possible to authenticate against the ldap, but when a valid
combination of username and password is given, while logging in to the
open cms explorer, I get a 500 error message.
The logs tells me this:
Aug 17, 2009 3:04:08 PM org.apache.catalina.core.ApplicationDispatcher
invoke
SEVERE: Servlet.service() for servlet jsp threw exception
java.lang.NullPointerException
at
org.opencms.ocee.ldap.CmsLdapGroupDefinition.getFilterByMember(CmsLdapGroupDefinition.java:145)
at
org.opencms.ocee.ldap.CmsLdapManager.lookupGroupNames(CmsLdapManager.java:789)
at
org.opencms.ocee.ldap.CmsLdapUserDriver.o0000000000000000000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000super(CmsLdapUserDriver.java:1376)
at
org.opencms.ocee.ldap.CmsLdapUserDriver.o0000000000000000000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000super(CmsLdapUserDriver.java:1197)
at
org.opencms.ocee.ldap.CmsLdapUserDriver.readUser(CmsLdapUserDriver.java:833)
at
org.opencms.ocee.ldap.CmsLdapUserDriver.readUser(CmsLdapUserDriver.java:844)
at
org.opencms.db.CmsDriverManager.loginUser(CmsDriverManager.java:4700)
at
org.opencms.db.CmsSecurityManager.loginUser(CmsSecurityManager.java:2884)
at org.opencms.file.CmsObject.loginUser(CmsObject.java:2267)
at org.opencms.jsp.CmsJspLoginBean.login(CmsJspLoginBean.java:189)
at org.opencms.jsp.CmsJspLoginBean.login(CmsJspLoginBean.java:169)
at org.opencms.workplace.CmsLogin.displayDialog(CmsLogin.java:293)
at
org.apache.jsp.WEB_002dINF.jsp.online.system.login.index_html_jsp._jspService(index_html_jsp.java:59)
at
org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:374)
at
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:342)
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:267)
[snip]
The ldap server I'm using is Sun Java System Directory Server Enterprise
Edition 6.3. It supports RFC 2798, and it looks as it supports 2256
also, although that RFC number seems to be obsolete, see link below.
<a class="moz-txt-link-freetext" href="http://docs.sun.com/app/docs/doc/820-2766/gdutg?a=view">http://docs.sun.com/app/docs/doc/820-2766/gdutg?a=view</a>
My ocee-ldap.xml has the following enteries:
<ou-definition> <!-- Splendid -->
<ou-name>org1</ou-name>
<group-definitions>
<group-definition membersformat="fulldn">
<group-access>
<group-filters>
<all>(objectclass=groupofuniquenames)</all>
<by-name>(&(objectclass=groupofuniquenames)(cn=?))</by-name>
</group-filters>
<contexts>
<context>ou=Groups,o=org1,o=comms,dc=domain,dc=com</context>
</contexts>
</group-access>
<group-mappings>
<groupid>cn</groupid>
<groupname>cn</groupname>
<member>uniquemember</member>
</group-mappings>
<editable>false</editable>
</group-definition>
</group-definitions>
I have looked at a the groups in ldap-browser, which tells me that the
group has the following classes: inetlocalmailrecipient, inetmailgroup,
groupofuniquenames, ipgroup, inetmailgroupmanagement, inetgroup. The
query (objectclass=groupofuniquenames) work in the ldapbrowser I use
(Soft terra ldapbrowser).
Any ideas why I don't get any groups from ldap?
------------------------------------------------------------------------
_______________________________________________
This mail is sent to you from the opencms-dev mailing list
To change your list options, or to unsubscribe from the list, please visit
<a class="moz-txt-link-freetext" href="http://lists.opencms.org/mailman/listinfo/opencms-dev">http://lists.opencms.org/mailman/listinfo/opencms-dev</a>
</pre>
</blockquote>
<pre wrap=""><!---->
_______________________________________________
This mail is sent to you from the opencms-dev mailing list
To change your list options, or to unsubscribe from the list, please visit
<a class="moz-txt-link-freetext" href="http://lists.opencms.org/mailman/listinfo/opencms-dev">http://lists.opencms.org/mailman/listinfo/opencms-dev</a>
</pre>
</blockquote>
<br>
</body>
</html>