WebTop error access


(Roberto) #1

NethServer Version: Final 7.3.16.11
Module: webtop 5
Hi,
I have configured a NETH Server, I installed AD, Email, Samba, Backup, Roundcube and Nextcloud and everything is OK.
Next, I installed Webtop 5 but I have problems.
When I login with user and password, I get the error “Authentication failed, try again”.
I can only enter as admin but if I go looking for users I get this message: "unable to list directory users [NethServer]"
Any help?
Thank you


NethServer 7.4.1708 beta 1 released
(Michael Träumner) #2

Hi Roberto,
have a look at this Message of gabriele_bulfon, perhaps it helps.


(gabriele_bulfon) #3

Well, that post of mine is old, nowadays AD is fully supported by WebTop5 and has many options.
Let us know the exact settings you have on the domain.

Gabriele


(Michael Träumner) #4

@gabriele_bulfon Thanks for your correction.


(Roberto) #5

This is the AD config

NetBIOS domain name: FANSCOMPUTER
LDAP server: 192.168.1.11
LDAP server name: nsdc-nethserver.ad.fanscomputer.local
Realm: AD.FANSCOMPUTER.LOCAL
Bind Path: dc=AD,dc=FANSCOMPUTER,dc=LOCAL
LDAP port: 389
Server time: gio, 21 set 2017 12:49:03 CEST
KDC server: 192.168.1.11
Server time offset: 0
Last machine account password change: sab, 16 set 2017 13:25:39 CEST

Join is OK
name: NETHSERVER
objectSid: S-1-5-21-2947875242-1718526051-3813215886-1103
accountExpires: 9223372036854775807
sAMAccountName: NETHSERVER$
pwdLastSet: 131500347362894560
dNSHostName: nethserver.fanscomputer.local
servicePrincipalName: HOST/NETHSERVER
servicePrincipalName: HOST/nethserver.fanscomputer.local
servicePrincipalName: smtp/nethserver
servicePrincipalName: smtp/nethserver.fanscomputer.local
servicePrincipalName: pop/nethserver
servicePrincipalName: pop/nethserver.fanscomputer.local
servicePrincipalName: imap/nethserver
servicePrincipalName: imap/nethserver.fanscomputer.local
whenChanged: 20170918131204.0Z
lastLogon: 131504645440988720
distinguishedName: CN=NETHSERVER,CN=Computers,DC=ad,DC=fanscomputer,DC=local

Last errors in log file…
There are errors that speak about LDAP, but being an AD, the LDAP entry should not appear.

2017-09-21 09:36:46 [ERROR] c.s.s.auth.directory.LdapDirectory - LdapError
org.ldaptive.LdapException: javax.naming.NamingException: [LDAP: error code 1 - 00002020: Operation unavailable without authentication]; remaining name 'dc=ad,dc=fanscomputer,dc=local'
	at org.ldaptive.provider.ProviderUtils.throwOperationException(ProviderUtils.java:55)
	at org.ldaptive.provider.jndi.JndiConnection.processNamingException(JndiConnection.java:619)
	at org.ldaptive.provider.jndi.JndiConnection$JndiSearchIterator.initialize(JndiConnection.java:741)
	at org.ldaptive.provider.jndi.JndiConnection.search(JndiConnection.java:463)
	at org.ldaptive.SearchOperation.executeSearch(SearchOperation.java:103)
	at org.ldaptive.SearchOperation.invoke(SearchOperation.java:85)
	at org.ldaptive.SearchOperation.invoke(SearchOperation.java:15)
	at org.ldaptive.AbstractOperation.execute(AbstractOperation.java:126)
	at org.ldaptive.SearchExecutor.search(SearchExecutor.java:229)
	at org.ldaptive.SearchExecutor.search(SearchExecutor.java:160)
	at com.sonicle.security.auth.directory.AbstractLdapDirectory.ldapSearch(AbstractLdapDirectory.java:347)
	at com.sonicle.security.auth.directory.AbstractLdapDirectory.listUsers(AbstractLdapDirectory.java:141)
	at com.sonicle.webtop.core.app.WebTopManager.listDirectoryUsers(WebTopManager.java:893)
	at com.sonicle.webtop.core.admin.CoreAdminManager.listDirectoryUsers(CoreAdminManager.java:339)
	at com.sonicle.webtop.core.admin.Service.processManageDomainUsers(Service.java:516)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:606)
	at com.sonicle.webtop.core.servlet.BaseServiceRequest.invokeMethod(BaseServiceRequest.java:109)
	at com.sonicle.webtop.core.servlet.ServiceRequest.processRequest(ServiceRequest.java:82)
	at com.sonicle.webtop.core.servlet.ServiceRequest.doGet(ServiceRequest.java:118)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:624)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:61)
	at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108)
	at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137)
	at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
	at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66)
	at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108)
	at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137)
	at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
	at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66)
	at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108)
	at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137)
	at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
	at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66)
	at org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449)
	at org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365)
	at org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90)
	at org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83)
	at org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:383)
	at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362)
	at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:218)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:110)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:506)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
	at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:962)
	at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:683)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:445)
	at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1087)
	at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:637)
	at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:318)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1152)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:622)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.lang.Thread.run(Thread.java:748)
Caused by: javax.naming.NamingException: [LDAP: error code 1 - 00002020: Operation unavailable without authentication]
	at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3194)
	at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3100)
	at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2891)
	at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1846)
	at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1769)
	at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:392)
	at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:358)
	at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:341)
	at org.ldaptive.provider.jndi.JndiConnection$JndiSearchIterator.search(JndiConnection.java:806)
	at org.ldaptive.provider.jndi.JndiConnection$JndiSearchIterator.initialize(JndiConnection.java:735)
	... 64 common frames omitted
2017-09-21 09:36:46 [ERROR] c.sonicle.webtop.core.admin.Service - Error in ManageDomainUsers
com.sonicle.webtop.core.sdk.WTException: Unable to list directory users [NethServer]
	at com.sonicle.webtop.core.admin.CoreAdminManager.listDirectoryUsers(CoreAdminManager.java:342)
	at com.sonicle.webtop.core.admin.Service.processManageDomainUsers(Service.java:516)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:606)
	at com.sonicle.webtop.core.servlet.BaseServiceRequest.invokeMethod(BaseServiceRequest.java:109)
	at com.sonicle.webtop.core.servlet.ServiceRequest.processRequest(ServiceRequest.java:82)
	at com.sonicle.webtop.core.servlet.ServiceRequest.doGet(ServiceRequest.java:118)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:624)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:61)
	at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108)
	at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137)
	at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
	at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66)
	at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108)
	at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137)
	at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
	at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66)
	at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108)
	at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137)
	at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
	at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66)
	at org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449)
	at org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365)
	at org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90)
	at org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83)
	at org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:383)
	at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362)
	at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:218)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:110)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:506)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
	at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:962)
	at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:683)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:445)
	at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1087)
	at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:637)
	at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:318)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1152)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:622)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.lang.Thread.run(Thread.java:748)
Caused by: com.sonicle.webtop.core.sdk.WTException: Directory error
	at com.sonicle.webtop.core.app.WebTopManager.listDirectoryUsers(WebTopManager.java:911)
	at com.sonicle.webtop.core.admin.CoreAdminManager.listDirectoryUsers(CoreAdminManager.java:339)
	... 53 common frames omitted
Caused by: com.sonicle.security.auth.DirectoryException: [org.ldaptive.LdapException@172334266::resultCode=OPERATIONS_ERROR, matchedDn=null, responseControls=null, referralURLs=null, messageId=-1, message=javax.naming.NamingException: [LDAP: error code 1 - 00002020: Operation unavailable without authentication]; remaining name 'dc=ad,dc=fanscomputer,dc=local', providerException=javax.naming.NamingException: [LDAP: error code 1 - 00002020: Operation unavailable without authentication]; remaining name 'dc=ad,dc=fanscomputer,dc=local']
	at com.sonicle.security.auth.directory.AbstractLdapDirectory.listUsers(AbstractLdapDirectory.java:150)
	at com.sonicle.webtop.core.app.WebTopManager.listDirectoryUsers(WebTopManager.java:893)
	... 54 common frames omitted
Caused by: org.ldaptive.LdapException: javax.naming.NamingException: [LDAP: error code 1 - 00002020: Operation unavailable without authentication]; remaining name 'dc=ad,dc=fanscomputer,dc=local'
	at org.ldaptive.provider.ProviderUtils.throwOperationException(ProviderUtils.java:55)
	at org.ldaptive.provider.jndi.JndiConnection.processNamingException(JndiConnection.java:619)
	at org.ldaptive.provider.jndi.JndiConnection$JndiSearchIterator.initialize(JndiConnection.java:741)
	at org.ldaptive.provider.jndi.JndiConnection.search(JndiConnection.java:463)
	at org.ldaptive.SearchOperation.executeSearch(SearchOperation.java:103)
	at org.ldaptive.SearchOperation.invoke(SearchOperation.java:85)
	at org.ldaptive.SearchOperation.invoke(SearchOperation.java:15)
	at org.ldaptive.AbstractOperation.execute(AbstractOperation.java:126)
	at org.ldaptive.SearchExecutor.search(SearchExecutor.java:229)
	at org.ldaptive.SearchExecutor.search(SearchExecutor.java:160)
	at com.sonicle.security.auth.directory.AbstractLdapDirectory.ldapSearch(AbstractLdapDirectory.java:347)
	at com.sonicle.security.auth.directory.AbstractLdapDirectory.listUsers(AbstractLdapDirectory.java:141)
	... 55 common frames omitted
Caused by: javax.naming.NamingException: [LDAP: error code 1 - 00002020: Operation unavailable without authentication]
	at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3194)
	at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3100)
	at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2891)
	at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1846)
	at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1769)
	at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:392)
	at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:358)
	at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:341)
	at org.ldaptive.provider.jndi.JndiConnection$JndiSearchIterator.search(JndiConnection.java:806)
	at org.ldaptive.provider.jndi.JndiConnection$JndiSearchIterator.initialize(JndiConnection.java:735)
	... 64 common frames omitted
2017-09-21 09:42:03 [ERROR] c.s.s.auth.directory.LdapDirectory - LdapError
org.ldaptive.LdapException: javax.naming.NamingException: [LDAP: error code 1 - 00002020: Operation unavailable without authentication]; remaining name 'dc=ad,dc=fanscomputer,dc=local'
	at org.ldaptive.provider.ProviderUtils.throwOperationException(ProviderUtils.java:55)
	at org.ldaptive.provider.jndi.JndiConnection.processNamingException(JndiConnection.java:619)
	at org.ldaptive.provider.jndi.JndiConnection$JndiSearchIterator.initialize(JndiConnection.java:741)
	at org.ldaptive.provider.jndi.JndiConnection.search(JndiConnection.java:463)
	at org.ldaptive.SearchOperation.executeSearch(SearchOperation.java:103)
	at org.ldaptive.SearchOperation.invoke(SearchOperation.java:85)
	at org.ldaptive.SearchOperation.invoke(SearchOperation.java:15)
	at org.ldaptive.AbstractOperation.execute(AbstractOperation.java:126)
	at org.ldaptive.SearchExecutor.search(SearchExecutor.java:229)
	at org.ldaptive.SearchExecutor.search(SearchExecutor.java:160)
	at com.sonicle.security.auth.directory.AbstractLdapDirectory.ldapSearch(AbstractLdapDirectory.java:347)
	at com.sonicle.security.auth.directory.AbstractLdapDirectory.listUsers(AbstractLdapDirectory.java:141)
	at com.sonicle.webtop.core.app.WebTopManager.listDirectoryUsers(WebTopManager.java:893)
	at com.sonicle.webtop.core.admin.CoreAdminManager.listDirectoryUsers(CoreAdminManager.java:339)
	at com.sonicle.webtop.core.admin.Service.processManageDomainUsers(Service.java:516)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:606)
	at com.sonicle.webtop.core.servlet.BaseServiceRequest.invokeMethod(BaseServiceRequest.java:109)
	at com.sonicle.webtop.core.servlet.ServiceRequest.processRequest(ServiceRequest.java:82)
	at com.sonicle.webtop.core.servlet.ServiceRequest.doGet(ServiceRequest.java:118)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:624)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:61)
	at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108)
	at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137)
	at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
	at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66)
	at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108)
	at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137)
	at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
	at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66)
	at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108)
	at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137)
	at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
	at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66)
	at org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449)
	at org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365)
	at org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90)
	at org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83)
	at org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:383)
	at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362)
	at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:218)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:110)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:506)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
	at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:962)
	at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:683)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:445)
	at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1087)
	at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:637)
	at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:318)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1152)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:622)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.lang.Thread.run(Thread.java:748)
Caused by: javax.naming.NamingException: [LDAP: error code 1 - 00002020: Operation unavailable without authentication]
	at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3194)
	at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3100)
	at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2891)
	at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1846)
	at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1769)
	at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:392)
	at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:358)
	at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:341)
	at org.ldaptive.provider.jndi.JndiConnection$JndiSearchIterator.search(JndiConnection.java:806)
	at org.ldaptive.provider.jndi.JndiConnection$JndiSearchIterator.initialize(JndiConnection.java:735)
	... 64 common frames omitted
2017-09-21 09:42:03 [ERROR] c.sonicle.webtop.core.admin.Service - Error in ManageDomainUsers
com.sonicle.webtop.core.sdk.WTException: Unable to list directory users [NethServer]
	at com.sonicle.webtop.core.admin.CoreAdminManager.listDirectoryUsers(CoreAdminManager.java:342)
	at com.sonicle.webtop.core.admin.Service.processManageDomainUsers(Service.java:516)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:606)
	at com.sonicle.webtop.core.servlet.BaseServiceRequest.invokeMethod(BaseServiceRequest.java:109)
	at com.sonicle.webtop.core.servlet.ServiceRequest.processRequest(ServiceRequest.java:82)
	at com.sonicle.webtop.core.servlet.ServiceRequest.doGet(ServiceRequest.java:118)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:624)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:61)
	at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108)
	at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137)
	at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
	at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66)
	at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108)
	at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137)
	at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
	at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66)
	at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108)
	at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137)
	at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
	at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66)
	at org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449)
	at org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365)
	at org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90)
	at org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83)
	at org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:383)
	at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362)
	at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:218)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:110)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:506)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
	at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:962)
	at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:683)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:445)
	at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1087)
	at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:637)
	at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:318)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1152)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:622)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.lang.Thread.run(Thread.java:748)
Caused by: com.sonicle.webtop.core.sdk.WTException: Directory error
	at com.sonicle.webtop.core.app.WebTopManager.listDirectoryUsers(WebTopManager.java:911)
	at com.sonicle.webtop.core.admin.CoreAdminManager.listDirectoryUsers(CoreAdminManager.java:339)
	... 53 common frames omitted
Caused by: com.sonicle.security.auth.DirectoryException: [org.ldaptive.LdapException@639902079::resultCode=OPERATIONS_ERROR, matchedDn=null, responseControls=null, referralURLs=null, messageId=-1, message=javax.naming.NamingException: [LDAP: error code 1 - 00002020: Operation unavailable without authentication]; remaining name 'dc=ad,dc=fanscomputer,dc=local', providerException=javax.naming.NamingException: [LDAP: error code 1 - 00002020: Operation unavailable without authentication]; remaining name 'dc=ad,dc=fanscomputer,dc=local']
	at com.sonicle.security.auth.directory.AbstractLdapDirectory.listUsers(AbstractLdapDirectory.java:150)
	at com.sonicle.webtop.core.app.WebTopManager.listDirectoryUsers(WebTopManager.java:893)
	... 54 common frames omitted
Caused by: org.ldaptive.LdapException: javax.naming.NamingException: [LDAP: error code 1 - 00002020: Operation unavailable without authentication]; remaining name 'dc=ad,dc=fanscomputer,dc=local'
	at org.ldaptive.provider.ProviderUtils.throwOperationException(ProviderUtils.java:55)
	at org.ldaptive.provider.jndi.JndiConnection.processNamingException(JndiConnection.java:619)
	at org.ldaptive.provider.jndi.JndiConnection$JndiSearchIterator.initialize(JndiConnection.java:741)
	at org.ldaptive.provider.jndi.JndiConnection.search(JndiConnection.java:463)
	at org.ldaptive.SearchOperation.executeSearch(SearchOperation.java:103)
	at org.ldaptive.SearchOperation.invoke(SearchOperation.java:85)
	at org.ldaptive.SearchOperation.invoke(SearchOperation.java:15)
	at org.ldaptive.AbstractOperation.execute(AbstractOperation.java:126)
	at org.ldaptive.SearchExecutor.search(SearchExecutor.java:229)
	at org.ldaptive.SearchExecutor.search(SearchExecutor.java:160)
	at com.sonicle.security.auth.directory.AbstractLdapDirectory.ldapSearch(AbstractLdapDirectory.java:347)
	at com.sonicle.security.auth.directory.AbstractLdapDirectory.listUsers(AbstractLdapDirectory.java:141)
	... 55 common frames omitted
Caused by: javax.naming.NamingException: [LDAP: error code 1 - 00002020: Operation unavailable without authentication]
	at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3194)
	at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3100)
	at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2891)
	at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1846)
	at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1769)
	at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:392)
	at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:358)
	at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:341)
	at org.ldaptive.provider.jndi.JndiConnection$JndiSearchIterator.search(JndiConnection.java:806)
	at org.ldaptive.provider.jndi.JndiConnection$JndiSearchIterator.initialize(JndiConnection.java:735)
	... 64 common frames omitted

(Roberto) #6

No one knows how to give me HELP?


(Michael Träumner) #7

I don’t think so, AD provides an LDAP Directory for users and groups.

@gabriele_bulfon Where do I find a configuration file for binding webtop to ldap? I want to compare it with @roberto.schiano


(Roberto) #8

The attached file is:
/var/log/webtop/webtop.log


(gabriele_bulfon) #9

Neth7 should create a default working installation with ldap on localhost.


(Markus Neuberger) #10

Hello,

I got the same error on a fresh Nethserver 7.4 beta1 test installation:

Errors in /var/log/webtop/webtop.log:

2017-09-22 18:11:42 [ERROR] c.s.s.auth.directory.LdapDirectory - LdapError
org.ldaptive.LdapException: javax.naming.NamingException: [LDAP: error code 1 - 00002020: Operation unavailable without authentication]; remaining name 'dc=ad,dc=domain,dc=local'
...
2017-09-22 18:11:42 [ERROR] c.sonicle.webtop.core.shiro.WTRealm - Authentication error
com.sonicle.security.auth.DirectoryException: [org.ldaptive.LdapException@316527132::resultCode=OPERATIONS_ERROR, matchedDn=null, responseControls=null, referralURLs=null, messageId=-1, message=javax.naming.NamingException: [LDAP: error code 1 - 00002020: Operation unavailable without authentication]; remaining name 'dc=ad,dc=domain,dc=local', providerException=javax.naming.NamingException: [LDAP: error code 1 - 00002020: Operation unavailable without authentication]; remaining name 'dc=ad,dc=domain,dc=local']
...

I changed from AD to LDAP and Webtop logins worked. Changed back to AD and same error.


(Roberto) #11

exactly, the same error…
So, if I unmount the active directory and mount Ldap, then the webtop works?
But, I need the SAMBA AD …


(Roberto) #12

Yes, bat i installed SAMBA AD end then Webtop…
I’d go back and try to install webtop.


(Markus Neuberger) #13

I have a Nethserver 7.3, where AD logins to Webtop 5 work perfectly. Same kernel(3.10.0-693.2.2.el7.x86_64), same relevant packages. I also reinstalled samba and Webtop on the new installed Nethserver beta but without success.

Installed Packages
nethserver-samba.noarch                2.0.10-1.ns7          @nethserver-updates
nethserver-samba-audit.noarch          1.1.2-1.ns7           @nethserver-base
nethserver-webtop5.noarch              1.1.4-1.ns7           @nethserver-updates
samba.x86_64                           4.6.2-11.el7_4        @updates
samba-client.x86_64                    4.6.2-11.el7_4        @updates
samba-client-libs.x86_64               4.6.2-11.el7_4        @updates
samba-common.noarch                    4.6.2-11.el7_4        @updates
samba-common-libs.x86_64               4.6.2-11.el7_4        @updates
samba-common-tools.x86_64              4.6.2-11.el7_4        @updates
samba-libs.x86_64                      4.6.2-11.el7_4        @updates
webtop5-core.noarch                    1.1.5-1.ns7           @nethserver-updates
webtop5-libs.noarch                    1.1.4-1.ns7           @nethserver-updates
webtop5-zpush.noarch                   1.1.1-1.ns7           @nethserver-updates

(Luca Gasparini) #14

Hi @roberto.schiano and @mrmarkuz,

i think I’ve identified the problem: The machine account password is not provided in the WebTop5 autodetection settings.

It seems that with the new version 7.4 BindPassword returns something abnormal.
In my case:

# account-provider-test dump
{
   "BindDN" : "DOMAIN\\NS7VM5$",
   "LdapURI" : "ldaps://ad.domain.net",
   "StartTls" : "",
   "port" : 636,
   "host" : "ad.domain.net",
   "isAD" : "1",
   "isLdap" : "",
   "UserDN" : "dc=ad,dc=domain,dc=net",
   "GroupDN" : "dc=ad,dc=domain,dc=net",
   "BindPassword" : "懨ꝯ炍귲㓵浶괬ꞽ︓獑ꅋ掿ꧽ꣫⧽玖게敶绑㎻묻破õ秷ꥬ橜ٶȭ⬘瞧뿪。벲㥼껏닸눴⭰⼌諾꾜뛵栬⊼ﲺꁞⰹ㰩ꌖ∭旮♦ㅿ곝닺ꖤ늸敏熜晞ꐍ⸀⯵⣹练ⷔㄔ犦갱⺁㎁ϳ넩떉漤㊅ᄇꁖ﵆갯꒧払ﵓ羁꾛晱㑟睵盉ꍌﰎ맲ꚗ橓㗞ⲓ⇚ƭ뇊̇潞㣄뤨맊벣疾稇+抙㥍겇㜽無꒓敦暽ꊚ㦀篙陵㈚ℭ뙫癠盟",
   "BaseDN" : "dc=ad,dc=domain,dc=net",
   "LdapUriDn" : "ldap:///dc%3Dad%2Cdc%3Ddomain%2Cdc%3Dnet"

In the meantime, you can intervene and modify the account with which WebTop queries LDAP:

  • activate a user on Nethserver by entering the password (ex. admin)
  • login with webtop admin
  • Domains -> NethServer -> right key -> Edit domain -> Server -> Admin DN -> (Ex. DOMAIN \ admin)
  • enter the password of the user
  • Save & Close

I think the problem may also affect @giacomo :wink:


(Markus Neuberger) #15

Thanks @lucag,

this worked for me. I can login with domain users now. :thumbsup:

You are even right with the BindPassword, that seems to be the problem:

"BindPassword" : "뒌㽂椨뜖ꏓ⫾pꮋ룭똺【ꗨケꙤ놖㴋㈧럹Ꞵ댻ꚥ纻棯糾淛럳밐溊ⶔꔤ㚢...

(Giacomo Sanchietti) #16

It’s something unexpected but not abnormal :wink:
The password is in binary form and works good on other software like Nextcloud.

The issue is inside WebTop5 SQL schema: the password field can’t handle values longer than 255 characters:

[root@mytest ~]#  su - postgres -c "psql webtop5 -c '\d+ core.domains'"  | grep dir_password
 dir_password            | character varying(255) |           | extended |              | 
 dir_password_policy     | boolean                | not null  | plain    |              | 

The encoded password is 693 characters long (while the plain one is 171) in my installation :

[root@mytest ~]# perl -e 'use NethServer::SSSD; my $sssd = new NethServer::SSSD(); print $sssd->bindPassword();' | java -classpath /usr/share/webtop/ WebtopPassEncode | wc -m
693

Can we expand the password field length in the initial sql? /cc @matteo.albinola @gabriele_bulfon


Active Directory machine password
(gabriele_bulfon) #17

Sure we can expand it.
But this time, it may be useful to choose a good new size for any future situation.
I mean, is there any other encoding producing more bytes?

I’m thinking about 1024, it may be a good size…

Gabriele


(Giacomo Sanchietti) #18

I can’t find and documentation about password size on MS or Samba AD.
But I think 1024 should be enough!


(Giacomo Sanchietti) #19

Let me know when fix is out, in the meanwhile I will try to create a patch for webtop5-core rpm.

Edit:
I’d go with type text, in fact the manual states:

While character(n) has performance advantages in some other database systems, there is no such advantage in PostgreSQL; in fact character(n) is usually the slowest of the three because of its additional storage costs. In most situations text or character varying should be used instead.

See https://www.postgresql.org/docs/9.2/static/datatype-character.html


(gabriele_bulfon) #20

We usually use character varying for strings with a possible maximum length, while text is used for fields containing text or html or anything that may have an unpredictable length,