By: Matteo Bocci user 17 Jan 2023 at 8:20 a.m. CST

3 Responses

Hi there, during authentication to Gluu GUI after setting up an external LDAP we receive this kind of error message: ``` 2023-01-17 11:34:17,098 ERROR [qtp966739377-19] [org.gluu.oxauth.service.AuthenticationService] (AuthenticationService.java:473) - Failed to find entry: cn=Name Surname,ou=users,o=ORGANIZATION org.gluu.persist.exception.EntryPersistenceException: Failed to find entry: cn=Name Surname,ou=users,o=ORGANIZATION at org.gluu.persist.ldap.impl.LdapEntryManager.find(LdapEntryManager.java:405) ~[gluu-orm-ldap-4.4.2.Final.jar:?] at org.gluu.persist.impl.BaseEntryManager.find(BaseEntryManager.java:714) ~[gluu-orm-core-4.4.2.Final.jar:?] at org.gluu.persist.impl.BaseEntryManager.find(BaseEntryManager.java:593) ~[gluu-orm-core-4.4.2.Final.jar:?] at org.gluu.persist.impl.BaseEntryManager.find(BaseEntryManager.java:580) ~[gluu-orm-core-4.4.2.Final.jar:?] at org.gluu.oxauth.service.AuthenticationService.getUserByAttribute(AuthenticationService.java:547) ~[classes/:?] at org.gluu.oxauth.service.AuthenticationService.authenticateImpl(AuthenticationService.java:442) ~[classes/:?] at org.gluu.oxauth.service.AuthenticationService.authenticate(AuthenticationService.java:388) ~[classes/:?] at org.gluu.oxauth.service.AuthenticationService.externalAuthenticate(AuthenticationService.java:307) ~[classes/:?] at org.gluu.oxauth.service.AuthenticationService.authenticate(AuthenticationService.java:145) ~[classes/:?] at org.gluu.oxauth.service.AuthenticationService$Proxy$_$$_WeldClientProxy.authenticate(Unknown Source) ~[classes/:?] at org.gluu.oxauth.service.external.internal.InternalDefaultPersonAuthenticationType.authenticate(InternalDefaultPersonAuthenticationType.java:37) ~[classes/:?] at org.gluu.oxauth.service.external.internal.InternalDefaultPersonAuthenticationType$Proxy$_$$_WeldClientProxy.authenticate(Unknown Source) ~[classes/:?] at org.gluu.oxauth.service.external.ExternalAuthenticationService.executeExternalAuthenticate(ExternalAuthenticationService.java:212) ~[classes/:?] at org.gluu.oxauth.service.external.ExternalAuthenticationService$Proxy$_$$_WeldClientProxy.executeExternalAuthenticate(Unknown Source) ~[classes/:?] at org.gluu.oxauth.auth.Authenticator.userAuthenticationInteractive(Authenticator.java:322) ~[classes/:?] at org.gluu.oxauth.auth.Authenticator.authenticateImpl(Authenticator.java:205) ~[classes/:?] at org.gluu.oxauth.auth.Authenticator.authenticate(Authenticator.java:128) ~[classes/:?] at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?] at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:?] at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?] at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?] at org.apache.el.parser.AstValue.invoke(AstValue.java:246) ~[org.mortbay.jasper.apache-el-9.0.52.jar:9.0.52] at org.apache.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:266) ~[org.mortbay.jasper.apache-el-9.0.52.jar:9.0.52] at org.jboss.weld.module.web.util.el.ForwardingMethodExpression.invoke(ForwardingMethodExpression.java:40) ~[weld-web-3.1.9.Final.jar:3.1.9.Final] at org.jboss.weld.module.web.el.WeldMethodExpression.invoke(WeldMethodExpression.java:50) ~[weld-web-3.1.9.Final.jar:3.1.9.Final] at com.sun.faces.facelets.el.TagMethodExpression.invoke(TagMethodExpression.java:65) ~[jakarta.faces-2.3.14.jar:2.3.14] at com.sun.faces.application.MethodBindingMethodExpressionAdapter.invoke(MethodBindingMethodExpressionAdapter.java:66) ~[jakarta.faces-2.3.14.jar:2.3.14] at com.sun.faces.application.ActionListenerImpl.getNavigationOutcome(ActionListenerImpl.java:82) ~[jakarta.faces-2.3.14.jar:2.3.14] at com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:71) ~[jakarta.faces-2.3.14.jar:2.3.14] at javax.faces.component.UICommand.broadcast(UICommand.java:222) ~[jakarta.faces-2.3.14.jar:2.3.14] at javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:847) ~[jakarta.faces-2.3.14.jar:2.3.14] at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:1396) ~[jakarta.faces-2.3.14.jar:2.3.14] at com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicationPhase.java:58) ~[jakarta.faces-2.3.14.jar:2.3.14] at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:76) ~[jakarta.faces-2.3.14.jar:2.3.14] at com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:177) ~[jakarta.faces-2.3.14.jar:2.3.14] at javax.faces.webapp.FacesServlet.executeLifecyle(FacesServlet.java:707) ~[jakarta.faces-2.3.14.jar:2.3.14] at javax.faces.webapp.FacesServlet.service(FacesServlet.java:451) ~[jakarta.faces-2.3.14.jar:2.3.14] at org.eclipse.jetty.servlet.ServletHolder$NotAsync.service(ServletHolder.java:1419) ~[?:?] at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:764) ~[?:?] at org.eclipse.jetty.servlet.ServletHandler$ChainEnd.doFilter(ServletHandler.java:1630) ~[?:?] at org.gluu.oxauth.audit.debug.ServletLoggingFilter.doFilter(ServletLoggingFilter.java:67) ~[classes/:?] at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:210) ~[?:?] at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1600) ~[?:?] at org.eclipse.jetty.websocket.servlet.WebSocketUpgradeFilter.doFilter(WebSocketUpgradeFilter.java:170) ~[websocket-servlet-10.0.9.jar:10.0.9] at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202) ~[?:?] at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1600) ~[?:?] at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:506) ~[?:?] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:131) ~[?:?] at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:578) ~[?:?] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122) ~[?:?] at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:223) ~[?:?] at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1571) ~[?:?] at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:221) ~[?:?] at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1378) ~[?:?] at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:176) ~[?:?] at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:463) ~[?:?] at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1544) ~[?:?] at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:174) ~[?:?] at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1300) ~[?:?] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:129) ~[?:?] at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:192) ~[?:?] at org.eclipse.jetty.server.handler.HandlerList.handle(HandlerList.java:51) ~[?:?] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122) ~[?:?] at org.eclipse.jetty.server.Server.handle(Server.java:562) ~[?:?] at org.eclipse.jetty.server.HttpChannel.lambda$handle$0(HttpChannel.java:505) ~[?:?] at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:762) ~[?:?] at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:497) ~[?:?] at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:282) ~[?:?] at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:319) ~[?:?] at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:100) ~[?:?] at org.eclipse.jetty.io.SelectableChannelEndPoint$1.run(SelectableChannelEndPoint.java:53) ~[?:?] at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.runTask(AdaptiveExecutionStrategy.java:412) ~[?:?] at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.consumeTask(AdaptiveExecutionStrategy.java:381) ~[?:?] at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.tryProduce(AdaptiveExecutionStrategy.java:268) ~[?:?] at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.lambda$new$0(AdaptiveExecutionStrategy.java:138) ~[?:?] at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:407) ~[?:?] at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:894) ~[?:?] at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1038) ~[?:?] at java.lang.Thread.run(Thread.java:829) ~[?:?] Caused by: org.gluu.persist.exception.operation.ConnectionException: Failed to lookup entry at org.gluu.persist.ldap.operation.impl.LdapOperationServiceImpl.lookupImpl(LdapOperationServiceImpl.java:626) ~[gluu-orm-ldap-4.4.2.Final.jar:?] at org.gluu.persist.ldap.operation.impl.LdapOperationServiceImpl.lookup(LdapOperationServiceImpl.java:605) ~[gluu-orm-ldap-4.4.2.Final.jar:?] at org.gluu.persist.ldap.impl.LdapEntryManager.find(LdapEntryManager.java:399) ~[gluu-orm-ldap-4.4.2.Final.jar:?] ... 78 more Caused by: com.unboundid.ldap.sdk.LDAPSearchException: unwilling to perform at com.unboundid.ldap.sdk.LDAPConnection.search(LDAPConnection.java:3994) ~[unboundid-ldapsdk-6.0.6.jar:6.0.6] at com.unboundid.ldap.sdk.LDAPConnection.getEntry(LDAPConnection.java:1910) ~[unboundid-ldapsdk-6.0.6.jar:6.0.6] at com.unboundid.ldap.sdk.AbstractConnectionPool.getEntry(AbstractConnectionPool.java:646) ~[unboundid-ldapsdk-6.0.6.jar:6.0.6] at com.unboundid.ldap.sdk.AbstractConnectionPool.getEntry(AbstractConnectionPool.java:614) ~[unboundid-ldapsdk-6.0.6.jar:6.0.6] at org.gluu.persist.ldap.operation.impl.LdapOperationServiceImpl.lookupImpl(LdapOperationServiceImpl.java:617) ~[gluu-orm-ldap-4.4.2.Final.jar:?] at org.gluu.persist.ldap.operation.impl.LdapOperationServiceImpl.lookup(LdapOperationServiceImpl.java:605) ~[gluu-orm-ldap-4.4.2.Final.jar:?] at org.gluu.persist.ldap.impl.LdapEntryManager.find(LdapEntryManager.java:399) ~[gluu-orm-ldap-4.4.2.Final.jar:?] ... 78 more 2023-01-17 11:34:17,154 INFO [qtp966739377-19] [org.gluu.oxauth.auth.Authenticator] (Authenticator.java:225) - Authentication failed for 'name.surname' 2023-01-17 11:34:41,547 INFO [Thread-657] [org.gluu.oxauth.service.AppInitializer] (AppInitializer.java:516) - Recreated instance persistenceAuthEntryManager: [org.gluu.persist.ldap.impl.LdapEntryManager@53f0506b] ``` --------------- The same LDAP is used in Cache Refresh functionality with no problem at all (all users are correctly imported). Following some command to gather some informations: ``` root@test:/opt/gluu/jetty/oxauth/logs# /opt/opendj/bin/ldapsearch -h 127.0.0.1 -p 1636 -s sub -Z -X -D 'cn=directory manager' -j /tmp/.dpw -b 'o=gluu' -z 3 '&(objectclass=gluuConfiguration)' oxIDPAuthentication dn: ou=configuration,o=gluu oxIDPAuthentication: {"type":"auth","name":"auth_ldap_server","level":0,"priority":0,"enabled":false,"version":1,"fields":[],"config":{"configId":"auth_ldap_server","bindDN":"cn=directory manager","bindPassword":"tnHOEnBxtWWQtwJynrcrhA==","servers":["localhost:1636"],"maxConnections":1000,"useSSL":true,"baseDNs":["ou=people,o=gluu"],"primaryKey":"uid","localPrimaryKey":"uid","useAnonymousBind":false,"enabled":true,"version":0,"level":0}} oxIDPAuthentication: {"type":"auth","name":"ldap_svil","level":0,"priority":0,"enabled":true,"version":1,"fields":[],"config":{"configId":"ldap_svil","bindDN":"cn=root","bindPassword":"BIND_PASSWORD","servers":["ldap01svil.DOMAIN:389"],"maxConnections":2,"useSSL":false,"baseDNs":["ou=users,O=ORGANIZATION"],"primaryKey":"uid","localPrimaryKey":"uid","useAnonymousBind":false,"enabled":false,"version":0,"level":0}} ``` ``` root@test:/opt/gluu/jetty/oxauth/logs# nc -v -w 1 ldap01svil.DOMAIN 389 Connection to ldap01svil.DOMAIN 389 port [tcp/ldap] succeeded! ``` Thanks, Matteo.

Gluu 4.4 Ubuntu 20.04

closed

By Mohib Zico Account Admin 17 Jan 2023 at 9:18 p.m. CST

Copy

Hello, >> Failed to find entry: cn=Name Surname,ou=users,o=ORGANIZATION >>> "maxConnections":2,"useSSL":false,"baseDNs":["ou=users,O=ORGANIZATION"],"primaryKey":"uid","localPrimaryKey":"uid", You are trying to authenticate with `cn`, when your Manage Authentication section is specifying `uid` as Primary Attribute.

By Matteo Bocci user 18 Jan 2023 at 2:03 a.m. CST

Copy

Hello Mohib, thanks! I saw that the error reported the `cn` as the first attribute in the query, but when I try to login into Gluu GUI I use the `uid` (eg. name.surname). Do I have to change something into Gluu conf to "force" the LDAP query to search for the `uid` attribute? Thanks, Matteo.

By Mohib Zico Account Admin 08 Feb 2023 at 7:05 a.m. CST

Copy

Hello Matteo, >> Do I have to change something into Gluu conf to "force" the LDAP query to search for the uid attribute? From your shared data, I see that you are already using `uid` as primary attribute. ( from oxIDPAuthentication ). Question is then: what kind of authentication / ACR you are using? If possible share screenshot of 'Manage Authentication' page.

You need to Login in order to post an answer

External LDAP Manage Authentication: "Failed to find entry"

By: Matteo Bocci user 17 Jan 2023 at 8:20 a.m. CST

Answers

By Mohib Zico Account Admin 17 Jan 2023 at 9:18 p.m. CST

By Matteo Bocci user 18 Jan 2023 at 2:03 a.m. CST

By Mohib Zico Account Admin 08 Feb 2023 at 7:05 a.m. CST

Post an answer