I have a Liferay 6.1 instance that is connected to LDAP. New users get imported nicely, but when I remove a user from the LDAP directory, Liferay starts throwing exceptions when it tries to sync users from LDAP.
These seem to be safe to ignore, but they produce several megabytes of log and it makes log parsing highly annoying. Also I think it might affect performance. If a deleted user logs in, they see nothing.
16:13:54,422 ERROR [liferay/scheduler_dispatch-790][PortalLDAPImporterImpl:995] LDAP user not found with fullUserDN cn=foobar,ou=people,o=foo,dc=bar,dc=baz
javax.naming.NameNotFoundException: [LDAP: error code 32 - No Such Object]; remaining name 'cn=foobar,ou=people,o=foo,dc=bar,dc=baz'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3057)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2978)
... etc
How could I convince Liferay that this is really OK? Or is there something else I should do?
Until missing users in LDAP are supported by Liferay you can turn off the logging for this particular message. Just create the file ROOT.war/WEB-INF/classes/META-INF/portal-log4j-ext.xml with the following content:
<?xml version="1.0">
<!DOCTYPE log4j:configuration SYSTEM "log4j.dtd">
<log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/">
<!-- Copy all appenders from
ROOT.war/WEB-INF/lib/portal-impl.jar/META-INF/portal-log4j.xml
and add the following filter: -->
<appender ...>
...
<filter class="org.apache.log4j.filter.StringMatchFilter">
<param name="StringToMatch" value="LDAP user not found with fullUserDN" />
<param name="AcceptOnMatch" value="false" />
</filter>
</appender>
<!-- Keep the root definition from portal-log4j.xml
to trigger the parsing of the appenders: -->
<root>
<priority value="INFO" />
<appender-ref ref="CONSOLE" />
<appender-ref ref="FILE" />
</root>
</log4j:configuration>
You can find more about logging in the Liferay Wiki.
Related
My goal is to add the anonymous authentication to Nuxeo web ui.
I followed the steps on https://doc.nuxeo.com/nxdoc/how-to-define-public-pages-viewable-by-anonymous-users/.
Created anonymous-auth-config.xml with the following content:
<component name="org.nuxeo.ecm.platform.login.anonymous.config">
<!-- Add an Anonymous user -->
<extension target="org.nuxeo.ecm.platform.usermanager.UserService"
point="userManager">
<userManager>
<users>
<anonymousUser id="Guest">
<property name="firstName">Guest</property>
<property name="lastName">User</property>
</anonymousUser>
</users>
</userManager>
</extension>
</component>
First I copied the file into the C:\Nuxeo\nxserver\config then try folder C:\Nuxeo\templates\common\config.
Modified nuxeo.conf and set nuxeo.user.anonymous.enable=true.
Restart the application server.
Now I can only enter the web ui as Anonymous user, but can't log in as Administrator or any other valid user.
There is forceAnonymousLogin=true query string in the url now by default.
I'm not sure should I change and how the authenticationChain as stated in another link: https://doc.nuxeo.com/nxdoc/using-anonymous-authentication/
Thanks for your help in advance!
I have two almost identical web api services programmed in C# and installed on the same Windows 2008 Server on IIS 6.1. When I do web api calls to them, they both work just fine. I am using log4net for logging purposes. One of them, however, does not always log. They both have the same exact log4net configuration, which is:
<log4net>
<root>
<level value="DEBUG" />
<appender-ref ref="RollingLogFileAppender" />
</root>
<appender name="RollingLogFileAppender" type="log4net.Appender.RollingFileAppender">
<file value="C:\LOGS\SomeFolder\" />
<appendToFile value="true" />
<lockingModel type="log4net.Appender.FileAppender+MinimalLock" />
<preserveLogFileNameExtension value="true" />
<rollingStyle value="Date" />
<datePattern value="'WebApi.One.'yyyy-MM-dd'.log'" />
<staticLogFileName value="false" />
<layout type="log4net.Layout.PatternLayout">
<conversionPattern value="%-5level [%thread][%date{dd-MM-yy HH:mm:ss,fff}] %logger - %message%newline" />
</layout>
</appender>
</log4net>
The only difference in the configuration is the datePattern which has a slightly different name so that they do not log to the same exact file.
For the web api where logging works as expected a new log file is created each day as soon as a web api call comes in. For the web api where logging does not seem to work the new log file is not created. However, if I make a web api call from a browser on the same server as it is installed on, then logging starts. After the logging has started for that day it continues fine (even with web api calls coming from other machines). But the next day no new file is created.
I am unable to see what the difference is. Surely there must be something I am not thinking of that makes these two web apis behave differently when it comes to logging. Remember, both of the services work fine, it is just the logging that is not working for one of them.
Any suggestions?
Edit 1:
After adding diagnostics as suggested by Peter I can see that the access to the path is denied:
log4net:ERROR Could not create Appender [RollingLogFileAppender] of type [log4net.Appender.RollingFileAppender]. Reported error follows.
System.UnauthorizedAccessException: Access to the path 'C__LOGS_WebApi.One_' is denied.
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.Threading.Mutex.MutexTryCodeHelper.MutexTryCode(Object userData)
at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode code, CleanupCode backoutCode, Object userData)
at System.Threading.Mutex.CreateMutexWithGuaranteedCleanup(Boolean initiallyOwned, String name, Boolean& createdNew, SECURITY_ATTRIBUTES secAttrs)
at System.Threading.Mutex..ctor(Boolean initiallyOwned, String name, Boolean& createdNew, MutexSecurity mutexSecurity)
at System.Threading.Mutex..ctor(Boolean initiallyOwned, String name)
at log4net.Appender.RollingFileAppender.ActivateOptions()
at log4net.Repository.Hierarchy.XmlHierarchyConfigurator.ParseAppender(XmlElement appenderElement)
log4net:ERROR Appender named [RollingLogFileAppender] not found.
I don't know why though.
Edit 2:
I checked solutions in these StackOverflow answers:
What am I doing wrong with thie log4net implementation?
log4net: Error on loading custom appender
But still no progress.
This looked very similar, but I could see no solution there (although maybe there is one).
Edit 3:
Folder permissions:
According to the exception message, the process does not have enough rights to write to the location of the log file.
In my experience with dealing with IIS, changing the security permissions on the folder where the log file is stored so that the application/process has the rights to modify the log file(s) usually works.
To confirm/troubleshoot start by giving everyone full control on the folder and testing that the file can be modified.
If that works then you can confirm it is a permission issue.
I usually give IIS_IUSRS the following permission on the Log folder where I store my logs and archive.
Read
Write
Modify
To limit possible attack vectors I try to give the process as few permission as needed to perform its function. Adding and removing permissions and then testing that it still functions as desired.
It looks like a security issue, to debug this you should enable debugging for log4net:
<appSettings>
<add key="log4net.Internal.Debug" value="true"/>
</appSettings>
And
<system.diagnostics>
<trace autoflush="true">
<listeners>
<add
name="textWriterTraceListener"
type="System.Diagnostics.TextWriterTraceListener"
initializeData="C:\tmp\log4net.txt" />
</listeners>
</trace>
</system.diagnostics>
in your configuration.
This way you are able to see why the creation of the file fails.
log4net faq
I've search many sites and tried several different opinions. But I still could not solve it. Here are the things I did right now:
In Global.asax at Application_Startup I give the file path and startup the Log4Net.
Right after I start log4net, I write a log that says "Application has
stared'"
Currently, there is only 1 worker in IIS for the WCF application The
IIS user has access to WRITE, MODIFY and READ privileges
The problem:
When I invoke a method of service directly (without doing the 2.
step below), No Logs is written
On a browser, I write te WCF url and hit ENTER, Log4Net creates the
folder and the files (files are EMPTY at this point).
If I make requests and invoke the methods (doing the 1st step), now
Log4Net writes the logs.
The actual problem:
After the 3rd step, (lets say we waited without any invokes of the
WCF methods around 10 minutes or more), the invoking DOES NOT CREATE
Log4Net Text logs ANYMORE.
Sometimes, if I repeat the 2nd step, it begins writing the logs
again. But there is no coherent results.
Here is the Config.xml:
<?xml version="1.0" encoding="utf-8"?>
<log4net>
<appender name="ProcessInfo_FileAppender" type="log4net.Appender.RollingFileAppender">
<file type="log4net.Util.PatternString" value="L:\LOGs\ProcessInfo\ProcessInfo_[%processid].txt" />
<lockingModel type="log4net.Appender.FileAppender+MinimalLock" />
<appendToFile value="true" />
<rollingStyle value="Composite" />
<maxSizeRollBackups value="200" />
<maximumFileSize value="30MB" />
<layout type="log4net.Layout.PatternLayout">
<conversionPattern value="%date [%thread] - %message%newline" />
</layout>
</appender>
<logger name="ProcessInfo">
<levelMin value="ERROR" />
<levelMax value="INFO" />
<appender-ref ref="ProcessInfo_FileAppender" />
</logger>
<root></root>
</log4net>
I have other WCF projects which have no problem even with multiple Workers. (I used the exact same IIS and Log4Net xml configuration with them). Also, as I mentioned on the title, I have a WebSite who has exact same logging codes (they both using a common 3rd party dll which I wrote) and has NO PROBLEM of writing Log4Net text logging at all.
Please help.
Thanks.
The problem is not in your logging configuration, you should try to enable log4net internal debugging. This will tell you why the logging stops. I guess there is some code that reconfigures your logging to load configuration from your web.config which is not there.
<configuration>
...
<appSettings>
<add key="log4net.Internal.Debug" value="true"/>
</appSettings>
...
<system.diagnostics>
<trace autoflush="true">
<listeners>
<add
name="textWriterTraceListener"
type="System.Diagnostics.TextWriterTraceListener"
initializeData="C:\tmp\log4net.txt" />
</listeners>
</trace>
</system.diagnostics>
</configuration>
Log4net FAQ
In openam I created a subRealm named TestRealm .In order to create policies in TestRealm there should be a referral policy. Im trying to create a policies for TestRealm with the help of ssoadm command, but its throwing a error Cannot create policy. No referral exists to the organization. Im using the following policy.xml to create policies under the root realm.
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE Policies PUBLIC "-//OpenSSO Policy Administration DTD//EN" "jar://com/sun/identity/policy/policyAdmin.dtd">
<!-- New policy, same as the old policy -->
<Policies>
<Policy name="Test Policy" referralPolicy="false" active="true" >
<Rule name="Test Allow GET with parameters">
<ServiceName name="iPlanetAMWebAgentService" />
<ResourceName name="http://www.test.com/demo/*?*" />
<AttributeValuePair>
<Attribute name="GET" />
<Value>allow</Value>
</AttributeValuePair>
</Rule>
<Rule name="Vidz Ref Allow GET and POST">
<ServiceName name="iPlanetAMWebAgentService" />
<ResourceName name="http://www.test.com/demo/*" />
<AttributeValuePair>
<Attribute name="POST" />
<Value>allow</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="GET" />
<Value>allow</Value>
</AttributeValuePair>
</Rule>
<Subjects name="Subjects" description="Everybody authenticated">
<Subject name="All Authenticated Users" type="AuthenticatedUsers" includeType="inclusive">
</Subject>
</Subjects>
</Policy>
</Policies>
How to modify the above one to create a referral policy??
The easiest way would be to simply create an example referral in the top level realm, and then just export it via ssoadm for subsequent imports. Also you should use very generic rules in referrals, like http://www.test.demo.com/* and http://www.test.demo.com/*?*, having complex rules in referrals will only slow down policy evaluation without much of a point (the referred policies will be used to make the allow/deny decision in the end anyways).
We have an internal Glassfish 3.1 server where we have Jenkins deploy war-artifacts directly without any additional configuration.
This results in numerous rather verbose URL's like
http://xxx:5280/xxx_YYYY-52.20120824.0-SNAPSHOT/
and I would like to write a small ROOT.war (binding to "/") which simply lists all URL's in the current domain - preferably along with the <web-app><description>.... field.
This only needs to work with Glassfish. Is there a simple Glassfish API providing the information I need?
You can parse domain.xml. There is information about deployed apps, context root ... smth like this
<application context-root="/permit-1.0" location="${com.sun.aas.instanceRootURI}/applications/permit-1.0/" name="permit-1.0" object-type="user">
<property name="org.glassfish.ejb.container.application_unique_id" value="88379353331728384" />
<property name="defaultAppName" value="permit-1.0" />
<module name="permit-1.0">
<engine sniffer="ejb" />
<engine sniffer="security" />
<engine sniffer="web" />
</module>
</application>