search

jtrobinson / Seneca-BBB-LDAP-work

A backup of the work we're doing on bringing LDAP authentication to the Seneca implementation of BigBlueButton
http://justintrobinson.wordpress.com/
3 stars 4 forks source link

Error accessing login.jsp #4

Open sjohansg opened 11 years ago

sjohansg commented 11 years ago

Hi guys, I receive the following error when I try to access the login.jsp page. Any ideas?

type Exception report

message

description The server encountered an internal error () that prevented it from fulfilling this request.

exception

org.apache.jasper.JasperException: java.lang.NullPointerException org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:491) org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:419) org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:313) org.apache.jasper.servlet.JspServlet.service(JspServlet.java:260) javax.servlet.http.HttpServlet.service(HttpServlet.java:717)

root cause

java.lang.NullPointerException ldap.LDAPAuthenticate.(LDAPAuthenticate.java:119) org.apache.jsp.login_jsp._jspService(login_jsp.java:72) org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70) javax.servlet.http.HttpServlet.service(HttpServlet.java:717) org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:377) org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:313) org.apache.jasper.servlet.JspServlet.service(JspServlet.java:260) javax.servlet.http.HttpServlet.service(HttpServlet.java:717)

capilkey commented 11 years ago

Line 119, https://github.com/jtrobinson/Seneca-BBB-LDAP-work/blob/master/auth/src/ldap/LDAPAuthenticate.java#L119, refers to the blacklist in config.xml. You need to have at least a set of empty blacklist tags in your config.xml. The if condition should really check for null first, but it doesn't right now.

capilkey commented 11 years ago

Also the blacklist tags need to be exactly where they are in the blank-config.xml

https://github.com/jtrobinson/Seneca-BBB-LDAP-work/blob/master/auth/WebContent/WEB-INF/classes/blank-config.xml#L42

sjohansg commented 11 years ago

Thanks for the quick reply I really appreciate your assistance. Now I receive the following error. Any ideas?

java.util.Hashtable.put(Hashtable.java:411)

capilkey commented 11 years ago

That line isn't helpful, could you post the full error message.

sjohansg commented 11 years ago

Woops sorry about that. java.lang.NullPointerException java.util.Hashtable.put(Hashtable.java:411) ldap.LDAPAuthenticate.(LDAPAuthenticate.java:181) org.apache.jsp.login_jsp._jspService(login_jsp.java:72) org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70) javax.servlet.http.HttpServlet.service(HttpServlet.java:717) org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:377) org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:313) org.apache.jasper.servlet.JspServlet.service(JspServlet.java:260) javax.servlet.http.HttpServlet.service(HttpServlet.java:717)

capilkey commented 11 years ago

This error is caused by config.xml as well. The webapp needs a valid LDAP server to authenticate users. The line here, https://github.com/jtrobinson/Seneca-BBB-LDAP-work/blob/master/auth/WebContent/WEB-INF/classes/blank-config.xml#L12, is probably missing in your config.xml.

sjohansg commented 11 years ago

I am pretty sure the ldap server info is correct but I wonder if I am missing something. If attempting to connect via SSL do need to use the tags? Also binding via a user is possible? On another note can I use this tool connect to AD?

capilkey commented 11 years ago

The NullPointerException is being thrown because LDAPAuthenticate isn't finding a value in the url node of config.xml. LDAPAuthenticate needs that url to know what server to send requests to so you will need it set no matter what.

The initial search, https://github.com/jtrobinson/Seneca-BBB-LDAP-work/blob/master/auth/src/ldap/LDAPAuthenticate.java#L195, takes a username and password and then makes an unauthenticated search against the LDAP server for the desired user. If the user is found it gets the organizational unit that they belong to and performs an authenticated search with their username and password being used as credentials.

We have to do two searches because of the way our LDAP server was set up. This method might not work for your server though if you don't allow unauthenticated searches so it might require modification to work with your server.

As for the question of compatibility with AD, I'm not really sure if it will work as I don't have an AD server to test against.

sjohansg commented 11 years ago

Thanks for all your help. Yup, we cant do unauthenticated searches. :(

capilkey commented 11 years ago

The workflow for the search could always be changed. It would require some programming changes, but it wouldn't be too difficult. The main things that would need to be changed are the security principal, https://github.com/jtrobinson/Seneca-BBB-LDAP-work/blob/master/auth/src/ldap/LDAPAuthenticate.java#L251, and the format of the search string here, https://github.com/jtrobinson/Seneca-BBB-LDAP-work/blob/master/auth/src/ldap/LDAPAuthenticate.java#L256.