Community

Can't see ADMINISTRATION tab when logging on (simple authentication with SQL Server)

4789
10
Jump to solution
02-06-2012 04:08 AM
RobinBoyle
by
New Contributor II
‎02-06-2012 04:08 AM
Hi,

I have installed Geoportal 1.2 on Windows Server 2008, with Apache-Tomcat 6 as the web server and SQL Server 2005 as the database.  The authentication method is Simple Authentication rather than LDAP because we only need one admin user, with all other users just having the ability to search and browse.

Everything appears to have been installed correctly and I can see the Geoportal front page when I navigate to http://localhost:8080/geoportal; however, when I try to log in as the administrator user (gptadmin), I don't get the ADMINISTRATION tab and the green 'Welcome' box doesn't say "Welcome, gptadmin".

I have installed both Geoportal 1.1.1 and Geoportal 1.2 successfully with PostgreSQL as the database on a Windows Server 2003 box.

One thing I did notice was that there is no separate GRANT sql script for SQL Server; as a result there appears to be a missing record in the GPT_USERS table.

Would really appreciate some help on this!

Robin
0 Kudos
1 Solution

Accepted Solutions
RobinBoyle
by
New Contributor II
‎02-07-2012 06:38 AM
Eoin and Clive,

Good news: it's working now!
I deleted the catalina.2012-02-07.log and gpt.2012-02-07.log files, restarted Tomcat.

I think the issue may be down to something not quite right in the gpt.xml file and even though I changed it, perhaps something dodgy with the log files and the fact I didn't restart Tomcat meant it wasn't getting the change through.

Thank you so much for your input - I am very grateful.

Robin

View solution in original post

0 Kudos
10 Replies
RobinBoyle
by
New Contributor II
‎02-06-2012 06:03 AM
***UPDATE***

OK, I see where I had a problem: I used the same user for the database owner as the geoportal admin user.  I have separated them out now.

...which leads to a new problem!  When I log in as gptadmin in the Geoportal login page, I now get "Unable to connect to LDAP." where I should get "Welcome, gptadmin".  Just to reiterate, I am not using LDAP; instead, I am using simple authentication, so it shouldn't even be trying to access LDAP.

Apologies if you've spent time thinking about this; the new problem is where it's at now!

Cheers,
Robin
0 Kudos
EoinRyan
by
New Contributor
‎02-06-2012 07:15 AM
***UPDATE***

OK, I see where I had a problem: I used the same user for the database owner as the geoportal admin user.  I have separated them out now.

...which leads to a new problem!  When I log in as gptadmin in the Geoportal login page, I now get "Unable to connect to LDAP." where I should get "Welcome, gptadmin".  Just to reiterate, I am not using LDAP; instead, I am using simple authentication, so it shouldn't even be trying to access LDAP.

Apologies if you've spent time thinking about this; the new problem is where it's at now!

Cheers,
Robin


Hi Robin,

The authentication method is specified in your gpt.xml file:
<!-- User Management configuration. simpleAdapter OR ldapAdapter.
- simpleAdpater: configures geoportal with one administrative user
- ldapAdapter: configures geoportal to connect to LDAP user directory store. -->

Make sure that the ldapAdaper element is commented out and you have simpleAdapter configured.

Regards,
Eoin
0 Kudos
RobinBoyle
by
New Contributor II
‎02-07-2012 01:29 AM
Eoin,

Thanks for the input.  I already changed the gpt.xml settings for LDAP/Simple Authentication (see below).  There's nothing funky with what I've done, is there?  (Note that the password has been replaced with ******)

<identity encKey="PtkESRI" realm="Geoportal"> 
        <simpleAdapter>
            <account username="gptadmin" password="********" encrypted="false"/>
            <roles>
                <role key="gptRegisteredUser"/>
                <role key="gptPublisher"/>
                <role key="gptAdministrator"/>
            </roles>
        </simpleAdapter>

        <!--
        <ldapAdapter>
          <ldapConnectionProperties
              providerURL="ldap://ldap_host_name:ldap_port"
              initialContextFactoryName="com.sun.jndi.ldap.LdapCtxFactory"
              securityAuthentication="simple"
              securityProtocol="">
              <ldapServiceAccount
                  securityPrincipal="ldap_admin_user"
                  securityCredentials="ldap_admin_password"
                  encrypted="false"/>
          </ldapConnectionProperties>
       
          <singleSignOn
              active="false"
              credentialLocation="userPrincipal"
              anonymousValue=""
              logoutOutcome=""/>
           
          <selfCareSupport
              supportsLogin="true"
              supportsLogout="true"
              supportsUserRegistration="true"
              supportsUserProfileManagement="true"
              supportsPasswordChange="true"
              supportsPasswordRecovery="true"/>
           
          <roles authenticatedUserRequiresRole="true">
              <role
                  key="gptRegisteredUser"
                  groupDN="group_distinguished_name_for_registered_user"/>
              <role
                  key="gptPublisher"
                  inherits="gptRegisteredUser"
                  groupDN="group_distinguished_name_for_publisher"/>
              <role
                  key="gptAdministrator"
                  inherits="gptPublisher"
                  groupDN="group_distinguished_name_for_administrator"/>
          </roles>
       
          <users
              displayNameAttribute="uid"
              passwordEncryptionAlgorithm="SHA"
              newUserDNPattern="cn={0},Users_Node_DN"
              usernameSearchPattern="(&amp;(objectclass=person)(uid={0}))"
              searchDIT="Users_Node_DN">
              <requiredObjectClasses>
                  <objectClass name="top"/>
                  <objectClass name="person"/>
                  <objectClass name="organizationalPerson"/>
                  <objectClass name="inetOrgPerson"/>
              </requiredObjectClasses>
              <userAttributeMap>
                  <attribute key="username"     ldapName="uid"/>
                  <attribute key="password"     ldapName="userPassword"/>
                  <attribute key="email"        ldapName="mail"/>
                  <attribute key="firstName"    ldapName="givenName"/>
                  <attribute key="lastName"     ldapName="sn"/>
                  <attribute key="displayName"  ldapName="displayName"/>
                  <attribute key="organization" ldapName="o"/>
                  <attribute key="affiliation"  ldapName="businessCategory"/>
                  <attribute key="street"       ldapName="street"/>
                  <attribute key="city"         ldapName="l"/>
                  <attribute key="stateOrProv"  ldapName="st"/>
                  <attribute key="postalCode"   ldapName="postalCode"/>
                  <attribute key="country"      ldapName=""/>
                  <attribute key="phone"        ldapName="telephoneNumber"/>
              </userAttributeMap>
          </users>
     
          <groups
              displayNameAttribute="cn"
              dynamicMemberOfGroupsAttribute=""
              dynamicMembersAttribute=""
              memberAttribute="uniquemember"
              memberSearchPattern="(&amp;(objectclass=groupOfUniqueNames)(uniquemember={0}))"
              searchDIT="Groups_Node_DN">
    
              <metadataManagementGroup
                  name="Region 1"
                  groupDN="group_distinguished_name"/>
              <metadataManagementGroup
                  name="Region 2"
                  groupDN="group_distinguished_name"/>
             
            </groups>
        </ldapAdapter>
        -->
    </identity>

Any other ideas about what the problem might be?

Thanks,
Robin
0 Kudos
EoinRyan
by
New Contributor
‎02-07-2012 03:53 AM
Hi Robin,
If you open your gpt.xml in a web browser does it display okay?
0 Kudos
RobinBoyle
by
New Contributor II
‎02-07-2012 04:06 AM
Yes, the LDAP section is correctly commented-out and the Simple Authentication section is fine.
0 Kudos
EoinRyan
by
New Contributor
‎02-07-2012 04:53 AM
Yes, the LDAP section is correctly commented-out and the Simple Authentication section is fine.

you could try removing whole ldapAdapter section rather than commenting it out in the xml?
0 Kudos
CliveReece
by Esri Contributor
Esri Contributor
‎02-07-2012 05:17 AM
Robin,

Can you stop Tomcat.  Clear out (delete) your old log files.  Then start Tomcat again and when you get to the "LDAP connection" error, grab the log file (e.g. gpt.2012-02-07.log) and attach it in your next reply so we can have a look at the error messages?

Adding the copy of your gpt.xml might help as well.
0 Kudos
RobinBoyle
by
New Contributor II
‎02-07-2012 06:38 AM
Eoin and Clive,

Good news: it's working now!
I deleted the catalina.2012-02-07.log and gpt.2012-02-07.log files, restarted Tomcat.

I think the issue may be down to something not quite right in the gpt.xml file and even though I changed it, perhaps something dodgy with the log files and the fact I didn't restart Tomcat meant it wasn't getting the change through.

Thank you so much for your input - I am very grateful.

Robin
0 Kudos
CliveReece
by Esri Contributor
Esri Contributor
‎02-07-2012 06:43 AM
Great news Robin.  Yes, you can change .jsp files and the changes should show up in the web app (IFF you clear your browser cache).  However, change a configuration file like gpt.xml or gpt.properties and you need to restart the web container (e.g. Tomcat).  Sometimes you also need to clear Tomcat's working cache (folder Tomcat\work\Catalina).
0 Kudos