Configuring XNAT 1.7.4: ldap1 and logos
243 views
Skip to first unread message
Robin Kämpe
Feb 8, 2018, 11:06:19 AM2/8/18
to xnat_discussion
Hi again,
Now I have 1.7.4 up and running, thanks for the help! 2 follow up questions:
LDAP1
1. We used the domain of our network to so that any one with an account on the domain could log in to xnat (admin had to approve after first login try). We did this via ldap1 that we configured in the service.properties file, from /home/xnat/Development/xnat_1_6_dev/projects/xnat/conf (or something like that) like this:
# Add "ldap1" to the enabled provider list above and fill in the missing fields to enable LDAP authentication.
provider.ldap1.name=Domain Login
provider.ldap1.id=ldap1
provider.ldap1.type=ldap
provider.ldap1.address=ldap://domain.local:389/DC=doman,DC=local
provider.ldap1.userdn=srv-xnat
provider.ldap1.password=XXXX
provider.ldap1.search.base=OU=Domain
provider.ldap1.search.filter=(sAMAccountName={0})
This was simple enough for me to do since my computer science skills are limited. On 1.7.4 I'm not sure how to proceed since I cannot find the service.properties file.
According to the third entry here I should make a plugin where I put the info above. This is a pasted from the link:
To have a single LDAP provider be the means of authentication to XNAT, simply create a jar with a file in it located at META-INF/xnat/auth/ldap1-provider.properties relative to the top level of the jar (and put the jar in your XNAT plugins directory). The contents of this file should be something like:
I have never worked with jar-files or made any plugins. What is my best approach? Where can I learn how to create such a plugin?
LOGOS
2. Simpler question. I wanted to change the XNAT logo that appears in web-app. For 1.6.5 I replaced the logo.gif, logo.png and logo. jpg located in the images directory in the deployment. Here (1.7.4) I managed to change logo by replacing the images in /var/lib/bomcat7/webapps/ROOT/images/. Is this the correct way to do it? Or can this also be solved via plugins? That would be better since I would have to re-do this after each update (new .WAR file).
Thanks!!
Now I have 1.7.4 up and running, thanks for the help! 2 follow up questions:
LDAP1
1. We used the domain of our network to so that any one with an account on the domain could log in to xnat (admin had to approve after first login try). We did this via ldap1 that we configured in the service.properties file, from /home/xnat/Development/xnat_1_6_dev/projects/xnat/conf (or something like that) like this:
# Add "ldap1" to the enabled provider list above and fill in the missing fields to enable LDAP authentication.
provider.ldap1.name=Domain Login
provider.ldap1.id=ldap1
provider.ldap1.type=ldap
provider.ldap1.address=ldap://domain.local:389/DC=doman,DC=local
provider.ldap1.userdn=srv-xnat
provider.ldap1.password=XXXX
provider.ldap1.search.base=OU=Domain
provider.ldap1.search.filter=(sAMAccountName={0})
This was simple enough for me to do since my computer science skills are limited. On 1.7.4 I'm not sure how to proceed since I cannot find the service.properties file.
According to the third entry here I should make a plugin where I put the info above. This is a pasted from the link:
To have a single LDAP provider be the means of authentication to XNAT, simply create a jar with a file in it located at META-INF/xnat/auth/ldap1-provider.properties relative to the top level of the jar (and put the jar in your XNAT plugins directory). The contents of this file should be something like:
name=LDAP
id=ldap1
type=ldap
address=ldap://ldapurl:389/dc=my,dc=domain
userdn=cn=MyServiceAccount,ou=MyGroup,dc=my,dc=domain
password=MyPassword
search.base=ou=people
search.filter=(uid={0})
I have never worked with jar-files or made any plugins. What is my best approach? Where can I learn how to create such a plugin?
LOGOS
2. Simpler question. I wanted to change the XNAT logo that appears in web-app. For 1.6.5 I replaced the logo.gif, logo.png and logo. jpg located in the images directory in the deployment. Here (1.7.4) I managed to change logo by replacing the images in /var/lib/bomcat7/webapps/ROOT/images/. Is this the correct way to do it? Or can this also be solved via plugins? That would be better since I would have to re-do this after each update (new .WAR file).
Thanks!!
Moore, Charlie
Feb 8, 2018, 11:21:30 AM2/8/18
to xnat_di...@googlegroups.com
Robin,
Adding an LDAP authentication provider can be done without use of a plugin (although a plugin can be used). We have documentation for that here: https://wiki.xnat.org/documentation/xnat-administration/configuring-authentication-providers.
For customizing the logo, that’s primarily done with a plugin now. Put the logo in src/main/resources/META-INF/resources/images. Then, in the admin UI (Administer > Site Administration), from the Site Setup tab, there’s a “Site Logo Path”, which you would specify as “/images/my_custom_logo.png”
Thanks,
Charlie
--
You received this message because you are subscribed to the Google Groups "xnat_discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
xnat_discussi...@googlegroups.com.
To post to this group, send email to
xnat_di...@googlegroups.com.
Visit this group at https://groups.google.com/group/xnat_discussion.
For more options, visit https://groups.google.com/d/optout.
The materials in this message are private and may contain Protected Healthcare Information or other information of a sensitive nature. If you are not the intended recipient, be advised that any unauthorized use, disclosure, copying or the taking of any action in reliance on the contents of this information is strictly prohibited. If you have received this email in error, please immediately notify the sender via telephone or return mail.
Robin Kämpe
Feb 9, 2018, 8:58:43 AM2/9/18
to xnat_discussion
Thanks!
I'm trying to follow the instructions but it does not work and I don't even see anything about it in the logs. I do get some warnings when I use my old syntax but nothing with the new.
On our current xnat 1.6.5,where ldap1 login works, this is how the service.properties look (db and ldap in bold):
xnat@xnatdev:~$ cat /home/xnat/Development/xnat_builder_1_6dev/projects/xnat/src/conf/services.properties
#
# D:/Development/XNAT/1.6/xnat_builder_1_6dev/plugin-resources/conf/services.properties
# XNAT http://www.xnat.org
# Copyright (c) 2014, Washington University School of Medicine
# All Rights Reserved
#
# Released under the Simplified BSD.
#
# Last modified 2/7/14 12:19 PM
#
site.title=XNAT
datasource.name=@XDAT_DB_NAME@
datasource.driver=@XDAT_DB_DRIVER@
datasource.url=@XDAT_DB_URL@
datasource.username=@XDAT_DB_USERNAME@
datasource.password=@XDAT_DB_PASSWORD@
mailserver.host=@XDAT_MAIL_SERVER@
mailserver.port=@XDAT_MAIL_PORT@
mailserver.username=@XDAT_MAIL_USERNAME@
mailserver.password=@XDAT_MAIL_PASSWORD@
mailserver.protocol=@XDAT_MAIL_PROTOCOL@
mailserver.admin=@XDAT_MAIL_ADMIN@
mailserver.prefix=@XDAT_MAIL_PREFIX@
# Session XML rebuilder settings. interval is in minutes, repeat is in milliseconds.
services.rebuilder.interval=5
services.rebuilder.repeat=60000
# Settings for the DICOM SCP Receiver. You can change the AE title and port here, as well as change the user that is
# used for operations on received files, e.g. archiving sessions in projects with auto-archiving.
services.dicom.scp.aetitle=XNAT
services.dicom.scp.port=8104
services.dicom.scp.receivedfileuser=admin
# Indicate the required security channel for the server. This can be http, https, or any.
security.channel=@XDAT_SECURITY_CHANNEL@
# Number of failed login attempts before accounts are temporarily locked (-1 disables feature).
security.max_failed_logins=-1
# Number of milliseconds to lock user accounts that have exceeded the max_failed_logins count (3600000 for 1 hour, 86400000 for 24 hours).
security.max_failed_logins_lockout_duration=86400000
# Number of seconds of inactivity before an account is disabled (31556926 for 1 year).
security.inactivity_before_lockout=31556926
# Interval for timing out alias tokens. Uses PostgreSQL interval notation: http://www.postgresql.org/docs/9.0/static/functions-datetime.html
security.token_timeout=2 days
# Java regular expression that new passwords must match. For no complexity checks, set this to ^.*$
security.password_complexity=^.*$
# Message that explains the password complexity requirements. This is displayed when user chooses a new password that fails to meet them.
security.password_complexity_message=Password is not sufficiently complex.
# Number of days for which a password cannot be reused.
security.password_history=365
# The maximum number of permitted sessions a user can have open simultaneously.
security.sessions.concurrent_max=1000
# The following parameters are used to allow/force users to enter change justifications when modifying data.
audit.require_change_justification=false
audit.show_change_justification=false
# Sets default values for the ActiveMQ configuration.
amq.usage.temp=128mb
amq.usage.mem=512mb
amq.usage.store=1gb
# Comma-separated list of the providers that users will be able to use to authenticate.
provider.providers.enabled=ldap1,db
#local db
provider.db.name=Xnat Login
provider.db.id=localdb
provider.db.type=db
I'm trying to follow the instructions but it does not work and I don't even see anything about it in the logs. I do get some warnings when I use my old syntax but nothing with the new.
On our current xnat 1.6.5,where ldap1 login works, this is how the service.properties look (db and ldap in bold):
xnat@xnatdev:~$ cat /home/xnat/Development/xnat_builder_1_6dev/projects/xnat/src/conf/services.properties
#
# D:/Development/XNAT/1.6/xnat_builder_1_6dev/plugin-resources/conf/services.properties
# XNAT http://www.xnat.org
# Copyright (c) 2014, Washington University School of Medicine
# All Rights Reserved
#
# Released under the Simplified BSD.
#
# Last modified 2/7/14 12:19 PM
#
site.title=XNAT
datasource.name=@XDAT_DB_NAME@
datasource.driver=@XDAT_DB_DRIVER@
datasource.url=@XDAT_DB_URL@
datasource.username=@XDAT_DB_USERNAME@
datasource.password=@XDAT_DB_PASSWORD@
mailserver.host=@XDAT_MAIL_SERVER@
mailserver.port=@XDAT_MAIL_PORT@
mailserver.username=@XDAT_MAIL_USERNAME@
mailserver.password=@XDAT_MAIL_PASSWORD@
mailserver.protocol=@XDAT_MAIL_PROTOCOL@
mailserver.admin=@XDAT_MAIL_ADMIN@
mailserver.prefix=@XDAT_MAIL_PREFIX@
# Session XML rebuilder settings. interval is in minutes, repeat is in milliseconds.
services.rebuilder.interval=5
services.rebuilder.repeat=60000
# Settings for the DICOM SCP Receiver. You can change the AE title and port here, as well as change the user that is
# used for operations on received files, e.g. archiving sessions in projects with auto-archiving.
services.dicom.scp.aetitle=XNAT
services.dicom.scp.port=8104
services.dicom.scp.receivedfileuser=admin
# Indicate the required security channel for the server. This can be http, https, or any.
security.channel=@XDAT_SECURITY_CHANNEL@
# Number of failed login attempts before accounts are temporarily locked (-1 disables feature).
security.max_failed_logins=-1
# Number of milliseconds to lock user accounts that have exceeded the max_failed_logins count (3600000 for 1 hour, 86400000 for 24 hours).
security.max_failed_logins_lockout_duration=86400000
# Number of seconds of inactivity before an account is disabled (31556926 for 1 year).
security.inactivity_before_lockout=31556926
# Interval for timing out alias tokens. Uses PostgreSQL interval notation: http://www.postgresql.org/docs/9.0/static/functions-datetime.html
security.token_timeout=2 days
# Java regular expression that new passwords must match. For no complexity checks, set this to ^.*$
security.password_complexity=^.*$
# Message that explains the password complexity requirements. This is displayed when user chooses a new password that fails to meet them.
security.password_complexity_message=Password is not sufficiently complex.
# Number of days for which a password cannot be reused.
security.password_history=365
# The maximum number of permitted sessions a user can have open simultaneously.
security.sessions.concurrent_max=1000
# The following parameters are used to allow/force users to enter change justifications when modifying data.
audit.require_change_justification=false
audit.show_change_justification=false
# Sets default values for the ActiveMQ configuration.
amq.usage.temp=128mb
amq.usage.mem=512mb
amq.usage.store=1gb
# Comma-separated list of the providers that users will be able to use to authenticate.
provider.providers.enabled=ldap1,db
#local db
provider.db.name=Xnat Login
provider.db.id=localdb
provider.db.type=db
# Add "ldap1" to the enabled provider list above and fill in the missing fields to enable LDAP authentication.
provider.ldap1.name=MyDomain Login
provider.ldap1.id=ldap1
provider.ldap1.type=ldap
provider.ldap1.address=ldap://my.domain:389/DC=my,DC=domain
provider.ldap1.userdn=srv-xnat
provider.ldap1.password=MyPassword
provider.ldap1.search.base=OU=My
provider.ldap1.search.filter=(sAMAccountName={0})
So first I tried this:
xnat@Vader:/data/xnat/home/config/auth$ tree /data/xnat/home/config/
/data/xnat/home/config/
├── auth
│ ├
│ └── service.properties
└── xnat-conf.properties
1 directory, 3 files
xnat@Vader:/data/xnat/home/config/auth$
Where service.properties is:
# Comma-separated list of the providers that users will be able to use to authenticate.
provider.providers.enabled=ldap1,db
#local database
provider.db.name=Xnat Login
provider.db.id=localdb
provider.db.type=db
provider.ldap1.id=ldap1
provider.ldap1.type=ldap
provider.ldap1.address=ldap://my.domain:389/DC=my,DC=domain
provider.ldap1.userdn=srv-xnat
provider.ldap1.password=MyPassword
provider.ldap1.search.base=OU=My
provider.ldap1.search.filter=(sAMAccountName={0})
So first I tried this:
xnat@Vader:/data/xnat/home/config/auth$ tree /data/xnat/home/config/
/data/xnat/home/config/
├── auth
│ ├
│ └── service.properties
└── xnat-conf.properties
1 directory, 3 files
xnat@Vader:/data/xnat/home/config/auth$
Where service.properties is:
# Comma-separated list of the providers that users will be able to use to authenticate.
provider.providers.enabled=ldap1,db
#local database
provider.db.name=Xnat Login
provider.db.id=localdb
provider.db.type=db
# Add "ldap1" to the enabled provider list above and fill in the missing fields to enable LDAP authentication.
provider.ldap1.name=MyDomain Login
provider.ldap1.id=ldap1
provider.ldap1.type=ldap
provider.ldap1.address=ldap://my.domain:389/DC=my,DC=doman
provider.ldap1.userdn=srv-xnat
provider.ldap1.password=MyPassword
provider.ldap1.search.base=OU=my
provider.ldap1.search.filter=(sAMAccountName={0})
This does not succeed and the logs look like this: cat /data/xnat/home/logs/*
xnat@Vader:/data/xnat/home/config/auth$ cat ../../logs/*
0 [localhost-startStop-1] ERROR org.apache.axis.configuration.EngineConfigurationFactoryServlet - Unable to find config file. Creating new servlet engine config file: /WEB-INF/server-config.wsdd
125 [localhost-startStop-1] ERROR org.apache.axis.configuration.EngineConfigurationFactoryServlet - Unable to find config file. Creating new servlet engine config file: /WEB-INF/server-config.wsdd
2018-02-09 14:37:04,997 [taskScheduler-1] INFO org.nrg.xnat.initialization.tasks.CreateOrUpdateDatabaseViews - This service is the primary XNAT node, checking whether database updates are required.
2018-02-09 14:37:05,025 [taskScheduler-1] INFO org.nrg.xnat.initialization.tasks.CreateOrUpdateDatabaseViews - Initializing database views...
2018-02-09 14:37:08,181 [taskScheduler-1] INFO org.nrg.xnat.initialization.tasks.CreateOrUpdateDatabaseViews - View initialization complete.
2018-02-09 14:37:08,270 [taskScheduler-1] INFO org.nrg.xnat.initialization.tasks.UpdateConfigurationService - No suspect configuration entries found.
xnat@Vader:/data/xnat/home/config/auth$
I tried to follow the syntax of the link you sent me and nothing really happens:
name=MyDomain-Login
id=ldap1
type=ldap
adress=ldap://my.domain:389/dc=my,dc=domain
userdn=cn=srv-xnat
password=MyPassword
search.base=ou=my
search.filter=(sAMAccountName={0})
When trying the syntax just above (from the link) I get no info in the logfiles.
cat logs/*
xnat@Vader:/data/xnat/home/config/auth$ cat ../../logs/*
0 [localhost-startStop-1] ERROR org.apache.axis.configuration.EngineConfigurationFactoryServlet - Unable to find config file. Creating new servlet engine config file: /WEB-INF/server-config.wsdd
125 [localhost-startStop-1] ERROR org.apache.axis.configuration.EngineConfigurationFactoryServlet - Unable to find config file. Creating new servlet engine config file: /WEB-INF/server-config.wsdd
2018-02-09 14:37:04,997 [taskScheduler-1] INFO org.nrg.xnat.initialization.tasks.CreateOrUpdateDatabaseViews - This service is the primary XNAT node, checking whether database updates are required.
2018-02-09 14:37:05,025 [taskScheduler-1] INFO org.nrg.xnat.initialization.tasks.CreateOrUpdateDatabaseViews - Initializing database views...
2018-02-09 14:37:08,181 [taskScheduler-1] INFO org.nrg.xnat.initialization.tasks.CreateOrUpdateDatabaseViews - View initialization complete.
2018-02-09 14:37:08,270 [taskScheduler-1] INFO org.nrg.xnat.initialization.tasks.UpdateConfigurationService - No suspect configuration entries found.
xnat@Vader:/data/xnat/home/config/auth$
With this specific syntax (your link but a little altered I get some other errors in the logs):
service.properties:
name=MyDomain-Login
id=ldap1
type=ldap
adress=ldap://my.domain:389/dc=my,dc=domain
userdn=srv-xnat
password=MyPassword
search.base=ou=my
search.filter=(sAMAccountName={0})
Errorlog:
xnat@Vader:/data/xnat/home/config/auth$ cat ../../logs/*
0 [localhost-startStop-1] ERROR org.apache.axis.configuration.EngineConfigurationFactoryServlet - Unable to find config file. Creating new servlet engine config file: /WEB-INF/server-config.wsdd
130 [localhost-startStop-1] ERROR org.apache.axis.configuration.EngineConfigurationFactoryServlet - Unable to find config file. Creating new servlet engine config file: /WEB-INF/server-config.wsdd
0 [localhost-startStop-1] ERROR org.apache.axis.configuration.EngineConfigurationFactoryServlet - Unable to find config file. Creating new servlet engine config file: /WEB-INF/server-config.wsdd
122 [localhost-startStop-1] ERROR org.apache.axis.configuration.EngineConfigurationFactoryServlet - Unable to find config file. Creating new servlet engine config file: /WEB-INF/server-config.wsdd
2018-02-09 14:49:19,032 Encountered a JMSException - resetting the underlying JMS Connection
javax.jms.JMSException: Broker has been stopped: org.apache.activemq.broker.BrokerService$5@5aed2ed
at org.apache.activemq.util.JMSExceptionSupport.create(JMSExceptionSupport.java:49)
at org.apache.activemq.ActiveMQConnection.onAsyncException(ActiveMQConnection.java:1949)
at org.apache.activemq.ActiveMQConnection$3$1.run(ActiveMQConnection.java:1869)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
Caused by: org.apache.activemq.broker.BrokerStoppedException: Broker has been stopped: org.apache.activemq.broker.BrokerService$5@5aed2ed
at org.apache.activemq.broker.ErrorBroker.getBrokerService(ErrorBroker.java:252)
at org.apache.activemq.broker.MutableBrokerFilter.getBrokerService(MutableBrokerFilter.java:261)
at org.apache.activemq.broker.region.Queue.isSlave(Queue.java:1712)
at org.apache.activemq.broker.region.Queue.removeSubscription(Queue.java:577)
at org.apache.activemq.broker.region.AbstractRegion.removeConsumer(AbstractRegion.java:381)
at org.apache.activemq.broker.region.RegionBroker.removeConsumer(RegionBroker.java:445)
at org.apache.activemq.broker.BrokerFilter.removeConsumer(BrokerFilter.java:117)
at org.apache.activemq.advisory.AdvisoryBroker.removeConsumer(AdvisoryBroker.java:254)
at org.apache.activemq.broker.BrokerFilter.removeConsumer(BrokerFilter.java:117)
at org.apache.activemq.broker.BrokerFilter.removeConsumer(BrokerFilter.java:117)
at org.apache.activemq.broker.MutableBrokerFilter.removeConsumer(MutableBrokerFilter.java:123)
at org.apache.activemq.broker.TransportConnection.processRemoveConsumer(TransportConnection.java:593)
at org.apache.activemq.command.RemoveInfo.visit(RemoveInfo.java:76)
at org.apache.activemq.broker.TransportConnection.service(TransportConnection.java:294)
at org.apache.activemq.broker.TransportConnection$1.onCommand(TransportConnection.java:152)
at org.apache.activemq.transport.ResponseCorrelator.onCommand(ResponseCorrelator.java:116)
at org.apache.activemq.transport.MutexTransport.onCommand(MutexTransport.java:50)
at org.apache.activemq.transport.vm.VMTransport.iterate(VMTransport.java:241)
at org.apache.activemq.thread.PooledTaskRunner.runTask(PooledTaskRunner.java:129)
at org.apache.activemq.thread.PooledTaskRunner$1.run(PooledTaskRunner.java:47)
... 3 more
2018-02-09 14:50:17,180 [taskScheduler-1] INFO org.nrg.xnat.initialization.tasks.CreateOrUpdateDatabaseViews - This service is the primary XNAT node, checking whether database updates are required.
2018-02-09 14:50:17,204 [taskScheduler-1] INFO org.nrg.xnat.initialization.tasks.CreateOrUpdateDatabaseViews - Initializing database views...
2018-02-09 14:50:20,435 [taskScheduler-1] INFO org.nrg.xnat.initialization.tasks.CreateOrUpdateDatabaseViews - View initialization complete.
2018-02-09 14:50:20,545 [taskScheduler-1] INFO org.nrg.xnat.initialization.tasks.UpdateConfigurationService - No suspect configuration entries found.
And with just this small change (usrdn=srv-xnat ----> usrdn=xnat) the error log gets back to not showing anything:
xnat@Vader:/data/xnat/home/config/auth$ cat ../../logs/*
0 [localhost-startStop-1] ERROR org.apache.axis.configuration.EngineConfigurationFactoryServlet - Unable to find config file. Creating new servlet engine config file: /WEB-INF/server-config.wsdd
130 [localhost-startStop-1] ERROR org.apache.axis.configuration.EngineConfigurationFactoryServlet - Unable to find config file. Creating new servlet engine config file: /WEB-INF/server-config.wsdd
2018-02-09 14:55:05,369 [taskScheduler-1] INFO org.nrg.xnat.initialization.tasks.CreateOrUpdateDatabaseViews - This service is the primary XNAT node, checking whether database updates are required.
2018-02-09 14:55:05,379 [taskScheduler-1] INFO org.nrg.xnat.initialization.tasks.CreateOrUpdateDatabaseViews - Initializing database views...
2018-02-09 14:55:08,608 [taskScheduler-1] INFO org.nrg.xnat.initialization.tasks.CreateOrUpdateDatabaseViews - View initialization complete.
2018-02-09 14:55:08,725 [taskScheduler-1] INFO org.nrg.xnat.initialization.tasks.UpdateConfigurationService - No suspect configuration entries found.
xnat@Vader:/data/xnat/home/config/auth$
So, at least what the file says seems to matter but I have not managed to make the config file to work. It worked for 1.6.5...
Thanks for a any input!
provider.ldap1.id=ldap1
provider.ldap1.type=ldap
provider.ldap1.address=ldap://my.domain:389/DC=my,DC=doman
provider.ldap1.userdn=srv-xnat
provider.ldap1.password=MyPassword
provider.ldap1.search.base=OU=my
provider.ldap1.search.filter=(sAMAccountName={0})
This does not succeed and the logs look like this: cat /data/xnat/home/logs/*
xnat@Vader:/data/xnat/home/config/auth$ cat ../../logs/*
0 [localhost-startStop-1] ERROR org.apache.axis.configuration.EngineConfigurationFactoryServlet - Unable to find config file. Creating new servlet engine config file: /WEB-INF/server-config.wsdd
125 [localhost-startStop-1] ERROR org.apache.axis.configuration.EngineConfigurationFactoryServlet - Unable to find config file. Creating new servlet engine config file: /WEB-INF/server-config.wsdd
2018-02-09 14:37:04,997 [taskScheduler-1] INFO org.nrg.xnat.initialization.tasks.CreateOrUpdateDatabaseViews - This service is the primary XNAT node, checking whether database updates are required.
2018-02-09 14:37:05,025 [taskScheduler-1] INFO org.nrg.xnat.initialization.tasks.CreateOrUpdateDatabaseViews - Initializing database views...
2018-02-09 14:37:08,181 [taskScheduler-1] INFO org.nrg.xnat.initialization.tasks.CreateOrUpdateDatabaseViews - View initialization complete.
2018-02-09 14:37:08,270 [taskScheduler-1] INFO org.nrg.xnat.initialization.tasks.UpdateConfigurationService - No suspect configuration entries found.
xnat@Vader:/data/xnat/home/config/auth$
I tried to follow the syntax of the link you sent me and nothing really happens:
name=MyDomain-Login
id=ldap1
type=ldap
adress=ldap://my.domain:389/dc=my,dc=domain
userdn=cn=srv-xnat
password=MyPassword
search.base=ou=my
search.filter=(sAMAccountName={0})
When trying the syntax just above (from the link) I get no info in the logfiles.
cat logs/*
xnat@Vader:/data/xnat/home/config/auth$ cat ../../logs/*
0 [localhost-startStop-1] ERROR org.apache.axis.configuration.EngineConfigurationFactoryServlet - Unable to find config file. Creating new servlet engine config file: /WEB-INF/server-config.wsdd
125 [localhost-startStop-1] ERROR org.apache.axis.configuration.EngineConfigurationFactoryServlet - Unable to find config file. Creating new servlet engine config file: /WEB-INF/server-config.wsdd
2018-02-09 14:37:04,997 [taskScheduler-1] INFO org.nrg.xnat.initialization.tasks.CreateOrUpdateDatabaseViews - This service is the primary XNAT node, checking whether database updates are required.
2018-02-09 14:37:05,025 [taskScheduler-1] INFO org.nrg.xnat.initialization.tasks.CreateOrUpdateDatabaseViews - Initializing database views...
2018-02-09 14:37:08,181 [taskScheduler-1] INFO org.nrg.xnat.initialization.tasks.CreateOrUpdateDatabaseViews - View initialization complete.
2018-02-09 14:37:08,270 [taskScheduler-1] INFO org.nrg.xnat.initialization.tasks.UpdateConfigurationService - No suspect configuration entries found.
xnat@Vader:/data/xnat/home/config/auth$
With this specific syntax (your link but a little altered I get some other errors in the logs):
service.properties:
name=MyDomain-Login
id=ldap1
type=ldap
adress=ldap://my.domain:389/dc=my,dc=domain
userdn=srv-xnat
password=MyPassword
search.base=ou=my
search.filter=(sAMAccountName={0})
Errorlog:
xnat@Vader:/data/xnat/home/config/auth$ cat ../../logs/*
0 [localhost-startStop-1] ERROR org.apache.axis.configuration.EngineConfigurationFactoryServlet - Unable to find config file. Creating new servlet engine config file: /WEB-INF/server-config.wsdd
130 [localhost-startStop-1] ERROR org.apache.axis.configuration.EngineConfigurationFactoryServlet - Unable to find config file. Creating new servlet engine config file: /WEB-INF/server-config.wsdd
0 [localhost-startStop-1] ERROR org.apache.axis.configuration.EngineConfigurationFactoryServlet - Unable to find config file. Creating new servlet engine config file: /WEB-INF/server-config.wsdd
122 [localhost-startStop-1] ERROR org.apache.axis.configuration.EngineConfigurationFactoryServlet - Unable to find config file. Creating new servlet engine config file: /WEB-INF/server-config.wsdd
2018-02-09 14:49:19,032 Encountered a JMSException - resetting the underlying JMS Connection
javax.jms.JMSException: Broker has been stopped: org.apache.activemq.broker.BrokerService$5@5aed2ed
at org.apache.activemq.util.JMSExceptionSupport.create(JMSExceptionSupport.java:49)
at org.apache.activemq.ActiveMQConnection.onAsyncException(ActiveMQConnection.java:1949)
at org.apache.activemq.ActiveMQConnection$3$1.run(ActiveMQConnection.java:1869)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
Caused by: org.apache.activemq.broker.BrokerStoppedException: Broker has been stopped: org.apache.activemq.broker.BrokerService$5@5aed2ed
at org.apache.activemq.broker.ErrorBroker.getBrokerService(ErrorBroker.java:252)
at org.apache.activemq.broker.MutableBrokerFilter.getBrokerService(MutableBrokerFilter.java:261)
at org.apache.activemq.broker.region.Queue.isSlave(Queue.java:1712)
at org.apache.activemq.broker.region.Queue.removeSubscription(Queue.java:577)
at org.apache.activemq.broker.region.AbstractRegion.removeConsumer(AbstractRegion.java:381)
at org.apache.activemq.broker.region.RegionBroker.removeConsumer(RegionBroker.java:445)
at org.apache.activemq.broker.BrokerFilter.removeConsumer(BrokerFilter.java:117)
at org.apache.activemq.advisory.AdvisoryBroker.removeConsumer(AdvisoryBroker.java:254)
at org.apache.activemq.broker.BrokerFilter.removeConsumer(BrokerFilter.java:117)
at org.apache.activemq.broker.BrokerFilter.removeConsumer(BrokerFilter.java:117)
at org.apache.activemq.broker.MutableBrokerFilter.removeConsumer(MutableBrokerFilter.java:123)
at org.apache.activemq.broker.TransportConnection.processRemoveConsumer(TransportConnection.java:593)
at org.apache.activemq.command.RemoveInfo.visit(RemoveInfo.java:76)
at org.apache.activemq.broker.TransportConnection.service(TransportConnection.java:294)
at org.apache.activemq.broker.TransportConnection$1.onCommand(TransportConnection.java:152)
at org.apache.activemq.transport.ResponseCorrelator.onCommand(ResponseCorrelator.java:116)
at org.apache.activemq.transport.MutexTransport.onCommand(MutexTransport.java:50)
at org.apache.activemq.transport.vm.VMTransport.iterate(VMTransport.java:241)
at org.apache.activemq.thread.PooledTaskRunner.runTask(PooledTaskRunner.java:129)
at org.apache.activemq.thread.PooledTaskRunner$1.run(PooledTaskRunner.java:47)
... 3 more
2018-02-09 14:50:17,180 [taskScheduler-1] INFO org.nrg.xnat.initialization.tasks.CreateOrUpdateDatabaseViews - This service is the primary XNAT node, checking whether database updates are required.
2018-02-09 14:50:17,204 [taskScheduler-1] INFO org.nrg.xnat.initialization.tasks.CreateOrUpdateDatabaseViews - Initializing database views...
2018-02-09 14:50:20,435 [taskScheduler-1] INFO org.nrg.xnat.initialization.tasks.CreateOrUpdateDatabaseViews - View initialization complete.
2018-02-09 14:50:20,545 [taskScheduler-1] INFO org.nrg.xnat.initialization.tasks.UpdateConfigurationService - No suspect configuration entries found.
And with just this small change (usrdn=srv-xnat ----> usrdn=xnat) the error log gets back to not showing anything:
xnat@Vader:/data/xnat/home/config/auth$ cat ../../logs/*
0 [localhost-startStop-1] ERROR org.apache.axis.configuration.EngineConfigurationFactoryServlet - Unable to find config file. Creating new servlet engine config file: /WEB-INF/server-config.wsdd
130 [localhost-startStop-1] ERROR org.apache.axis.configuration.EngineConfigurationFactoryServlet - Unable to find config file. Creating new servlet engine config file: /WEB-INF/server-config.wsdd
2018-02-09 14:55:05,369 [taskScheduler-1] INFO org.nrg.xnat.initialization.tasks.CreateOrUpdateDatabaseViews - This service is the primary XNAT node, checking whether database updates are required.
2018-02-09 14:55:05,379 [taskScheduler-1] INFO org.nrg.xnat.initialization.tasks.CreateOrUpdateDatabaseViews - Initializing database views...
2018-02-09 14:55:08,608 [taskScheduler-1] INFO org.nrg.xnat.initialization.tasks.CreateOrUpdateDatabaseViews - View initialization complete.
2018-02-09 14:55:08,725 [taskScheduler-1] INFO org.nrg.xnat.initialization.tasks.UpdateConfigurationService - No suspect configuration entries found.
xnat@Vader:/data/xnat/home/config/auth$
So, at least what the file says seems to matter but I have not managed to make the config file to work. It worked for 1.6.5...
Thanks for a any input!
Moore, Charlie
Feb 9, 2018, 9:53:34 AM2/9/18
to xnat_di...@googlegroups.com
Robin,
The error changes to me look coincidental, which would mean your properties files aren’t getting picked up in any of those cases. I think it’s the file naming. This is mentioned in other spots on that page, but not the “Adding an LDAP Provider Configuration” section (maybe it should be there too). Each provider needs to be in its own properties file, with the name ${id}-provider.properties .
So, you should have two files: localdb-provider.properties and ldap1-provider.properties. Give that a try.
Thanks,
Charlie
From: xnat_di...@googlegroups.com [mailto:xnat_di...@googlegroups.com] On Behalf Of Robin Kämpe
Sent: Friday, February 09, 2018 7:59 AM
To: xnat_discussion <xnat_di...@googlegroups.com>
--
You received this message because you are subscribed to the Google Groups "xnat_discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
xnat_discussi...@googlegroups.com.
To post to this group, send email to
xnat_di...@googlegroups.com.
Visit this group at https://groups.google.com/group/xnat_discussion.
For more options, visit https://groups.google.com/d/optout.
Robin Kämpe
Feb 9, 2018, 1:20:09 PM2/9/18
to xnat_discussion
Thanks!
I managed to make xnat load the front page and I can now choose from the local database (XNAT) and the ldap1 method (My-Domin Login).
Question 1: The default one is the local database (XNAT). I want the ldap1 to be default. In the previous version I simply wrote the order in service.properties (provider.providers.enabled=ldap1,db). That made ldap come first in the drop down menu. How do I do here?
Question 2: I can login using the local user admin using the local database setting. But I don't think the ldap was setup correctly. Here is the current file and the errors from the logs:
XNAT window:
Note: Your login attempt failed because the username and password combination you provided was invalid or your user already has the maximum number of user sessions open. After 20 failed login attempts, your user account will be locked. If you believe your account is currently locked, you can:
name=MY-Login
id=ldap1
type=ldap
address=ldap://my.domain:389/DC=my,DC=domain
userdn=srv-xnat (also tested userdn=cd=srv-xnat)
password=MyPassword
search.base=OU=MY
search.filter=(sAMAccountName={0})
The guide says that the syntax is a little bit different. The above worked before but now it says:
It seems like it can't find the domain (which "is" my.domain). So perhaps the address-field is wrong? In the old file it said: provider.ldap1.address=ldap://my.domain:389/DC=my,DC=domain.
So I just put
address=ldap://my.domain:389/DC=my,DC=domain
Do I need to put the server IP in the allowed ldap list or something? Below you can see that it complains about my.domain beeing Unknown Host
Logs:
I managed to make xnat load the front page and I can now choose from the local database (XNAT) and the ldap1 method (My-Domin Login).
Question 1: The default one is the local database (XNAT). I want the ldap1 to be default. In the previous version I simply wrote the order in service.properties (provider.providers.enabled=ldap1,db). That made ldap come first in the drop down menu. How do I do here?
Question 2: I can login using the local user admin using the local database setting. But I don't think the ldap was setup correctly. Here is the current file and the errors from the logs:
XNAT window:
Note: Your login attempt failed because the username and password combination you provided was invalid or your user already has the maximum number of user sessions open. After 20 failed login attempts, your user account will be locked. If you believe your account is currently locked, you can:
- Unlock it by resetting your password
- Wait one hour for it to unlock automatical
name=MY-Login
id=ldap1
type=ldap
address=ldap://my.domain:389/DC=my,DC=domain
userdn=srv-xnat (also tested userdn=cd=srv-xnat)
password=MyPassword
search.base=OU=MY
search.filter=(sAMAccountName={0})
The guide says that the syntax is a little bit different. The above worked before but now it says:
userdn=cn=MyServiceAccount,ou=MyGroup,dc=my,dc=domainIt seems like it can't find the domain (which "is" my.domain). So perhaps the address-field is wrong? In the old file it said: provider.ldap1.address=ldap://my.domain:389/DC=my,DC=domain.
So I just put
address=ldap://my.domain:389/DC=my,DC=domain
Do I need to put the server IP in the allowed ldap list or something? Below you can see that it complains about my.domain beeing Unknown Host
Logs:
xnat@Vader:/data/xnat/home/config/auth$ cat ../../logs/*
0 [localhost-startStop-1] ERROR org.apache.axis.configuration.EngineConfigurationFactoryServlet - Unable to find config file. Creating new servlet engine config file: /WEB-INF/server-config.wsdd
119 [localhost-startStop-1] ERROR org.apache.axis.configuration.EngineConfigurationFactoryServlet - Unable to find config file. Creating new servlet engine config file: /WEB-INF/server-config.wsdd
2018-02-09 18:57:13,154 [taskScheduler-1] INFO org.nrg.xnat.initialization.tasks.CreateOrUpdateDatabaseViews - This service is the primary XNAT node, checking whether database updates are required.
2018-02-09 18:57:13,180 [taskScheduler-1] INFO org.nrg.xnat.initialization.tasks.CreateOrUpdateDatabaseViews - Initializing database views...
2018-02-09 18:57:16,251 [taskScheduler-1] INFO org.nrg.xnat.initialization.tasks.CreateOrUpdateDatabaseViews - View initialization complete.
2018-02-09 18:57:16,354 [taskScheduler-1] INFO org.nrg.xnat.initialization.tasks.UpdateConfigurationService - No suspect configuration entries found.
xnat@Vader:/data/xnat/home/config/auth$ vim ldap1-provider.properties
xnat@Vader:/data/xnat/home/config/auth$ cat ../../logs/*
2018-02-09 19:00:15,013 - robka 10.208.19.39 Authentication SUCCESS
2018-02-09 19:00:20,093 - robka 10.208.19.39 Authentication FAILED
2018-02-09 18:57:13,154 [taskScheduler-1] INFO org.nrg.xnat.initialization.tasks.CreateOrUpdateDatabaseViews - This service is the primary XNAT node, checking whether database updates are required.
2018-02-09 18:57:13,180 [taskScheduler-1] INFO org.nrg.xnat.initialization.tasks.CreateOrUpdateDatabaseViews - Initializing database views...
2018-02-09 18:57:16,251 [taskScheduler-1] INFO org.nrg.xnat.initialization.tasks.CreateOrUpdateDatabaseViews - View initialization complete.
2018-02-09 18:57:16,354 [taskScheduler-1] INFO org.nrg.xnat.initialization.tasks.UpdateConfigurationService - No suspect configuration entries found.
xnat@Vader:/data/xnat/home/config/auth$ vim ldap1-provider.properties
xnat@Vader:/data/xnat/home/config/auth$ cat ../../logs/*
2018-02-09 19:00:15,013 - robka 10.208.19.39 Authentication SUCCESS
2018-02-09 19:00:20,093 - robka 10.208.19.39 Authentication FAILED
0 [localhost-startStop-1] ERROR org.apache.axis.configuration.EngineConfigurationFactoryServlet - Unable to find config file. Creating new servlet engine config file: /WEB-INF/server-config.wsdd
119 [localhost-startStop-1] ERROR org.apache.axis.configuration.EngineConfigurationFactoryServlet - Unable to find config file. Creating new servlet engine config file: /WEB-INF/server-config.wsdd
2018-02-09 19:00:20,094 [http-bio-8080-exec-10] ERROR org.nrg.xnat.security.XnatAuthenticationFilter - An internal error occurred while trying to authenticate the user.
org.springframework.security.authentication.InternalAuthenticationServiceException: my.domain:389; nested exception is javax.naming.CommunicationException: my.domain:389 [Root exception is java.net.UnknownHostException: my.domain]
at org.springframework.security.ldap.authentication.LdapAuthenticationProvider.doAuthentication(LdapAuthenticationProvider.java:206)
at org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider.authenticate(AbstractLdapAuthenticationProvider.java:85)
at org.nrg.xnat.security.provider.XnatLdapAuthenticationProvider.authenticate(XnatLdapAuthenticationProvider.java:49)
at org.nrg.xnat.security.XnatProviderManager.authenticate(XnatProviderManager.java:112)
at org.nrg.xnat.security.XnatAuthenticationFilter.attemptAuthentication(XnatAuthenticationFilter.java:122)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.session.ConcurrentSessionFilter.doFilter(ConcurrentSessionFilter.java:155)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.nrg.xnat.security.XnatExpiredPasswordFilter.doFilter(XnatExpiredPasswordFilter.java:158)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.access.channel.ChannelProcessingFilter.doFilter(ChannelProcessingFilter.java:157)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:221)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:505)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:956)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:436)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1078)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:625)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:316)
2018-02-09 19:00:20,094 [http-bio-8080-exec-10] ERROR org.nrg.xnat.security.XnatAuthenticationFilter - An internal error occurred while trying to authenticate the user.
org.springframework.security.authentication.InternalAuthenticationServiceException: my.domain:389; nested exception is javax.naming.CommunicationException: my.domain:389 [Root exception is java.net.UnknownHostException: my.domain]
at org.springframework.security.ldap.authentication.LdapAuthenticationProvider.doAuthentication(LdapAuthenticationProvider.java:206)
at org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider.authenticate(AbstractLdapAuthenticationProvider.java:85)
at org.nrg.xnat.security.provider.XnatLdapAuthenticationProvider.authenticate(XnatLdapAuthenticationProvider.java:49)
at org.nrg.xnat.security.XnatProviderManager.authenticate(XnatProviderManager.java:112)
at org.nrg.xnat.security.XnatAuthenticationFilter.attemptAuthentication(XnatAuthenticationFilter.java:122)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.session.ConcurrentSessionFilter.doFilter(ConcurrentSessionFilter.java:155)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.nrg.xnat.security.XnatExpiredPasswordFilter.doFilter(XnatExpiredPasswordFilter.java:158)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.access.channel.ChannelProcessingFilter.doFilter(ChannelProcessingFilter.java:157)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:221)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:505)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:956)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:436)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1078)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:625)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:316)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)
Caused by: org.springframework.ldap.CommunicationException: my.domain:389; nested exception is javax.naming.CommunicationException: my.domain:389 [Root exception is java.net.UnknownHostException: my.domain]
at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:108)
at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:355)
at org.springframework.ldap.core.support.AbstractContextSource.doGetContext(AbstractContextSource.java:139)
at org.springframework.ldap.core.support.AbstractContextSource.getReadOnlyContext(AbstractContextSource.java:158)
at org.springframework.ldap.core.LdapTemplate.executeReadOnly(LdapTemplate.java:802)
at org.springframework.security.ldap.SpringSecurityLdapTemplate.searchForSingleEntry(SpringSecurityLdapTemplate.java:316)
at org.springframework.security.ldap.search.FilterBasedLdapUserSearch.searchForUser(FilterBasedLdapUserSearch.java:127)
at org.springframework.security.ldap.authentication.BindAuthenticator.authenticate(BindAuthenticator.java:95)
at org.springframework.security.ldap.authentication.LdapAuthenticationProvider.doAuthentication(LdapAuthenticationProvider.java:187)
... 43 more
Caused by: javax.naming.CommunicationException: my.domain:389 [Root exception is java.net.UnknownHostException: my.domain]
at com.sun.jndi.ldap.Connection.<init>(Connection.java:226)
at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:137)
at com.sun.jndi.ldap.LdapClientFactory.createPooledConnection(LdapClientFactory.java:64)
at com.sun.jndi.ldap.pool.Connections.<init>(Connections.java:114)
at com.sun.jndi.ldap.pool.Pool.getPooledConnection(Pool.java:136)
at com.sun.jndi.ldap.LdapPoolManager.getLdapClient(LdapPoolManager.java:329)
at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1607)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2749)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)
at javax.naming.InitialContext.init(InitialContext.java:244)
at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
at org.springframework.ldap.core.support.LdapContextSource.getDirContextInstance(LdapContextSource.java:42)
at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:343)
... 50 more
Caused by: java.net.UnknownHostException: my.domain
at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:184)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
at java.net.Socket.connect(Socket.java:589)
at java.net.Socket.connect(Socket.java:538)
at java.net.Socket.<init>(Socket.java:434)
at java.net.Socket.<init>(Socket.java:211)
at com.sun.jndi.ldap.Connection.createSocket(Connection.java:363)
at com.sun.jndi.ldap.Connection.<init>(Connection.java:203)
... 68 more
2018-02-09 18:57:13,154 [taskScheduler-1] INFO org.nrg.xnat.initialization.tasks.CreateOrUpdateDatabaseViews - This service is the primary XNAT node, checking whether database updates are required.
2018-02-09 18:57:13,180 [taskScheduler-1] INFO org.nrg.xnat.initialization.tasks.CreateOrUpdateDatabaseViews - Initializing database views...
2018-02-09 18:57:16,251 [taskScheduler-1] INFO org.nrg.xnat.initialization.tasks.CreateOrUpdateDatabaseViews - View initialization complete.
2018-02-09 18:57:16,354 [taskScheduler-1] INFO org.nrg.xnat.initialization.tasks.UpdateConfigurationService - No suspect configuration entries found.
xnat@Vader:/data/xnat/home/config/auth$
at java.lang.Thread.run(Thread.java:748)
Caused by: org.springframework.ldap.CommunicationException: my.domain:389; nested exception is javax.naming.CommunicationException: my.domain:389 [Root exception is java.net.UnknownHostException: my.domain]
at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:108)
at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:355)
at org.springframework.ldap.core.support.AbstractContextSource.doGetContext(AbstractContextSource.java:139)
at org.springframework.ldap.core.support.AbstractContextSource.getReadOnlyContext(AbstractContextSource.java:158)
at org.springframework.ldap.core.LdapTemplate.executeReadOnly(LdapTemplate.java:802)
at org.springframework.security.ldap.SpringSecurityLdapTemplate.searchForSingleEntry(SpringSecurityLdapTemplate.java:316)
at org.springframework.security.ldap.search.FilterBasedLdapUserSearch.searchForUser(FilterBasedLdapUserSearch.java:127)
at org.springframework.security.ldap.authentication.BindAuthenticator.authenticate(BindAuthenticator.java:95)
at org.springframework.security.ldap.authentication.LdapAuthenticationProvider.doAuthentication(LdapAuthenticationProvider.java:187)
... 43 more
Caused by: javax.naming.CommunicationException: my.domain:389 [Root exception is java.net.UnknownHostException: my.domain]
at com.sun.jndi.ldap.Connection.<init>(Connection.java:226)
at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:137)
at com.sun.jndi.ldap.LdapClientFactory.createPooledConnection(LdapClientFactory.java:64)
at com.sun.jndi.ldap.pool.Connections.<init>(Connections.java:114)
at com.sun.jndi.ldap.pool.Pool.getPooledConnection(Pool.java:136)
at com.sun.jndi.ldap.LdapPoolManager.getLdapClient(LdapPoolManager.java:329)
at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1607)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2749)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)
at javax.naming.InitialContext.init(InitialContext.java:244)
at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
at org.springframework.ldap.core.support.LdapContextSource.getDirContextInstance(LdapContextSource.java:42)
at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:343)
... 50 more
Caused by: java.net.UnknownHostException: my.domain
at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:184)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
at java.net.Socket.connect(Socket.java:589)
at java.net.Socket.connect(Socket.java:538)
at java.net.Socket.<init>(Socket.java:434)
at java.net.Socket.<init>(Socket.java:211)
at com.sun.jndi.ldap.Connection.createSocket(Connection.java:363)
at com.sun.jndi.ldap.Connection.<init>(Connection.java:203)
... 68 more
2018-02-09 18:57:13,154 [taskScheduler-1] INFO org.nrg.xnat.initialization.tasks.CreateOrUpdateDatabaseViews - This service is the primary XNAT node, checking whether database updates are required.
2018-02-09 18:57:13,180 [taskScheduler-1] INFO org.nrg.xnat.initialization.tasks.CreateOrUpdateDatabaseViews - Initializing database views...
2018-02-09 18:57:16,251 [taskScheduler-1] INFO org.nrg.xnat.initialization.tasks.CreateOrUpdateDatabaseViews - View initialization complete.
2018-02-09 18:57:16,354 [taskScheduler-1] INFO org.nrg.xnat.initialization.tasks.UpdateConfigurationService - No suspect configuration entries found.
xnat@Vader:/data/xnat/home/config/auth$
Moore, Charlie
Feb 9, 2018, 1:58:41 PM2/9/18
to xnat_di...@googlegroups.com
Robin,
For question 1: this can be done with an undocumented variable that is now no longer undocumented! https://wiki.xnat.org/documentation/xnat-administration/configuring-authentication-providers . In particular, look at the “order” value in the authentication provider properties. In your case, try adding order=0 at the end of your ldap properties, and order=1 at the end of your localdb properties.
Unfortunately, question 2 goes over my head as I’m not very familiar with how ldap really works. Hopefully one of the developers that’s worked on the XNAT LDAP provider code will know what to do about that.
Thanks,
Charlie
From: xnat_di...@googlegroups.com [mailto:xnat_di...@googlegroups.com]
On Behalf Of Robin Kämpe
Sent: Friday, February 09, 2018 12:20 PM
To: xnat_discussion <xnat_di...@googlegroups.com>
Subject: Re: [XNAT Discussion] Configuring XNAT 1.7.4: ldap1 and logos
Thanks!
--
You received this message because you are subscribed to the Google Groups "xnat_discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
xnat_discussi...@googlegroups.com.
To post to this group, send email to
xnat_di...@googlegroups.com.
Visit this group at https://groups.google.com/group/xnat_discussion.
For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages