Hi Wolfgang,
this strange LDAP error when trying to login to my publications
and I won't be able to login at all, ever, after receiving this
error).
It seems to be random (I'm sure it's not), but when I click on
Login as Editor, I get this:
Jon, what exactly do you mean by "click on Login as Editor" ? Do you
mean you are in the login screen, and are using a specific user id,
and the problem occurs with this user id, but never with any others ?
Here's the process I go through to get this error: I go to our home
page for our Lenya installation, and click on the link to my
publication. At the top left of the home page for the publication is
the link for "login as editor". It's when I click on this link that I
get the error. So I don't even have the opportunity to log in before I
get this error. I figured out what the problem is, but let me go
through the ringer before I come to my conclusion.
Reference(s); remaining name 'dc=company,dc=com'
I assume this is not your actual setting
No, it isn't. I just used it to make it more generic. Our real
settings are setup properly.
at
org.apache.lenya.ac.ldap.LDAPUser.getDirectoryEntry(LDAPUser.java:
467)
So the LDAP search against MSAD itself is throwing an exception. The
Java thread
http://forum.java.sun.com/thread.jspa?
forumID=51&messageID=2173369&threadID=365198
suggests to simply catch and ignore the exception. But this wouldn't
do much good here because no entry would be found -> user could not
log in.
I suggest you set log-level for LDAPUser to debug, in the log4j.xconf.
This file has examples on how to set log-level for just one category
(in this case, org.apache.lenya.ac.ldap.LDAPUser )
Then next time it happens, look at the log file so we can see a bit
more about what is going on.
I went ahead and did this and found something that caught my eye. As I
clicked the "Login as Editor" link to the publication, some notices
started appearing about a user I know of that was recently removed from
Active Directory. As a test, I went in and removed username.iml
(again, being generic here) from pubname/config/ac/passwd/ and then I
got another error when trying to get the login box for the publication,
stating that it didn't understand the user ID of [username]. I
immediately thought, I wonder if it is checking all the users and their
permissions to the site, and sure enough, after removing the entries
within the files underneath of pubname/config/ac/policies/ I was able
to log in. So it seems to me that somehow all of the users and their
permissions are being checked even before the user has the opportunity
to log in. Was this the intention?
(...)
Before, in order to remove these, I just created a new publication,
copied over all of my files, then removed the old publication and
renamed the new pub to the old one and it was ok.
This is really strange. I have no idea why copying files around should
have any effect.
I think this only worked because when I copied and moved files from the
old to the new publication, I copied only the content files, resources,
and such, but not the users. I then re-added the users in the
interface, which would have spared me from adding in people that no
longer are in Active Directory... So what should I do? Is this
considered a bug in how this was implemented? Or this merely something
that people need to be aware of when administering LDAP users in Lenya?
Jon
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
