You are here

A try at capturing the Login in Luminis IV

Submitted by vandresv on Thu, 03/15/2012 - 15:32

Forums:

Hello, I found an old post from Bob Walker, here at LDN, where he offers a servlet written to capture the login input, write a cookie, and then give control to the normal login.
I downloaded the code, which is stil available at http://coho.langara.bc.ca/luminis/fixes/, followed the instructions and restarted the server.
I am getting the following error now:
HTTP Status 405 - HTTP method POST is not supported by this URL.

And the folloging log entry in the access_log of Tomcat:
access_log_2012-03-15.txt:192.168.40.152 - - [15/Mar/2012:09:01:00 -0400] POST /cp/home/C
aptureLogin HTTP/1.1 405 1115 ???'???resource in 'portal{usid}c 7352991366064389651

Can somebody give me some pointers on where to look at?

Thank you very much,
Andres

General:

CodeStorm:

Luminis Version:

We're still using that code in production here. Sounds like a problem in your servlet code itself, not the mapping. You have to handle both the POST and GET methods, but one can be forwarded. Here's the code we have that does that:

	/**
	 * Dummy method that forwards to the doGet method
	 */
	public void doPost (HttpServletRequest request, HttpServletResponse response)
		throws ServletException, IOException  {
		doGet(request, response);
	}

Hello Todd, thank you so much for replying. I am glad to hear that it is still in used. I am in Luminis 4.2 so I was afraid that it was too old.
Anyway, I have this on the code: (CaptureLogin.java):
public void doGet (HttpServletRequest request,
HttpServletResponse response) throws ServletException, IOException {
doPost(request, response);
}

public void doPost (HttpServletRequest request,
HttpServletResponse response) throws ServletException, IOException {

if (verbose)
showStuff(request);
...rest of the function doPost here
...
...
rd.forward (request, response) //last statement of function doPost
}

I am just learning this stuff and I might be wrong. But it looks to me like doGet just fowards the call to doPost and doPost does the rest. What you have is the reverse. Right?
Please advise,
thank you very much,
Andres

I found out that there is no problem with the code, the problem is that the CaptureLogin is not been called at all.
If somebody can give me some hints on what to do I'll really appreciate it, I am kind of stranded with this problem at the moment.
Thank you

1. You compiled your CaptureLogin servlet code, and jarred it, and placed it in WEB-INF/lib

2. You added a section to WEB-INF/web.xml to define the servlet:


<servlet>
<servlet-name>CaptureLogin</servlet-name>
<servlet-class>ca.usask.portal.servlets.CaptureLogin</servlet-class>
[...]

3. You added a section to WEB-INF/web.xml to map a URL pattern to the servlet:


<servlet-mapping>
<servlet-name>CaptureLogin</servlet-name>
<url-pattern>/cp/home/CaptureLogin</url-pattern>
</servlet-mapping>

4. You modified your login form so that it was being POSTed to CaptureLogin, not the regular login servlet.

5. You deployed the above changes to all web servers (if on PD)

Thank you very much Todd,
I don't know why following the instrucions from Bob Walker's web site did not work from me, but after many, many, many hours or thinking/reading/trying I got it almost working.
I have no more problems with the servlet. Now I can login to luminis using the CaptureLogin class.
The only problem I am having now has been reduced to the LDAPAuthenticate class. It never succeeds authenticating the user, so the cookie is never written.

I think that the base context I am using is not the wrong one. I am using Jxplorer (ldap browser) to simulate the LDAPauthenticate program and I can't login either, actually it returns exactly the same error:

LDAP error code 32 -- No such object

Any ideas?

Thank you so much,
Andres

PS: I will open a new post. Just to ask about the implementation of the authenticate function inside LDAPAuthenticate class.

If you are using the Luminis ldap, the base dn is o=cp. That is what I use with an ldap browser to login.

Depending on if the code you are using needs the full path to the people directory, it would be ou=People,o=yourdomain.edu,o=cp.

Jason,
Can you connect using a userid other than cn=Directory Manager?

I can't, and that is the way the code is trying to find if the userid/password is valid.
Thank you very much,
Andres

To connect using regular user, UserDN should look like:
uid=34958459845984059,ou=People, o=myserver.domain.edu, o=domain.edu

And BaseDN like: ou=People, o=myserver.domain.edu, o=domain.edu

Thank you Jason and Todd for your comments.

I was trying to authenticate with username and password against Lumins Ldap through Java Ldap api (JNDI).

When i see the ldap browser the uid is kind of numbers but the user is used to login using their usernames which different names like alphabet characters .

How can i authenticate the userid/password against Lumins Ldap ? is there any steps need to to before passing uid to the JNDI.

String userSearchBase = "ou=People,o=xxx.edu,o=xxxx";
Hashtable env = new Hashtable();
String adminName = "demouser";
String adminPassword = "xxxx";
String ldapURL = "ldap://xxx.xxx.xxx.xxx:389";
env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.SECURITY_AUTHENTICATION,"simple");
env.put(Context.SECURITY_PRINCIPAL,"uid="+adminName+","+userSearchBase);
env.put(Context.SECURITY_CREDENTIALS,adminPassword);

//connect to my domain controller
env.put(Context.PROVIDER_URL,ldapURL);
//specify attributes to be returned in binary format

I am getting the below error . Please help to resolve this.

Problem searching directory: javax.naming.AuthenticationException: [LDAP: error code 32 - No Such Object]
javax.naming.AuthenticationException: [LDAP: error code 32 - No Such Object]

Todd,

I'm trying to implement this process based on the code you posted and following the instructions. I have the redirect working but when I try it in Firefox, I get the following error message:
"Although the page is encrypted, the information you have entered is to be sent over an unencrypted connection and could easily be read by a third party."

Also, it works the first time I try the CaptureLogin but not the second time. The cache and cookies must be cleared before the redirect works again.

Any ideas on either of these probelms?

Thanks, Alicia

The websecure.email.xml wasn't quite right.

I'm still getting an access denied error after a few times of loading the page. I'm seeing badprotocol cookie when I get the Access Denied message. No messages in cp.log. Any other log files to check or other ideas?

Alicia

So this is not the "HTTP 405" error mentioned at the very top of this post? If not, then I haven't seen the error that you are seeing now, sorry.