Skip to Content.
Sympa Menu

shibboleth-dev - Re: [Shib-Dev] IdP 2.2.0 Snapshot Release

Subject: Shibboleth Developers

List archive

Re: [Shib-Dev] IdP 2.2.0 Snapshot Release


Chronological Thread 
  • From: Jim Fox <>
  • To: "" <>
  • Subject: Re: [Shib-Dev] IdP 2.2.0 Snapshot Release
  • Date: Tue, 23 Feb 2010 13:45:55 -0800 (PST)



the ldap config and log portions are attached.

Possibly the problem is that in version 3 the property name for external anth is "edu.vt.middleware.ldap.authtype" and not "java.naming.security.authentication"


Jim
This is the connector config;


<resolver:DataConnector id="personreg" xsi:type="LDAPDirectory"
xmlns="urn:mace:shibboleth:2.0:resolver:dc"
ldapURL="ldap://seneca02.u.washington.edu:389";
baseDN="dc=washington,dc=edu"
principal="cn=urizen3.cac.washington.edu"
poolInitialSize="2"
poolMaxIdleSize="5"
cacheResults="true"
useStartTLS="true">
<FilterTemplate>
<![CDATA[
(uwNetID=$requestContext.principalName)
]]>
</FilterTemplate>

<LDAPProperty name="java.naming.security.authentication"
value="EXTERNAL" />

<dc:StartTLSTrustCredential xsi:type="X509Filesystem"
xmlns="urn:mace:shibboleth:2.0:security" id="UWCACredential">
<Certificate>/usr/local/idp/credentials/uwca.crt</Certificate>
</dc:StartTLSTrustCredential>
<dc:StartTLSAuthenticationCredential xsi:type="X509Filesystem"
xmlns="urn:mace:shibboleth:2.0:security" id="Urizen3Credential">
<PrivateKey>/usr/local/idp/credentials/urizen3.ck</PrivateKey>
<Certificate>/usr/local/idp/credentials/urizen3.ck</Certificate>
</dc:StartTLSAuthenticationCredential>
</resolver:DataConnector>



And the logs


12:40:19.787 INFO
[edu.internet2.middleware.shibboleth.common.config.attribute.resolver.AbstractResolutionPlugInBeanDefinitionParser:54]
- Parsing configuration for DataConnector plugin with ID: personreg
12:40:19.787 DEBUG
[edu.internet2.middleware.shibboleth.common.config.attribute.resolver.AbstractResolutionPlugInBeanDefinitionParser:60]
- Setting the following attribute definition dependencies for plugin
personreg: null
12:40:19.788 DEBUG
[edu.internet2.middleware.shibboleth.common.config.attribute.resolver.dataConnector.LdapDataConnectorBeanDefinitionParser:96]
- Data connector personreg LDAP URL: ldap://seneca02.u.washington.edu:389
12:40:19.788 DEBUG
[edu.internet2.middleware.shibboleth.common.config.attribute.resolver.dataConnector.LdapDataConnectorBeanDefinitionParser:101]
- Data connector personreg base DN: dc=washington,dc=edu
12:40:19.790 DEBUG
[edu.internet2.middleware.shibboleth.common.config.attribute.resolver.dataConnector.LdapDataConnectorBeanDefinitionParser:109]
- Data connector personreg authentication type: SIMPLE
12:40:19.790 DEBUG
[edu.internet2.middleware.shibboleth.common.config.attribute.resolver.dataConnector.LdapDataConnectorBeanDefinitionParser:113]
- Data connector personreg principal: cn=urizen3.cac.washington.edu
12:40:19.790 DEBUG
[edu.internet2.middleware.shibboleth.common.config.attribute.resolver.dataConnector.LdapDataConnectorBeanDefinitionParser:125]
- Data connector personreg LDAP filter template:
(uwNetID=$requestContext.principalName)
12:40:19.793 DEBUG
[edu.internet2.middleware.shibboleth.common.config.attribute.resolver.dataConnector.LdapDataConnectorBeanDefinitionParser:132]
- Data connector personreg search scope: SUBTREE
12:40:19.827 INFO
[edu.internet2.middleware.shibboleth.common.config.security.AbstractX509CredentialBeanDefinitionParser:62]
- Parsing configuration for X509Filesystem credential with id: UWCACredential
12:40:19.828 DEBUG
[edu.internet2.middleware.shibboleth.common.config.security.AbstractCredentialBeanDefinitionParser:90]
- Parsing credential key names
12:40:19.829 DEBUG
[edu.internet2.middleware.shibboleth.common.config.security.AbstractX509CredentialBeanDefinitionParser:88]
- Parsing x509 credential certificates
12:40:20.492 DEBUG
[edu.internet2.middleware.shibboleth.common.config.attribute.resolver.dataConnector.LdapDataConnectorBeanDefinitionParser:159]
- Data connector personreg using provided SSL/TLS trust material
12:40:20.493 INFO
[edu.internet2.middleware.shibboleth.common.config.security.AbstractX509CredentialBeanDefinitionParser:62]
- Parsing configuration for X509Filesystem credential with id:
Urizen3Credential
12:40:20.494 DEBUG
[edu.internet2.middleware.shibboleth.common.config.security.AbstractCredentialBeanDefinitionParser:90]
- Parsing credential key names
12:40:20.494 DEBUG
[edu.internet2.middleware.shibboleth.common.config.security.AbstractCredentialBeanDefinitionParser:120]
- Parsing credential private key
12:40:20.508 DEBUG
[edu.internet2.middleware.shibboleth.common.config.security.AbstractX509CredentialBeanDefinitionParser:88]
- Parsing x509 credential certificates
12:40:20.513 DEBUG
[edu.internet2.middleware.shibboleth.common.config.attribute.resolver.dataConnector.LdapDataConnectorBeanDefinitionParser:166]
- Data connector personreg using provided SSL/TLS client authentication
material
12:40:20.514 DEBUG
[edu.internet2.middleware.shibboleth.common.config.attribute.resolver.dataConnector.LdapDataConnectorBeanDefinitionParser:174]
- Data connector personreg use startTLS: true
12:40:20.514 DEBUG
[edu.internet2.middleware.shibboleth.common.config.attribute.resolver.dataConnector.LdapDataConnectorBeanDefinitionParser:196]
- Data connector personreg search timeout: 3000ms
12:40:20.515 DEBUG
[edu.internet2.middleware.shibboleth.common.config.attribute.resolver.dataConnector.LdapDataConnectorBeanDefinitionParser:203]
- Data connector personreg max search result size: 1
12:40:20.515 DEBUG
[edu.internet2.middleware.shibboleth.common.config.attribute.resolver.dataConnector.LdapDataConnectorBeanDefinitionParser:210]
- Data connector personreg merge results: false
12:40:20.515 DEBUG
[edu.internet2.middleware.shibboleth.common.config.attribute.resolver.dataConnector.LdapDataConnectorBeanDefinitionParser:218]
- Data connector personreg no results is error: false
12:40:20.516 DEBUG
[edu.internet2.middleware.shibboleth.common.config.attribute.resolver.dataConnector.LdapDataConnectorBeanDefinitionParser:73]
- Data connector personreg LDAP properties:
{java.naming.security.authentication=EXTERNAL}
12:40:20.516 DEBUG
[edu.internet2.middleware.shibboleth.common.config.attribute.resolver.dataConnector.LdapDataConnectorBeanDefinitionParser:238]
- Data connector false is pooling connections: {}
12:40:20.519 WARN
[edu.internet2.middleware.shibboleth.common.config.attribute.resolver.dataConnector.LdapDataConnectorBeanDefinitionParser:354]
- Data connection personreg: use of 'cacheResults' attribute is deprecated.
Use <ResultCache> instead.
12:40:20.519 DEBUG
[edu.internet2.middleware.shibboleth.common.config.attribute.resolver.dataConnector.LdapDataConnectorBeanDefinitionParser:360]
- Data connector personreg is caching results: true
12:40:20.520 DEBUG
[edu.internet2.middleware.shibboleth.common.config.attribute.resolver.dataConnector.LdapDataConnectorBeanDefinitionParser:364]
- Data connector personreg cache element time to live: 14400000ms
12:40:20.520 DEBUG
[edu.internet2.middleware.shibboleth.common.config.attribute.resolver.dataConnector.LdapDataConnectorBeanDefinitionParser:367]
- Data connector personreg maximum number of caches elements: 500



and later

12:40:28.103 DEBUG
[edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:490]
- Loading 4 principal connectors
12:40:28.166 ERROR [edu.vt.middleware.ldap.pool.DefaultLdapFactory:109] -
unabled to connect to the ldap
javax.naming.AuthenticationNotSupportedException: [LDAP: error code 7 -
SASL(-4): no mechanism available: ]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:2996)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2951)
12:40:28.176 ERROR
[edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.LdapDataConnector:274]
- Could not retrieve Ldap object from pool
java.lang.NullPointerException: null
at
edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.LdapDataConnector.validate(LdapDataConnector.java:266)
at
edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver.validate(ShibbolethAttributeResolver.java:145)
12:40:28.177 ERROR
[edu.internet2.middleware.shibboleth.common.config.BaseService:187] -
Configuration was not loaded for shibboleth.AttributeResolver service, error
creating components. The root cause of this error was:
edu.internet2.middleware.shibboleth.common.attribute.resolver.AttributeResolutionException:
An error occurred when attempting to retrieve a LDAP connection from the pool
12:42:30.063 DEBUG [org.opensaml.util.resource.ResourceChangeWatcher:121] -
Watching resource: /usr/local/idp/conf/logging.xml, polling frequency:
600000ms, max retry attempts: 5







Archive powered by MHonArc 2.6.16.

Top of Page