I'm planning to do the upgrade from 1.1.2 to 1.2.4 I've copied all files from /conf to the new 1.2.4 directory... My new directory seems to be ok (the browser show all good entries) But when i try to bind against as an user i get [09/07/2007 11:30:39] Invalid Credentials LDAPException: Invalid Credentials (49) Invalid Credentials LDAPException: Server Message: Invalid Credentials at org.ietf.ldap.LDAPException.<init>(Unknown Source) at org.safehaus.penrose.util.ExceptionUtil.createLDAPException(ExceptionUtil.java:73) at org.safehaus.penrose.util.ExceptionUtil.createLDAPException(ExceptionUtil.java:61) at org.safehaus.penrose.engine.basic.BasicEngine.bind(BasicEngine.java:340) at org.safehaus.penrose.handler.Handler.bind(Handler.java:170) at org.safehaus.penrose.handler.HandlerManager.bind(HandlerManager.java:220) at org.safehaus.penrose.session.Session.bind(Session.java:296) at org.safehaus.penrose.backend.PenroseSession.bind(PenroseSession.java:119) at org.safehaus.penrose.mina.BindHandler.messageReceived(BindHandler.java:44) at org.apache.mina.handler.demux.DemuxingIoHandler.messageReceived(DemuxingIoHandler.java:144) at org.apache.mina.common.support.AbstractIoFilterChain$TailFilter.messageReceived(AbstractIoFilterChain.java:703) at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:362) at org.apache.mina.common.support.AbstractIoFilterChain.access$1200(AbstractIoFilterChain.java:54) at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:800) at org.apache.mina.filter.codec.support.SimpleProtocolDecoderOutput.flush(SimpleProtocolDecoderOutput.java:60) at org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:190) at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:362) at org.apache.mina.common.support.AbstractIoFilterChain.access$1200(AbstractIoFilterChain.java:54) at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:800) at org.apache.mina.filter.executor.ExecutorFilter.processEvent(ExecutorFilter.java:243) at org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run(ExecutorFilter.java:305) at edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:665) at edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:690) Here's penrose 1.1.2 running : hubert@hpdev ~/applications/ldap $ ./penrose-server-1.1.2/bin/penrose.sh [09/07/2007 11:29:42] Starting Penrose Server 1.1.2. [09/07/2007 11:29:43] Listening to port 1099 (RMI). [09/07/2007 11:29:43] Listening to port 40888 (RMI Transport). [09/07/2007 11:29:43] Listening to port 8112 (HTTP). [09/07/2007 11:29:44] Bind operation succeeded. [09/07/2007 11:29:44] Listening to port 10389 (LDAP). [09/07/2007 11:29:44] Server is ready. [09/07/2007 11:29:51] Search "ou=users,dc=fiducial,dc=net" with scope subtree and filter "(uid=h.fongarnand)" [09/07/2007 11:29:51] Search operation succeded. [09/07/2007 11:29:51] Search operation returned 1 entries. [09/07/2007 11:29:51] Bind as "uid=h.fongarnand,ou=users,dc=fiducial,dc=net". [09/07/2007 11:29:52] Bind operation succeeded. It'ok Here's penrose 1.2.4 running hubert@hpdev ~/applications/ldap $ ./penrose-server-1.2.4/bin/penrose.sh [09/07/2007 11:30:34] Starting Penrose Server 1.2.4. [09/07/2007 11:30:36] Listening to port 1099 (RMI). [09/07/2007 11:30:36] Listening to port 40888 (RMI Transport). [09/07/2007 11:30:36] Listening to port 8112 (HTTP). [09/07/2007 11:30:36] Listening to port 10389 (LDAP). [09/07/2007 11:30:36] Server is ready. [09/07/2007 11:30:39] Search "ou=users,dc=fiducial,dc=net" with scope subtree and filter "(uid=h.fongarnand)" [09/07/2007 11:30:39] Bind "uid=h.fongarnand,ou=users,dc=fiducial,dc=net". [09/07/2007 11:30:39] Empty RDN. [09/07/2007 11:30:39] Invalid Credentials LDAPException: Invalid Credentials (49) Invalid Credentials LDAPException: Server Message: Invalid Credentials at org.ietf.ldap.LDAPException.<init>(Unknown Source) at org.safehaus.penrose.util.ExceptionUtil.createLDAPException(ExceptionUtil.java:73) at org.safehaus.penrose.util.ExceptionUtil.createLDAPException(ExceptionUtil.java:61) at org.safehaus.penrose.engine.basic.BasicEngine.bind(BasicEngine.java:340) at org.safehaus.penrose.handler.Handler.bind(Handler.java:170) at org.safehaus.penrose.handler.HandlerManager.bind(HandlerManager.java:220) at org.safehaus.penrose.session.Session.bind(Session.java:296) at org.safehaus.penrose.backend.PenroseSession.bind(PenroseSession.java:119) at org.safehaus.penrose.mina.BindHandler.messageReceived(BindHandler.java:44) at org.apache.mina.handler.demux.DemuxingIoHandler.messageReceived(DemuxingIoHandler.java:144) at org.apache.mina.common.support.AbstractIoFilterChain$TailFilter.messageReceived(AbstractIoFilterChain.java:703) at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:362) at org.apache.mina.common.support.AbstractIoFilterChain.access$1200(AbstractIoFilterChain.java:54) at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:800) at org.apache.mina.filter.codec.support.SimpleProtocolDecoderOutput.flush(SimpleProtocolDecoderOutput.java:60) at org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:190) at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:362) at org.apache.mina.common.support.AbstractIoFilterChain.access$1200(AbstractIoFilterChain.java:54) at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:800) at org.apache.mina.filter.executor.ExecutorFilter.processEvent(ExecutorFilter.java:243) at org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run(ExecutorFilter.java:305) at edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:665) at edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:690) at java.lang.Thread.run(Thread.java:619) It's not ok Additional Comments From kmerigot dated Mon Dec 01 11:21:34 CST 2008 Hi, This is a clone of #PENROSE-257. I have exactly the same problem as described above, with Penrose 1.2.4. When i try to log into my application (Confluence), I get this message : [12/01/2008 18:14:08] Bind "uid=admin,ou=system". [12/01/2008 18:14:08] Search "ou=Users,dc=qualiflab,dc=kapit,dc=fr" with scope one level and filter "(&(objectClass=inetorgperson)(&(objectClass=inetorgperson)(cn=kevin)))" [12/01/2008 18:14:08] Bind "cn=kevin,ou=Users,dc=qualiflab,dc=kapit,dc=fr". [12/01/2008 18:14:08] Empty RDN. [12/01/2008 18:14:09] Invalid Credentials LDAPException: Invalid Credentials (49) Invalid Credentials LDAPException: Server Message: Invalid Credentials at org.safehaus.penrose.util.ExceptionUtil.createLDAPException(ExceptionUtil.java:73) at org.safehaus.penrose.util.ExceptionUtil.createLDAPException(ExceptionUtil.java:61) at org.safehaus.penrose.engine.basic.BasicEngine.bind(BasicEngine.java:340) at org.safehaus.penrose.handler.Handler.bind(Handler.java:170) at org.safehaus.penrose.handler.HandlerManager.bind(HandlerManager.java:220) at org.safehaus.penrose.session.Session.bind(Session.java:296) at org.safehaus.penrose.backend.PenroseSession.bind(PenroseSession.java:119) at org.safehaus.penrose.mina.BindHandler.messageReceived(BindHandler.java:44) at org.apache.mina.handler.demux.DemuxingIoHandler.messageReceived(DemuxingIoHandler.java:144) at org.apache.mina.common.support.AbstractIoFilterChain$TailFilter.messageReceived(AbstractIoFilterChain.java:703) at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:362) at org.apache.mina.common.support.AbstractIoFilterChain.access$1200(AbstractIoFilterChain.java:54) at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:800) at org.apache.mina.filter.codec.support.SimpleProtocolDecoderOutput.flush(SimpleProtocolDecoderOutput.java:60) at org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:190) at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:362) at org.apache.mina.common.support.AbstractIoFilterChain.access$1200(AbstractIoFilterChain.java:54) at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:800) at org.apache.mina.filter.executor.ExecutorFilter.processEvent(ExecutorFilter.java:243) at org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run(ExecutorFilter.java:305) at edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:665) at edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:690) at java.lang.Thread.run(Thread.java:595) My mapping.xml is : <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE mapping PUBLIC "-//Penrose/DTD Mapping 1.2//EN" "http://penrose.safehaus.org/dtd/mapping.dtd"> <mapping> <entry dn="dc=qualiflab,dc=kapit,dc=fr"> <oc>dcObject</oc> <oc>organization</oc> <at name="dc" rdn="true"> <constant>qualiflab</constant> </at> <at name="o"> <constant>qualiflab</constant> </at> <aci> <permission>ro</permission> </aci> </entry> <!-- <entry dn="cn=Manager,dc=Example,dc=com"> <oc>person</oc> <oc>organizationalPerson</oc> <oc>inetOrgPerson</oc> <at name="cn" rdn="true"> <constant>Manager</constant> </at> <at name="sn"> <constant>Manager</constant> </at> <at name="userPassword"> <constant>secret</constant> </at> </entry> <entry dn="ou=Users,dc=Example,dc=com"> <oc>organizationalUnit</oc> <at name="ou" rdn="true"> <constant>Users</constant> </at> </entry> --> <entry dn="ou=Users,dc=qualiflab,dc=kapit,dc=fr"> <oc>organizationalUnit</oc> <at name="ou" rdn="true"> <constant>Users</constant> </at> </entry> <entry dn="ou=Groups,dc=qualiflab,dc=kapit,dc=fr"> <oc>organizationalUnit</oc> <at name="ou" rdn="true"> <constant>Groups</constant> </at> </entry> <entry dn="cn=...,ou=Users,dc=qualiflab,dc=kapit,dc=fr"> <oc>person</oc> <oc>organizationalPerson</oc> <oc>inetOrgPerson</oc> <at name="cn" rdn="true"> <variable>MySQLMappingSource.name</variable> </at> <at name="fullname"> <variable> MySQLMappingSource.fullname </variable> </at> <at name="mail"> <variable>MySQLMappingSource.email</variable> </at> <at name="userPassword"> <expression>"{SHA512}"+MySQLMappingSource.password</expression> </at> <source name="MySQLMappingSource"> <source-name>MySQLSource</source-name> <field name="name"> <variable>name</variable> </field> <field name="fullname"> <variable>fullname</variable> </field> <field name="email"> <variable>email</variable> </field> <field name="password"> <variable> password </variable> </field> </source> </entry> <entry dn="cn=confusers,ou=Groups,dc=qualiflab,dc=kapit,dc=fr"> <oc>top</oc> <oc>groupOfNames</oc> <at name="cn" rdn="true"> <constant>confusers</constant> </at> <at name="member"> <expression foreach="MySQLMappingSource.name" var="username"> "cn="+username+",ou=Users,dc=qualiflab,dc=kapit,dc=fr" </expression> </at> <source name="MySQLMappingSource"> <source-name>MySQLSource</source-name> <field name="name"> <variable>name</variable> </field> </source> </entry> </mapping> The credentials are encrypted in SHA-512 in the user database (as Confluence do). Any idea on how to resolve this issue? Thanks, Kevin Additional Comments From kmerigot dated Mon Dec 01 11:27:48 CST 2008 Hi, For information : mysql> select password from users where name='kevin'; +------------------------------------------------------------------------------------------+ | password | +------------------------------------------------------------------------------------------+ | Xf5Vh5Y46ZzBSh1HMCOJNiB7kgUO880krmTVLXcwhEhbVbAPg1oHa9yPjDB6tesYPq8zKGeitvR1V9kTI08pcw== | +------------------------------------------------------------------------------------------+ 1 row in set (0.00 sec) The userPassword attribute in the LDAP : {SHA512}Xf5Vh5Y46ZzBSh1HMCOJNiB7kgUO880krmTVLXcwhEhbVbAPg1oHa9yPjDB6tesYPq8zKGeitvR1V9kTI08pcw== Thanks, Kevin ========================================================= Issue dump from jira $VAR1 = { 'priority' => '3', 'customFieldValues' => [], 'project' => 'PENROSE', 'status' => '1', 'components' => [ { 'name' => 'Engine', 'id' => '10009' } ], 'reporter' => 'kmerigot', 'key' => 'PENROSE-340', 'assignee' => 'endisd', 'summary' => 'CLONE -Invalid credential when binding with SHA', 'id' => '11076', 'updated' => '2008-12-01 11:27:48.0', 'votes' => '0', 'fixVersions' => [], 'affectsVersions' => [ { 'releaseDate' => '2007-07-02 00:00:00.0', 'sequence' => '25', 'name' => ' Penrose-1.2.3', 'released' => 'true', 'id' => '10122', 'archived' => 'false' } ], 'description' => 'I'm planning to do the upgrade from 1.1.2 to 1.2.4 I've copied all files from /conf to the new 1.2.4 directory... My new directory seems to be ok (the browser show all good entries) But when i try to bind against as an user i get [09/07/2007 11:30:39] Invalid Credentials LDAPException: Invalid Credentials (49) Invalid Credentials LDAPException: Server Message: Invalid Credentials at org.ietf.ldap.LDAPException.<init>(Unknown Source) at org.safehaus.penrose.util.ExceptionUtil.createLDAPException(ExceptionUtil.java:73) at org.safehaus.penrose.util.ExceptionUtil.createLDAPException(ExceptionUtil.java:61) at org.safehaus.penrose.engine.basic.BasicEngine.bind(BasicEngine.java:340) at org.safehaus.penrose.handler.Handler.bind(Handler.java:170) at org.safehaus.penrose.handler.HandlerManager.bind(HandlerManager.java:220) at org.safehaus.penrose.session.Session.bind(Session.java:296) at org.safehaus.penrose.backend.PenroseSession.bind(PenroseSession.java:119) at org.safehaus.penrose.mina.BindHandler.messageReceived(BindHandler.java:44) at org.apache.mina.handler.demux.DemuxingIoHandler.messageReceived(DemuxingIoHandler.java:144) at org.apache.mina.common.support.AbstractIoFilterChain$TailFilter.messageReceived(AbstractIoFilterChain.java:703) at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:362) at org.apache.mina.common.support.AbstractIoFilterChain.access$1200(AbstractIoFilterChain.java:54) at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:800) at org.apache.mina.filter.codec.support.SimpleProtocolDecoderOutput.flush(SimpleProtocolDecoderOutput.java:60) at org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:190) at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:362) at org.apache.mina.common.support.AbstractIoFilterChain.access$1200(AbstractIoFilterChain.java:54) at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:800) at org.apache.mina.filter.executor.ExecutorFilter.processEvent(ExecutorFilter.java:243) at org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run(ExecutorFilter.java:305) at edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:665) at edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:690) Here's penrose 1.1.2 running : hubert@hpdev ~/applications/ldap $ ./penrose-server-1.1.2/bin/penrose.sh [09/07/2007 11:29:42] Starting Penrose Server 1.1.2. [09/07/2007 11:29:43] Listening to port 1099 (RMI). [09/07/2007 11:29:43] Listening to port 40888 (RMI Transport). [09/07/2007 11:29:43] Listening to port 8112 (HTTP). [09/07/2007 11:29:44] Bind operation succeeded. [09/07/2007 11:29:44] Listening to port 10389 (LDAP). [09/07/2007 11:29:44] Server is ready. [09/07/2007 11:29:51] Search "ou=users,dc=fiducial,dc=net" with scope subtree and filter "(uid=h.fongarnand)" [09/07/2007 11:29:51] Search operation succeded. [09/07/2007 11:29:51] Search operation returned 1 entries. [09/07/2007 11:29:51] Bind as "uid=h.fongarnand,ou=users,dc=fiducial,dc=net". [09/07/2007 11:29:52] Bind operation succeeded. It'ok Here's penrose 1.2.4 running hubert@hpdev ~/applications/ldap $ ./penrose-server-1.2.4/bin/penrose.sh [09/07/2007 11:30:34] Starting Penrose Server 1.2.4. [09/07/2007 11:30:36] Listening to port 1099 (RMI). [09/07/2007 11:30:36] Listening to port 40888 (RMI Transport). [09/07/2007 11:30:36] Listening to port 8112 (HTTP). [09/07/2007 11:30:36] Listening to port 10389 (LDAP). [09/07/2007 11:30:36] Server is ready. [09/07/2007 11:30:39] Search "ou=users,dc=fiducial,dc=net" with scope subtree and filter "(uid=h.fongarnand)" [09/07/2007 11:30:39] Bind "uid=h.fongarnand,ou=users,dc=fiducial,dc=net". [09/07/2007 11:30:39] Empty RDN. [09/07/2007 11:30:39] Invalid Credentials LDAPException: Invalid Credentials (49) Invalid Credentials LDAPException: Server Message: Invalid Credentials at org.ietf.ldap.LDAPException.<init>(Unknown Source) at org.safehaus.penrose.util.ExceptionUtil.createLDAPException(ExceptionUtil.java:73) at org.safehaus.penrose.util.ExceptionUtil.createLDAPException(ExceptionUtil.java:61) at org.safehaus.penrose.engine.basic.BasicEngine.bind(BasicEngine.java:340) at org.safehaus.penrose.handler.Handler.bind(Handler.java:170) at org.safehaus.penrose.handler.HandlerManager.bind(HandlerManager.java:220) at org.safehaus.penrose.session.Session.bind(Session.java:296) at org.safehaus.penrose.backend.PenroseSession.bind(PenroseSession.java:119) at org.safehaus.penrose.mina.BindHandler.messageReceived(BindHandler.java:44) at org.apache.mina.handler.demux.DemuxingIoHandler.messageReceived(DemuxingIoHandler.java:144) at org.apache.mina.common.support.AbstractIoFilterChain$TailFilter.messageReceived(AbstractIoFilterChain.java:703) at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:362) at org.apache.mina.common.support.AbstractIoFilterChain.access$1200(AbstractIoFilterChain.java:54) at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:800) at org.apache.mina.filter.codec.support.SimpleProtocolDecoderOutput.flush(SimpleProtocolDecoderOutput.java:60) at org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:190) at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:362) at org.apache.mina.common.support.AbstractIoFilterChain.access$1200(AbstractIoFilterChain.java:54) at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:800) at org.apache.mina.filter.executor.ExecutorFilter.processEvent(ExecutorFilter.java:243) at org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run(ExecutorFilter.java:305) at edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:665) at edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:690) at java.lang.Thread.run(Thread.java:619) It's not ok ', 'created' => '2008-12-01 11:11:07.0', 'environment' => 'Linux', 'type' => '1' }; =========================================================