we are having issues when enabling LDAP on dotCMS 2.5.1.
This is our configuration of the portal-ext.properties file, which worked in previous versions:
# LDAP (LDAP Servers)
# once a user is authenticated, LDAP will query the user and pull a list
# of groups that the user belongs to
# These groups will be created in the CMS on the fly and the CMS user will
# be associated with them.
auth.pipeline.pre=com.dotcms.enterprise.LDAPProxy
auth.impl.ldap.initial.context.factory=com.sun.jndi.ldap.LdapCtxFactory
# Set SSL if you are using LDAPS or leave blank
auth.impl.ldap.security.authentication=
# set path to keystore with root server cert imported or leave blank
auth.impl.ldap.security.keystore.path=
auth.impl.ldap.host=172.17.1.1
auth.impl.ldap.port=389
# should be full dn of user
auth.impl.ldap.userid=xxxxxx
auth.impl.ldap.password=xxxxxx
auth.impl.ldap.domainlookup=OU=Users,OU=ISAAC,DC=isaac,DC=local
auth.impl.build.groups=true
auth.impl.ldap.build.group.name.filter=^ldap_dotCMS_(.*)
# Prefix the dotcms should strip from group name. Leave blank to not strip any prefix.
auth.impl.ldap.build.group.name.filter.strip=ldap_dotCMS_
#If you set to false any user created from LDAP will not be able to log into the dotCMS if LDAP is not availible.
auth.impl.ldap.syncPassword=true
# The following attributes can be used to match up dotCMS user properties to LDAP Attributes. Uncomment all attributes.
# If you leave the attribute blank then it will not be synced from LDAP.
# NOTE: YOU CANNOT HAVE A GROUP NAME WITH A "=" IN IT
auth.impl.ldap.attrib.user=mail
auth.impl.ldap.attrib.firstName=givenName
auth.impl.ldap.attrib.middleName=middleName
auth.impl.ldap.attrib.lastName=sn
auth.impl.ldap.attrib.nickName=
auth.impl.ldap.attrib.email=mail
auth.impl.ldap.attrib.gender=
auth.impl.ldap.attrib.group=memberOf
[12/03/14 09:11:28:075 CET] WARN util.JDBCExceptionReporter: SQL Error: 0, SQLState: 23505
[12/03/14 09:11:28:075 CET] ERROR util.JDBCExceptionReporter: ERROR: duplicate key value violates unique constraint "users_cms_roles_parent1"
Detail: Key (role_id, user_id)=(742c9eb3-8651-4df4-b1dc-00c8c64aee4f, dotcms.org.2836) already exists.
[12/03/14 09:11:28:076 CET] ERROR impl.SessionImpl: Could not synchronize database state with session
[12/03/14 09:11:28:076 CET] ERROR enterprise.LDAPImpl: Unable to add user dotcms.org.2836 to LDAP User role
com.dotmarketing.exception.DotHibernateException: Unable to save Object to Hibernate Session
at com.dotmarketing.db.HibernateUtil.save(HibernateUtil.java:453)
at com.dotmarketing.business.RoleFactoryImpl.addRoleToUser(RoleFactoryImpl.java:236)
at com.dotmarketing.business.RoleAPIImpl.addRoleToUser(RoleAPIImpl.java:178)
at com.dotcms.enterprise.BaseAuthenticator.b(SourceFile:277)
at com.dotcms.enterprise.BaseAuthenticator.a(SourceFile:170)
at com.dotcms.enterprise.BaseAuthenticator.authenticateByEmailAddress(SourceFile:115)
at com.dotcms.enterprise.LDAPProxy.authenticateByEmailAddress(SourceFile:24)
at com.dotcms.enterprise.AuthPipelineImpl.a(SourceFile:103)
at com.dotcms.enterprise.AuthPipelineImpl.a(SourceFile:45)
at com.dotcms.enterprise.AuthPipeProxy.authenticateByEmailAddress(SourceFile:13)
at com.liferay.portal.ejb.UserManagerImpl._authenticate(UserManagerImpl.java:654)
at com.liferay.portal.ejb.UserManagerImpl.authenticateByEmailAddress(UserManagerImpl.java:101)
at com.liferay.portal.ejb.UserManagerUtil.authenticateByEmailAddress(UserManagerUtil.java:70)
at com.liferay.portal.action.LoginAction._login(LoginAction.java:195)
at com.liferay.portal.action.LoginAction.execute(LoginAction.java:100)
at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:421)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:226)
at com.liferay.portal.struts.PortalRequestProcessor.process(PortalRequestProcessor.java:157)
at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1164)
at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:415)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
at com.liferay.portal.servlet.MainServlet.callParentService(MainServlet.java:275)
at com.liferay.portal.servlet.MainServlet.service(MainServlet.java:501)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at com.liferay.filters.secure.SecureFilter.doFilter(SecureFilter.java:135)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.tuckey.web.filters.urlrewrite.RuleChain.handleRewrite(RuleChain.java:176)
at org.tuckey.web.filters.urlrewrite.RuleChain.doRules(RuleChain.java:145)
at org.tuckey.web.filters.urlrewrite.UrlRewriter.processRequest(UrlRewriter.java:92)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at com.dotmarketing.cms.urlmap.filters.URLMapFilter.doFilter(URLMapFilter.java:85)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at com.dotmarketing.filters.TimeMachineFilter.doFilter(TimeMachineFilter.java:162)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at nl.isaac.dotcms.duurzamereten.filter.RequestStoringFilter.doFilter(RequestStoringFilter.java:25)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at nl.isaac.dotcms.mobilesite.filter.MobileUserAgentRedirectFilter.doFilter(MobileUserAgentRedirectFilter.java:78)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at nl.isaac.dotcms.plugin.configuration.filter.RequestStoringFilter.doFilter(RequestStoringFilter.java:37)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at com.dotmarketing.filters.CharsetEncodingFilter.doFilter(CharsetEncodingFilter.java:146)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:465)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:555)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:190)
at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:291)
at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:769)
at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:698)
at org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:891)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:690)
at java.lang.Thread.run(Thread.java:662)
Caused by: net.sf.hibernate.exception.ConstraintViolationException: could not insert: [com.dotmarketing.business.UsersRoles#13555e5d-5182-4125-8d60-0c6f649f1d5c]
at net.sf.hibernate.exception.SQLStateConverter.convert(SQLStateConverter.java:62)
at net.sf.hibernate.exception.JDBCExceptionHelper.convert(JDBCExceptionHelper.java:29)
at net.sf.hibernate.persister.AbstractEntityPersister.convert(AbstractEntityPersister.java:1331)
at net.sf.hibernate.persister.EntityPersister.insert(EntityPersister.java:472)
at net.sf.hibernate.persister.EntityPersister.insert(EntityPersister.java:436)
at net.sf.hibernate.impl.ScheduledInsertion.execute(ScheduledInsertion.java:37)
at net.sf.hibernate.impl.SessionImpl.execute(SessionImpl.java:2449)
at net.sf.hibernate.impl.SessionImpl.executeAll(SessionImpl.java:2435)
at net.sf.hibernate.impl.SessionImpl.execute(SessionImpl.java:2392)
at net.sf.hibernate.impl.SessionImpl.flush(SessionImpl.java:2261)
at com.dotmarketing.db.HibernateUtil.save(HibernateUtil.java:451)
... 73 more
Caused by: org.postgresql.util.PSQLException: ERROR: duplicate key value violates unique constraint "users_cms_roles_parent1"
Detail: Key (role_id, user_id)=(742c9eb3-8651-4df4-b1dc-00c8c64aee4f, dotcms.org.2836) already exists.
at org.postgresql.core.v3.QueryExecutorImpl.receiveErrorResponse(QueryExecutorImpl.java:2102)
at org.postgresql.core.v3.QueryExecutorImpl.processResults(QueryExecutorImpl.java:1835)
at org.postgresql.core.v3.QueryExecutorImpl.execute(QueryExecutorImpl.java:257)
at org.postgresql.jdbc2.AbstractJdbc2Statement.execute(AbstractJdbc2Statement.java:500)
at org.postgresql.jdbc2.AbstractJdbc2Statement.executeWithFlags(AbstractJdbc2Statement.java:388)
at org.postgresql.jdbc2.AbstractJdbc2Statement.executeUpdate(AbstractJdbc2Statement.java:334)
at org.apache.tomcat.dbcp.dbcp.DelegatingPreparedStatement.executeUpdate(DelegatingPreparedStatement.java:102)
at net.sf.hibernate.impl.NonBatchingBatcher.addToBatch(NonBatchingBatcher.java:22)
at net.sf.hibernate.persister.EntityPersister.insert(EntityPersister.java:462)
... 80 more
[12/03/14 09:11:28:819 CET] INFO business.DotGuavaCacheAdministratorImpl: *** Building Cache : logmappercache, size:10, toDisk:false,Concurrency:32
[12/03/14 09:11:32:813 CET] ERROR business.HostAPIImpl: User dotcms.org.default does not have permission to host:
www.severinus.nl[12/03/14 09:11:34:099 CET] ERROR business.HostAPIImpl: User dotcms.org.default does not have permission to host:
www.severinus.nl(END)
It says I don't have any permissions to the host I'm trying to login to, but if we remove the plugin, I can login just fine.