Servicemix 7.0 LDAP and the webconsole

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Servicemix 7.0 LDAP and the webconsole

Mike Tod
I'm working with Servicemix 7.0 and LDAP I have it working for the client but can't seem to get LDAP working on the Webconsole.

Seems like the roles are not working correctly with the web but I have no log's to dig into.

Does anyone have LDAP working with the Web Console?

If so can you give me some tips?

Thanks

Mike Tod
[hidden email]<mailto:[hidden email]>


This communication and any files transmitted with it may contain information that is considered to be confidential, privileged and exempt from disclosure under applicable law. This message is intended for Foundation Medicine-affiliated use and that of the intended recipient only and may contain information that is protected by Foundation Medicine policies and the HIPAA Privacy Rule, 45 CFR § 164.500. This communication is intended solely for the use of intended recipient. If you are not the intended recipient, you are hereby notified that any use, dissemination or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the sender immediately and delete this message immediately. Thank you for your cooperation.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Servicemix 7.0 LDAP and the webconsole

Jean-Baptiste Onofré
All depends the roles you have on LDAP or the role mapping.
Webconsole expects admin as role.

Regards
JB

On Feb 10, 2017, 19:28, at 19:28, Mike Tod <[hidden email]> wrote:

>I'm working with Servicemix 7.0 and LDAP I have it working for the
>client but can't seem to get LDAP working on the Webconsole.
>
>Seems like the roles are not working correctly with the web but I have
>no log's to dig into.
>
>Does anyone have LDAP working with the Web Console?
>
>If so can you give me some tips?
>
>Thanks
>
>Mike Tod
>[hidden email]<mailto:[hidden email]>
>
>
>This communication and any files transmitted with it may contain
>information that is considered to be confidential, privileged and
>exempt from disclosure under applicable law. This message is intended
>for Foundation Medicine-affiliated use and that of the intended
>recipient only and may contain information that is protected by
>Foundation Medicine policies and the HIPAA Privacy Rule, 45 CFR �
>164.500. This communication is intended solely for the use of intended
>recipient. If you are not the intended recipient, you are hereby
>notified that any use, dissemination or copying of this communication
>is strictly prohibited. If you have received this communication in
>error, please notify the sender immediately and delete this message
>immediately. Thank you for your cooperation.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

RE: Servicemix 7.0 LDAP and the webconsole

Mike Tod
I used this as a guide https://access.redhat.com/documentation/en-US/Fuse_ESB_Enterprise/7.1/html/Security_Guide/files/ESBLDAPTutorialConfigAdminAuthz.html

Seemed to work up to the Web part I can't find any specifics on the config.

Thanks

Mike Tod
[hidden email]

-----Original Message-----
From: Jean-Baptiste Onofré [mailto:[hidden email]]
Sent: Friday, February 10, 2017 3:31 PM
To: [hidden email]
Cc: [hidden email]
Subject: Re: Servicemix 7.0 LDAP and the webconsole

All depends the roles you have on LDAP or the role mapping.
Webconsole expects admin as role.

Regards
JB

On Feb 10, 2017, 19:28, at 19:28, Mike Tod <[hidden email]> wrote:

>I'm working with Servicemix 7.0 and LDAP I have it working for the
>client but can't seem to get LDAP working on the Webconsole.
>
>Seems like the roles are not working correctly with the web but I have
>no log's to dig into.
>
>Does anyone have LDAP working with the Web Console?
>
>If so can you give me some tips?
>
>Thanks
>
>Mike Tod
>[hidden email]<mailto:[hidden email]>
>
>
>This communication and any files transmitted with it may contain
>information that is considered to be confidential, privileged and
>exempt from disclosure under applicable law. This message is intended
>for Foundation Medicine-affiliated use and that of the intended
>recipient only and may contain information that is protected by
>Foundation Medicine policies and the HIPAA Privacy Rule, 45 CFR  
>164.500. This communication is intended solely for the use of intended
>recipient. If you are not the intended recipient, you are hereby
>notified that any use, dissemination or copying of this communication
>is strictly prohibited. If you have received this communication in
>error, please notify the sender immediately and delete this message
>immediately. Thank you for your cooperation.

This communication and any files transmitted with it may contain information that is considered to be confidential, privileged and exempt from disclosure under applicable law. This message is intended for Foundation Medicine-affiliated use and that of the intended recipient only and may contain information that is protected by Foundation Medicine policies and the HIPAA Privacy Rule, 45 CFR § 164.500. This communication is intended solely for the use of intended recipient. If you are not the intended recipient, you are hereby notified that any use, dissemination or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the sender immediately and delete this message immediately. Thank you for your cooperation.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

RE: Servicemix 7.0 LDAP and the webconsole

Mike Tod
I have narrowed this issue down a bit I have a local copy of Servicemix 7.0 and Apache DS setup for testing I can authenticate using the client but not the webconsole. I suspect it has to do with the roles configuration.

<?xml version="1.0" encoding="UTF-8"?>
<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
  xmlns:jaas="http://karaf.apache.org/xmlns/jaas/v1.0.0"
  xmlns:ext="http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.0.0">

  <jaas:config name="karaf" rank="1">
    <jaas:module className="org.apache.karaf.jaas.modules.ldap.LDAPLoginModule"
                 flags="required">
      initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
      connection.username=uid=admin,ou=system
      connection.password=secret
      connection.protocol=
      connection.url=ldap://localhost:10389
      user.base.dn=ou=users,ou=system
      user.filter=(uid=%u)
      user.search.subtree=true
      role.base.dn=ou=roles,ou=system
      role.name.attribute=cn
      role.filter=(member:=uid=%u)
      role.search.subtree=true
      authentication=simple
    </jaas:module>
  </jaas:config>
</blueprint>

I'm getting the following error when I enable DEBUG in the security log.

Note the ': N O T   I M P L E M E N T E D   Y E T !] I'm not sure what that’s about I thought this was supported with this release of Servicemix.


2017-02-13 09:40:32,081 | DEBUG |  /system/console | HttpServiceContext               | 212 - org.ops4j.pax.web.pax-web-jetty - 4.3.0 | Handling request for [/system/console] using http context [org.a
pache.felix.webconsole.internal.servlet.OsgiManagerHttpContext@5348f26]
2017-02-13 09:40:32,090 | DEBUG |  /system/console | LDAPLoginModule                  | 116 - org.apache.karaf.jaas.modules - 4.0.8 | Get the user DN.
2017-02-13 09:40:32,111 | DEBUG |  /system/console | LDAPLoginModule                  | 116 - org.apache.karaf.jaas.modules - 4.0.8 | Looking for the user in LDAP with
2017-02-13 09:40:32,111 | DEBUG |  /system/console | LDAPLoginModule                  | 116 - org.apache.karaf.jaas.modules - 4.0.8 |   base DN: ou=users,ou=system
2017-02-13 09:40:32,111 | DEBUG |  /system/console | LDAPLoginModule                  | 116 - org.apache.karaf.jaas.modules - 4.0.8 |   filter: (uid=janedoe)
2017-02-13 09:40:32,114 | DEBUG |  /system/console | LDAPLoginModule                  | 116 - org.apache.karaf.jaas.modules - 4.0.8 | Found the user DN.
2017-02-13 09:40:32,115 | DEBUG |  /system/console | LDAPLoginModule                  | 116 - org.apache.karaf.jaas.modules - 4.0.8 | Bind user (authentication).
2017-02-13 09:40:32,115 | DEBUG |  /system/console | LDAPLoginModule                  | 116 - org.apache.karaf.jaas.modules - 4.0.8 | Set the security principal for uid=janedoe,ou=users,ou=system
2017-02-13 09:40:32,115 | DEBUG |  /system/console | LDAPLoginModule                  | 116 - org.apache.karaf.jaas.modules - 4.0.8 | Binding the user.
2017-02-13 09:40:32,118 | DEBUG |  /system/console | LDAPLoginModule                  | 116 - org.apache.karaf.jaas.modules - 4.0.8 | User janedoe successfully bound.
2017-02-13 09:40:32,121 | DEBUG |  /system/console | LDAPLoginModule                  | 116 - org.apache.karaf.jaas.modules - 4.0.8 | Looking for the user roles in LDAP with
2017-02-13 09:40:32,122 | DEBUG |  /system/console | LDAPLoginModule                  | 116 - org.apache.karaf.jaas.modules - 4.0.8 |   base DN: ou=roles,ou=system
2017-02-13 09:40:32,122 | DEBUG |  /system/console | LDAPLoginModule                  | 116 - org.apache.karaf.jaas.modules - 4.0.8 |   filter: (member:=uid=janedoe)
2017-02-13 09:40:32,126 | ERROR |  /system/console | JaasSecurityProvider             | 224 - org.apache.karaf.webconsole.console - 4.0.8 | General Security Exception
javax.security.auth.login.LoginException: Can't get user janedoe roles: [LDAP: error code 1 - OPERATIONS_ERROR: failed for MessageType : SEARCH_REQUEST
Message ID : 7
    SearchRequest
        baseDn : 'ou=roles,ou=system'
        filter : '(member-false-EXTENSIBLE-null-0x75 0x69 0x64 0x3D 0x6A 0x61 0x6E 0x65 0x64 0x6F 0x65 :[?])'
        scope : whole subtree
        typesOnly : false
        Size Limit : no limit
        Time Limit : no limit
        Deref Aliases : deref Always
        attributes :
org.apache.directory.api.ldap.model.message.SearchRequestImpl@b7e7bbb6    ManageDsaITImpl Control
        Type OID    : '2.16.840.1.113730.3.4.2'
        Criticality : 'false'
'
: N O T   I M P L E M E N T E D   Y E T !]
        at org.apache.karaf.jaas.modules.ldap.LDAPLoginModule.doLogin(LDAPLoginModule.java:157)
        at org.apache.karaf.jaas.modules.ldap.LDAPLoginModule.login(LDAPLoginModule.java:54)
        at org.apache.karaf.jaas.boot.ProxyLoginModule.login(ProxyLoginModule.java:83)[org.apache.karaf.jaas.boot-4.0.8.jar:]
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)[:1.8.0_101]
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)[:1.8.0_101]
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)[:1.8.0_101]
        at java.lang.reflect.Method.invoke(Method.java:498)[:1.8.0_101]
        at javax.security.auth.login.LoginContext.invoke(LoginContext.java:755)[:1.8.0_101]
        at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195)[:1.8.0_101]
        at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682)[:1.8.0_101]
        at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680)[:1.8.0_101]
        at java.security.AccessController.doPrivileged(Native Method)[:1.8.0_101]
        at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)[:1.8.0_101]
        at javax.security.auth.login.LoginContext.login(LoginContext.java:587)[:1.8.0_101]
        at org.apache.felix.webconsole.internal.servlet.JaasSecurityProvider.doAuthenticate(JaasSecurityProvider.java:118)[224:org.apache.karaf.webconsole.console:4.0.8]
        at org.apache.felix.webconsole.internal.servlet.JaasSecurityProvider.authenticate(JaasSecurityProvider.java:184)[224:org.apache.karaf.webconsole.console:4.0.8]
        at org.apache.felix.webconsole.internal.servlet.OsgiManagerHttpContext.handleSecurity(OsgiManagerHttpContext.java:103)[224:org.apache.karaf.webconsole.console:4.0.8]
        at org.ops4j.pax.web.service.jetty.internal.HttpServiceServletHandler.doHandle(HttpServiceServletHandler.java:69)[212:org.ops4j.pax.web.pax-web-jetty:4.3.0]
        at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)[188:org.eclipse.jetty.server:9.2.19.v20160908]
        at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:577)[187:org.eclipse.jetty.security:9.2.19.v20160908]
        at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:223)[188:org.eclipse.jetty.server:9.2.19.v20160908]
        at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127)[188:org.eclipse.jetty.server:9.2.19.v20160908]
        at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doHandle(HttpServiceContext.java:287)[212:org.ops4j.pax.web.pax-web-jetty:4.3.0]
        at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515)[189:org.eclipse.jetty.servlet:9.2.19.v20160908]
        at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)[188:org.eclipse.jetty.server:9.2.19.v20160908]
        at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061)[188:org.eclipse.jetty.server:9.2.19.v20160908]
        at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)[188:org.eclipse.jetty.server:9.2.19.v20160908]
        at org.ops4j.pax.web.service.jetty.internal.JettyServerHandlerCollection.handle(JettyServerHandlerCollection.java:80)[212:org.ops4j.pax.web.pax-web-jetty:4.3.0]
        at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)[188:org.eclipse.jetty.server:9.2.19.v20160908]
        at org.eclipse.jetty.server.Server.handle(Server.java:499)[188:org.eclipse.jetty.server:9.2.19.v20160908]
        at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:311)[188:org.eclipse.jetty.server:9.2.19.v20160908]
        at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257)[188:org.eclipse.jetty.server:9.2.19.v20160908]
        at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:544)[180:org.eclipse.jetty.io:9.2.19.v20160908]
        at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635)[191:org.eclipse.jetty.util:9.2.19.v20160908]
        at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555)[191:org.eclipse.jetty.util:9.2.19.v20160908]
        at java.lang.Thread.run(Thread.java:745)[:1.8.0_101]
2017-02-13 09:40:32,128 | DEBUG |  /system/console | HttpServiceResponseWrapper       | 212 - org.ops4j.pax.web.pax-web-jetty - 4.3.0 | Response status set to [401]


Mike Tod
949-230-5319 direct
[hidden email]

-----Original Message-----
From: Mike Tod [mailto:[hidden email]]
Sent: Friday, February 10, 2017 3:36 PM
To: [hidden email]
Subject: RE: Servicemix 7.0 LDAP and the webconsole

I used this as a guide https://access.redhat.com/documentation/en-US/Fuse_ESB_Enterprise/7.1/html/Security_Guide/files/ESBLDAPTutorialConfigAdminAuthz.html

Seemed to work up to the Web part I can't find any specifics on the config.

Thanks

Mike Tod
[hidden email]

-----Original Message-----
From: Jean-Baptiste Onofré [mailto:[hidden email]]
Sent: Friday, February 10, 2017 3:31 PM
To: [hidden email]
Cc: [hidden email]
Subject: Re: Servicemix 7.0 LDAP and the webconsole

All depends the roles you have on LDAP or the role mapping.
Webconsole expects admin as role.

Regards
JB

On Feb 10, 2017, 19:28, at 19:28, Mike Tod <[hidden email]> wrote:

>I'm working with Servicemix 7.0 and LDAP I have it working for the
>client but can't seem to get LDAP working on the Webconsole.
>
>Seems like the roles are not working correctly with the web but I have
>no log's to dig into.
>
>Does anyone have LDAP working with the Web Console?
>
>If so can you give me some tips?
>
>Thanks
>
>Mike Tod
>[hidden email]<mailto:[hidden email]>
>
>
>This communication and any files transmitted with it may contain
>information that is considered to be confidential, privileged and
>exempt from disclosure under applicable law. This message is intended
>for Foundation Medicine-affiliated use and that of the intended
>recipient only and may contain information that is protected by
>Foundation Medicine policies and the HIPAA Privacy Rule, 45 CFR  
>164.500. This communication is intended solely for the use of intended
>recipient. If you are not the intended recipient, you are hereby
>notified that any use, dissemination or copying of this communication
>is strictly prohibited. If you have received this communication in
>error, please notify the sender immediately and delete this message
>immediately. Thank you for your cooperation.

This communication and any files transmitted with it may contain information that is considered to be confidential, privileged and exempt from disclosure under applicable law. This message is intended for Foundation Medicine-affiliated use and that of the intended recipient only and may contain information that is protected by Foundation Medicine policies and the HIPAA Privacy Rule, 45 CFR § 164.500. This communication is intended solely for the use of intended recipient. If you are not the intended recipient, you are hereby notified that any use, dissemination or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the sender immediately and delete this message immediately. Thank you for your cooperation.

This communication and any files transmitted with it may contain information that is considered to be confidential, privileged and exempt from disclosure under applicable law. This message is intended for Foundation Medicine-affiliated use and that of the intended recipient only and may contain information that is protected by Foundation Medicine policies and the HIPAA Privacy Rule, 45 CFR § 164.500. This communication is intended solely for the use of intended recipient. If you are not the intended recipient, you are hereby notified that any use, dissemination or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the sender immediately and delete this message immediately. Thank you for your cooperation.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

RE: Servicemix 7.0 LDAP and the webconsole

Mike Tod
I found the solution.

It was the roles.filter here's the config for the Apache DS.

<?xml version="1.0" encoding="UTF-8"?>
<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
  xmlns:jaas="http://karaf.apache.org/xmlns/jaas/v1.0.0"
  xmlns:ext="http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.0.0">

  <jaas:config name="karaf" rank="1">
    <jaas:module className="org.apache.karaf.jaas.modules.ldap.LDAPLoginModule"
                 flags="required">
      initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
      connection.username=uid=admin,ou=system
      connection.password=secret
      connection.protocol=
      connection.url=ldap://localhost:10389
      user.base.dn=ou=users,ou=system
      user.filter=(uid=%u)
      user.search.subtree=true
      role.base.dn=ou=roles,ou=system
      role.name.attribute=cn
      role.filter=(&amp;(objectClass=groupOfNames)(member=uid=%u,ou=users,ou=system))
      role.search.subtree=true
      authentication=simple
    </jaas:module>
  </jaas:config>
</blueprint>

Mike Tod
949-230-5319 direct
[hidden email]

-----Original Message-----
From: Mike Tod [mailto:[hidden email]]
Sent: Monday, February 13, 2017 9:47 AM
To: [hidden email]
Subject: RE: Servicemix 7.0 LDAP and the webconsole

I have narrowed this issue down a bit I have a local copy of Servicemix 7.0 and Apache DS setup for testing I can authenticate using the client but not the webconsole. I suspect it has to do with the roles configuration.

<?xml version="1.0" encoding="UTF-8"?>
<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
  xmlns:jaas="http://karaf.apache.org/xmlns/jaas/v1.0.0"
  xmlns:ext="http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.0.0">

  <jaas:config name="karaf" rank="1">
    <jaas:module className="org.apache.karaf.jaas.modules.ldap.LDAPLoginModule"
                 flags="required">
      initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
      connection.username=uid=admin,ou=system
      connection.password=secret
      connection.protocol=
      connection.url=ldap://localhost:10389
      user.base.dn=ou=users,ou=system
      user.filter=(uid=%u)
      user.search.subtree=true
      role.base.dn=ou=roles,ou=system
      role.name.attribute=cn
      role.filter=(member:=uid=%u)
      role.search.subtree=true
      authentication=simple
    </jaas:module>
  </jaas:config>
</blueprint>

I'm getting the following error when I enable DEBUG in the security log.

Note the ': N O T   I M P L E M E N T E D   Y E T !] I'm not sure what that’s about I thought this was supported with this release of Servicemix.


2017-02-13 09:40:32,081 | DEBUG |  /system/console | HttpServiceContext               | 212 - org.ops4j.pax.web.pax-web-jetty - 4.3.0 | Handling request for [/system/console] using http context [org.a
pache.felix.webconsole.internal.servlet.OsgiManagerHttpContext@5348f26]
2017-02-13 09:40:32,090 | DEBUG |  /system/console | LDAPLoginModule                  | 116 - org.apache.karaf.jaas.modules - 4.0.8 | Get the user DN.
2017-02-13 09:40:32,111 | DEBUG |  /system/console | LDAPLoginModule                  | 116 - org.apache.karaf.jaas.modules - 4.0.8 | Looking for the user in LDAP with
2017-02-13 09:40:32,111 | DEBUG |  /system/console | LDAPLoginModule                  | 116 - org.apache.karaf.jaas.modules - 4.0.8 |   base DN: ou=users,ou=system
2017-02-13 09:40:32,111 | DEBUG |  /system/console | LDAPLoginModule                  | 116 - org.apache.karaf.jaas.modules - 4.0.8 |   filter: (uid=janedoe)
2017-02-13 09:40:32,114 | DEBUG |  /system/console | LDAPLoginModule                  | 116 - org.apache.karaf.jaas.modules - 4.0.8 | Found the user DN.
2017-02-13 09:40:32,115 | DEBUG |  /system/console | LDAPLoginModule                  | 116 - org.apache.karaf.jaas.modules - 4.0.8 | Bind user (authentication).
2017-02-13 09:40:32,115 | DEBUG |  /system/console | LDAPLoginModule                  | 116 - org.apache.karaf.jaas.modules - 4.0.8 | Set the security principal for uid=janedoe,ou=users,ou=system
2017-02-13 09:40:32,115 | DEBUG |  /system/console | LDAPLoginModule                  | 116 - org.apache.karaf.jaas.modules - 4.0.8 | Binding the user.
2017-02-13 09:40:32,118 | DEBUG |  /system/console | LDAPLoginModule                  | 116 - org.apache.karaf.jaas.modules - 4.0.8 | User janedoe successfully bound.
2017-02-13 09:40:32,121 | DEBUG |  /system/console | LDAPLoginModule                  | 116 - org.apache.karaf.jaas.modules - 4.0.8 | Looking for the user roles in LDAP with
2017-02-13 09:40:32,122 | DEBUG |  /system/console | LDAPLoginModule                  | 116 - org.apache.karaf.jaas.modules - 4.0.8 |   base DN: ou=roles,ou=system
2017-02-13 09:40:32,122 | DEBUG |  /system/console | LDAPLoginModule                  | 116 - org.apache.karaf.jaas.modules - 4.0.8 |   filter: (member:=uid=janedoe)
2017-02-13 09:40:32,126 | ERROR |  /system/console | JaasSecurityProvider             | 224 - org.apache.karaf.webconsole.console - 4.0.8 | General Security Exception
javax.security.auth.login.LoginException: Can't get user janedoe roles: [LDAP: error code 1 - OPERATIONS_ERROR: failed for MessageType : SEARCH_REQUEST Message ID : 7
    SearchRequest
        baseDn : 'ou=roles,ou=system'
        filter : '(member-false-EXTENSIBLE-null-0x75 0x69 0x64 0x3D 0x6A 0x61 0x6E 0x65 0x64 0x6F 0x65 :[?])'
        scope : whole subtree
        typesOnly : false
        Size Limit : no limit
        Time Limit : no limit
        Deref Aliases : deref Always
        attributes :
org.apache.directory.api.ldap.model.message.SearchRequestImpl@b7e7bbb6    ManageDsaITImpl Control
        Type OID    : '2.16.840.1.113730.3.4.2'
        Criticality : 'false'
'
: N O T   I M P L E M E N T E D   Y E T !]
        at org.apache.karaf.jaas.modules.ldap.LDAPLoginModule.doLogin(LDAPLoginModule.java:157)
        at org.apache.karaf.jaas.modules.ldap.LDAPLoginModule.login(LDAPLoginModule.java:54)
        at org.apache.karaf.jaas.boot.ProxyLoginModule.login(ProxyLoginModule.java:83)[org.apache.karaf.jaas.boot-4.0.8.jar:]
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)[:1.8.0_101]
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)[:1.8.0_101]
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)[:1.8.0_101]
        at java.lang.reflect.Method.invoke(Method.java:498)[:1.8.0_101]
        at javax.security.auth.login.LoginContext.invoke(LoginContext.java:755)[:1.8.0_101]
        at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195)[:1.8.0_101]
        at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682)[:1.8.0_101]
        at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680)[:1.8.0_101]
        at java.security.AccessController.doPrivileged(Native Method)[:1.8.0_101]
        at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)[:1.8.0_101]
        at javax.security.auth.login.LoginContext.login(LoginContext.java:587)[:1.8.0_101]
        at org.apache.felix.webconsole.internal.servlet.JaasSecurityProvider.doAuthenticate(JaasSecurityProvider.java:118)[224:org.apache.karaf.webconsole.console:4.0.8]
        at org.apache.felix.webconsole.internal.servlet.JaasSecurityProvider.authenticate(JaasSecurityProvider.java:184)[224:org.apache.karaf.webconsole.console:4.0.8]
        at org.apache.felix.webconsole.internal.servlet.OsgiManagerHttpContext.handleSecurity(OsgiManagerHttpContext.java:103)[224:org.apache.karaf.webconsole.console:4.0.8]
        at org.ops4j.pax.web.service.jetty.internal.HttpServiceServletHandler.doHandle(HttpServiceServletHandler.java:69)[212:org.ops4j.pax.web.pax-web-jetty:4.3.0]
        at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)[188:org.eclipse.jetty.server:9.2.19.v20160908]
        at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:577)[187:org.eclipse.jetty.security:9.2.19.v20160908]
        at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:223)[188:org.eclipse.jetty.server:9.2.19.v20160908]
        at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127)[188:org.eclipse.jetty.server:9.2.19.v20160908]
        at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doHandle(HttpServiceContext.java:287)[212:org.ops4j.pax.web.pax-web-jetty:4.3.0]
        at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515)[189:org.eclipse.jetty.servlet:9.2.19.v20160908]
        at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)[188:org.eclipse.jetty.server:9.2.19.v20160908]
        at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061)[188:org.eclipse.jetty.server:9.2.19.v20160908]
        at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)[188:org.eclipse.jetty.server:9.2.19.v20160908]
        at org.ops4j.pax.web.service.jetty.internal.JettyServerHandlerCollection.handle(JettyServerHandlerCollection.java:80)[212:org.ops4j.pax.web.pax-web-jetty:4.3.0]
        at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)[188:org.eclipse.jetty.server:9.2.19.v20160908]
        at org.eclipse.jetty.server.Server.handle(Server.java:499)[188:org.eclipse.jetty.server:9.2.19.v20160908]
        at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:311)[188:org.eclipse.jetty.server:9.2.19.v20160908]
        at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257)[188:org.eclipse.jetty.server:9.2.19.v20160908]
        at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:544)[180:org.eclipse.jetty.io:9.2.19.v20160908]
        at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635)[191:org.eclipse.jetty.util:9.2.19.v20160908]
        at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555)[191:org.eclipse.jetty.util:9.2.19.v20160908]
        at java.lang.Thread.run(Thread.java:745)[:1.8.0_101]
2017-02-13 09:40:32,128 | DEBUG |  /system/console | HttpServiceResponseWrapper       | 212 - org.ops4j.pax.web.pax-web-jetty - 4.3.0 | Response status set to [401]


Mike Tod
949-230-5319 direct
[hidden email]

-----Original Message-----
From: Mike Tod [mailto:[hidden email]]
Sent: Friday, February 10, 2017 3:36 PM
To: [hidden email]
Subject: RE: Servicemix 7.0 LDAP and the webconsole

I used this as a guide https://access.redhat.com/documentation/en-US/Fuse_ESB_Enterprise/7.1/html/Security_Guide/files/ESBLDAPTutorialConfigAdminAuthz.html

Seemed to work up to the Web part I can't find any specifics on the config.

Thanks

Mike Tod
[hidden email]

-----Original Message-----
From: Jean-Baptiste Onofré [mailto:[hidden email]]
Sent: Friday, February 10, 2017 3:31 PM
To: [hidden email]
Cc: [hidden email]
Subject: Re: Servicemix 7.0 LDAP and the webconsole

All depends the roles you have on LDAP or the role mapping.
Webconsole expects admin as role.

Regards
JB

On Feb 10, 2017, 19:28, at 19:28, Mike Tod <[hidden email]> wrote:

>I'm working with Servicemix 7.0 and LDAP I have it working for the
>client but can't seem to get LDAP working on the Webconsole.
>
>Seems like the roles are not working correctly with the web but I have
>no log's to dig into.
>
>Does anyone have LDAP working with the Web Console?
>
>If so can you give me some tips?
>
>Thanks
>
>Mike Tod
>[hidden email]<mailto:[hidden email]>
>
>
>This communication and any files transmitted with it may contain
>information that is considered to be confidential, privileged and
>exempt from disclosure under applicable law. This message is intended
>for Foundation Medicine-affiliated use and that of the intended
>recipient only and may contain information that is protected by
>Foundation Medicine policies and the HIPAA Privacy Rule, 45 CFR  
>164.500. This communication is intended solely for the use of intended
>recipient. If you are not the intended recipient, you are hereby
>notified that any use, dissemination or copying of this communication
>is strictly prohibited. If you have received this communication in
>error, please notify the sender immediately and delete this message
>immediately. Thank you for your cooperation.

This communication and any files transmitted with it may contain information that is considered to be confidential, privileged and exempt from disclosure under applicable law. This message is intended for Foundation Medicine-affiliated use and that of the intended recipient only and may contain information that is protected by Foundation Medicine policies and the HIPAA Privacy Rule, 45 CFR § 164.500. This communication is intended solely for the use of intended recipient. If you are not the intended recipient, you are hereby notified that any use, dissemination or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the sender immediately and delete this message immediately. Thank you for your cooperation.

This communication and any files transmitted with it may contain information that is considered to be confidential, privileged and exempt from disclosure under applicable law. This message is intended for Foundation Medicine-affiliated use and that of the intended recipient only and may contain information that is protected by Foundation Medicine policies and the HIPAA Privacy Rule, 45 CFR § 164.500. This communication is intended solely for the use of intended recipient. If you are not the intended recipient, you are hereby notified that any use, dissemination or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the sender immediately and delete this message immediately. Thank you for your cooperation.

This communication and any files transmitted with it may contain information that is considered to be confidential, privileged and exempt from disclosure under applicable law. This message is intended for Foundation Medicine-affiliated use and that of the intended recipient only and may contain information that is protected by Foundation Medicine policies and the HIPAA Privacy Rule, 45 CFR § 164.500. This communication is intended solely for the use of intended recipient. If you are not the intended recipient, you are hereby notified that any use, dissemination or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the sender immediately and delete this message immediately. Thank you for your cooperation.
Loading...