Foren

  1. Startseite
  2. Portal
  3. Issues setting up NTLM with LDAP servers that run over a load balancer

Issues setting up NTLM with LDAP servers that run over a load balancer

John McElroy, geändert vor 11 Jahren.

Issues setting up NTLM with LDAP servers that run over a load balancer

New Member Beiträge: 5 Beitrittsdatum: 11.07.11 Neueste Beiträge
So I know I have another thread open about using a cookie but I kind of abandoned since I have been exploring the built in auto login capabilities more.

Firstly, I am working with a Liferay 5.2.3 that is deployed on a Windows server, over a default intranet domain for my company. And we have it synced with our companies LDAP. However, the LDAP server is on a different domain, the alias first points to a probable load balance appliance since I have pinged this host address several time and get two different ips throughout the day. I am trying to implement NTLM auto login since our ldap is setup to authenticate using userid and password. But I am not making any head way

Here are my current file configurations:
portal-ext.properties

counter.connection.heartbeat.job.interval=1

# fix close.png 
theme.images.fast.load=false


# Set the default layout for a new users private page
default.user.private.layouts.lar=${liferay.home}/default_page_layout.lar

# default theme
default.regular.theme.id=viper_WAR_vipertheme
theme.sync.on.group=false
# Disable forcing new LDAP accounts to agree to the generic terms of service
terms.of.use.required=false

# Forces a redirect to the user's private page upon login if it exists.
auth.forward.by.last.path=false
# remove password reminder
users.reminder.queries.enabled=false
users.reminder.queries.custom.question.enabled=false

# force ldap password sync
auth.pipeline.pre=com.liferay.portal.security.auth.LDAPAuth
auth.pipeline.enable.liferay.check=false

#ldap properties
ldap.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.base.provider.url=ldap://intldap.nationwidedir.net:389
ldap.base.dn=dc=nationwidedir,dc=net
ldap.security.principal=out=int,ou=people
ldap.auth.enabled=true
ldap.auth.required=true
ldap.auth.method=bind
ldap.auth.search.filter=(uid=@screen_name@)

#ldap.import.enabled=true
#ldap.import.on.startup=true
#ldap.import.interval=10


#auto login attempt properties
#auto.login.hooks=com.liferay.portal.security.auth.RememberMeAutoLogin
auto.login.hooks=com.liferay.portal.security.auth.NtlmAutoLogin
ntlm.auth.enabled=true
#alias to the ldap load balancer
ntlm.auth.domain.controller=intldap.nationwidedir.net
##domain of the liferay server host
#nltm.auth.domain=nwie.net
##domain of the ldap server
ntlm.auth.domain=nationwidedir.net

#company security options for auto login
company.security.auth.type=userId
company.security.auto.login=true
company.security.auto.login.max.age=31536000

#### The below lines send the user to the main page when they login instead of their private homes
auth.forward.by.last.path=true
default.landing.page.path=/user/
##default.landing.page.path=/group/myjbhunt/
login.events.post=com.liferay.portal.events.LoginPostAction,com.liferay.portal.events.DefaultLandingPageAction
## End redirect


web.xml (just the filer implementation)


  <!-- ==================== Auto Login Filter Mappings ====================== -->
  <!--
  <filter>
	<filter-name>Auto Login Filter</filter-name>
	<filter-class>com.liferay.portal.servlet.filters.autologin.AutoLoginFilter</filter-class>
  </filter>
  <filter-mapping>
	<filter-name>Auto Login Filter</filter-name>
	<url-pattern>/*</url-pattern>
  </filter-mapping>
  -->
  <filter>
            <filter-name>SSO Ntlm Filter</filter-name>
            <filter-class>com.custom.portal.servlet.filters.sso.ntlm.CustomNtlmFilter</filter-class>
    </filter>
    <filter-mapping>
            <filter-name>SSO Ntlm Filter</filter-name>
            <url-pattern>/*</url-pattern>
    </filter-mapping>


And when i i start up my server either through Eclipse EE or command line i see this:


Jul 12, 2012 11:59:01 AM org.apache.catalina.core.AprLifecycleListener init
INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: C:\liferay-portal-5.2.3\tomcat-6.0.18\jre1.5.0_17\win\bin;.;C:\WINXP\system32;C:\WINXP;C:/Program Files/Java/jdk1.6.0_31/bin/../jre/bin/client;C:/Program Files/Java/jdk1.6.0_31/bin/../jre/bin;C:/Program Files/Java/jdk1.6.0_31/bin/../jre/lib/i386;C:\Program Files\Java\jdk1.6.0_31\bin;C:\WINXP\system32;C:\WINXP;C:\WINXP\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files\Common Files\Lenovo;C:\Program Files\ThinkPad\ConnectUtilities;C:\Program Files\Windows Imaging\;C:\apache-ant-1.7.1\bin;C:\atlassian-plugin-sdk-3.1.3\bin;C:\WINXP\system32\WindowsPowerShell\v1.0;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;C:\Program Files\TortoiseSVN\bin;C:\WINXP\system32\WindowsPowerShell\v1.0;C:\Program Files\Lotus\Notes;C:\apache-ant-1.7.1\bin;C:\Program Files\Java\jdk1.6.0_31\bin ;C:\SpringSource\Tools\eclipse;
Jul 12, 2012 11:59:01 AM org.apache.coyote.http11.Http11Protocol init
INFO: Initializing Coyote HTTP/1.1 on http-80
Jul 12, 2012 11:59:01 AM org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 618 ms
Jul 12, 2012 11:59:01 AM org.apache.catalina.core.StandardService start
INFO: Starting service Catalina
Jul 12, 2012 11:59:01 AM org.apache.catalina.core.StandardEngine start
INFO: Starting Servlet Engine: Apache Tomcat/6.0.18
Loading jar:file:/C:/liferay-portal-5.2.3/tomcat-6.0.18/webapps/ROOT/WEB-INF/lib/portal-impl.jar!/system.properties
Loading jar:file:/C:/liferay-portal-5.2.3/tomcat-6.0.18/webapps/ROOT/WEB-INF/lib/portal-impl.jar!/portal.properties
Loading file:/C:/liferay-portal-5.2.3/tomcat-6.0.18/webapps/ROOT/WEB-INF/classes/portal-ext.properties
Loading file:/C:/liferay-portal-5.2.3/portal-ext.properties
11:59:09,293 INFO  [DialectDetector:64] Determining dialect for Microsoft SQL Server 9
11:59:09,371 INFO  [DialectDetector:97] Using dialect org.hibernate.dialect.SQLServerDialect
Loading jar:file:/C:/liferay-portal-5.2.3/tomcat-6.0.18/webapps/ROOT/WEB-INF/lib/portal-impl.jar!/captcha.properties
11:59:11,946 INFO  [PortalImpl:252] Portal lib directory /C:/liferay-portal-5.2.3/tomcat-6.0.18/webapps/ROOT/WEB-INF/lib/
11:59:21,139 INFO  [ServerDetector:104] Detected server tomcat
Starting Liferay Portal Standard Edition 5.2.3 (Augustine / Build 5203 / May 20, 2009)
11:59:22,871 INFO  [DBUtil:501] Database does not support case sensitive queries
11:59:28,942 INFO  [HotDeployUtil:64] Initializing hot deploy manager 12501850
11:59:29,333 INFO  [AutoDeployDir:108] Auto deploy scanner started for C:\liferay-portal-5.2.3\deploy
11:59:30,175 INFO  [LayoutTemplateHotDeployListener:90] Registering layout templates for 2-columns-iv-layouttpl
11:59:30,940 INFO  [LayoutTemplateHotDeployListener:102] 1 layout template for 2-columns-iv-layouttpl is available for use
Jul 12, 2012 11:59:30 AM org.apache.catalina.core.StandardContext start
SEVERE: Error filterStart
Jul 12, 2012 11:59:30 AM org.apache.catalina.core.StandardContext start
SEVERE: Context [/2-columns-iv-layouttpl] startup failed due to previous errors
11:59:30,956 INFO  [LayoutTemplateHotDeployListener:131] Unregistering layout templates for 2-columns-iv-layouttpl
11:59:30,956 INFO  [LayoutTemplateHotDeployListener:155] 1 layout template for 2-columns-iv-layouttpl was unregistered
11:59:32,282 INFO  [PortletHotDeployListener:227] Registering portlets for athenaapps-portlet
11:59:32,485 INFO  [PortletHotDeployListener:346] 1 portlet for athenaapps-portlet is available for use
Jul 12, 2012 11:59:32 AM org.apache.catalina.core.StandardContext start
SEVERE: Error filterStart
Jul 12, 2012 11:59:32 AM org.apache.catalina.core.StandardContext start
SEVERE: Context [/athenaapps-portlet] startup failed due to previous errors
11:59:32,516 INFO  [PortletHotDeployListener:381] Unregistering portlets for athenaapps-portlet
11:59:32,516 INFO  [PortletHotDeployListener:412] 1 portlet for athenaapps-portlet was unregistered
11:59:33,905 INFO  [PortletHotDeployListener:227] Registering portlets for auditwizard-portlet
11:59:34,015 INFO  [PortletHotDeployListener:346] 1 portlet for auditwizard-portlet is available for use
Jul 12, 2012 11:59:34 AM org.apache.catalina.core.StandardContext start
SEVERE: Error filterStart
Jul 12, 2012 11:59:34 AM org.apache.catalina.core.StandardContext start
SEVERE: Context [/auditwizard-portlet] startup failed due to previous errors
11:59:34,046 INFO  [PortletHotDeployListener:381] Unregistering portlets for auditwizard-portlet
11:59:34,046 INFO  [PortletHotDeployListener:412] 1 portlet for auditwizard-portlet was unregistered
11:59:36,278 INFO  [PortletHotDeployListener:227] Registering portlets for configmenu-portlet
11:59:36,387 INFO  [PortletHotDeployListener:346] 1 portlet for configmenu-portlet is available for use
Jul 12, 2012 11:59:36 AM org.apache.catalina.core.StandardContext start
SEVERE: Error filterStart
Jul 12, 2012 11:59:36 AM org.apache.catalina.core.StandardContext start
SEVERE: Context [/configmenu-portlet] startup failed due to previous errors
11:59:36,402 INFO  [PortletHotDeployListener:381] Unregistering portlets for configmenu-portlet
11:59:36,402 INFO  [PortletHotDeployListener:412] 1 portlet for configmenu-portlet was unregistered
11:59:38,244 INFO  [PortletHotDeployListener:227] Registering portlets for globaladmin-portlet
11:59:38,322 INFO  [PortletHotDeployListener:346] 1 portlet for globaladmin-portlet is available for use
Jul 12, 2012 11:59:38 AM org.apache.catalina.core.StandardContext start
SEVERE: Error filterStart
Jul 12, 2012 11:59:38 AM org.apache.catalina.core.StandardContext start
SEVERE: Context [/globaladmin-portlet] startup failed due to previous errors
11:59:38,509 INFO  [PortletHotDeployListener:381] Unregistering portlets for globaladmin-portlet
11:59:38,509 INFO  [PortletHotDeployListener:412] 1 portlet for globaladmin-portlet was unregistered
11:59:39,383 INFO  [HookHotDeployListener:184] Registering hook for nationwideESM-5.2.3.1
11:59:39,867 INFO  [HookHotDeployListener:379] Hook for nationwideESM-5.2.3.1 is available for use
11:59:39,867 INFO  [PortletHotDeployListener:227] Registering portlets for nationwideESM-5.2.3.1
11:59:39,945 INFO  [PortletHotDeployListener:346] 1 portlet for nationwideESM-5.2.3.1 is available for use
Jul 12, 2012 11:59:39 AM org.apache.catalina.core.StandardContext start
SEVERE: Error filterStart
Jul 12, 2012 11:59:39 AM org.apache.catalina.core.StandardContext start
SEVERE: Context [/nationwideESM-5.2.3.1] startup failed due to previous errors
11:59:40,226 INFO  [HookHotDeployListener:442] Hook for nationwideESM-5.2.3.1 was unregistered
11:59:40,226 INFO  [PortletHotDeployListener:381] Unregistering portlets for nationwideESM-5.2.3.1
11:59:40,242 INFO  [PortletHotDeployListener:412] 1 portlet for nationwideESM-5.2.3.1 was unregistered
Jul 12, 2012 11:59:40 AM org.apache.catalina.core.StandardContext start
SEVERE: Error filterStart
Jul 12, 2012 11:59:40 AM org.apache.catalina.core.StandardContext start
SEVERE: Context [/New Folder] startup failed due to previous errors
11:59:41,303 INFO  [PortletHotDeployListener:227] Registering portlets for viper-portlet
11:59:41,397 INFO  [PortletHotDeployListener:346] 1 portlet for viper-portlet is available for use
Jul 12, 2012 11:59:41 AM org.apache.catalina.core.StandardContext start
SEVERE: Error filterStart
Jul 12, 2012 11:59:41 AM org.apache.catalina.core.StandardContext start
SEVERE: Context [/viper-portlet] startup failed due to previous errors
11:59:41,428 INFO  [PortletHotDeployListener:381] Unregistering portlets for viper-portlet
11:59:41,428 INFO  [PortletHotDeployListener:412] 1 portlet for viper-portlet was unregistered
11:59:42,068 INFO  [ThemeHotDeployListener:90] Registering themes for viper-theme


I have looked at several threads:

http://www.liferay.com/community/forums/-/message_boards/message/4403401

http://www.liferay.com/web/guest/community/forums/-/message_boards/message/1647224

http://www.liferay.com/community/wiki/-/wiki/Main/NTLM+SSO

and others but nothing has really helped. Can anyone offer any advice, please?
Linus Sphinx, geändert vor 11 Jahren.

RE: Issues setting up NTLM with LDAP servers that run over a load balancer

Junior Member Beiträge: 99 Beitrittsdatum: 12.08.10 Neueste Beiträge
Stupid question I have to ask, have you established trust between those domains?
John McElroy, geändert vor 11 Jahren.

RE: Issues setting up NTLM with LDAP servers that run over a load balancer

New Member Beiträge: 5 Beitrittsdatum: 11.07.11 Neueste Beiträge
no the two domains are kept apart with no real over lap. Hell I would settle for just getting the Remember me feature to work at this point I think I have it all in my code above it is just commented out. and when i get start it up I get the same errors in the log message. I run the server through Eclipse EE Indigo or through MyEclipse 8.6, but i also ran through the command line and it still appear i think I said most of that last above already. sorry turning into a broken record.

Does anyone have any advice on what I could do?
Linus Sphinx, geändert vor 11 Jahren.

RE: Issues setting up NTLM with LDAP servers that run over a load balancer

Junior Member Beiträge: 99 Beitrittsdatum: 12.08.10 Neueste Beiträge
Doubt you can get there from here, window single sign on depends on agreement between the web server, Active Directory and the domain controller. Pretty sure to join one domain and single sign on to another there must be trust relationship.

http://msdn.microsoft.com/en-us/library/aa745042%28v=bts.10%29
http://technet.microsoft.com/en-us/library/cc961481.aspx