Starting WSO2 Identity Server for the first time gives me this error:
"Caused by: org.wso2.carbon.user.core.UserStoreException: Admin user
can not be created in primary user store. User store is read only.
Please pick a user name which is exist in the primary user store as
Admin user"
<UserManager>
<Realm>
<Configuration>
<AddAdmin>false</AddAdmin>
<AdminRole>admins</AdminRole>
<AdminUser>
<UserName>cn=Directory Manager</UserName>
<Password>xxxxxxxx</Password>
</AdminUser>
<EveryOneRoleName>everyone</EveryOneRoleName> <!-- By default users in this role sees the registry root -->
<Property name="dataSource">jdbc/WSO2CarbonDB</Property>
</Configuration>
<UserStoreManager class="org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager">
<Property name="TenantManager">org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager</Property>
<Property name="ConnectionURL">ldap://localhost:389</Property>
<Property name="ConnectionName">cn=Directory Manager</Property>
<Property name="ReadOnly">true</Property>
<Property name="ConnectionPassword">oursecretpassword</Property>
<Property name="passwordHashMethod">PLAIN_TEXT</Property>
<Property name="UserNameListFilter">(objectClass=person)</Property>
<Property name="UserEntryObjectClass">pccperson</Property>
<Property name="UserSearchBase">ou=People,dc=pcc.edu,dc=cp</Property>
<Property name="UserNameSearchFilter">(&(objectClass=person)(uid=?))</Property>
<Property name="UserNameAttribute">uid</Property>
<Property name="PasswordJavaScriptRegEx">^[\S]{5,30}$</Property>
<Property name="UsernameJavaScriptRegEx">^[\S]{3,30}$</Property>
<Property name="UsernameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
<Property name="RolenameJavaScriptRegEx">^[\S]{3,30}$</Property>
<Property name="RolenameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
<Property name="ReadGroups">true</Property>
<Property name="WriteGroups">false</Property>
<Property name="EmptyRolesAllowed">true</Property>
<Property name="GroupSearchBase">ou=Groups,dc=pcc,dc=edu</Property>
<Property name="GroupNameListFilter">(objectClass=groupofuniquenames)</Property>
<Property name="GroupEntryObjectClass">groupofuniquenames</Property>
<Property name="GroupNameSearchFilter">(&(objectClass=groupofuniquenames)(cn=?))</Property>
<Property name="GroupNameAttribute">cn</Property>
<Property name="MembershipAttribute">uniqueMember</Property>
<Property name="UserRolesCacheEnabled">true</Property>
<Property name="MaxRoleNameListLength">100</Property>
<Property name="MaxUserNameListLength">100</Property>
<Property name="SCIMEnabled">false</Property>
</UserStoreManager>
TID: [0] [IS] [2015-05-22 11:35:10,888] INFO {org.wso2.carbon.user.core.common.DefaultRealmService} - Database already exists. Not creating a new database. {org.wso2.carbon.user.core.common.DefaultRealmService}
TID: [0] [IS] [2015-05-22 11:35:11,233] INFO {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - LDAP connection created successfully in read-only mode {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
TID: [0] [IS] [2015-05-22 11:35:11,841] ERROR {org.wso2.carbon.user.core.common.DefaultRealm} - Cannot create org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager {org.wso2.carbon.user.core.common.DefaultRealm}
java.lang.reflect.InvocationTargetException
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:526)
at org.wso2.carbon.user.core.common.DefaultRealm.createObjectWithOptions(DefaultRealm.java:329)
at org.wso2.carbon.user.core.common.DefaultRealm.initializeObjects(DefaultRealm.java:195)
at org.wso2.carbon.user.core.common.DefaultRealm.init(DefaultRealm.java:104)
at org.wso2.carbon.user.core.common.DefaultRealmService.initializeRealm(DefaultRealmService.java:223)
at org.wso2.carbon.user.core.common.DefaultRealmService.(DefaultRealmService.java:101)
at org.wso2.carbon.user.core.common.DefaultRealmService.(DefaultRealmService.java:114)
at org.wso2.carbon.user.core.internal.Activator.startDeploy(Activator.java:69)
at org.wso2.carbon.user.core.internal.BundleCheckActivator.start(BundleCheckActivator.java:61)
at org.eclipse.osgi.framework.internal.core.BundleContextImpl$1.run(BundleContextImpl.java:711)
at java.security.AccessController.doPrivileged(Native Method)
at org.eclipse.osgi.framework.internal.core.BundleContextImpl.startActivator(BundleContextImpl.java:702)
at org.eclipse.osgi.framework.internal.core.BundleContextImpl.start(BundleContextImpl.java:683)
at org.eclipse.osgi.framework.internal.core.BundleHost.startWorker(BundleHost.java:381)
at org.eclipse.osgi.framework.internal.core.AbstractBundle.resume(AbstractBundle.java:390)
at org.eclipse.osgi.framework.internal.core.Framework.resumeBundle(Framework.java:1176)
at org.eclipse.osgi.framework.internal.core.StartLevelManager.resumeBundles(StartLevelManager.java:559)
at org.eclipse.osgi.framework.internal.core.StartLevelManager.resumeBundles(StartLevelManager.java:544)
at org.eclipse.osgi.framework.internal.core.StartLevelManager.incFWSL(StartLevelManager.java:457)
at org.eclipse.osgi.framework.internal.core.StartLevelManager.doSetStartLevel(StartLevelManager.java:243)
at org.eclipse.osgi.framework.internal.core.StartLevelManager.dispatchEvent(StartLevelManager.java:438)
at org.eclipse.osgi.framework.internal.core.StartLevelManager.dispatchEvent(StartLevelManager.java:1)
at org.eclipse.osgi.framework.eventmgr.EventManager.dispatchEvent(EventManager.java:230)
at org.eclipse.osgi.framework.eventmgr.EventManager$EventThread.run(EventManager.java:340)
Caused by: org.wso2.carbon.user.core.UserStoreException: Admin user can not be created in primary user store. User store is read only. Please pick a user name which is exist in the primary user store as Admin user
at org.wso2.carbon.user.core.common.AbstractUserStoreManager.addInitialAdminData(AbstractUserStoreManager.java:3206)
at org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager.(ReadOnlyLDAPUserStoreManager.java:166)
at org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager.(ReadOnlyLDAPUserStoreManager.java:97)
... 27 more
TID: [0] [IS] [2015-05-22 11:35:11,844] ERROR {org.wso2.carbon.user.core.common.DefaultRealmService} - Cannot initialize the realm. {org.wso2.carbon.user.core.common.DefaultRealmService}
org.wso2.carbon.user.core.UserStoreException: nullType class java.lang.reflect.InvocationTargetException
at org.wso2.carbon.user.core.common.DefaultRealm.createObjectWithOptions(DefaultRealm.java:370)
at org.wso2.carbon.user.core.common.DefaultRealm.initializeObjects(DefaultRealm.java:195)
at org.wso2.carbon.user.core.common.DefaultRealm.init(DefaultRealm.java:104)
at org.wso2.carbon.user.core.common.DefaultRealmService.initializeRealm(DefaultRealmService.java:223)
at org.wso2.carbon.user.core.common.DefaultRealmService.(DefaultRealmService.java:101)
at org.wso2.carbon.user.core.common.DefaultRealmService.(DefaultRealmService.java:114)
at org.wso2.carbon.user.core.internal.Activator.startDeploy(Activator.java:69)
at org.wso2.carbon.user.core.internal.BundleCheckActivator.start(BundleCheckActivator.java:61)
at org.eclipse.osgi.framework.internal.core.BundleContextImpl$1.run(BundleContextImpl.java:711)
at java.security.AccessController.doPrivileged(Native Method)
at org.eclipse.osgi.framework.internal.core.BundleContextImpl.startActivator(BundleContextImpl.java:702)
at org.eclipse.osgi.framework.internal.core.BundleContextImpl.start(BundleContextImpl.java:683)
at org.eclipse.osgi.framework.internal.core.BundleHost.startWorker(BundleHost.java:381)
at org.eclipse.osgi.framework.internal.core.AbstractBundle.resume(AbstractBundle.java:390)
at org.eclipse.osgi.framework.internal.core.Framework.resumeBundle(Framework.java:1176)
at org.eclipse.osgi.framework.internal.core.StartLevelManager.resumeBundles(StartLevelManager.java:559)
at org.eclipse.osgi.framework.internal.core.StartLevelManager.resumeBundles(StartLevelManager.java:544)
at org.eclipse.osgi.framework.internal.core.StartLevelManager.incFWSL(StartLevelManager.java:457)
at org.eclipse.osgi.framework.internal.core.StartLevelManager.doSetStartLevel(StartLevelManager.java:243)
at org.eclipse.osgi.framework.internal.core.StartLevelManager.dispatchEvent(StartLevelManager.java:438)
at org.eclipse.osgi.framework.internal.core.StartLevelManager.dispatchEvent(StartLevelManager.java:1)
at org.eclipse.osgi.framework.eventmgr.EventManager.dispatchEvent(EventManager.java:230)
at org.eclipse.osgi.framework.eventmgr.EventManager$EventThread.run(EventManager.java:340)
Caused by: java.lang.reflect.InvocationTargetException
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:526)
at org.wso2.carbon.user.core.common.DefaultRealm.createObjectWithOptions(DefaultRealm.java:329)
... 22 more
Caused by: org.wso2.carbon.user.core.UserStoreException: Admin user can not be created in primary user store. User store is read only. Please pick a user name which is exist in the primary user store as Admin user
at org.wso2.carbon.user.core.common.AbstractUserStoreManager.addInitialAdminData(AbstractUserStoreManager.java:3206)
at org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager.(ReadOnlyLDAPUserStoreManager.java:166)
at org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager.(ReadOnlyLDAPUserStoreManager.java:97)
... 27 more
TID: [0] [IS] [2015-05-22 11:35:11,845] ERROR {org.wso2.carbon.user.core.internal.Activator} - Cannot start User Manager Core bundle {org.wso2.carbon.user.core.internal.Activator}
org.wso2.carbon.user.core.UserStoreException: Cannot initialize the realm.
at org.wso2.carbon.user.core.common.DefaultRealmService.initializeRealm(DefaultRealmService.java:231)
at org.wso2.carbon.user.core.common.DefaultRealmService.(DefaultRealmService.java:101)
at org.wso2.carbon.user.core.common.DefaultRealmService.(DefaultRealmService.java:114)
at org.wso2.carbon.user.core.internal.Activator.startDeploy(Activator.java:69)
at org.wso2.carbon.user.core.internal.BundleCheckActivator.start(BundleCheckActivator.java:61)
at org.eclipse.osgi.framework.internal.core.BundleContextImpl$1.run(BundleContextImpl.java:711)
at java.security.AccessController.doPrivileged(Native Method)
at org.eclipse.osgi.framework.internal.core.BundleContextImpl.startActivator(BundleContextImpl.java:702)
at org.eclipse.osgi.framework.internal.core.BundleContextImpl.start(BundleContextImpl.java:683)
at org.eclipse.osgi.framework.internal.core.BundleHost.startWorker(BundleHost.java:381)
at org.eclipse.osgi.framework.internal.core.AbstractBundle.resume(AbstractBundle.java:390)
at org.eclipse.osgi.framework.internal.core.Framework.resumeBundle(Framework.java:1176)
at org.eclipse.osgi.framework.internal.core.StartLevelManager.resumeBundles(StartLevelManager.java:559)
at org.eclipse.osgi.framework.internal.core.StartLevelManager.resumeBundles(StartLevelManager.java:544)
at org.eclipse.osgi.framework.internal.core.StartLevelManager.incFWSL(StartLevelManager.java:457)
at org.eclipse.osgi.framework.internal.core.StartLevelManager.doSetStartLevel(StartLevelManager.java:243)
at org.eclipse.osgi.framework.internal.core.StartLevelManager.dispatchEvent(StartLevelManager.java:438)
at org.eclipse.osgi.framework.internal.core.StartLevelManager.dispatchEvent(StartLevelManager.java:1)
at org.eclipse.osgi.framework.eventmgr.EventManager.dispatchEvent(EventManager.java:230)
at org.eclipse.osgi.framework.eventmgr.EventManager$EventThread.run(EventManager.java:340)
Caused by: org.wso2.carbon.user.core.UserStoreException: nullType class java.lang.reflect.InvocationTargetException
at org.wso2.carbon.user.core.common.DefaultRealm.createObjectWithOptions(DefaultRealm.java:370)
at org.wso2.carbon.user.core.common.DefaultRealm.initializeObjects(DefaultRealm.java:195)
at org.wso2.carbon.user.core.common.DefaultRealm.init(DefaultRealm.java:104)
at org.wso2.carbon.user.core.common.DefaultRealmService.initializeRealm(DefaultRealmService.java:223)
... 19 more
Caused by: java.lang.reflect.InvocationTargetException
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:526)
at org.wso2.carbon.user.core.common.DefaultRealm.createObjectWithOptions(DefaultRealm.java:329)
... 22 more
Caused by: org.wso2.carbon.user.core.UserStoreException: Admin user can not be created in primary user store. User store is read only. Please pick a user name which is exist in the primary user store as Admin user
at org.wso2.carbon.user.core.common.AbstractUserStoreManager.addInitialAdminData(AbstractUserStoreManager.java:3206)
at org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager.(ReadOnlyLDAPUserStoreManager.java:166)
at org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager.(ReadOnlyLDAPUserStoreManager.java:97)
... 27 more
I've tried setting AdminRole to 'admins' and 'cn=admins'. Same error either way.
I don't have a ton of experience setting up LDAP servers from scratch, but I think I installed 389-DS correctly.
See my group entry:
ldapsearch -b "cn=Admins,ou=Groups,dc=pcc,dc=edu" -D "cn=Directory
Manager" -W cn=* Enter LDAP Password:
dn: cn=admins,ou=Groups,dc=pcc,dc=edu objectClass: top objectClass:
groupofuniquenames uniqueMember: uid=jwhitene,ou=People,dc=pcc,dc=edu
cn: admins
I am not sure if you are interested in connecting to a ReadOnly LDAP or a read write.
However please make sure the configs are correctly done, and you've followed the steps in the document
[1]https://docs.wso2.com/display/IS500/Configuring+a+Read-only+LDAP+User+Store - for Read Only LDAP user store
[2] https://docs.wso2.com/display/IS500/Configuring+a+Read-write+LDAP+User+Store- for Read/Write LDAP user store
If you have followed these steps correctly, the please post the configuration of your user-mgt.xml with the full configuration of the user store, mention which user store in which mode you would want to connect, and please also copy the server error message you get from the wso2carbon.log file you find at repository/logs or the server console.
Regards,
Shani
As per your ldapsearch command result, admin username as jwhitene would solve the startup error.
For example :
<AdminUser>
<UserName>jwhitene</UserName>
<Password>xxxxxxxx</Password>
</AdminUser>
Explanation :
If you are connecting to read only userstore, Admin user should be available in the userstore\ldap.
<AdminUser>
<UserName>cn=Directory Manager</UserName>
<Password>xxxxxxxx</Password>
</AdminUser>
<Property name="UserSearchBase">ou=People,dc=pcc.edu,dc=cp</Property>
<Property name="UserNameAttribute">uid</Property>
As per your ldap configurations quoted above, Identity server will looks for an user under ou=People,dc=pcc.edu,dc=cp directory which have property uid set as value cn=Directory Manager
Basically if there a such user, it would like this,
uid=cn\=Directory Manager,ou=People,dc=pcc.edu,dc=cp
Since you don't have such user, the server complains with that error log and set hold the start up flow.
The user that shown in the ldapsearch command result (uid=jwhitene,ou=People,dc=pcc,dc=edu) will match with above search pattern. Hence putting jwhitene as the admin user will resolve the issue
With help from techs at Ellucian, I just got my system working.
Cause:I had an old version of OpenLDAP that used a different schema that did not match the defaults in the user-mgt.xml file.
Instead of ObjectClass=groupofuniquenames I configured my user-mgt.xml file using ObjectClass=posixGroup (which matches my OpenLDAP schema). I had to change the ObjectClass in a number of places. After that, my instance started up without any more problems.
Related
I am able to connect to Azure Cache for Redis with the following Spring Session configuration:
<bean id="redisPassword" class="org.springframework.data.redis.connection.RedisPassword">
<constructor-arg index="0" value="xxxxxxxxxxxxxxxx"/>
</bean>
<bean id="redisStandaloneConfiguration" class="org.springframework.data.redis.connection.RedisStandaloneConfiguration">
<property name="hostName" value="acmedev.redis.cache.windows.net"/>
<property name="port" value="6380"/>
<property name="password" ref="redisPassword"/>
</bean>
<context:annotation-config/>
<bean class="org.springframework.session.data.redis.config.annotation.web.http.RedisHttpSessionConfiguration"/>
<bean class="org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory">
<constructor-arg index="0" ref="redisStandaloneConfiguration"/>
</bean>
My app successfully connects:
[lettuce-nioEventLoop-4-1] DEBUG io.lettuce.core.RedisClient - Connecting to Redis at acmedev.redis.cache.windows.net:6380: Success
The app then hangs for a while and I eventually get this error
11:22:54.712 [lettuce-nioEventLoop-4-1] DEBUG io.lettuce.core.protocol.CommandHandler - [channel=0xcf902cd8, /10.1.200.58:53533 -> acmedev.redis.cache.windows.net/52.240.141.200:6380, chid=0x1] Storing exception in connectionError
2020-02-19 11:22:54,713 WARN (org.springframework.context.support.AbstractApplicationContext:558) || - Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'enableRedisKeyspaceNotificationsInitializer' defined in class path resource [org/springframework/session/data/redis/config/annotation/web/http/RedisHttpSessionConfiguration.class]: Invocation of init method failed; nested exception is org.springframework.data.redis.RedisConnectionFailureException: Unable to connect to Redis; nested exception is io.lettuce.core.RedisConnectionException: Unable to connect to acmedev.redis.cache.windows.net:6380
11:22:54.719 [RMI TCP Connection(3)-127.0.0.1] DEBUG io.lettuce.core.RedisClient - Initiate shutdown (100, 100, MILLISECONDS)
[lettuce-nioEventLoop-4-1] DEBUG io.lettuce.core.protocol.CommandHandler - [channel=0xcf902cd8, /10.1.200.58:53533 -> acmedev.redis.cache.windows.net/52.240.141.200:6380, chid=0x1] Unexpected exception during request: java.io.IOException: An existing connection was forcibly closed by the remote host
java.io.IOException: An existing connection was forcibly closed by the remote host
at sun.nio.ch.SocketDispatcher.read0(Native Method)
at sun.nio.ch.SocketDispatcher.read(SocketDispatcher.java:43)
at sun.nio.ch.IOUtil.readIntoNativeBuffer(IOUtil.java:223)
at sun.nio.ch.IOUtil.read(IOUtil.java:192)
at sun.nio.ch.SocketChannelImpl.read(SocketChannelImpl.java:380)
at io.netty.buffer.PooledByteBuf.setBytes(PooledByteBuf.java:253)
at io.netty.buffer.AbstractByteBuf.writeBytes(AbstractByteBuf.java:1133)
at io.netty.channel.socket.nio.NioSocketChannel.doReadBytes(NioSocketChannel.java:350)
at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:148)
at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:714)
at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:650)
at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:576)
at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:493)
at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989)
at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
at java.lang.Thread.run(Thread.java:745)
These same beans work just fine when I use redis running on localhost.
What am I doing wrong here?
First of all RedisHttpSessionConfiguration try(by default) enable keyspace notifications. But this is only working for not secured instances.
Docs form class ConfigureNotifyKeyspaceEventsAction
explain why it is work only on localhost:
This strategy will not work if the Redis instance has been properly secured. Instead,
the Redis instance should be configured externally and a Bean of type
ConfigureRedisAction#NO_OP should be exposed.
And also explain how it should be configured to work with secured Redis instance.
Simply use method: RedisHttpSessionConfiguration#setConfigureRedisAction
to set ConfigureRedisAction#NO_OP and then for example in your redis instance call: config set notify-keyspace-events Egx
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:aop="http://www.springframework.org/schema/aop"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:tx="http://www.springframework.org/schema/tx" xmlns:context="http://www.springframework.org/schema/context"
xmlns:util="http://www.springframework.org/schema/util"
xmlns:p="http://www.springframework.org/schema/p"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd
http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-2.0.xsd http://www.springframework.org/schema/context https://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.1.xsd">
.
.
.
<util:constant id="configureRedisAction"
static-field="org.springframework.session.data.redis.config.ConfigureRedisAction.NO_OP"/>
<bean class="org.springframework.session.data.redis.config.annotation.web.http.RedisHttpSessionConfiguration" p:configureRedisAction-ref="configureRedisAction"/>
I followed and used this tutorial:
https://developer.ibm.com/mobilefirstplatform/documentation/getting-started-7-1/foundation/authentication-security/using-ldap-login-module-to-authenticate-users-with-ldap-server-in-hybrid-applications/
I only edit the authenticationConfig.xml and run the application
<loginModule expirationInSeconds="-1" name="LDAPLoginModule">
<className>com.worklight.core.auth.ext.LdapLoginModule</className>
<parameter name="ldapProviderUrl" value="**************"/>
<parameter name="ldapTimeoutMs" value="2000"/>
<parameter name="ldapSecurityAuthentication" value="simple"/>
<parameter name="validationType" value="searchPattern"/>
<parameter name="ldapSecurityPrincipalPattern" value="{username}"/>
<parameter name="ldapSearchFilterPattern" value="(&(objectClass=user)(cn={username})(memberof=CN=******,OU=Clients,O=******))"/>
<parameter name="ldapSearchBase" value="OU=Clients,O=******"/>
</loginModule>
When I press the "Call protected adapter" it goes to LDAP Login Module, and when I entered the user credentials, nothing happens, the password just disappears.
Here's the log:
[WARNING ] FWLSE4014W: LdapLoginModule authentication failed. Reason 'javax.naming.AuthenticationException: [LDAP: error code 49 - 8009030C: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 2030, v1db1
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source)
at org.apache.aries.jndi.ContextHelper.getInitialContextUsingBuilder(ContextHelper.java:244)
at org.apache.aries.jndi.ContextHelper.getContextProvider(ContextHelper.java:208)
at org.apache.aries.jndi.ContextHelper.getInitialContext(ContextHelper.java:141)
at org.apache.aries.jndi.OSGiInitialContextFactoryBuilder.getInitialContext(OSGiInitialContextFactoryBuilder.java:51)
at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
at javax.naming.InitialContext.init(Unknown Source)
at javax.naming.ldap.InitialLdapContext.(Unknown Source)
at com.worklight.core.auth.ext.LdapLoginModule.login(LdapLoginModule.java:158)
at com.worklight.core.auth.impl.LoginContext.invokeLoginModule(LoginContext.java:252)
at com.worklight.core.auth.impl.LoginContext.processRequest(LoginContext.java:217)
at com.worklight.core.auth.impl.AuthenticationContext.processRequest(AuthenticationContext.java:510)
at com.worklight.core.auth.impl.AuthenticationFilter.doFilter(AuthenticationFilter.java:182)
at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:206)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:86)
at com.worklight.analytics.AnalyticsFilter.doFilter(AnalyticsFilter.java:124)
at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:206)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:86)
at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager.java:978)
at com.ibm.ws.webcontainer.filter.WebAppFilterManager.invokeFilters(WebAppFilterManager.java:1100)
at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:4730)
at com.ibm.ws.webcontainer.osgi.DynamicVirtualHost$2.handleRequest(DynamicVirtualHost.java:297)
at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:981)
at com.ibm.ws.webcontainer.osgi.DynamicVirtualHost$2.run(DynamicVirtualHost.java:262)
at com.ibm.ws.http.dispatcher.internal.channel.HttpDispatcherLink$TaskWrapper.run(HttpDispatcherLink.java:955)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
' [project LDAPLoginModule]
[LDAP: error code 49 - 8009030C: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 2030, v1db1
Any idea what seems to be the problem?
According to the exception provided in the error log: LdapLoginModule authentication failed. Reason 'javax.naming.AuthenticationException: [LDAP: error code 49 - 8009030C: LdapErr: DSID-0C0903A9
This may be related to the following: https://social.technet.microsoft.com/Forums/windowsserver/en-US/c98f3569-072a-4677-9b89-635ed2b8dffc/ldap-error-code-49-8009030c-ldaperr-dsid0c0903a9-comment-acceptsecuritycontext-error-data?forum=winserverDS
The error code 49 related to LDAP is caused by the invalid credentials. Please refer to the following most possible causes.
1. The DN path or password which you have specified for the administrator is invalid. Any of the below will result in this error:
1). Pointed to non-user DN
2). Pointed to a non-existent user, but in existing DN
3). Pointed to non existent DN
4). Pointed to an existing user, but non existing DN
5). Pointed to an incorrect admin DN, uid instead of cn
6). Pointed to a non administrator user
7). Pointed to a valid admin but password is incorrect
2. Could not authenticate the user trying to login. This can be the result of an incorrect username or password, or an incorrect prefix and/or suffix specified in the Settings tab, depending on the type of LDAP/AD system. Could also mean the authentication type is incorrect.
I am developing REST web service using Java, jersey, Apache tomcat eclipse.
Every thing seems to work fine till I shut sown my system and go home. Web services are deployed on a server. when i try to access web services next day(after inactivity of 10-12 hours), Server returns 500 error. Once i restart tomcat, everything start working again. Am I missing some configuration?
Hibernate config
<session-factory>
<property name="hibernate.dialect">org.hibernate.dialect.MySQLDialect</property>
<property name="hibernate.connection.driver_class">com.mysql.jdbc.Driver</property>
<property name="hibernate.connection.url">jdbc:mysql://localhost:3306/XYZ</property>
<property name="hibernate.connection.username">aa</property>
<property name="hibernate.connection.password">aa </property>
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5">
<display-name>XYZ</display-name>
<servlet>
<servlet-name>Jersey REST Service</servlet-name>
<servlet-class>com.sun.jersey.spi.container.servlet.ServletContainer</servlet-class>
<init-param>
<param-name>com.sun.jersey.config.server.provider.packages</param-name>
<param-value>com.xyz.services</param-value>
</init-param>
<init-param>
<param-name>com.sun.jersey.spi.container.ContainerResponseFilters</param-name>
<param-value>com.sun.jersey.api.container.filter.LoggingFilter;com.xyz.services.CrossDomainFilter</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Jersey REST Service</servlet-name>
<url-pattern>/rest/*</url-pattern>
</servlet-mapping>
</web-app>
Stacktrace:
: SQL Error: 0, SQLState: 08003
Apr 13, 2015 12:49:21 AM org.hibernate.engine.jdbc.spi.SqlExceptionHelper logExceptions
ERROR: No operations allowed after connection closed.
Apr 13, 2015 12:49:21 AM com.sun.jersey.spi.container.ContainerResponse mapMappableContainerException
SEVERE: The RuntimeException could not be mapped to a response, re-throwing to the HTTP container
org.hibernate.TransactionException: rollback failed
at org.hibernate.engine.transaction.spi.AbstractTransactionImpl.rollback(AbstractTransactionImpl.java:217)
at com.stayprime.services.DBConnection.checkLogin(DBConnection.java:1741)
at com.stayprime.services.DBConnection.getUser(DBConnection.java:773)
at com.stayprime.services.UserManagement.getUser(UserManagement.java:109)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at com.sun.jersey.spi.container.JavaMethodInvokerFactory$1.invoke(JavaMethodInvokerFactory.java:60)
at com.sun.jersey.server.impl.model.method.dispatch.AbstractResourceMethodDispatchProvider$TypeOutInvoker._dispatch(AbstractResourceMethodDispatchProvider.java:185)
at com.sun.jersey.server.impl.model.method.dispatch.ResourceJavaMethodDispatcher.dispatch(ResourceJavaMethodDispatcher.java:75)
at com.sun.jersey.server.impl.uri.rules.HttpMethodRule.accept(HttpMethodRule.java:302)
at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147)
at com.sun.jersey.server.impl.uri.rules.ResourceClassRule.accept(ResourceClassRule.java:108)
at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147)
at com.sun.jersey.server.impl.uri.rules.RootResourceClassesRule.accept(RootResourceClassesRule.java:84)
at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1542)
at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1473)
at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1419)
at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1409)
at com.sun.jersey.spi.container.servlet.WebComponent.service(WebComponent.java:409)
at com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:540)
at com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:715)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1070)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:314)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
Caused by: org.hibernate.TransactionException: unable to rollback against JDBC connection
at org.hibernate.engine.transaction.internal.jdbc.JdbcTransaction.doRollback(JdbcTransaction.java:167)
at org.hibernate.engine.transaction.spi.AbstractTransactionImpl.rollback(AbstractTransactionImpl.java:211)
... 40 more
Caused by: com.mysql.jdbc.exceptions.jdbc4.MySQLNonTransientConnectionException: No operations allowed after connection closed.
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:526)
at com.mysql.jdbc.Util.handleNewInstance(Util.java:377)
at com.mysql.jdbc.Util.getInstance(Util.java:360)
at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:956)
at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:935)
at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:924)
at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:870)
at com.mysql.jdbc.ConnectionImpl.throwConnectionClosedException(ConnectionImpl.java:1232)
at com.mysql.jdbc.ConnectionImpl.checkClosed(ConnectionImpl.java:1225)
at com.mysql.jdbc.ConnectionImpl.rollback(ConnectionImpl.java:4568)
at org.hibernate.engine.transaction.internal.jdbc.JdbcTransaction.doRollback(JdbcTransaction.java:163)
... 41 more
Caused by: com.mysql.jdbc.exceptions.jdbc4.CommunicationsException: The last packet successfully received from the server was 60,162,060 milliseconds ago. The last packet sent successfully to the server was 60,162,060 milliseconds ago. is longer than the server configured value of 'wait_timeout'. You should consider either expiring and/or testing connection validity before use in your application, increasing the server configured values for client timeouts, or using the Connector/J connection property 'autoReconnect=true' to avoid this problem.
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:526)
at com.mysql.jdbc.Util.handleNewInstance(Util.java:377)
at com.mysql.jdbc.SQLError.createCommunicationsException(SQLError.java:1036)
at com.mysql.jdbc.MysqlIO.send(MysqlIO.java:3661)
at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:2417)
at com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:2582)
at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2530)
at com.mysql.jdbc.PreparedStatement.executeInternal(PreparedStatement.java:1907)
at com.mysql.jdbc.PreparedStatement.executeQuery(PreparedStatement.java:2030)
at org.hibernate.engine.jdbc.internal.ResultSetReturnImpl.extract(ResultSetReturnImpl.java:82)
at org.hibernate.loader.Loader.getResultSet(Loader.java:2066)
at org.hibernate.loader.Loader.executeQueryStatement(Loader.java:1863)
at org.hibernate.loader.Loader.executeQueryStatement(Loader.java:1839)
at org.hibernate.loader.Loader.doQuery(Loader.java:910)
at org.hibernate.loader.Loader.doQueryAndInitializeNonLazyCollections(Loader.java:355)
at org.hibernate.loader.Loader.doList(Loader.java:2554)
at org.hibernate.loader.Loader.doList(Loader.java:2540)
at org.hibernate.loader.Loader.listIgnoreQueryCache(Loader.java:2370)
at org.hibernate.loader.Loader.list(Loader.java:2365)
at org.hibernate.loader.criteria.CriteriaLoader.list(CriteriaLoader.java:126)
at org.hibernate.internal.SessionImpl.list(SessionImpl.java:1682)
at org.hibernate.internal.CriteriaImpl.list(CriteriaImpl.java:380)
at org.hibernate.internal.CriteriaImpl.uniqueResult(CriteriaImpl.java:402)
at com.stayprime.services.DBConnection.checkLogin(DBConnection.java:1730)
... 39 more
Caused by: java.net.SocketException: Broken pipe
at java.net.SocketOutputStream.socketWrite0(Native Method)
at java.net.SocketOutputStream.socketWrite(SocketOutputStream.java:113)
at java.net.SocketOutputStream.write(SocketOutputStream.java:159)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)
at com.mysql.jdbc.MysqlIO.send(MysqlIO.java:3643)
... 59 more
Your SQL State 08003 sugests that the "connection does not exist".
Probably you have a bad configuration in the hibernate (a timeout or something)
Check it please!
I'm trying to setup a new WSO2IS 4.1.0 server and connect it back to an OpenLDAP server. Our server requires an SSL connection.
When I configure the connection to be an LDAPS connection I'm unable to verify the certificate (yes the root CA is in the trust store). If I don't set the connection to LDAPS then it fails to attempt a StartTLS. I have verified that my connection account works and the LDAP server has a commercially issued certificate (don't let the example.com domain fool you, I scrubbed) with the root CA listed in the client-truststore.jks
Any help in figuring this out would be appreciated!
Here's my current configuration segment for the LDAP configuration
<UserStoreManager class="org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager">
<Property name="ConnectionURL">ldaps://ldapserver.example.com:636</Property>
<!--Property name="ConnectionURL">ldap://ldapserver.example.com:389</Property-->
<Property name="ConnectionName">uid=wso2,dc=example,dc=com</Property>
<Property name="ConnectionPassword">awesomepassword</Property>
<Property name="passwordHashMethod">SHA</Property>
<Property name="UserNameListFilter">(objectClass=person)</Property>
<Property name="UserEntryObjectClass">inetOrgPerson</Property>
<Property name="UserSearchBase">ou=Users,dc=opendaylight,dc=org</Property>
<Property name="UserNameSearchFilter">(&(objectClass=person)(uid=?))</Property>
<Property name="UserNameAttribute">uid</Property>
<Property name="UsernameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
<Property name="UsernameJavaScriptRegEx">^[\\S]{3,30}$</Property>
<Property name="RolenameJavaScriptRegEx">^[\\S]{3,30}$</Property>
<Property name="RolenameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
<Property name="PasswordJavaScriptRegEx">^[\\S]{5,30}$</Property>
<Property name="ReadLDAPGroups">true</Property>
<Property name="WriteLDAPGroups">true</Property>
<Property name="EmptyRolesAllowed">false</Property>
<Property name="GroupSearchBase">ou=Groups,dc=example,dc=com</Property>
<Property name="GroupNameListFilter">(objectClass=groupOfNames)</Property>
<Property name="GroupEntryObjectClass">groupOfNames</Property>
<Property name="GroupNameSearchFilter">(&(objectClass=groupOfNames)(cn=?))</Property>
<Property name="GroupNameAttribute">cn</Property>
<Property name="MembershipAttribute">member</Property>
<Property name="UserRolesCacheEnabled">true</Property>
<Property name="ReplaceEscapeCharactersAtUserLogin">true</Property>
<Property name="maxFailedLoginAttempt">0</Property>
</UserStoreManager>
Here's a portion of the server log
[2013-02-28 03:48:32,380] INFO {org.wso2.carbon.core.internal.CarbonCoreActivator} - Starting WSO2 Carbon...
[2013-02-28 03:48:32,383] INFO {org.wso2.carbon.core.internal.CarbonCoreActivator} - Operating System : Linux 2.6.32-358.el6.x86_64, amd64
[2013-02-28 03:48:32,383] INFO {org.wso2.carbon.core.internal.CarbonCoreActivator} - Java Home : /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.9.x86_64/jre
[2013-02-28 03:48:32,383] INFO {org.wso2.carbon.core.internal.CarbonCoreActivator} - Java Version : 1.7.0_09-icedtea
[2013-02-28 03:48:32,383] INFO {org.wso2.carbon.core.internal.CarbonCoreActivator} - Java VM : OpenJDK 64-Bit Server VM 23.7-b01,Oracle Corporation
[2013-02-28 03:48:32,383] INFO {org.wso2.carbon.core.internal.CarbonCoreActivator} - Carbon Home : /opt/wso2is/wso2is
[2013-02-28 03:48:32,384] INFO {org.wso2.carbon.core.internal.CarbonCoreActivator} - Java Temp Dir : /opt/wso2is/wso2is/tmp
[2013-02-28 03:48:32,384] INFO {org.wso2.carbon.core.internal.CarbonCoreActivator} - User : wso2is, en-US, Zulu
[2013-02-28 03:48:32,416] WARN {org.wso2.carbon.core.bootup.validator.SystemValidator} - Could not validate the system for configuration parameter : CPU
[2013-02-28 03:48:32,417] WARN {org.wso2.carbon.core.bootup.validator.util.ValidationResultPrinter} - Maximum free Disk Space (MB): 665 of the system is below the recommended minimum size :1024
[2013-02-28 03:48:32,427] INFO {org.wso2.carbon.databridge.agent.thrift.AgentHolder} - Agent created !
[2013-02-28 03:48:32,446] INFO {org.wso2.carbon.databridge.agent.thrift.internal.AgentDS} - Successfully deployed Agent Client
[2013-02-28 03:48:32,515] INFO {org.wso2.carbon.identity.authenticator.iwa.ui.internal.Activator} - Integrated Windows Authenticator enabled in the system
[2013-02-28 03:48:32,581] INFO {org.wso2.carbon.ldap.server.DirectoryActivator} - Embedded LDAP is disabled.
[2013-02-28 03:48:34,547] ERROR {org.wso2.carbon.user.core.ldap.LDAPConnectionContext} - Error obtaining connection. simple bind failed: ldapserver.example.com:636
javax.naming.CommunicationException: simple bind failed: ldapserver.example.com:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:215)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2740)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:316)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:193)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:211)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:154)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:84)
at org.wso2.carbon.context.internal.CarbonContextDataHolder$CarbonInitialJNDIContextFactory.getInitialContext(CarbonContextDataHolder.java:834)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:307)
at javax.naming.InitialContext.init(InitialContext.java:242)
at javax.naming.InitialContext.<init>(InitialContext.java:216)
at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:101)
at org.wso2.carbon.user.core.ldap.LDAPConnectionContext.getContext(LDAPConnectionContext.java:114)
at org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager.<init>(ReadWriteLDAPUserStoreManager.java:133)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:525)
at org.wso2.carbon.user.core.common.DefaultRealm.createObjectWithOptions(DefaultRealm.java:225)
at org.wso2.carbon.user.core.common.DefaultRealm.initializeObjects(DefaultRealm.java:147)
at org.wso2.carbon.user.core.common.DefaultRealm.init(DefaultRealm.java:113)
at org.wso2.carbon.user.core.common.DefaultRealmService.initializeRealm(DefaultRealmService.java:223)
at org.wso2.carbon.user.core.common.DefaultRealmService.<init>(DefaultRealmService.java:103)
at org.wso2.carbon.user.core.common.DefaultRealmService.<init>(DefaultRealmService.java:116)
at org.wso2.carbon.user.core.internal.Activator.startDeploy(Activator.java:67)
at org.wso2.carbon.user.core.internal.BundleCheckActivator.start(BundleCheckActivator.java:61)
at org.eclipse.osgi.framework.internal.core.BundleContextImpl$1.run(BundleContextImpl.java:711)
at java.security.AccessController.doPrivileged(Native Method)
at org.eclipse.osgi.framework.internal.core.BundleContextImpl.startActivator(BundleContextImpl.java:702)
at org.eclipse.osgi.framework.internal.core.BundleContextImpl.start(BundleContextImpl.java:683)
at org.eclipse.osgi.framework.internal.core.BundleHost.startWorker(BundleHost.java:381)
at org.eclipse.osgi.framework.internal.core.AbstractBundle.resume(AbstractBundle.java:389)
at org.eclipse.osgi.framework.internal.core.Framework.resumeBundle(Framework.java:1130)
at org.eclipse.osgi.framework.internal.core.StartLevelManager.resumeBundles(StartLevelManager.java:559)
at org.eclipse.osgi.framework.internal.core.StartLevelManager.resumeBundles(StartLevelManager.java:544)
at org.eclipse.osgi.framework.internal.core.StartLevelManager.incFWSL(StartLevelManager.java:457)
at org.eclipse.osgi.framework.internal.core.StartLevelManager.doSetStartLevel(StartLevelManager.java:243)
at org.eclipse.osgi.framework.internal.core.StartLevelManager.dispatchEvent(StartLevelManager.java:438)
at org.eclipse.osgi.framework.internal.core.StartLevelManager.dispatchEvent(StartLevelManager.java:1)
at org.eclipse.osgi.framework.eventmgr.EventManager.dispatchEvent(EventManager.java:230)
at org.eclipse.osgi.framework.eventmgr.EventManager$EventThread.run(EventManager.java:340)
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1886)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1341)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:153)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:804)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:882)
at sun.security.ssl.AppInputStream.read(AppInputStream.java:102)
at java.io.BufferedInputStream.fill(BufferedInputStream.java:235)
at java.io.BufferedInputStream.read1(BufferedInputStream.java:275)
at java.io.BufferedInputStream.read(BufferedInputStream.java:334)
at com.sun.jndi.ldap.Connection.run(Connection.java:849)
at java.lang.Thread.run(Thread.java:722)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
at sun.security.validator.Validator.validate(Validator.java:260)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1323)
... 12 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:196)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380)
... 18 more
[2013-02-28 03:48:34,556] ERROR {org.wso2.carbon.user.core.ldap.LDAPConnectionContext} - Trying again to get connection.
Here's what I get if I switch it up to the plain ldap connectionURL
[2013-02-28 04:22:21,491] INFO {org.wso2.carbon.core.internal.CarbonCoreActivator} - Starting WSO2 Carbon...
[2013-02-28 04:22:21,494] INFO {org.wso2.carbon.core.internal.CarbonCoreActivator} - Operating System : Linux 2.6.32-358.el6.x86_64, amd64
[2013-02-28 04:22:21,494] INFO {org.wso2.carbon.core.internal.CarbonCoreActivator} - Java Home : /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.9.x86_64/jre
[2013-02-28 04:22:21,494] INFO {org.wso2.carbon.core.internal.CarbonCoreActivator} - Java Version : 1.7.0_09-icedtea
[2013-02-28 04:22:21,494] INFO {org.wso2.carbon.core.internal.CarbonCoreActivator} - Java VM : OpenJDK 64-Bit Server VM 23.7-b01,Oracle Corporation
[2013-02-28 04:22:21,494] INFO {org.wso2.carbon.core.internal.CarbonCoreActivator} - Carbon Home : /opt/wso2is/wso2is
[2013-02-28 04:22:21,494] INFO {org.wso2.carbon.core.internal.CarbonCoreActivator} - Java Temp Dir : /opt/wso2is/wso2is/tmp
[2013-02-28 04:22:21,494] INFO {org.wso2.carbon.core.internal.CarbonCoreActivator} - User : wso2is, en-US, Zulu
[2013-02-28 04:22:21,524] WARN {org.wso2.carbon.core.bootup.validator.SystemValidator} - Could not validate the system for configuration parameter : CPU
[2013-02-28 04:22:21,525] WARN {org.wso2.carbon.core.bootup.validator.util.ValidationResultPrinter} - Maximum free Disk Space (MB): 665 of the system is below the recommended minimum size :1024
[2013-02-28 04:22:21,541] INFO {org.wso2.carbon.databridge.agent.thrift.AgentHolder} - Agent created !
[2013-02-28 04:22:21,562] INFO {org.wso2.carbon.databridge.agent.thrift.internal.AgentDS} - Successfully deployed Agent Client
[2013-02-28 04:22:21,624] INFO {org.wso2.carbon.identity.authenticator.iwa.ui.internal.Activator} - Integrated Windows Authenticator enabled in the system
[2013-02-28 04:22:22,711] INFO {org.wso2.carbon.ldap.server.DirectoryActivator} - Embedded LDAP is disabled.
[2013-02-28 04:22:27,432] ERROR {org.wso2.carbon.user.core.ldap.LDAPConnectionContext} - Error obtaining connection. [LDAP: error code 13 - confidentiality required]
javax.naming.AuthenticationNotSupportedException: [LDAP: error code 13 - confidentiality required]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3078)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3033)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2835)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2749)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:316)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:193)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:211)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:154)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:84)
at org.wso2.carbon.context.internal.CarbonContextDataHolder$CarbonInitialJNDIContextFactory.getInitialContext(CarbonContextDataHolder.java:834)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:307)
at javax.naming.InitialContext.init(InitialContext.java:242)
at javax.naming.InitialContext.<init>(InitialContext.java:216)
at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:101)
at org.wso2.carbon.user.core.ldap.LDAPConnectionContext.getContext(LDAPConnectionContext.java:114)
at org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager.<init>(ReadWriteLDAPUserStoreManager.java:133)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:525)
at org.wso2.carbon.user.core.common.DefaultRealm.createObjectWithOptions(DefaultRealm.java:225)
at org.wso2.carbon.user.core.common.DefaultRealm.initializeObjects(DefaultRealm.java:147)
at org.wso2.carbon.user.core.common.DefaultRealm.init(DefaultRealm.java:113)
at org.wso2.carbon.user.core.common.DefaultRealmService.initializeRealm(DefaultRealmService.java:223)
at org.wso2.carbon.user.core.common.DefaultRealmService.<init>(DefaultRealmService.java:103)
at org.wso2.carbon.user.core.common.DefaultRealmService.<init>(DefaultRealmService.java:116)
at org.wso2.carbon.user.core.internal.Activator.startDeploy(Activator.java:67)
at org.wso2.carbon.user.core.internal.BundleCheckActivator.start(BundleCheckActivator.java:61)
at org.eclipse.osgi.framework.internal.core.BundleContextImpl$1.run(BundleContextImpl.java:711)
at java.security.AccessController.doPrivileged(Native Method)
at org.eclipse.osgi.framework.internal.core.BundleContextImpl.startActivator(BundleContextImpl.java:702)
at org.eclipse.osgi.framework.internal.core.BundleContextImpl.start(BundleContextImpl.java:683)
at org.eclipse.osgi.framework.internal.core.BundleHost.startWorker(BundleHost.java:381)
at org.eclipse.osgi.framework.internal.core.AbstractBundle.resume(AbstractBundle.java:389)
at org.eclipse.osgi.framework.internal.core.Framework.resumeBundle(Framework.java:1130)
at org.eclipse.osgi.framework.internal.core.StartLevelManager.resumeBundles(StartLevelManager.java:559)
at org.eclipse.osgi.framework.internal.core.StartLevelManager.resumeBundles(StartLevelManager.java:544)
at org.eclipse.osgi.framework.internal.core.StartLevelManager.incFWSL(StartLevelManager.java:457)
at org.eclipse.osgi.framework.internal.core.StartLevelManager.doSetStartLevel(StartLevelManager.java:243)
at org.eclipse.osgi.framework.internal.core.StartLevelManager.dispatchEvent(StartLevelManager.java:438)
at org.eclipse.osgi.framework.internal.core.StartLevelManager.dispatchEvent(StartLevelManager.java:1)
at org.eclipse.osgi.framework.eventmgr.EventManager.dispatchEvent(EventManager.java:230)
at org.eclipse.osgi.framework.eventmgr.EventManager$EventThread.run(EventManager.java:340)
[2013-02-28 04:22:27,437] ERROR {org.wso2.carbon.user.core.ldap.LDAPConnectionContext} - Trying again to get connection.
Try adding the CA cert to repository/resources/security/wso2carbon.jks and if your cert has any intermediate signers, you may also need to import the whole chain as a single entry.
I'm trying to target the following :
using the WebDav or throw the Alfresco (Community): Current version 3.4.0 (d 3370) schema 4113 Admin interface, I'm trying to upload a Microsoft Office 2003/2007 or an OpenOffice/LibreOffice document into the Alfresco repository and with a rule associated to the node in question, convert the documents into a PDFs format.
The Alfresco instance is running on WnXP, LibreOffice is running as a headless instance on a CentOS 6.4
I followed the links cited here after to add OpenOffice support to my Alfresco instance but seems to don't work actually. I have an exception when the rule is trying to start.
Links :
http://wiki.alfresco.com/wiki/Setting_up_OpenOffice_for_Alfresco
Exception :
ERROR;04/10/2012 16:48:55;;;[Utils];Failed to create content due to error: 09040000 Exception in Transaction.
org.alfresco.error.AlfrescoRuntimeException: 09040000 Exception in Transaction.
at org.alfresco.repo.transaction.RetryingTransactionHelper.doInTransaction(RetryingTransactionHelper.java:466)
at org.alfresco.web.bean.dialog.BaseDialogBean.finish(BaseDialogBean.java:124)
at org.alfresco.web.bean.dialog.DialogManager.finish(DialogManager.java:528)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.myfaces.el.MethodBindingImpl.invoke(MethodBindingImpl.java:132)
at org.apache.myfaces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:61)
at javax.faces.component.UICommand.broadcast(UICommand.java:109)
at javax.faces.component.UIViewRoot._broadcastForPhase(UIViewRoot.java:97)
at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:171)
at org.apache.myfaces.lifecycle.InvokeApplicationExecutor.execute(InvokeApplicationExecutor.java:32)
at org.apache.myfaces.lifecycle.LifecycleImpl.executePhase(LifecycleImpl.java:95)
at org.apache.myfaces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:70)
at javax.faces.webapp.FacesServlet.service(FacesServlet.java:139)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.alfresco.web.app.servlet.AuthenticationFilter.doFilter(AuthenticationFilter.java:104)
at sun.reflect.GeneratedMethodAccessor416.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.alfresco.repo.management.subsystems.ChainingSubsystemProxyFactory$1.invoke(ChainingSubsystemProxyFactory.java:116)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
at $Proxy232.doFilter(Unknown Source)
at org.alfresco.repo.web.filter.beans.BeanProxyFilter.doFilter(BeanProxyFilter.java:82)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.alfresco.repo.web.filter.beans.NullFilter.doFilter(NullFilter.java:68)
at sun.reflect.GeneratedMethodAccessor416.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.alfresco.repo.management.subsystems.ChainingSubsystemProxyFactory$1.invoke(ChainingSubsystemProxyFactory.java:116)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)Caused by: java.lang.StackOverflowError
at org.springframework.beans.factory.support.AbstractBeanFactory.transformedBeanName(AbstractBeanFactory.java:951)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:229)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:193)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:265)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:189)
at org.springframework.context.support.AbstractApplicationContext.getBean(AbstractApplicationContext.java:1004)
at org.alfresco.repo.management.subsystems.SubsystemProxyFactory$1.invoke(SubsystemProxyFactory.java:69)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
at $Proxy98.isConnected(Unknown Source)
My configuration :
tomcat/shared/classes/alfresco-global.properties
module.id=org.alfresco.remoteOpenOffice
module.version=0.1
module.title=Remote OpenOffice
module.repo.version.min=2.2
ooo.host=192.168.14.67
ooo.port=8100
ooo.enabled=true
tomcat/shared/classes/alfresco/extension/remote-openoffice-context.xml
<bean id="openOfficeConnection" class="net.sf.jooreports.openoffice.connection.SocketOpenOfficeConnection">
<constructor-arg type="java.lang.String" value="192.168.14.67"/>
<constructor-arg type="int" value="8100"/>
</bean>
<bean id="transformer.OpenOffice" class="org.alfresco.repo.content.transform.RemoteOpenOfficeContentTransformer" parent="baseContentTransformer" >
<property name="connection">
<ref bean="openOfficeConnection" />
</property>
<property name="documentFormatsConfiguration">
<value>classpath:alfresco/mimetype/openoffice-document-formats.xml</value>
</property>
</bean>
and added tomcat/shared/classes/alfresco/mimetype/openoffice-document-formats.xml
there are no firewall between the Alfresco host and the openOffice host
Thanks in advance
StackOverflowError is normally caused by endless (or at least excessive) recursion. Since you mention a Rule, is it possible that the outcome of your Rule (e.g. modifying or creating a node) triggers the Rule again, causing an endless sequence?
What exactly is the Rule you are using? Does it trigger upon any mimetype, or just a Word document, for example?
Is there just a single Rule on that folder, or several?