Open Microscopy Environment

by **jlbryants** » Tue Jun 10, 2014 1:12 pm

We are using secure LDAP authentication for user authentication to Omero 5. I currently have one user who can no longer login. This is the information from the logs. Any assistance would be greatly appreciated.

2014-06-09 16:44:11,481 WARN [ ome.security.auth.LdapPasswordProvider] (erver-6891) DNs don't match: 'CN=andreak,OU=DN-PERIO,OU=DN,OU=HSC,OU=People,OU=UF,DC=ad,DC=ufl,DC=edu' and 'cn=andreak,ou=DN-PERIO,ou=DN,ou=HSC,ou=People,ou=UF,dc=ad,dc=ufl,dc=edu'
2014-06-09 16:44:11,481 INFO [ org.perf4j.TimingLogger] (erver-6891) start[1399668250583] time[898] tag[omero.call.success.ome.services.sessions.SessionManagerImpl$8.doWork]
2014-06-09 16:44:11,482 INFO [ ome.services.util.ServiceHandler] (erver-6891) Rslt: null
2014-06-09 16:44:11,482 INFO [ ome.services.util.ServiceHandler] (erver-6891) Executor.doWork -- ome.services.sessions.SessionManagerImpl.executeCheckPasswordRW(andreak)
2014-06-09 16:44:11,482 INFO [ ome.services.util.ServiceHandler] (erver-6891) Args: [null, InternalSF@1628496821]
2014-06-09 16:44:11,499 INFO [ ome.security.basic.EventHandler] (erver-6891) Auth: user=0,group=0,event=84980(Sessions),sess=6e3dcf0d-63e7-4f0d-8efe-01b1a200d6a8
2014-06-09 16:44:11,933 WARN [ ome.security.auth.LdapPasswordProvider] (erver-6891) DNs don't match: 'CN=andreak,OU=DN-PERIO,OU=DN,OU=HSC,OU=People,OU=UF,DC=ad,DC=ufl,DC=edu' and 'cn=andreak,ou=DN-PERIO,ou=DN,ou=HSC,ou=People,ou=UF,dc=ad,dc=ufl,dc=edu'
2014-06-09 16:44:11,933 WARN [ ome.security.auth.LoginAttemptListener] (erver-6891) 2 failed logins for andreak. Throttling for 3000
2014-06-09 16:44:14,937 INFO [ org.perf4j.TimingLogger] (erver-6891) start[1399668251482] time[3454] tag[omero.call.exception]
2014-06-09 16:44:14,937 INFO [ ome.services.util.ServiceHandler] (erver-6891) Excp: ome.conditions.ValidationException: DNs don't match: 'CN=andreak,OU=DN-PERIO,OU=DN,OU=HSC,OU=People,OU=UF,DC=ad,DC=ufl,DC=edu' and 'cn=andreak,ou=DN-PERIO,ou=DN,ou=HSC,ou=People,ou=UF,dc=ad,dc=ufl,dc=edu'
2014-06-09 16:44:14,938 ERROR [ o.s.blitz.fire.PermissionsVerifierI] (erver-6891) Exception thrown while checking password for:andreak
ome.conditions.ValidationException: DNs don't match: 'CN=andreak,OU=DN-PERIO,OU=DN,OU=HSC,OU=People,OU=UF,DC=ad,DC=ufl,DC=edu' and 'cn=andreak,ou=DN-PERIO,ou=DN,ou=HSC,ou=People,ou=UF,dc=ad,dc=ufl,dc=edu'
at ome.security.auth.LdapPasswordProvider.checkPassword(LdapPasswordProvider.java:149) ~[server.jar:na]
at ome.security.auth.PasswordProviders.checkPassword(PasswordProviders.java:42) ~[server.jar:na]
at ome.logic.AdminImpl.checkPassword(AdminImpl.java:1203) ~[server.jar:na]
at ome.services.sessions.SessionManagerImpl$9.doWork(SessionManagerImpl.java:979) ~[server.jar:na]
at sun.reflect.GeneratedMethodAccessor282.invoke(Unknown Source) ~[na:na]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) ~[na:1.6.0_65]
at java.lang.reflect.Method.invoke(Method.java:597) ~[na:1.6.0_65]
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307) ~[org.springframework.aop.jar:3.0.1.RELEASE-A]
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183) ~[org.springframework.aop.jar:3.0.1.RELEASE-A]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150) ~[org.springframework.aop.jar:3.0.1.RELEASE-A]
at ome.services.util.Executor$Impl$Interceptor.invoke(Executor.java:576) ~[server.jar:na]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) ~[org.springframework.aop.jar:3.0.1.RELEASE-A]
at ome.security.basic.EventHandler.invoke(EventHandler.java:154) ~[server.jar:na]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) ~[org.springframework.aop.jar:3.0.1.RELEASE-A]
at org.springframework.orm.hibernate3.HibernateInterceptor.invoke(HibernateInterceptor.java:111) ~[org.springframework.orm.jar:3.0.1.RELEASE-A]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) ~[org.springframework.aop.jar:3.0.1.RELEASE-A]
at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:108) ~[org.springframework.transaction.jar:3.0.1.RELEASE-A]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) ~[org.springframework.aop.jar:3.0.1.RELEASE-A]
at ome.tools.hibernate.ProxyCleanupFilter$Interceptor.invoke(ProxyCleanupFilter.java:241) ~[server.jar:na]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) ~[org.springframework.aop.jar:3.0.1.RELEASE-A]
at ome.services.util.ServiceHandler.invoke(ServiceHandler.java:116) ~[server.jar:na]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) ~[org.springframework.aop.jar:3.0.1.RELEASE-A]
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202) ~[org.springframework.aop.jar:3.0.1.RELEASE-A]
at com.sun.proxy.$Proxy66.doWork(Unknown Source) ~[na:na]
at ome.services.util.Executor$Impl.execute(Executor.java:457) ~[server.jar:na]
at ome.services.util.Executor$Impl.execute(Executor.java:401) ~[server.jar:na]
at ome.services.sessions.SessionManagerImpl.executeCheckPasswordRW(SessionManagerImpl.java:974) ~[server.jar:na]
at ome.services.sessions.SessionManagerImpl.executeCheckPassword(SessionManagerImpl.java:946) ~[server.jar:na]
at ome.services.sessions.SessionManagerImpl.executePasswordCheck(SessionManagerImpl.java:921) ~[server.jar:na]
at ome.services.blitz.fire.PermissionsVerifierI.checkPermissions(PermissionsVerifierI.java:135) ~[blitz.jar:na]
at Glacier2._PermissionsVerifierDisp.___checkPermissions(_PermissionsVerifierDisp.java:114) [ice-glacier2.jar:na]
at Glacier2._PermissionsVerifierDisp.__dispatch(_PermissionsVerifierDisp.java:149) [ice-glacier2.jar:na]
at IceInternal.Incoming.invoke(Incoming.java:222) [ice.jar:na]
at Ice.ConnectionI.invokeAll(ConnectionI.java:2482) [ice.jar:na]
at Ice.ConnectionI.dispatch(ConnectionI.java:1258) [ice.jar:na]
at Ice.ConnectionI.message(ConnectionI.java:1213) [ice.jar:na]
at IceInternal.ThreadPool.run(ThreadPool.java:321) [ice.jar:na]
at IceInternal.ThreadPool.access$300(ThreadPool.java:12) [ice.jar:na]
at IceInternal.ThreadPool$EventHandlerThread.run(ThreadPool.java:693) [ice.jar:na]
at java.lang.Thread.run(Thread.java:695) [na:1.6.0_65]

Thanks,

Joe

by **jmoore** » Tue Jun 10, 2014 7:07 pm

Hi Joe,

this is a current limitation of the LDAP plugin. If a user's DN changes, you'll need to modify it either directly in the DB (table "password" column "dn") or via the command:

Code: Select all: bin/omero ldap setdn

Use "-h" for help.

Sorry for the trouble.
~Josh

by **jlbryants** » Wed Jun 11, 2014 7:12 pm

Hi Josh,

Thanks for the reply. When I try the command to setdn (or even getdn) I get this error.

InternalException: Failed to connect: exception ::Ice::PluginInitializationException
{
reason = unable to load entry point `IceSSL:createIceSSL': dlopen(libIceSSL.35.dylib, 10): image not found; dlopen(libZerocIceSSL.35.dylib, 10): image not found; dlopen(libIceSSL.35.so, 10): image not found; dlopen(libIceSSL.35.bundle, 10): image not found
}

Any ideas?

Joe

by **jmoore** » Wed Jun 11, 2014 7:43 pm

Is your environment different from the one running OMERO? For example, is (DY)LD_LIBRARY_PATH not set? Where/how do you have Ice installed? Also, is ICE_CONFIG set in your environment?

Cheers,
~Josh.

Open Microscopy Environment

Login authentication failure, DNs don't match

Login authentication failure, DNs don't match

Re: Login authentication failure, DNs don't match

Re: Login authentication failure, DNs don't match

Re: Login authentication failure, DNs don't match

Who is online