Error when connection to Active Directory
11 August, 2014
Hi Guys,
I�m trying to setup LDAP authentication of the July release of Yellowfin 7 and when I test the LDAP settings in the console I get an error. Please refer to the attachment.
I�m trying to connect to AD on Windows 2012 server.
Any ideas? Have you seen this error before. I need to fix this because it�s a requirement for a POC that's coming up in a couple of weeks.
Any help much appreciated.
Regards,
Nick
I�m trying to setup LDAP authentication of the July release of Yellowfin 7 and when I test the LDAP settings in the console I get an error. Please refer to the attachment.
I�m trying to connect to AD on Windows 2012 server.
Any ideas? Have you seen this error before. I need to fix this because it�s a requirement for a POC that's coming up in a couple of weeks.
Any help much appreciated.
Regards,
Nick
Hi Nick,
I would try re-entering the LDAP Administrator password in the LDAP settings.
The error looks like it was trying to decrypt a string that couldn't be decrypted, which may mean it was decrypting a blank string - a password that hadn't been set yet.
Please let us know if this doesn't fix the issue.
The only other way I can see this happening is if you were modifying the LDAP settings directly in the Yellowfin database, or changed JVMs that used different security implementations.
Thanks,
Peter
I would try re-entering the LDAP Administrator password in the LDAP settings.
The error looks like it was trying to decrypt a string that couldn't be decrypted, which may mean it was decrypting a blank string - a password that hadn't been set yet.
Please let us know if this doesn't fix the issue.
The only other way I can see this happening is if you were modifying the LDAP settings directly in the Yellowfin database, or changed JVMs that used different security implementations.
Thanks,
Peter
Hi Peter,
Thanks for that it worked. I was able to successfully test the LDAP connection.
However, when I try to log into Yellowfin with an LDAP I get the following error:
javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-03100213, problem 2001 (NO_OBJECT), data 0, best match o
'DC=yellowfin,DC=com'
]; remaining name 'CN=Yellowfin Users,DC=Yellowfin,DC=com'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.searchAux(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.c_search(Unknown Source)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(Unknown Source)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)
at javax.naming.directory.InitialDirContext.search(Unknown Source)
at com.hof.adapter.JNDILDAPProvider.search(JNDILDAPProvider.java:179)
at com.hof.util.LDAPConnection.search(LDAPConnection.java:149)
at com.hof.adapter.LDAPAuthentication.authenticate(LDAPAuthentication.java:169)
at com.hof.adapter.YFConfigAuthentication.authenticate(YFConfigAuthentication.java:77)
at com.hof.ip.process.LogonProcess.processYellowfinLogon(LogonProcess.java:477)
at com.hof.ip.web.action.LogonAction.performLogin(LogonAction.java:700)
at com.hof.ip.web.action.LogonAction.execute(LogonAction.java:91)
at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:484)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:274)
at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1482)
at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:525)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:646)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at com.hof.servlet.BrowserHeaderFilter.doFilter(BrowserHeaderFilter.java:43)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1040)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:607)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:316)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Unknown Source)
It has to do with the configuration. However, it cannot login with "admin@yellowfin.com.au" into Yellowfin to fix.
I take it that if the LDAP authentication fails then Yellowfin does not fall back on database authentication to authenticate the user.
Regards,
Nick
Thanks for that it worked. I was able to successfully test the LDAP connection.
However, when I try to log into Yellowfin with an LDAP I get the following error:
javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-03100213, problem 2001 (NO_OBJECT), data 0, best match o
'DC=yellowfin,DC=com'
]; remaining name 'CN=Yellowfin Users,DC=Yellowfin,DC=com'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.searchAux(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.c_search(Unknown Source)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(Unknown Source)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)
at javax.naming.directory.InitialDirContext.search(Unknown Source)
at com.hof.adapter.JNDILDAPProvider.search(JNDILDAPProvider.java:179)
at com.hof.util.LDAPConnection.search(LDAPConnection.java:149)
at com.hof.adapter.LDAPAuthentication.authenticate(LDAPAuthentication.java:169)
at com.hof.adapter.YFConfigAuthentication.authenticate(YFConfigAuthentication.java:77)
at com.hof.ip.process.LogonProcess.processYellowfinLogon(LogonProcess.java:477)
at com.hof.ip.web.action.LogonAction.performLogin(LogonAction.java:700)
at com.hof.ip.web.action.LogonAction.execute(LogonAction.java:91)
at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:484)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:274)
at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1482)
at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:525)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:646)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at com.hof.servlet.BrowserHeaderFilter.doFilter(BrowserHeaderFilter.java:43)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1040)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:607)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:316)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Unknown Source)
It has to do with the configuration. However, it cannot login with "admin@yellowfin.com.au" into Yellowfin to fix.
I take it that if the LDAP authentication fails then Yellowfin does not fall back on database authentication to authenticate the user.
Regards,
Nick
Hi Nick,
Sorry for the delayed response.
Did you manage to re-configure your LDAP server and log in with an LDAP user?
However, in terms of YF falling back on DB authentication, it actually should.
-I have just re-tested this in 7.0 July release.
Has your admin@yellowfin.com.au account been locked out , or marked as deleted?
If so, you can try re-setting the account using the resetadmin JSP mentioned here.
Please let me know how you go.
Regards,
David
Sorry for the delayed response.
Did you manage to re-configure your LDAP server and log in with an LDAP user?
However, in terms of YF falling back on DB authentication, it actually should.
-I have just re-tested this in 7.0 July release.
Has your admin@yellowfin.com.au account been locked out , or marked as deleted?
If so, you can try re-setting the account using the resetadmin JSP mentioned here.
Please let me know how you go.
Regards,
David