NethServer Version: Final 7.3.16.11
Module: webtop 5
Hi,
I have configured a NETH Server, I installed AD, Email, Samba, Backup, Roundcube and Nextcloud and everything is OK.
Next, I installed Webtop 5 but I have problems.
When I login with user and password, I get the error “Authentication failed, try again”.
I can only enter as admin but if I go looking for users I get this message: "unable to list directory users [NethServer]"
Any help?
Thank you
Hi Roberto,
have a look at this Message of gabriele_bulfon, perhaps it helps.
Well, that post of mine is old, nowadays AD is fully supported by WebTop5 and has many options.
Let us know the exact settings you have on the domain.
Gabriele
@gabriele_bulfon Thanks for your correction.
This is the AD config
NetBIOS domain name: FANSCOMPUTER
LDAP server: 192.168.1.11
LDAP server name: nsdc-nethserver.ad.fanscomputer.local
Realm: AD.FANSCOMPUTER.LOCAL
Bind Path: dc=AD,dc=FANSCOMPUTER,dc=LOCAL
LDAP port: 389
Server time: gio, 21 set 2017 12:49:03 CEST
KDC server: 192.168.1.11
Server time offset: 0
Last machine account password change: sab, 16 set 2017 13:25:39 CEST
Join is OK
name: NETHSERVER
objectSid: S-1-5-21-2947875242-1718526051-3813215886-1103
accountExpires: 9223372036854775807
sAMAccountName: NETHSERVER$
pwdLastSet: 131500347362894560
dNSHostName: nethserver.fanscomputer.local
servicePrincipalName: HOST/NETHSERVER
servicePrincipalName: HOST/nethserver.fanscomputer.local
servicePrincipalName: smtp/nethserver
servicePrincipalName: smtp/nethserver.fanscomputer.local
servicePrincipalName: pop/nethserver
servicePrincipalName: pop/nethserver.fanscomputer.local
servicePrincipalName: imap/nethserver
servicePrincipalName: imap/nethserver.fanscomputer.local
whenChanged: 20170918131204.0Z
lastLogon: 131504645440988720
distinguishedName: CN=NETHSERVER,CN=Computers,DC=ad,DC=fanscomputer,DC=local
Last errors in log file…
There are errors that speak about LDAP, but being an AD, the LDAP entry should not appear.
2017-09-21 09:36:46 [ERROR] c.s.s.auth.directory.LdapDirectory - LdapError
org.ldaptive.LdapException: javax.naming.NamingException: [LDAP: error code 1 - 00002020: Operation unavailable without authentication]; remaining name 'dc=ad,dc=fanscomputer,dc=local'
at org.ldaptive.provider.ProviderUtils.throwOperationException(ProviderUtils.java:55)
at org.ldaptive.provider.jndi.JndiConnection.processNamingException(JndiConnection.java:619)
at org.ldaptive.provider.jndi.JndiConnection$JndiSearchIterator.initialize(JndiConnection.java:741)
at org.ldaptive.provider.jndi.JndiConnection.search(JndiConnection.java:463)
at org.ldaptive.SearchOperation.executeSearch(SearchOperation.java:103)
at org.ldaptive.SearchOperation.invoke(SearchOperation.java:85)
at org.ldaptive.SearchOperation.invoke(SearchOperation.java:15)
at org.ldaptive.AbstractOperation.execute(AbstractOperation.java:126)
at org.ldaptive.SearchExecutor.search(SearchExecutor.java:229)
at org.ldaptive.SearchExecutor.search(SearchExecutor.java:160)
at com.sonicle.security.auth.directory.AbstractLdapDirectory.ldapSearch(AbstractLdapDirectory.java:347)
at com.sonicle.security.auth.directory.AbstractLdapDirectory.listUsers(AbstractLdapDirectory.java:141)
at com.sonicle.webtop.core.app.WebTopManager.listDirectoryUsers(WebTopManager.java:893)
at com.sonicle.webtop.core.admin.CoreAdminManager.listDirectoryUsers(CoreAdminManager.java:339)
at com.sonicle.webtop.core.admin.Service.processManageDomainUsers(Service.java:516)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at com.sonicle.webtop.core.servlet.BaseServiceRequest.invokeMethod(BaseServiceRequest.java:109)
at com.sonicle.webtop.core.servlet.ServiceRequest.processRequest(ServiceRequest.java:82)
at com.sonicle.webtop.core.servlet.ServiceRequest.doGet(ServiceRequest.java:118)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:624)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:61)
at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108)
at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137)
at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66)
at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108)
at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137)
at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66)
at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108)
at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137)
at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66)
at org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449)
at org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365)
at org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90)
at org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83)
at org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:383)
at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362)
at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:218)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:110)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:506)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:962)
at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:683)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:445)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1087)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:637)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:318)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1152)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:622)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)
Caused by: javax.naming.NamingException: [LDAP: error code 1 - 00002020: Operation unavailable without authentication]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3194)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3100)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2891)
at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1846)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1769)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:392)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:358)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:341)
at org.ldaptive.provider.jndi.JndiConnection$JndiSearchIterator.search(JndiConnection.java:806)
at org.ldaptive.provider.jndi.JndiConnection$JndiSearchIterator.initialize(JndiConnection.java:735)
... 64 common frames omitted
2017-09-21 09:36:46 [ERROR] c.sonicle.webtop.core.admin.Service - Error in ManageDomainUsers
com.sonicle.webtop.core.sdk.WTException: Unable to list directory users [NethServer]
at com.sonicle.webtop.core.admin.CoreAdminManager.listDirectoryUsers(CoreAdminManager.java:342)
at com.sonicle.webtop.core.admin.Service.processManageDomainUsers(Service.java:516)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at com.sonicle.webtop.core.servlet.BaseServiceRequest.invokeMethod(BaseServiceRequest.java:109)
at com.sonicle.webtop.core.servlet.ServiceRequest.processRequest(ServiceRequest.java:82)
at com.sonicle.webtop.core.servlet.ServiceRequest.doGet(ServiceRequest.java:118)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:624)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:61)
at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108)
at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137)
at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66)
at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108)
at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137)
at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66)
at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108)
at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137)
at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66)
at org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449)
at org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365)
at org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90)
at org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83)
at org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:383)
at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362)
at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:218)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:110)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:506)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:962)
at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:683)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:445)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1087)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:637)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:318)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1152)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:622)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)
Caused by: com.sonicle.webtop.core.sdk.WTException: Directory error
at com.sonicle.webtop.core.app.WebTopManager.listDirectoryUsers(WebTopManager.java:911)
at com.sonicle.webtop.core.admin.CoreAdminManager.listDirectoryUsers(CoreAdminManager.java:339)
... 53 common frames omitted
Caused by: com.sonicle.security.auth.DirectoryException: [org.ldaptive.LdapException@172334266::resultCode=OPERATIONS_ERROR, matchedDn=null, responseControls=null, referralURLs=null, messageId=-1, message=javax.naming.NamingException: [LDAP: error code 1 - 00002020: Operation unavailable without authentication]; remaining name 'dc=ad,dc=fanscomputer,dc=local', providerException=javax.naming.NamingException: [LDAP: error code 1 - 00002020: Operation unavailable without authentication]; remaining name 'dc=ad,dc=fanscomputer,dc=local']
at com.sonicle.security.auth.directory.AbstractLdapDirectory.listUsers(AbstractLdapDirectory.java:150)
at com.sonicle.webtop.core.app.WebTopManager.listDirectoryUsers(WebTopManager.java:893)
... 54 common frames omitted
Caused by: org.ldaptive.LdapException: javax.naming.NamingException: [LDAP: error code 1 - 00002020: Operation unavailable without authentication]; remaining name 'dc=ad,dc=fanscomputer,dc=local'
at org.ldaptive.provider.ProviderUtils.throwOperationException(ProviderUtils.java:55)
at org.ldaptive.provider.jndi.JndiConnection.processNamingException(JndiConnection.java:619)
at org.ldaptive.provider.jndi.JndiConnection$JndiSearchIterator.initialize(JndiConnection.java:741)
at org.ldaptive.provider.jndi.JndiConnection.search(JndiConnection.java:463)
at org.ldaptive.SearchOperation.executeSearch(SearchOperation.java:103)
at org.ldaptive.SearchOperation.invoke(SearchOperation.java:85)
at org.ldaptive.SearchOperation.invoke(SearchOperation.java:15)
at org.ldaptive.AbstractOperation.execute(AbstractOperation.java:126)
at org.ldaptive.SearchExecutor.search(SearchExecutor.java:229)
at org.ldaptive.SearchExecutor.search(SearchExecutor.java:160)
at com.sonicle.security.auth.directory.AbstractLdapDirectory.ldapSearch(AbstractLdapDirectory.java:347)
at com.sonicle.security.auth.directory.AbstractLdapDirectory.listUsers(AbstractLdapDirectory.java:141)
... 55 common frames omitted
Caused by: javax.naming.NamingException: [LDAP: error code 1 - 00002020: Operation unavailable without authentication]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3194)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3100)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2891)
at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1846)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1769)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:392)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:358)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:341)
at org.ldaptive.provider.jndi.JndiConnection$JndiSearchIterator.search(JndiConnection.java:806)
at org.ldaptive.provider.jndi.JndiConnection$JndiSearchIterator.initialize(JndiConnection.java:735)
... 64 common frames omitted
2017-09-21 09:42:03 [ERROR] c.s.s.auth.directory.LdapDirectory - LdapError
org.ldaptive.LdapException: javax.naming.NamingException: [LDAP: error code 1 - 00002020: Operation unavailable without authentication]; remaining name 'dc=ad,dc=fanscomputer,dc=local'
at org.ldaptive.provider.ProviderUtils.throwOperationException(ProviderUtils.java:55)
at org.ldaptive.provider.jndi.JndiConnection.processNamingException(JndiConnection.java:619)
at org.ldaptive.provider.jndi.JndiConnection$JndiSearchIterator.initialize(JndiConnection.java:741)
at org.ldaptive.provider.jndi.JndiConnection.search(JndiConnection.java:463)
at org.ldaptive.SearchOperation.executeSearch(SearchOperation.java:103)
at org.ldaptive.SearchOperation.invoke(SearchOperation.java:85)
at org.ldaptive.SearchOperation.invoke(SearchOperation.java:15)
at org.ldaptive.AbstractOperation.execute(AbstractOperation.java:126)
at org.ldaptive.SearchExecutor.search(SearchExecutor.java:229)
at org.ldaptive.SearchExecutor.search(SearchExecutor.java:160)
at com.sonicle.security.auth.directory.AbstractLdapDirectory.ldapSearch(AbstractLdapDirectory.java:347)
at com.sonicle.security.auth.directory.AbstractLdapDirectory.listUsers(AbstractLdapDirectory.java:141)
at com.sonicle.webtop.core.app.WebTopManager.listDirectoryUsers(WebTopManager.java:893)
at com.sonicle.webtop.core.admin.CoreAdminManager.listDirectoryUsers(CoreAdminManager.java:339)
at com.sonicle.webtop.core.admin.Service.processManageDomainUsers(Service.java:516)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at com.sonicle.webtop.core.servlet.BaseServiceRequest.invokeMethod(BaseServiceRequest.java:109)
at com.sonicle.webtop.core.servlet.ServiceRequest.processRequest(ServiceRequest.java:82)
at com.sonicle.webtop.core.servlet.ServiceRequest.doGet(ServiceRequest.java:118)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:624)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:61)
at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108)
at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137)
at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66)
at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108)
at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137)
at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66)
at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108)
at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137)
at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66)
at org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449)
at org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365)
at org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90)
at org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83)
at org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:383)
at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362)
at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:218)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:110)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:506)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:962)
at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:683)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:445)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1087)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:637)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:318)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1152)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:622)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)
Caused by: javax.naming.NamingException: [LDAP: error code 1 - 00002020: Operation unavailable without authentication]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3194)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3100)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2891)
at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1846)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1769)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:392)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:358)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:341)
at org.ldaptive.provider.jndi.JndiConnection$JndiSearchIterator.search(JndiConnection.java:806)
at org.ldaptive.provider.jndi.JndiConnection$JndiSearchIterator.initialize(JndiConnection.java:735)
... 64 common frames omitted
2017-09-21 09:42:03 [ERROR] c.sonicle.webtop.core.admin.Service - Error in ManageDomainUsers
com.sonicle.webtop.core.sdk.WTException: Unable to list directory users [NethServer]
at com.sonicle.webtop.core.admin.CoreAdminManager.listDirectoryUsers(CoreAdminManager.java:342)
at com.sonicle.webtop.core.admin.Service.processManageDomainUsers(Service.java:516)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at com.sonicle.webtop.core.servlet.BaseServiceRequest.invokeMethod(BaseServiceRequest.java:109)
at com.sonicle.webtop.core.servlet.ServiceRequest.processRequest(ServiceRequest.java:82)
at com.sonicle.webtop.core.servlet.ServiceRequest.doGet(ServiceRequest.java:118)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:624)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:61)
at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108)
at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137)
at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66)
at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108)
at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137)
at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66)
at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108)
at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137)
at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66)
at org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449)
at org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365)
at org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90)
at org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83)
at org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:383)
at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362)
at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:218)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:110)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:506)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:962)
at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:683)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:445)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1087)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:637)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:318)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1152)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:622)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)
Caused by: com.sonicle.webtop.core.sdk.WTException: Directory error
at com.sonicle.webtop.core.app.WebTopManager.listDirectoryUsers(WebTopManager.java:911)
at com.sonicle.webtop.core.admin.CoreAdminManager.listDirectoryUsers(CoreAdminManager.java:339)
... 53 common frames omitted
Caused by: com.sonicle.security.auth.DirectoryException: [org.ldaptive.LdapException@639902079::resultCode=OPERATIONS_ERROR, matchedDn=null, responseControls=null, referralURLs=null, messageId=-1, message=javax.naming.NamingException: [LDAP: error code 1 - 00002020: Operation unavailable without authentication]; remaining name 'dc=ad,dc=fanscomputer,dc=local', providerException=javax.naming.NamingException: [LDAP: error code 1 - 00002020: Operation unavailable without authentication]; remaining name 'dc=ad,dc=fanscomputer,dc=local']
at com.sonicle.security.auth.directory.AbstractLdapDirectory.listUsers(AbstractLdapDirectory.java:150)
at com.sonicle.webtop.core.app.WebTopManager.listDirectoryUsers(WebTopManager.java:893)
... 54 common frames omitted
Caused by: org.ldaptive.LdapException: javax.naming.NamingException: [LDAP: error code 1 - 00002020: Operation unavailable without authentication]; remaining name 'dc=ad,dc=fanscomputer,dc=local'
at org.ldaptive.provider.ProviderUtils.throwOperationException(ProviderUtils.java:55)
at org.ldaptive.provider.jndi.JndiConnection.processNamingException(JndiConnection.java:619)
at org.ldaptive.provider.jndi.JndiConnection$JndiSearchIterator.initialize(JndiConnection.java:741)
at org.ldaptive.provider.jndi.JndiConnection.search(JndiConnection.java:463)
at org.ldaptive.SearchOperation.executeSearch(SearchOperation.java:103)
at org.ldaptive.SearchOperation.invoke(SearchOperation.java:85)
at org.ldaptive.SearchOperation.invoke(SearchOperation.java:15)
at org.ldaptive.AbstractOperation.execute(AbstractOperation.java:126)
at org.ldaptive.SearchExecutor.search(SearchExecutor.java:229)
at org.ldaptive.SearchExecutor.search(SearchExecutor.java:160)
at com.sonicle.security.auth.directory.AbstractLdapDirectory.ldapSearch(AbstractLdapDirectory.java:347)
at com.sonicle.security.auth.directory.AbstractLdapDirectory.listUsers(AbstractLdapDirectory.java:141)
... 55 common frames omitted
Caused by: javax.naming.NamingException: [LDAP: error code 1 - 00002020: Operation unavailable without authentication]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3194)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3100)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2891)
at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1846)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1769)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:392)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:358)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:341)
at org.ldaptive.provider.jndi.JndiConnection$JndiSearchIterator.search(JndiConnection.java:806)
at org.ldaptive.provider.jndi.JndiConnection$JndiSearchIterator.initialize(JndiConnection.java:735)
... 64 common frames omitted
No one knows how to give me HELP?
I don’t think so, AD provides an LDAP Directory for users and groups.
@gabriele_bulfon Where do I find a configuration file for binding webtop to ldap? I want to compare it with @roberto.schiano
The attached file is:
/var/log/webtop/webtop.log
Neth7 should create a default working installation with ldap on localhost.
Hello,
I got the same error on a fresh Nethserver 7.4 beta1 test installation:
Errors in /var/log/webtop/webtop.log:
2017-09-22 18:11:42 [ERROR] c.s.s.auth.directory.LdapDirectory - LdapError
org.ldaptive.LdapException: javax.naming.NamingException: [LDAP: error code 1 - 00002020: Operation unavailable without authentication]; remaining name 'dc=ad,dc=domain,dc=local'
...
2017-09-22 18:11:42 [ERROR] c.sonicle.webtop.core.shiro.WTRealm - Authentication error
com.sonicle.security.auth.DirectoryException: [org.ldaptive.LdapException@316527132::resultCode=OPERATIONS_ERROR, matchedDn=null, responseControls=null, referralURLs=null, messageId=-1, message=javax.naming.NamingException: [LDAP: error code 1 - 00002020: Operation unavailable without authentication]; remaining name 'dc=ad,dc=domain,dc=local', providerException=javax.naming.NamingException: [LDAP: error code 1 - 00002020: Operation unavailable without authentication]; remaining name 'dc=ad,dc=domain,dc=local']
...
I changed from AD to LDAP and Webtop logins worked. Changed back to AD and same error.
exactly, the same error…
So, if I unmount the active directory and mount Ldap, then the webtop works?
But, I need the SAMBA AD …
Yes, bat i installed SAMBA AD end then Webtop…
I’d go back and try to install webtop.
I have a Nethserver 7.3, where AD logins to Webtop 5 work perfectly. Same kernel(3.10.0-693.2.2.el7.x86_64), same relevant packages. I also reinstalled samba and Webtop on the new installed Nethserver beta but without success.
Installed Packages
nethserver-samba.noarch 2.0.10-1.ns7 @nethserver-updates
nethserver-samba-audit.noarch 1.1.2-1.ns7 @nethserver-base
nethserver-webtop5.noarch 1.1.4-1.ns7 @nethserver-updates
samba.x86_64 4.6.2-11.el7_4 @updates
samba-client.x86_64 4.6.2-11.el7_4 @updates
samba-client-libs.x86_64 4.6.2-11.el7_4 @updates
samba-common.noarch 4.6.2-11.el7_4 @updates
samba-common-libs.x86_64 4.6.2-11.el7_4 @updates
samba-common-tools.x86_64 4.6.2-11.el7_4 @updates
samba-libs.x86_64 4.6.2-11.el7_4 @updates
webtop5-core.noarch 1.1.5-1.ns7 @nethserver-updates
webtop5-libs.noarch 1.1.4-1.ns7 @nethserver-updates
webtop5-zpush.noarch 1.1.1-1.ns7 @nethserver-updates
Hi @roberto.schiano and @mrmarkuz,
i think I’ve identified the problem: The machine account password is not provided in the WebTop5 autodetection settings.
It seems that with the new version 7.4 BindPassword returns something abnormal.
In my case:
# account-provider-test dump
{
"BindDN" : "DOMAIN\\NS7VM5$",
"LdapURI" : "ldaps://ad.domain.net",
"StartTls" : "",
"port" : 636,
"host" : "ad.domain.net",
"isAD" : "1",
"isLdap" : "",
"UserDN" : "dc=ad,dc=domain,dc=net",
"GroupDN" : "dc=ad,dc=domain,dc=net",
"BindPassword" : "懨ꝯ炍귲㓵浶괬ꞽ︓獑ꅋ掿ꧽ꣫⧽玖게敶绑㎻묻破õ秷ꥬ橜ٶȭ⬘瞧뿪。벲㥼껏닸눴⭰⼌諾꾜뛵栬⊼ﲺꁞⰹ㰩ꌖ∭旮♦ㅿ곝닺ꖤ늸敏熜晞ꐍ⸀⯵⣹练ⷔㄔ犦갱⺁㎁ϳ넩떉漤㊅ᄇꁖ﵆갯꒧払ﵓ羁꾛晱㑟睵盉ꍌﰎ맲ꚗ橓㗞ⲓ⇚ƭ뇊̇潞㣄뤨맊벣疾稇+抙㥍겇㜽無꒓敦暽ꊚ㦀篙陵㈚ℭ뙫癠盟",
"BaseDN" : "dc=ad,dc=domain,dc=net",
"LdapUriDn" : "ldap:///dc%3Dad%2Cdc%3Ddomain%2Cdc%3Dnet"
In the meantime, you can intervene and modify the account with which WebTop queries LDAP:
- activate a user on Nethserver by entering the password (ex. admin)
- login with webtop admin
- Domains -> NethServer -> right key -> Edit domain -> Server -> Admin DN -> (Ex. DOMAIN \ admin)
- enter the password of the user
- Save & Close
I think the problem may also affect @giacomo
Thanks @lucag,
this worked for me. I can login with domain users now.
You are even right with the BindPassword, that seems to be the problem:
"BindPassword" : "뒌㽂椨뜖ꏓ⫾pꮋ룭똺【ꗨケꙤ놖㴋㈧럹Ꞵ댻ꚥ纻棯糾淛럳밐溊ⶔꔤ㚢...
It’s something unexpected but not abnormal
The password is in binary form and works good on other software like Nextcloud.
The issue is inside WebTop5 SQL schema: the password field can’t handle values longer than 255 characters:
[root@mytest ~]# su - postgres -c "psql webtop5 -c '\d+ core.domains'" | grep dir_password
dir_password | character varying(255) | | extended | |
dir_password_policy | boolean | not null | plain | |
The encoded password is 693 characters long (while the plain one is 171) in my installation :
[root@mytest ~]# perl -e 'use NethServer::SSSD; my $sssd = new NethServer::SSSD(); print $sssd->bindPassword();' | java -classpath /usr/share/webtop/ WebtopPassEncode | wc -m
693
Can we expand the password field length in the initial sql? /cc @matteo.albinola @gabriele_bulfon
Sure we can expand it.
But this time, it may be useful to choose a good new size for any future situation.
I mean, is there any other encoding producing more bytes?
I’m thinking about 1024, it may be a good size…
Gabriele
I can’t find and documentation about password size on MS or Samba AD.
But I think 1024 should be enough!
Let me know when fix is out, in the meanwhile I will try to create a patch for webtop5-core
rpm.
Edit:
I’d go with type text
, in fact the manual states:
While character(n) has performance advantages in some other database systems, there is no such advantage in PostgreSQL; in fact character(n) is usually the slowest of the three because of its additional storage costs. In most situations text or character varying should be used instead.
We usually use character varying for strings with a possible maximum length, while text is used for fields containing text or html or anything that may have an unpredictable length,