AppWorx, Dollar Universe and Sysload Community

Expand all | Collapse all

Appworx and OpenLDAP

Jump to Best Answer
  • 1.  Appworx and OpenLDAP

    Posted 08-03-2020 06:46 PM
    Just inquiring to see if anyone has successfully setup Appworx to use OpenLDAP.  Any details would be greatly appreciated.....  Thanks!!


  • 2.  RE: Appworx and OpenLDAP

    Posted 08-04-2020 09:20 AM
    Hi David, 

    That is a good question since I have heard talk about possibly looking into that in my environment., Right now it is individual passwords. 
    The one thing I was wondering about is your release of Applications Manager we are V9.3.1. We used to use the term Appworx for a long time before it got rolled into different companies, AM, then now Automation Engine. 

    I know other products I worked on the users had to match the LDAP id for the user to make it work. We had to for other products get that fixd up first.  Then usually it involves introducing a SSO type module, and even changing the password/user type in the application. 

    Good question, I look forward to the replies. 

    Thank you, 

    Rich 











  • 3.  RE: Appworx and OpenLDAP

    Posted 08-04-2020 10:15 AM
    We are currently on 9.2.2 with a goal of upgrading to 9.3.1 by the end of the year....


  • 4.  RE: Appworx and OpenLDAP

    Posted 08-12-2020 10:53 AM
    David,

    We were able to set up LDAP using the GSSAPI option.   We followed the directions in the manual.  The only issue we ran into was the common error most get

    javax.security.auth.login.LoginException: No LoginModules configured for com.appworx.server.ldap.LDAPAppworxAuthentication 
    at javax.security.auth.login.LoginContext.init(LoginContext.java:272) 
    at javax.security.auth.login.LoginContext.<init>(LoginContext.java:425) 
    at com.appworx.server.ldap.LDAPAppworxAuthentication.B(LDAPAppworxAuthentication.java:420)

    We ended up debugging the settings and found that the startup processes was ignoring the Java_mb setting in the sosite file.

    - Log in as your Applications Manager OS user and run this command:
    ps -ef |grep .appworx.

    If you do not see the new settings, you will edit $AW_HOME/site/sosite and move the AX_JAVA_OPTIONS settings to be included in the Java_mb environment variable.  Comment out the AX_JAVA_OPTIONS line.

    Stop and restart the App Mgr processes
    stopso awcomm
    startso

    - Log in as your Applications Manager OS user and run this command:
    ps -ef |grep .appworx.

    You should now see the new settings.  If so, it should work as expected if you have followed the instructions provided by Automic.

    Good Luck



    ------------------------------
    Terence M. Krolczyk | Software Applications Developer IV
    Enterprise Information Systems, Division of Enrollment & Academic Services | Texas A&M University
    1119 TAMU | College Station, TX 77843-1119

    ph: 979.845.8432 | fax: 979.862.7467 | terryk@tamu.edu
    - - - - - - - - - - - - - - - - - - - - - - - -
    TEXAS A&M UNIVERSITY UNIVERSITY | FEARLESS on Every Front
    eis.tamu.edu
    ----------------------------------------------------
    This message contains information which may be confidential and privileged. Unless you are the addressee (or authorized to receive for the addressee), you may not use, copy or disclose to anyone the message or any information contained in the message. If you have received the message in error, please advise the sender by reply email and delete the message.
    ------------------------------



  • 5.  RE: Appworx and OpenLDAP

    Posted 08-12-2020 11:38 AM
    Hi Terry, 
    Thank you for the information. 

    We are not using LDAP yet, but might in the future. If you don't mind I have a few question about this. 
    We are running V9.3.1. 

    Which manual did you find the instructions for setup? You mentioned the GSSAPI option, I am curious about that. 

    For each of the Appman masters, and remote agents I do use the  AX_JAVA_OPTIONS variable in the sosite file. 
    AX_JAVA_OPTIONS=3072m;export AX_JAVA_OPTIONS

    You mentioned moving the AX_JAVA_OPTIONS setting to be included in the Java_mb environment variable.
    It Java_mb a new variable set in the sosite file for the master, or master/remote agents??  

    Thank you very much

    Rich






  • 6.  RE: Appworx and OpenLDAP

    Posted 08-13-2020 09:26 AM
    Rich,

    In the online help within Automic UC4 - 

    ------------------------------
    Terence M. Krolczyk | Software Applications Developer IV
    Enterprise Information Systems, Division of Enrollment & Academic Services | Texas A&M University
    1119 TAMU | College Station, TX 77843-1119

    ph: 979.845.8432 | fax: 979.862.7467 | terryk@tamu.edu
    - - - - - - - - - - - - - - - - - - - - - - - -
    TEXAS A&M UNIVERSITY UNIVERSITY | FEARLESS on Every Front
    eis.tamu.edu
    ----------------------------------------------------
    This message contains information which may be confidential and privileged. Unless you are the addressee (or authorized to receive for the addressee), you may not use, copy or disclose to anyone the message or any information contained in the message. If you have received the message in error, please advise the sender by reply email and delete the message.
    ------------------------------



  • 7.  RE: Appworx and OpenLDAP

    Posted 08-17-2020 06:43 PM
    Edited by Stefano De Leo 08-17-2020 08:22 PM
    Same issue here. Trying to setup authentication against AD but getting the following error when logging in. Any help is appreciated. Followed instructions in the "Using Active Directory" section of the install manual. Product version is v. 9.3.2

    Is the install of kerberos packages and its configuration a pre-requisites to the listed steps? I see references in the krb.conf file to profile = /var/kerberos/krb5kdc/kdc.conf. Would appreciate some guidance in any pre-requisites steps not listed in the manual.

    This is the error I get.
    Internal error : Cannot locate KDC : null
    at com.appworx.server.ldap.LDAPAppworxAuthentication.B(LDAPAppworxAuthentication.java:425)
    at com.appworx.server.ldap.LDAPAppworxAuthentication.A(LDAPAppworxAuthentication.java:326)
    at com.appworx.server.ldap.LDAPAppworxAuthentication.C(LDAPAppworxAuthentication.java:239)
    at com.appworx.server.data.AxRmiServer.A(AxRmiServer.java:2574)
    at com.appworx.server.data.D$_B.doOperatorLogin(RemoteClientSocketManager.java:249)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.base/java.lang.reflect.Method.invoke(Method.java:566)
    at com.uc4.be.util.InvokeUtil.invoke(InvokeUtil.java:122)
    at com.appworx.util.InvokeRequest.invokeMethod(InvokeRequest.java:47)
    at com.appworx.server.data.C.A(ClientServices.java:150)
    at com.appworx.server.data.D$_A.doRun(RemoteClientSocketManager.java:168)
    at com.uc4.be.threading.AbstractWorker.run(AbstractWorker.java:367)
    at java.base/java.lang.Thread.run(Thread.java:834)
    at com.appworx.client.screen.util.ClientSocketManager.sendRequest1(ClientSocketManager.java:343)
    at com.appworx.shared.iface.ILogon_Stub.doOperatorLogin(ILogon_Stub.java:109)
    at com.appworx.client.screen.logon.C.A(Logon.java:688)
    at com.appworx.client.screen.logon.C.f(Logon.java:654)
    at com.appworx.client.screen.logon.C.h(Logon.java:500)
    at java.desktop/javax.swing.AbstractButton.fireActionPerformed(Unknown Source)
    at java.desktop/javax.swing.AbstractButton$Handler.actionPerformed(Unknown Source)
    at java.desktop/javax.swing.DefaultButtonModel.fireActionPerformed(Unknown Source)
    at java.desktop/javax.swing.DefaultButtonModel.setPressed(Unknown Source)
    at java.desktop/javax.swing.plaf.basic.BasicButtonListener.mouseReleased(Unknown Source)
    at java.desktop/java.awt.Component.processMouseEvent(Unknown Source)
    at java.desktop/javax.swing.JComponent.processMouseEvent(Unknown Source)
    at java.desktop/java.awt.Component.processEvent(Unknown Source)
    at java.desktop/java.awt.Container.processEvent(Unknown Source)
    at java.desktop/java.awt.Component.dispatchEventImpl(Unknown Source)
    at java.desktop/java.awt.Container.dispatchEventImpl(Unknown Source)
    at java.desktop/java.awt.Component.dispatchEvent(Unknown Source)
    at java.desktop/java.awt.LightweightDispatcher.retargetMouseEvent(Unknown Source)
    at java.desktop/java.awt.LightweightDispatcher.processMouseEvent(Unknown Source)
    at java.desktop/java.awt.LightweightDispatcher.dispatchEvent(Unknown Source)
    at java.desktop/java.awt.Container.dispatchEventImpl(Unknown Source)
    at java.desktop/java.awt.Window.dispatchEventImpl(Unknown Source)
    at java.desktop/java.awt.Component.dispatchEvent(Unknown Source)
    at com.appworx.client.screen.widget.AxInternalFrame.B(AxInternalFrame.java:320)
    at com.appworx.client.screen.widget.AxInternalFrame.setVisible(AxInternalFrame.java:164)
    at com.appworx.client.screen.main.AxMain.A(AxMain.java:2165)
    at com.appworx.client.screen.main.AxMain.A(AxMain.java:175)
    at com.appworx.client.screen.main.AxMain$29.actionPerformed(AxMain.java:1457)
    at java.desktop/javax.swing.AbstractButton.fireActionPerformed(Unknown Source)
    at java.desktop/javax.swing.AbstractButton$Handler.actionPerformed(Unknown Source)
    at java.desktop/javax.swing.DefaultButtonModel.fireActionPerformed(Unknown Source)
    at java.desktop/javax.swing.DefaultButtonModel.setPressed(Unknown Source)
    at java.desktop/javax.swing.AbstractButton.doClick(Unknown Source)
    at java.desktop/javax.swing.plaf.basic.BasicMenuItemUI.doClick(Unknown Source)
    at java.desktop/javax.swing.plaf.basic.BasicMenuItemUI$Handler.mouseReleased(Unknown Source)
    at java.desktop/java.awt.Component.processMouseEvent(Unknown Source)
    at java.desktop/javax.swing.JComponent.processMouseEvent(Unknown Source)
    at java.desktop/java.awt.Component.processEvent(Unknown Source)
    at java.desktop/java.awt.Container.processEvent(Unknown Source)
    at java.desktop/java.awt.Component.dispatchEventImpl(Unknown Source)
    at java.desktop/java.awt.Container.dispatchEventImpl(Unknown Source)
    at java.desktop/java.awt.Component.dispatchEvent(Unknown Source)
    at java.desktop/java.awt.LightweightDispatcher.retargetMouseEvent(Unknown Source)
    at java.desktop/java.awt.LightweightDispatcher.processMouseEvent(Unknown Source)
    at java.desktop/java.awt.LightweightDispatcher.dispatchEvent(Unknown Source)
    at java.desktop/java.awt.Container.dispatchEventImpl(Unknown Source)
    at java.desktop/java.awt.Window.dispatchEventImpl(Unknown Source)
    at java.desktop/java.awt.Component.dispatchEvent(Unknown Source)
    at java.desktop/java.awt.EventQueue.dispatchEventImpl(Unknown Source)
    at java.desktop/java.awt.EventQueue$4.run(Unknown Source)
    at java.desktop/java.awt.EventQueue$4.run(Unknown Source)
    at java.base/java.security.AccessController.doPrivileged(Native Method)
    at java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown Source)
    at java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown Source)
    at java.desktop/java.awt.EventQueue$5.run(Unknown Source)
    at java.desktop/java.awt.EventQueue$5.run(Unknown Source)
    at java.base/java.security.AccessController.doPrivileged(Native Method)
    at java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown Source)
    at java.desktop/java.awt.EventQueue.dispatchEvent(Unknown Source)
    at java.desktop/java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)
    at java.desktop/java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
    at java.desktop/java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)
    at java.desktop/java.awt.EventDispatchThread.pumpEvents(Unknown Source)
    at java.desktop/java.awt.EventDispatchThread.pumpEvents(Unknown Source)
    at java.desktop/java.awt.EventDispatchThread.run(Unknown Source)
    Cannot locate KDC


  • 8.  RE: Appworx and OpenLDAP
    Best Answer

    Posted 08-18-2020 09:58 AM
      |   view attached
    Stefano,

    We followed the instructions as presented:

    To set up Active Directory for CA Automic Applications Manager:

      1. Create an AM_GSSAPI.conf file in the Automation Engine's AW_HOME directory. This tells Java which authentication mode to use for LDAP. Sample code from a AM_GSSAPI.conf file is shown below:

    com.appworx.server.ldap.LDAPAppworxAuthentication

    { com.sun.security.auth.module.Krb5LoginModule required client=TRUE useTicketCache=TRUE; }

    ;

    If you have the CA Automic Applications Manager installed on Windows, and you use an authentication method of GSSAPI, you may need to add javax.security.auth.useSubjectCredsOnly to your AM_GSSAPI.conf file to ensure full credentials are passed as shown below:

    com.appworx.server.ldap.LDAPAppworxAuthentication

    { com.sun.security.auth.module.Krb5LoginModule required client=TRUE useTicketCache=TRUE javax.security.auth.useSubjectCredsOnly=TRUE; }

    ;

    For more information, see your LDAP documentation.

      1. Create a krb5.conf file in the Automation Engine's AW_HOME directory. This configures the settings for the Active Directory server. It also configures the log file location. A sample krb5.conf file file is shown below. Be sure to change the realm and server names, which are in shown in bold below, to your correct settings:

    [logging]

    default = FILE:/var/log/krb5libs.log

    kdc = FILE:/var/log/krb5kdc.log

    admin_server = FILE:/var/log/kadmind.log

     

    [libdefaults]

    ticket_lifetime = 24000

    default_realm = AUTOMIC.COM

    default_tgs_enctypes=des-cbc-crc

    default_ktk_enctypes=des_cbc-crc

    dns_lookup_realm = false

    dns_lookup_kdc = false

     

    [realms]

    AUTOMIC.COM = {

        kdc = adserver.automic.com

        admin_server = adserver.automic.com

        kpasswd_server = adserver.automic.com

        default_domain = AUTOMIC.COM

    }

     

    [domain_realm]

    .kerberos.server = AUTOMIC.COM

    .automic.com = AUTOMIC.COM

    automic.com = AUTOMIC.COM

     

    [kdc]

    profile = /var/kerberos/krb5kdc/kdc.conf

     

    [appdefaults]

     

    pam = {

      debug = false

      ticket_lifetime = 36000

      renew_lifetime = 36000

      forwardable = true

      krb4_convert = false

    }

      1. In the sosite file, set the variable Java_mb to indicate the location of the files created in step 1 and 2. The sosite file should then be sourced and the RMI server restarted.

    The variable must start out with "2048m". In a UNIX sosite file this would be:

    export Java_mb="2048m -Djava.security.auth.login.config=$AW_HOME/AM_GSSAPI.conf -Djava.security.krb5.conf=$AW_HOME/krb5.conf"

    If you are on a Windows or UNIX operating system with less memory available, substitute "2048m" with "1024m".

    1. Source in the sosite file by typing . sosite.
    2. Start the CA Automic Applications Manager processes by typing startso.

    The issue we ran into was that the JAVA options were not being picked up as described in earlier emails.  The rest was very straight forward.   Our krb5.conf was one we were already using that we knew worked.  So we just made a few updates for automic and that was all.

    ------------------------------
    Terence M. Krolczyk | Software Applications Developer IV
    Enterprise Information Systems, Division of Enrollment & Academic Services | Texas A&M University
    1119 TAMU | College Station, TX 77843-1119

    ph: 979.845.8432 | fax: 979.862.7467 | terryk@tamu.edu
    - - - - - - - - - - - - - - - - - - - - - - - -
    TEXAS A&M UNIVERSITY UNIVERSITY | FEARLESS on Every Front
    eis.tamu.edu
    ----------------------------------------------------
    This message contains information which may be confidential and privileged. Unless you are the addressee (or authorized to receive for the addressee), you may not use, copy or disclose to anyone the message or any information contained in the message. If you have received the message in error, please advise the sender by reply email and delete the message.
    ------------------------------