The service is not included.
107 views
Skip to first unread message
Rumba Abmur
Jul 23, 2022, 11:23:33 AM7/23/22
to pwm-general
hello everyone!
could you please help with little issue?
I installed PWM in docker compose. After that I tuned it for connection to MS AD and turned on Help Desk module, but I can not choose founded users when it founded with error mesage like "The service is not included"
how can I fix it?
regards,
Tim
Rumba Abmur
Jul 23, 2022, 11:28:15 AM7/23/22
to pwm-general
суббота, 23 июля 2022 г. в 18:23:33 UTC+3, Rumba Abmur:
Rumba Abmur
Jul 23, 2022, 12:29:14 PM7/23/22
to pwm-general
here a logs after I changed filter:
022-07-23T16:25:04Z, FATAL, servlet.AbstractPwmServlet, {IjQEP,pupa} unexpected error: 5015 ERROR_INTERNAL (unexpected error during action handler for 'password.pwm.http.servlet.helpdesk.HelpdeskServlet:checkVerification', error: Collection is empty) [some ip]
2022-07-23T16:25:04Z, ERROR, servlet.AbstractPwmServlet, {IjQEP,pupa} unexpected error during action handler for 'password.pwm.http.servlet.helpdesk.HelpdeskServlet:checkVerification', error: Collection is empty [some ip] (stacktrace follows)
java.lang.Throwable: Collection is empty
at java.base/java.util.EnumSet.copyOf(EnumSet.java:173)
at password.pwm.http.servlet.helpdesk.HelpdeskVerificationOptionsBean.makeBean(HelpdeskVerificationOptionsBean.java:178)
at password.pwm.http.servlet.helpdesk.HelpdeskServlet.restCheckVerification(HelpdeskServlet.java:999)
at jdk.internal.reflect.GeneratedMethodAccessor109.invoke(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at password.pwm.http.servlet.ControlledPwmServlet.dispatchMethod(ControlledPwmServlet.java:119)
at password.pwm.http.servlet.ControlledPwmServlet.processAction(ControlledPwmServlet.java:159)
at password.pwm.http.servlet.AbstractPwmServlet.handleRequest(AbstractPwmServlet.java:123)
at password.pwm.http.servlet.AbstractPwmServlet.doPost(AbstractPwmServlet.java:73)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:660)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at password.pwm.http.filter.AbstractPwmFilter$PwmFilterChain.doFilter(AbstractPwmFilter.java:153)
at password.pwm.http.filter.AuthenticationFilter.processAuthenticatedSession(AuthenticationFilter.java:210)
at password.pwm.http.filter.AuthenticationFilter.processFilter(AuthenticationFilter.java:107)
at password.pwm.http.filter.AbstractPwmFilter.doFilter(AbstractPwmFilter.java:97)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at password.pwm.http.filter.AbstractPwmFilter$PwmFilterChain.doFilter(AbstractPwmFilter.java:153)
at password.pwm.http.filter.SessionFilter.processFilter(SessionFilter.java:111)
at password.pwm.http.filter.AbstractPwmFilter.doFilter(AbstractPwmFilter.java:97)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at password.pwm.http.filter.AbstractPwmFilter$PwmFilterChain.doFilter(AbstractPwmFilter.java:153)
at password.pwm.http.filter.ApplicationModeFilter.processFilter(ApplicationModeFilter.java:82)
at password.pwm.http.filter.AbstractPwmFilter.doFilter(AbstractPwmFilter.java:97)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at password.pwm.http.filter.AbstractPwmFilter$PwmFilterChain.doFilter(AbstractPwmFilter.java:153)
at password.pwm.http.filter.ObsoleteUrlFilter.processFilter(ObsoleteUrlFilter.java:65)
at password.pwm.http.filter.AbstractPwmFilter.doFilter(AbstractPwmFilter.java:97)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at password.pwm.http.filter.RequestInitializationFilter.initializeServletRequest(RequestInitializationFilter.java:244)
at password.pwm.http.filter.RequestInitializationFilter.doFilter(RequestInitializationFilter.java:166)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at com.github.ziplet.filter.compression.CompressingFilter.doFilter(CompressingFilter.java:263)
at password.pwm.http.filter.GZIPFilter.doFilter(GZIPFilter.java:79)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at password.pwm.http.filter.CookieManagementFilter.doFilter(CookieManagementFilter.java:77)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:200)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:678)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:836)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1839)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.base/java.lang.Thread.run(Thread.java:834
2022-07-23T16:25:04Z, ERROR, servlet.AbstractPwmServlet, {IjQEP,pupa} unexpected error during action handler for 'password.pwm.http.servlet.helpdesk.HelpdeskServlet:checkVerification', error: Collection is empty [some ip] (stacktrace follows)
java.lang.Throwable: Collection is empty
at java.base/java.util.EnumSet.copyOf(EnumSet.java:173)
at password.pwm.http.servlet.helpdesk.HelpdeskVerificationOptionsBean.makeBean(HelpdeskVerificationOptionsBean.java:178)
at password.pwm.http.servlet.helpdesk.HelpdeskServlet.restCheckVerification(HelpdeskServlet.java:999)
at jdk.internal.reflect.GeneratedMethodAccessor109.invoke(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at password.pwm.http.servlet.ControlledPwmServlet.dispatchMethod(ControlledPwmServlet.java:119)
at password.pwm.http.servlet.ControlledPwmServlet.processAction(ControlledPwmServlet.java:159)
at password.pwm.http.servlet.AbstractPwmServlet.handleRequest(AbstractPwmServlet.java:123)
at password.pwm.http.servlet.AbstractPwmServlet.doPost(AbstractPwmServlet.java:73)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:660)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at password.pwm.http.filter.AbstractPwmFilter$PwmFilterChain.doFilter(AbstractPwmFilter.java:153)
at password.pwm.http.filter.AuthenticationFilter.processAuthenticatedSession(AuthenticationFilter.java:210)
at password.pwm.http.filter.AuthenticationFilter.processFilter(AuthenticationFilter.java:107)
at password.pwm.http.filter.AbstractPwmFilter.doFilter(AbstractPwmFilter.java:97)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at password.pwm.http.filter.AbstractPwmFilter$PwmFilterChain.doFilter(AbstractPwmFilter.java:153)
at password.pwm.http.filter.SessionFilter.processFilter(SessionFilter.java:111)
at password.pwm.http.filter.AbstractPwmFilter.doFilter(AbstractPwmFilter.java:97)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at password.pwm.http.filter.AbstractPwmFilter$PwmFilterChain.doFilter(AbstractPwmFilter.java:153)
at password.pwm.http.filter.ApplicationModeFilter.processFilter(ApplicationModeFilter.java:82)
at password.pwm.http.filter.AbstractPwmFilter.doFilter(AbstractPwmFilter.java:97)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at password.pwm.http.filter.AbstractPwmFilter$PwmFilterChain.doFilter(AbstractPwmFilter.java:153)
at password.pwm.http.filter.ObsoleteUrlFilter.processFilter(ObsoleteUrlFilter.java:65)
at password.pwm.http.filter.AbstractPwmFilter.doFilter(AbstractPwmFilter.java:97)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at password.pwm.http.filter.RequestInitializationFilter.initializeServletRequest(RequestInitializationFilter.java:244)
at password.pwm.http.filter.RequestInitializationFilter.doFilter(RequestInitializationFilter.java:166)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at com.github.ziplet.filter.compression.CompressingFilter.doFilter(CompressingFilter.java:263)
at password.pwm.http.filter.GZIPFilter.doFilter(GZIPFilter.java:79)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at password.pwm.http.filter.CookieManagementFilter.doFilter(CookieManagementFilter.java:77)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:200)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:678)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:836)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1839)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.base/java.lang.Thread.run(Thread.java:834
суббота, 23 июля 2022 г. в 18:28:15 UTC+3, Rumba Abmur:
Jason Rivard
Jul 24, 2022, 12:05:33 PM7/24/22
to pwm-general
You didn't say what version your using but at a guess this looks like a bug in 1.9.x that was fixed in v2.0.x.
Rumba Abmur
Jul 25, 2022, 2:55:53 AM7/25/22
to pwm-general
Hi Jason,
thx for yuor replay!
curentli it is 2.0.0 as I understood correctly.
Another question: is there has LDAP filter examples for helpdesk module? I mean this one
because after ichange filter form sAMEaccountName to (&(objectClass=Person)((userpricipalname=*%USERNAME%*)))
I have a new error different from "Service is not enabled"
thx in advance
воскресенье, 24 июля 2022 г. в 19:05:33 UTC+3, Jason Rivard:
Rumba Abmur
Jul 25, 2022, 9:54:08 AM7/25/22
to pwm-general
sooo, it is realy look like a bug but in v2.0. I tried v1.9 and it works correct, thx a lot
I tried this one docker compose image which was affected:
# Yves Hwang
# 26.09.2016
version: '2'
services:
openldap:
image: osixia/openldap:1.1.9
ports:
- "389:389"
- "636:636"
expose:
- "636"
- "389"
environment:
- LDAP_TLS=false
phpldapadmin:
image: osixia/phpldapadmin:0.7.0
ports:
- "6443:443"
expose:
- "443"
links:
- openldap
environment:
- PHPLDAPADMIN_LDAP_HOSTS=openldap
- PHPLDAPADMIN_LDAP_CLIENT_TLS=false
pwm:
image: fjudith/pwm:latest
ports:
- "8080:8080"
expose:
- "8080"
links:
- openldap - phpldapadmin
# 26.09.2016
version: '2'
services:
openldap:
image: osixia/openldap:1.1.9
ports:
- "389:389"
- "636:636"
expose:
- "636"
- "389"
environment:
- LDAP_TLS=false
phpldapadmin:
image: osixia/phpldapadmin:0.7.0
ports:
- "6443:443"
expose:
- "443"
links:
- openldap
environment:
- PHPLDAPADMIN_LDAP_HOSTS=openldap
- PHPLDAPADMIN_LDAP_CLIENT_TLS=false
pwm:
image: fjudith/pwm:latest
ports:
- "8080:8080"
expose:
- "8080"
links:
- openldap - phpldapadmin
And this one was ok:
version: "3.7"
services:
freeipa:
image: freeipa/freeipa-server:centos-7
container_name: freeipa
hostname: pwm.pupa.com
dns:
- 127.0.0.1
restart: unless-stopped
environment:
- PASSWORD=passw0rd # default login
- IPA_SERVER_HOSTNAME=pwm.moskvich.ru
tty: true
read_only: true
stdin_open: true
privileged: true
cap_add:
- NET_ADMIN
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
- freeipa-data:/data
sysctls:
- net.ipv6.conf.lo.disable_ipv6=0
- net.ipv6.conf.all.disable_ipv6=0
security_opt:
- seccomp:unconfined
command:
- -U
- --domain=example.com
- --realm=example.com
- --http-pin=P4ssw0rd
- --dirsrv-pin=P4ssw0rd
- --ds-password=P4ssw0rd
- --admin-password=P4ssw0rd
#- --no-host-dns
#- --no-dnssec-validation
- --setup-dns
- --auto-forwarders
- --allow-zone-overlap
- --unattended
ports:
- "53:53/udp"
- "53:53"
- "80:80"
- "443:443"
- "389:389"
- "636:636"
- "88:88"
- "464:464"
- "88:88/udp"
- "464:464/udp"
- "123:123/udp"
- "7389:7389"
- "9443:9443"
- "9444:9444"
- "9445:9445"
phpldpaadmin:
image: osixia/phpldapadmin:0.7.1
container_name: phpldpaadmin
hostname: phpldpaadmin.example.com
environment:
- PHPLDAPADMIN_LDAP_HOSTS=freeipa
ports:
- "6443:443"
postgres:
image: amd64/postgres:9-alpine
container_name: postgres
hostname: postgres.example.com
environment:
- POSTGRES_DB=pwm
- POSTGRES_USER=pwm
- POSTGRES_PASSWORD=P4ssw0rd
pwm:
image: fjudith/pwm:1.9.1
container_name: pwm
hostname: pwm
ports:
- "8080:8080"
volumes:
freeipa-data:
services:
freeipa:
image: freeipa/freeipa-server:centos-7
container_name: freeipa
hostname: pwm.pupa.com
dns:
- 127.0.0.1
restart: unless-stopped
environment:
- PASSWORD=passw0rd # default login
- IPA_SERVER_HOSTNAME=pwm.moskvich.ru
tty: true
read_only: true
stdin_open: true
privileged: true
cap_add:
- NET_ADMIN
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
- freeipa-data:/data
sysctls:
- net.ipv6.conf.lo.disable_ipv6=0
- net.ipv6.conf.all.disable_ipv6=0
security_opt:
- seccomp:unconfined
command:
- -U
- --domain=example.com
- --realm=example.com
- --http-pin=P4ssw0rd
- --dirsrv-pin=P4ssw0rd
- --ds-password=P4ssw0rd
- --admin-password=P4ssw0rd
#- --no-host-dns
#- --no-dnssec-validation
- --setup-dns
- --auto-forwarders
- --allow-zone-overlap
- --unattended
ports:
- "53:53/udp"
- "53:53"
- "80:80"
- "443:443"
- "389:389"
- "636:636"
- "88:88"
- "464:464"
- "88:88/udp"
- "464:464/udp"
- "123:123/udp"
- "7389:7389"
- "9443:9443"
- "9444:9444"
- "9445:9445"
phpldpaadmin:
image: osixia/phpldapadmin:0.7.1
container_name: phpldpaadmin
hostname: phpldpaadmin.example.com
environment:
- PHPLDAPADMIN_LDAP_HOSTS=freeipa
ports:
- "6443:443"
postgres:
image: amd64/postgres:9-alpine
container_name: postgres
hostname: postgres.example.com
environment:
- POSTGRES_DB=pwm
- POSTGRES_USER=pwm
- POSTGRES_PASSWORD=P4ssw0rd
pwm:
image: fjudith/pwm:1.9.1
container_name: pwm
hostname: pwm
ports:
- "8080:8080"
volumes:
freeipa-data:
I hope I'm not violating community rules by posting links.
Thx a lot!
понедельник, 25 июля 2022 г. в 09:55:53 UTC+3, Rumba Abmur:
Jason Rivard
Jul 25, 2022, 5:32:47 PM7/25/22
to pwm-general
1) v1.9x is quite old at this time and I would not recommend it, especially for new systems.
2) Using a a docker image by a third party is a bit of a risk, I would not recommend it. v2.x has included downloadable docker images in the official releases.
3) This appears fixed in v2.0.1 and the recently released v2.0.2.
Rumba Abmur
Jul 26, 2022, 5:24:56 AM7/26/22
to pwm-general
hello Jason!
Thx for your answer!
Last question:
This action not clear for me
Steps:
- Load your docker image with image nae of default pwm/pwm-webapp:
docker load --input=pwm-docker-image-v2.0.0.tar
is this image contained in docker hub? I can not find this image archive in official PWM repository in git hub
thx in advance!
вторник, 26 июля 2022 г. в 00:32:47 UTC+3, Jason Rivard:
jason.e...@gmail.com
Jul 26, 2022, 9:55:42 AM7/26/22
to pwm-general
It is there, https://github.com/pwm-project/pwm/releases , listed under 'Assets'
Rumba Abmur
Jul 27, 2022, 2:57:28 AM7/27/22
to pwm-general
Rumba Abmur
Jul 27, 2022, 3:59:15 AM7/27/22
to pwm-general
and last question: is this app has possibility to make temporary passwords for the users in Help Desk module? I mean when I reseting pass for the user could I make it temporary (user must change password after next logon) ?
thx in advance
Tim
среда, 27 июля 2022 г. в 09:57:28 UTC+3, Rumba Abmur:
Jason Rivard
Jul 27, 2022, 7:29:23 AM7/27/22
to pwm-general
Yes, that's the default behavior.
Rumba Abmur
Jul 28, 2022, 4:36:55 AM7/28/22
to pwm-general
Yes I found it
Thx for you help and have a good day!
среда, 27 июля 2022 г. в 14:29:23 UTC+3, Jason Rivard:
Reply all
Reply to author
Forward
0 new messages