Axelor & LDAP

bouzidi2006 · Novembre 19, 2018, 1:28

Hello,

I have been trying to get LDAP to work with no luck. I can connect to LDAP using other scripts and using Apache Directory Studio, but can’t login using Axelor.

Application.properties file is set with the correct LDAP server values.

This is what I’ve been able to get from the logs (Everything is set to logging ALL) :

Blockquote
2018-11-19 01:23:25.584 TRACE 25110 — [http-nio-8080-exec-1] .i.SessionFactoryImpl$SessionBuilderImpl : Opening Hibernate Session. tenant=null, owner=null
2018-11-19 01:23:25.584 DEBUG 25110 — [http-nio-8080-exec-1] o.h.r.j.i.LogicalConnectionManagedImpl : hibernate.connection.provider_disables_autocommit was enabled. This setting should only be enabled when you are certain that the Connections given to Hibernate by the ConnectionProvider have auto-commit disabled. Enabling this setting when the Connections do not have auto-commit disabled will lead to Hibernate executing SQL operations outside of any JDBC/SQL transaction.
2018-11-19 01:23:25.585 TRACE 25110 — [http-nio-8080-exec-1] org.hibernate.internal.SessionImpl : Opened Session [322b28f1-cba9-4293-86bc-ae139801b7d6] at timestamp: 6318451120472064
2018-11-19 01:23:25.585 TRACE 25110 — [http-nio-8080-exec-1] o.a.s.web.servlet.OncePerRequestFilter : Filter ‹ Key[type=org.apache.shiro.guice.web.GuiceShiroFilter, annotation=[none]] › not yet executed. Executing now.
2018-11-19 01:23:25.585 TRACE 25110 — [http-nio-8080-exec-1] o.a.shiro.mgt.DefaultSecurityManager : Context already contains a SecurityManager instance. Returning.
2018-11-19 01:23:25.585 TRACE 25110 — [http-nio-8080-exec-1] o.a.shiro.mgt.DefaultSecurityManager : No identity (PrincipalCollection) found in the context. Looking for a remembered identity.
2018-11-19 01:23:25.586 TRACE 25110 — [http-nio-8080-exec-1] o.apache.shiro.web.servlet.SimpleCookie : No ‹ rememberMe › cookie value
2018-11-19 01:23:25.586 TRACE 25110 — [http-nio-8080-exec-1] o.a.shiro.mgt.DefaultSecurityManager : No remembered identity found. Returning original context.
2018-11-19 01:23:25.586 TRACE 25110 — [http-nio-8080-exec-1] o.a.s.subject.support.DelegatingSubject : attempting to get session; create = false; session is null = false; session has id = true
2018-11-19 01:23:25.586 TRACE 25110 — [http-nio-8080-exec-1] o.a.s.subject.support.DelegatingSubject : attempting to get session; create = false; session is null = false; session has id = true
2018-11-19 01:23:25.586 TRACE 25110 — [http-nio-8080-exec-1] o.a.s.subject.support.DelegatingSubject : attempting to get session; create = false; session is null = false; session has id = true
2018-11-19 01:23:25.586 TRACE 25110 — [http-nio-8080-exec-1] o.a.s.subject.support.DelegatingSubject : attempting to get session; create = false; session is null = false; session has id = true
2018-11-19 01:23:25.586 TRACE 25110 — [http-nio-8080-exec-1] o.a.s.subject.support.DelegatingSubject : attempting to get session; create = false; session is null = false; session has id = true
2018-11-19 01:23:25.586 TRACE 25110 — [http-nio-8080-exec-1] org.apache.shiro.util.ThreadContext : Bound value of type [org.apache.shiro.web.subject.support.WebDelegatingSubject] for key [org.apache.shiro.util.ThreadContext_SUBJECT_KEY] to thread [http-nio-8080-exec-1]
2018-11-19 01:23:25.586 TRACE 25110 — [http-nio-8080-exec-1] org.apache.shiro.util.ThreadContext : Bound value of type [org.apache.shiro.web.mgt.DefaultWebSecurityManager] for key [org.apache.shiro.util.ThreadContext_SECURITY_MANAGER_KEY] to thread [http-nio-8080-exec-1]
2018-11-19 01:23:25.587 TRACE 25110 — [http-nio-8080-exec-1] o.a.s.web.servlet.AbstractShiroFilter : Resolved a configured FilterChain for the current request.
2018-11-19 01:23:25.587 TRACE 25110 — [http-nio-8080-exec-1] o.a.s.web.servlet.OncePerRequestFilter : Filter ‹ null › not yet executed. Executing now.
2018-11-19 01:23:25.587 TRACE 25110 — [http-nio-8080-exec-1] o.a.shiro.web.filter.PathMatchingFilter : Attempting to match pattern ‹ /css/’ with current requestURI ‹ /css/application.login.css ›…
2018-11-19 01:23:25.587 TRACE 25110 — [http-nio-8080-exec-1] o.a.shiro.web.filter.PathMatchingFilter : Current requestURI matches pattern '/css/ ›. Determining filter chain execution…
2018-11-19 01:23:25.587 TRACE 25110 — [http-nio-8080-exec-1] o.a.shiro.web.filter.PathMatchingFilter : Filter ‹ null › is enabled for the current request under path ‹ /css/** › with config [null]. Delegating to subclass implementation for ‹ onPreHandle › check.
2018-11-19 01:23:25.587 TRACE 25110 — [http-nio-8080-exec-1] o.apache.shiro.web.servlet.AdviceFilter : Invoked preHandle method. Continuing chain?: [true]
2018-11-19 01:23:25.588 TRACE 25110 — [http-nio-8080-exec-1] o.apache.shiro.web.servlet.AdviceFilter : Successfully invoked postHandle method
2018-11-19 01:23:25.588 TRACE 25110 — [http-nio-8080-exec-1] o.apache.shiro.web.servlet.AdviceFilter : Successfully invoked afterCompletion method.
2018-11-19 01:23:25.588 TRACE 25110 — [http-nio-8080-exec-1] org.hibernate.internal.SessionImpl : Closing session [322b28f1-cba9-4293-86bc-ae139801b7d6]
2018-11-19 01:23:25.588 TRACE 25110 — [http-nio-8080-exec-1] o.h.e.jdbc.internal.JdbcCoordinatorImpl : Closing JDBC container [org.hibernate.engine.jdbc.internal.JdbcCoordinatorImpl@4863f575]
2018-11-19 01:23:25.588 TRACE 25110 — [http-nio-8080-exec-1] o.h.r.j.i.ResourceRegistryStandardImpl : Releasing JDBC resources
2018-11-19 01:23:25.589 TRACE 25110 — [http-nio-8080-exec-1] o.h.r.j.i.LogicalConnectionManagedImpl : Closing logical connection
2018-11-19 01:23:25.589 TRACE 25110 — [http-nio-8080-exec-1] o.h.r.j.i.LogicalConnectionManagedImpl : Logical connection closed
Blockquote

Any idea on where to look or what to change to get it working ?

Thanks.

Raphaelb · Novembre 20, 2018, 7:13

Not working for me neither…

femtonext · Décembre 10, 2018, 7:14

Hi,

I’m just working on right now because like u I was unable to use LDAP and I just want to understand why.
If I found a solution I will give you my feedback

Regards

Raphaelb · Décembre 11, 2018, 8:53

Thank you a lot! It’s a real problem

bouzidi2006 · Décembre 30, 2018, 5:11

Any news on this ? Still pulling my hair on it

femtonext · Janvier 2, 2019, 2:19

Sorry but not enough time to work on it these few last weeks.

femtonext · Janvier 10, 2019, 10:04

Hi,

Just note that i’m successfully used ldap auth (using OpenLdap).
Could you please share your application.properties ldap fields and specify which ldap server u use.

Regards

Raphaelb · Janvier 10, 2019, 10:49

Good morning, I use Microsoft LDAP server

femtonext · Janvier 10, 2019, 11:36

Server Url should be ldap://[host]:[port] like ldap://192.168.200.30:389
I do not have any working MSAD so unable for me to test on it.

Moreover, u need to change the ldap.group.filter value to reflect the full DN of users. Some exemple: if a user has the DN "uid=axelor,OU=ENTREPRISE,dc=domemac,dc=FR" the ldap.group.filter should be (uniqueMember=uid={0},OU=ENTREPRISE,dc=domemac,dc=FR"). If the ldap.group.filter is not correct the application will be unable to get the user’s group.

Instead of spending time to test your LDAP config using Axelor you can use any LDAP tools to test your connection, query and filters. It’s just an advise

Regards

idriss.cherif · Mars 14, 2019, 7:29

Not working for me
can you help me please ?!