Magnolia CMS通过LDAP与Active连接
Magnolia CMS通过LDAP与Active连接
提问于 2016-11-09 15:12:21
我能够使用LDAP服务器对用户进行身份验证,但无法获得LDAP中提供给用户的组详细信息,因此无法登录到Magnolia Admin Central。
有谁能指点我一下吗?
下面是我使用的配置文件:
JASS.CONFIG
magnolia {
info.magnolia.jaas.sp.jcr.JCRAuthenticationModule optional;
info.magnolia.jaas.sp.ldap.LDAPAuthenticationModule requisite
skip_on_previous_success=true;
info.magnolia.jaas.sp.jcr.JCRAuthorizationModule required;
};LDAP.Properties:
#Initial factory class
java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
# LDAP url
java.naming.provider.url=ldap://localhost:1389/
java.naming.security.principal=uid=admin,ou=system
java.naming.security.credentials=xxxxxx
java.naming.security.authentication=simple
initialSearchAttributes=dc=xyz,dc=co,dc=uk
Organization=o
OrganizationUnit=ou
CommonName=cn
Surname=sn
GivenName=givenname
uid=uid
dn=dn
mail=mail
Password=userPassword
Language=language
roleResolverClass=info.magnolia.jaas.sp.ldap.resolver.MagnoliaRoleResolver
groupResolverClass=info.magnolia.jaas.sp.ldap.resolver.OpenLDAPGroupResolver
groupSearchContext=ou=groups,o=xyz,dc=xyz,dc=co,dc=uk
groupSearchFilter=(&(objectClass=groupOfNames)(member=member))
groupMembershipAttributeValue=dn
GroupId=cn我在magnolia.properties中添加了配置好的magnolia.properties,并创建了一个用户管理器“外部”,这是在厚朴的文档中定义的,除此之外,我还没有在magnolia管理中心做任何更改。
在使用文档中提供的LDAP-Tester jar时,我能够连接到LDAP,但不返回任何组。
木兰调试日志
DEBUG info.magnolia.cms.security.auth.login.FormLogin 16.11.2016 13:57:26 -- handle login for pagrawa
DEBUG info.magnolia.jaas.sp.jcr.JCRAuthenticationModule 16.11.2016 13:57:26 -- initializing user pagrawa
DEBUG info.magnolia.jaas.sp.jcr.JCRAuthenticationModule 16.11.2016 13:57:26 -- getting user manager for realm all
DEBUG info.magnolia.context.AbstractRepositoryStrategy 16.11.2016 13:57:26 -- creating jcr session users by thread http-bio-8080-exec-3
DEBUG info.magnolia.cms.core.MagnoliaAccessProvider 16.11.2016 13:57:26 -- getEditor(session-admin-452)
DEBUG info.magnolia.cms.core.MagnoliaAccessProvider 16.11.2016 13:57:26 -- compile permissions for admin[info.magnolia.jaas.sp.jcr.MagnoliaJRAdminPrincipal] at users
DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 13:57:26 -- Executing query "select * from [mgnl:user] where name() = 'pagrawa' and isdescendantnode(['/system'])".
DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 13:57:26 -- Retrieving node took 1ms (isInstallationPhase: false): path = <null>
DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 13:57:26 -- Could not find principal node 'pagrawa' of primary type 'mgnl:user' under startnode '/system' in workspace 'users'.
DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 13:57:26 -- Executing query "select * from [mgnl:user] where name() = 'pagrawa' and isdescendantnode(['/admin'])".
DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 13:57:26 -- Retrieving node took 1ms (isInstallationPhase: false): path = <null>
DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 13:57:26 -- Could not find principal node 'pagrawa' of primary type 'mgnl:user' under startnode '/admin' in workspace 'users'.
DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 13:57:26 -- Executing query "select * from [mgnl:user] where name() = 'pagrawa' and isdescendantnode(['/public'])".
DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 13:57:26 -- Retrieving node took 2ms (isInstallationPhase: false): path = <null>
DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 13:57:26 -- Could not find principal node 'pagrawa' of primary type 'mgnl:user' under startnode '/public' in workspace 'users'.
DEBUG info.magnolia.jaas.sp.ldap.LDAPUtils 16.11.2016 13:57:26 -- JNDI config file [WEB-INF/config/ldap.properties] defined under key [jndi.ldap.config.ldap] will be used.
DEBUG info.magnolia.jaas.sp.ldap.ConnectionFactory 16.11.2016 13:57:26 -- Trying to log in as uid=admin,ou=system with a password.
DEBUG info.magnolia.jaas.sp.ldap.ConnectionFactory 16.11.2016 13:57:26 -- Successful initialization dirContext.
DEBUG info.magnolia.jaas.sp.ldap.resolver.OpenLDAPGroupResolver 16.11.2016 13:57:26 -- Searching groups for pagrawa with: (&(objectClass=groupOfNames)(member=member))
DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 13:57:26 -- Executing query "select * from [mgnl:user] where name() = 'pagrawa' and isdescendantnode(['/admin'])".
DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 13:57:26 -- Retrieving node took 1ms (isInstallationPhase: false): path = <null>
DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 13:57:26 -- Could not find principal node 'pagrawa' of primary type 'mgnl:user' under startnode '/admin' in workspace 'users'.
DEBUG info.magnolia.jaas.sp.ldap.resolver.MagnoliaRoleResolver 16.11.2016 13:57:26 -- LDAP User pagrawa doesn't exist in magnolia repository. Create this user in admin realm and attach to him appropriate groups/roles. If you want get groups/roles attached to this user directly from ldap/ad use OpenLDAPGroupResolver/ADGroupResolver.
DEBUG info.magnolia.jaas.sp.jcr.JCRAuthenticationModule 16.11.2016 13:57:26 -- initialized user pagrawa in 85ms
DEBUG info.magnolia.jaas.sp.jcr.JCRAuthenticationModule 16.11.2016 13:57:26 -- initializing user pagrawa
DEBUG info.magnolia.jaas.sp.jcr.JCRAuthenticationModule 16.11.2016 13:57:26 -- getting user manager for realm all
DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 13:57:26 -- Executing query "select * from [mgnl:user] where name() = 'pagrawa' and isdescendantnode(['/system'])".
DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 13:57:26 -- Retrieving node took 1ms (isInstallationPhase: false): path = <null>
DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 13:57:26 -- Could not find principal node 'pagrawa' of primary type 'mgnl:user' under startnode '/system' in workspace 'users'.
DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 13:57:26 -- Executing query "select * from [mgnl:user] where name() = 'pagrawa' and isdescendantnode(['/admin'])".
DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 13:57:26 -- Retrieving node took 0ms (isInstallationPhase: false): path = <null>
DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 13:57:26 -- Could not find principal node 'pagrawa' of primary type 'mgnl:user' under startnode '/admin' in workspace 'users'.
DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 13:57:26 -- Executing query "select * from [mgnl:user] where name() = 'pagrawa' and isdescendantnode(['/public'])".
DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 13:57:26 -- Retrieving node took 2ms (isInstallationPhase: false): path = <null>
DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 13:57:26 -- Could not find principal node 'pagrawa' of primary type 'mgnl:user' under startnode '/public' in workspace 'users'.
DEBUG info.magnolia.jaas.sp.ldap.LDAPUtils 16.11.2016 13:57:26 -- JNDI config file [WEB-INF/config/ldap.properties] defined under key [jndi.ldap.config.ldap] will be used.
DEBUG info.magnolia.jaas.sp.ldap.ConnectionFactory 16.11.2016 13:57:26 -- Trying to log in as uid=admin,ou=system with a password.
DEBUG info.magnolia.jaas.sp.ldap.ConnectionFactory 16.11.2016 13:57:26 -- Successful initialization dirContext.
DEBUG info.magnolia.jaas.sp.ldap.resolver.OpenLDAPGroupResolver 16.11.2016 13:57:26 -- Searching groups for pagrawa with: (&(objectClass=groupOfNames)(member=member))
DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 13:57:26 -- Executing query "select * from [mgnl:user] where name() = 'pagrawa' and isdescendantnode(['/admin'])".
DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 13:57:26 -- Retrieving node took 2ms (isInstallationPhase: false): path = <null>
DEBUG info.magnolia.cms.security.RepositoryBackedSecurityManager 16.11.2016 13:57:26 -- Could not find principal node 'pagrawa' of primary type 'mgnl:user' under startnode '/admin' in workspace 'users'.
DEBUG info.magnolia.jaas.sp.ldap.resolver.MagnoliaRoleResolver 16.11.2016 13:57:26 -- LDAP User pagrawa doesn't exist in magnolia repository. Create this user in admin realm and attach to him appropriate groups/roles. If you want get groups/roles attached to this user directly from ldap/ad use OpenLDAPGroupResolver/ADGroupResolver.
DEBUG info.magnolia.jaas.sp.jcr.JCRAuthenticationModule 16.11.2016 13:57:26 -- initialized user pagrawa in 21ms
DEBUG info.magnolia.jaas.sp.ldap.LDAPUtils 16.11.2016 13:57:26 -- JNDI config file [WEB-INF/config/ldap.properties] defined under key [jndi.ldap.config.ldap] will be used.
INFO info.magnolia.jaas.sp.ldap.ConnectionFactory 16.11.2016 13:57:26 -- Trying to log in as cn=prateek,ou=users,o=diligenta,dc=diligenta,dc=co,dc=uk with a password.
DEBUG info.magnolia.jaas.sp.ldap.ConnectionFactory 16.11.2016 13:57:26 -- Login succeeded.
DEBUG info.magnolia.jaas.sp.jcr.JCRAuthorizationModule 16.11.2016 13:57:26 -- Roles: {}
DEBUG info.magnolia.jaas.sp.jcr.JCRAuthorizationModule 16.11.2016 13:57:26 -- Groups: {}
DEBUG info.magnolia.monitoring.SystemMonitor 16.11.2016 13:57:26 -- Memory values: max = 475mb, total = 475mb, free = 48mb -> remaining = 48mb / thresholds = 50mb or 10%
DEBUG info.magnolia.context.RequestAttributeStrategy 16.11.2016 13:57:26 -- Session initialized in order to set attribute 'javax.security.auth.Subject' to 'Subject:
Principal: info.magnolia.cms.security.ExternalUser@3c82d1f9
Principal: info.magnolia.cms.security.Realm$RealmImpl@179a1
Principal: RoleListImpl[name=roles,list=[]]
Principal: GroupListImpl[name=groups,list=[]]
Principal: PrincipalCollectionImpl[name=PrincipalCollection]
'. You should avoid using session when possible!
DEBUG info.magnolia.cms.filters.ContentTypeFilter 16.11.2016 13:57:26 -- Content type for http://localhost:8080/magnoliaAuthor/ is not set, status code of response is 302.
DEBUG info.magnolia.context.AbstractRepositoryStrategy 16.11.2016 13:57:26 -- releasing jcr sessions
DEBUG info.magnolia.context.AbstractRepositoryStrategy 16.11.2016 13:57:26 -- releasing jcr sessions
DEBUG info.magnolia.context.AbstractRepositoryStrategy 16.11.2016 13:57:26 -- logged out jcr session: session-admin-452 by thread http-bio-8080-exec-3
DEBUG info.magnolia.cms.filters.MgnlMainFilter 16.11.2016 13:57:26 -- Handling URI: /magnoliaAuthor/ - Path info: null
DEBUG info.magnolia.context.WebContextImpl 16.11.2016 13:57:26 -- new WebContextImpl() info.magnolia.context.WebContextFactoryImpl$1@1667e673
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter [: not] fired 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote is now 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter [: pattern: /.magnolia] fired 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote is now 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter [: not] fired 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote is now 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter [: pattern: /.magnolia] fired 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote is now 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter [: not] fired 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote is now 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter [: pattern: /.magnolia] fired 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote is now 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter [: not] fired 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote is now 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter [: pattern: /.magnolia] fired 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote is now 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter [admincentralFileUpload: pattern: /.magnolia/admincentral] fired 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote is now 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter [registrationCss: pattern: /.resources/enterprise/css/registration.css] fired 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote is now 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter [registrationImages: pattern: /.resources/enterprise/images/registration/*.gif] fired 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote is now 0
DEBUG info.magnolia.cms.security.auth.login.FormLogin 16.11.2016 13:57:26 -- handle login for null
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter [allButActivationHandler: not pattern: /.magnolia/activation] fired 21
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote is now 21
DEBUG info.magnolia.multisite.filters.MultiSiteFilter 16.11.2016 13:57:26 -- Determined domain as localhost on address 0:0:0:0:0:0:0:1. The assigned site is fallback.
DEBUG info.magnolia.module.site.filters.SiteMergeFilter 16.11.2016 13:57:26 -- There's no variation named 'all'. Serving site 'fallback'.
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter [BypassWhenNotInAdminCentral: not pattern: /.magnolia] fired 10
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote is now 10
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter [BypassWhenNotAuthenticated: not] fired 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter [BypassWhenNoQueryParameters: not] fired 1
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter [BypassWhenVaadinRequest: pattern: /.magnolia/admincentral] fired 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter [dotMagnolia: pattern: /.magnolia] fired 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote is now 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter [resources: pattern: /.resources] fired 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote is now 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter [login: pattern: /.resources/defaultMagnoliaLoginForm] fired 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote is now 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter [logout: pattern: /.magnolia/pages/logout.html] fired 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote is now 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter [adminJavascript: pattern: /.magnolia/pages/javascript.js] fired 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote is now 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter [registrationCss: pattern: /.resources/enterprise/css/registration.css] fired 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote is now 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- voter [registrationImages: pattern: /.resources/enterprise/images/registration/*.gif] fired 0
DEBUG info.magnolia.voting.DefaultVoting 16.11.2016 13:57:26 -- highest vote is now 0
WARN info.magnolia.cms.security.PermissionUtil 16.11.2016 13:57:26 -- no permissions found for [info.magnolia.cms.security.ExternalUser@3c82d1f9]
DEBUG info.magnolia.multisite.filters.SiteUriSecurityFilter 16.11.2016 13:57:26 -- Skipping site permission check for user pagrawa, permission read to access uri / on site fallback
DEBUG info.magnolia.multisite.filters.SiteUriSecurityFilter 16.11.2016 13:57:26 -- User pagrawa has NOT been granted permission read to access uri /
DEBUG info.magnolia.context.AbstractRepositoryStrategy 16.11.2016 13:57:26 -- releasing jcr sessions
DEBUG info.magnolia.context.AbstractRepositoryStrategy 16.11.2016 13:57:26 -- releasing jcr sessions提前感谢
回答 1
Stack Overflow用户
发布于 2016-11-10 13:15:22
最可能的原因是UserManager无法定位。这将指向您的配置中的错误。
我的猜测是,在您的配置文件和木兰配置中,领域名称不匹配。查看文档以获得更多详细信息https://documentation.magnolia-cms.com/display/DOCS/LDAP+Connector+module
确认所有设置都正确后,如果未返回组,请首先检查您配置的DNs是否确实找到了组成员关系,或者UID是否表示成员身份。
如果这不是问题所在,请检查您的groupSearchFilter和/或groupSearchContext配置是否正确。
您还可以尝试获取可以查询LDAP并自行运行这些查询的任何工具,以确保它定位您想要的组以及它们中的成员。
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/40510225
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号