Open Microscopy Environment

[jlbryants]

We have been using Omero for the past couple of months with LDAP authentication on port 389. The university is going to port 636 and I need to change it to support the secure port. I have made the changes to the configuration and I am not able to log in. Looking at the logs I get FileNotFoundException: /home/user/.mystore (No such file or directory). Any ideas?

Joe

[cxallan]

Hi Joe,

Which parts of the LDAP and Security pages have you already followed?

-Chris

[jlbryants]

Hi Chris,

I changed the URLS to ldaps://ad.ufl.edu:636

I added:
omero.security.keyStore=/home/user/.mystore
omero.security.keyStorePassword=secret
omero.security.trustStore=/home/user/.keystore
omero.security.trustStorePassword=secret

We have not enabled any firewalls at this point. We will tighten that down after it is working. We are still running Omero Server 4.3.4. We have purchased another server to test 4.4.1.

Thanks for your help.

Joe

[cxallan]

Sorry, you've added those lines to the configuration and it's working or you're still having issues?

[jlbryants]

No it is not working with those entries. Please see the error log entries below.

Caused by: javax.naming.CommunicationException: ad.ufl.edu:636 [Root exception is java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)]
at com.sun.jndi.ldap.Connection.<init>(Connection.java:199)
at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:116)
at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1580)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2678)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:296)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
at javax.naming.InitialContext.init(InitialContext.java:223)
at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:134)
at org.springframework.ldap.core.support.LdapContextSource.getDirContextInstance(LdapContextSource.java:43)
at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:254)
... 49 more
Caused by: java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
at javax.net.ssl.DefaultSSLSocketFactory.throwException(SSLSocketFactory.java:179)
at javax.net.ssl.DefaultSSLSocketFactory.createSocket(SSLSocketFactory.java:192)
at sun.reflect.GeneratedMethodAccessor319.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.sun.jndi.ldap.Connection.createSocket(Connection.java:316)
at com.sun.jndi.ldap.Connection.<init>(Connection.java:186)
... 63 more
Caused by: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
at java.security.Provider$Service.newInstance(Provider.java:1245)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:220)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:147)
at javax.net.ssl.SSLContext.getInstance(SSLContext.java:125)
at javax.net.ssl.SSLContext.getDefault(SSLContext.java:68)
at javax.net.ssl.SSLSocketFactory.getDefault(SSLSocketFactory.java:102)
at sun.reflect.GeneratedMethodAccessor318.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.sun.jndi.ldap.Connection.createSocket(Connection.java:272)
... 64 more
Caused by: java.security.PrivilegedActionException: java.io.FileNotFoundException: /home/user/.mystore (No such file or directory)
at java.security.AccessController.doPrivileged(Native Method)
at com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl.getDefaultKeyManager(DefaultSSLContextImpl.java:120)
at com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl.<init>(DefaultSSLContextImpl.java:40)
at sun.reflect.GeneratedConstructorAccessor116.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at java.lang.Class.newInstance0(Class.java:355)
at java.lang.Class.newInstance(Class.java:308)
at java.security.Provider$Service.newInstance(Provider.java:1221)
... 73 more
Caused by: java.io.FileNotFoundException: /home/user/.mystore (No such file or directory)
at java.io.FileInputStream.open(Native Method)
at java.io.FileInputStream.<init>(FileInputStream.java:120)
at java.io.FileInputStream.<init>(FileInputStream.java:79)
at com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl$2.run(DefaultSSLContextImpl.java:123)
at com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl$2.run(DefaultSSLContextImpl.java:121)
... 82 more
2012-08-02 08:49:36,910 INFO [ ome.services.util.ServiceHandler] (l.Server-5) Excp: org.springframework.ldap.CommunicationException: ad.ufl.edu:636; nested exception is javax.naming.CommunicationException: ad.ufl.edu:636 [Root exception is java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)]
2012-08-02 08:49:36,910 ERROR [services.blitz.fire.PermissionsVerifierI] (l.Server-5) Exception thrown while checking password for:jlbryants
ome.conditions.InternalException: Wrapped Exception: (org.springframework.ldap.CommunicationException):
ad.ufl.edu:636; nested exception is javax.naming.CommunicationException: ad.ufl.edu:636 [Root exception is java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)]
at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:98)
at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:266)
at org.springframework.ldap.core.support.AbstractContextSource.getContext(AbstractContextSource.java:106)
at org.springframework.ldap.core.support.AbstractContextSource.getReadOnlyContext(AbstractContextSource.java:125)
at sun.reflect.GeneratedMethodAccessor317.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:196)
at $Proxy59.getReadOnlyContext(Unknown Source)
at ome.logic.LdapImpl.getBase(LdapImpl.java:571)
at ome.logic.LdapImpl.getContextMapper(LdapImpl.java:528)
at ome.logic.LdapImpl.findDN(LdapImpl.java:168)
at ome.security.auth.LdapPasswordProvider.getLdapDN(LdapPasswordProvider.java:180)
at ome.security.auth.LdapPasswordProvider.checkPassword(LdapPasswordProvider.java:134)
at ome.security.auth.PasswordProviders.checkPassword(PasswordProviders.java:42)
at ome.logic.AdminImpl.checkPassword(AdminImpl.java:1194)
at ome.services.sessions.SessionManagerImpl$9.doWork(SessionManagerImpl.java:978)
at sun.reflect.GeneratedMethodAccessor272.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
at ome.services.util.Executor$Impl$Interceptor.invoke(Executor.java:440)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at ome.security.basic.EventHandler.invoke(EventHandler.java:150)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.springframework.orm.hibernate3.HibernateInterceptor.invoke(HibernateInterceptor.java:111)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:108)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at ome.tools.hibernate.ProxyCleanupFilter$Interceptor.invoke(ProxyCleanupFilter.java:231)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at ome.services.util.ServiceHandler.invoke(ServiceHandler.java:116)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
at $Proxy64.doWork(Unknown Source)
at ome.services.util.Executor$Impl.execute(Executor.java:371)
at ome.services.sessions.SessionManagerImpl.executeCheckPasswordRW(SessionManagerImpl.java:973)
at ome.services.sessions.SessionManagerImpl.executeCheckPassword(SessionManagerImpl.java:945)
at ome.services.sessions.SessionManagerImpl.executePasswordCheck(SessionManagerImpl.java:920)
at ome.services.blitz.fire.PermissionsVerifierI.checkPermissions(PermissionsVerifierI.java:135)
at Glacier2._PermissionsVerifierDisp.___checkPermissions(_PermissionsVerifierDisp.java:90)
at Glacier2._PermissionsVerifierDisp.__dispatch(_PermissionsVerifierDisp.java:118)
at IceInternal.Incoming.invoke(Incoming.java:159)
at Ice.ConnectionI.invokeAll(ConnectionI.java:2037)
at Ice.ConnectionI.message(ConnectionI.java:972)
at IceInternal.ThreadPool.run(ThreadPool.java:577)
at IceInternal.ThreadPool.access$100(ThreadPool.java:12)
at IceInternal.ThreadPool$EventHandlerThread.run(ThreadPool.java:971)

[cxallan]

Unless you really have installed OMERO as "user" just copying those variables verbatim is not going to work. You have to specify the correct path based on the user you're running OMERO.server as.

[jlbryants]

Thanks for your help Chris. We have it up. The path was not correct as you surmised.

[cxallan]

Thanks for your help Chris. We have it up. The path was not correct as you surmised.

Perfect. Happy to help.