[Geoserver-users] Setting up LDAP Authentication issue

Jonathan_Moules2 · March 20, 2013, 4:13pm

Hi List,
I’m trying to set up new LDAP authentication provider (there’s none yet).

I enter the Server URL:
ldap://servername.wcc-corp.ad

And the username/password.

At this point if I click “Test Connection” I get:
No user dn pattern specified

So I enter a User Lookup Pattern. But no matter what I enter in the User Lookup pattern, Clicking test, Geoserver always returns:

java.lang.StringIndexOutOfBoundsException: String index out of range: -1

I’ve tried:
users={0}
{0}

dn=jmou1,ou=datacentre-cx,ou =cg,ou=users,ou=wcc,dc=wcc-corp,dc=ad
cn=jmou1,ou=datacentre-cx,ou=cg,ou=users,ou=wcc,dc=wcc-corp,dc=ad

cn=users,ou=wcc,dc=wcc-corp,dc=ad
ou=groups,ou=wcc,dc=wcc-corp,dc=ad
random letters

In fact, the only thing that doesn’t result in that error is putting only spaces in there (it asks for the user dn pattern instead).

At this point, given the error remains consistent, is this a bug in GeoServer (2.3.0)? Otherwise, what do I put into the User Lookup pattern?

The console error starts:

20 Mar 16:07:36 WARN [org.geoserver.web.security] - String index out of range: -1
java.lang.StringIndexOutOfBoundsException: String index out of range: -1
at java.lang.String.substring(Unknown Source)
at java.lang.String.substring(Unknown Source)
at org.geoserver.web.security.ldap.LDAPAuthProviderPanel$TestLDAPConnectionPanel$1.doTest(LDAPAuthProviderPanel.java:171)
at org.geoserver.web.security.ldap.LDAPAuthProviderPanel$TestLDAPConnectionPanel$1.onSubmit(LDAPAuthProviderPanel.java:147)
at org.apache.wicket.ajax.markup.html.form.AjaxSubmitLink$1.onSubmit(AjaxSubmitLink.java:68)
at org.apache.wicket.ajax.form.AjaxFormSubmitBehavior.onEvent(AjaxFormSubmitBehavior.java:143)
at org.apache.wicket.ajax.AjaxEventBehavior.respond(AjaxEventBehavior.java:177)
at org.apache.wicket.ajax.AbstractDefaultAjaxBehavior.onRequest(AbstractDefaultAjaxBehavior.java:300)
at org.apache.wicket.request.target.component.listener.BehaviorRequestTarget.processEvents(BehaviorRequestTarget.java:119)
at org.apache.wicket.request.AbstractRequestCycleProcessor.processEvents(AbstractRequestCycleProcessor.java:92)

Thanks,

Jonathan

This transmission is intended for the named addressee(s) only and may contain sensitive or protectively marked material up to RESTRICTED and should be handled accordingly. Unless you are the named addressee (or authorised to receive it for the addressee) you may not copy or use it, or disclose it to anyone else. If you have received this transmission in error please notify the sender immediately. All email traffic sent to or from us, including without limitation all GCSX traffic, may be subject to recording and/or monitoring in accordance with relevant legislation.

Justin_Deoliveira · March 22, 2013, 10:41pm

Ok, so it seems the issue is with the ldap server url, and not having it specify the domain component. I would say this is definitely a bug in the form handling, but i think it will work if you try this.

ldap://servername.wcc-corp.ad/dc=wcc-corp,dc=ad

userdn: cn=users,ou=wcc (or whatever, without the domain components)

Try that. If indeed it works can you file a jira for fixing the form handling. Thanks.

-Justin

···

On Wed, Mar 20, 2013 at 10:13 AM, Jonathan Moules <jonathanmoules@anonymised.com…> wrote:

Hi List,
I’m trying to set up new LDAP authentication provider (there’s none yet).

I enter the Server URL:
ldap://servername.wcc-corp.ad

And the username/password.

At this point if I click “Test Connection” I get:
No user dn pattern specified

So I enter a User Lookup Pattern. But no matter what I enter in the User Lookup pattern, Clicking test, Geoserver always returns:

java.lang.StringIndexOutOfBoundsException: String index out of range: -1

I’ve tried:
users={0}
{0}

dn=jmou1,ou=datacentre-cx,ou =cg,ou=users,ou=wcc,dc=wcc-corp,dc=ad
cn=jmou1,ou=datacentre-cx,ou=cg,ou=users,ou=wcc,dc=wcc-corp,dc=ad

cn=users,ou=wcc,dc=wcc-corp,dc=ad
ou=groups,ou=wcc,dc=wcc-corp,dc=ad
random letters

In fact, the only thing that doesn’t result in that error is putting only spaces in there (it asks for the user dn pattern instead).

At this point, given the error remains consistent, is this a bug in GeoServer (2.3.0)? Otherwise, what do I put into the User Lookup pattern?

The console error starts:

20 Mar 16:07:36 WARN [org.geoserver.web.security] - String index out of range: -1
java.lang.StringIndexOutOfBoundsException: String index out of range: -1
at java.lang.String.substring(Unknown Source)
at java.lang.String.substring(Unknown Source)
at org.geoserver.web.security.ldap.LDAPAuthProviderPanel$TestLDAPConnectionPanel$1.doTest(LDAPAuthProviderPanel.java:171)
at org.geoserver.web.security.ldap.LDAPAuthProviderPanel$TestLDAPConnectionPanel$1.onSubmit(LDAPAuthProviderPanel.java:147)
at org.apache.wicket.ajax.markup.html.form.AjaxSubmitLink$1.onSubmit(AjaxSubmitLink.java:68)
at org.apache.wicket.ajax.form.AjaxFormSubmitBehavior.onEvent(AjaxFormSubmitBehavior.java:143)
at org.apache.wicket.ajax.AjaxEventBehavior.respond(AjaxEventBehavior.java:177)
at org.apache.wicket.ajax.AbstractDefaultAjaxBehavior.onRequest(AbstractDefaultAjaxBehavior.java:300)
at org.apache.wicket.request.target.component.listener.BehaviorRequestTarget.processEvents(BehaviorRequestTarget.java:119)
at org.apache.wicket.request.AbstractRequestCycleProcessor.processEvents(AbstractRequestCycleProcessor.java:92)

Thanks,

Jonathan

This transmission is intended for the named addressee(s) only and may contain sensitive or protectively marked material up to RESTRICTED and should be handled accordingly. Unless you are the named addressee (or authorised to receive it for the addressee) you may not copy or use it, or disclose it to anyone else. If you have received this transmission in error please notify the sender immediately. All email traffic sent to or from us, including without limitation all GCSX traffic, may be subject to recording and/or monitoring in accordance with relevant legislation.

Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_mar

Geoserver-users mailing list
Geoserver-users@anonymised.comsts.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users

–
Justin Deoliveira
OpenGeo - http://opengeo.org
Enterprise support for open source geospatial.

Jonathan_Moules2 · March 26, 2013, 9:34am

Hi Justin,
Thanks for the information.

I’ve been out of office a few days - it seems our server admin came up with the same solution. If I enter the following:

Server URL:
ldap://servername:389/dc=wcc-corp,dc=ad

User Lookup Pattern:
uid=O,U=Users,OU=WCC,DC=wcc-corp,DC=ad

The error changes:
javax.naming.CommunicationException: servername:389 [Root exception is java.net.UnknownHostException: wppdcon2]

I get the same if I try: ldap://servername.wcc-corp.ad:389/dc=wcc-corp,dc=ad or without the port number. I guess it can’t connect to the server. I’ll chase our server admin on that one.

Also, if I don’t put something in both the username and password box, it gives me a different java error:
java.lang.NullPointerException

Seems like there’s pretty much no verification going on behind this form. I’ll open a JIRA for these issue shortly.

Thanks again,
Jonathan

On 22 March 2013 22:41, Justin Deoliveira <jdeolive@anonymised.com> wrote:

Ok, so it seems the issue is with the ldap server url, and not having it specify the domain component. I would say this is definitely a bug in the form handling, but i think it will work if you try this.

ldap://servername.wcc-corp.ad/dc=wcc-corp,dc=ad

userdn: cn=users,ou=wcc (or whatever, without the domain components)

Try that. If indeed it works can you file a jira for fixing the form handling. Thanks.

-Justin

On Wed, Mar 20, 2013 at 10:13 AM, Jonathan Moules <jonathanmoules@anonymised.com942…> wrote:

Hi List,
I’m trying to set up new LDAP authentication provider (there’s none yet).

I enter the Server URL:
ldap://servername.wcc-corp.ad

And the username/password.

At this point if I click “Test Connection” I get:
No user dn pattern specified

So I enter a User Lookup Pattern. But no matter what I enter in the User Lookup pattern, Clicking test, Geoserver always returns:

java.lang.StringIndexOutOfBoundsException: String index out of range: -1

I’ve tried:
users={0}
{0}

dn=jmou1,ou=datacentre-cx,ou =cg,ou=users,ou=wcc,dc=wcc-corp,dc=ad
cn=jmou1,ou=datacentre-cx,ou=cg,ou=users,ou=wcc,dc=wcc-corp,dc=ad

cn=users,ou=wcc,dc=wcc-corp,dc=ad
ou=groups,ou=wcc,dc=wcc-corp,dc=ad
random letters

In fact, the only thing that doesn’t result in that error is putting only spaces in there (it asks for the user dn pattern instead).

At this point, given the error remains consistent, is this a bug in GeoServer (2.3.0)? Otherwise, what do I put into the User Lookup pattern?

The console error starts:

20 Mar 16:07:36 WARN [org.geoserver.web.security] - String index out of range: -1
java.lang.StringIndexOutOfBoundsException: String index out of range: -1
at java.lang.String.substring(Unknown Source)
at java.lang.String.substring(Unknown Source)
at org.geoserver.web.security.ldap.LDAPAuthProviderPanel$TestLDAPConnectionPanel$1.doTest(LDAPAuthProviderPanel.java:171)
at org.geoserver.web.security.ldap.LDAPAuthProviderPanel$TestLDAPConnectionPanel$1.onSubmit(LDAPAuthProviderPanel.java:147)
at org.apache.wicket.ajax.markup.html.form.AjaxSubmitLink$1.onSubmit(AjaxSubmitLink.java:68)
at org.apache.wicket.ajax.form.AjaxFormSubmitBehavior.onEvent(AjaxFormSubmitBehavior.java:143)
at org.apache.wicket.ajax.AjaxEventBehavior.respond(AjaxEventBehavior.java:177)
at org.apache.wicket.ajax.AbstractDefaultAjaxBehavior.onRequest(AbstractDefaultAjaxBehavior.java:300)
at org.apache.wicket.request.target.component.listener.BehaviorRequestTarget.processEvents(BehaviorRequestTarget.java:119)
at org.apache.wicket.request.AbstractRequestCycleProcessor.processEvents(AbstractRequestCycleProcessor.java:92)

Thanks,

Jonathan

This transmission is intended for the named addressee(s) only and may contain sensitive or protectively marked material up to RESTRICTED and should be handled accordingly. Unless you are the named addressee (or authorised to receive it for the addressee) you may not copy or use it, or disclose it to anyone else. If you have received this transmission in error please notify the sender immediately. All email traffic sent to or from us, including without limitation all GCSX traffic, may be subject to recording and/or monitoring in accordance with relevant legislation.

Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_mar

Geoserver-users mailing list
Geoserver-users@anonymised.comorge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users

–
Justin Deoliveira
OpenGeo - http://opengeo.org
Enterprise support for open source geospatial.

This transmission is intended for the named addressee(s) only and may contain sensitive or protectively marked material up to RESTRICTED and should be handled accordingly. Unless you are the named addressee (or authorised to receive it for the addressee) you may not copy or use it, or disclose it to anyone else. If you have received this transmission in error please notify the sender immediately. All email traffic sent to or from us, including without limitation all GCSX traffic, may be subject to recording and/or monitoring in accordance with relevant legislation.