我正在使用Nexus存儲庫管理器(nexus.sonatype.org)和開源LDAP插件(code.google.com/p/nexus-ldap/)以及我收到一個錯誤,指出使用了錯誤的協議版本(詳情如下)。所有插件都使用JNDI LDAP服務提供程序連接到我的LDAP服務器。如果您查看nexus.log文件中的堆棧跟蹤,則會在JNDI LDAP實現中的上下文初始化期間發生異常。所以我的猜測是,下面描述的問題不是由Nexus插件引起的,而是由於JNDI的錯誤使用或對LDAP認證的誤解。Nexus和LDAP - 根據OpenLDAP服務器驗證用戶時的JNDI問題
任何有關如何導致錯誤的猜測或想法都非常感謝!
什麼步驟會重現問題?
- 配置的Nexus使用使用的OpenLDAP的1.2.x服務器LdapAuthenticatingRealm - 爲此LDAP協議的版本2。
- 嘗試列出OpenLDAP-Server中的用戶並將它們映射到Nexus配置UI中的角色 - 完美地工作。
- 現在嘗試使用映射到角色的LDAP用戶成功登錄到運行的Nexus實例或進行身份驗證。
預期產量是多少?你看到了什麼呢?
嘗試登錄時,我收到錯誤消息「用戶名,密碼不正確或沒有權限使用Nexus用戶界面,請重試。」。在Nexus日誌文件中,當Sun的JNDI-LDAP實現(請參閱下面的日誌文件中的堆棧跟蹤)嘗試使用給定信息初始化上下文以便根據LDAP服務器驗證用戶時,會看到引發的異常。使用Nexus用戶界面的用戶查找工作正常,以及在驗證期間執行查找(請參閱下面的日誌文件)。
CommunicationException(「[LDAP:錯誤代碼2 - 版本不支持]」)中包含的錯誤消息指示使用錯誤的LDAP協議版本。我試圖明確使用協議版本2,因爲OpenLDAP 1.2.7-30版僅支持LDAP v2(公司環境 - 服務器版本不可協商)。我這樣做是通過檢查你的源代碼,添加「env.put(」java.naming.ldap.version「,」2「);」到se.devoteam.nexus.ldap.NexusLdapContextFactory:52。沒有改變。
在測試期間,我通過瀏覽Sun源代碼時意識到,javax.naming.ldap.InitialLdapContext.InitialLdapContext() - 方法所做的第一件事是將ldap協議版本設置爲「3」(javax.naming.ldap .InitialLdapContext:131)。儘管Java6文檔解釋了我使用的屬性(java.sun [dot] com/javase/6/docs/technotes/guides/jndi/jndi-ldap-gl.html#version),並且JNDI-tutorial提到了這個解決協議版本衝突的正確方法(java.sun [dot] com/products/jndi/tutorial/ldap/misc/version.html)我想知道:在使用JNDI時,是否有明確使用LDAP協議版本2的方法作爲LDAP服務提供商?
接下來,我嘗試使用相當最新版本的OpenLDAP服務器(openldap2-2.3)作爲LDAP協議版本3請求的代理,將其委派給舊服務器。同樣的問題,同樣的例外。
信息
環境:連結的webapp部署在一個Tomcat 6.0.16 的Nexus版本:1.3。6 LDAP的境界版本:0.4 JRE版本:JDK 1.6.0_14-B08 平臺:虛擬環境 LDAP目錄品牌:OpenLDAP的1.2.7和2.2.3
的nexus.log的有關部分:
2009-10-23 15:06:37 DEBUG [ajp-8009-3 ] - o.s.j.r.PlexusSecur~ - Realm: 'org.sonatype.jsecurity.realms.XmlAuthenticatingRealm', caused: User 'testuser' cannot be retrieved.
org.jsecurity.authc.AccountException: User 'testuser' cannot be retrieved.
at org.sonatype.jsecurity.realms.XmlAuthenticatingRealm.doGetAuthenticationInfo(XmlAuthenticatingRealm.java:68)
at org.jsecurity.realm.AuthenticatingRealm.getAuthenticationInfo(AuthenticatingRealm.java:168)
at org.sonatype.jsecurity.web.WebPlexusSecurity.getAuthenticationInfo(WebPlexusSecurity.java:185)
at org.jsecurity.authc.pam.ModularRealmAuthenticator.doSingleRealmAuthentication(ModularRealmAuthenticator.java:186)
at org.jsecurity.authc.pam.ModularRealmAuthenticator.doAuthenticate(ModularRealmAuthenticator.java:276)
at org.jsecurity.authc.AbstractAuthenticator.authenticate(AbstractAuthenticator.java:141)
at org.jsecurity.mgt.AuthenticatingSecurityManager.authenticate(AuthenticatingSecurityManager.java:171)
at org.jsecurity.mgt.DefaultSecurityManager.login(DefaultSecurityManager.java:312)
at org.jsecurity.subject.DelegatingSubject.login(DelegatingSubject.java:237)
at org.jsecurity.web.filter.authc.AuthenticatingFilter.executeLogin(AuthenticatingFilter.java:49)
at org.sonatype.nexus.security.filter.authc.NexusHttpAuthenticationFilter.onAccessDenied(NexusHttpAuthenticationFilter.java:121)
at org.jsecurity.web.filter.AccessControlFilter.onPreHandle(AccessControlFilter.java:145)
at org.jsecurity.web.filter.PathMatchingFilter.preHandle(PathMatchingFilter.java:175)
at org.jsecurity.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:129)
at org.jsecurity.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:180)
at org.jsecurity.web.servlet.FilterChainWrapper.doFilter(FilterChainWrapper.java:57)
at org.jsecurity.web.servlet.JSecurityFilter.doFilterInternal(JSecurityFilter.java:382)
at org.jsecurity.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:180)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
at org.apache.coyote.ajp.AjpAprProcessor.process(AjpAprProcessor.java:419)
at org.apache.coyote.ajp.AjpAprProtocol$AjpConnectionHandler.process(AjpAprProtocol.java:378)
at org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1509)
at java.lang.Thread.run(Thread.java:619)
Caused by: org.sonatype.jsecurity.realms.tools.NoSuchUserException: User with id='testuser' not found!
at org.sonatype.jsecurity.realms.tools.DefaultConfigurationManager.readUser(DefaultConfigurationManager.java:410)
at org.sonatype.jsecurity.realms.tools.ResourceMergingConfigurationManager.readUser(ResourceMergingConfigurationManager.java:278)
at org.sonatype.jsecurity.realms.XmlAuthenticatingRealm.doGetAuthenticationInfo(XmlAuthenticatingRealm.java:64)
... 29 more
2009-10-23 15:06:37 DEBUG [ajp-8009-3 ] - s.d.n.l.LdapAuthent~ - Authenticating user 'testuser' through LDAP
2009-10-23 15:06:37 DEBUG [ajp-8009-3 ] - s.d.n.l.LdapAuthent~ - LDAP user search filter: (&(objectClass=account)(uid={0}))
2009-10-23 15:06:37 DEBUG [ajp-8009-3 ] - s.d.n.l.NexusLdapCo~ - LDAP security principal not set
2009-10-23 15:06:37 DEBUG [ajp-8009-3 ] - s.d.n.l.NexusLdapCo~ - LDAP security credentials not set
2009-10-23 15:06:37 DEBUG [ajp-8009-3 ] - s.d.n.l.NexusLdapCo~ - LDAP provider url(s): ldap://ldap:389
2009-10-23 15:06:37 DEBUG [ajp-8009-3 ] - s.d.n.l.NexusLdapCo~ - LDAP initial context factory: com.sun.jndi.ldap.LdapCtxFactory
2009-10-23 15:06:37 DEBUG [ajp-8009-3 ] - s.d.n.l.NexusLdapCo~ - LDAP security protocol: null
2009-10-23 15:06:37 DEBUG [ajp-8009-3 ] - s.d.n.l.NexusLdapCo~ - LDAP security authentication: null
2009-10-23 15:06:37 DEBUG [ajp-8009-3 ] - s.d.n.l.NexusLdapCo~ - LDAP search scope: subtree
2009-10-23 15:06:37 DEBUG [ajp-8009-3 ] - s.d.n.l.LdapAuthent~ - User object found
2009-10-23 15:06:37 DEBUG [ajp-8009-3 ] - s.d.n.l.LdapAuthent~ - LDAP authentication principal: uid=testuser, dc=corporation,dc=de
2009-10-23 15:06:37 DEBUG [ajp-8009-3 ] - s.d.n.l.NexusLdapCo~ - LDAP provider url(s): ldap://ldap:389
2009-10-23 15:06:37 DEBUG [ajp-8009-3 ] - s.d.n.l.NexusLdapCo~ - LDAP initial context factory: com.sun.jndi.ldap.LdapCtxFactory
2009-10-23 15:06:37 DEBUG [ajp-8009-3 ] - s.d.n.l.NexusLdapCo~ - LDAP security protocol: null
2009-10-23 15:06:37 DEBUG [ajp-8009-3 ] - s.d.n.l.NexusLdapCo~ - LDAP security authentication: null
2009-10-23 15:06:37 ERROR [ajp-8009-3 ] - o.j.r.l.AbstractLda~ - LDAP naming error while attempting to authenticate user.
javax.naming.CommunicationException: [LDAP: error code 2 - version not supported]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3089)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2987)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2789)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2703)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:293)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
at javax.naming.InitialContext.init(InitialContext.java:223)
at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:134)
at se.devoteam.nexus.ldap.NexusLdapContextFactory.getLdapContext(NexusLdapContextFactory.java:63)
at se.devoteam.nexus.ldap.LdapAuthenticatingRealm.queryForAuthenticationInfo(LdapAuthenticatingRealm.java:139)
at org.jsecurity.realm.ldap.AbstractLdapRealm.doGetAuthenticationInfo(AbstractLdapRealm.java:186)
at org.jsecurity.realm.AuthenticatingRealm.getAuthenticationInfo(AuthenticatingRealm.java:168)
at org.sonatype.jsecurity.web.WebPlexusSecurity.getAuthenticationInfo(WebPlexusSecurity.java:185)
at org.jsecurity.authc.pam.ModularRealmAuthenticator.doSingleRealmAuthentication(ModularRealmAuthenticator.java:186)
at org.jsecurity.authc.pam.ModularRealmAuthenticator.doAuthenticate(ModularRealmAuthenticator.java:276)
at org.jsecurity.authc.AbstractAuthenticator.authenticate(AbstractAuthenticator.java:141)
at org.jsecurity.mgt.AuthenticatingSecurityManager.authenticate(AuthenticatingSecurityManager.java:171)
at org.jsecurity.mgt.DefaultSecurityManager.login(DefaultSecurityManager.java:312)
at org.jsecurity.subject.DelegatingSubject.login(DelegatingSubject.java:237)
at org.jsecurity.web.filter.authc.AuthenticatingFilter.executeLogin(AuthenticatingFilter.java:49)
at org.sonatype.nexus.security.filter.authc.NexusHttpAuthenticationFilter.onAccessDenied(NexusHttpAuthenticationFilter.java:121)
at org.jsecurity.web.filter.AccessControlFilter.onPreHandle(AccessControlFilter.java:145)
at org.jsecurity.web.filter.PathMatchingFilter.preHandle(PathMatchingFilter.java:175)
at org.jsecurity.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:129)
at org.jsecurity.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:180)
at org.jsecurity.web.servlet.FilterChainWrapper.doFilter(FilterChainWrapper.java:57)
at org.jsecurity.web.servlet.JSecurityFilter.doFilterInternal(JSecurityFilter.java:382)
at org.jsecurity.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:180)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
at org.apache.coyote.ajp.AjpAprProcessor.process(AjpAprProcessor.java:419)
at org.apache.coyote.ajp.AjpAprProtocol$AjpConnectionHandler.process(AjpAprProtocol.java:378)
at org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1509)
at java.lang.Thread.run(Thread.java:619)
2009-10-23 15:06:37 INFO [ajp-8009-3 ] - o.s.n.s.f.a.NexusSe~ - Unable to authenticate user [testuser] from address/host [172.31.2.155/172.31.2.155]
2009-10-23 15:06:37 DEBUG [ajp-8009-3 ] - o.s.n.e.Authenticat~:default - Notifying 1 EventListener about event org.sonatype.nexus.auth.NexusAuthenticationEvent fired ([email protected])
嗨帕特里克,你可以分享的解決方案? – 2013-05-07 02:17:44