search

bigbosst / pwm

Automatically exported from code.google.com/p/pwm
0 stars 0 forks source link

Login error #88

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. hit the "Change Password" link
2. "Please Log In" come out
3. Try to login, PWM 5015, Unknown error. If this error occurs repeatedly 
please contact your helpdesk. { 5015 ERROR_UNKNOWN }

What is the expected output? What do you see instead?

Change password screen...

What version of PWM are you using?
1.5.5

What ldap directory and version are you using?
Novell eDirectory 8.8 sp3

Please paste any error log messages below:

Wed Jul 13 13:39:52 IDT 2011, DEBUG, password.pwm.PwmSession, unauthenticate 
session from 10.100.1.3 (cn=Ttttaaaa,ou=Active,o=Meta) [10.100.1.3]
Wed Jul 13 13:39:52 IDT 2011, DEBUG, password.pwm.SessionManager, closing user 
ldap connection [10.100.1.3]
Wed Jul 13 13:39:52 IDT 2011, WARN , password.pwm.servlet.TopServlet, 
unexpected exception during page generation: null [10.100.1.3]
Wed Jul 13 13:39:52 IDT 2011, DEBUG, password.pwm.PwmPasswordPolicy, discovered 
assigned password policy for cn=Ttttaaaa,ou=Active,o=Meta at 
cn=test,cn=Password Policies,cn=Security PwmPasswordPolicy: 
{MinimumLowerCase=0, MinimumSpecial=0, MaximumUpperCase=0, MaximumNumeric=0, 
MinimumLifetime=0, MinimumUnique=0, DisallowedAttributes=[], 
UniqueRequired=FALSE, AllowNumeric=TRUE, CaseSensitive=TRUE, ChangeMessage=kuku 
test m, ExpirationInterval=0, MaximumLowerCase=0, AllowSpecial=TRUE, 
MaximumLength=12, AllowFirstCharNumeric=TRUE, MinimumLength=6, 
MaximumSequentialRepeat=0, MinimumNumeric=0, AllowLastCharSpecial=TRUE, 
PolicyEnabled=true, MaximumSpecial=0, MinimumUpperCase=0, 
AllowFirstCharSpecial=TRUE, DisallowedValues=[], AllowLastCharNumeric=TRUE} 
[10.100.1.3]
Wed Jul 13 13:39:52 IDT 2011, DEBUG, password.pwm.PwmPasswordPolicy, merged 
password policy with PWM configured policy: PwmPasswordPolicy: 
{MinimumLowerCase=0, MinimumSpecial=0, MaximumUpperCase=0, MaximumNumeric=0, 
EnableWordlist=false, MinimumLifetime=0, RegExMatch=, MinimumUnique=0, 
MinimumNonAlpha=null, DisallowedAttributes=[], UniqueRequired=false, 
MinimumStrength=null, AllowNumeric=true, CaseSensitive=true, ChangeMessage=kuku 
test m, ExpirationInterval=0, MinimumAlpha=null, MaximumLowerCase=0, 
AllowSpecial=true, ADComplexity=false, MaximumLength=12, MaximumRepeat=null, 
AllowFirstCharNumeric=true, MinimumLength=6, MaximumSequentialRepeat=0, 
AllowLastCharSpecial=true, MinimumNumeric=0, MaximumAlpha=null, 
PolicyEnabled=true, RegExNoMatch=, MaximumNonAlpha=null, MaximumSpecial=0, 
MinimumUpperCase=0, AllowFirstCharSpecial=true, AllowLastCharNumeric=true, 
DisallowedValues=[]} [10.100.1.3]
Wed Jul 13 13:39:52 IDT 2011, TRACE, password.pwm.PwmPasswordPolicy, 
createPwmPasswordPolicy completed in 7ms [10.100.1.3]
Wed Jul 13 13:39:52 IDT 2011, TRACE, password.pwm.SessionManager, opened new 
proxy ldap connection for null (0ms) [10.100.1.3]
Wed Jul 13 13:39:52 IDT 2011, TRACE, password.pwm.util.Helper, creating new 
chai provider using config of ChaiConfiguration: locked=false settings: 
{chai.bind.URLs=ldaps://192.168.2.249:636,, 
chai.bind.dn=cn=admin,ou=Service,o=Meta, chai.bind.password=**stripped**, 
chai.cache.enable=false, chai.cache.maximumSize=128, 
chai.cache.maximumAge=1000, chai.statistics.enable=true, 
chai.watchdog.enable=true, chai.watchdog.operationTimeout=60000, 
chai.watchdog.idleTimeout=60302, chai.connection.watchdog.frequency=60000, 
chai.connection.promiscuousSSL=true, chai.wireDebug.enable=false, 
chai.failover.enable=true, chai.failover.failBackTime=90000, 
chai.failover.connectRetries=4, chai.ldap.dereferenceAliases=never, 
chai.ldap.ldapTimeout=5000, 
chai.provider.implementation=com.novell.ldapchai.provider.JNDIProviderImpl, 
chai.edirectory.enableNMAS=true, 
chai.provider.extendedOperation.failureCache=true, 
chai.provider.readonly=false, chai.vendor.default=}
Wed Jul 13 13:39:52 IDT 2011, INFO , password.pwm.AuthenticationFilter, 
successful plaintext authentication for cn=Ttttaaaa,ou=Active,o=Meta (12ms) 
[10.100.1.3]
Wed Jul 13 13:39:52 IDT 2011, TRACE, password.pwm.UserStatusHelper, username 
match found: cn=Ttttaaaa,ou=Active,o=Meta [10.100.1.3]
Wed Jul 13 13:39:52 IDT 2011, TRACE, password.pwm.AuthenticationFilter, 
beginning testCredentials process [10.100.1.3]
Wed Jul 13 13:39:52 IDT 2011, TRACE, password.pwm.AuthenticationFilter, 
attempting authentication using ldap compare operation [10.100.1.3]
Wed Jul 13 13:39:52 IDT 2011, TRACE, password.pwm.UserStatusHelper, username 
does not appear to be a DN (does not start with configured ldap naming 
attribute'cn') [10.100.1.3]
Wed Jul 13 13:39:52 IDT 2011, TRACE, password.pwm.UserStatusHelper, attempting 
username search for 'ttttaaaa' in context ou=Active,o=Meta [10.100.1.3]
Wed Jul 13 13:39:52 IDT 2011, TRACE, password.pwm.UserStatusHelper, search for 
username: (&(objectClass=person)(cn=ttttaaaa)), searchDN: ou=Active,o=Meta 
[10.100.1.3]
Wed Jul 13 13:39:52 IDT 2011, TRACE, password.pwm.SessionFilter, POST request 
for: /pwm/private/Login 
  password=***removed***
  pwmFormID='vrAodO3uMdFq71P5WvJC2mQJrSGYt9C7d4cc39641312314b146'
  processAction='login'
  username='ttttaaaa' [10.100.1.3]
Wed Jul 13 13:39:52 IDT 2011, TRACE, password.pwm.AuthenticationFilter, 
permitting unauthenticated request of login page [10.100.1.3]
Wed Jul 13 13:39:52 IDT 2011, TRACE, password.pwm.SessionFilter, GET request 
for: /pwm/public/CommandServlet 
  processAction='getHealthCheckData' [10.100.1.3]
Wed Jul 13 13:39:52 IDT 2011, TRACE, password.pwm.servlet.CommandServlet, 
received request for action getHealthCheckData [10.100.1.3]
Wed Jul 13 13:39:46 IDT 2011, TRACE, password.pwm.SessionFilter, GET request 
for: /pwm/private/Login (no params)  [10.100.1.3]
Wed Jul 13 13:39:46 IDT 2011, TRACE, password.pwm.AuthenticationFilter, 
permitting unauthenticated request of login page [10.100.1.3]
Wed Jul 13 13:39:46 IDT 2011, TRACE, password.pwm.SessionFilter, GET request 
for: /pwm/private/ChangePassword (no params)  [10.100.1.3]
Wed Jul 13 13:39:46 IDT 2011, TRACE, password.pwm.AuthenticationFilter, user 
requested resource requiring authentication (/pwm/private/ChangePassword), but 
is not authenticated; redirecting to LoginServlet [10.100.1.3]
Wed Jul 13 13:39:44 IDT 2011, TRACE, password.pwm.SessionFilter, GET request 
for: /pwm/ (no params)  [10.100.1.3]
Wed Jul 13 13:39:44 IDT 2011, TRACE, password.pwm.SessionFilter, session 
validated, redirecting to original request url: http://192.168.2.51/pwm/ 
[10.100.1.3]
Wed Jul 13 13:39:44 IDT 2011, TRACE, password.pwm.SessionFilter, GET request 
for: /pwm/ 
  session_verificiation_key='vrAodO3uMdFq71P5WvJC2mQJrSGYt9C7d4cc39641312314b146' [10.100.1.3]
Wed Jul 13 13:39:44 IDT 2011, TRACE, password.pwm.SessionFilter, GET request 
for: /pwm/ (no params)  [10.100.1.3]
Wed Jul 13 13:39:44 IDT 2011, TRACE, password.pwm.SessionFilter, session has 
not been validated, redirecting with verification key to 
http://192.168.2.51/pwm/?session_verificiation_key=vrAodO3uMdFq71P5WvJC2mQJrSGYt
9C7d4cc39641312314b146 [10.100.1.3]
Wed Jul 13 13:39:43 IDT 2011, TRACE, password.pwm.EventManager, http session 
created
Wed Jul 13 13:39:39 IDT 2011, TRACE, password.pwm.health.HealthMonitor, health 
check process completed
Wed Jul 13 13:39:39 IDT 2011, TRACE, password.pwm.util.Helper, 
externalJudgeMethod 'password.pwm.PwmPasswordJudge' returned a value of 75
Wed Jul 13 13:39:39 IDT 2011, TRACE, password.pwm.util.Helper, creating new 
chai provider using config of ChaiConfiguration: locked=false settings: 
{chai.bind.URLs=ldaps://192.168.2.249:636,, 
chai.bind.dn=cn=admin,ou=Service,o=Meta, chai.bind.password=**stripped**, 
chai.cache.enable=false, chai.cache.maximumSize=128, 
chai.cache.maximumAge=1000, chai.statistics.enable=true, 
chai.watchdog.enable=false, chai.watchdog.operationTimeout=60000, 
chai.watchdog.idleTimeout=30000, chai.connection.watchdog.frequency=5000, 
chai.connection.promiscuousSSL=true, chai.wireDebug.enable=false, 
chai.failover.enable=true, chai.failover.failBackTime=90000, 
chai.failover.connectRetries=4, chai.ldap.dereferenceAliases=never, 
chai.ldap.ldapTimeout=5000, 
chai.provider.implementation=com.novell.ldapchai.provider.JNDIProviderImpl, 
chai.edirectory.enableNMAS=true, 
chai.provider.extendedOperation.failureCache=true, 
chai.provider.readonly=false, chai.vendor.default=}
Wed Jul 13 13:39:39 IDT 2011, TRACE, password.pwm.util.Helper, creating new 
chai provider using config of ChaiConfiguration: locked=false settings: 
{chai.bind.URLs=ldaps://192.168.2.249:636,, 
chai.bind.dn=cn=admin,ou=Service,o=Meta, chai.bind.password=**stripped**, 
chai.cache.enable=false, chai.cache.maximumSize=128, 
chai.cache.maximumAge=1000, chai.statistics.enable=true, 
chai.watchdog.enable=false, chai.watchdog.operationTimeout=60000, 
chai.watchdog.idleTimeout=30000, chai.connection.watchdog.frequency=5000, 
chai.connection.promiscuousSSL=true, chai.wireDebug.enable=false, 
chai.failover.enable=true, chai.failover.failBackTime=90000, 
chai.failover.connectRetries=4, chai.ldap.dereferenceAliases=never, 
chai.ldap.ldapTimeout=5000, 
chai.provider.implementation=com.novell.ldapchai.provider.JNDIProviderImpl, 
chai.edirectory.enableNMAS=true, 
chai.provider.extendedOperation.failureCache=true, 
chai.provider.readonly=false, chai.vendor.default=}
Wed Jul 13 13:39:39 IDT 2011, TRACE, password.pwm.health.HealthMonitor, 
beginning health check process
Wed Jul 13 13:39:39 IDT 2011, TRACE, password.pwm.SessionFilter, GET request 
for: /pwm/public/CommandServlet 
  processAction='getHealthCheckData' [10.100.1.3]
Wed Jul 13 13:39:39 IDT 2011, TRACE, password.pwm.servlet.CommandServlet, 
received request for action getHealthCheckData [10.100.1.3]
Wed Jul 13 13:39:36 IDT 2011, TRACE, password.pwm.util.PwmDBLogger, dredged 
1,000 events to return 1,000 events for query (minimumLevel=TRACE, count=1000) 
in 20ms [10.100.1.3]
Wed Jul 13 13:39:35 IDT 2011, TRACE, password.pwm.SessionFilter, GET request 
for: /pwm/config/ConfigManager 
  processAction='viewLog' [10.100.1.3]
Wed Jul 13 13:39:34 IDT 2011, TRACE, password.pwm.util.PwmDBLogger, dredged 
1,000 events to return 1,000 events for query (minimumLevel=TRACE, count=1000) 
in 281ms [10.100.1.3]
Wed Jul 13 13:39:33 IDT 2011, TRACE, password.pwm.SessionFilter, GET request 
for: /pwm/config/ConfigManager 
  processAction='viewLog' [10.100.1.3]
Wed Jul 13 13:39:26 IDT 2011, TRACE, password.pwm.util.PwmDBLogger, dredged 
1,000 events to return 1,000 events for query (minimumLevel=TRACE, count=1000) 
in 356ms [10.100.1.3]
Wed Jul 13 13:39:26 IDT 2011, TRACE, password.pwm.SessionFilter, GET request 
for: /pwm/config/ConfigManager 
  processAction='viewLog' [10.100.1.3]

Original issue reported on code.google.com by dordorqwerty@gmail.com on 13 Jul 2011 at 10:43

GoogleCodeExporter commented 9 years ago 
Without a stack trace this is pretty tough to troubleshoot.  Is there a stack 
trace in the browser when you get this error?  Or perhaps one of the tomcat 
logs?

Most common cause for this sort of error is corrupt/outdated jsp cache in 
tomcat/work.  Delete tomcat/work/* and restart tomcat.

Original comment by jrivard on 13 Jul 2011 at 2:04

GoogleCodeExporter commented 9 years ago 
Thanks for replay!
I tried to remove tomcat\work directory and restart the tomcat- same problem.
What do you mean "stack trace"?  what tomcat log do you need (I am using 
windows 2008 server)?

Original comment by dordorqwerty@gmail.com on 13 Jul 2011 at 2:35

GoogleCodeExporter commented 9 years ago 
A stack trace is a list of debug data that helps to understand the error...

What do you see in the browser when you get this error, can you post a 
screenshot?

Original comment by jrivard on 13 Jul 2011 at 9:19

GoogleCodeExporter commented 9 years ago 
Attached.
Another point – even when I try to login as admin (by clicking on "Admin" 
link) I can see the same error.

Original comment by dordorqwerty@gmail.com on 14 Jul 2011 at 4:02

Attachments:

GoogleCodeExporter commented 9 years ago 
I try to simplify the configuration and focus with the admin login (just login 
process!).
1.  I checked the LDAP admin user & password with Novell Access Manager, just to 
be sure I can login to the eDirectory- work fine.
2.  Inside PMW Configuration Editor- Modules – I changed all modules to 
"False".
3.  Delete the tomcat\work\* directory and restart the service.
4.  Try to login to "Admin" – same error (Unknown error. If this error occurs 
repeatedly please contact your helpdesk. { 5015 ERROR_UNKNOWN })

I think I miss something with the configuration (configuration attached)…

Original comment by dordorqwerty@gmail.com on 14 Jul 2011 at 4:37

Attachments:

GoogleCodeExporter commented 9 years ago 
I removed everything and go back to  PWM release 1.5.3 (b1017)- I can login 
successfully and even change the password.
Then, again, removed everything and use the 1.5.4 version, same configuration, 
same eDirectory, same LDAP Proxy user, same rights – I can't login! I can 
upgrade to 1.5.5 version but I guess it's gone a be the same…
The reason I need the 1.5.4 or 1.5.5 version is the option to use SMS token 
with no challenge/response Q.
Is that help?

Doron.

Original comment by dordorqwerty@gmail.com on 14 Jul 2011 at 7:21

GoogleCodeExporter commented 9 years ago 
What locale is your  and OS set to?

Original comment by jrivard on 14 Jul 2011 at 7:26

GoogleCodeExporter commented 9 years ago 
Windows Server 2008 R2 Enterprise (64 bit)
Server Local - US
Internet Explorer Workstation Language- Hebrew

...and that’s the problem! When I change the IE language order (workstation 
side) to English first – its work!
When I go back to "Hebrew" first – I can see the error and I can't login 
(Screen shoot attached).

In production mode I can't control the language order at the users side. What 
can I do?

Original comment by dordorqwerty@gmail.com on 14 Jul 2011 at 8:08

Attachments:

GoogleCodeExporter commented 9 years ago 
Great, glad we found the problem!

It's a bug, see issue 83.  It's mostly fixed.  If you pull from SVN you should 
see better behavior.  If your not familiar with how to do this I'll post an 
interim build in the next few days when its sorted out.

PS, PWM isn't localized for Hebrew, but it sure would be great if someone 
contributed a Hebrew localization :)

Original comment by jrivard on 14 Jul 2011 at 9:00

GoogleCodeExporter commented 9 years ago 
We are going to translate to Hebrew. I will let you know when all done and 
upload the translated files.
PS- Hebrew are Right to Left language. I will need to add  <html dir="rtl">  to 
move all page to the right. I will try…
Do you know what RTL language already supported so i can use as a template?

Original comment by dordorqwerty@gmail.com on 14 Jul 2011 at 9:22

GoogleCodeExporter commented 9 years ago 
At current time, no RTL languages have been localized in PWM.  Take a look at 
issue 86 to see what was done for Turkish localization.

Please open a new issue when you have localized files done.  I'll take care of 
the RTL issue.

Original comment by jrivard on 14 Jul 2011 at 6:37