grouper-users - [grouper-users] LDAP auth and the wheel group?
Subject: Grouper Users - Open Discussion List
List archive
- From: Michael White <>
- To: "" <>
- Subject: [grouper-users] LDAP auth and the wheel group?
- Date: Mon, 19 Jan 2015 16:31:04 +0000
- Accept-language: en-US, en-GB
- Acceptlanguage: en-US, en-GB
Hi,
I'm still in the early stages of playing and learning with Grouper v2.2.0.
I've got a basic folder/group hierarchy set up, subjects coming from AD, and
a number of groups being successfully populated via the Loader :-).
I'm now trying to switch to using our AD for authentication by switching to a
JNDIRealm in Tomcat's server.xml - of course this means that I can no longer
log on using the GrouperSystem account, so I've been trying to enable my AD
account to be an admin account in Grouper by adding it to my "wheel" group .
. .
I've added:
groups.wheel.use = true
- to "grouper.properties", and I note:
groups.wheel.group = etc:sysadmingroup
- in "grouper.base.properties".
I created "etc:sysadmingroup" (as the Grouper System user) and added myself
to it, however this doesn't appear to be working as hoped/expected.
If I log on using my AD username, authentication appears to work and I arrive
at the Grouper (new) UI and I'm correctly identified as me in the "Logged in
as" line, but in the "Browse Folders" panel, it just shows "Error", which is
reflected in the logs (appropriate snippet attached).
If I switch to the old UI, I can browse the folder hierarchy, but I can only
see groups that I have been granted explicit permissions for (i.e. still not
behaving as an admin user).
Have I misunderstood how this is supposed to work? or am I missing something
obvious (or done something stupid!)?
Any thoughts, observations, or pointers would be most welcome as I'm not sure
what to try next.
Cheers,
Mike
Michael White
eLearning Liaison and Development (eLD)
Information Services
S8, Library
University of Stirling
Stirling SCOTLAND
FK9 4LA
Email:
Tel: +44 (0) 1786 466877
Fax: +44 (0) 1786 466880
http://www.stir.ac.uk/is/staff/about/teams/aldt/#eld
--
The University of Stirling has been ranked in the top 12 of UK universities
for graduate employment*.
94% of our 2012 graduates were in work and/or further study within six months
of graduation.
*The Telegraph
The University of Stirling is a charity registered in Scotland, number SC
011159.
2015-01-19 16:12:03,525: [http-8600-5] INFO EventLog.info(156) - -
[6a352988e5a3433e8a8ef4b7234e990e,'mw6','person'] session: start (3ms)
2015-01-19 16:12:03,695: [http-8600-2] ERROR
JDBCExceptionReporter.logExceptions(234) - - ERROR: for SELECT DISTINCT,
ORDER BY expressions must appear in select list
Position: 1623
2015-01-19 16:12:03,702: [http-8600-2] ERROR UiV2Main.folderMenu(310) - -
Error searching for folder: 'root', Problem in HibernateSession:
HibernateSession (8d022af): new, readonly, READONLY_NEW,
notActiveTransaction, session (6ba94dd5),
Exception in list: (class
edu.internet2.middleware.grouper.attr.AttributeDef), ByHqlStatic, query:
'select distinct theAttributeDef from AttributeDef theAttributeDef ,
MembershipEntry __attrDefMembershipSFEB585Y where theAttributeDef.stemId =
:theStemId and __attrDefMembershipSFEB585Y.ownerAttrDefId =
theAttributeDef.id and __attrDefMembershipSFEB585Y.fieldId in (:SFEB585X0,
:SFEB585X1, :SFEB585X2, :SFEB585X3, :SFEB585X4, :SFEB585X5, :SFEB585X6,
:SFEB585X7) and __attrDefMembershipSFEB585Y.memberUuid in (:SFEB585Z0,
:SFEB585Z1) and __attrDefMembershipSFEB585Y.enabledDb = 'T'', cacheable:
false, cacheRegion:
edu.internet2.middleware.grouper.internal.dao.hib3.Hib3AttributeDefDAO.GetAllAttributeDefsSecure,
tx type: null, options: QueryOptions: queryPaging: pageSize: 10,
pageNumberOnIndexed: 1, querySort: extension asc, , tx type: nullBind var[0]:
'Param (class java.lang.String):
'theStemId'->'5ebfc1418f6c4462a1809ccd6e6c7091', Bind var[1]: 'Param (class
java.lang.String): 'SFEB585X0'->'f178321773ae4cb9ad6e445a7f0a39c6', Bind
var[2]: 'Param (class java.lang.String):
'SFEB585X1'->'2c69cdb11e0245adada7b1a67fc5ef0f', Bind var[3]: 'Param (class
java.lang.String): 'SFEB585X2'->'a5570c7a40fc45fd9b455753b71b6055', Bind
var[4]: 'Param (class java.lang.String):
'SFEB585X3'->'e6695307e0e1471faadee94125ddc189', Bind var[5]: 'Param (class
java.lang.String): 'SFEB585X4'->'91e0386bad854a4db633dc7e0e038008', Bind
var[6]: 'Param (class java.lang.String):
'SFEB585X5'->'bb7178a564b8470889ee4f57bab800d1', Bind var[7]: 'Param (class
java.lang.String): 'SFEB585X6'->'aa7ea739ce7847c0a38d09afca000041', Bind
var[8]: 'Param (class java.lang.String):
'SFEB585X7'->'3e9d3b91389740d897153a80dc20fa3d', Bind var[9]: 'Param (class
java.lang.String): 'SFEB585Z0'->'a8ca9b55013f4b848cc07ab034a645d3'Bind
var[10]: 'Param (class java.lang.String):
'SFEB585Z1'->'5c605c2715de4640829cda8e88aab41f',
edu.internet2.middleware.grouper.internal.dao.GrouperDAOException: Problem in
HibernateSession: HibernateSession (8d022af): new, readonly, READONLY_NEW,
notActiveTransaction, session (6ba94dd5),
Exception in list: (class
edu.internet2.middleware.grouper.attr.AttributeDef), ByHqlStatic, query:
'select distinct theAttributeDef from AttributeDef theAttributeDef ,
MembershipEntry __attrDefMembershipSFEB585Y where theAttributeDef.stemId =
:theStemId and __attrDefMembershipSFEB585Y.ownerAttrDefId =
theAttributeDef.id and __attrDefMembershipSFEB585Y.fieldId in (:SFEB585X0,
:SFEB585X1, :SFEB585X2, :SFEB585X3, :SFEB585X4, :SFEB585X5, :SFEB585X6,
:SFEB585X7) and __attrDefMembershipSFEB585Y.memberUuid in (:SFEB585Z0,
:SFEB585Z1) and __attrDefMembershipSFEB585Y.enabledDb = 'T'', cacheable:
false, cacheRegion:
edu.internet2.middleware.grouper.internal.dao.hib3.Hib3AttributeDefDAO.GetAllAttributeDefsSecure,
tx type: null, options: QueryOptions: queryPaging: pageSize: 10,
pageNumberOnIndexed: 1, querySort: extension asc, , tx type: nullBind var[0]:
'Param (class java.lang.String):
'theStemId'->'5ebfc1418f6c4462a1809ccd6e6c7091', Bind var[1]: 'Param (class
java.lang.String): 'SFEB585X0'->'f178321773ae4cb9ad6e445a7f0a39c6', Bind
var[2]: 'Param (class java.lang.String):
'SFEB585X1'->'2c69cdb11e0245adada7b1a67fc5ef0f', Bind var[3]: 'Param (class
java.lang.String): 'SFEB585X2'->'a5570c7a40fc45fd9b455753b71b6055', Bind
var[4]: 'Param (class java.lang.String):
'SFEB585X3'->'e6695307e0e1471faadee94125ddc189', Bind var[5]: 'Param (class
java.lang.String): 'SFEB585X4'->'91e0386bad854a4db633dc7e0e038008', Bind
var[6]: 'Param (class java.lang.String):
'SFEB585X5'->'bb7178a564b8470889ee4f57bab800d1', Bind var[7]: 'Param (class
java.lang.String): 'SFEB585X6'->'aa7ea739ce7847c0a38d09afca000041', Bind
var[8]: 'Param (class java.lang.String):
'SFEB585X7'->'3e9d3b91389740d897153a80dc20fa3d', Bind var[9]: 'Param (class
java.lang.String): 'SFEB585Z0'->'a8ca9b55013f4b848cc07ab034a645d3'Bind
var[10]: 'Param (class java.lang.String):
'SFEB585Z1'->'5c605c2715de4640829cda8e88aab41f',
at
edu.internet2.middleware.grouper.hibernate.HibernateSession._internal_hibernateSessionCatch(HibernateSession.java:542)
at
edu.internet2.middleware.grouper.hibernate.HibernateSession.callbackHibernateSession(HibernateSession.java:664)
at
edu.internet2.middleware.grouper.hibernate.ByHqlStatic.list(ByHqlStatic.java:372)
at
edu.internet2.middleware.grouper.hibernate.ByHqlStatic.listSet(ByHqlStatic.java:421)
at
edu.internet2.middleware.grouper.internal.dao.hib3.Hib3AttributeDefDAO.getAllAttributeDefsSecureHelper(Hib3AttributeDefDAO.java:533)
at
edu.internet2.middleware.grouper.internal.dao.hib3.Hib3AttributeDefDAO.findAllAttributeDefsSecure(Hib3AttributeDefDAO.java:778)
at
edu.internet2.middleware.grouper.attr.finder.AttributeDefFinder.findAttributes(AttributeDefFinder.java:263)
at
edu.internet2.middleware.grouper.grouperUi.serviceLogic.UiV2Main.folderMenu(UiV2Main.java:246)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at
edu.internet2.middleware.grouper.util.GrouperUtil.invokeMethod(GrouperUtil.java:3951)
at
edu.internet2.middleware.grouper.util.GrouperUtil.callMethod(GrouperUtil.java:3902)
at
edu.internet2.middleware.grouper.j2ee.GrouperUiRestServlet.doGet(GrouperUiRestServlet.java:277)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
org.owasp.csrfguard.CsrfGuardFilter.doFilter(CsrfGuardFilter.java:110)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
edu.internet2.middleware.grouper.ui.GrouperUiFilter.doFilter(GrouperUiFilter.java:985)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:563)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:859)
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:602)
at
org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
at java.lang.Thread.run(Thread.java:745)
Caused by: org.hibernate.exception.SQLGrammarException: could not execute
query
at
org.hibernate.exception.SQLStateConverter.convert(SQLStateConverter.java:92)
at
org.hibernate.exception.JDBCExceptionHelper.convert(JDBCExceptionHelper.java:66)
at org.hibernate.loader.Loader.doList(Loader.java:2536)
at org.hibernate.loader.Loader.listIgnoreQueryCache(Loader.java:2276)
at org.hibernate.loader.Loader.list(Loader.java:2271)
at org.hibernate.loader.hql.QueryLoader.list(QueryLoader.java:452)
at
org.hibernate.hql.ast.QueryTranslatorImpl.list(QueryTranslatorImpl.java:363)
at
org.hibernate.engine.query.HQLQueryPlan.performList(HQLQueryPlan.java:196)
at org.hibernate.impl.SessionImpl.list(SessionImpl.java:1268)
at org.hibernate.impl.QueryImpl.list(QueryImpl.java:102)
at
edu.internet2.middleware.grouper.hibernate.ByHql.list(ByHql.java:349)
at
edu.internet2.middleware.grouper.hibernate.ByHqlStatic$2.callback(ByHqlStatic.java:382)
at
edu.internet2.middleware.grouper.hibernate.HibernateSession.callbackHibernateSession(HibernateSession.java:654)
... 34 more
Caused by: org.postgresql.util.PSQLException: ERROR: for SELECT DISTINCT,
ORDER BY expressions must appear in select list
Position: 1623
at
org.postgresql.core.v3.QueryExecutorImpl.receiveErrorResponse(QueryExecutorImpl.java:2161)
at
org.postgresql.core.v3.QueryExecutorImpl.processResults(QueryExecutorImpl.java:1890)
at
org.postgresql.core.v3.QueryExecutorImpl.execute(QueryExecutorImpl.java:255)
at
org.postgresql.jdbc2.AbstractJdbc2Statement.execute(AbstractJdbc2Statement.java:559)
at
org.postgresql.jdbc2.AbstractJdbc2Statement.executeWithFlags(AbstractJdbc2Statement.java:417)
at
org.postgresql.jdbc2.AbstractJdbc2Statement.executeQuery(AbstractJdbc2Statement.java:302)
at
com.mchange.v2.c3p0.impl.NewProxyPreparedStatement.executeQuery(NewProxyPreparedStatement.java:76)
at
org.hibernate.jdbc.AbstractBatcher.getResultSet(AbstractBatcher.java:208)
at org.hibernate.loader.Loader.getResultSet(Loader.java:1953)
at org.hibernate.loader.Loader.doQuery(Loader.java:802)
at
org.hibernate.loader.Loader.doQueryAndInitializeNonLazyCollections(Loader.java:274)
at org.hibernate.loader.Loader.doList(Loader.java:2533)
... 44 more
2015-01-19 16:12:03,763: [http-8600-2] INFO EventLog.info(156) - -
[18d23d73144f40e0920dc47190727755,'GrouperSystem','application'] session:
start (17ms)
2015-01-19 16:12:03,768: [http-8600-2] INFO EventLog.info(156) - -
[d2581ff158d9497dbf1b20b737c9bc68,'GrouperSystem','application'] session:
start (3ms)
2015-01-19 16:12:03,782: [http-8600-2] INFO EventLog.info(156) - -
[6375d191592241eea6aa63a06919bdb5,'mw6','person'] session: start (4ms)
2015-01-19 16:12:03,798: [http-8600-2] ERROR UiV2Main.folderMenu(310) - -
Error searching for folder: 'error', Can't find stem by uuid: 'error'
edu.internet2.middleware.grouper.exception.StemNotFoundException: Can't find
stem by uuid: 'error'
at
edu.internet2.middleware.grouper.internal.dao.hib3.Hib3StemDAO.findByUuid(Hib3StemDAO.java:1778)
at
edu.internet2.middleware.grouper.StemFinder.findByUuid(StemFinder.java:315)
at
edu.internet2.middleware.grouper.StemFinder.findByUuid(StemFinder.java:290)
at
edu.internet2.middleware.grouper.grouperUi.serviceLogic.UiV2Main.folderMenu(UiV2Main.java:233)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at
edu.internet2.middleware.grouper.util.GrouperUtil.invokeMethod(GrouperUtil.java:3951)
at
edu.internet2.middleware.grouper.util.GrouperUtil.callMethod(GrouperUtil.java:3902)
at
edu.internet2.middleware.grouper.j2ee.GrouperUiRestServlet.doGet(GrouperUiRestServlet.java:277)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
org.owasp.csrfguard.CsrfGuardFilter.doFilter(CsrfGuardFilter.java:110)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
edu.internet2.middleware.grouper.ui.GrouperUiFilter.doFilter(GrouperUiFilter.java:985)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:563)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:859)
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:602)
at
org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
at java.lang.Thread.run(Thread.java:745)
- [grouper-users] LDAP auth and the wheel group?, Michael White, 01/19/2015
- Re: [grouper-users] LDAP auth and the wheel group?, Waldbieser, Carl, 01/19/2015
- RE: [grouper-users] LDAP auth and the wheel group?, Michael White, 01/20/2015
- Re: [grouper-users] LDAP auth and the wheel group?, Waldbieser, Carl, 01/20/2015
- RE: [grouper-users] LDAP auth and the wheel group?, Michael White, 01/20/2015
- Re: [grouper-users] LDAP auth and the wheel group?, Peter St. Onge, 01/23/2015
- RE: [grouper-users] LDAP auth and the wheel group?, Michael White, 01/20/2015
- Re: [grouper-users] LDAP auth and the wheel group?, Waldbieser, Carl, 01/20/2015
- RE: [grouper-users] LDAP auth and the wheel group?, Michael White, 01/20/2015
- [grouper-users] RE: LDAP auth and the wheel group?, Chris Hyzer, 01/20/2015
- [grouper-users] RE: LDAP auth and the wheel group?, Michael White, 01/20/2015
- [grouper-users] RE: LDAP auth and the wheel group?, Chris Hyzer, 01/20/2015
- [grouper-users] RE: LDAP auth and the wheel group?, Michael White, 01/21/2015
- [grouper-users] RE: LDAP auth and the wheel group?, Chris Hyzer, 01/20/2015
- [grouper-users] RE: LDAP auth and the wheel group?, Michael White, 01/20/2015
- Re: [grouper-users] LDAP auth and the wheel group?, Waldbieser, Carl, 01/19/2015
Archive powered by MHonArc 2.6.16.