By: Carsten Buchenau user 27 Jun 2018 at 6:09 a.m. CDT

2 Responses
Carsten Buchenau gravatar
Hi there, I followed the docs & videos to configure cache-refresh with AD, and it works: ``` 2018-06-27 12:22:00,595 INFO [Thread-316022] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:316) - Attempting to load entries from source server 2018-06-27 12:22:01,203 INFO [Thread-316022] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:325) - Found '3961' entries in source server 2018-06-27 12:22:01,206 INFO [Thread-316022] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:328) - Found '3961' unique entries in source server 2018-06-27 12:22:01,314 INFO [Thread-316022] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:377) - Found '0' changed entries 2018-06-27 12:22:01,315 INFO [Thread-316022] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:382) - Loaded '0' problem entries from problem file 2018-06-27 12:22:01,330 INFO [Thread-316022] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:395) - Updated '0' entries 2018-06-27 12:22:01,330 INFO [Thread-316022] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:397) - Failed to update '0' entries 2018-06-27 12:22:01,345 INFO [Thread-316022] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:437) - Removed '0' persons from target server 2018-06-27 12:22:01,345 INFO [Thread-316022] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:452) - There are '3961' entries before updating inum list 2018-06-27 12:22:01,345 INFO [Thread-316022] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:456) - There are '3961' entries after removal '0' entries 2018-06-27 12:22:01,345 INFO [Thread-316022] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:460) - There are '3961' entries after adding '0' entries ``` Under Users / Manage People I can search for our test account, COURSGEN06, and find it. So far so good. I then continued with the Authentication configuration, as per video. Only that I kept the original (local) LDAP server entry, and added the AD as additional source. The configuration uses the exact same parameters as used for cache-refresh, but if I hit the "Test LDAP Connection" button, I get a **Failed to connect to LDAP server**. When I try to authenticate with my test user, it fails, and in the logs I see: ``` 2018-06-27 12:40:45,352 DEBUG [qtp1744347043-10] [org.xdi.oxauth.service.AuthenticationService] (AuthenticationService.java:117) - Authenticating user with LDAP: username: 'COURSGEN06', credentials: '1123615429' 2018-06-27 12:40:45,353 DEBUG [qtp1744347043-10] [org.xdi.oxauth.service.AuthenticationService] (AuthenticationService.java:245) - Attempting to find userDN by primary key: 'uid' and key value: 'COURSGEN06', credentials: '1123615429' 2018-06-27 12:40:45,353 DEBUG [qtp1744347043-10] [org.xdi.oxauth.service.AuthenticationService] (AuthenticationService.java:334) - Getting user information from LDAP: attributeName = 'uid', attributeValue = 'COURSGEN06' 2018-06-27 12:40:45,353 DEBUG [qtp1744347043-10] [org.xdi.oxauth.service.AuthenticationService] (AuthenticationService.java:348) - Searching user by attributes: '[Attribute [name=uid, values=[COURSGEN06]]]', baseDn: 'o=gluu' 2018-06-27 12:40:45,355 DEBUG [qtp1744347043-10] [org.xdi.oxauth.service.AuthenticationService] (AuthenticationService.java:350) - Found '1' entries 2018-06-27 12:40:45,357 DEBUG [qtp1744347043-10] [org.xdi.oxauth.service.AuthenticationService] (AuthenticationService.java:267) - Attempting to authenticate userDN: inum=@!5A33.1533.075A.55DB!0001!C064.04E1!0000!B68A.7157,ou=people,o=@!5A33.1533.075A.55DB!0001!C064.04E1,o=gluu 2018-06-27 12:40:45,358 ERROR [qtp1744347043-10] [org.xdi.oxauth.service.AuthenticationService] (AuthenticationService.java:292) - Failed to authenticate dn: inum=@!5A33.1533.075A.55DB!0001!C064.04E1!0000!B68A.7157,ou=people,o=@!5A33.1533.075A.55DB!0001!C064.04E1,o=gluu 2018-06-27 12:40:45,358 DEBUG [qtp1744347043-10] [org.xdi.oxauth.service.AuthenticationService] (AuthenticationService.java:245) - Attempting to find userDN by primary key: 'samAccountName' and key value: 'COURSGEN06', credentials: '1123615429' 2018-06-27 12:40:45,358 DEBUG [qtp1744347043-10] [org.xdi.oxauth.service.AuthenticationService] (AuthenticationService.java:334) - Getting user information from LDAP: attributeName = 'samAccountName', attributeValue = 'COURSGEN06' 2018-06-27 12:40:45,359 DEBUG [qtp1744347043-10] [org.xdi.oxauth.service.AuthenticationService] (AuthenticationService.java:348) - Searching user by attributes: '[Attribute [name=samAccountName, values=[COURSGEN06]]]', baseDn: 'OU=COMPTE,DC=cpnv,DC=ch' 2018-06-27 12:40:45,359 ERROR [qtp1744347043-10] [org.xdi.oxauth.service.AuthenticationService] (AuthenticationService.java:292) - Failed to find entries with baseDN: OU=COMPTE,DC=cpnv,DC=ch, filter: (&(&(objectClass=top))(&(samAccountName=COURSGEN06))) 2018-06-27 12:40:45,359 ERROR [qtp1744347043-10] [org.xdi.oxauth.service.SessionIdService] (SessionIdService.java:271) - Faces context returns null for http request object. 2018-06-27 12:40:45,360 DEBUG [qtp1744347043-10] [org.xdi.oxauth.auth.Authenticator] (Authenticator.java:265) - Authentication result for user 'COURSGEN06'. auth_step: '1', result: 'false', credentials: '1123615429' 2018-06-27 12:40:45,360 INFO [qtp1744347043-10] [org.xdi.oxauth.auth.Authenticator] (Authenticator.java:164) - Authentication failed for 'COURSGEN06' ``` - First the local LDAP server is tried. Account is found (= cache-refresh works), but authentication is failing (no password sync via cache-refresh, I assume) - Then the external LDAP server is tried - and here is account is NOT found. I see: ``` Failed to find entries with baseDN: OU=COMPTE,DC=cpnv,DC=ch, filter: (&(&(objectClass=top))(&(samAccountName=COURSGEN06))) ``` Not sure where the "objectClass=top" comes from, and if this the problem? In which log file do I actually see the LDAP connection itself, especially when hitting the TEST button? Screenshots: https://nextcloud.edificom.ch/s/TD5372ftFf8fzpw carsten

By Mohib Zico Account Admin 27 Jun 2018 at 9:46 a.m. CDT

Mohib Zico gravatar
Try this please... - Go to `/etc/gluu/conf` ( inside container ) - Modify `ox-ldap.properties`: - Remove section like below: ``` ssl.trustStoreFile: /etc/certs/opendj.pkcs12 ssl.trustStorePin: xxxxx ssl.trustStoreFormat: pkcs12 ``` - Stop/Start Gluu Server container

By Carsten Buchenau user 27 Jun 2018 at 12:04 p.m. CDT

Carsten Buchenau gravatar
Thanks Mohib - that actually did the trick!!