Please Note This forum exists for community support for the Mango product family and the Radix IoT Platform. Although Radix IoT employees participate in this forum from time to time, there is no guarantee of a response to anything posted here, nor can Radix IoT, LLC guarantee the accuracy of any information expressed or conveyed. Specific project questions from customers with active support contracts are asked to send requests to support@radixiot.com.
Mango v4.0.0.beta7 LDAP and HTTPS do not work together
-
Hello Radixiot Team,
We have 2 different Mango v4.beta7 instance and ldap server on the same network. First instance is working properly with ldap configuration (ldap configuration is as below.) On the second instance, we perform the same ldap configuration and added a ssl certification to open Mango on https. Although, Https works fine with domain address (https://metst.tull.entp.tgc:8443/ui/administration/home) and we can connect to ldap server via Softerra LDAP browser at the second instance, we can not login with LDAP users.
So, what could be the possible reason for that? Is it because of https connection or domain address?
Error on ma.log:
WARN 2021-02-24T09:41:48,918 (com.serotonin.m2m2.web.mvc.spring.security.MangoAuthenticationFailureHandler.logException:156) - Error while authenticating IP 10.167.35.75
org.springframework.security.core.userdetails.UsernameNotFoundException: testuser
at com.serotonin.m2m2.web.mvc.spring.security.authentication.MangoUserDetailsService.loadUserByUsername(MangoUserDetailsService.java:49) ~[mango-4.0.0-beta.7.jar:?]
at com.serotonin.m2m2.web.mvc.spring.security.authentication.MangoUserDetailsService.loadUserByUsername(MangoUserDetailsService.java:32) ~[mango-4.0.0-beta.7.jar:?]
at com.serotonin.m2m2.web.mvc.spring.security.authentication.MangoPasswordAuthenticationProvider.authenticate(MangoPasswordAuthenticationProvider.java:113) ~[mango-4.0.0-beta.7.jar:?]
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:182) ~[spring-security-core-5.4.2.jar:5.4.2]
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:201) ~[spring-security-core-5.4.2.jar:5.4.2]
at com.serotonin.m2m2.web.mvc.spring.security.JsonUsernamePasswordAuthenticationFilter.attemptAuthentication(JsonUsernamePasswordAuthenticationFilter.java:107) ~[mango-4.0.0-beta.7.jar:?]
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:222) ~[spring-security-web-5.4.2.jar:5.4.2]
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212) ~[spring-security-web-5.4.2.jar:5.4.2]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.4.2.jar:5.4.2]
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:103) ~[spring-security-web-5.4.2.jar:5.4.2]
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:89) ~[spring-security-web-5.4.2.jar:5.4.2]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.4.2.jar:5.4.2]
at org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:130) ~[spring-security-web-5.4.2.jar:5.4.2]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) ~[spring-web-5.3.3.jar:5.3.3]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.4.2.jar:5.4.2]
at org.springframework.security.web.header.HeaderWriterFilter.doHeadersAfter(HeaderWriterFilter.java:90) ~[spring-security-web-5.4.2.jar:5.4.2]
at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:75) ~[spring-security-web-5.4.2.jar:5.4.2]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) ~[spring-web-5.3.3.jar:5.3.3]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.4.2.jar:5.4.2]
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:110) ~[spring-security-web-5.4.2.jar:5.4.2]
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:80) ~[spring-security-web-5.4.2.jar:5.4.2]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.4.2.jar:5.4.2]
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:55) ~[spring-security-web-5.4.2.jar:5.4.2]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) ~[spring-web-5.3.3.jar:5.3.3]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.4.2.jar:5.4.2]
at org.springframework.security.web.access.channel.ChannelProcessingFilter.doFilter(ChannelProcessingFilter.java:133) ~[spring-security-web-5.4.2.jar:5.4.2]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.4.2.jar:5.4.2]
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:211) ~[spring-security-web-5.4.2.jar:5.4.2]
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:183) ~[spring-security-web-5.4.2.jar:5.4.2]
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:358) ~[spring-web-5.3.3.jar:5.3.3]
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:271) ~[spring-web-5.3.3.jar:5.3.3]
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193) ~[jetty-servlet-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601) ~[jetty-servlet-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:548) ~[jetty-servlet-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:602) ~[jetty-security-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:235) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1624) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1435) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:501) ~[jetty-servlet-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1594) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1350) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:191) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.server.handler.gzip.GzipHandler.handle(GzipHandler.java:766) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.server.Server.handle(Server.java:516) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:388) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:633) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:380) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.server.HttpChannel.run(HttpChannel.java:340) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336) ~[jetty-util-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313) ~[jetty-util-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171) ~[jetty-util-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.produce(EatWhatYouKill.java:135) ~[jetty-util-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.http2.HTTP2Connection.produce(HTTP2Connection.java:183) ~[http2-common-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.http2.HTTP2Connection.onFillable(HTTP2Connection.java:138) ~[http2-common-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.http2.HTTP2Connection$FillableCallback.succeeded(HTTP2Connection.java:361) ~[http2-common-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105) ~[jetty-io-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:540) ~[jetty-io-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:395) ~[jetty-io-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:161) ~[jetty-io-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105) ~[jetty-io-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104) ~[jetty-io-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336) ~[jetty-util-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313) ~[jetty-util-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171) ~[jetty-util-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:129) ~[jetty-util-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:375) ~[jetty-util-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:773) ~[jetty-util-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:905) ~[jetty-util-9.4.35.v20201120.jar:9.4.35.v20201120]
at java.lang.Thread.run(Thread.java:748) [?:1.8.0_252]
WARN 2021-02-24T09:41:48,920 (com.infiniteautomation.mango.rest.latest.exception.RestExceptionHandler.handleExceptionInternal:246) - Denying access, returning status 401 UNAUTHORIZED for request uri=/rest/latest/login;client=10.167.35.75
org.springframework.security.core.userdetails.UsernameNotFoundException: testuser
at com.serotonin.m2m2.web.mvc.spring.security.authentication.MangoUserDetailsService.loadUserByUsername(MangoUserDetailsService.java:49) ~[mango-4.0.0-beta.7.jar:?]
at com.serotonin.m2m2.web.mvc.spring.security.authentication.MangoUserDetailsService.loadUserByUsername(MangoUserDetailsService.java:32) ~[mango-4.0.0-beta.7.jar:?]
at com.serotonin.m2m2.web.mvc.spring.security.authentication.MangoPasswordAuthenticationProvider.authenticate(MangoPasswordAuthenticationProvider.java:113) ~[mango-4.0.0-beta.7.jar:?]
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:182) ~[spring-security-core-5.4.2.jar:5.4.2]
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:201) ~[spring-security-core-5.4.2.jar:5.4.2]
at com.serotonin.m2m2.web.mvc.spring.security.JsonUsernamePasswordAuthenticationFilter.attemptAuthentication(JsonUsernamePasswordAuthenticationFilter.java:107) ~[mango-4.0.0-beta.7.jar:?]
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:222) ~[spring-security-web-5.4.2.jar:5.4.2]
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212) ~[spring-security-web-5.4.2.jar:5.4.2]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.4.2.jar:5.4.2]
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:103) ~[spring-security-web-5.4.2.jar:5.4.2]
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:89) ~[spring-security-web-5.4.2.jar:5.4.2]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.4.2.jar:5.4.2]
at org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:130) ~[spring-security-web-5.4.2.jar:5.4.2]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) ~[spring-web-5.3.3.jar:5.3.3]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.4.2.jar:5.4.2]
at org.springframework.security.web.header.HeaderWriterFilter.doHeadersAfter(HeaderWriterFilter.java:90) ~[spring-security-web-5.4.2.jar:5.4.2]
at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:75) ~[spring-security-web-5.4.2.jar:5.4.2]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) ~[spring-web-5.3.3.jar:5.3.3]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.4.2.jar:5.4.2]
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:110) ~[spring-security-web-5.4.2.jar:5.4.2]
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:80) ~[spring-security-web-5.4.2.jar:5.4.2]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.4.2.jar:5.4.2]
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:55) ~[spring-security-web-5.4.2.jar:5.4.2]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) ~[spring-web-5.3.3.jar:5.3.3]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.4.2.jar:5.4.2]
at org.springframework.security.web.access.channel.ChannelProcessingFilter.doFilter(ChannelProcessingFilter.java:133) ~[spring-security-web-5.4.2.jar:5.4.2]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.4.2.jar:5.4.2]
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:211) ~[spring-security-web-5.4.2.jar:5.4.2]
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:183) ~[spring-security-web-5.4.2.jar:5.4.2]
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:358) ~[spring-web-5.3.3.jar:5.3.3]
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:271) ~[spring-web-5.3.3.jar:5.3.3]
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193) ~[jetty-servlet-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601) ~[jetty-servlet-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:548) ~[jetty-servlet-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:602) ~[jetty-security-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:235) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1624) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1435) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:501) ~[jetty-servlet-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1594) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1350) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:191) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.server.handler.gzip.GzipHandler.handle(GzipHandler.java:766) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.server.Server.handle(Server.java:516) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:388) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:633) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:380) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.server.HttpChannel.run(HttpChannel.java:340) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336) ~[jetty-util-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313) ~[jetty-util-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171) ~[jetty-util-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.produce(EatWhatYouKill.java:135) ~[jetty-util-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.http2.HTTP2Connection.produce(HTTP2Connection.java:183) ~[http2-common-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.http2.HTTP2Connection.onFillable(HTTP2Connection.java:138) ~[http2-common-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.http2.HTTP2Connection$FillableCallback.succeeded(HTTP2Connection.java:361) ~[http2-common-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105) ~[jetty-io-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:540) ~[jetty-io-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:395) ~[jetty-io-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:161) ~[jetty-io-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105) ~[jetty-io-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104) ~[jetty-io-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336) ~[jetty-util-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313) ~[jetty-util-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171) ~[jetty-util-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:129) ~[jetty-util-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:375) ~[jetty-util-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:773) ~[jetty-util-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:905) ~[jetty-util-9.4.35.v20201120.jar:9.4.35.v20201120]
at java.lang.Thread.run(Thread.java:748) [?:1.8.0_252]
#LDAP Configuration
ldap.enabled=true#In what order should the LDAP authentication be used, Lower values are higher priority. Core authentication schemes are Token Auth = 2 Mango Username password = 1
ldap.authentication.order=0
ldap.authentication.url=ldap://ldaptest.tull.tgc:39/dc=entp,dc=tgc#Username (DN) of the "manager" user identity (i.e. "uid=admin,ou=system") which
will be used to authenticate to a (non-embedded) LDAP server. If omitted,
anonymous access will be used.
ldap.authentication.managerDn=uid=NTEST,ou=SpecialUsers,dc=entp,dc=tgc
#The password for the manager DN. This is required if the manager-dn is specified.
ldap.authentication.managerPassword=test#How should passwords be decoded? [PLAIN, BCRYPT, SCRYPT, ARGON2, SHA, PBKDF2, MD4] using anything other than PLAIN, BCRYPT and SHA will result in locked passwords
ldap.authentication.encoder=PLAIN#Lock passwords so only can login via LDAP
ldap.authentication.lockPasswords=true#Comma separated list
ldap.authentication.dnPatterns=#The LDAP filter used to search for users (optional). For example "(uid={0})". The
substituted parameter is the user's login name.
ldap.authentication.userSearchFilter=(uid={0})
#Search base for user searches. Defaults to "". Only used with ldap.authentication.userSearchFilter
ldap.authentication.userSearchBase=#If your users are at a fixed location in the directory (i.e. you can work out the
DN directly from the username without doing a directory search), you can use this
attribute to map directly to the DN. It maps directly to the userDnPatterns
property of AbstractLdapAuthenticator. The value is a specific pattern used to
build the user's DN, for example "uid={0},ou=people". The key "{0}" must be present
and will be substituted with the username. This can contain multiple search entries that will be tried in order
separate lines(searches) by a semicolon ;
ldap.authentication.userDnPatterns=
#The search base for group membership searches. Defaults to ""
ldap.authentication.groupSearchBase=OU=MIU,ou=AppOU,ou=Groups#The LDAP filter to search for groups. Defaults to "(uniqueMember={0})". The
substituted parameter is the DN of the user.
ldap.authentication.groupSearchFilter=(uniqueMember={0})
#Specifies the attribute name which contains the role name. Default is "cn"
ldap.authentication.groupRoleAttribute=cn#Attributes for mapping to Mango users
ldap.authentication.passwordAttribute=userPassword
ldap.authentication.nameAttribute=cn
ldap.authentication.emailAttribute=mail#For Active Directory Only
ldap.authentication.isActiveDirectory=false#can be empty domain used if username has no domain when authenticating
ldap.authentication.activeDirectory.domain=#can be empty root dn
ldap.authentication.activeDirectory.rootDn=dc=entp,dc=tgc#Control Mango Role Synchronization
#Enable new role creation for missing roles (if matches regex below)
ldap.authorization.createNewRoles=true#Regex to match which roles should be created
ldap.authorization.newRoleRegex=A*#How are roles handled?
#LDAP_ONLY=only ldap roles used and will be replaced on every login (default)
#MANGO_ONLY=all ldap roles ignored
#LDAP_ADDITIVE=Roles are imported from LDAP and the Mango user is ensured to have all roles assigned to them from LDAP. (This would imply manual intervention if an LDAP role is removed from a user)
ldap.authentication.roleBehavior=LDAP_ONLYThanks in advance,
Best Regards, -
Please wrap log information in code tags. Makes it clearer to read.
-
@Nurr
The LDAP module doesn't currently have any special handling for LDAPS that would use the mango HTTPS keystore. However from some light reading it may be possible to tell the LDAP connector where the key is by using these JVM Arguments which would go into the startOptions.sh script.
Try: Google -> Spring Security LDAP SSL
-Djavax.net.ssl.keyStore="C:/Program Files/Java/jdk1.7.0_79/jre/lib/security/cacerts" -Djavax.net.ssl.keyStorePassword=changeitThere are more elegant ways to do this in code but the requirements for the module were for LDAP not LDAPS so this wasn't considered.
Hope that helps.
-
And what @MattFox said, make your posts readable and you will get better help. A wall of poorly formatted text is very off-putting.
