User: userkavirw2 NOT in role: rolekavirw
[2015-10-14 13:25:46,039] DEBUG
{org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} -
RWLDAP.COM/userkavirw2 <http://rwldap.com/userkavirw2> user is not in role
: rwldap.com/rolekavirw
So even you added userkavirw2 user to rolekavirw role, it's not picking up
in the runtime.
Can you please check, role list of users in the mgt console and check
whether this particular role is listed to the user.
Thanks,
On Wednesday, 14 October 2015, Kavitha Subramaniyam <kavi...@wso2.com>
wrote:
> Hi Darshana,
>
> please find the log for login with RW domain.
>
> [2015-10-14 13:25:46,003] DEBUG
> {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} -
> Authenticating user userkavirw2
> [2015-10-14 13:25:46,004] DEBUG
> {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Cache hit.
> Using DN uid=userkavirw2,ou=People,ou=WSO2,o=Opensource,dc=ITIndustry,dc=sl
> [2015-10-14 13:25:46,009] DEBUG
> {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - User:
> uid=userkavirw2,ou=People,ou=WSO2,o=Opensource,dc=ITIndustry,dc=sl is
> authnticated: true
> [2015-10-14 13:25:46,009] DEBUG
> {org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} -
> Authorization cache miss for username : rwldap.com/userkavirw2 resource
> /permission/admin/login action : ui.execute
> [2015-10-14 13:25:46,009] DEBUG
> {org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} -
> Allowed roles for the ResourceID: /permission/admin/login Action:
> ui.execute
> [2015-10-14 13:25:46,009] DEBUG
> {org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} - role:
> apach.com/role_kavi
> [2015-10-14 13:25:46,010] DEBUG
> {org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} - role:
> admin
> [2015-10-14 13:25:46,010] DEBUG
> {org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} - role:
> rw2/rolekavirw3
> [2015-10-14 13:25:46,010] DEBUG
> {org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} - role:
> rwldap.com/chalitharole
> [2015-10-14 13:25:46,010] DEBUG
> {org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} - role:
> rwldap.com/rolekavirw
> [2015-10-14 13:25:46,010] DEBUG
> {org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} - role:
> secondrole1
> [2015-10-14 13:25:46,010] DEBUG
> {org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} - Roles
> which have permission for resource : /permission/admin/login action :
> ui.execute
> [2015-10-14 13:25:46,010] DEBUG
> {org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} - Role
> : apach.com/role_kavi
> [2015-10-14 13:25:46,010] DEBUG
> {org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} - Role
> : admin
> [2015-10-14 13:25:46,010] DEBUG
> {org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} - Role
> : rw2/rolekavirw3
> [2015-10-14 13:25:46,010] DEBUG
> {org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} - Role
> : rwldap.com/chalitharole
> [2015-10-14 13:25:46,010] DEBUG
> {org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} - Role
> : rwldap.com/rolekavirw
> [2015-10-14 13:25:46,011] DEBUG
> {org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} - Role
> : secondrole1
> [2015-10-14 13:25:46,011] DEBUG
> {org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} -
> RWLDAP.COM/userkavirw2 user is not in role : apach.com/role_kavi
> [2015-10-14 13:25:46,011] DEBUG
> {org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} -
> RWLDAP.COM/userkavirw2 user is not in role : admin
> [2015-10-14 13:25:46,012] DEBUG
> {org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} -
> RWLDAP.COM/userkavirw2 user is not in role : rw2/rolekavirw3
> [2015-10-14 13:25:46,012] DEBUG
> {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - value
> after escaping special characters in userkavirw2 : userkavirw2
> [2015-10-14 13:25:46,012] DEBUG
> {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Escaped DN
> value for filter :
> [2015-10-14 13:25:46,012] DEBUG
> {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Do check
> whether the user : userkavirw2 is in role: chalitharole
> [2015-10-14 13:25:46,013] DEBUG
> {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Search
> filter : (&(objectClass=groupOfNames)(member=))
> [2015-10-14 13:25:46,013] DEBUG
> {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Requesting
> attribute: cn
> [2015-10-14 13:25:46,018] DEBUG
> {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Do check
> whether the user: userkavirw2 is in role: chalitharole
> [2015-10-14 13:25:46,018] DEBUG
> {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Search
> filter: (&(objectClass=groupOfNames)(member=))
> [2015-10-14 13:25:46,018] DEBUG
> {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Requesting
> attribute: cn
> [2015-10-14 13:25:46,024] DEBUG
> {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - User:
> userkavirw2 NOT in role: chalitharole
> [2015-10-14 13:25:46,024] DEBUG
> {org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} -
> RWLDAP.COM/userkavirw2 user is not in role : rwldap.com/chalitharole
> [2015-10-14 13:25:46,025] DEBUG
> {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - value
> after escaping special characters in userkavirw2 : userkavirw2
> [2015-10-14 13:25:46,025] DEBUG
> {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Escaped DN
> value for filter :
> [2015-10-14 13:25:46,025] DEBUG
> {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Do check
> whether the user : userkavirw2 is in role: rolekavirw
> [2015-10-14 13:25:46,026] DEBUG
> {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Search
> filter : (&(objectClass=groupOfNames)(member=))
> [2015-10-14 13:25:46,026] DEBUG
> {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Requesting
> attribute: cn
> [2015-10-14 13:25:46,034] DEBUG
> {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Do check
> whether the user: userkavirw2 is in role: rolekavirw
> [2015-10-14 13:25:46,035] DEBUG
> {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Search
> filter: (&(objectClass=groupOfNames)(member=))
> [2015-10-14 13:25:46,035] DEBUG
> {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Requesting
> attribute: cn
> [2015-10-14 13:25:46,039] DEBUG
> {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - User:
> userkavirw2 NOT in role: rolekavirw
> [2015-10-14 13:25:46,039] DEBUG
> {org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} -
> RWLDAP.COM/userkavirw2 user is not in role : rwldap.com/rolekavirw
> [2015-10-14 13:25:46,040] DEBUG
> {org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} -
> RWLDAP.COM/userkavirw2 user is not in role : secondrole1
> [2015-10-14 13:25:46,040] DEBUG
> {org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} -
> rwldap.com/userkavirw2 user is not Authorized to perform ui.execute on
> /permission/admin/login
> [2015-10-14 13:25:46,040] WARN
> {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil} - Failed
> Administrator login attempt 'RWLDAP.COM/userkavirw2[-1234]
> <http://RWLDAP.COM/userkavirw2%5B-1234%5D>' at [2015-10-14
> 13:25:46,040+0530]
>
>
> Thanks & Kind regards,
>
> On Wed, Oct 14, 2015 at 1:03 PM, Darshana Gunawardana <darsh...@wso2.com
> <javascript:_e(%7B%7D,'cvml','darsh...@wso2.com');>> wrote:
>
>> And it seems you do not pr used the domain name when authenticating in
>> the last case. Can you login providing the domain of the RW userstore and
>> share the log.
>>
>>
>> On Wednesday, 14 October 2015, Darshana Gunawardana <darsh...@wso2.com
>> <javascript:_e(%7B%7D,'cvml','darsh...@wso2.com');>> wrote:
>>
>>> There seems to issue with domain handling as per following log,
>>>
>>> DEBUG {org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager}
>>> - ROLDAP.COM/userkavirw2 <http://roldap.com/userkavirw2> user is not
>>> in role : rwldap.com/rolekavirw
>>>
>>>
>>> Please raise a JIRA.
>>>
>>> Thanks,
>>> Darshana
>>>
>>> On Wednesday, 14 October 2015, Darshana Gunawardana <darsh...@wso2.com>
>>> wrote:
>>>
>>>>
>>>>
>>>> On Wednesday, 14 October 2015, Maduranga Siriwardena <
>>>> madura...@wso2.com> wrote:
>>>>
>>>>> Hi Kavitha,
>>>>>
>>>>> Have you assigned login permission to the user?
>>>>>
>>>>
>>>> As Maduranga mentioned, user "http://rwldap.com/userkavirw3"; doesn't
>>>> seems to have given login permission caused this behavior.
>>>>
>>>> Thanks,
>>>>
>>>>>
>>>>> Thanks,
>>>>> Maduranga.
>>>>>
>>>>> On Wed, Oct 14, 2015 at 10:09 AM, Kavitha Subramaniyam <
>>>>> kavi...@wso2.com> wrote:
>>>>>
>>>>>> Hi IS team,
>>>>>>
>>>>>> I have configured both R/W and Read only LDAP secondary user store
>>>>>> manager by using same ldap connection and I could not be able to login
>>>>>> via
>>>>>> user created under RW ldap user store. But note that I could view the
>>>>>> same
>>>>>> user under both secondary store's domain (Users & Roles -> List -> select
>>>>>> each domain and search).
>>>>>>
>>>>>> I want to check with you whether the above behavior is expected or
>>>>>> not, please clarify..
>>>>>>
>>>>>> Steps followed:
>>>>>> - Configure R/W secondary user store - ReadWriteLDAPUserStoreManager
>>>>>> - using open ldap connectoin 1
>>>>>> - Configure Read only secondary user store -
>>>>>> ReadOnlyLDAPUserStoreManager - using open ldap connectoin 1
>>>>>> - Create a user1 under R/W ldap domain
>>>>>> - Login by user1
>>>>>>
>>>>>> When try to login without domain, log shows as below:
>>>>>>
>>>>>> ----------------------------------------------------------------------------
>>>>>> [2015-10-13 16:32:55,232] DEBUG
>>>>>> {org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager} - SELECT * FROM
>>>>>> UM_USER WHERE UM_USER_NAME=? AND UM_TENANT_ID=?
>>>>>> [2015-10-13 16:32:55,241] DEBUG
>>>>>> {org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager} - User userkavirw3
>>>>>> login attempt. Login success :: false
>>>>>> [2015-10-13 16:32:55,241] DEBUG
>>>>>> {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} -
>>>>>> Authenticating user userkavirw3
>>>>>> [2015-10-13 16:32:55,241] DEBUG
>>>>>> {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Cache
>>>>>> hit.
>>>>>> Using DN
>>>>>> uid=userkavirw3,ou=People,ou=WSO2,o=Opensource,dc=ITIndustry,dc=sl
>>>>>> [2015-10-13 16:32:55,252] DEBUG
>>>>>> {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - User:
>>>>>> uid=userkavirw3,ou=People,ou=WSO2,o=Opensource,dc=ITIndustry,dc=sl is
>>>>>> authnticated: true
>>>>>> [2015-10-13 16:32:55,253] DEBUG
>>>>>> {org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} -
>>>>>> Authorization cache hit. roldap.com/userkavirw3 user is not
>>>>>> Authorized to perform ui.execute on /permission/admin/login
>>>>>> [2015-10-13 16:32:55,253] WARN
>>>>>> {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil} - Failed
>>>>>> Administrator login attempt 'ROLDAP.COM/userkavirw3[-1234]
>>>>>> <http://ROLDAP.COM/userkavirw3%5B-1234%5D>' at [2015-10-13
>>>>>> 16:32:55,253+0530]
>>>>>>
>>>>>>
>>>>>> When try to login with domain, log shows as below:
>>>>>>
>>>>>> ---------------------------------------------------------------------------
>>>>>> [2015-10-13 16:33:14,424] DEBUG
>>>>>> {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} -
>>>>>> Authenticating user userkavirw3
>>>>>> [2015-10-13 16:33:14,425] DEBUG
>>>>>> {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Cache
>>>>>> hit.
>>>>>> Using DN
>>>>>> uid=userkavirw3,ou=People,ou=WSO2,o=Opensource,dc=ITIndustry,dc=sl
>>>>>> [2015-10-13 16:33:14,458] DEBUG
>>>>>> {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - User:
>>>>>> uid=userkavirw3,ou=People,ou=WSO2,o=Opensource,dc=ITIndustry,dc=sl is
>>>>>> authnticated: true
>>>>>> [2015-10-13 16:33:14,463] DEBUG
>>>>>> {org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} -
>>>>>> Authorization cache hit. rwldap.com/userkavirw3 user is not
>>>>>> Authorized to perform ui.execute on /permission/admin/login
>>>>>> [2015-10-13 16:33:14,463] WARN
>>>>>> {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil} - Failed
>>>>>> Administrator login attempt 'RWLDAP.COM/userkavirw3[-1234]
>>>>>> <http://RWLDAP.COM/userkavirw3%5B-1234%5D>' at [2015-10-13
>>>>>> 16:33:14,463+0530]
>>>>>>
>>>>>>
>>>>>> Thanks & Kind regards,
>>>>>> --
>>>>>> Kavitha.S
>>>>>> *Software Engineer -QA*
>>>>>> Mobile : +94 (0) 771538811 <%2B94%20%280%29%20773%20451194>
>>>>>> kavi...@wso2.com
>>>>>>
>>>>>> _______________________________________________
>>>>>> Dev mailing list
>>>>>> Dev@wso2.org
>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Maduranga Siriwardena
>>>>> Software Engineer
>>>>> WSO2 Inc.
>>>>>
>>>>> email: madura...@wso2.com
>>>>> mobile: +94718990591
>>>>>
>>>>
>>>>
>>>> --
>>>> Regards,
>>>>
>>>>
>>>> *Darshana Gunawardana*Senior Software Engineer
>>>> WSO2 Inc.; http://wso2.com
>>>>
>>>> *E-mail: darsh...@wso2.com*
>>>> *Mobile: +94718566859 <%2B94718566859>*Lean . Enterprise . Middleware
>>>>
>>>>
>>>
>>> --
>>> Regards,
>>>
>>>
>>> *Darshana Gunawardana*Senior Software Engineer
>>> WSO2 Inc.; http://wso2.com
>>>
>>> *E-mail: darsh...@wso2.com*
>>> *Mobile: +94718566859 <%2B94718566859>*Lean . Enterprise . Middleware
>>>
>>>
>>
>> --
>> Regards,
>>
>>
>> *Darshana Gunawardana*Senior Software Engineer
>> WSO2 Inc.; http://wso2.com
>>
>> *E-mail: darsh...@wso2.com
>> <javascript:_e(%7B%7D,'cvml','darsh...@wso2.com');>*
>> *Mobile: +94718566859 <%2B94718566859>*Lean . Enterprise . Middleware
>>
>>
>
>
> --
> Kavitha.S
> *Software Engineer -QA*
> Mobile : +94 (0) 771538811 <%2B94%20%280%29%20773%20451194>
> kavi...@wso2.com <javascript:_e(%7B%7D,'cvml','thili...@wso2.com');>
>
--
Regards,
*Darshana Gunawardana*Senior Software Engineer
WSO2 Inc.; http://wso2.com
*E-mail: darsh...@wso2.com <darsh...@wso2.com>*
*Mobile: +94718566859*Lean . Enterprise . Middleware
_______________________________________________
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
