#1 2015-02-26 13:56:56

asdasd
Member
Registered: 2015-02-26

Logging in with an LDAP account

RS2.2.1-5602 is giving me a headache. Specifically, I am unable to log-on using the LDAP imported accounts (the script from here http://blog.datenwerke.net/2013/08/Repo … ation.html was amended not to required the objectGUID, because we don't have AD).
I can see the users and groups (and the memberships) imported.
When I try to log in using a user from LDAP, I get the message: "Login attempt failed", yet in catalina.out the following message appears:
####### LdapPAM: authenticate notoken (result=AuthenticationResult(false, null, false)
####### LdapPAM: authenticate with local password: fail
####### LdapPAM: authenticate against directory server: success
####### LdapPAM: authenticate success (usr=ldap.user)

There aren't any other error messages in the logs, and I made sure that ReportServer Access does contain full access both for this user, and the group this user is member of. At the same time, I gave RX rights to the whole filesystem.
Logging on with any other native account (created inside rs) is working ok. What am I doing wrong?

Offline

#2 2015-02-26 14:22:37

Thorsten J. Krause
Guest

Re: Logging in with an LDAP account

Hi,

what is the value of rs.authenticator.pams in your reportserver.properties file? For now you have to set this to an empty value to use the ldappam.

I'll update the blogpost accordingly.

Cheers,
Thorsten

#3 2015-02-26 14:34:41

asdasd
Member
Registered: 2015-02-26

Re: Logging in with an LDAP account

it was the default: rs.authenticator.pams = net.datenwerke.rs.authenticator.service.pam.UserPasswordPAMAuthoritative

I have now changed it to:
rs.authenticator.pams =

However, when trying to log-on using an LDAP account, I am getting the following exception:
javax.persistence.NonUniqueResultException: result returns more than one elements
        at org.hibernate.ejb.QueryImpl.getSingleResult(QueryImpl.java:293)
        at org.hibernate.ejb.criteria.CriteriaQueryCompiler$3.getSingleResult(CriteriaQueryCompiler.java:258)
        at net.datenwerke.rs.utils.simplequery.byatt.QueryByAttProcessor.process(QueryByAttProcessor.java:108)
        at net.datenwerke.rs.utils.simplequery.byatt.QueryByAttInterceptor.invoke(QueryByAttInterceptor.java:25)
        at net.datenwerke.rs.passwordpolicy.service.lostpassword.LostPasswordPreAuthenticateHook.authenticating(LostPasswordPreAuthenticateHook.java:65)
        at net.datenwerke.security.service.authenticator.AuthenticatorServiceImpl.authenticate(AuthenticatorServiceImpl.java:73)
        at net.datenwerke.rs.authenticator.server.LoginHandlerImpl.authenticate(LoginHandlerImpl.java:65)

Probably important:
the LDAP account is member in multiple LDAP groups:
* rs_admins
* rs_users
Both have rights for ReportingServer Access

Last edited by asdasd (2015-02-26 14:39:08)

Offline

#4 2015-02-26 14:54:04

Thorsten J. Krause
Guest

Re: Logging in with an LDAP account

Hi,

this means there is more than one user with this username. So probably something went wrong when importing the users.


-Thorsten

#5 2015-02-26 15:16:23

asdasd
Member
Registered: 2015-02-26

Re: Logging in with an LDAP account

for some reason I don't see them in the "User Management" section, but they are present in the rs_user table.
What would be the best way to delete them?

Offline

#6 2015-02-27 09:48:35

asdasd
Member
Registered: 2015-02-26

Re: Logging in with an LDAP account

tables cleaned up. Consider this issue resolved. Thanks for the quick response.

Offline

Board footer

Powered by FluxBB