CSN too old
by Paul Lee
Dear all,
I am using openldap version 2.4.9, I am using 4 ldap servers with 4-way
master configured.
Data can be synronized initially, but when the records is getting more
and more, now is around 100k records, I always find data is not
synronized between the four ldap servers.
I find that "CSN is too old, ignoring" in the LDAP log file.
Sep 24 04:04:03 disb01 slapd[28779]: do_syncrep2:
cookie=rid=003,sid=001,csn=20080923200403.713637Z#000000#003#000000
Sep 24 04:04:03 disb01 slapd[28779]: do_syncrep2: rid=003 CSN too old,
ignoring 20080923200403.713637Z#000000#003#000000
Sep 24 04:04:03 disb01 slapd[28779]: do_syncrep2:
cookie=rid=002,sid=001,csn=20080923200403.713637Z#000000#003#000000
Sep 24 04:04:03 disb01 slapd[28779]: do_syncrep2: rid=002 CSN too old,
ignoring 20080923200403.713637Z#000000#003#000000
Sep 24 04:04:03 disb01 slapd[28779]: do_syncrep2:
cookie=rid=002,sid=001,csn=20080923200403.739461Z#000000#002#000000
Sep 24 04:04:03 disb01 slapd[28779]: syncrepl_entry: rid=002
LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_MODIFY)
Sep 24 04:04:03 disb01 slapd[28779]: syncrepl_entry: rid=002 be_search (0)
Sep 24 04:04:03 disb01 slapd[28779]: syncrepl_entry: rid=002
cn=pwdfail,ou=SCIG,ou=Govt-Dept,o=HKSARG
Any idea of this kind of error and how to fixed it ?
Thanks
Confidential Communication - This e-mail (including any attachments) is confidential and may be
legally privileged. If this e-mail has been sent to you by mistake please inform us by reply
e-mail and then delete the e-mail, destroy any printed copy and do not disclose or use the
information in it.
15 years, 1 month
Large stack allocations
by Sean Burford
Hi,
bdb_search() allocates space for 128k candidate IDs and 64k scope IDs on the
stack (about 768k of memory). bdb_idl_fetch_key() also allocates a large
buffer on the stack (262352 bytes). Most other functions allocate roughly
1kB.
Using the stack rather than heap limits the size of these structures (idl.h
observes: "IDL sizes - likely should be even bigger. limiting factors:
sizeof(ID), thread stack size")
Using the stack for large allocations also creates the possibility of these
arrays straddling the guard page (possibly resulting in local variables
ending up in neighboring memory regions).
Would the performance cost of using the heap or thread local storage for
these allocations outweigh the benefit of being able to use bigger arrays?
If you're interested in some statistics about slapd's stack usage, the
static analysis perl script on kegel.com matches what I'm seeing from real
running slapds:
http://www.kegel.com/stackcheck/
--
Thanks,
Sean Burford
15 years, 1 month
slapd.conf and 2 databases
by Kermito le kermit
hello all,
I am new to openldap and i want to now how put 2 databases in slpad.conf, when i make this in my config , slpad start but i see this message :
bdb(dc=example,dc=com): PANIC: fatal region error detected; run recovery
help please
15 years, 1 month
Re: AW: Re: AW: Re: AW: StartTLS is not working
by Dat Duong
Hi Hauke,
I've followed the mini tutorial and got stuck at the path for the server certificates in your tutorial. The path is not correct for slapd. Can you verify?
TLSCertificateFile /usr/lib/ssl/certs/<fqdn>.cert.pem
TLSCertificateKeyFile /usr/lib/ssl/private/<fqdn>.key.pem
thanks
----- Original Message ----
From: Hauke Coltzau <hauke.coltzau(a)FernUni-Hagen.de>
To: Dat Duong <datduong2000(a)yahoo.com>
Cc: openldap-technical <openldap-technical(a)openldap.org>
Sent: Thursday, October 9, 2008 12:46:00 AM
Subject: AW: Re: AW: Re: AW: StartTLS is not working
Hi Dat,
> I've added the below to /etc/openldap/ldap.conf on RHEL 5:
> TLS_CACERT /etc/openldap/cacerts/ServerCA.chain.pem
> TLS_REQCERT demand
>
> and still getting errors messages... below:
>
> TLS certificate verification: Error, self signed certificate
The LDAP server does not send a server certificate but
a self signed certificate. Are you sending the RootCA's
certificate? Create a server certificate as described in
the tutorial and let your LDAP server use this.
I assume that you will have to read a bit more about certificates
and openssl to understand all the steps of the mini tutorial.
Rergards,
Hauke
----- Original Message ----
From: Hauke Coltzau <hauke.coltzau(a)FernUni-Hagen.de>
To: openldap-software <openldap-software(a)openldap.org>
Cc: Dat Duong <datduong2000(a)yahoo.com>
Sent: Wednesday, October 8, 2008 2:09:11 AM
Subject: AW: Re: AW: StartTLS is not working
Hi Dat,
glad to see that the first problem has been solved now.
As Dieter already pointed out, we need to know how the
certificates have been created. As a rough overview, you
will need to run through following steps:
0. Understand the basic idea:
At the end of this MiniHowto, you will have three certification
authorities:
UserCA: For user certificates (usually password protected)
ServerCA: For server certificates (usually NOT password protected)
RootCA: The CA that everyone has to trust in the end. This CA
only exists to create and verify the UserCA and ServerCA.
For your LDAP server, you create a server certificate with your ServerCA.
The LDAP clients will accept the LDAP certificate as long as they trust the
ServerCA. They will trust the ServerCA because they trust the RootCA. To make
them do so, you will need the certificates of the ServerCA AND the RootCA
on each client. Just to make sure: We are not talking about copying the
LDAP certificate to the client. Instead, you will copy the CA
certificates to the client.
1. Create directory structure and files containing
random numbers (need to be root for this):
# Make sure uuencode is installed. On Debian based
# systems, type
#
# apt-get install sharutils
#
cd /usr/lib/ssl/
for i in RootCA ServerCA UserCA; do
mkdir -p $i/newcerts;
mkdir $i/certs;
mkdir $i/crl;
mkdir $i/private;
touch $i/index.txt;
echo 01 > $i/serial;
chmod -R g-rwx,o-rwx $i;
done
for i in `find /usr/lib/ssl/ -name private`
do cat /dev/urandom |
uuencode -m bla |
head -19 |
sed "s/begin.*//g" |
tail -18 | xargs |
sed "s/ //g" > $i/.rand
chmod 770 $i/.rand
ls -l $i/.rand
done
At the end of this step, you will have three subdirectories in
/usr/lib/ssl:
RootCA: Contains the root CA's self-signed certificate and private key
as well as the certificates created by the root CA.
ServerCA: Contains the CA which is used to create server certificates. Again,
the directory contains of the server CA's certificate and key as well
as the certificates created by the server CA.
UserCA: Contains the CA which is used to create user certificates.
2. openssl.cnf
Adapt your openssl.cnf (should be in /usr/lib/ssl, too) to have proper entries
for each of the CAs:
HOME = /usr/lib/ssl
[ RootCA ]
dir = /usr/lib/ssl/RootCA
certs = $dir/certs
crl_dir = $dir/crl
database = $dir/index.txt
new_certs_dir = $dir/newcerts
certificate = $dir/RootCA.cert.pem
serial = $dir/serial
crl = $dir/crl.pem
private_key = $dir/private/RootCA.key.pem
RANDFILE = $dir/private/.rand
policy = policy_match
x509_extensions = ca_cert
[ ServerCA ]
dir = /usr/lib/ssl/ServerCA
certs = $dir/certs
crl_dir = $dir/crl
database = $dir/index.txt
new_certs_dir = $dir/newcerts
certificate = $dir/ServerCA.cert.pem
serial = $dir/serial
crl = $dir/crl.pem
private_key = $dir/private/ServerCA.key.pem
RANDFILE = $dir/private/.rand
x509_extensions = usr_cert
(Same with [ UserCA ])
There are more options to be set, but they depend on your environment. Have
a look at the default_days, default_md, ... parameters.
1. Create a self signed certificate (RootCA):
cd /usr/lib/ssl/RootCA
# Create the private key first
# You will be asked for a new pasword here. Make it a good one and remember it ;-)
openssl genrsa -aes256 -out /usr/lib/ssl/RootCA/private/RootCA.key.pem -rand /usr/lib/ssl/RootCA/private/.rand 2048
chmod g-rwx,o-rwx /usr/lib/ssl/RootCA/private/RootCA.key.pem
# Now create a certification request. Because the cert is self-signed, this
# directly creates the RootCA's certificate. You will be asked for the
# password you just created.
#
# All in one line:
openssl req -new -x509 -days 1827 -key /usr/lib/ssl/RootCA/private/RootCA.key.pem
-out /usr/lib/ssl/RootCA/RootCA.cert.pem
# Copy the certificate to the certs directory and create a link named like
# the cert's hash value
cp RootCA.cert.pem certs/00.pem
cd certs
ln -s /usr/lib/ssl/RootCA/certs/00.pem `openssl x509 -hash -noout -in 00.pem`.0
Now you should have the cert (00.pem) and something like 1a2783e8.0 pointing to
/usr/lib/ssl/RootCA/00.pem
2. Create the ServerCA
cd /usr/lib/ssl/ServerCA
# Create the private key for the ServerCA
# You will be asked for a new password here. Do not make it the same as the RootCA's
# password, but still - make it a good one.
#
openssl genrsa -aes256 -out /usr/lib/ssl/ServerCA/private/ServerCA.key.pem
-rand /usr/lib/ssl/ServerCA/private/.rand 2048
chmod g-rwx,o-rwx /usr/lib/ssl/ServerCA/private/ServerCA.key.pem
# Create the certification request. You will be asked for the
# newly created password.
# (All in one line)
openssl req -new -days 1827 -key /usr/lib/ssl/ServerCA/private/ServerCA.key.pem
-out /usr/lib/ssl/ServerCA/ServerCA.req.pem
# Let the RootCA sign the request and create the certificate.
# You will need the RootCA's password for this.
#
openssl ca -name RootCA -in /usr/lib/ssl/ServerCA/ServerCA.req.pem
-out /usr/lib/ssl/ServerCA/ServerCA.cert.pem
# Copy and link the certificate.
#
mv /usr/lib/ssl/RootCA/newcerts/01.pem /usr/lib/ssl/RootCA/certs/
cd /usr/lib/ssl/RootCA/certs/
ln -s 01.pem `openssl x509 -in 01.pem -hash -noout`.0
# And copy the part neccessary for browser integration into
# another file (this is the part between BEGIN CERTIFICATE and END CERTIFICATE)
#
cd /usr/lib/ssl/ServerCA
sed -n '/-----BEGIN CERTIFICATE-----/,$p' ServerCA.cert.pem > ServerCA.crt
# Create the CACerts file used on the client side to verify a server cert
mkdir /usr/lib/ssl/cacerts/
cat /usr/lib/ssl/RootCA/RootCA.cert.pem /usr/lib/ssl/ServerCA/ServerCA.cert.pem > /usr/lib/ssl/cacerts/ServerCA.chain.pem
# The newly created file (ServerCA.chain.pem) is the CACertsFile which has to be copied
# to every client. Create a /usr/lib/ssl/cacerts/ directory on the client side and copy
# the file to that location.
3. Do the same with the User CA
4. Create your LDAP server certificate. As for the name in your cert, use the fqdn of
the machine you are running the server on.
cd /usr/lib/ssl/ServerCA
# You will NOT need a password here
#
openssl genrsa -out <fqdn-of-your-server>.key.pem -rand ./private/.rand 2048
openssl req -new -key <fqdn-of-your-server>.key.pem -out <fqdn-of-your-server>.req.pem
# But here, you will be asked for the ServerCA's password
openssl ca -name ServerCA -in <fqdn-of-your-server>.req.pem -out <fqdn-of-your-server>.cert.pem
Move and link the new certificate (in newcerts) as above.
5. Configure LDAP server and clients
Make sure that your ldap server can read its own private key. If your ldap server is
running as user openldap, make sure that this user owns the private key in
/usr/lib/ssl/ServerCA/private/
Normal users should never be allowed to read the key! This would break the whole security
mechanism.
In your slapd.conf, you will have
TLSCertificateFile /usr/lib/ssl/certs/<fqdn>.cert.pem
TLSCertificateKeyFile /usr/lib/ssl/private/<fqdn>.key.pem
And on client side ldap.conf:
TLS_CACERT /usr/lib/ssl/cacerts/ServerCA.chain.pem
TLS_REQCERT demand
Hope this helps,
Hauke
p.s.: The description is strongly influenced by Frank Steidl's tutorial as
it can be found at http://fra.nksteidl.de/Erinnerungen/OpenSSL.php
----- Ursprüngliche Mail -----
Von: "Dieter Kluenter" < dieter(a)dkluenter.de >
An: openldap-technical(a)openldap.org
Gesendet: Dienstag, 7. Oktober 2008 22:34:14 GMT +01:00 Amsterdam/Berlin/Bern/Rom/Stockholm/Wien
Betreff: Re: AW: StartTLS is not working
Dat Duong < datduong2000(a)yahoo.com > writes:
> Hi Hauke,
>
> I still can't get TLS to work. Here is the error message.
>
> TLS certificate verification: Error, self signed certificate
> tls_write: want=7, written=7
> 0000: 15 03 01 00 02 02 30 ......0
> TLS trace: SSL3 alert write:fatal:unknown CA
> TLS trace: SSL_connect:error in SSLv3 read server certificate B
> TLS trace: SSL_connect:error in SSLv3 read server certificate B
> TLS: can't connect: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Please describe the parameters to create your certificate chain.
I presume you have not signed your certificates with a known
certificate authority.
-Dieter
--
Dieter Klünter | Systemberatung
http://www.dpunkt.de/buecher/2104.html
GPG Key ID:8EF7B6C6
53°08'09,95"N
10°08'02,42"E
--
------------------------------------
Fernuniversität in Hagen
Lehrgebiet Kommunikationsnetze
http://www.fernuni-hagen.de/kn
Fon/Fax: +49 2331 987 -1142 / -353
------------------------------------
--
------------------------------------
Fernuniversität in Hagen
Lehrgebiet Kommunikationsnetze
http://www.fernuni-hagen.de/kn
Fon/Fax: +49 2331 987 -1142 / -353
------------------------------------
15 years, 1 month
AW: Re: AW: Re: AW: StartTLS is not working
by Hauke Coltzau
Hi Dat,
> I've added the below to /etc/openldap/ldap.conf on RHEL 5:
> TLS_CACERT /etc/openldap/cacerts/ServerCA.chain.pem
> TLS_REQCERT demand
>
> and still getting errors messages... below:
>
> TLS certificate verification: Error, self signed certificate
The LDAP server does not send a server certificate but
a self signed certificate. Are you sending the RootCA's
certificate? Create a server certificate as described in
the tutorial and let your LDAP server use this.
I assume that you will have to read a bit more about certificates
and openssl to understand all the steps of the mini tutorial.
Rergards,
Hauke
----- Original Message ----
From: Hauke Coltzau <hauke.coltzau(a)FernUni-Hagen.de>
To: openldap-software <openldap-software(a)openldap.org>
Cc: Dat Duong <datduong2000(a)yahoo.com>
Sent: Wednesday, October 8, 2008 2:09:11 AM
Subject: AW: Re: AW: StartTLS is not working
Hi Dat,
glad to see that the first problem has been solved now.
As Dieter already pointed out, we need to know how the
certificates have been created. As a rough overview, you
will need to run through following steps:
0. Understand the basic idea:
At the end of this MiniHowto, you will have three certification
authorities:
UserCA: For user certificates (usually password protected)
ServerCA: For server certificates (usually NOT password protected)
RootCA: The CA that everyone has to trust in the end. This CA
only exists to create and verify the UserCA and ServerCA.
For your LDAP server, you create a server certificate with your ServerCA.
The LDAP clients will accept the LDAP certificate as long as they trust the
ServerCA. They will trust the ServerCA because they trust the RootCA. To make
them do so, you will need the certificates of the ServerCA AND the RootCA
on each client. Just to make sure: We are not talking about copying the
LDAP certificate to the client. Instead, you will copy the CA
certificates to the client.
1. Create directory structure and files containing
random numbers (need to be root for this):
# Make sure uuencode is installed. On Debian based
# systems, type
#
# apt-get install sharutils
#
cd /usr/lib/ssl/
for i in RootCA ServerCA UserCA; do
mkdir -p $i/newcerts;
mkdir $i/certs;
mkdir $i/crl;
mkdir $i/private;
touch $i/index.txt;
echo 01 > $i/serial;
chmod -R g-rwx,o-rwx $i;
done
for i in `find /usr/lib/ssl/ -name private`
do cat /dev/urandom |
uuencode -m bla |
head -19 |
sed "s/begin.*//g" |
tail -18 | xargs |
sed "s/ //g" > $i/.rand
chmod 770 $i/.rand
ls -l $i/.rand
done
At the end of this step, you will have three subdirectories in
/usr/lib/ssl:
RootCA: Contains the root CA's self-signed certificate and private key
as well as the certificates created by the root CA.
ServerCA: Contains the CA which is used to create server certificates. Again,
the directory contains of the server CA's certificate and key as well
as the certificates created by the server CA.
UserCA: Contains the CA which is used to create user certificates.
2. openssl.cnf
Adapt your openssl.cnf (should be in /usr/lib/ssl, too) to have proper entries
for each of the CAs:
HOME = /usr/lib/ssl
[ RootCA ]
dir = /usr/lib/ssl/RootCA
certs = $dir/certs
crl_dir = $dir/crl
database = $dir/index.txt
new_certs_dir = $dir/newcerts
certificate = $dir/RootCA.cert.pem
serial = $dir/serial
crl = $dir/crl.pem
private_key = $dir/private/RootCA.key.pem
RANDFILE = $dir/private/.rand
policy = policy_match
x509_extensions = ca_cert
[ ServerCA ]
dir = /usr/lib/ssl/ServerCA
certs = $dir/certs
crl_dir = $dir/crl
database = $dir/index.txt
new_certs_dir = $dir/newcerts
certificate = $dir/ServerCA.cert.pem
serial = $dir/serial
crl = $dir/crl.pem
private_key = $dir/private/ServerCA.key.pem
RANDFILE = $dir/private/.rand
x509_extensions = usr_cert
(Same with [ UserCA ])
There are more options to be set, but they depend on your environment. Have
a look at the default_days, default_md, ... parameters.
1. Create a self signed certificate (RootCA):
cd /usr/lib/ssl/RootCA
# Create the private key first
# You will be asked for a new pasword here. Make it a good one and remember it ;-)
openssl genrsa -aes256 -out /usr/lib/ssl/RootCA/private/RootCA.key.pem -rand /usr/lib/ssl/RootCA/private/.rand 2048
chmod g-rwx,o-rwx /usr/lib/ssl/RootCA/private/RootCA.key.pem
# Now create a certification request. Because the cert is self-signed, this
# directly creates the RootCA's certificate. You will be asked for the
# password you just created.
#
# All in one line:
openssl req -new -x509 -days 1827 -key /usr/lib/ssl/RootCA/private/RootCA.key.pem
-out /usr/lib/ssl/RootCA/RootCA.cert.pem
# Copy the certificate to the certs directory and create a link named like
# the cert's hash value
cp RootCA.cert.pem certs/00.pem
cd certs
ln -s /usr/lib/ssl/RootCA/certs/00.pem `openssl x509 -hash -noout -in 00.pem`.0
Now you should have the cert (00.pem) and something like 1a2783e8.0 pointing to
/usr/lib/ssl/RootCA/00.pem
2. Create the ServerCA
cd /usr/lib/ssl/ServerCA
# Create the private key for the ServerCA
# You will be asked for a new password here. Do not make it the same as the RootCA's
# password, but still - make it a good one.
#
openssl genrsa -aes256 -out /usr/lib/ssl/ServerCA/private/ServerCA.key.pem
-rand /usr/lib/ssl/ServerCA/private/.rand 2048
chmod g-rwx,o-rwx /usr/lib/ssl/ServerCA/private/ServerCA.key.pem
# Create the certification request. You will be asked for the
# newly created password.
# (All in one line)
openssl req -new -days 1827 -key /usr/lib/ssl/ServerCA/private/ServerCA.key.pem
-out /usr/lib/ssl/ServerCA/ServerCA.req.pem
# Let the RootCA sign the request and create the certificate.
# You will need the RootCA's password for this.
#
openssl ca -name RootCA -in /usr/lib/ssl/ServerCA/ServerCA.req.pem
-out /usr/lib/ssl/ServerCA/ServerCA.cert.pem
# Copy and link the certificate.
#
mv /usr/lib/ssl/RootCA/newcerts/01.pem /usr/lib/ssl/RootCA/certs/
cd /usr/lib/ssl/RootCA/certs/
ln -s 01.pem `openssl x509 -in 01.pem -hash -noout`.0
# And copy the part neccessary for browser integration into
# another file (this is the part between BEGIN CERTIFICATE and END CERTIFICATE)
#
cd /usr/lib/ssl/ServerCA
sed -n '/-----BEGIN CERTIFICATE-----/,$p' ServerCA.cert.pem > ServerCA.crt
# Create the CACerts file used on the client side to verify a server cert
mkdir /usr/lib/ssl/cacerts/
cat /usr/lib/ssl/RootCA/RootCA.cert.pem /usr/lib/ssl/ServerCA/ServerCA.cert.pem > /usr/lib/ssl/cacerts/ServerCA.chain.pem
# The newly created file (ServerCA.chain.pem) is the CACertsFile which has to be copied
# to every client. Create a /usr/lib/ssl/cacerts/ directory on the client side and copy
# the file to that location.
3. Do the same with the User CA
4. Create your LDAP server certificate. As for the name in your cert, use the fqdn of
the machine you are running the server on.
cd /usr/lib/ssl/ServerCA
# You will NOT need a password here
#
openssl genrsa -out <fqdn-of-your-server>.key.pem -rand ./private/.rand 2048
openssl req -new -key <fqdn-of-your-server>.key.pem -out <fqdn-of-your-server>.req.pem
# But here, you will be asked for the ServerCA's password
openssl ca -name ServerCA -in <fqdn-of-your-server>.req.pem -out <fqdn-of-your-server>.cert.pem
Move and link the new certificate (in newcerts) as above.
5. Configure LDAP server and clients
Make sure that your ldap server can read its own private key. If your ldap server is
running as user openldap, make sure that this user owns the private key in
/usr/lib/ssl/ServerCA/private/
Normal users should never be allowed to read the key! This would break the whole security
mechanism.
In your slapd.conf, you will have
TLSCertificateFile /usr/lib/ssl/certs/<fqdn>.cert.pem
TLSCertificateKeyFile /usr/lib/ssl/private/<fqdn>.key.pem
And on client side ldap.conf:
TLS_CACERT /usr/lib/ssl/cacerts/ServerCA.chain.pem
TLS_REQCERT demand
Hope this helps,
Hauke
p.s.: The description is strongly influenced by Frank Steidl's tutorial as
it can be found at http://fra.nksteidl.de/Erinnerungen/OpenSSL.php
----- Ursprüngliche Mail -----
Von: "Dieter Kluenter" < dieter(a)dkluenter.de >
An: openldap-technical(a)openldap.org
Gesendet: Dienstag, 7. Oktober 2008 22:34:14 GMT +01:00 Amsterdam/Berlin/Bern/Rom/Stockholm/Wien
Betreff: Re: AW: StartTLS is not working
Dat Duong < datduong2000(a)yahoo.com > writes:
> Hi Hauke,
>
> I still can't get TLS to work. Here is the error message.
>
> TLS certificate verification: Error, self signed certificate
> tls_write: want=7, written=7
> 0000: 15 03 01 00 02 02 30 ......0
> TLS trace: SSL3 alert write:fatal:unknown CA
> TLS trace: SSL_connect:error in SSLv3 read server certificate B
> TLS trace: SSL_connect:error in SSLv3 read server certificate B
> TLS: can't connect: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Please describe the parameters to create your certificate chain.
I presume you have not signed your certificates with a known
certificate authority.
-Dieter
--
Dieter Klünter | Systemberatung
http://www.dpunkt.de/buecher/2104.html
GPG Key ID:8EF7B6C6
53°08'09,95"N
10°08'02,42"E
--
------------------------------------
Fernuniversität in Hagen
Lehrgebiet Kommunikationsnetze
http://www.fernuni-hagen.de/kn
Fon/Fax: +49 2331 987 -1142 / -353
------------------------------------
--
------------------------------------
Fernuniversität in Hagen
Lehrgebiet Kommunikationsnetze
http://www.fernuni-hagen.de/kn
Fon/Fax: +49 2331 987 -1142 / -353
------------------------------------
15 years, 1 month
ldapadd error
by Kermito le kermit
hello all
i am new to openldap and i have some problem to use, i follow the exemple in quick start guide to make my slpad.conf but when i what to populta my data base i have error
in the log i see
conn=0 op=0 BIND dn="cn=Manager,dc=example,dc=com" method=128
conn=0 op=0 BIND dn="cn=Manager,dc=example,dc=com" mech=SIMPLE ssf=0
conn=0 op=0 RESULT tag=97 err=0 text=
conn=0 op=1 ADD dn="dc=example,dc=com"
Erreur de segmentation
i am to debian help me please
15 years, 1 month
problem searching directory for a certificate
by drewgr
Folks,
I have a Java based application using JNDI to connect with OpenLDAP.
One of the functions requires searching the directory for a given
certificate. No matter what I try, this will not work with OpenLDAP. I
think that either OpenLDAP just is not able to search for binary data,
or more likely there is something "special" about the
"userCertificate;binary" attribute.
I turned on full tracing in the LDAP log, and I see the following when
the relevant search is executed.
>>> serialNumberAndIssuerPretty: <various "graphics" characters >
get_ava: illegal value for attributeType userCertificate
end get_filter 0
end get_filter_list
end get_filter 0
filter: (&(?=undefined))
=> get_ctrls
=> get_ctrls: oid="2.16.840.1.113730.3.4.2" (noncritical)
<= get_ctrls: n=1 rc=0 err=""
attrs:
The "filter: (&(?=undefined))" seems really fishy to me. When I do any
other search, the line looks more like "(&(uid=GregD))"
From the application side, it appears that the request succeeded, but
it returns nothing. I know the certificate exists in the directory, as
I can search on an ordinary attribute like uid and then get the
userCertificate;binary attribute from the result. The data returned is
a valid certificate.
I have watched the packet stream back and forth, and the query is
getting transmitted to the slapd correctly, but no matches are
returned. Setting com.sun.jndi.ldap.trace.ber to System.out in the
application gives trace data which indicates the same thing.
To further validate my suspicions that this is an OpenLDAP issue, I set
up a Sun Directory Server instance on the same server, and I am able to
perform the search against that software.
I've also started looking around the OpenLDAP source code, but so far
have not found the smoking gun.
Can anyone shed some light on this for me?
The OS is CentOS 5.2, latest patches. The OpenLdap version is 2.3.27-8
as reported by rpm.
Thanks
Greg
15 years, 1 month
Re: AW: StartTLS is not working
by Dat Duong
Hi Hauke,
I still can't get TLS to work. Here is the error message.
TLS certificate verification: Error, self signed certificate
tls_write: want=7, written=7
0000: 15 03 01 00 02 02 30 ......0
TLS trace: SSL3 alert write:fatal:unknown CA
TLS trace: SSL_connect:error in SSLv3 read server certificate B
TLS trace: SSL_connect:error in SSLv3 read server certificate B
TLS: can't connect: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed.
ldap_err2string
ldap_start_tls: Connect error (-11)
Thanks
----- Original Message ----
From: Hauke Coltzau <hauke.coltzau(a)FernUni-Hagen.de>
To: Dat Duong <datduong2000(a)yahoo.com>
Cc: openldap-technical <openldap-technical(a)openldap.org>
Sent: Tuesday, October 7, 2008 1:25:37 AM
Subject: AW: StartTLS is not working
Hi Dat,
first of all: Please send your questions to the list so that
other users with the same problem can find the solution, too.
To your problem: Please make sure that you have a correct
value for your ServerCA's private key in your openssl.cnf. It
should read something like this:
[ ServerCA ]
# Where is the base directory for the ServerCA
dir = /usr/lib/ssl/ServerCA
# Where is the ServerCA's certificate
certificate = $dir/ServerCA.cert.pem
# and where is the ServerCA's private key
private_key = $dir/private/ServerCA.key.pem
Without the private key, the ServerCA will not be
able to sign your LDAP certificate. You will find more
configuration hints for openssl.cnf in the tutorial.
Hope this helps,
Hauke
--
----- Ursprüngliche Mail -----
Von: "Dat Duong" <datduong2000(a)yahoo.com>
An: "hauke coltzau" <hauke.coltzau(a)FernUni-Hagen.de>
Gesendet: Dienstag, 7. Oktober 2008 09:06:07 GMT +01:00 Amsterdam/Berlin/Bern/Rom/Stockholm/Wien
Betreff: StartTLS is not working
Hi Hauke,
I read your instruction on how to create Root CA ...I have a hard time understanding the step. I have a question on how to sign the ldap server certificated using Server CA? I get an error message:
bash-3.00# openssl ca -name ServerCA -in afldap01.req.pem -out afldap01.cert.pem
Using configuration from /usr/local/ssl/openssl.cnf
variable lookup failed for ServerCA::private_key
18908:error:0E06D06C:configuration file routines:NCONF_get_string:no value:conf_lib.c:329:group=ServerCA name=private_key
Thanks
Dat
--
------------------------------------
Fernuniversität in Hagen
Lehrgebiet Kommunikationsnetze
http://www.fernuni-hagen.de/kn
Fon/Fax: +49 2331 987 -1142 / -353
------------------------------------
15 years, 1 month
LVM snapshot as a backup method
by Pavlos Parissis
Hi,
Has anyone used LVM snapshot as a backup method when downtime isn't allowed and slapcat takes hours to finish?
I have to find a way to backup the LDAP without bring it down or set it in ReadOnly mode, thus I thought about the LVM snapshot.
I can run LVM snapshot every day and then run db_recover -c for making the snapshot LDAP DB in a good state.
Am I missing something in the above idea?
Cheers,
Pavlos
15 years, 1 month
RE: JDBC-LDAP Bridge Driver and Tomcat Connection Pooling
by Hu, William
I got the following when try to use connection pooling from Tomcat. There
maybe an issue with auto commit, read only and transaction isolation
settings. Does your driver use these settings? Or are they not implemented?
Thanks in advance
com.jaspersoft.jasperserver.api.JSException:
jsexception.error.creating.connection
com.jaspersoft.jasperserver.api.JSException:
jsexception.error.creating.connection
at
com.jaspersoft.jasperserver.api.engine.jasperreports.service.impl.JdbcDataSo
urceService.createConnection(JdbcDataSourceService.java:61)
at
com.jaspersoft.jasperserver.api.engine.jasperreports.service.impl.BaseJdbcDa
taSource.setReportParameterValues(BaseJdbcDataSource.java:52)
at
com.jaspersoft.jasperserver.api.engine.jasperreports.service.impl.JdbcDataSo
urceService.setReportParameterValues(JdbcDataSourceService.java:66)
at
com.jaspersoft.jasperserver.api.engine.jasperreports.service.impl.EngineServ
iceImpl.fillReport(EngineServiceImpl.java:633)
at
com.jaspersoft.jasperserver.api.engine.jasperreports.service.impl.EngineServ
iceImpl.fillReport(EngineServiceImpl.java:333)
at
com.jaspersoft.jasperserver.api.engine.jasperreports.service.impl.EngineServ
iceImpl.executeReport(EngineServiceImpl.java:765)
at
com.jaspersoft.jasperserver.api.engine.jasperreports.domain.impl.ReportUnitR
equest.execute(ReportUnitRequest.java:60)
at
com.jaspersoft.jasperserver.api.engine.jasperreports.service.impl.EngineServ
iceImpl.execute(EngineServiceImpl.java:265)
at
com.jaspersoft.jasperserver.war.action.ViewReportAction.executeReport(ViewRe
portAction.java:329)
at
com.jaspersoft.jasperserver.war.action.ViewReportAction.verifyData(ViewRepor
tAction.java:222)
at sun.reflect.GeneratedMethodAccessor376.invoke(Unknown Source)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl
.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at
org.springframework.webflow.util.DispatchMethodInvoker.invoke(DispatchMethod
Invoker.java:103)
at
org.springframework.webflow.action.MultiAction.doExecute(MultiAction.java:13
6)
at
org.springframework.webflow.action.AbstractAction.execute(AbstractAction.jav
a:203)
at
org.springframework.webflow.engine.AnnotatedAction.execute(AnnotatedAction.j
ava:142)
at
org.springframework.webflow.engine.ActionExecutor.execute(ActionExecutor.jav
a:61)
at
org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:180)
at org.springframework.webflow.engine.State.enter(State.java:200)
at
org.springframework.webflow.engine.Transition.execute(Transition.java:229)
at
org.springframework.webflow.engine.TransitionableState.onEvent(Transitionabl
eState.java:112)
at org.springframework.webflow.engine.Flow.onEvent(Flow.java:572)
at
org.springframework.webflow.engine.impl.RequestControlContextImpl.signalEven
t(RequestControlContextImpl.java:207)
at
org.springframework.webflow.engine.impl.FlowExecutionImpl.signalEvent(FlowEx
ecutionImpl.java:214)
at
org.springframework.webflow.executor.FlowExecutorImpl.resume(FlowExecutorImp
l.java:238)
at sun.reflect.GeneratedMethodAccessor211.invoke(Unknown Source)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl
.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at
org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopU
tils.java:281)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint
(ReflectiveMethodInvocation.java:187)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(Reflect
iveMethodInvocation.java:154)
at
org.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor.inv
oke(MethodSecurityInterceptor.java:66)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(Reflect
iveMethodInvocation.java:176)
at
org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopPro
xy.java:210)
at $Proxy13.resume(Unknown Source)
at
org.springframework.webflow.executor.support.FlowRequestHandler.handleFlowRe
quest(FlowRequestHandler.java:115)
at
org.springframework.webflow.executor.mvc.FlowController.handleRequestInterna
l(FlowController.java:170)
at
org.springframework.web.servlet.mvc.AbstractController.handleRequest(Abstrac
tController.java:153)
at
org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(Si
mpleControllerHandlerAdapter.java:45)
at
org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServl
et.java:820)
at
org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServle
t.java:755)
at
org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkSer
vlet.java:396)
at
org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java
:350)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:689)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Application
FilterChain.java:252)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterCh
ain.java:173)
at
com.jaspersoft.jasperserver.war.common.UploadMultipartFilter.doFilter(Upload
MultipartFilter.java:86)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Application
FilterChain.java:202)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterCh
ain.java:173)
at
org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterCh
ainProxy.java:264)
at
org.acegisecurity.ui.switchuser.SwitchUserProcessingFilter.doFilter(SwitchUs
erProcessingFilter.java:335)
at
org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterCh
ainProxy.java:274)
at
org.acegisecurity.intercept.web.FilterSecurityInterceptor.invoke(FilterSecur
ityInterceptor.java:107)
at
org.acegisecurity.intercept.web.FilterSecurityInterceptor.doFilter(FilterSec
urityInterceptor.java:72)
at
org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterCh
ainProxy.java:274)
at
org.acegisecurity.ui.ExceptionTranslationFilter.doFilter(ExceptionTranslatio
nFilter.java:110)
at
org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterCh
ainProxy.java:274)
at
org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(Ano
nymousProcessingFilter.java:125)
at
org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterCh
ainProxy.java:274)
at
com.jaspersoft.jasperserver.api.metadata.user.service.impl.MetadataAuthentic
ationProcessingFilter.doFilter(MetadataAuthenticationProcessingFilter.java:1
41)
at
org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterCh
ainProxy.java:274)
at
com.jaspersoft.jasperserver.war.util.RequestParameterAuthenticationFilter.do
Filter(RequestParameterAuthenticationFilter.java:97)
at
org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterCh
ainProxy.java:274)
at
org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessin
gFilter.java:181)
at
org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterCh
ainProxy.java:274)
at
com.jaspersoft.jasperserver.war.UserPreferencesFilter.doFilter(UserPreferenc
esFilter.java:165)
at
org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterCh
ainProxy.java:274)
at
org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFil
ter.java:217)
at
org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterCh
ainProxy.java:274)
at
com.jaspersoft.jasperserver.war.UserPreferencesFilter.doFilter(UserPreferenc
esFilter.java:165)
at
org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterCh
ainProxy.java:274)
at
org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpS
essionContextIntegrationFilter.java:191)
at
org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterCh
ainProxy.java:274)
at
org.acegisecurity.util.FilterChainProxy.doFilter(FilterChainProxy.java:148)
at
org.acegisecurity.util.FilterToBeanProxy.doFilter(FilterToBeanProxy.java:90)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Application
FilterChain.java:202)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterCh
ain.java:173)
at
com.jaspersoft.jasperserver.war.util.CharacterEncodingFilter.doFilter(Charac
terEncodingFilter.java:70)
at
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilt
erProxy.java:138)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Application
FilterChain.java:202)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterCh
ain.java:173)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.ja
va:213)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.ja
va:178)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126
)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105
)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java
:107)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
at
org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processC
onnection(Http11BaseProtocol.java:664)
at
org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.jav
a:527)
at
org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWo
rkerThread.java:80)
at
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.jav
a:684)
at java.lang.Thread.run(Thread.java:595)
Caused by: org.apache.commons.dbcp.SQLNestedException: Cannot get a
connection, pool exhausted
at
org.apache.commons.dbcp.PoolingDataSource.getConnection(PoolingDataSource.ja
va:103)
at
com.jaspersoft.jasperserver.api.engine.jasperreports.service.impl.JdbcDataSo
urceService.createConnection(JdbcDataSourceService.java:58)
... 94 more
Caused by: java.util.NoSuchElementException: Could not create a validated
object, cause: LDAP Does Not Support Transactions
at
org.apache.commons.pool.impl.GenericObjectPool.borrowObject(GenericObjectPoo
l.java:806)
at
org.apache.commons.dbcp.PoolingDataSource.getConnection(PoolingDataSource.ja
va:95)
... 95 more
org.apache.commons.dbcp.SQLNestedException: Cannot get a connection, pool
exhausted
org.apache.commons.dbcp.SQLNestedException: Cannot get a connection, pool
exhausted
at
org.apache.commons.dbcp.PoolingDataSource.getConnection(PoolingDataSource.ja
va:103)
at
com.jaspersoft.jasperserver.api.engine.jasperreports.service.impl.JdbcDataSo
urceService.createConnection(JdbcDataSourceService.java:58)
at
com.jaspersoft.jasperserver.api.engine.jasperreports.service.impl.BaseJdbcDa
taSource.setReportParameterValues(BaseJdbcDataSource.java:52)
at
com.jaspersoft.jasperserver.api.engine.jasperreports.service.impl.JdbcDataSo
urceService.setReportParameterValues(JdbcDataSourceService.java:66)
at
com.jaspersoft.jasperserver.api.engine.jasperreports.service.impl.EngineServ
iceImpl.fillReport(EngineServiceImpl.java:633)
at
com.jaspersoft.jasperserver.api.engine.jasperreports.service.impl.EngineServ
iceImpl.fillReport(EngineServiceImpl.java:333)
at
com.jaspersoft.jasperserver.api.engine.jasperreports.service.impl.EngineServ
iceImpl.executeReport(EngineServiceImpl.java:765)
at
com.jaspersoft.jasperserver.api.engine.jasperreports.domain.impl.ReportUnitR
equest.execute(ReportUnitRequest.java:60)
at
com.jaspersoft.jasperserver.api.engine.jasperreports.service.impl.EngineServ
iceImpl.execute(EngineServiceImpl.java:265)
at
com.jaspersoft.jasperserver.war.action.ViewReportAction.executeReport(ViewRe
portAction.java:329)
at
com.jaspersoft.jasperserver.war.action.ViewReportAction.verifyData(ViewRepor
tAction.java:222)
at sun.reflect.GeneratedMethodAccessor376.invoke(Unknown Source)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl
.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at
org.springframework.webflow.util.DispatchMethodInvoker.invoke(DispatchMethod
Invoker.java:103)
at
org.springframework.webflow.action.MultiAction.doExecute(MultiAction.java:13
6)
at
org.springframework.webflow.action.AbstractAction.execute(AbstractAction.jav
a:203)
at
org.springframework.webflow.engine.AnnotatedAction.execute(AnnotatedAction.j
ava:142)
at
org.springframework.webflow.engine.ActionExecutor.execute(ActionExecutor.jav
a:61)
at
org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:180)
at org.springframework.webflow.engine.State.enter(State.java:200)
at
org.springframework.webflow.engine.Transition.execute(Transition.java:229)
at
org.springframework.webflow.engine.TransitionableState.onEvent(Transitionabl
eState.java:112)
at org.springframework.webflow.engine.Flow.onEvent(Flow.java:572)
at
org.springframework.webflow.engine.impl.RequestControlContextImpl.signalEven
t(RequestControlContextImpl.java:207)
at
org.springframework.webflow.engine.impl.FlowExecutionImpl.signalEvent(FlowEx
ecutionImpl.java:214)
at
org.springframework.webflow.executor.FlowExecutorImpl.resume(FlowExecutorImp
l.java:238)
at sun.reflect.GeneratedMethodAccessor211.invoke(Unknown Source)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl
.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at
org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopU
tils.java:281)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint
(ReflectiveMethodInvocation.java:187)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(Reflect
iveMethodInvocation.java:154)
at
org.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor.inv
oke(MethodSecurityInterceptor.java:66)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(Reflect
iveMethodInvocation.java:176)
at
org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopPro
xy.java:210)
at $Proxy13.resume(Unknown Source)
at
org.springframework.webflow.executor.support.FlowRequestHandler.handleFlowRe
quest(FlowRequestHandler.java:115)
at
org.springframework.webflow.executor.mvc.FlowController.handleRequestInterna
l(FlowController.java:170)
at
org.springframework.web.servlet.mvc.AbstractController.handleRequest(Abstrac
tController.java:153)
at
org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(Si
mpleControllerHandlerAdapter.java:45)
at
org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServl
et.java:820)
at
org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServle
t.java:755)
at
org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkSer
vlet.java:396)
at
org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java
:350)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:689)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Application
FilterChain.java:252)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterCh
ain.java:173)
at
com.jaspersoft.jasperserver.war.common.UploadMultipartFilter.doFilter(Upload
MultipartFilter.java:86)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Application
FilterChain.java:202)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterCh
ain.java:173)
at
org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterCh
ainProxy.java:264)
at
org.acegisecurity.ui.switchuser.SwitchUserProcessingFilter.doFilter(SwitchUs
erProcessingFilter.java:335)
at
org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterCh
ainProxy.java:274)
at
org.acegisecurity.intercept.web.FilterSecurityInterceptor.invoke(FilterSecur
ityInterceptor.java:107)
at
org.acegisecurity.intercept.web.FilterSecurityInterceptor.doFilter(FilterSec
urityInterceptor.java:72)
at
org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterCh
ainProxy.java:274)
at
org.acegisecurity.ui.ExceptionTranslationFilter.doFilter(ExceptionTranslatio
nFilter.java:110)
at
org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterCh
ainProxy.java:274)
at
org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(Ano
nymousProcessingFilter.java:125)
at
org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterCh
ainProxy.java:274)
at
com.jaspersoft.jasperserver.api.metadata.user.service.impl.MetadataAuthentic
ationProcessingFilter.doFilter(MetadataAuthenticationProcessingFilter.java:1
41)
at
org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterCh
ainProxy.java:274)
at
com.jaspersoft.jasperserver.war.util.RequestParameterAuthenticationFilter.do
Filter(RequestParameterAuthenticationFilter.java:97)
at
org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterCh
ainProxy.java:274)
at
org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessin
gFilter.java:181)
at
org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterCh
ainProxy.java:274)
at
com.jaspersoft.jasperserver.war.UserPreferencesFilter.doFilter(UserPreferenc
esFilter.java:165)
at
org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterCh
ainProxy.java:274)
at
org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFil
ter.java:217)
at
org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterCh
ainProxy.java:274)
at
com.jaspersoft.jasperserver.war.UserPreferencesFilter.doFilter(UserPreferenc
esFilter.java:165)
at
org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterCh
ainProxy.java:274)
at
org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpS
essionContextIntegrationFilter.java:191)
at
org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterCh
ainProxy.java:274)
at
org.acegisecurity.util.FilterChainProxy.doFilter(FilterChainProxy.java:148)
at
org.acegisecurity.util.FilterToBeanProxy.doFilter(FilterToBeanProxy.java:90)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Application
FilterChain.java:202)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterCh
ain.java:173)
at
com.jaspersoft.jasperserver.war.util.CharacterEncodingFilter.doFilter(Charac
terEncodingFilter.java:70)
at
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilt
erProxy.java:138)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Application
FilterChain.java:202)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterCh
ain.java:173)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.ja
va:213)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.ja
va:178)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126
)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105
)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java
:107)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
at
org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processC
onnection(Http11BaseProtocol.java:664)
at
org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.jav
a:527)
at
org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWo
rkerThread.java:80)
at
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.jav
a:684)
at java.lang.Thread.run(Thread.java:595)
Caused by: java.util.NoSuchElementException: Could not create a validated
object, cause: LDAP Does Not Support Transactions
at
org.apache.commons.pool.impl.GenericObjectPool.borrowObject(GenericObjectPoo
l.java:806)
at
org.apache.commons.dbcp.PoolingDataSource.getConnection(PoolingDataSource.ja
va:95)
... 95 more
java.util.NoSuchElementException: Could not create a validated object,
cause: LDAP Does Not Support Transactions
java.util.NoSuchElementException: Could not create a validated object,
cause: LDAP Does Not Support Transactions
at
org.apache.commons.pool.impl.GenericObjectPool.borrowObject(GenericObjectPoo
l.java:806)
at
org.apache.commons.dbcp.PoolingDataSource.getConnection(PoolingDataSource.ja
va:95)
at
com.jaspersoft.jasperserver.api.engine.jasperreports.service.impl.JdbcDataSo
urceService.createConnection(JdbcDataSourceService.java:58)
at
com.jaspersoft.jasperserver.api.engine.jasperreports.service.impl.BaseJdbcDa
taSource.setReportParameterValues(BaseJdbcDataSource.java:52)
at
com.jaspersoft.jasperserver.api.engine.jasperreports.service.impl.JdbcDataSo
urceService.setReportParameterValues(JdbcDataSourceService.java:66)
at
com.jaspersoft.jasperserver.api.engine.jasperreports.service.impl.EngineServ
iceImpl.fillReport(EngineServiceImpl.java:633)
at
com.jaspersoft.jasperserver.api.engine.jasperreports.service.impl.EngineServ
iceImpl.fillReport(EngineServiceImpl.java:333)
at
com.jaspersoft.jasperserver.api.engine.jasperreports.service.impl.EngineServ
iceImpl.executeReport(EngineServiceImpl.java:765)
at
com.jaspersoft.jasperserver.api.engine.jasperreports.domain.impl.ReportUnitR
equest.execute(ReportUnitRequest.java:60)
at
com.jaspersoft.jasperserver.api.engine.jasperreports.service.impl.EngineServ
iceImpl.execute(EngineServiceImpl.java:265)
at
com.jaspersoft.jasperserver.war.action.ViewReportAction.executeReport(ViewRe
portAction.java:329)
at
com.jaspersoft.jasperserver.war.action.ViewReportAction.verifyData(ViewRepor
tAction.java:222)
at sun.reflect.GeneratedMethodAccessor376.invoke(Unknown Source)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl
.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at
org.springframework.webflow.util.DispatchMethodInvoker.invoke(DispatchMethod
Invoker.java:103)
at
org.springframework.webflow.action.MultiAction.doExecute(MultiAction.java:13
6)
at
org.springframework.webflow.action.AbstractAction.execute(AbstractAction.jav
a:203)
at
org.springframework.webflow.engine.AnnotatedAction.execute(AnnotatedAction.j
ava:142)
at
org.springframework.webflow.engine.ActionExecutor.execute(ActionExecutor.jav
a:61)
at
org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:180)
at org.springframework.webflow.engine.State.enter(State.java:200)
at
org.springframework.webflow.engine.Transition.execute(Transition.java:229)
at
org.springframework.webflow.engine.TransitionableState.onEvent(Transitionabl
eState.java:112)
at org.springframework.webflow.engine.Flow.onEvent(Flow.java:572)
at
org.springframework.webflow.engine.impl.RequestControlContextImpl.signalEven
t(RequestControlContextImpl.java:207)
at
org.springframework.webflow.engine.impl.FlowExecutionImpl.signalEvent(FlowEx
ecutionImpl.java:214)
at
org.springframework.webflow.executor.FlowExecutorImpl.resume(FlowExecutorImp
l.java:238)
at sun.reflect.GeneratedMethodAccessor211.invoke(Unknown Source)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl
.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at
org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopU
tils.java:281)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint
(ReflectiveMethodInvocation.java:187)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(Reflect
iveMethodInvocation.java:154)
at
org.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor.inv
oke(MethodSecurityInterceptor.java:66)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(Reflect
iveMethodInvocation.java:176)
at
org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopPro
xy.java:210)
at $Proxy13.resume(Unknown Source)
at
org.springframework.webflow.executor.support.FlowRequestHandler.handleFlowRe
quest(FlowRequestHandler.java:115)
at
org.springframework.webflow.executor.mvc.FlowController.handleRequestInterna
l(FlowController.java:170)
at
org.springframework.web.servlet.mvc.AbstractController.handleRequest(Abstrac
tController.java:153)
at
org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(Si
mpleControllerHandlerAdapter.java:45)
at
org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServl
et.java:820)
at
org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServle
t.java:755)
at
org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkSer
vlet.java:396)
at
org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java
:350)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:689)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Application
FilterChain.java:252)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterCh
ain.java:173)
at
com.jaspersoft.jasperserver.war.common.UploadMultipartFilter.doFilter(Upload
MultipartFilter.java:86)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Application
FilterChain.java:202)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterCh
ain.java:173)
at
org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterCh
ainProxy.java:264)
at
org.acegisecurity.ui.switchuser.SwitchUserProcessingFilter.doFilter(SwitchUs
erProcessingFilter.java:335)
at
org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterCh
ainProxy.java:274)
at
org.acegisecurity.intercept.web.FilterSecurityInterceptor.invoke(FilterSecur
ityInterceptor.java:107)
at
org.acegisecurity.intercept.web.FilterSecurityInterceptor.doFilter(FilterSec
urityInterceptor.java:72)
at
org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterCh
ainProxy.java:274)
at
org.acegisecurity.ui.ExceptionTranslationFilter.doFilter(ExceptionTranslatio
nFilter.java:110)
at
org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterCh
ainProxy.java:274)
at
org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(Ano
nymousProcessingFilter.java:125)
at
org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterCh
ainProxy.java:274)
at
com.jaspersoft.jasperserver.api.metadata.user.service.impl.MetadataAuthentic
ationProcessingFilter.doFilter(MetadataAuthenticationProcessingFilter.java:1
41)
at
org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterCh
ainProxy.java:274)
at
com.jaspersoft.jasperserver.war.util.RequestParameterAuthenticationFilter.do
Filter(RequestParameterAuthenticationFilter.java:97)
at
org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterCh
ainProxy.java:274)
at
org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessin
gFilter.java:181)
at
org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterCh
ainProxy.java:274)
at
com.jaspersoft.jasperserver.war.UserPreferencesFilter.doFilter(UserPreferenc
esFilter.java:165)
at
org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterCh
ainProxy.java:274)
at
org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFil
ter.java:217)
at
org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterCh
ainProxy.java:274)
at
com.jaspersoft.jasperserver.war.UserPreferencesFilter.doFilter(UserPreferenc
esFilter.java:165)
at
org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterCh
ainProxy.java:274)
at
org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpS
essionContextIntegrationFilter.java:191)
at
org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterCh
ainProxy.java:274)
at
org.acegisecurity.util.FilterChainProxy.doFilter(FilterChainProxy.java:148)
at
org.acegisecurity.util.FilterToBeanProxy.doFilter(FilterToBeanProxy.java:90)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Application
FilterChain.java:202)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterCh
ain.java:173)
at
com.jaspersoft.jasperserver.war.util.CharacterEncodingFilter.doFilter(Charac
terEncodingFilter.java:70)
at
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilt
erProxy.java:138)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Application
FilterChain.java:202)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterCh
ain.java:173)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.ja
va:213)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.ja
va:178)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126
)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105
)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java
:107)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
at
org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processC
onnection(Http11BaseProtocol.java:664)
at
org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.jav
a:527)
at
org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWo
rkerThread.java:80)
at
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.jav
a:684)
at java.lang.Thread.run(Thread.java:595)
15 years, 1 month