AB
Al Bersch
Tue, Aug 6, 2013 5:22 PM
Hello all,
I created a new tenant (called omca) and successfully ran all the mvn and ant commands to deploy the ui, applications, and services layers. When I get to the login page for our new tenant, and use the login I set when making changes to the local-{your_museum}-settings.xml file (for us, it's local-omca-settings.xml), I get a message telling me I have an invalid email/password combination. I've looked in previous "talk" conversations, but can't find the solution - anyone know what might be up? I can successfully log into the core tenant using admin@core.collectionspace.org.
Thanks,
Al
Al Bersch
Digital Project Coordinator
Oakland Museum of California
1000 Oak Street, Oakland, CA 94607
abersch@museumca.org
510-318-8468
Hello all,
I created a new tenant (called omca) and successfully ran all the mvn and ant commands to deploy the ui, applications, and services layers. When I get to the login page for our new tenant, and use the login I set when making changes to the local-{your_museum}-settings.xml file (for us, it's local-omca-settings.xml), I get a message telling me I have an invalid email/password combination. I've looked in previous "talk" conversations, but can't find the solution - anyone know what might be up? I can successfully log into the core tenant using admin@core.collectionspace.org.
Thanks,
Al
Al Bersch
Digital Project Coordinator
Oakland Museum of California
1000 Oak Street, Oakland, CA 94607
abersch@museumca.org
510-318-8468
AR
Aron Roberts
Tue, Aug 6, 2013 5:46 PM
First place to look: what errors are you seeing in server log files,
timestamped at the time of the failed login attempt?
You might start with (both in $CSPACE_JEESERVER_HOME/logs):
cspace-services.log
cspace-app.log
Error message(s) in those logfiles, particularly cspace-services.log,
may help identify the issue.
Second, does the 'standard' login using the default administrator user
account, admin@yourtenant... succeed, if you use the default password,
'Administrator'?
Third, you might use a PostgreSQL client, like the command-line 'psql'
or a GUI utility, to take a look at the 'users' table, to verify that
a) the name of your tenant's default admin user account is what you
expect and b) the password was in fact changed from the default.
e.g. from a Linux shell prompt:
psql -U postgres
(At the 'Password for user postgres:' prompt, enter the password for
the 'postgres' database user; e.g. from 'echo $DB_PASSWORD')
(at successive prompts, enter:)
\c cspace
select username, passwd from users;
(when done, to quit psql, enter:)
\q
Make sure that a) the admin username for your tenant is what you
expect and b) the (hashed) password for that account is different from
the 'admin@core.collectionspace.org' user.
There can be a variety of other reasons for a failed login, but this
may help identify (or rule out) some obvious possibilities.
Aron
On Tue, Aug 6, 2013 at 10:22 AM, Al Bersch abersch@museumca.org wrote:
Hello all,
I created a new tenant (called omca) and successfully ran all the mvn and
ant commands to deploy the ui, applications, and services layers. When I
get to the login page for our new tenant, and use the login I set when
making changes to the local-{your_museum}-settings.xml file (for us, it's
local-omca-settings.xml), I get a message telling me I have an invalid
email/password combination. I've looked in previous "talk" conversations,
but can't find the solution - anyone know what might be up? I can
successfully log into the core tenant using admin@core.collectionspace.org.
Thanks,
Al
Al Bersch
Digital Project Coordinator
Oakland Museum of California
1000 Oak Street, Oakland, CA 94607
abersch@museumca.org
510-318-8468
Talk mailing list
Talk@lists.collectionspace.org
http://lists.collectionspace.org/mailman/listinfo/talk_lists.collectionspace.org
First place to look: what errors are you seeing in server log files,
timestamped at the time of the failed login attempt?
You might start with (both in $CSPACE_JEESERVER_HOME/logs):
cspace-services.log
cspace-app.log
Error message(s) in those logfiles, particularly cspace-services.log,
may help identify the issue.
Second, does the 'standard' login using the default administrator user
account, admin@yourtenant... succeed, if you use the default password,
'Administrator'?
Third, you might use a PostgreSQL client, like the command-line 'psql'
or a GUI utility, to take a look at the 'users' table, to verify that
a) the name of your tenant's default admin user account is what you
expect and b) the password was in fact changed from the default.
e.g. from a Linux shell prompt:
psql -U postgres
(At the 'Password for user postgres:' prompt, enter the password for
the 'postgres' database user; e.g. from 'echo $DB_PASSWORD')
(at successive prompts, enter:)
\c cspace
select username, passwd from users;
(when done, to quit psql, enter:)
\q
Make sure that a) the admin username for your tenant is what you
expect and b) the (hashed) password for that account is different from
the 'admin@core.collectionspace.org' user.
There can be a variety of other reasons for a failed login, but this
may help identify (or rule out) some obvious possibilities.
Aron
On Tue, Aug 6, 2013 at 10:22 AM, Al Bersch <abersch@museumca.org> wrote:
> Hello all,
>
> I created a new tenant (called omca) and successfully ran all the mvn and
> ant commands to deploy the ui, applications, and services layers. When I
> get to the login page for our new tenant, and use the login I set when
> making changes to the local-{your_museum}-settings.xml file (for us, it's
> local-omca-settings.xml), I get a message telling me I have an invalid
> email/password combination. I've looked in previous "talk" conversations,
> but can't find the solution - anyone know what might be up? I can
> successfully log into the core tenant using admin@core.collectionspace.org.
>
> Thanks,
>
> Al
>
> Al Bersch
> Digital Project Coordinator
> Oakland Museum of California
> 1000 Oak Street, Oakland, CA 94607
> abersch@museumca.org
> 510-318-8468
>
> _______________________________________________
> Talk mailing list
> Talk@lists.collectionspace.org
> http://lists.collectionspace.org/mailman/listinfo/talk_lists.collectionspace.org
>
JM
Jesse Martinez
Wed, Aug 7, 2013 4:22 PM
Can you log into the default core or lifesci tenants? If you can then it is
probably a configuration settings for your omca tenant. If you can't then
it may be a service or app layer issue.
A good point of interest is to check the tenant-bindings configuration file
in the services layer.
The deployed copy of this file should be located at:
/usr/local/share/apache-tomcat-6.0.33/cspace/config/services/tenants/omca/
A good thing to check is if the tenant-bindings.delta additions/changes are
also present in the tenant-bindings.merged file. But also merged into the
correct places. (This is important!)
On Tue, Aug 6, 2013 at 1:46 PM, Aron Roberts aron@socrates.berkeley.eduwrote:
First place to look: what errors are you seeing in server log files,
timestamped at the time of the failed login attempt?
You might start with (both in $CSPACE_JEESERVER_HOME/logs):
cspace-services.log
cspace-app.log
Error message(s) in those logfiles, particularly cspace-services.log,
may help identify the issue.
Second, does the 'standard' login using the default administrator user
account, admin@yourtenant... succeed, if you use the default password,
'Administrator'?
Third, you might use a PostgreSQL client, like the command-line 'psql'
or a GUI utility, to take a look at the 'users' table, to verify that
a) the name of your tenant's default admin user account is what you
expect and b) the password was in fact changed from the default.
e.g. from a Linux shell prompt:
psql -U postgres
(At the 'Password for user postgres:' prompt, enter the password for
the 'postgres' database user; e.g. from 'echo $DB_PASSWORD')
(at successive prompts, enter:)
\c cspace
select username, passwd from users;
(when done, to quit psql, enter:)
\q
Make sure that a) the admin username for your tenant is what you
expect and b) the (hashed) password for that account is different from
the 'admin@core.collectionspace.org' user.
There can be a variety of other reasons for a failed login, but this
may help identify (or rule out) some obvious possibilities.
Aron
On Tue, Aug 6, 2013 at 10:22 AM, Al Bersch abersch@museumca.org wrote:
Hello all,
I created a new tenant (called omca) and successfully ran all the mvn and
ant commands to deploy the ui, applications, and services layers. When I
get to the login page for our new tenant, and use the login I set when
making changes to the local-{your_museum}-settings.xml file (for us, it's
local-omca-settings.xml), I get a message telling me I have an invalid
email/password combination. I've looked in previous "talk" conversations,
but can't find the solution - anyone know what might be up? I can
successfully log into the core tenant using
Can you log into the default core or lifesci tenants? If you can then it is
probably a configuration settings for your omca tenant. If you can't then
it may be a service or app layer issue.
A good point of interest is to check the tenant-bindings configuration file
in the services layer.
The deployed copy of this file should be located at:
/usr/local/share/apache-tomcat-6.0.33/cspace/config/services/tenants/omca/
A good thing to check is if the tenant-bindings.delta additions/changes are
also present in the tenant-bindings.merged file. But also merged into the
_correct_ places. (This is important!)
- Jesse
On Tue, Aug 6, 2013 at 1:46 PM, Aron Roberts <aron@socrates.berkeley.edu>wrote:
> First place to look: what errors are you seeing in server log files,
> timestamped at the time of the failed login attempt?
>
> You might start with (both in $CSPACE_JEESERVER_HOME/logs):
> cspace-services.log
> cspace-app.log
>
> Error message(s) in those logfiles, particularly cspace-services.log,
> may help identify the issue.
>
> Second, does the 'standard' login using the default administrator user
> account, admin@yourtenant... succeed, if you use the default password,
> 'Administrator'?
>
> Third, you might use a PostgreSQL client, like the command-line 'psql'
> or a GUI utility, to take a look at the 'users' table, to verify that
> a) the name of your tenant's default admin user account is what you
> expect and b) the password was in fact changed from the default.
>
> e.g. from a Linux shell prompt:
> psql -U postgres
> (At the 'Password for user postgres:' prompt, enter the password for
> the 'postgres' database user; e.g. from 'echo $DB_PASSWORD')
> (at successive prompts, enter:)
> \c cspace
> select username, passwd from users;
> (when done, to quit psql, enter:)
> \q
>
> Make sure that a) the admin username for your tenant is what you
> expect and b) the (hashed) password for that account is different from
> the 'admin@core.collectionspace.org' user.
>
> There can be a variety of other reasons for a failed login, but this
> may help identify (or rule out) some obvious possibilities.
>
> Aron
>
> On Tue, Aug 6, 2013 at 10:22 AM, Al Bersch <abersch@museumca.org> wrote:
> > Hello all,
> >
> > I created a new tenant (called omca) and successfully ran all the mvn and
> > ant commands to deploy the ui, applications, and services layers. When I
> > get to the login page for our new tenant, and use the login I set when
> > making changes to the local-{your_museum}-settings.xml file (for us, it's
> > local-omca-settings.xml), I get a message telling me I have an invalid
> > email/password combination. I've looked in previous "talk" conversations,
> > but can't find the solution - anyone know what might be up? I can
> > successfully log into the core tenant using
> admin@core.collectionspace.org.
> >
> > Thanks,
> >
> > Al
> >
> > Al Bersch
> > Digital Project Coordinator
> > Oakland Museum of California
> > 1000 Oak Street, Oakland, CA 94607
> > abersch@museumca.org
> > 510-318-8468
> >
> > _______________________________________________
> > Talk mailing list
> > Talk@lists.collectionspace.org
> >
> http://lists.collectionspace.org/mailman/listinfo/talk_lists.collectionspace.org
> >
>
> _______________________________________________
> Talk mailing list
> Talk@lists.collectionspace.org
>
> http://lists.collectionspace.org/mailman/listinfo/talk_lists.collectionspace.org
>
AB
Al Bersch
Wed, Aug 7, 2013 11:37 PM
Hi all,
thanks for your help! I'm sorry I haven't had time to spend on this today, which is why I haven't gotten back with our progress ... I'll update you as soon as I look in those logs and config files.
Thanks again,
Al
Al Bersch
Digital Project Coordinator
Oakland Museum of California
1000 Oak Street, Oakland, CA 94607
abersch@museumca.org
510-318-8468
----- Original Message -----
From: "Jesse Martinez" mjesse@gmail.com
To: "Aron Roberts" aron@socrates.berkeley.edu
Cc: "Al Bersch" abersch@museumca.org, "talk" talk@lists.collectionspace.org, "rescamilla" rescamilla@museumca.org
Sent: Wednesday, August 7, 2013 9:22:17 AM
Subject: Re: [Talk] Invalid email/password combination logging into new tenant
Can you log into the default core or lifesci tenants? If you can then it is probably a configuration settings for your omca tenant. If you can't then it may be a service or app layer issue.
A good point of interest is to check the tenant-bindings configuration file in the services layer.
The deployed copy of this file should be located at:
/usr/local/share/apache-tomcat-6.0.33/cspace/config/services/tenants/omca/
A good thing to check is if the tenant-bindings.delta additions/changes are also present in the tenant-bindings.merged file. But also merged into the correct places. (This is important!)
On Tue, Aug 6, 2013 at 1:46 PM, Aron Roberts < aron@socrates.berkeley.edu > wrote:
First place to look: what errors are you seeing in server log files,
timestamped at the time of the failed login attempt?
You might start with (both in $CSPACE_JEESERVER_HOME/logs):
cspace-services.log
cspace-app.log
Error message(s) in those logfiles, particularly cspace-services.log,
may help identify the issue.
Second, does the 'standard' login using the default administrator user
account, admin@yourtenant... succeed, if you use the default password,
'Administrator'?
Third, you might use a PostgreSQL client, like the command-line 'psql'
or a GUI utility, to take a look at the 'users' table, to verify that
a) the name of your tenant's default admin user account is what you
expect and b) the password was in fact changed from the default.
e.g. from a Linux shell prompt:
psql -U postgres
(At the 'Password for user postgres:' prompt, enter the password for
the 'postgres' database user; e.g. from 'echo $DB_PASSWORD')
(at successive prompts, enter:)
\c cspace
select username, passwd from users;
(when done, to quit psql, enter:)
\q
Make sure that a) the admin username for your tenant is what you
expect and b) the (hashed) password for that account is different from
the ' admin@core.collectionspace.org ' user.
There can be a variety of other reasons for a failed login, but this
may help identify (or rule out) some obvious possibilities.
Aron
On Tue, Aug 6, 2013 at 10:22 AM, Al Bersch < abersch@museumca.org > wrote:
Hello all,
I created a new tenant (called omca) and successfully ran all the mvn and
ant commands to deploy the ui, applications, and services layers. When I
get to the login page for our new tenant, and use the login I set when
making changes to the local-{your_museum}-settings.xml file (for us, it's
local-omca-settings.xml), I get a message telling me I have an invalid
email/password combination. I've looked in previous "talk" conversations,
but can't find the solution - anyone know what might be up? I can
successfully log into the core tenant using admin@core.collectionspace.org .
Thanks,
Al
Al Bersch
Digital Project Coordinator
Oakland Museum of California
1000 Oak Street, Oakland, CA 94607
abersch@museumca.org
510-318-8468
Talk mailing list
Talk@lists.collectionspace.org
http://lists.collectionspace.org/mailman/listinfo/talk_lists.collectionspace.org
Hi all,
thanks for your help! I'm sorry I haven't had time to spend on this today, which is why I haven't gotten back with our progress ... I'll update you as soon as I look in those logs and config files.
Thanks again,
Al
Al Bersch
Digital Project Coordinator
Oakland Museum of California
1000 Oak Street, Oakland, CA 94607
abersch@museumca.org
510-318-8468
----- Original Message -----
From: "Jesse Martinez" <mjesse@gmail.com>
To: "Aron Roberts" <aron@socrates.berkeley.edu>
Cc: "Al Bersch" <abersch@museumca.org>, "talk" <talk@lists.collectionspace.org>, "rescamilla" <rescamilla@museumca.org>
Sent: Wednesday, August 7, 2013 9:22:17 AM
Subject: Re: [Talk] Invalid email/password combination logging into new tenant
Can you log into the default core or lifesci tenants? If you can then it is probably a configuration settings for your omca tenant. If you can't then it may be a service or app layer issue.
A good point of interest is to check the tenant-bindings configuration file in the services layer.
The deployed copy of this file should be located at:
/usr/local/share/apache-tomcat-6.0.33/cspace/config/services/tenants/omca/
A good thing to check is if the tenant-bindings.delta additions/changes are also present in the tenant-bindings.merged file. But also merged into the _correct_ places. (This is important!)
- Jesse
On Tue, Aug 6, 2013 at 1:46 PM, Aron Roberts < aron@socrates.berkeley.edu > wrote:
First place to look: what errors are you seeing in server log files,
timestamped at the time of the failed login attempt?
You might start with (both in $CSPACE_JEESERVER_HOME/logs):
cspace-services.log
cspace-app.log
Error message(s) in those logfiles, particularly cspace-services.log,
may help identify the issue.
Second, does the 'standard' login using the default administrator user
account, admin@yourtenant... succeed, if you use the default password,
'Administrator'?
Third, you might use a PostgreSQL client, like the command-line 'psql'
or a GUI utility, to take a look at the 'users' table, to verify that
a) the name of your tenant's default admin user account is what you
expect and b) the password was in fact changed from the default.
e.g. from a Linux shell prompt:
psql -U postgres
(At the 'Password for user postgres:' prompt, enter the password for
the 'postgres' database user; e.g. from 'echo $DB_PASSWORD')
(at successive prompts, enter:)
\c cspace
select username, passwd from users;
(when done, to quit psql, enter:)
\q
Make sure that a) the admin username for your tenant is what you
expect and b) the (hashed) password for that account is different from
the ' admin@core.collectionspace.org ' user.
There can be a variety of other reasons for a failed login, but this
may help identify (or rule out) some obvious possibilities.
Aron
On Tue, Aug 6, 2013 at 10:22 AM, Al Bersch < abersch@museumca.org > wrote:
> Hello all,
>
> I created a new tenant (called omca) and successfully ran all the mvn and
> ant commands to deploy the ui, applications, and services layers. When I
> get to the login page for our new tenant, and use the login I set when
> making changes to the local-{your_museum}-settings.xml file (for us, it's
> local-omca-settings.xml), I get a message telling me I have an invalid
> email/password combination. I've looked in previous "talk" conversations,
> but can't find the solution - anyone know what might be up? I can
> successfully log into the core tenant using admin@core.collectionspace.org .
>
> Thanks,
>
> Al
>
> Al Bersch
> Digital Project Coordinator
> Oakland Museum of California
> 1000 Oak Street, Oakland, CA 94607
> abersch@museumca.org
> 510-318-8468
>
> _______________________________________________
> Talk mailing list
> Talk@lists.collectionspace.org
> http://lists.collectionspace.org/mailman/listinfo/talk_lists.collectionspace.org
>
_______________________________________________
Talk mailing list
Talk@lists.collectionspace.org
http://lists.collectionspace.org/mailman/listinfo/talk_lists.collectionspace.org
AB
Al Bersch
Mon, Aug 12, 2013 11:27 PM
Hi Jesse, Aron, and all:
Thanks again for your hlep. I looked at the logs, but I'm not sure exactly what they are telling me.
I tried logging into my tenant (omca) with the default password and the user I set up (admin@museumca.org), but did not have any luck.
I AM able to login to the core and lifesci clients.
looking up the usernames and passwrd in psql utility, the username I set up appears correctly (admin@museumca.org), but the hashed password still matches the password also listed for lifesci and core tenants.
When I look in the merged-settings.xml_local-omca-settings.xml-.xml file in $CSPACE_JEESERVER_HOME/temp, it shows my username and password correctly.
Looking at the tenant-bindings files, it looks like information in tenant-bindings.delta.xml matches that in tenant-bindings.merged.xml, but I'm not sure if it's in the same place, or if it is complete. I pasted that info below the logs.
Thanks again,
Al
From cspace-services.log:
2013-08-12 21:51:25,587 ERROR [main] [org.collectionspace.services.common.config.ConfigUtils:51] No domain name was specified on call to getRepositoryName() method.
2013-08-12 21:51:25,587 ERROR [main] [org.collectionspace.services.common.config.ConfigUtils:51] No domain name was specified on call to getRepositoryName() method.
2013-08-12 21:51:25,588 ERROR [main] [org.collectionspace.services.common.config.ConfigUtils:51] No domain name was specified on call to getRepositoryName() method.
2013-08-12 21:51:25,588 ERROR [main] [org.collectionspace.services.common.config.ConfigUtils:51] No domain name was specified on call to getRepositoryName() method.
2013-08-12 21:51:25,589 ERROR [main] [org.collectionspace.services.common.config.ConfigUtils:51] No domain name was specified on call to getRepositoryName() method.
2013-08-12 21:51:25,589 ERROR [main] [org.collectionspace.services.common.config.ConfigUtils:51] No domain name was specified on call to getRepositoryName() method.
2013-08-12 21:51:25,589 ERROR [main] [org.collectionspace.services.common.config.ConfigUtils:51] No domain name was specified on call to getRepositoryName() method.
2013-08-12 21:51:25,872 DEBUG [main] [org.collectionspace.services.client.AbstractServiceClientImpl:269] readProperties() using url=http://localhost:8180/cspace-services/
2013-08-12 21:51:25,873 DEBUG [main] [org.collectionspace.services.client.AbstractServiceClientImpl:323] setupHttpClient() using url=http://localhost:8180/cspace-services/ user=admin@core.collectionspace.org password=Administrator
2013-08-12 21:51:25,875 DEBUG [main] [org.collectionspace.services.client.AbstractServiceClientImpl:334] setupHttpClient: set preemptive authentication
2013-08-12 21:51:29,995 DEBUG [http-8180-2] [org.collectionspace.authentication.realm.db.CSpaceDbRealm:144] Executing query: select passwd from users where username=?, with username: admin@museumca.org
2013-08-12 21:51:29,999 DEBUG [http-8180-2] [org.collectionspace.authentication.jaas.CSpaceJBossDBLoginModule:79] Obtained user password for: admin@museumca.org
2013-08-12 21:50:07,908 INFO [http-8180-4] [org.apache.commons.httpclient.HttpMethodDirector:722] Failure authenticating with BASIC 'org.collectionspace.services'@198.74.51.203:8180
2013-08-12 21:50:07,908 ERROR [http-8180-4] [org.collectionspace.chain.csp.persistence.services.connection.ReturnedDocument:39] Got error : <html><head><title>Apache Tomcat/6.0.33 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 401 - Password Incorrect/Password Required</h1><HR size="1" noshade="noshade"><p><b>type</b> Status report</p><p><b>message</b> <u>Password Incorrect/Password Required</u></p><p><b>description</b> <u>This request requires HTTP authentication (Password Incorrect/Password Required).</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/6.0.33</h3></body></html>
2013-08-12 21:51:27,914 INFO [http-8180-1] [org.collectionspace.chain.csp.config.impl.parser.AssemblingContentHandler:156] XMLMerge result output to: /usr/local/share/apache-tomcat-6.0.33/temp/merged-settings.xml_local-omca-settings.xml-.xml
2013-08-12 21:51:30,010 INFO [http-8180-1] [org.apache.commons.httpclient.HttpMethodDirector:722] Failure authenticating with BASIC 'org.collectionspace.services'@198.74.51.203:8180
2013-08-12 21:51:30,012 ERROR [http-8180-1] [org.collectionspace.chain.csp.persistence.services.connection.ReturnedDocument:39] Got error : <html><head><title>Apache Tomcat/6.0.33 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 401 - Password Incorrect/Password Required</h1><HR size="1" noshade="noshade"><p><b>type</b> Status report</p><p><b>message</b> <u>Password Incorrect/Password Required</u></p><p><b>description</b> <u>This request requires HTTP authentication (Password Incorrect/Password Required).</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/6.0.33</h3></body></html>
2013-08-12 21:51:30,158 INFO [http-8180-1] [org.collectionspace.chain.csp.config.impl.parser.AssemblingContentHandler:156] XMLMerge result output to: /usr/local/share/apache-tomcat-6.0.33/temp/merged-settings.xml_local-omca-settings.xml-.xml
2013-08-12 21:51:31,306 INFO [net.sf.ehcache.CacheManager@1b6ab7e] [net.sf.ehcache.util.UpdateChecker:98] New update(s) found: 2.6.5 [http://www.terracotta.org/confluence/display/release/Release+Notes+Ehcache+Core+2.6]. Please check http://ehcache.org for the latest version.
tenant-bindings.delta.xml:
<?xml version="1.0" encoding="UTF-8"?>
<tenant:TenantBindingConfig
xmlns:merge='http://xmlmerge.el4j.elca.ch'
xmlns:tenant='http://collectionspace.org/services/config/tenant'>
<tenant:tenantBinding id="5" name="museumca.org" displayName="Oakland Museum of California" version="0.1">
<tenant:repositoryDomain name="default-domain" storageName="omca-domain" repositoryClient="nuxeo-java" />
</tenant:tenantBinding>
</tenant:TenantBindingConfig>
tenant-bindings.merged.xml:
<?xml version="1.0" encoding="UTF-8"?>
<!--
Copyright: Regents of the University of California 2012
Document : tenants-bindings.xml
Description: Prototype tenant bindings, specifying the default services
layer configuration for a generic, out-of-the-box tenant.
These prototype bindings are merged with 'delta' bindings
specifying the differences from the prototype configuration
for each actual tenant, resulting in 'merged' bindings
for that tenant.
$LastChangedRevision$
$LastChangedDate$
-->
<tenant:TenantBindingConfig xmlns:tenant="http://collectionspace.org/services/config/tenant" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://collectionspace.org/services/config/tenant http://collectionspace.org/services/config/tenant.xsd">
<!-- begin prototype collectionspace.org tenant meta-data -->
<tenant:tenantBinding id="5" name="museumca.org" displayName="Oakland Museum of California" version="0.1">
<tenant:repositoryDomain name="default-domain" storageName="omca-domain" repositoryClient="nuxeo-java" />
tenant:properties
<types:item xmlns:types="http://collectionspace.org/services/config/types">
types:keydatePattern</types:key>
types:valueMM/dd/yyyy</types:value>
</types:item>
<types:item xmlns:types="http://collectionspace.org/services/config/types">
types:keydatePattern</types:key>
types:valueMMM dd, yyyy</types:value>
</types:item>
<types:item xmlns:types="http://collectionspace.org/services/config/types">
types:keydatePattern</types:key>
types:valuedd.MM.yyyy</types:value>
</types:item>
<!--
<types:item>
<types:key>datePattern</types:key>
<types:value>dd/MM/yyyy</types:value>
</types:item>
-->
<types:item xmlns:types="http://collectionspace.org/services/config/types">
types:keylocaleLanguage</types:key>
types:valueen</types:value>
</types:item>
<!--
<types:item>
<types:key>localeLanguage</types:key>
<types:value>da</types:value>
"tenant-bindings.merged.xml" 3461L, 227468C 1,1 Top
Al Bersch
Digital Project Coordinator
Oakland Museum of California
1000 Oak Street, Oakland, CA 94607
abersch@museumca.org
510-318-8468
----- Original Message -----
From: "Jesse Martinez" <mjesse@gmail.com>
To: "Aron Roberts" <aron@socrates.berkeley.edu>
Cc: "Al Bersch" <abersch@museumca.org>, "talk" <talk@lists.collectionspace.org>, "rescamilla" <rescamilla@museumca.org>
Sent: Wednesday, August 7, 2013 9:22:17 AM
Subject: Re: [Talk] Invalid email/password combination logging into new tenant
Can you log into the default core or lifesci tenants? If you can then it is probably a configuration settings for your omca tenant. If you can't then it may be a service or app layer issue.
A good point of interest is to check the tenant-bindings configuration file in the services layer.
The deployed copy of this file should be located at:
/usr/local/share/apache-tomcat-6.0.33/cspace/config/services/tenants/omca/
A good thing to check is if the tenant-bindings.delta additions/changes are also present in the tenant-bindings.merged file. But also merged into the _correct_ places. (This is important!)
- Jesse
On Tue, Aug 6, 2013 at 1:46 PM, Aron Roberts < aron@socrates.berkeley.edu > wrote:
First place to look: what errors are you seeing in server log files,
timestamped at the time of the failed login attempt?
You might start with (both in $CSPACE_JEESERVER_HOME/logs):
cspace-services.log
cspace-app.log
Error message(s) in those logfiles, particularly cspace-services.log,
may help identify the issue.
Second, does the 'standard' login using the default administrator user
account, admin@yourtenant... succeed, if you use the default password,
'Administrator'?
Third, you might use a PostgreSQL client, like the command-line 'psql'
or a GUI utility, to take a look at the 'users' table, to verify that
a) the name of your tenant's default admin user account is what you
expect and b) the password was in fact changed from the default.
e.g. from a Linux shell prompt:
psql -U postgres
(At the 'Password for user postgres:' prompt, enter the password for
the 'postgres' database user; e.g. from 'echo $DB_PASSWORD')
(at successive prompts, enter:)
\c cspace
select username, passwd from users;
(when done, to quit psql, enter:)
\q
Make sure that a) the admin username for your tenant is what you
expect and b) the (hashed) password for that account is different from
the ' admin@core.collectionspace.org ' user.
There can be a variety of other reasons for a failed login, but this
may help identify (or rule out) some obvious possibilities.
Aron
On Tue, Aug 6, 2013 at 10:22 AM, Al Bersch < abersch@museumca.org > wrote:
Hello all,
I created a new tenant (called omca) and successfully ran all the mvn and
ant commands to deploy the ui, applications, and services layers. When I
get to the login page for our new tenant, and use the login I set when
making changes to the local-{your_museum}-settings.xml file (for us, it's
local-omca-settings.xml), I get a message telling me I have an invalid
email/password combination. I've looked in previous "talk" conversations,
but can't find the solution - anyone know what might be up? I can
successfully log into the core tenant using admin@core.collectionspace.org .
Thanks,
Al
Al Bersch
Digital Project Coordinator
Oakland Museum of California
1000 Oak Street, Oakland, CA 94607
abersch@museumca.org
510-318-8468
Talk mailing list
Talk@lists.collectionspace.org
http://lists.collectionspace.org/mailman/listinfo/talk_lists.collectionspace.org
Hi Jesse, Aron, and all:
Thanks again for your hlep. I looked at the logs, but I'm not sure exactly what they are telling me.
I tried logging into my tenant (omca) with the default password and the user I set up (admin@museumca.org), but did not have any luck.
I AM able to login to the core and lifesci clients.
looking up the usernames and passwrd in psql utility, the username I set up appears correctly (admin@museumca.org), but the hashed password still matches the password also listed for lifesci and core tenants.
When I look in the merged-settings.xml_local-omca-settings.xml-.xml file in $CSPACE_JEESERVER_HOME/temp, it shows my username and password correctly.
Looking at the tenant-bindings files, it looks like information in tenant-bindings.delta.xml matches that in tenant-bindings.merged.xml, but I'm not sure if it's in the same place, or if it is complete. I pasted that info below the logs.
Thanks again,
Al
>From cspace-services.log:
2013-08-12 21:51:25,587 ERROR [main] [org.collectionspace.services.common.config.ConfigUtils:51] No domain name was specified on call to getRepositoryName() method.
2013-08-12 21:51:25,587 ERROR [main] [org.collectionspace.services.common.config.ConfigUtils:51] No domain name was specified on call to getRepositoryName() method.
2013-08-12 21:51:25,588 ERROR [main] [org.collectionspace.services.common.config.ConfigUtils:51] No domain name was specified on call to getRepositoryName() method.
2013-08-12 21:51:25,588 ERROR [main] [org.collectionspace.services.common.config.ConfigUtils:51] No domain name was specified on call to getRepositoryName() method.
2013-08-12 21:51:25,589 ERROR [main] [org.collectionspace.services.common.config.ConfigUtils:51] No domain name was specified on call to getRepositoryName() method.
2013-08-12 21:51:25,589 ERROR [main] [org.collectionspace.services.common.config.ConfigUtils:51] No domain name was specified on call to getRepositoryName() method.
2013-08-12 21:51:25,589 ERROR [main] [org.collectionspace.services.common.config.ConfigUtils:51] No domain name was specified on call to getRepositoryName() method.
2013-08-12 21:51:25,872 DEBUG [main] [org.collectionspace.services.client.AbstractServiceClientImpl:269] readProperties() using url=http://localhost:8180/cspace-services/
2013-08-12 21:51:25,873 DEBUG [main] [org.collectionspace.services.client.AbstractServiceClientImpl:323] setupHttpClient() using url=http://localhost:8180/cspace-services/ user=admin@core.collectionspace.org password=Administrator
2013-08-12 21:51:25,875 DEBUG [main] [org.collectionspace.services.client.AbstractServiceClientImpl:334] setupHttpClient: set preemptive authentication
2013-08-12 21:51:29,995 DEBUG [http-8180-2] [org.collectionspace.authentication.realm.db.CSpaceDbRealm:144] Executing query: select passwd from users where username=?, with username: admin@museumca.org
2013-08-12 21:51:29,999 DEBUG [http-8180-2] [org.collectionspace.authentication.jaas.CSpaceJBossDBLoginModule:79] Obtained user password for: admin@museumca.org
>From cspace-app.log:
2013-08-12 21:50:07,908 INFO [http-8180-4] [org.apache.commons.httpclient.HttpMethodDirector:722] Failure authenticating with BASIC 'org.collectionspace.services'@198.74.51.203:8180
2013-08-12 21:50:07,908 ERROR [http-8180-4] [org.collectionspace.chain.csp.persistence.services.connection.ReturnedDocument:39] Got error : <html><head><title>Apache Tomcat/6.0.33 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 401 - Password Incorrect/Password Required</h1><HR size="1" noshade="noshade"><p><b>type</b> Status report</p><p><b>message</b> <u>Password Incorrect/Password Required</u></p><p><b>description</b> <u>This request requires HTTP authentication (Password Incorrect/Password Required).</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/6.0.33</h3></body></html>
2013-08-12 21:51:27,914 INFO [http-8180-1] [org.collectionspace.chain.csp.config.impl.parser.AssemblingContentHandler:156] XMLMerge result output to: /usr/local/share/apache-tomcat-6.0.33/temp/merged-settings.xml_local-omca-settings.xml-.xml
2013-08-12 21:51:30,010 INFO [http-8180-1] [org.apache.commons.httpclient.HttpMethodDirector:722] Failure authenticating with BASIC 'org.collectionspace.services'@198.74.51.203:8180
2013-08-12 21:51:30,012 ERROR [http-8180-1] [org.collectionspace.chain.csp.persistence.services.connection.ReturnedDocument:39] Got error : <html><head><title>Apache Tomcat/6.0.33 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 401 - Password Incorrect/Password Required</h1><HR size="1" noshade="noshade"><p><b>type</b> Status report</p><p><b>message</b> <u>Password Incorrect/Password Required</u></p><p><b>description</b> <u>This request requires HTTP authentication (Password Incorrect/Password Required).</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/6.0.33</h3></body></html>
2013-08-12 21:51:30,158 INFO [http-8180-1] [org.collectionspace.chain.csp.config.impl.parser.AssemblingContentHandler:156] XMLMerge result output to: /usr/local/share/apache-tomcat-6.0.33/temp/merged-settings.xml_local-omca-settings.xml-.xml
2013-08-12 21:51:31,306 INFO [net.sf.ehcache.CacheManager@1b6ab7e] [net.sf.ehcache.util.UpdateChecker:98] New update(s) found: 2.6.5 [http://www.terracotta.org/confluence/display/release/Release+Notes+Ehcache+Core+2.6]. Please check http://ehcache.org for the latest version.
tenant-bindings.delta.xml:
<?xml version="1.0" encoding="UTF-8"?>
<tenant:TenantBindingConfig
xmlns:merge='http://xmlmerge.el4j.elca.ch'
xmlns:tenant='http://collectionspace.org/services/config/tenant'>
<tenant:tenantBinding id="5" name="museumca.org" displayName="Oakland Museum of California" version="0.1">
<tenant:repositoryDomain name="default-domain" storageName="omca-domain" repositoryClient="nuxeo-java" />
</tenant:tenantBinding>
</tenant:TenantBindingConfig>
tenant-bindings.merged.xml:
<?xml version="1.0" encoding="UTF-8"?>
<!--
Copyright: Regents of the University of California 2012
Document : tenants-bindings.xml
Description: Prototype tenant bindings, specifying the default services
layer configuration for a generic, out-of-the-box tenant.
These prototype bindings are merged with 'delta' bindings
specifying the differences from the prototype configuration
for each actual tenant, resulting in 'merged' bindings
for that tenant.
$LastChangedRevision$
$LastChangedDate$
-->
<tenant:TenantBindingConfig xmlns:tenant="http://collectionspace.org/services/config/tenant" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://collectionspace.org/services/config/tenant http://collectionspace.org/services/config/tenant.xsd">
<!-- begin prototype collectionspace.org tenant meta-data -->
<tenant:tenantBinding id="5" name="museumca.org" displayName="Oakland Museum of California" version="0.1">
<tenant:repositoryDomain name="default-domain" storageName="omca-domain" repositoryClient="nuxeo-java" />
<tenant:properties>
<types:item xmlns:types="http://collectionspace.org/services/config/types">
<types:key>datePattern</types:key>
<types:value>MM/dd/yyyy</types:value>
</types:item>
<types:item xmlns:types="http://collectionspace.org/services/config/types">
<types:key>datePattern</types:key>
<types:value>MMM dd, yyyy</types:value>
</types:item>
<types:item xmlns:types="http://collectionspace.org/services/config/types">
<types:key>datePattern</types:key>
<types:value>dd.MM.yyyy</types:value>
</types:item>
<!--
<types:item>
<types:key>datePattern</types:key>
<types:value>dd/MM/yyyy</types:value>
</types:item>
-->
<types:item xmlns:types="http://collectionspace.org/services/config/types">
<types:key>localeLanguage</types:key>
<types:value>en</types:value>
</types:item>
<!--
<types:item>
<types:key>localeLanguage</types:key>
<types:value>da</types:value>
"tenant-bindings.merged.xml" 3461L, 227468C 1,1 Top
Al Bersch
Digital Project Coordinator
Oakland Museum of California
1000 Oak Street, Oakland, CA 94607
abersch@museumca.org
510-318-8468
----- Original Message -----
From: "Jesse Martinez" <mjesse@gmail.com>
To: "Aron Roberts" <aron@socrates.berkeley.edu>
Cc: "Al Bersch" <abersch@museumca.org>, "talk" <talk@lists.collectionspace.org>, "rescamilla" <rescamilla@museumca.org>
Sent: Wednesday, August 7, 2013 9:22:17 AM
Subject: Re: [Talk] Invalid email/password combination logging into new tenant
Can you log into the default core or lifesci tenants? If you can then it is probably a configuration settings for your omca tenant. If you can't then it may be a service or app layer issue.
A good point of interest is to check the tenant-bindings configuration file in the services layer.
The deployed copy of this file should be located at:
/usr/local/share/apache-tomcat-6.0.33/cspace/config/services/tenants/omca/
A good thing to check is if the tenant-bindings.delta additions/changes are also present in the tenant-bindings.merged file. But also merged into the _correct_ places. (This is important!)
- Jesse
On Tue, Aug 6, 2013 at 1:46 PM, Aron Roberts < aron@socrates.berkeley.edu > wrote:
First place to look: what errors are you seeing in server log files,
timestamped at the time of the failed login attempt?
You might start with (both in $CSPACE_JEESERVER_HOME/logs):
cspace-services.log
cspace-app.log
Error message(s) in those logfiles, particularly cspace-services.log,
may help identify the issue.
Second, does the 'standard' login using the default administrator user
account, admin@yourtenant... succeed, if you use the default password,
'Administrator'?
Third, you might use a PostgreSQL client, like the command-line 'psql'
or a GUI utility, to take a look at the 'users' table, to verify that
a) the name of your tenant's default admin user account is what you
expect and b) the password was in fact changed from the default.
e.g. from a Linux shell prompt:
psql -U postgres
(At the 'Password for user postgres:' prompt, enter the password for
the 'postgres' database user; e.g. from 'echo $DB_PASSWORD')
(at successive prompts, enter:)
\c cspace
select username, passwd from users;
(when done, to quit psql, enter:)
\q
Make sure that a) the admin username for your tenant is what you
expect and b) the (hashed) password for that account is different from
the ' admin@core.collectionspace.org ' user.
There can be a variety of other reasons for a failed login, but this
may help identify (or rule out) some obvious possibilities.
Aron
On Tue, Aug 6, 2013 at 10:22 AM, Al Bersch < abersch@museumca.org > wrote:
> Hello all,
>
> I created a new tenant (called omca) and successfully ran all the mvn and
> ant commands to deploy the ui, applications, and services layers. When I
> get to the login page for our new tenant, and use the login I set when
> making changes to the local-{your_museum}-settings.xml file (for us, it's
> local-omca-settings.xml), I get a message telling me I have an invalid
> email/password combination. I've looked in previous "talk" conversations,
> but can't find the solution - anyone know what might be up? I can
> successfully log into the core tenant using admin@core.collectionspace.org .
>
> Thanks,
>
> Al
>
> Al Bersch
> Digital Project Coordinator
> Oakland Museum of California
> 1000 Oak Street, Oakland, CA 94607
> abersch@museumca.org
> 510-318-8468
>
> _______________________________________________
> Talk mailing list
> Talk@lists.collectionspace.org
> http://lists.collectionspace.org/mailman/listinfo/talk_lists.collectionspace.org
>
_______________________________________________
Talk mailing list
Talk@lists.collectionspace.org
http://lists.collectionspace.org/mailman/listinfo/talk_lists.collectionspace.org
RL
Ray Lee
Mon, Aug 12, 2013 11:40 PM
Hi Al,
Confusingly, the password you configure in the local-omca-settings.xml file
is not actually what determines what you use to log in. When you create a
new tenant, you have to log in using the username you configure, and the
password "Administrator". The first thing you should then do is go to the
Admin tab in the UI, and change the password.
After you've done that (and confirmed that you can log in using the new
password), you should edit local-omca-settings.xml, and put in the password
you set via the UI. That setting allows the app layer to obtain admin
privileges when the logged in user is not an admin user. For example, the
automated password reset feature requires this, so that the app layer can
reset a user's password.
Ray
On Mon, Aug 12, 2013 at 4:27 PM, Al Bersch abersch@museumca.org wrote:
Hi Jesse, Aron, and all:
Thanks again for your hlep. I looked at the logs, but I'm not sure exactly
what they are telling me.
I tried logging into my tenant (omca) with the default password and the
user I set up (admin@museumca.org), but did not have any luck.
I AM able to login to the core and lifesci clients.
looking up the usernames and passwrd in psql utility, the username I set
up appears correctly (admin@museumca.org), but the hashed password still
matches the password also listed for lifesci and core tenants.
When I look in the merged-settings.xml_local-omca-settings.xml-.xml file
in $CSPACE_JEESERVER_HOME/temp, it shows my username and password correctly.
Looking at the tenant-bindings files, it looks like information in
tenant-bindings.delta.xml matches that in tenant-bindings.merged.xml, but
I'm not sure if it's in the same place, or if it is complete. I pasted that
info below the logs.
Thanks again,
Al
From cspace-services.log:
2013-08-12 21:51:25,587 ERROR [main]
[org.collectionspace.services.common.config.ConfigUtils:51] No domain name
was specified on call to getRepositoryName() method.
2013-08-12 21:51:25,587 ERROR [main]
[org.collectionspace.services.common.config.ConfigUtils:51] No domain name
was specified on call to getRepositoryName() method.
2013-08-12 21:51:25,588 ERROR [main]
[org.collectionspace.services.common.config.ConfigUtils:51] No domain name
was specified on call to getRepositoryName() method.
2013-08-12 21:51:25,588 ERROR [main]
[org.collectionspace.services.common.config.ConfigUtils:51] No domain name
was specified on call to getRepositoryName() method.
2013-08-12 21:51:25,589 ERROR [main]
[org.collectionspace.services.common.config.ConfigUtils:51] No domain name
was specified on call to getRepositoryName() method.
2013-08-12 21:51:25,589 ERROR [main]
[org.collectionspace.services.common.config.ConfigUtils:51] No domain name
was specified on call to getRepositoryName() method.
2013-08-12 21:51:25,589 ERROR [main]
[org.collectionspace.services.common.config.ConfigUtils:51] No domain name
was specified on call to getRepositoryName() method.
2013-08-12 21:51:25,872 DEBUG [main]
[org.collectionspace.services.client.AbstractServiceClientImpl:269]
readProperties() using url=http://localhost:8180/cspace-services/
2013-08-12 21:51:25,873 DEBUG [main]
[org.collectionspace.services.client.AbstractServiceClientImpl:323]
setupHttpClient() using url=http://localhost:8180/cspace-services/ user=
admin@core.collectionspace.org password=Administrator
2013-08-12 21:51:25,875 DEBUG [main]
[org.collectionspace.services.client.AbstractServiceClientImpl:334]
setupHttpClient: set preemptive authentication
2013-08-12 21:51:29,995 DEBUG [http-8180-2]
[org.collectionspace.authentication.realm.db.CSpaceDbRealm:144] Executing
query: select passwd from users where username=?, with username:
admin@museumca.org
2013-08-12 21:51:29,999 DEBUG [http-8180-2]
[org.collectionspace.authentication.jaas.CSpaceJBossDBLoginModule:79]
Obtained user password for: admin@museumca.org
From cspace-app.log:
2013-08-12 21:50:07,908 INFO [http-8180-4]
[org.apache.commons.httpclient.HttpMethodDirector:722] Failure
authenticating with BASIC '
org.collectionspace.services'@198.74.51.203:8180
2013-08-12 21:50:07,908 ERROR [http-8180-4]
[org.collectionspace.chain.csp.persistence.services.connection.ReturnedDocument:39]
Got error : <html><head><title>Apache Tomcat/6.0.33 - Error
report</title><style><!--H1
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;}
H2
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;}
H3
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;}
BODY
{font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;}
P
{font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A
{color : black;}A.name {color : black;}HR {color : #525D76;}--></style>
</head><body><h1>HTTP Status 401 - Password Incorrect/Password
Required</h1><HR size="1" noshade="noshade"><p><b>type</b> Status
report</p><p><b>message</b> <u>Password Incorrect/Password
Required</u></p><p><b>description</b> <u>This request requires HTTP
authentication (Password Incorrect/Password Required).</u></p><HR size="1"
noshade="noshade"><h3>Apache Tomcat/6.0.33</h3></body></html>
2013-08-12 21:51:27,914 INFO [http-8180-1]
[org.collectionspace.chain.csp.config.impl.parser.AssemblingContentHandler:156]
XMLMerge result output to:
/usr/local/share/apache-tomcat-6.0.33/temp/merged-settings.xml_local-omca-settings.xml-.xml
2013-08-12 21:51:30,010 INFO [http-8180-1]
[org.apache.commons.httpclient.HttpMethodDirector:722] Failure
authenticating with BASIC '
org.collectionspace.services'@198.74.51.203:8180
2013-08-12 21:51:30,012 ERROR [http-8180-1]
[org.collectionspace.chain.csp.persistence.services.connection.ReturnedDocument:39]
Got error : <html><head><title>Apache Tomcat/6.0.33 - Error
report</title><style><!--H1
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;}
H2
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;}
H3
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;}
BODY
{font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;}
P
{font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A
{color : black;}A.name {color : black;}HR {color : #525D76;}--></style>
</head><body><h1>HTTP Status 401 - Password Incorrect/Password
Required</h1><HR size="1" noshade="noshade"><p><b>type</b> Status
report</p><p><b>message</b> <u>Password Incorrect/Password
Required</u></p><p><b>description</b> <u>This request requires HTTP
authentication (Password Incorrect/Password Required).</u></p><HR size="1"
noshade="noshade"><h3>Apache Tomcat/6.0.33</h3></body></html>
2013-08-12 21:51:30,158 INFO [http-8180-1]
[org.collectionspace.chain.csp.config.impl.parser.AssemblingContentHandler:156]
XMLMerge result output to:
/usr/local/share/apache-tomcat-6.0.33/temp/merged-settings.xml_local-omca-settings.xml-.xml
2013-08-12 21:51:31,306 INFO [net.sf.ehcache.CacheManager@1b6ab7e]
[net.sf.ehcache.util.UpdateChecker:98] New update(s) found: 2.6.5 [
http://www.terracotta.org/confluence/display/release/Release+Notes+Ehcache+Core+2.6].
Please check http://ehcache.org for the latest version.
tenant-bindings.delta.xml:
<?xml version="1.0" encoding="UTF-8"?>
<tenant:TenantBindingConfig
xmlns:merge='http://xmlmerge.el4j.elca.ch'
xmlns:tenant='http://collectionspace.org/services/config/tenant'>
<tenant:tenantBinding id="5" name="museumca.org" displayName="Oakland
Museum of California" version="0.1">
<tenant:repositoryDomain name="default-domain"
storageName="omca-domain" repositoryClient="nuxeo-java" />
</tenant:tenantBinding>
</tenant:TenantBindingConfig>
tenant-bindings.merged.xml:
<?xml version="1.0" encoding="UTF-8"?>
<!--
Copyright: Regents of the University of California 2012
Document : tenants-bindings.xml
Description: Prototype tenant bindings, specifying the default services
layer configuration for a generic, out-of-the-box tenant.
These prototype bindings are merged with 'delta' bindings
specifying the differences from the prototype
configuration
for each actual tenant, resulting in 'merged' bindings
for that tenant.
$LastChangedRevision$
$LastChangedDate$
-->
<tenant:TenantBindingConfig xmlns:tenant="
http://collectionspace.org/services/config/tenant" xmlns:xsi="
http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="
http://collectionspace.org/services/config/tenant
http://collectionspace.org/services/config/tenant.xsd">
<!-- begin prototype collectionspace.org tenant meta-data -->
<tenant:tenantBinding id="5" name="museumca.org" displayName="Oakland
Museum of California" version="0.1">
<tenant:repositoryDomain name="default-domain"
storageName="omca-domain" repositoryClient="nuxeo-java" />
<tenant:properties>
<types:item xmlns:types="
http://collectionspace.org/services/config/types">
<types:key>datePattern</types:key>
<types:value>MM/dd/yyyy</types:value>
</types:item>
<types:item xmlns:types="
http://collectionspace.org/services/config/types">
<types:key>datePattern</types:key>
<types:value>MMM dd, yyyy</types:value>
</types:item>
<types:item xmlns:types="
http://collectionspace.org/services/config/types">
<types:key>datePattern</types:key>
<types:value>dd.MM.yyyy</types:value>
</types:item>
<!--
<types:item>
<types:key>datePattern</types:key>
<types:value>dd/MM/yyyy</types:value>
</types:item>
-->
<types:item xmlns:types="
http://collectionspace.org/services/config/types">
<types:key>localeLanguage</types:key>
<types:value>en</types:value>
</types:item>
<!--
<types:item>
<types:key>localeLanguage</types:key>
<types:value>da</types:value>
"tenant-bindings.merged.xml" 3461L, 227468C
1,1 Top
Al Bersch
Digital Project Coordinator
Oakland Museum of California
1000 Oak Street, Oakland, CA 94607
abersch@museumca.org
510-318-8468
*From: *"Jesse Martinez" mjesse@gmail.com
*To: *"Aron Roberts" aron@socrates.berkeley.edu
*Cc: *"Al Bersch" abersch@museumca.org, "talk" <
talk@lists.collectionspace.org>, "rescamilla" rescamilla@museumca.org
*Sent: *Wednesday, August 7, 2013 9:22:17 AM
*Subject: *Re: [Talk] Invalid email/password combination logging into new
tenant
Can you log into the default core or lifesci tenants? If you can then it
is probably a configuration settings for your omca tenant. If you can't
then it may be a service or app layer issue.
A good point of interest is to check the tenant-bindings configuration
file in the services layer.
The deployed copy of this file should be located at:
/usr/local/share/apache-tomcat-6.0.33/cspace/config/services/tenants/omca/
A good thing to check is if the tenant-bindings.delta additions/changes
are also present in the tenant-bindings.merged file. But also merged into
the correct places. (This is important!)
On Tue, Aug 6, 2013 at 1:46 PM, Aron Roberts aron@socrates.berkeley.eduwrote:
First place to look: what errors are you seeing in server log files,
timestamped at the time of the failed login attempt?
You might start with (both in $CSPACE_JEESERVER_HOME/logs):
cspace-services.log
cspace-app.log
Error message(s) in those logfiles, particularly cspace-services.log,
may help identify the issue.
Second, does the 'standard' login using the default administrator user
account, admin@yourtenant... succeed, if you use the default password,
'Administrator'?
Third, you might use a PostgreSQL client, like the command-line 'psql'
or a GUI utility, to take a look at the 'users' table, to verify that
a) the name of your tenant's default admin user account is what you
expect and b) the password was in fact changed from the default.
e.g. from a Linux shell prompt:
psql -U postgres
(At the 'Password for user postgres:' prompt, enter the password for
the 'postgres' database user; e.g. from 'echo $DB_PASSWORD')
(at successive prompts, enter:)
\c cspace
select username, passwd from users;
(when done, to quit psql, enter:)
\q
Make sure that a) the admin username for your tenant is what you
expect and b) the (hashed) password for that account is different from
the 'admin@core.collectionspace.org' user.
There can be a variety of other reasons for a failed login, but this
may help identify (or rule out) some obvious possibilities.
Aron
On Tue, Aug 6, 2013 at 10:22 AM, Al Bersch abersch@museumca.org wrote:
Hello all,
I created a new tenant (called omca) and successfully ran all the mvn
ant commands to deploy the ui, applications, and services layers. When
get to the login page for our new tenant, and use the login I set when
making changes to the local-{your_museum}-settings.xml file (for us,
local-omca-settings.xml), I get a message telling me I have an invalid
email/password combination. I've looked in previous "talk"
but can't find the solution - anyone know what might be up? I can
successfully log into the core tenant using
Hi Al,
Confusingly, the password you configure in the local-omca-settings.xml file
is not actually what determines what you use to log in. When you create a
new tenant, you have to log in using the username you configure, and the
password "Administrator". The first thing you should then do is go to the
Admin tab in the UI, and change the password.
After you've done that (and confirmed that you can log in using the new
password), you should edit local-omca-settings.xml, and put in the password
you set via the UI. That setting allows the app layer to obtain admin
privileges when the logged in user is not an admin user. For example, the
automated password reset feature requires this, so that the app layer can
reset a user's password.
Ray
On Mon, Aug 12, 2013 at 4:27 PM, Al Bersch <abersch@museumca.org> wrote:
> Hi Jesse, Aron, and all:
>
> Thanks again for your hlep. I looked at the logs, but I'm not sure exactly
> what they are telling me.
>
> I tried logging into my tenant (omca) with the default password and the
> user I set up (admin@museumca.org), but did not have any luck.
>
> I AM able to login to the core and lifesci clients.
>
> looking up the usernames and passwrd in psql utility, the username I set
> up appears correctly (admin@museumca.org), but the hashed password still
> matches the password also listed for lifesci and core tenants.
>
> When I look in the merged-settings.xml_local-omca-settings.xml-.xml file
> in $CSPACE_JEESERVER_HOME/temp, it shows my username and password correctly.
>
> Looking at the tenant-bindings files, it looks like information in
> tenant-bindings.delta.xml matches that in tenant-bindings.merged.xml, but
> I'm not sure if it's in the same place, or if it is complete. I pasted that
> info below the logs.
>
> Thanks again,
>
> Al
>
> *From cspace-services.log:*
>
>
> 2013-08-12 21:51:25,587 ERROR [main]
> [org.collectionspace.services.common.config.ConfigUtils:51] No domain name
> was specified on call to getRepositoryName() method.
>
> 2013-08-12 21:51:25,587 ERROR [main]
> [org.collectionspace.services.common.config.ConfigUtils:51] No domain name
> was specified on call to getRepositoryName() method.
>
> 2013-08-12 21:51:25,588 ERROR [main]
> [org.collectionspace.services.common.config.ConfigUtils:51] No domain name
> was specified on call to getRepositoryName() method.
>
> 2013-08-12 21:51:25,588 ERROR [main]
> [org.collectionspace.services.common.config.ConfigUtils:51] No domain name
> was specified on call to getRepositoryName() method.
>
> 2013-08-12 21:51:25,589 ERROR [main]
> [org.collectionspace.services.common.config.ConfigUtils:51] No domain name
> was specified on call to getRepositoryName() method.
>
> 2013-08-12 21:51:25,589 ERROR [main]
> [org.collectionspace.services.common.config.ConfigUtils:51] No domain name
> was specified on call to getRepositoryName() method.
>
> 2013-08-12 21:51:25,589 ERROR [main]
> [org.collectionspace.services.common.config.ConfigUtils:51] No domain name
> was specified on call to getRepositoryName() method.
>
> 2013-08-12 21:51:25,872 DEBUG [main]
> [org.collectionspace.services.client.AbstractServiceClientImpl:269]
> readProperties() using url=http://localhost:8180/cspace-services/
>
> 2013-08-12 21:51:25,873 DEBUG [main]
> [org.collectionspace.services.client.AbstractServiceClientImpl:323]
> setupHttpClient() using url=http://localhost:8180/cspace-services/ user=
> admin@core.collectionspace.org password=Administrator
>
> 2013-08-12 21:51:25,875 DEBUG [main]
> [org.collectionspace.services.client.AbstractServiceClientImpl:334]
> setupHttpClient: set preemptive authentication
>
> 2013-08-12 21:51:29,995 DEBUG [http-8180-2]
> [org.collectionspace.authentication.realm.db.CSpaceDbRealm:144] Executing
> query: select passwd from users where username=?, with username:
> admin@museumca.org
>
> 2013-08-12 21:51:29,999 DEBUG [http-8180-2]
> [org.collectionspace.authentication.jaas.CSpaceJBossDBLoginModule:79]
> Obtained user password for: admin@museumca.org
>
>
>
> *From cspace-app.log:*
>
>
> 2013-08-12 21:50:07,908 INFO [http-8180-4]
> [org.apache.commons.httpclient.HttpMethodDirector:722] Failure
> authenticating with BASIC '
> org.collectionspace.services'@198.74.51.203:8180
>
> 2013-08-12 21:50:07,908 ERROR [http-8180-4]
> [org.collectionspace.chain.csp.persistence.services.connection.ReturnedDocument:39]
> Got error : <html><head><title>Apache Tomcat/6.0.33 - Error
> report</title><style><!--H1
> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;}
> H2
> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;}
> H3
> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;}
> BODY
> {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B
> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;}
> P
> {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A
> {color : black;}A.name {color : black;}HR {color : #525D76;}--></style>
> </head><body><h1>HTTP Status 401 - Password Incorrect/Password
> Required</h1><HR size="1" noshade="noshade"><p><b>type</b> Status
> report</p><p><b>message</b> <u>Password Incorrect/Password
> Required</u></p><p><b>description</b> <u>This request requires HTTP
> authentication (Password Incorrect/Password Required).</u></p><HR size="1"
> noshade="noshade"><h3>Apache Tomcat/6.0.33</h3></body></html>
>
> 2013-08-12 21:51:27,914 INFO [http-8180-1]
> [org.collectionspace.chain.csp.config.impl.parser.AssemblingContentHandler:156]
> XMLMerge result output to:
> /usr/local/share/apache-tomcat-6.0.33/temp/merged-settings.xml_local-omca-settings.xml-.xml
>
> 2013-08-12 21:51:30,010 INFO [http-8180-1]
> [org.apache.commons.httpclient.HttpMethodDirector:722] Failure
> authenticating with BASIC '
> org.collectionspace.services'@198.74.51.203:8180
>
> 2013-08-12 21:51:30,012 ERROR [http-8180-1]
> [org.collectionspace.chain.csp.persistence.services.connection.ReturnedDocument:39]
> Got error : <html><head><title>Apache Tomcat/6.0.33 - Error
> report</title><style><!--H1
> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;}
> H2
> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;}
> H3
> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;}
> BODY
> {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B
> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;}
> P
> {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A
> {color : black;}A.name {color : black;}HR {color : #525D76;}--></style>
> </head><body><h1>HTTP Status 401 - Password Incorrect/Password
> Required</h1><HR size="1" noshade="noshade"><p><b>type</b> Status
> report</p><p><b>message</b> <u>Password Incorrect/Password
> Required</u></p><p><b>description</b> <u>This request requires HTTP
> authentication (Password Incorrect/Password Required).</u></p><HR size="1"
> noshade="noshade"><h3>Apache Tomcat/6.0.33</h3></body></html>
>
> 2013-08-12 21:51:30,158 INFO [http-8180-1]
> [org.collectionspace.chain.csp.config.impl.parser.AssemblingContentHandler:156]
> XMLMerge result output to:
> /usr/local/share/apache-tomcat-6.0.33/temp/merged-settings.xml_local-omca-settings.xml-.xml
>
> 2013-08-12 21:51:31,306 INFO [net.sf.ehcache.CacheManager@1b6ab7e]
> [net.sf.ehcache.util.UpdateChecker:98] New update(s) found: 2.6.5 [
> http://www.terracotta.org/confluence/display/release/Release+Notes+Ehcache+Core+2.6].
> Please check http://ehcache.org for the latest version.
>
>
> *tenant-bindings.delta.xml:*
>
>
> <?xml version="1.0" encoding="UTF-8"?>
>
> <tenant:TenantBindingConfig
>
> xmlns:merge='http://xmlmerge.el4j.elca.ch'
>
> xmlns:tenant='http://collectionspace.org/services/config/tenant'>
>
>
> <tenant:tenantBinding id="5" name="museumca.org" displayName="Oakland
> Museum of California" version="0.1">
>
> <tenant:repositoryDomain name="default-domain"
> storageName="omca-domain" repositoryClient="nuxeo-java" />
>
> </tenant:tenantBinding>
>
>
> </tenant:TenantBindingConfig>
>
>
> *tenant-bindings.merged.xml:*
>
>
> <?xml version="1.0" encoding="UTF-8"?>
>
> <!--
>
> Copyright: Regents of the University of California 2012
>
> Document : tenants-bindings.xml
>
> Description: Prototype tenant bindings, specifying the default services
>
> layer configuration for a generic, out-of-the-box tenant.
>
> These prototype bindings are merged with 'delta' bindings
>
> specifying the differences from the prototype
> configuration
>
> for each actual tenant, resulting in 'merged' bindings
>
> for that tenant.
>
> $LastChangedRevision$
>
> $LastChangedDate$
>
> -->
>
> <tenant:TenantBindingConfig xmlns:tenant="
> http://collectionspace.org/services/config/tenant" xmlns:xsi="
> http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="
> http://collectionspace.org/services/config/tenant
> http://collectionspace.org/services/config/tenant.xsd">
>
> <!-- begin prototype collectionspace.org tenant meta-data -->
>
> <tenant:tenantBinding id="5" name="museumca.org" displayName="Oakland
> Museum of California" version="0.1">
>
> <tenant:repositoryDomain name="default-domain"
> storageName="omca-domain" repositoryClient="nuxeo-java" />
>
> <tenant:properties>
>
> <types:item xmlns:types="
> http://collectionspace.org/services/config/types">
>
> <types:key>datePattern</types:key>
>
> <types:value>MM/dd/yyyy</types:value>
>
> </types:item>
>
> <types:item xmlns:types="
> http://collectionspace.org/services/config/types">
>
> <types:key>datePattern</types:key>
>
> <types:value>MMM dd, yyyy</types:value>
>
> </types:item>
>
> <types:item xmlns:types="
> http://collectionspace.org/services/config/types">
>
> <types:key>datePattern</types:key>
>
> <types:value>dd.MM.yyyy</types:value>
>
> </types:item>
>
> <!--
>
> <types:item>
>
> <types:key>datePattern</types:key>
>
> <types:value>dd/MM/yyyy</types:value>
>
> </types:item>
>
> -->
>
> <types:item xmlns:types="
> http://collectionspace.org/services/config/types">
>
> <types:key>localeLanguage</types:key>
>
> <types:value>en</types:value>
>
> </types:item>
>
> <!--
>
> <types:item>
>
> <types:key>localeLanguage</types:key>
>
> <types:value>da</types:value>
>
> "tenant-bindings.merged.xml" 3461L, 227468C
> 1,1 Top
>
>
>
>
> Al Bersch
> Digital Project Coordinator
> Oakland Museum of California
> 1000 Oak Street, Oakland, CA 94607
> abersch@museumca.org
> 510-318-8468
> ------------------------------
> *From: *"Jesse Martinez" <mjesse@gmail.com>
> *To: *"Aron Roberts" <aron@socrates.berkeley.edu>
> *Cc: *"Al Bersch" <abersch@museumca.org>, "talk" <
> talk@lists.collectionspace.org>, "rescamilla" <rescamilla@museumca.org>
> *Sent: *Wednesday, August 7, 2013 9:22:17 AM
> *Subject: *Re: [Talk] Invalid email/password combination logging into new
> tenant
>
> Can you log into the default core or lifesci tenants? If you can then it
> is probably a configuration settings for your omca tenant. If you can't
> then it may be a service or app layer issue.
>
> A good point of interest is to check the tenant-bindings configuration
> file in the services layer.
> The deployed copy of this file should be located at:
> /usr/local/share/apache-tomcat-6.0.33/cspace/config/services/tenants/omca/
>
> A good thing to check is if the tenant-bindings.delta additions/changes
> are also present in the tenant-bindings.merged file. But also merged into
> the _correct_ places. (This is important!)
>
> - Jesse
>
>
> On Tue, Aug 6, 2013 at 1:46 PM, Aron Roberts <aron@socrates.berkeley.edu>wrote:
>
>> First place to look: what errors are you seeing in server log files,
>> timestamped at the time of the failed login attempt?
>>
>> You might start with (both in $CSPACE_JEESERVER_HOME/logs):
>> cspace-services.log
>> cspace-app.log
>>
>> Error message(s) in those logfiles, particularly cspace-services.log,
>> may help identify the issue.
>>
>> Second, does the 'standard' login using the default administrator user
>> account, admin@yourtenant... succeed, if you use the default password,
>> 'Administrator'?
>>
>> Third, you might use a PostgreSQL client, like the command-line 'psql'
>> or a GUI utility, to take a look at the 'users' table, to verify that
>> a) the name of your tenant's default admin user account is what you
>> expect and b) the password was in fact changed from the default.
>>
>> e.g. from a Linux shell prompt:
>> psql -U postgres
>> (At the 'Password for user postgres:' prompt, enter the password for
>> the 'postgres' database user; e.g. from 'echo $DB_PASSWORD')
>> (at successive prompts, enter:)
>> \c cspace
>> select username, passwd from users;
>> (when done, to quit psql, enter:)
>> \q
>>
>> Make sure that a) the admin username for your tenant is what you
>> expect and b) the (hashed) password for that account is different from
>> the 'admin@core.collectionspace.org' user.
>>
>> There can be a variety of other reasons for a failed login, but this
>> may help identify (or rule out) some obvious possibilities.
>>
>> Aron
>>
>> On Tue, Aug 6, 2013 at 10:22 AM, Al Bersch <abersch@museumca.org> wrote:
>> > Hello all,
>> >
>> > I created a new tenant (called omca) and successfully ran all the mvn
>> and
>> > ant commands to deploy the ui, applications, and services layers. When
>> I
>> > get to the login page for our new tenant, and use the login I set when
>> > making changes to the local-{your_museum}-settings.xml file (for us,
>> it's
>> > local-omca-settings.xml), I get a message telling me I have an invalid
>> > email/password combination. I've looked in previous "talk"
>> conversations,
>> > but can't find the solution - anyone know what might be up? I can
>> > successfully log into the core tenant using
>> admin@core.collectionspace.org.
>> >
>> > Thanks,
>> >
>> > Al
>> >
>> > Al Bersch
>> > Digital Project Coordinator
>> > Oakland Museum of California
>> > 1000 Oak Street, Oakland, CA 94607
>> > abersch@museumca.org
>> > 510-318-8468
>> >
>> > _______________________________________________
>> > Talk mailing list
>> > Talk@lists.collectionspace.org
>> >
>> http://lists.collectionspace.org/mailman/listinfo/talk_lists.collectionspace.org
>> >
>>
>> _______________________________________________
>> Talk mailing list
>> Talk@lists.collectionspace.org
>>
>> http://lists.collectionspace.org/mailman/listinfo/talk_lists.collectionspace.org
>>
>
>
>
> _______________________________________________
> Talk mailing list
> Talk@lists.collectionspace.org
>
> http://lists.collectionspace.org/mailman/listinfo/talk_lists.collectionspace.org
>
>
AR
Aron Roberts
Tue, Aug 13, 2013 12:01 AM
Thanks, Ray, for this helpful clarification!
Al, thank you very much for the additional reports, as well. Did I
understand correctly that you said that, even when you try logging
into your 'omca' tenant at, say,
http://yourhost:yourport/collectionspace/ui/omca/html/index.html, with
username 'admin@museumca.org' and the default password,
'Administrator', you still get this error? Even after typing the
username and password into a document in a plaintext editor, and then
copying and pasting them into the respective fields in the login
screen, just to help rule out a potentially overlooked typo?
If and only if the answer to both of the questions above is 'yes,' I'm
wondering whether access permissions - the association of user roles
with permissions to read, create, delete, etc. various resources -
were set up correctly for this tenant. If you look in one additional
set of log files, those that start with catalina*, do you see any
errors similar to these about the time that you're attempting to
login? (The permission might not necessarily be #create; this is just
an example ...)
ERROR [org.collectionspace.services.common.security.SecurityInterceptor:171]
Access to 5:someresourcenamehere#create is NOT allowed to
user=admin@museumca.org
If you see messages similar to this around the time of the login
attempt, one thing you might try is dropping and re-creating the
database that holds authorization (AuthZ) tables, then rebuilding the
tables that store those access permissions.
From the top-level of the Services source code tree (off the top of my
head and untried), this is how I remember that you do that:
ant create_cspace_db
ant import
(To successfully run the first command above, which deletes and then
re-creates the 'cspace' database, you'll likely need to temporarily
shut down CollectionSpace and make sure that you're not accessing the
PostgreSQL database system via any other client, psql or otherwise.)
Aron
On Mon, Aug 12, 2013 at 4:40 PM, Ray Lee rhlee@berkeley.edu wrote:
Hi Al,
Confusingly, the password you configure in the local-omca-settings.xml file
is not actually what determines what you use to log in. When you create a
new tenant, you have to log in using the username you configure, and the
password "Administrator". The first thing you should then do is go to the
Admin tab in the UI, and change the password.
After you've done that (and confirmed that you can log in using the new
password), you should edit local-omca-settings.xml, and put in the password
you set via the UI. That setting allows the app layer to obtain admin
privileges when the logged in user is not an admin user. For example, the
automated password reset feature requires this, so that the app layer can
reset a user's password.
Ray
On Mon, Aug 12, 2013 at 4:27 PM, Al Bersch abersch@museumca.org wrote:
Hi Jesse, Aron, and all:
Thanks again for your hlep. I looked at the logs, but I'm not sure exactly
what they are telling me.
I tried logging into my tenant (omca) with the default password and the
user I set up (admin@museumca.org), but did not have any luck.
I AM able to login to the core and lifesci clients.
looking up the usernames and passwrd in psql utility, the username I set
up appears correctly (admin@museumca.org), but the hashed password still
matches the password also listed for lifesci and core tenants.
When I look in the merged-settings.xml_local-omca-settings.xml-.xml file
in $CSPACE_JEESERVER_HOME/temp, it shows my username and password correctly.
Looking at the tenant-bindings files, it looks like information in
tenant-bindings.delta.xml matches that in tenant-bindings.merged.xml, but
I'm not sure if it's in the same place, or if it is complete. I pasted that
info below the logs.
Thanks again,
Al
From cspace-services.log:
2013-08-12 21:51:25,587 ERROR [main]
[org.collectionspace.services.common.config.ConfigUtils:51] No domain name
was specified on call to getRepositoryName() method.
2013-08-12 21:51:25,587 ERROR [main]
[org.collectionspace.services.common.config.ConfigUtils:51] No domain name
was specified on call to getRepositoryName() method.
2013-08-12 21:51:25,588 ERROR [main]
[org.collectionspace.services.common.config.ConfigUtils:51] No domain name
was specified on call to getRepositoryName() method.
2013-08-12 21:51:25,588 ERROR [main]
[org.collectionspace.services.common.config.ConfigUtils:51] No domain name
was specified on call to getRepositoryName() method.
2013-08-12 21:51:25,589 ERROR [main]
[org.collectionspace.services.common.config.ConfigUtils:51] No domain name
was specified on call to getRepositoryName() method.
2013-08-12 21:51:25,589 ERROR [main]
[org.collectionspace.services.common.config.ConfigUtils:51] No domain name
was specified on call to getRepositoryName() method.
2013-08-12 21:51:25,589 ERROR [main]
[org.collectionspace.services.common.config.ConfigUtils:51] No domain name
was specified on call to getRepositoryName() method.
2013-08-12 21:51:25,872 DEBUG [main]
[org.collectionspace.services.client.AbstractServiceClientImpl:269]
readProperties() using url=http://localhost:8180/cspace-services/
2013-08-12 21:51:25,873 DEBUG [main]
[org.collectionspace.services.client.AbstractServiceClientImpl:323]
setupHttpClient() using url=http://localhost:8180/cspace-services/
user=admin@core.collectionspace.org password=Administrator
2013-08-12 21:51:25,875 DEBUG [main]
[org.collectionspace.services.client.AbstractServiceClientImpl:334]
setupHttpClient: set preemptive authentication
2013-08-12 21:51:29,995 DEBUG [http-8180-2]
[org.collectionspace.authentication.realm.db.CSpaceDbRealm:144] Executing
query: select passwd from users where username=?, with username:
admin@museumca.org
2013-08-12 21:51:29,999 DEBUG [http-8180-2]
[org.collectionspace.authentication.jaas.CSpaceJBossDBLoginModule:79]
Obtained user password for: admin@museumca.org
From cspace-app.log:
2013-08-12 21:50:07,908 INFO [http-8180-4]
[org.apache.commons.httpclient.HttpMethodDirector:722] Failure
authenticating with BASIC 'org.collectionspace.services'@198.74.51.203:8180
2013-08-12 21:50:07,908 ERROR [http-8180-4]
[org.collectionspace.chain.csp.persistence.services.connection.ReturnedDocument:39]
Got error : <html><head><title>Apache Tomcat/6.0.33 - Error
report</title><style><!--H1
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;}
H2
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;}
H3
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;}
BODY
{font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;}
P
{font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A
{color : black;}A.name {color : black;}HR {color : #525D76;}--></style>
</head><body><h1>HTTP Status 401 - Password Incorrect/Password
Required</h1><HR size="1" noshade="noshade"><p><b>type</b> Status
report</p><p><b>message</b> <u>Password Incorrect/Password
Required</u></p><p><b>description</b> <u>This request requires HTTP
authentication (Password Incorrect/Password Required).</u></p><HR size="1"
noshade="noshade"><h3>Apache Tomcat/6.0.33</h3></body></html>
2013-08-12 21:51:27,914 INFO [http-8180-1]
[org.collectionspace.chain.csp.config.impl.parser.AssemblingContentHandler:156]
XMLMerge result output to:
/usr/local/share/apache-tomcat-6.0.33/temp/merged-settings.xml_local-omca-settings.xml-.xml
2013-08-12 21:51:30,010 INFO [http-8180-1]
[org.apache.commons.httpclient.HttpMethodDirector:722] Failure
authenticating with BASIC 'org.collectionspace.services'@198.74.51.203:8180
2013-08-12 21:51:30,012 ERROR [http-8180-1]
[org.collectionspace.chain.csp.persistence.services.connection.ReturnedDocument:39]
Got error : <html><head><title>Apache Tomcat/6.0.33 - Error
report</title><style><!--H1
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;}
H2
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;}
H3
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;}
BODY
{font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;}
P
{font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A
{color : black;}A.name {color : black;}HR {color : #525D76;}--></style>
</head><body><h1>HTTP Status 401 - Password Incorrect/Password
Required</h1><HR size="1" noshade="noshade"><p><b>type</b> Status
report</p><p><b>message</b> <u>Password Incorrect/Password
Required</u></p><p><b>description</b> <u>This request requires HTTP
authentication (Password Incorrect/Password Required).</u></p><HR size="1"
noshade="noshade"><h3>Apache Tomcat/6.0.33</h3></body></html>
2013-08-12 21:51:30,158 INFO [http-8180-1]
[org.collectionspace.chain.csp.config.impl.parser.AssemblingContentHandler:156]
XMLMerge result output to:
/usr/local/share/apache-tomcat-6.0.33/temp/merged-settings.xml_local-omca-settings.xml-.xml
2013-08-12 21:51:31,306 INFO [net.sf.ehcache.CacheManager@1b6ab7e]
[net.sf.ehcache.util.UpdateChecker:98] New update(s) found: 2.6.5
[http://www.terracotta.org/confluence/display/release/Release+Notes+Ehcache+Core+2.6].
Please check http://ehcache.org for the latest version.
tenant-bindings.delta.xml:
<?xml version="1.0" encoding="UTF-8"?>
<tenant:TenantBindingConfig
xmlns:merge='http://xmlmerge.el4j.elca.ch'
xmlns:tenant='http://collectionspace.org/services/config/tenant'>
<tenant:tenantBinding id="5" name="museumca.org" displayName="Oakland
Museum of California" version="0.1">
<tenant:repositoryDomain name="default-domain"
storageName="omca-domain" repositoryClient="nuxeo-java" />
</tenant:tenantBinding>
</tenant:TenantBindingConfig>
tenant-bindings.merged.xml:
<?xml version="1.0" encoding="UTF-8"?>
<!--
Copyright: Regents of the University of California 2012
Document : tenants-bindings.xml
Description: Prototype tenant bindings, specifying the default
services
layer configuration for a generic, out-of-the-box tenant.
These prototype bindings are merged with 'delta' bindings
specifying the differences from the prototype
configuration
for each actual tenant, resulting in 'merged' bindings
for that tenant.
$LastChangedRevision$
$LastChangedDate$
-->
<tenant:TenantBindingConfig
xmlns:tenant="http://collectionspace.org/services/config/tenant"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://collectionspace.org/services/config/tenant
http://collectionspace.org/services/config/tenant.xsd">
<!-- begin prototype collectionspace.org tenant meta-data -->
<tenant:tenantBinding id="5" name="museumca.org" displayName="Oakland
Museum of California" version="0.1">
<tenant:repositoryDomain name="default-domain"
storageName="omca-domain" repositoryClient="nuxeo-java" />
<tenant:properties>
<types:item
xmlns:types="http://collectionspace.org/services/config/types">
<types:key>datePattern</types:key>
<types:value>MM/dd/yyyy</types:value>
</types:item>
<types:item
xmlns:types="http://collectionspace.org/services/config/types">
<types:key>datePattern</types:key>
<types:value>MMM dd, yyyy</types:value>
</types:item>
<types:item
xmlns:types="http://collectionspace.org/services/config/types">
<types:key>datePattern</types:key>
<types:value>dd.MM.yyyy</types:value>
</types:item>
<!--
<types:item>
<types:key>datePattern</types:key>
<types:value>dd/MM/yyyy</types:value>
</types:item>
-->
<types:item
xmlns:types="http://collectionspace.org/services/config/types">
<types:key>localeLanguage</types:key>
<types:value>en</types:value>
</types:item>
<!--
<types:item>
<types:key>localeLanguage</types:key>
<types:value>da</types:value>
"tenant-bindings.merged.xml" 3461L, 227468C
1,1 Top
Al Bersch
Digital Project Coordinator
Oakland Museum of California
1000 Oak Street, Oakland, CA 94607
abersch@museumca.org
510-318-8468
From: "Jesse Martinez" mjesse@gmail.com
To: "Aron Roberts" aron@socrates.berkeley.edu
Cc: "Al Bersch" abersch@museumca.org, "talk"
talk@lists.collectionspace.org, "rescamilla" rescamilla@museumca.org
Sent: Wednesday, August 7, 2013 9:22:17 AM
Subject: Re: [Talk] Invalid email/password combination logging into new
tenant
Can you log into the default core or lifesci tenants? If you can then it
is probably a configuration settings for your omca tenant. If you can't then
it may be a service or app layer issue.
A good point of interest is to check the tenant-bindings configuration
file in the services layer.
The deployed copy of this file should be located at:
/usr/local/share/apache-tomcat-6.0.33/cspace/config/services/tenants/omca/
A good thing to check is if the tenant-bindings.delta additions/changes
are also present in the tenant-bindings.merged file. But also merged into
the correct places. (This is important!)
On Tue, Aug 6, 2013 at 1:46 PM, Aron Roberts aron@socrates.berkeley.edu
wrote:
First place to look: what errors are you seeing in server log files,
timestamped at the time of the failed login attempt?
You might start with (both in $CSPACE_JEESERVER_HOME/logs):
cspace-services.log
cspace-app.log
Error message(s) in those logfiles, particularly cspace-services.log,
may help identify the issue.
Second, does the 'standard' login using the default administrator user
account, admin@yourtenant... succeed, if you use the default password,
'Administrator'?
Third, you might use a PostgreSQL client, like the command-line 'psql'
or a GUI utility, to take a look at the 'users' table, to verify that
a) the name of your tenant's default admin user account is what you
expect and b) the password was in fact changed from the default.
e.g. from a Linux shell prompt:
psql -U postgres
(At the 'Password for user postgres:' prompt, enter the password for
the 'postgres' database user; e.g. from 'echo $DB_PASSWORD')
(at successive prompts, enter:)
\c cspace
select username, passwd from users;
(when done, to quit psql, enter:)
\q
Make sure that a) the admin username for your tenant is what you
expect and b) the (hashed) password for that account is different from
the 'admin@core.collectionspace.org' user.
There can be a variety of other reasons for a failed login, but this
may help identify (or rule out) some obvious possibilities.
Aron
On Tue, Aug 6, 2013 at 10:22 AM, Al Bersch abersch@museumca.org wrote:
Hello all,
I created a new tenant (called omca) and successfully ran all the mvn
and
ant commands to deploy the ui, applications, and services layers. When
I
get to the login page for our new tenant, and use the login I set when
making changes to the local-{your_museum}-settings.xml file (for us,
it's
local-omca-settings.xml), I get a message telling me I have an invalid
email/password combination. I've looked in previous "talk"
conversations,
but can't find the solution - anyone know what might be up? I can
successfully log into the core tenant using
admin@core.collectionspace.org.
Thanks,
Al
Al Bersch
Digital Project Coordinator
Oakland Museum of California
1000 Oak Street, Oakland, CA 94607
abersch@museumca.org
510-318-8468
Talk mailing list
Talk@lists.collectionspace.org
http://lists.collectionspace.org/mailman/listinfo/talk_lists.collectionspace.org
Thanks, Ray, for this helpful clarification!
Al, thank you very much for the additional reports, as well. Did I
understand correctly that you said that, even when you try logging
into your 'omca' tenant at, say,
http://yourhost:yourport/collectionspace/ui/omca/html/index.html, with
username 'admin@museumca.org' and the default password,
'Administrator', you still get this error? Even after typing the
username and password into a document in a plaintext editor, and then
copying and pasting them into the respective fields in the login
screen, just to help rule out a potentially overlooked typo?
If and only if the answer to both of the questions above is 'yes,' I'm
wondering whether access permissions - the association of user roles
with permissions to read, create, delete, etc. various resources -
were set up correctly for this tenant. If you look in one additional
set of log files, those that start with catalina*, do you see any
errors similar to these about the time that you're attempting to
login? (The permission might not necessarily be #create; this is just
an example ...)
ERROR [org.collectionspace.services.common.security.SecurityInterceptor:171]
Access to 5:someresourcenamehere#create is NOT allowed to
user=admin@museumca.org
*If* you see messages similar to this around the time of the login
attempt, one thing you might try is dropping and re-creating the
database that holds authorization (AuthZ) tables, then rebuilding the
tables that store those access permissions.
>From the top-level of the Services source code tree (off the top of my
head and untried), this is how I remember that you do that:
ant create_cspace_db
ant import
(To successfully run the first command above, which deletes and then
re-creates the 'cspace' database, you'll likely need to temporarily
shut down CollectionSpace and make sure that you're not accessing the
PostgreSQL database system via any other client, psql or otherwise.)
Aron
On Mon, Aug 12, 2013 at 4:40 PM, Ray Lee <rhlee@berkeley.edu> wrote:
> Hi Al,
> Confusingly, the password you configure in the local-omca-settings.xml file
> is not actually what determines what you use to log in. When you create a
> new tenant, you have to log in using the username you configure, and the
> password "Administrator". The first thing you should then do is go to the
> Admin tab in the UI, and change the password.
>
> After you've done that (and confirmed that you can log in using the new
> password), you should edit local-omca-settings.xml, and put in the password
> you set via the UI. That setting allows the app layer to obtain admin
> privileges when the logged in user is not an admin user. For example, the
> automated password reset feature requires this, so that the app layer can
> reset a user's password.
>
> Ray
>
>
>
> On Mon, Aug 12, 2013 at 4:27 PM, Al Bersch <abersch@museumca.org> wrote:
>>
>> Hi Jesse, Aron, and all:
>>
>> Thanks again for your hlep. I looked at the logs, but I'm not sure exactly
>> what they are telling me.
>>
>> I tried logging into my tenant (omca) with the default password and the
>> user I set up (admin@museumca.org), but did not have any luck.
>>
>> I AM able to login to the core and lifesci clients.
>>
>> looking up the usernames and passwrd in psql utility, the username I set
>> up appears correctly (admin@museumca.org), but the hashed password still
>> matches the password also listed for lifesci and core tenants.
>>
>> When I look in the merged-settings.xml_local-omca-settings.xml-.xml file
>> in $CSPACE_JEESERVER_HOME/temp, it shows my username and password correctly.
>>
>> Looking at the tenant-bindings files, it looks like information in
>> tenant-bindings.delta.xml matches that in tenant-bindings.merged.xml, but
>> I'm not sure if it's in the same place, or if it is complete. I pasted that
>> info below the logs.
>>
>> Thanks again,
>>
>> Al
>>
>> From cspace-services.log:
>>
>>
>> 2013-08-12 21:51:25,587 ERROR [main]
>> [org.collectionspace.services.common.config.ConfigUtils:51] No domain name
>> was specified on call to getRepositoryName() method.
>>
>> 2013-08-12 21:51:25,587 ERROR [main]
>> [org.collectionspace.services.common.config.ConfigUtils:51] No domain name
>> was specified on call to getRepositoryName() method.
>>
>> 2013-08-12 21:51:25,588 ERROR [main]
>> [org.collectionspace.services.common.config.ConfigUtils:51] No domain name
>> was specified on call to getRepositoryName() method.
>>
>> 2013-08-12 21:51:25,588 ERROR [main]
>> [org.collectionspace.services.common.config.ConfigUtils:51] No domain name
>> was specified on call to getRepositoryName() method.
>>
>> 2013-08-12 21:51:25,589 ERROR [main]
>> [org.collectionspace.services.common.config.ConfigUtils:51] No domain name
>> was specified on call to getRepositoryName() method.
>>
>> 2013-08-12 21:51:25,589 ERROR [main]
>> [org.collectionspace.services.common.config.ConfigUtils:51] No domain name
>> was specified on call to getRepositoryName() method.
>>
>> 2013-08-12 21:51:25,589 ERROR [main]
>> [org.collectionspace.services.common.config.ConfigUtils:51] No domain name
>> was specified on call to getRepositoryName() method.
>>
>> 2013-08-12 21:51:25,872 DEBUG [main]
>> [org.collectionspace.services.client.AbstractServiceClientImpl:269]
>> readProperties() using url=http://localhost:8180/cspace-services/
>>
>> 2013-08-12 21:51:25,873 DEBUG [main]
>> [org.collectionspace.services.client.AbstractServiceClientImpl:323]
>> setupHttpClient() using url=http://localhost:8180/cspace-services/
>> user=admin@core.collectionspace.org password=Administrator
>>
>> 2013-08-12 21:51:25,875 DEBUG [main]
>> [org.collectionspace.services.client.AbstractServiceClientImpl:334]
>> setupHttpClient: set preemptive authentication
>>
>> 2013-08-12 21:51:29,995 DEBUG [http-8180-2]
>> [org.collectionspace.authentication.realm.db.CSpaceDbRealm:144] Executing
>> query: select passwd from users where username=?, with username:
>> admin@museumca.org
>>
>> 2013-08-12 21:51:29,999 DEBUG [http-8180-2]
>> [org.collectionspace.authentication.jaas.CSpaceJBossDBLoginModule:79]
>> Obtained user password for: admin@museumca.org
>>
>>
>>
>> From cspace-app.log:
>>
>>
>> 2013-08-12 21:50:07,908 INFO [http-8180-4]
>> [org.apache.commons.httpclient.HttpMethodDirector:722] Failure
>> authenticating with BASIC 'org.collectionspace.services'@198.74.51.203:8180
>>
>> 2013-08-12 21:50:07,908 ERROR [http-8180-4]
>> [org.collectionspace.chain.csp.persistence.services.connection.ReturnedDocument:39]
>> Got error : <html><head><title>Apache Tomcat/6.0.33 - Error
>> report</title><style><!--H1
>> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;}
>> H2
>> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;}
>> H3
>> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;}
>> BODY
>> {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B
>> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;}
>> P
>> {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A
>> {color : black;}A.name {color : black;}HR {color : #525D76;}--></style>
>> </head><body><h1>HTTP Status 401 - Password Incorrect/Password
>> Required</h1><HR size="1" noshade="noshade"><p><b>type</b> Status
>> report</p><p><b>message</b> <u>Password Incorrect/Password
>> Required</u></p><p><b>description</b> <u>This request requires HTTP
>> authentication (Password Incorrect/Password Required).</u></p><HR size="1"
>> noshade="noshade"><h3>Apache Tomcat/6.0.33</h3></body></html>
>>
>> 2013-08-12 21:51:27,914 INFO [http-8180-1]
>> [org.collectionspace.chain.csp.config.impl.parser.AssemblingContentHandler:156]
>> XMLMerge result output to:
>> /usr/local/share/apache-tomcat-6.0.33/temp/merged-settings.xml_local-omca-settings.xml-.xml
>>
>> 2013-08-12 21:51:30,010 INFO [http-8180-1]
>> [org.apache.commons.httpclient.HttpMethodDirector:722] Failure
>> authenticating with BASIC 'org.collectionspace.services'@198.74.51.203:8180
>>
>> 2013-08-12 21:51:30,012 ERROR [http-8180-1]
>> [org.collectionspace.chain.csp.persistence.services.connection.ReturnedDocument:39]
>> Got error : <html><head><title>Apache Tomcat/6.0.33 - Error
>> report</title><style><!--H1
>> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;}
>> H2
>> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;}
>> H3
>> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;}
>> BODY
>> {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B
>> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;}
>> P
>> {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A
>> {color : black;}A.name {color : black;}HR {color : #525D76;}--></style>
>> </head><body><h1>HTTP Status 401 - Password Incorrect/Password
>> Required</h1><HR size="1" noshade="noshade"><p><b>type</b> Status
>> report</p><p><b>message</b> <u>Password Incorrect/Password
>> Required</u></p><p><b>description</b> <u>This request requires HTTP
>> authentication (Password Incorrect/Password Required).</u></p><HR size="1"
>> noshade="noshade"><h3>Apache Tomcat/6.0.33</h3></body></html>
>>
>> 2013-08-12 21:51:30,158 INFO [http-8180-1]
>> [org.collectionspace.chain.csp.config.impl.parser.AssemblingContentHandler:156]
>> XMLMerge result output to:
>> /usr/local/share/apache-tomcat-6.0.33/temp/merged-settings.xml_local-omca-settings.xml-.xml
>>
>> 2013-08-12 21:51:31,306 INFO [net.sf.ehcache.CacheManager@1b6ab7e]
>> [net.sf.ehcache.util.UpdateChecker:98] New update(s) found: 2.6.5
>> [http://www.terracotta.org/confluence/display/release/Release+Notes+Ehcache+Core+2.6].
>> Please check http://ehcache.org for the latest version.
>>
>>
>> tenant-bindings.delta.xml:
>>
>>
>> <?xml version="1.0" encoding="UTF-8"?>
>>
>> <tenant:TenantBindingConfig
>>
>> xmlns:merge='http://xmlmerge.el4j.elca.ch'
>>
>> xmlns:tenant='http://collectionspace.org/services/config/tenant'>
>>
>>
>> <tenant:tenantBinding id="5" name="museumca.org" displayName="Oakland
>> Museum of California" version="0.1">
>>
>> <tenant:repositoryDomain name="default-domain"
>> storageName="omca-domain" repositoryClient="nuxeo-java" />
>>
>> </tenant:tenantBinding>
>>
>>
>> </tenant:TenantBindingConfig>
>>
>>
>> tenant-bindings.merged.xml:
>>
>>
>> <?xml version="1.0" encoding="UTF-8"?>
>>
>> <!--
>>
>> Copyright: Regents of the University of California 2012
>>
>> Document : tenants-bindings.xml
>>
>> Description: Prototype tenant bindings, specifying the default
>> services
>>
>> layer configuration for a generic, out-of-the-box tenant.
>>
>> These prototype bindings are merged with 'delta' bindings
>>
>> specifying the differences from the prototype
>> configuration
>>
>> for each actual tenant, resulting in 'merged' bindings
>>
>> for that tenant.
>>
>> $LastChangedRevision$
>>
>> $LastChangedDate$
>>
>> -->
>>
>> <tenant:TenantBindingConfig
>> xmlns:tenant="http://collectionspace.org/services/config/tenant"
>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>> xsi:schemaLocation="http://collectionspace.org/services/config/tenant
>> http://collectionspace.org/services/config/tenant.xsd">
>>
>> <!-- begin prototype collectionspace.org tenant meta-data -->
>>
>> <tenant:tenantBinding id="5" name="museumca.org" displayName="Oakland
>> Museum of California" version="0.1">
>>
>> <tenant:repositoryDomain name="default-domain"
>> storageName="omca-domain" repositoryClient="nuxeo-java" />
>>
>> <tenant:properties>
>>
>> <types:item
>> xmlns:types="http://collectionspace.org/services/config/types">
>>
>> <types:key>datePattern</types:key>
>>
>> <types:value>MM/dd/yyyy</types:value>
>>
>> </types:item>
>>
>> <types:item
>> xmlns:types="http://collectionspace.org/services/config/types">
>>
>> <types:key>datePattern</types:key>
>>
>> <types:value>MMM dd, yyyy</types:value>
>>
>> </types:item>
>>
>> <types:item
>> xmlns:types="http://collectionspace.org/services/config/types">
>>
>> <types:key>datePattern</types:key>
>>
>> <types:value>dd.MM.yyyy</types:value>
>>
>> </types:item>
>>
>> <!--
>>
>> <types:item>
>>
>> <types:key>datePattern</types:key>
>>
>> <types:value>dd/MM/yyyy</types:value>
>>
>> </types:item>
>>
>> -->
>>
>> <types:item
>> xmlns:types="http://collectionspace.org/services/config/types">
>>
>> <types:key>localeLanguage</types:key>
>>
>> <types:value>en</types:value>
>>
>> </types:item>
>>
>> <!--
>>
>> <types:item>
>>
>> <types:key>localeLanguage</types:key>
>>
>> <types:value>da</types:value>
>>
>> "tenant-bindings.merged.xml" 3461L, 227468C
>> 1,1 Top
>>
>>
>>
>>
>> Al Bersch
>> Digital Project Coordinator
>> Oakland Museum of California
>> 1000 Oak Street, Oakland, CA 94607
>> abersch@museumca.org
>> 510-318-8468
>> ________________________________
>> From: "Jesse Martinez" <mjesse@gmail.com>
>> To: "Aron Roberts" <aron@socrates.berkeley.edu>
>> Cc: "Al Bersch" <abersch@museumca.org>, "talk"
>> <talk@lists.collectionspace.org>, "rescamilla" <rescamilla@museumca.org>
>> Sent: Wednesday, August 7, 2013 9:22:17 AM
>> Subject: Re: [Talk] Invalid email/password combination logging into new
>> tenant
>>
>> Can you log into the default core or lifesci tenants? If you can then it
>> is probably a configuration settings for your omca tenant. If you can't then
>> it may be a service or app layer issue.
>>
>> A good point of interest is to check the tenant-bindings configuration
>> file in the services layer.
>> The deployed copy of this file should be located at:
>> /usr/local/share/apache-tomcat-6.0.33/cspace/config/services/tenants/omca/
>>
>> A good thing to check is if the tenant-bindings.delta additions/changes
>> are also present in the tenant-bindings.merged file. But also merged into
>> the _correct_ places. (This is important!)
>>
>> - Jesse
>>
>>
>> On Tue, Aug 6, 2013 at 1:46 PM, Aron Roberts <aron@socrates.berkeley.edu>
>> wrote:
>>>
>>> First place to look: what errors are you seeing in server log files,
>>> timestamped at the time of the failed login attempt?
>>>
>>> You might start with (both in $CSPACE_JEESERVER_HOME/logs):
>>> cspace-services.log
>>> cspace-app.log
>>>
>>> Error message(s) in those logfiles, particularly cspace-services.log,
>>> may help identify the issue.
>>>
>>> Second, does the 'standard' login using the default administrator user
>>> account, admin@yourtenant... succeed, if you use the default password,
>>> 'Administrator'?
>>>
>>> Third, you might use a PostgreSQL client, like the command-line 'psql'
>>> or a GUI utility, to take a look at the 'users' table, to verify that
>>> a) the name of your tenant's default admin user account is what you
>>> expect and b) the password was in fact changed from the default.
>>>
>>> e.g. from a Linux shell prompt:
>>> psql -U postgres
>>> (At the 'Password for user postgres:' prompt, enter the password for
>>> the 'postgres' database user; e.g. from 'echo $DB_PASSWORD')
>>> (at successive prompts, enter:)
>>> \c cspace
>>> select username, passwd from users;
>>> (when done, to quit psql, enter:)
>>> \q
>>>
>>> Make sure that a) the admin username for your tenant is what you
>>> expect and b) the (hashed) password for that account is different from
>>> the 'admin@core.collectionspace.org' user.
>>>
>>> There can be a variety of other reasons for a failed login, but this
>>> may help identify (or rule out) some obvious possibilities.
>>>
>>> Aron
>>>
>>> On Tue, Aug 6, 2013 at 10:22 AM, Al Bersch <abersch@museumca.org> wrote:
>>> > Hello all,
>>> >
>>> > I created a new tenant (called omca) and successfully ran all the mvn
>>> > and
>>> > ant commands to deploy the ui, applications, and services layers. When
>>> > I
>>> > get to the login page for our new tenant, and use the login I set when
>>> > making changes to the local-{your_museum}-settings.xml file (for us,
>>> > it's
>>> > local-omca-settings.xml), I get a message telling me I have an invalid
>>> > email/password combination. I've looked in previous "talk"
>>> > conversations,
>>> > but can't find the solution - anyone know what might be up? I can
>>> > successfully log into the core tenant using
>>> > admin@core.collectionspace.org.
>>> >
>>> > Thanks,
>>> >
>>> > Al
>>> >
>>> > Al Bersch
>>> > Digital Project Coordinator
>>> > Oakland Museum of California
>>> > 1000 Oak Street, Oakland, CA 94607
>>> > abersch@museumca.org
>>> > 510-318-8468
>>> >
>>> > _______________________________________________
>>> > Talk mailing list
>>> > Talk@lists.collectionspace.org
>>> >
>>> > http://lists.collectionspace.org/mailman/listinfo/talk_lists.collectionspace.org
>>> >
>>>
>>> _______________________________________________
>>> Talk mailing list
>>> Talk@lists.collectionspace.org
>>>
>>> http://lists.collectionspace.org/mailman/listinfo/talk_lists.collectionspace.org
>>
>>
>>
>>
>> _______________________________________________
>> Talk mailing list
>> Talk@lists.collectionspace.org
>>
>> http://lists.collectionspace.org/mailman/listinfo/talk_lists.collectionspace.org
>>
>
>
> _______________________________________________
> Talk mailing list
> Talk@lists.collectionspace.org
> http://lists.collectionspace.org/mailman/listinfo/talk_lists.collectionspace.org
>
AR
Aron Roberts
Tue, Aug 13, 2013 12:14 AM
One more thing, Al ... it might also be useful to confirm that the
tenant ID configured in the Application layer configuration matches
the corresponding ID in the Services layer ('5' ?)
E.g. in $CATALINA_HOME/lib/tenants/omca, most likely in settings.xml:
<settings>
<admin>
<username>admin@museumca.org</username>
<password>Administrator</password>
<tenant>5</tenant>
...
One more thing, Al ... it might also be useful to confirm that the
tenant ID configured in the Application layer configuration matches
the corresponding ID in the Services layer ('5' ?)
E.g. in $CATALINA_HOME/lib/tenants/omca, most likely in settings.xml:
<settings>
<admin>
<username>admin@museumca.org</username>
<password>Administrator</password>
<tenant>5</tenant>
...
AB
Al Bersch
Tue, Aug 13, 2013 5:15 PM
Thanks everyone!
About Ray's clarification, I did go and change the password "Administrator" in tomcat-main/src/main/resources/tenants/omca/local-omca-settings.xml. Initially I had kept as the default, but then after following Aron's instructions I (I suppose wrongly?) assumed that meant I should change the default password in the local-omca-settings.xml file.
Third, you might use a PostgreSQL client, like the command-line 'psql' >>> or a GUI utility, to take a look at the 'users' table, to verify that
a) the name of your tenant's default admin user account is what you
expect and b) the password was in fact changed from the default.
So now that I've changed the default, when I first login to my tenant, should I use Administrator, or my new password?
Though, no (now to answer Aron's question), I can't currently log into the new tenant http://yourhost:yourport/collectionspace/ui/omca/html/index.html , with username ' admin@museumca.org ' and the default password, 'Administrator', even after cutting and pasting from a text editor.
However, this might illuminate the problem:
When I changed to tenant ID, I did so according to the instructions here: http://wiki.collectionspace.org/display/DOC/Creating+your+new+tenant, in se rvices/common/src/main/cspace/config/services/tenants/omca/tenant-bindings.delta.xml. So the tenant ID in this file is now 5.
When I look in $CATALINA_HOME/lib/tenants/omca, both local-omca-settings.xml and settings.xml have the tenant ID as 1.
So, am I correct that I may have configured this incorrectly, or in the wrong place? Thanks for you insight!
Finally, just to follow up on every part of the thread, when I looked in the log catalina.out (this is the only "catalina" log i see in $CSPACE_JEESERVER_HOME/logs), I don't see something like
ERROR [org.collectionspace.services.common.security.SecurityInterceptor:171]
Access to 5:someresourcenamehere#create is NOT allowed to
user=admin@museumca.org
Here's what I do see:
2013-08-13 16:53:04,660 WARN [http-8180-4] [org.collectionspace.services.common.security.SecurityInterceptor:358] Attempt to logout when Nuxeo login context was null
2013-08-13 16:53:04,667 WARN [http-8180-4] [org.springframework.security.web.context.HttpSessionSecurityContextRepository:396] Failed to create a session, as response has been committed. Unable to store SecurityContext.
2013-08-13 16:53:47,255 (68539341) [http-8180-6] INFO org.apache.commons.httpclient.HttpMethodDirector: Failure authenticating with BASIC 'org.collectionspace.services'@198.74.51.203:8180
2013-08-13 16:53:47,255 (68539341) [http-8180-6] ERROR org.collectionspace.chain.csp.persistence.services.connection.ReturnedDocument: Got error : <html><head><title>Apache Tomcat/6.0.33 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 401 - Password Incorrect/Password Required</h1><HR size="1" noshade="noshade"><p><b>type</b> Status report</p><p><b>message</b> <u>Password Incorrect/Password Required</u></p><p><b>description</b> <u>This request requires HTTP authentication (Password Incorrect/Password Required).</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/6.0.33</h3></body></html>
Thanks again,
Al
Al Bersch
Digital Project Coordinator
Oakland Museum of California
1000 Oak Street, Oakland, CA 94607
abersch@museumca.org
510-318-8468
----- Original Message -----
From: "Aron Roberts" aron@socrates.berkeley.edu
To: "Al Bersch" abersch@museumca.org
Cc: "talk" talk@lists.collectionspace.org, "rescamilla" rescamilla@museumca.org
Sent: Monday, August 12, 2013 5:14:12 PM
Subject: Re: [Talk] Invalid email/password combination logging into new tenant
One more thing, Al ... it might also be useful to confirm that the
tenant ID configured in the Application layer configuration matches
the corresponding ID in the Services layer ('5' ?)
E.g. in $CATALINA_HOME/lib/tenants/omca, most likely in settings.xml:
<settings>
<admin>
<username>admin@museumca.org</username>
<password>Administrator</password>
<tenant>5</tenant>
From: "Aron Roberts" aron@socrates.berkeley.edu
To: "Ray Lee" rhlee@berkeley.edu, "Al Bersch" abersch@museumca.org
Cc: "talk" talk@lists.collectionspace.org, "rescamilla" rescamilla@museumca.org
Sent: Monday, August 12, 2013 5:01:00 PM
Subject: Re: [Talk] Invalid email/password combination logging into new tenant
Thanks, Ray, for this helpful clarification!
Al, thank you very much for the additional reports, as well. Did I
understand correctly that you said that, even when you try logging
into your 'omca' tenant at, say,
http://yourhost:yourport/collectionspace/ui/omca/html/index.html, with
username 'admin@museumca.org' and the default password,
'Administrator', you still get this error? Even after typing the
username and password into a document in a plaintext editor, and then
copying and pasting them into the respective fields in the login
screen, just to help rule out a potentially overlooked typo?
If and only if the answer to both of the questions above is 'yes,' I'm
wondering whether access permissions - the association of user roles
with permissions to read, create, delete, etc. various resources -
were set up correctly for this tenant. If you look in one additional
set of log files, those that start with catalina*, do you see any
errors similar to these about the time that you're attempting to
login? (The permission might not necessarily be #create; this is just
an example ...)
ERROR [org.collectionspace.services.common.security.SecurityInterceptor:171]
Access to 5:someresourcenamehere#create is NOT allowed to
user=admin@museumca.org
If you see messages similar to this around the time of the login
attempt, one thing you might try is dropping and re-creating the
database that holds authorization (AuthZ) tables, then rebuilding the
tables that store those access permissions.
From the top-level of the Services source code tree (off the top of my
head and untried), this is how I remember that you do that:
ant create_cspace_db
ant import
(To successfully run the first command above, which deletes and then
re-creates the 'cspace' database, you'll likely need to temporarily
shut down CollectionSpace and make sure that you're not accessing the
PostgreSQL database system via any other client, psql or otherwise.)
Aron
On Mon, Aug 12, 2013 at 4:40 PM, Ray Lee rhlee@berkeley.edu wrote:
Hi Al,
Confusingly, the password you configure in the local-omca-settings.xml file
is not actually what determines what you use to log in. When you create a
new tenant, you have to log in using the username you configure, and the
password "Administrator". The first thing you should then do is go to the
Admin tab in the UI, and change the password.
After you've done that (and confirmed that you can log in using the new
password), you should edit local-omca-settings.xml, and put in the password
you set via the UI. That setting allows the app layer to obtain admin
privileges when the logged in user is not an admin user. For example, the
automated password reset feature requires this, so that the app layer can
reset a user's password.
Ray
On Mon, Aug 12, 2013 at 4:27 PM, Al Bersch abersch@museumca.org wrote:
Hi Jesse, Aron, and all:
Thanks again for your hlep. I looked at the logs, but I'm not sure exactly
what they are telling me.
I tried logging into my tenant (omca) with the default password and the
user I set up (admin@museumca.org), but did not have any luck.
I AM able to login to the core and lifesci clients.
looking up the usernames and passwrd in psql utility, the username I set
up appears correctly (admin@museumca.org), but the hashed password still
matches the password also listed for lifesci and core tenants.
When I look in the merged-settings.xml_local-omca-settings.xml-.xml file
in $CSPACE_JEESERVER_HOME/temp, it shows my username and password correctly.
Looking at the tenant-bindings files, it looks like information in
tenant-bindings.delta.xml matches that in tenant-bindings.merged.xml, but
I'm not sure if it's in the same place, or if it is complete. I pasted that
info below the logs.
Thanks again,
Al
From cspace-services.log:
2013-08-12 21:51:25,587 ERROR [main]
[org.collectionspace.services.common.config.ConfigUtils:51] No domain name
was specified on call to getRepositoryName() method.
2013-08-12 21:51:25,587 ERROR [main]
[org.collectionspace.services.common.config.ConfigUtils:51] No domain name
was specified on call to getRepositoryName() method.
2013-08-12 21:51:25,588 ERROR [main]
[org.collectionspace.services.common.config.ConfigUtils:51] No domain name
was specified on call to getRepositoryName() method.
2013-08-12 21:51:25,588 ERROR [main]
[org.collectionspace.services.common.config.ConfigUtils:51] No domain name
was specified on call to getRepositoryName() method.
2013-08-12 21:51:25,589 ERROR [main]
[org.collectionspace.services.common.config.ConfigUtils:51] No domain name
was specified on call to getRepositoryName() method.
2013-08-12 21:51:25,589 ERROR [main]
[org.collectionspace.services.common.config.ConfigUtils:51] No domain name
was specified on call to getRepositoryName() method.
2013-08-12 21:51:25,589 ERROR [main]
[org.collectionspace.services.common.config.ConfigUtils:51] No domain name
was specified on call to getRepositoryName() method.
2013-08-12 21:51:25,872 DEBUG [main]
[org.collectionspace.services.client.AbstractServiceClientImpl:269]
readProperties() using url=http://localhost:8180/cspace-services/
2013-08-12 21:51:25,873 DEBUG [main]
[org.collectionspace.services.client.AbstractServiceClientImpl:323]
setupHttpClient() using url=http://localhost:8180/cspace-services/
user=admin@core.collectionspace.org password=Administrator
2013-08-12 21:51:25,875 DEBUG [main]
[org.collectionspace.services.client.AbstractServiceClientImpl:334]
setupHttpClient: set preemptive authentication
2013-08-12 21:51:29,995 DEBUG [http-8180-2]
[org.collectionspace.authentication.realm.db.CSpaceDbRealm:144] Executing
query: select passwd from users where username=?, with username:
admin@museumca.org
2013-08-12 21:51:29,999 DEBUG [http-8180-2]
[org.collectionspace.authentication.jaas.CSpaceJBossDBLoginModule:79]
Obtained user password for: admin@museumca.org
From cspace-app.log:
2013-08-12 21:50:07,908 INFO [http-8180-4]
[org.apache.commons.httpclient.HttpMethodDirector:722] Failure
authenticating with BASIC 'org.collectionspace.services'@198.74.51.203:8180
2013-08-12 21:50:07,908 ERROR [http-8180-4]
[org.collectionspace.chain.csp.persistence.services.connection.ReturnedDocument:39]
Got error : <html><head><title>Apache Tomcat/6.0.33 - Error
report</title><style><!--H1
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;}
H2
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;}
H3
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;}
BODY
{font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;}
P
{font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A
{color : black;}A.name {color : black;}HR {color : #525D76;}--></style>
</head><body><h1>HTTP Status 401 - Password Incorrect/Password
Required</h1><HR size="1" noshade="noshade"><p><b>type</b> Status
report</p><p><b>message</b> <u>Password Incorrect/Password
Required</u></p><p><b>description</b> <u>This request requires HTTP
authentication (Password Incorrect/Password Required).</u></p><HR size="1"
noshade="noshade"><h3>Apache Tomcat/6.0.33</h3></body></html>
2013-08-12 21:51:27,914 INFO [http-8180-1]
[org.collectionspace.chain.csp.config.impl.parser.AssemblingContentHandler:156]
XMLMerge result output to:
/usr/local/share/apache-tomcat-6.0.33/temp/merged-settings.xml_local-omca-settings.xml-.xml
2013-08-12 21:51:30,010 INFO [http-8180-1]
[org.apache.commons.httpclient.HttpMethodDirector:722] Failure
authenticating with BASIC 'org.collectionspace.services'@198.74.51.203:8180
2013-08-12 21:51:30,012 ERROR [http-8180-1]
[org.collectionspace.chain.csp.persistence.services.connection.ReturnedDocument:39]
Got error : <html><head><title>Apache Tomcat/6.0.33 - Error
report</title><style><!--H1
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;}
H2
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;}
H3
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;}
BODY
{font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;}
P
{font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A
{color : black;}A.name {color : black;}HR {color : #525D76;}--></style>
</head><body><h1>HTTP Status 401 - Password Incorrect/Password
Required</h1><HR size="1" noshade="noshade"><p><b>type</b> Status
report</p><p><b>message</b> <u>Password Incorrect/Password
Required</u></p><p><b>description</b> <u>This request requires HTTP
authentication (Password Incorrect/Password Required).</u></p><HR size="1"
noshade="noshade"><h3>Apache Tomcat/6.0.33</h3></body></html>
2013-08-12 21:51:30,158 INFO [http-8180-1]
[org.collectionspace.chain.csp.config.impl.parser.AssemblingContentHandler:156]
XMLMerge result output to:
/usr/local/share/apache-tomcat-6.0.33/temp/merged-settings.xml_local-omca-settings.xml-.xml
2013-08-12 21:51:31,306 INFO [net.sf.ehcache.CacheManager@1b6ab7e]
[net.sf.ehcache.util.UpdateChecker:98] New update(s) found: 2.6.5
[http://www.terracotta.org/confluence/display/release/Release+Notes+Ehcache+Core+2.6].
Please check http://ehcache.org for the latest version.
tenant-bindings.delta.xml:
<?xml version="1.0" encoding="UTF-8"?>
<tenant:TenantBindingConfig
xmlns:merge='http://xmlmerge.el4j.elca.ch'
xmlns:tenant='http://collectionspace.org/services/config/tenant'>
<tenant:tenantBinding id="5" name="museumca.org" displayName="Oakland
Museum of California" version="0.1">
<tenant:repositoryDomain name="default-domain"
storageName="omca-domain" repositoryClient="nuxeo-java" />
</tenant:tenantBinding>
</tenant:TenantBindingConfig>
tenant-bindings.merged.xml:
<?xml version="1.0" encoding="UTF-8"?>
<!--
Copyright: Regents of the University of California 2012
Document : tenants-bindings.xml
Description: Prototype tenant bindings, specifying the default
services
layer configuration for a generic, out-of-the-box tenant.
These prototype bindings are merged with 'delta' bindings
specifying the differences from the prototype
configuration
for each actual tenant, resulting in 'merged' bindings
for that tenant.
$LastChangedRevision$
$LastChangedDate$
-->
<tenant:TenantBindingConfig
xmlns:tenant="http://collectionspace.org/services/config/tenant"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://collectionspace.org/services/config/tenant
http://collectionspace.org/services/config/tenant.xsd">
<!-- begin prototype collectionspace.org tenant meta-data -->
<tenant:tenantBinding id="5" name="museumca.org" displayName="Oakland
Museum of California" version="0.1">
<tenant:repositoryDomain name="default-domain"
storageName="omca-domain" repositoryClient="nuxeo-java" />
tenant:properties
<types:item
xmlns:types="http://collectionspace.org/services/config/types">
types:keydatePattern</types:key>
types:valueMM/dd/yyyy</types:value>
</types:item>
<types:item
xmlns:types="http://collectionspace.org/services/config/types">
types:keydatePattern</types:key>
types:valueMMM dd, yyyy</types:value>
</types:item>
<types:item
xmlns:types="http://collectionspace.org/services/config/types">
types:keydatePattern</types:key>
types:valuedd.MM.yyyy</types:value>
</types:item>
<!--
<types:item>
<types:key>datePattern</types:key>
<types:value>dd/MM/yyyy</types:value>
</types:item>
-->
<types:item
xmlns:types="http://collectionspace.org/services/config/types">
types:keylocaleLanguage</types:key>
types:valueen</types:value>
</types:item>
<!--
<types:item>
<types:key>localeLanguage</types:key>
<types:value>da</types:value>
"tenant-bindings.merged.xml" 3461L, 227468C
1,1 Top
Al Bersch
Digital Project Coordinator
Oakland Museum of California
1000 Oak Street, Oakland, CA 94607
abersch@museumca.org
510-318-8468
________________________________
From: "Jesse Martinez" <mjesse@gmail.com>
To: "Aron Roberts" <aron@socrates.berkeley.edu>
Cc: "Al Bersch" <abersch@museumca.org>, "talk"
<talk@lists.collectionspace.org>, "rescamilla" <rescamilla@museumca.org>
Sent: Wednesday, August 7, 2013 9:22:17 AM
Subject: Re: [Talk] Invalid email/password combination logging into new
tenant
Can you log into the default core or lifesci tenants? If you can then it
is probably a configuration settings for your omca tenant. If you can't then
it may be a service or app layer issue.
A good point of interest is to check the tenant-bindings configuration
file in the services layer.
The deployed copy of this file should be located at:
/usr/local/share/apache-tomcat-6.0.33/cspace/config/services/tenants/omca/
A good thing to check is if the tenant-bindings.delta additions/changes
are also present in the tenant-bindings.merged file. But also merged into
the _correct_ places. (This is important!)
- Jesse
On Tue, Aug 6, 2013 at 1:46 PM, Aron Roberts <aron@socrates.berkeley.edu>
wrote:
First place to look: what errors are you seeing in server log files,
timestamped at the time of the failed login attempt?
You might start with (both in $CSPACE_JEESERVER_HOME/logs):
cspace-services.log
cspace-app.log
Error message(s) in those logfiles, particularly cspace-services.log,
may help identify the issue.
Second, does the 'standard' login using the default administrator user
account, admin@yourtenant... succeed, if you use the default password,
'Administrator'?
Third, you might use a PostgreSQL client, like the command-line 'psql'
or a GUI utility, to take a look at the 'users' table, to verify that
a) the name of your tenant's default admin user account is what you
expect and b) the password was in fact changed from the default.
e.g. from a Linux shell prompt:
psql -U postgres
(At the 'Password for user postgres:' prompt, enter the password for
the 'postgres' database user; e.g. from 'echo $DB_PASSWORD')
(at successive prompts, enter:)
\c cspace
select username, passwd from users;
(when done, to quit psql, enter:)
\q
Make sure that a) the admin username for your tenant is what you
expect and b) the (hashed) password for that account is different from
the 'admin@core.collectionspace.org' user.
There can be a variety of other reasons for a failed login, but this
may help identify (or rule out) some obvious possibilities.
Aron
On Tue, Aug 6, 2013 at 10:22 AM, Al Bersch abersch@museumca.org wrote:
Hello all,
I created a new tenant (called omca) and successfully ran all the mvn
and
ant commands to deploy the ui, applications, and services layers. When
I
get to the login page for our new tenant, and use the login I set when
making changes to the local-{your_museum}-settings.xml file (for us,
it's
local-omca-settings.xml), I get a message telling me I have an invalid
email/password combination. I've looked in previous "talk"
conversations,
but can't find the solution - anyone know what might be up? I can
successfully log into the core tenant using
admin@core.collectionspace.org.
Thanks,
Al
Al Bersch
Digital Project Coordinator
Oakland Museum of California
1000 Oak Street, Oakland, CA 94607
abersch@museumca.org
510-318-8468
Talk mailing list
Talk@lists.collectionspace.org
http://lists.collectionspace.org/mailman/listinfo/talk_lists.collectionspace.org
Thanks everyone!
About Ray's clarification, I did go and change the password "Administrator" in tomcat-main/src/main/resources/tenants/omca/local-omca-settings.xml. Initially I had kept as the default, but then after following Aron's instructions I (I suppose wrongly?) assumed that meant I should change the default password in the local-omca-settings.xml file.
Third, you might use a PostgreSQL client, like the command-line 'psql' >>> or a GUI utility, to take a look at the 'users' table, to verify that
>>> a) the name of your tenant's default admin user account is what you
>>> expect and b) the password was in fact changed from the default.
So now that I've changed the default, when I first login to my tenant, should I use Administrator, or my new password?
Though, no (now to answer Aron's question), I can't currently log into the new tenant http://yourhost:yourport/collectionspace/ui/omca/html/index.html , with username ' admin@museumca.org ' and the default password, 'Administrator', even after cutting and pasting from a text editor.
However, this might illuminate the problem:
When I changed to tenant ID, I did so according to the instructions here: http://wiki.collectionspace.org/display/DOC/Creating+your+new+tenant, in se rvices/common/src/main/cspace/config/services/tenants/omca/tenant-bindings.delta.xml. So the tenant ID in this file is now 5.
When I look in $CATALINA_HOME/lib/tenants/omca, both local-omca-settings.xml and settings.xml have the tenant ID as 1.
So, am I correct that I may have configured this incorrectly, or in the wrong place? Thanks for you insight!
Finally, just to follow up on every part of the thread, when I looked in the log catalina.out (this is the only "catalina" log i see in $CSPACE_JEESERVER_HOME/logs), I don't see something like
ERROR [org.collectionspace.services.common.security.SecurityInterceptor:171]
Access to 5:someresourcenamehere#create is NOT allowed to
user=admin@museumca.org
Here's what I do see:
2013-08-13 16:53:04,660 WARN [http-8180-4] [org.collectionspace.services.common.security.SecurityInterceptor:358] Attempt to logout when Nuxeo login context was null
2013-08-13 16:53:04,667 WARN [http-8180-4] [org.springframework.security.web.context.HttpSessionSecurityContextRepository:396] Failed to create a session, as response has been committed. Unable to store SecurityContext.
2013-08-13 16:53:47,255 (68539341) [http-8180-6] INFO org.apache.commons.httpclient.HttpMethodDirector: Failure authenticating with BASIC 'org.collectionspace.services'@198.74.51.203:8180
2013-08-13 16:53:47,255 (68539341) [http-8180-6] ERROR org.collectionspace.chain.csp.persistence.services.connection.ReturnedDocument: Got error : <html><head><title>Apache Tomcat/6.0.33 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 401 - Password Incorrect/Password Required</h1><HR size="1" noshade="noshade"><p><b>type</b> Status report</p><p><b>message</b> <u>Password Incorrect/Password Required</u></p><p><b>description</b> <u>This request requires HTTP authentication (Password Incorrect/Password Required).</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/6.0.33</h3></body></html>
Thanks again,
Al
Al Bersch
Digital Project Coordinator
Oakland Museum of California
1000 Oak Street, Oakland, CA 94607
abersch@museumca.org
510-318-8468
----- Original Message -----
From: "Aron Roberts" <aron@socrates.berkeley.edu>
To: "Al Bersch" <abersch@museumca.org>
Cc: "talk" <talk@lists.collectionspace.org>, "rescamilla" <rescamilla@museumca.org>
Sent: Monday, August 12, 2013 5:14:12 PM
Subject: Re: [Talk] Invalid email/password combination logging into new tenant
One more thing, Al ... it might also be useful to confirm that the
tenant ID configured in the Application layer configuration matches
the corresponding ID in the Services layer ('5' ?)
E.g. in $CATALINA_HOME/lib/tenants/omca, most likely in settings.xml:
<settings>
<admin>
<username>admin@museumca.org</username>
<password>Administrator</password>
<tenant>5</tenant>
From: "Aron Roberts" <aron@socrates.berkeley.edu>
To: "Ray Lee" <rhlee@berkeley.edu>, "Al Bersch" <abersch@museumca.org>
Cc: "talk" <talk@lists.collectionspace.org>, "rescamilla" <rescamilla@museumca.org>
Sent: Monday, August 12, 2013 5:01:00 PM
Subject: Re: [Talk] Invalid email/password combination logging into new tenant
Thanks, Ray, for this helpful clarification!
Al, thank you very much for the additional reports, as well. Did I
understand correctly that you said that, even when you try logging
into your 'omca' tenant at, say,
http://yourhost:yourport/collectionspace/ui/omca/html/index.html, with
username 'admin@museumca.org' and the default password,
'Administrator', you still get this error? Even after typing the
username and password into a document in a plaintext editor, and then
copying and pasting them into the respective fields in the login
screen, just to help rule out a potentially overlooked typo?
If and only if the answer to both of the questions above is 'yes,' I'm
wondering whether access permissions - the association of user roles
with permissions to read, create, delete, etc. various resources -
were set up correctly for this tenant. If you look in one additional
set of log files, those that start with catalina*, do you see any
errors similar to these about the time that you're attempting to
login? (The permission might not necessarily be #create; this is just
an example ...)
ERROR [org.collectionspace.services.common.security.SecurityInterceptor:171]
Access to 5:someresourcenamehere#create is NOT allowed to
user=admin@museumca.org
*If* you see messages similar to this around the time of the login
attempt, one thing you might try is dropping and re-creating the
database that holds authorization (AuthZ) tables, then rebuilding the
tables that store those access permissions.
>From the top-level of the Services source code tree (off the top of my
head and untried), this is how I remember that you do that:
ant create_cspace_db
ant import
(To successfully run the first command above, which deletes and then
re-creates the 'cspace' database, you'll likely need to temporarily
shut down CollectionSpace and make sure that you're not accessing the
PostgreSQL database system via any other client, psql or otherwise.)
Aron
On Mon, Aug 12, 2013 at 4:40 PM, Ray Lee <rhlee@berkeley.edu> wrote:
> Hi Al,
> Confusingly, the password you configure in the local-omca-settings.xml file
> is not actually what determines what you use to log in. When you create a
> new tenant, you have to log in using the username you configure, and the
> password "Administrator". The first thing you should then do is go to the
> Admin tab in the UI, and change the password.
>
> After you've done that (and confirmed that you can log in using the new
> password), you should edit local-omca-settings.xml, and put in the password
> you set via the UI. That setting allows the app layer to obtain admin
> privileges when the logged in user is not an admin user. For example, the
> automated password reset feature requires this, so that the app layer can
> reset a user's password.
>
> Ray
>
>
>
> On Mon, Aug 12, 2013 at 4:27 PM, Al Bersch <abersch@museumca.org> wrote:
>>
>> Hi Jesse, Aron, and all:
>>
>> Thanks again for your hlep. I looked at the logs, but I'm not sure exactly
>> what they are telling me.
>>
>> I tried logging into my tenant (omca) with the default password and the
>> user I set up (admin@museumca.org), but did not have any luck.
>>
>> I AM able to login to the core and lifesci clients.
>>
>> looking up the usernames and passwrd in psql utility, the username I set
>> up appears correctly (admin@museumca.org), but the hashed password still
>> matches the password also listed for lifesci and core tenants.
>>
>> When I look in the merged-settings.xml_local-omca-settings.xml-.xml file
>> in $CSPACE_JEESERVER_HOME/temp, it shows my username and password correctly.
>>
>> Looking at the tenant-bindings files, it looks like information in
>> tenant-bindings.delta.xml matches that in tenant-bindings.merged.xml, but
>> I'm not sure if it's in the same place, or if it is complete. I pasted that
>> info below the logs.
>>
>> Thanks again,
>>
>> Al
>>
>> From cspace-services.log:
>>
>>
>> 2013-08-12 21:51:25,587 ERROR [main]
>> [org.collectionspace.services.common.config.ConfigUtils:51] No domain name
>> was specified on call to getRepositoryName() method.
>>
>> 2013-08-12 21:51:25,587 ERROR [main]
>> [org.collectionspace.services.common.config.ConfigUtils:51] No domain name
>> was specified on call to getRepositoryName() method.
>>
>> 2013-08-12 21:51:25,588 ERROR [main]
>> [org.collectionspace.services.common.config.ConfigUtils:51] No domain name
>> was specified on call to getRepositoryName() method.
>>
>> 2013-08-12 21:51:25,588 ERROR [main]
>> [org.collectionspace.services.common.config.ConfigUtils:51] No domain name
>> was specified on call to getRepositoryName() method.
>>
>> 2013-08-12 21:51:25,589 ERROR [main]
>> [org.collectionspace.services.common.config.ConfigUtils:51] No domain name
>> was specified on call to getRepositoryName() method.
>>
>> 2013-08-12 21:51:25,589 ERROR [main]
>> [org.collectionspace.services.common.config.ConfigUtils:51] No domain name
>> was specified on call to getRepositoryName() method.
>>
>> 2013-08-12 21:51:25,589 ERROR [main]
>> [org.collectionspace.services.common.config.ConfigUtils:51] No domain name
>> was specified on call to getRepositoryName() method.
>>
>> 2013-08-12 21:51:25,872 DEBUG [main]
>> [org.collectionspace.services.client.AbstractServiceClientImpl:269]
>> readProperties() using url=http://localhost:8180/cspace-services/
>>
>> 2013-08-12 21:51:25,873 DEBUG [main]
>> [org.collectionspace.services.client.AbstractServiceClientImpl:323]
>> setupHttpClient() using url=http://localhost:8180/cspace-services/
>> user=admin@core.collectionspace.org password=Administrator
>>
>> 2013-08-12 21:51:25,875 DEBUG [main]
>> [org.collectionspace.services.client.AbstractServiceClientImpl:334]
>> setupHttpClient: set preemptive authentication
>>
>> 2013-08-12 21:51:29,995 DEBUG [http-8180-2]
>> [org.collectionspace.authentication.realm.db.CSpaceDbRealm:144] Executing
>> query: select passwd from users where username=?, with username:
>> admin@museumca.org
>>
>> 2013-08-12 21:51:29,999 DEBUG [http-8180-2]
>> [org.collectionspace.authentication.jaas.CSpaceJBossDBLoginModule:79]
>> Obtained user password for: admin@museumca.org
>>
>>
>>
>> From cspace-app.log:
>>
>>
>> 2013-08-12 21:50:07,908 INFO [http-8180-4]
>> [org.apache.commons.httpclient.HttpMethodDirector:722] Failure
>> authenticating with BASIC 'org.collectionspace.services'@198.74.51.203:8180
>>
>> 2013-08-12 21:50:07,908 ERROR [http-8180-4]
>> [org.collectionspace.chain.csp.persistence.services.connection.ReturnedDocument:39]
>> Got error : <html><head><title>Apache Tomcat/6.0.33 - Error
>> report</title><style><!--H1
>> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;}
>> H2
>> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;}
>> H3
>> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;}
>> BODY
>> {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B
>> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;}
>> P
>> {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A
>> {color : black;}A.name {color : black;}HR {color : #525D76;}--></style>
>> </head><body><h1>HTTP Status 401 - Password Incorrect/Password
>> Required</h1><HR size="1" noshade="noshade"><p><b>type</b> Status
>> report</p><p><b>message</b> <u>Password Incorrect/Password
>> Required</u></p><p><b>description</b> <u>This request requires HTTP
>> authentication (Password Incorrect/Password Required).</u></p><HR size="1"
>> noshade="noshade"><h3>Apache Tomcat/6.0.33</h3></body></html>
>>
>> 2013-08-12 21:51:27,914 INFO [http-8180-1]
>> [org.collectionspace.chain.csp.config.impl.parser.AssemblingContentHandler:156]
>> XMLMerge result output to:
>> /usr/local/share/apache-tomcat-6.0.33/temp/merged-settings.xml_local-omca-settings.xml-.xml
>>
>> 2013-08-12 21:51:30,010 INFO [http-8180-1]
>> [org.apache.commons.httpclient.HttpMethodDirector:722] Failure
>> authenticating with BASIC 'org.collectionspace.services'@198.74.51.203:8180
>>
>> 2013-08-12 21:51:30,012 ERROR [http-8180-1]
>> [org.collectionspace.chain.csp.persistence.services.connection.ReturnedDocument:39]
>> Got error : <html><head><title>Apache Tomcat/6.0.33 - Error
>> report</title><style><!--H1
>> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;}
>> H2
>> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;}
>> H3
>> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;}
>> BODY
>> {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B
>> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;}
>> P
>> {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A
>> {color : black;}A.name {color : black;}HR {color : #525D76;}--></style>
>> </head><body><h1>HTTP Status 401 - Password Incorrect/Password
>> Required</h1><HR size="1" noshade="noshade"><p><b>type</b> Status
>> report</p><p><b>message</b> <u>Password Incorrect/Password
>> Required</u></p><p><b>description</b> <u>This request requires HTTP
>> authentication (Password Incorrect/Password Required).</u></p><HR size="1"
>> noshade="noshade"><h3>Apache Tomcat/6.0.33</h3></body></html>
>>
>> 2013-08-12 21:51:30,158 INFO [http-8180-1]
>> [org.collectionspace.chain.csp.config.impl.parser.AssemblingContentHandler:156]
>> XMLMerge result output to:
>> /usr/local/share/apache-tomcat-6.0.33/temp/merged-settings.xml_local-omca-settings.xml-.xml
>>
>> 2013-08-12 21:51:31,306 INFO [net.sf.ehcache.CacheManager@1b6ab7e]
>> [net.sf.ehcache.util.UpdateChecker:98] New update(s) found: 2.6.5
>> [http://www.terracotta.org/confluence/display/release/Release+Notes+Ehcache+Core+2.6].
>> Please check http://ehcache.org for the latest version.
>>
>>
>> tenant-bindings.delta.xml:
>>
>>
>> <?xml version="1.0" encoding="UTF-8"?>
>>
>> <tenant:TenantBindingConfig
>>
>> xmlns:merge='http://xmlmerge.el4j.elca.ch'
>>
>> xmlns:tenant='http://collectionspace.org/services/config/tenant'>
>>
>>
>> <tenant:tenantBinding id="5" name="museumca.org" displayName="Oakland
>> Museum of California" version="0.1">
>>
>> <tenant:repositoryDomain name="default-domain"
>> storageName="omca-domain" repositoryClient="nuxeo-java" />
>>
>> </tenant:tenantBinding>
>>
>>
>> </tenant:TenantBindingConfig>
>>
>>
>> tenant-bindings.merged.xml:
>>
>>
>> <?xml version="1.0" encoding="UTF-8"?>
>>
>> <!--
>>
>> Copyright: Regents of the University of California 2012
>>
>> Document : tenants-bindings.xml
>>
>> Description: Prototype tenant bindings, specifying the default
>> services
>>
>> layer configuration for a generic, out-of-the-box tenant.
>>
>> These prototype bindings are merged with 'delta' bindings
>>
>> specifying the differences from the prototype
>> configuration
>>
>> for each actual tenant, resulting in 'merged' bindings
>>
>> for that tenant.
>>
>> $LastChangedRevision$
>>
>> $LastChangedDate$
>>
>> -->
>>
>> <tenant:TenantBindingConfig
>> xmlns:tenant="http://collectionspace.org/services/config/tenant"
>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>> xsi:schemaLocation="http://collectionspace.org/services/config/tenant
>> http://collectionspace.org/services/config/tenant.xsd">
>>
>> <!-- begin prototype collectionspace.org tenant meta-data -->
>>
>> <tenant:tenantBinding id="5" name="museumca.org" displayName="Oakland
>> Museum of California" version="0.1">
>>
>> <tenant:repositoryDomain name="default-domain"
>> storageName="omca-domain" repositoryClient="nuxeo-java" />
>>
>> <tenant:properties>
>>
>> <types:item
>> xmlns:types="http://collectionspace.org/services/config/types">
>>
>> <types:key>datePattern</types:key>
>>
>> <types:value>MM/dd/yyyy</types:value>
>>
>> </types:item>
>>
>> <types:item
>> xmlns:types="http://collectionspace.org/services/config/types">
>>
>> <types:key>datePattern</types:key>
>>
>> <types:value>MMM dd, yyyy</types:value>
>>
>> </types:item>
>>
>> <types:item
>> xmlns:types="http://collectionspace.org/services/config/types">
>>
>> <types:key>datePattern</types:key>
>>
>> <types:value>dd.MM.yyyy</types:value>
>>
>> </types:item>
>>
>> <!--
>>
>> <types:item>
>>
>> <types:key>datePattern</types:key>
>>
>> <types:value>dd/MM/yyyy</types:value>
>>
>> </types:item>
>>
>> -->
>>
>> <types:item
>> xmlns:types="http://collectionspace.org/services/config/types">
>>
>> <types:key>localeLanguage</types:key>
>>
>> <types:value>en</types:value>
>>
>> </types:item>
>>
>> <!--
>>
>> <types:item>
>>
>> <types:key>localeLanguage</types:key>
>>
>> <types:value>da</types:value>
>>
>> "tenant-bindings.merged.xml" 3461L, 227468C
>> 1,1 Top
>>
>>
>>
>>
>> Al Bersch
>> Digital Project Coordinator
>> Oakland Museum of California
>> 1000 Oak Street, Oakland, CA 94607
>> abersch@museumca.org
>> 510-318-8468
>> ________________________________
>> From: "Jesse Martinez" <mjesse@gmail.com>
>> To: "Aron Roberts" <aron@socrates.berkeley.edu>
>> Cc: "Al Bersch" <abersch@museumca.org>, "talk"
>> <talk@lists.collectionspace.org>, "rescamilla" <rescamilla@museumca.org>
>> Sent: Wednesday, August 7, 2013 9:22:17 AM
>> Subject: Re: [Talk] Invalid email/password combination logging into new
>> tenant
>>
>> Can you log into the default core or lifesci tenants? If you can then it
>> is probably a configuration settings for your omca tenant. If you can't then
>> it may be a service or app layer issue.
>>
>> A good point of interest is to check the tenant-bindings configuration
>> file in the services layer.
>> The deployed copy of this file should be located at:
>> /usr/local/share/apache-tomcat-6.0.33/cspace/config/services/tenants/omca/
>>
>> A good thing to check is if the tenant-bindings.delta additions/changes
>> are also present in the tenant-bindings.merged file. But also merged into
>> the _correct_ places. (This is important!)
>>
>> - Jesse
>>
>>
>> On Tue, Aug 6, 2013 at 1:46 PM, Aron Roberts <aron@socrates.berkeley.edu>
>> wrote:
>>>
>>> First place to look: what errors are you seeing in server log files,
>>> timestamped at the time of the failed login attempt?
>>>
>>> You might start with (both in $CSPACE_JEESERVER_HOME/logs):
>>> cspace-services.log
>>> cspace-app.log
>>>
>>> Error message(s) in those logfiles, particularly cspace-services.log,
>>> may help identify the issue.
>>>
>>> Second, does the 'standard' login using the default administrator user
>>> account, admin@yourtenant... succeed, if you use the default password,
>>> 'Administrator'?
>>>
>>> Third, you might use a PostgreSQL client, like the command-line 'psql'
>>> or a GUI utility, to take a look at the 'users' table, to verify that
>>> a) the name of your tenant's default admin user account is what you
>>> expect and b) the password was in fact changed from the default.
>>>
>>> e.g. from a Linux shell prompt:
>>> psql -U postgres
>>> (At the 'Password for user postgres:' prompt, enter the password for
>>> the 'postgres' database user; e.g. from 'echo $DB_PASSWORD')
>>> (at successive prompts, enter:)
>>> \c cspace
>>> select username, passwd from users;
>>> (when done, to quit psql, enter:)
>>> \q
>>>
>>> Make sure that a) the admin username for your tenant is what you
>>> expect and b) the (hashed) password for that account is different from
>>> the 'admin@core.collectionspace.org' user.
>>>
>>> There can be a variety of other reasons for a failed login, but this
>>> may help identify (or rule out) some obvious possibilities.
>>>
>>> Aron
>>>
>>> On Tue, Aug 6, 2013 at 10:22 AM, Al Bersch <abersch@museumca.org> wrote:
>>> > Hello all,
>>> >
>>> > I created a new tenant (called omca) and successfully ran all the mvn
>>> > and
>>> > ant commands to deploy the ui, applications, and services layers. When
>>> > I
>>> > get to the login page for our new tenant, and use the login I set when
>>> > making changes to the local-{your_museum}-settings.xml file (for us,
>>> > it's
>>> > local-omca-settings.xml), I get a message telling me I have an invalid
>>> > email/password combination. I've looked in previous "talk"
>>> > conversations,
>>> > but can't find the solution - anyone know what might be up? I can
>>> > successfully log into the core tenant using
>>> > admin@core.collectionspace.org.
>>> >
>>> > Thanks,
>>> >
>>> > Al
>>> >
>>> > Al Bersch
>>> > Digital Project Coordinator
>>> > Oakland Museum of California
>>> > 1000 Oak Street, Oakland, CA 94607
>>> > abersch@museumca.org
>>> > 510-318-8468
>>> >
>>> > _______________________________________________
>>> > Talk mailing list
>>> > Talk@lists.collectionspace.org
>>> >
>>> > http://lists.collectionspace.org/mailman/listinfo/talk_lists.collectionspace.org
>>> >
>>>
>>> _______________________________________________
>>> Talk mailing list
>>> Talk@lists.collectionspace.org
>>>
>>> http://lists.collectionspace.org/mailman/listinfo/talk_lists.collectionspace.org
>>
>>
>>
>>
>> _______________________________________________
>> Talk mailing list
>> Talk@lists.collectionspace.org
>>
>> http://lists.collectionspace.org/mailman/listinfo/talk_lists.collectionspace.org
>>
>
>
> _______________________________________________
> Talk mailing list
> Talk@lists.collectionspace.org
> http://lists.collectionspace.org/mailman/listinfo/talk_lists.collectionspace.org
>
AR
Aron Roberts
Tue, Aug 13, 2013 5:26 PM
Thanks, Al. Yes, the next thing to try is to update the tenant ID, in
$CATALINA_HOME/lib/tenants/omca, in both local-omca-settings.xml and
settings.xml, to '5' to match the tenant ID in the services. Shutting
down and restarting Tomcat should pick up that change.
After that, if the hashed password for the admin@museumca.org user in
the 'users' table is still identical to that of the
'admin@core.collectionspace.org' user, then you can use
'Administrator' as your password when logging in.
On Tue, Aug 13, 2013 at 10:15 AM, Al Bersch abersch@museumca.org wrote:
Thanks everyone!
About Ray's clarification, I did go and change the password "Administrator"
in tomcat-main/src/main/resources/tenants/omca/local-omca-settings.xml.
Initially I had kept as the default, but then after following Aron's
instructions I (I suppose wrongly?) assumed that meant I should change the
default password in the local-omca-settings.xml file.
Third, you might use a PostgreSQL client, like the command-line 'psql'
or a GUI utility, to take a look at the 'users' table, to verify that
a) the name of your tenant's default admin user account is what you
expect and b) the password was in fact changed from the default.
So now that I've changed the default, when I first login to my tenant,
should I use Administrator, or my new password?
Though, no (now to answer Aron's question), I can't currently log into the
new tenant http://yourhost:yourport/collectionspace/ui/omca/html/index.html,
with username 'admin@museumca.org' and the default password,'Administrator',
even after cutting and pasting from a text editor.
However, this might illuminate the problem:
When I changed to tenant ID, I did so according to the instructions here:
http://wiki.collectionspace.org/display/DOC/Creating+your+new+tenant, in
services/common/src/main/cspace/config/services/tenants/omca/tenant-bindings.delta.xml.
So the tenant ID in this file is now 5.
When I look in $CATALINA_HOME/lib/tenants/omca, both local-omca-settings.xml
and settings.xml have the tenant ID as 1.
So, am I correct that I may have configured this incorrectly, or in the
wrong place? Thanks for you insight!
Finally, just to follow up on every part of the thread, when I looked in the
log catalina.out (this is the only "catalina" log i see in
$CSPACE_JEESERVER_HOME/logs), I don't see something like
ERROR [org.collectionspace.services.common.security.SecurityInterceptor:171]
Access to 5:someresourcenamehere#create is NOT allowed to
user=admin@museumca.org
Here's what I do see:
2013-08-13 16:53:04,660 WARN [http-8180-4]
[org.collectionspace.services.common.security.SecurityInterceptor:358]
Attempt to logout when Nuxeo login context was null
2013-08-13 16:53:04,667 WARN [http-8180-4]
[org.springframework.security.web.context.HttpSessionSecurityContextRepository:396]
Failed to create a session, as response has been committed. Unable to store
SecurityContext.
2013-08-13 16:53:47,255 (68539341) [http-8180-6] INFO
org.apache.commons.httpclient.HttpMethodDirector: Failure authenticating
with BASIC 'org.collectionspace.services'@198.74.51.203:8180
2013-08-13 16:53:47,255 (68539341) [http-8180-6] ERROR
org.collectionspace.chain.csp.persistence.services.connection.ReturnedDocument:
Got error : <html><head><title>Apache Tomcat/6.0.33 - Error
report</title><style><!--H1
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;}
H2
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;}
H3
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;}
BODY
{font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;}
P
{font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A
{color : black;}A.name {color : black;}HR {color : #525D76;}--></style>
</head><body><h1>HTTP Status 401 - Password Incorrect/Password
Required</h1><HR size="1" noshade="noshade"><p><b>type</b> Status
report</p><p><b>message</b> <u>Password Incorrect/Password
Required</u></p><p><b>description</b> <u>This request requires HTTP
authentication (Password Incorrect/Password Required).</u></p><HR size="1"
noshade="noshade"><h3>Apache Tomcat/6.0.33</h3></body></html>
Thanks again,
Al
Al Bersch
Digital Project Coordinator
Oakland Museum of California
1000 Oak Street, Oakland, CA 94607
abersch@museumca.org
510-318-8468
From: "Aron Roberts" aron@socrates.berkeley.edu
To: "Al Bersch" abersch@museumca.org
Cc: "talk" talk@lists.collectionspace.org, "rescamilla"
rescamilla@museumca.org
Sent: Monday, August 12, 2013 5:14:12 PM
Subject: Re: [Talk] Invalid email/password combination logging into new
tenant
One more thing, Al ... it might also be useful to confirm that the
tenant ID configured in the Application layer configuration matches
the corresponding ID in the Services layer ('5' ?)
E.g. in $CATALINA_HOME/lib/tenants/omca, most likely in settings.xml:
<settings>
<admin>
<username>admin@museumca.org</username>
<password>Administrator</password>
<tenant>5</tenant>
From: "Aron Roberts" aron@socrates.berkeley.edu
To: "Ray Lee" rhlee@berkeley.edu, "Al Bersch" abersch@museumca.org
Cc: "talk" talk@lists.collectionspace.org, "rescamilla"
rescamilla@museumca.org
Sent: Monday, August 12, 2013 5:01:00 PM
Subject: Re: [Talk] Invalid email/password combination logging into new
tenant
Thanks, Ray, for this helpful clarification!
Al, thank you very much for the additional reports, as well. Did I
understand correctly that you said that, even when you try logging
into your 'omca' tenant at, say,
http://yourhost:yourport/collectionspace/ui/omca/html/index.html, with
username 'admin@museumca.org' and the default password,
'Administrator', you still get this error? Even after typing the
username and password into a document in a plaintext editor, and then
copying and pasting them into the respective fields in the login
screen, just to help rule out a potentially overlooked typo?
If and only if the answer to both of the questions above is 'yes,' I'm
wondering whether access permissions - the association of user roles
with permissions to read, create, delete, etc. various resources -
were set up correctly for this tenant. If you look in one additional
set of log files, those that start with catalina*, do you see any
errors similar to these about the time that you're attempting to
login? (The permission might not necessarily be #create; this is just
an example ...)
ERROR [org.collectionspace.services.common.security.SecurityInterceptor:171]
Access to 5:someresourcenamehere#create is NOT allowed to
user=admin@museumca.org
If you see messages similar to this around the time of the login
attempt, one thing you might try is dropping and re-creating the
database that holds authorization (AuthZ) tables, then rebuilding the
tables that store those access permissions.
From the top-level of the Services source code tree (off the top of my
head and untried), this is how I remember that you do that:
ant create_cspace_db
ant import
(To successfully run the first command above, which deletes and then
re-creates the 'cspace' database, you'll likely need to temporarily
shut down CollectionSpace and make sure that you're not accessing the
PostgreSQL database system via any other client, psql or otherwise.)
Aron
On Mon, Aug 12, 2013 at 4:40 PM, Ray Lee rhlee@berkeley.edu wrote:
Hi Al,
Confusingly, the password you configure in the local-omca-settings.xml
file
is not actually what determines what you use to log in. When you create a
new tenant, you have to log in using the username you configure, and the
password "Administrator". The first thing you should then do is go to the
Admin tab in the UI, and change the password.
After you've done that (and confirmed that you can log in using the new
password), you should edit local-omca-settings.xml, and put in the
password
you set via the UI. That setting allows the app layer to obtain admin
privileges when the logged in user is not an admin user. For example, the
automated password reset feature requires this, so that the app layer can
reset a user's password.
Ray
On Mon, Aug 12, 2013 at 4:27 PM, Al Bersch abersch@museumca.org wrote:
Hi Jesse, Aron, and all:
Thanks again for your hlep. I looked at the logs, but I'm not sure
exactly
what they are telling me.
I tried logging into my tenant (omca) with the default password and the
user I set up (admin@museumca.org), but did not have any luck.
I AM able to login to the core and lifesci clients.
looking up the usernames and passwrd in psql utility, the username I set
up appears correctly (admin@museumca.org), but the hashed password still
matches the password also listed for lifesci and core tenants.
When I look in the merged-settings.xml_local-omca-settings.xml-.xml file
in $CSPACE_JEESERVER_HOME/temp, it shows my username and password
correctly.
Looking at the tenant-bindings files, it looks like information in
tenant-bindings.delta.xml matches that in tenant-bindings.merged.xml, but
I'm not sure if it's in the same place, or if it is complete. I pasted
that
info below the logs.
Thanks again,
Al
From cspace-services.log:
2013-08-12 21:51:25,587 ERROR [main]
[org.collectionspace.services.common.config.ConfigUtils:51] No domain
name
was specified on call to getRepositoryName() method.
2013-08-12 21:51:25,587 ERROR [main]
[org.collectionspace.services.common.config.ConfigUtils:51] No domain
name
was specified on call to getRepositoryName() method.
2013-08-12 21:51:25,588 ERROR [main]
[org.collectionspace.services.common.config.ConfigUtils:51] No domain
name
was specified on call to getRepositoryName() method.
2013-08-12 21:51:25,588 ERROR [main]
[org.collectionspace.services.common.config.ConfigUtils:51] No domain
name
was specified on call to getRepositoryName() method.
2013-08-12 21:51:25,589 ERROR [main]
[org.collectionspace.services.common.config.ConfigUtils:51] No domain
name
was specified on call to getRepositoryName() method.
2013-08-12 21:51:25,589 ERROR [main]
[org.collectionspace.services.common.config.ConfigUtils:51] No domain
name
was specified on call to getRepositoryName() method.
2013-08-12 21:51:25,589 ERROR [main]
[org.collectionspace.services.common.config.ConfigUtils:51] No domain
name
was specified on call to getRepositoryName() method.
2013-08-12 21:51:25,872 DEBUG [main]
[org.collectionspace.services.client.AbstractServiceClientImpl:269]
readProperties() using url=http://localhost:8180/cspace-services/
2013-08-12 21:51:25,873 DEBUG [main]
[org.collectionspace.services.client.AbstractServiceClientImpl:323]
setupHttpClient() using url=http://localhost:8180/cspace-services/
user=admin@core.collectionspace.org password=Administrator
2013-08-12 21:51:25,875 DEBUG [main]
[org.collectionspace.services.client.AbstractServiceClientImpl:334]
setupHttpClient: set preemptive authentication
2013-08-12 21:51:29,995 DEBUG [http-8180-2]
[org.collectionspace.authentication.realm.db.CSpaceDbRealm:144] Executing
query: select passwd from users where username=?, with username:
admin@museumca.org
2013-08-12 21:51:29,999 DEBUG [http-8180-2]
[org.collectionspace.authentication.jaas.CSpaceJBossDBLoginModule:79]
Obtained user password for: admin@museumca.org
From cspace-app.log:
2013-08-12 21:50:07,908 INFO [http-8180-4]
[org.apache.commons.httpclient.HttpMethodDirector:722] Failure
authenticating with BASIC
'org.collectionspace.services'@198.74.51.203:8180
2013-08-12 21:50:07,908 ERROR [http-8180-4]
[org.collectionspace.chain.csp.persistence.services.connection.ReturnedDocument:39]
Got error : <html><head><title>Apache Tomcat/6.0.33 - Error
report</title><style><!--H1
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;}
H2
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;}
H3
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;}
BODY
{font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;}
B
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;}
P
{font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A
{color : black;}A.name {color : black;}HR {color : #525D76;}--></style>
</head><body><h1>HTTP Status 401 - Password Incorrect/Password
Required</h1><HR size="1" noshade="noshade"><p><b>type</b> Status
report</p><p><b>message</b> <u>Password Incorrect/Password
Required</u></p><p><b>description</b> <u>This request requires HTTP
authentication (Password Incorrect/Password Required).</u></p><HR
size="1"
noshade="noshade"><h3>Apache Tomcat/6.0.33</h3></body></html>
2013-08-12 21:51:27,914 INFO [http-8180-1]
[org.collectionspace.chain.csp.config.impl.parser.AssemblingContentHandler:156]
XMLMerge result output to:
/usr/local/share/apache-tomcat-6.0.33/temp/merged-settings.xml_local-omca-settings.xml-.xml
2013-08-12 21:51:30,010 INFO [http-8180-1]
[org.apache.commons.httpclient.HttpMethodDirector:722] Failure
authenticating with BASIC
'org.collectionspace.services'@198.74.51.203:8180
2013-08-12 21:51:30,012 ERROR [http-8180-1]
[org.collectionspace.chain.csp.persistence.services.connection.ReturnedDocument:39]
Got error : <html><head><title>Apache Tomcat/6.0.33 - Error
report</title><style><!--H1
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;}
H2
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;}
H3
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;}
BODY
{font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;}
B
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;}
P
{font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A
{color : black;}A.name {color : black;}HR {color : #525D76;}--></style>
</head><body><h1>HTTP Status 401 - Password Incorrect/Password
Required</h1><HR size="1" noshade="noshade"><p><b>type</b> Status
report</p><p><b>message</b> <u>Password Incorrect/Password
Required</u></p><p><b>description</b> <u>This request requires HTTP
authentication (Password Incorrect/Password Required).</u></p><HR
size="1"
noshade="noshade"><h3>Apache Tomcat/6.0.33</h3></body></html>
2013-08-12 21:51:30,158 INFO [http-8180-1]
[org.collectionspace.chain.csp.config.impl.parser.AssemblingContentHandler:156]
XMLMerge result output to:
/usr/local/share/apache-tomcat-6.0.33/temp/merged-settings.xml_local-omca-settings.xml-.xml
2013-08-12 21:51:31,306 INFO [net.sf.ehcache.CacheManager@1b6ab7e]
[net.sf.ehcache.util.UpdateChecker:98] New update(s) found: 2.6.5
[http://www.terracotta.org/confluence/display/release/Release+Notes+Ehcache+Core+2.6].
Please check http://ehcache.org for the latest version.
tenant-bindings.delta.xml:
<?xml version="1.0" encoding="UTF-8"?>
<tenant:TenantBindingConfig
xmlns:merge='http://xmlmerge.el4j.elca.ch'
xmlns:tenant='http://collectionspace.org/services/config/tenant'>
<tenant:tenantBinding id="5" name="museumca.org" displayName="Oakland
Museum of California" version="0.1">
<tenant:repositoryDomain name="default-domain"
storageName="omca-domain" repositoryClient="nuxeo-java" />
</tenant:tenantBinding>
</tenant:TenantBindingConfig>
tenant-bindings.merged.xml:
<?xml version="1.0" encoding="UTF-8"?>
<!--
Copyright: Regents of the University of California 2012
Document : tenants-bindings.xml
Description: Prototype tenant bindings, specifying the default
services
layer configuration for a generic, out-of-the-box
tenant.
These prototype bindings are merged with 'delta'
bindings
specifying the differences from the prototype
configuration
for each actual tenant, resulting in 'merged' bindings
for that tenant.
$LastChangedRevision$
$LastChangedDate$
-->
<tenant:TenantBindingConfig
xmlns:tenant="http://collectionspace.org/services/config/tenant"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://collectionspace.org/services/config/tenant
http://collectionspace.org/services/config/tenant.xsd">
<!-- begin prototype collectionspace.org tenant meta-data -->
<tenant:tenantBinding id="5" name="museumca.org" displayName="Oakland
Museum of California" version="0.1">
<tenant:repositoryDomain name="default-domain"
storageName="omca-domain" repositoryClient="nuxeo-java" />
<tenant:properties>
<types:item
xmlns:types="http://collectionspace.org/services/config/types">
<types:key>datePattern</types:key>
<types:value>MM/dd/yyyy</types:value>
</types:item>
<types:item
xmlns:types="http://collectionspace.org/services/config/types">
<types:key>datePattern</types:key>
<types:value>MMM dd, yyyy</types:value>
</types:item>
<types:item
xmlns:types="http://collectionspace.org/services/config/types">
<types:key>datePattern</types:key>
<types:value>dd.MM.yyyy</types:value>
</types:item>
<!--
<types:item>
<types:key>datePattern</types:key>
<types:value>dd/MM/yyyy</types:value>
</types:item>
-->
<types:item
xmlns:types="http://collectionspace.org/services/config/types">
<types:key>localeLanguage</types:key>
<types:value>en</types:value>
</types:item>
<!--
<types:item>
<types:key>localeLanguage</types:key>
<types:value>da</types:value>
"tenant-bindings.merged.xml" 3461L, 227468C
1,1 Top
Al Bersch
Digital Project Coordinator
Oakland Museum of California
1000 Oak Street, Oakland, CA 94607
abersch@museumca.org
510-318-8468
From: "Jesse Martinez" mjesse@gmail.com
To: "Aron Roberts" aron@socrates.berkeley.edu
Cc: "Al Bersch" abersch@museumca.org, "talk"
talk@lists.collectionspace.org, "rescamilla" rescamilla@museumca.org
Sent: Wednesday, August 7, 2013 9:22:17 AM
Subject: Re: [Talk] Invalid email/password combination logging into new
tenant
Can you log into the default core or lifesci tenants? If you can then it
is probably a configuration settings for your omca tenant. If you can't
then
it may be a service or app layer issue.
A good point of interest is to check the tenant-bindings configuration
file in the services layer.
The deployed copy of this file should be located at:
/usr/local/share/apache-tomcat-6.0.33/cspace/config/services/tenants/omca/
A good thing to check is if the tenant-bindings.delta additions/changes
are also present in the tenant-bindings.merged file. But also merged into
the correct places. (This is important!)
On Tue, Aug 6, 2013 at 1:46 PM, Aron Roberts aron@socrates.berkeley.edu
wrote:
First place to look: what errors are you seeing in server log files,
timestamped at the time of the failed login attempt?
You might start with (both in $CSPACE_JEESERVER_HOME/logs):
cspace-services.log
cspace-app.log
Error message(s) in those logfiles, particularly cspace-services.log,
may help identify the issue.
Second, does the 'standard' login using the default administrator user
account, admin@yourtenant... succeed, if you use the default password,
'Administrator'?
Third, you might use a PostgreSQL client, like the command-line 'psql'
or a GUI utility, to take a look at the 'users' table, to verify that
a) the name of your tenant's default admin user account is what you
expect and b) the password was in fact changed from the default.
e.g. from a Linux shell prompt:
psql -U postgres
(At the 'Password for user postgres:' prompt, enter the password for
the 'postgres' database user; e.g. from 'echo $DB_PASSWORD')
(at successive prompts, enter:)
\c cspace
select username, passwd from users;
(when done, to quit psql, enter:)
\q
Make sure that a) the admin username for your tenant is what you
expect and b) the (hashed) password for that account is different from
the 'admin@core.collectionspace.org' user.
There can be a variety of other reasons for a failed login, but this
may help identify (or rule out) some obvious possibilities.
Aron
On Tue, Aug 6, 2013 at 10:22 AM, Al Bersch abersch@museumca.org wrote:
Hello all,
I created a new tenant (called omca) and successfully ran all the mvn
and
ant commands to deploy the ui, applications, and services layers.
When
I
get to the login page for our new tenant, and use the login I set when
making changes to the local-{your_museum}-settings.xml file (for us,
it's
local-omca-settings.xml), I get a message telling me I have an invalid
email/password combination. I've looked in previous "talk"
conversations,
but can't find the solution - anyone know what might be up? I can
successfully log into the core tenant using
admin@core.collectionspace.org.
Thanks,
Al
Al Bersch
Digital Project Coordinator
Oakland Museum of California
1000 Oak Street, Oakland, CA 94607
abersch@museumca.org
510-318-8468
Talk mailing list
Talk@lists.collectionspace.org
http://lists.collectionspace.org/mailman/listinfo/talk_lists.collectionspace.org
Thanks, Al. Yes, the next thing to try is to update the tenant ID, in
$CATALINA_HOME/lib/tenants/omca, in both local-omca-settings.xml and
settings.xml, to '5' to match the tenant ID in the services. Shutting
down and restarting Tomcat should pick up that change.
After that, if the hashed password for the admin@museumca.org user in
the 'users' table is still identical to that of the
'admin@core.collectionspace.org' user, then you can use
'Administrator' as your password when logging in.
On Tue, Aug 13, 2013 at 10:15 AM, Al Bersch <abersch@museumca.org> wrote:
> Thanks everyone!
>
> About Ray's clarification, I did go and change the password "Administrator"
> in tomcat-main/src/main/resources/tenants/omca/local-omca-settings.xml.
> Initially I had kept as the default, but then after following Aron's
> instructions I (I suppose wrongly?) assumed that meant I should change the
> default password in the local-omca-settings.xml file.
>
> Third, you might use a PostgreSQL client, like the command-line 'psql'
>>>> or a GUI utility, to take a look at the 'users' table, to verify that
>>>> a) the name of your tenant's default admin user account is what you
>>>> expect and b) the password was in fact changed from the default.
>
> So now that I've changed the default, when I first login to my tenant,
> should I use Administrator, or my new password?
>
> Though, no (now to answer Aron's question), I can't currently log into the
> new tenant http://yourhost:yourport/collectionspace/ui/omca/html/index.html,
> with username 'admin@museumca.org' and the default password,'Administrator',
> even after cutting and pasting from a text editor.
>
> However, this might illuminate the problem:
>
> When I changed to tenant ID, I did so according to the instructions here:
> http://wiki.collectionspace.org/display/DOC/Creating+your+new+tenant, in
> services/common/src/main/cspace/config/services/tenants/omca/tenant-bindings.delta.xml.
> So the tenant ID in this file is now 5.
>
> When I look in $CATALINA_HOME/lib/tenants/omca, both local-omca-settings.xml
> and settings.xml have the tenant ID as 1.
>
> So, am I correct that I may have configured this incorrectly, or in the
> wrong place? Thanks for you insight!
>
>
> Finally, just to follow up on every part of the thread, when I looked in the
> log catalina.out (this is the only "catalina" log i see in
> $CSPACE_JEESERVER_HOME/logs), I don't see something like
>
>
> ERROR [org.collectionspace.services.common.security.SecurityInterceptor:171]
> Access to 5:someresourcenamehere#create is NOT allowed to
> user=admin@museumca.org
>
>
> Here's what I do see:
>
> 2013-08-13 16:53:04,660 WARN [http-8180-4]
> [org.collectionspace.services.common.security.SecurityInterceptor:358]
> Attempt to logout when Nuxeo login context was null
> 2013-08-13 16:53:04,667 WARN [http-8180-4]
> [org.springframework.security.web.context.HttpSessionSecurityContextRepository:396]
> Failed to create a session, as response has been committed. Unable to store
> SecurityContext.
> 2013-08-13 16:53:47,255 (68539341) [http-8180-6] INFO
> org.apache.commons.httpclient.HttpMethodDirector: Failure authenticating
> with BASIC 'org.collectionspace.services'@198.74.51.203:8180
> 2013-08-13 16:53:47,255 (68539341) [http-8180-6] ERROR
> org.collectionspace.chain.csp.persistence.services.connection.ReturnedDocument:
> Got error : <html><head><title>Apache Tomcat/6.0.33 - Error
> report</title><style><!--H1
> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;}
> H2
> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;}
> H3
> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;}
> BODY
> {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B
> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;}
> P
> {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A
> {color : black;}A.name {color : black;}HR {color : #525D76;}--></style>
> </head><body><h1>HTTP Status 401 - Password Incorrect/Password
> Required</h1><HR size="1" noshade="noshade"><p><b>type</b> Status
> report</p><p><b>message</b> <u>Password Incorrect/Password
> Required</u></p><p><b>description</b> <u>This request requires HTTP
> authentication (Password Incorrect/Password Required).</u></p><HR size="1"
> noshade="noshade"><h3>Apache Tomcat/6.0.33</h3></body></html>
>
>
> Thanks again,
>
> Al
>
> Al Bersch
> Digital Project Coordinator
> Oakland Museum of California
> 1000 Oak Street, Oakland, CA 94607
> abersch@museumca.org
> 510-318-8468
> ________________________________
> From: "Aron Roberts" <aron@socrates.berkeley.edu>
> To: "Al Bersch" <abersch@museumca.org>
> Cc: "talk" <talk@lists.collectionspace.org>, "rescamilla"
> <rescamilla@museumca.org>
> Sent: Monday, August 12, 2013 5:14:12 PM
>
> Subject: Re: [Talk] Invalid email/password combination logging into new
> tenant
>
> One more thing, Al ... it might also be useful to confirm that the
> tenant ID configured in the Application layer configuration matches
> the corresponding ID in the Services layer ('5' ?)
>
> E.g. in $CATALINA_HOME/lib/tenants/omca, most likely in settings.xml:
>
> <settings>
> <admin>
> <username>admin@museumca.org</username>
> <password>Administrator</password>
> <tenant>5</tenant>
>
> From: "Aron Roberts" <aron@socrates.berkeley.edu>
> To: "Ray Lee" <rhlee@berkeley.edu>, "Al Bersch" <abersch@museumca.org>
> Cc: "talk" <talk@lists.collectionspace.org>, "rescamilla"
> <rescamilla@museumca.org>
> Sent: Monday, August 12, 2013 5:01:00 PM
>
> Subject: Re: [Talk] Invalid email/password combination logging into new
> tenant
>
> Thanks, Ray, for this helpful clarification!
>
> Al, thank you very much for the additional reports, as well. Did I
> understand correctly that you said that, even when you try logging
> into your 'omca' tenant at, say,
> http://yourhost:yourport/collectionspace/ui/omca/html/index.html, with
> username 'admin@museumca.org' and the default password,
> 'Administrator', you still get this error? Even after typing the
> username and password into a document in a plaintext editor, and then
> copying and pasting them into the respective fields in the login
> screen, just to help rule out a potentially overlooked typo?
>
> If and only if the answer to both of the questions above is 'yes,' I'm
> wondering whether access permissions - the association of user roles
> with permissions to read, create, delete, etc. various resources -
> were set up correctly for this tenant. If you look in one additional
> set of log files, those that start with catalina*, do you see any
> errors similar to these about the time that you're attempting to
> login? (The permission might not necessarily be #create; this is just
> an example ...)
>
> ERROR [org.collectionspace.services.common.security.SecurityInterceptor:171]
> Access to 5:someresourcenamehere#create is NOT allowed to
> user=admin@museumca.org
>
> *If* you see messages similar to this around the time of the login
> attempt, one thing you might try is dropping and re-creating the
> database that holds authorization (AuthZ) tables, then rebuilding the
> tables that store those access permissions.
>
> From the top-level of the Services source code tree (off the top of my
> head and untried), this is how I remember that you do that:
>
> ant create_cspace_db
> ant import
>
> (To successfully run the first command above, which deletes and then
> re-creates the 'cspace' database, you'll likely need to temporarily
> shut down CollectionSpace and make sure that you're not accessing the
> PostgreSQL database system via any other client, psql or otherwise.)
>
> Aron
>
> On Mon, Aug 12, 2013 at 4:40 PM, Ray Lee <rhlee@berkeley.edu> wrote:
>> Hi Al,
>> Confusingly, the password you configure in the local-omca-settings.xml
>> file
>> is not actually what determines what you use to log in. When you create a
>> new tenant, you have to log in using the username you configure, and the
>> password "Administrator". The first thing you should then do is go to the
>> Admin tab in the UI, and change the password.
>>
>> After you've done that (and confirmed that you can log in using the new
>> password), you should edit local-omca-settings.xml, and put in the
>> password
>> you set via the UI. That setting allows the app layer to obtain admin
>> privileges when the logged in user is not an admin user. For example, the
>> automated password reset feature requires this, so that the app layer can
>> reset a user's password.
>>
>> Ray
>>
>>
>>
>> On Mon, Aug 12, 2013 at 4:27 PM, Al Bersch <abersch@museumca.org> wrote:
>>>
>>> Hi Jesse, Aron, and all:
>>>
>>> Thanks again for your hlep. I looked at the logs, but I'm not sure
>>> exactly
>>> what they are telling me.
>>>
>>> I tried logging into my tenant (omca) with the default password and the
>>> user I set up (admin@museumca.org), but did not have any luck.
>>>
>>> I AM able to login to the core and lifesci clients.
>>>
>>> looking up the usernames and passwrd in psql utility, the username I set
>>> up appears correctly (admin@museumca.org), but the hashed password still
>>> matches the password also listed for lifesci and core tenants.
>>>
>>> When I look in the merged-settings.xml_local-omca-settings.xml-.xml file
>>> in $CSPACE_JEESERVER_HOME/temp, it shows my username and password
>>> correctly.
>>>
>>> Looking at the tenant-bindings files, it looks like information in
>>> tenant-bindings.delta.xml matches that in tenant-bindings.merged.xml, but
>>> I'm not sure if it's in the same place, or if it is complete. I pasted
>>> that
>>> info below the logs.
>>>
>>> Thanks again,
>>>
>>> Al
>>>
>>> From cspace-services.log:
>>>
>>>
>>> 2013-08-12 21:51:25,587 ERROR [main]
>>> [org.collectionspace.services.common.config.ConfigUtils:51] No domain
>>> name
>>> was specified on call to getRepositoryName() method.
>>>
>>> 2013-08-12 21:51:25,587 ERROR [main]
>>> [org.collectionspace.services.common.config.ConfigUtils:51] No domain
>>> name
>>> was specified on call to getRepositoryName() method.
>>>
>>> 2013-08-12 21:51:25,588 ERROR [main]
>>> [org.collectionspace.services.common.config.ConfigUtils:51] No domain
>>> name
>>> was specified on call to getRepositoryName() method.
>>>
>>> 2013-08-12 21:51:25,588 ERROR [main]
>>> [org.collectionspace.services.common.config.ConfigUtils:51] No domain
>>> name
>>> was specified on call to getRepositoryName() method.
>>>
>>> 2013-08-12 21:51:25,589 ERROR [main]
>>> [org.collectionspace.services.common.config.ConfigUtils:51] No domain
>>> name
>>> was specified on call to getRepositoryName() method.
>>>
>>> 2013-08-12 21:51:25,589 ERROR [main]
>>> [org.collectionspace.services.common.config.ConfigUtils:51] No domain
>>> name
>>> was specified on call to getRepositoryName() method.
>>>
>>> 2013-08-12 21:51:25,589 ERROR [main]
>>> [org.collectionspace.services.common.config.ConfigUtils:51] No domain
>>> name
>>> was specified on call to getRepositoryName() method.
>>>
>>> 2013-08-12 21:51:25,872 DEBUG [main]
>>> [org.collectionspace.services.client.AbstractServiceClientImpl:269]
>>> readProperties() using url=http://localhost:8180/cspace-services/
>>>
>>> 2013-08-12 21:51:25,873 DEBUG [main]
>>> [org.collectionspace.services.client.AbstractServiceClientImpl:323]
>>> setupHttpClient() using url=http://localhost:8180/cspace-services/
>>> user=admin@core.collectionspace.org password=Administrator
>>>
>>> 2013-08-12 21:51:25,875 DEBUG [main]
>>> [org.collectionspace.services.client.AbstractServiceClientImpl:334]
>>> setupHttpClient: set preemptive authentication
>>>
>>> 2013-08-12 21:51:29,995 DEBUG [http-8180-2]
>>> [org.collectionspace.authentication.realm.db.CSpaceDbRealm:144] Executing
>>> query: select passwd from users where username=?, with username:
>>> admin@museumca.org
>>>
>>> 2013-08-12 21:51:29,999 DEBUG [http-8180-2]
>>> [org.collectionspace.authentication.jaas.CSpaceJBossDBLoginModule:79]
>>> Obtained user password for: admin@museumca.org
>>>
>>>
>>>
>>> From cspace-app.log:
>>>
>>>
>>> 2013-08-12 21:50:07,908 INFO [http-8180-4]
>>> [org.apache.commons.httpclient.HttpMethodDirector:722] Failure
>>> authenticating with BASIC
>>> 'org.collectionspace.services'@198.74.51.203:8180
>>>
>>> 2013-08-12 21:50:07,908 ERROR [http-8180-4]
>>>
>>> [org.collectionspace.chain.csp.persistence.services.connection.ReturnedDocument:39]
>>> Got error : <html><head><title>Apache Tomcat/6.0.33 - Error
>>> report</title><style><!--H1
>>>
>>> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;}
>>> H2
>>>
>>> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;}
>>> H3
>>>
>>> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;}
>>> BODY
>>> {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;}
>>> B
>>>
>>> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;}
>>> P
>>>
>>> {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A
>>> {color : black;}A.name {color : black;}HR {color : #525D76;}--></style>
>>> </head><body><h1>HTTP Status 401 - Password Incorrect/Password
>>> Required</h1><HR size="1" noshade="noshade"><p><b>type</b> Status
>>> report</p><p><b>message</b> <u>Password Incorrect/Password
>>> Required</u></p><p><b>description</b> <u>This request requires HTTP
>>> authentication (Password Incorrect/Password Required).</u></p><HR
>>> size="1"
>>> noshade="noshade"><h3>Apache Tomcat/6.0.33</h3></body></html>
>>>
>>> 2013-08-12 21:51:27,914 INFO [http-8180-1]
>>>
>>> [org.collectionspace.chain.csp.config.impl.parser.AssemblingContentHandler:156]
>>> XMLMerge result output to:
>>>
>>> /usr/local/share/apache-tomcat-6.0.33/temp/merged-settings.xml_local-omca-settings.xml-.xml
>>>
>>> 2013-08-12 21:51:30,010 INFO [http-8180-1]
>>> [org.apache.commons.httpclient.HttpMethodDirector:722] Failure
>>> authenticating with BASIC
>>> 'org.collectionspace.services'@198.74.51.203:8180
>>>
>>> 2013-08-12 21:51:30,012 ERROR [http-8180-1]
>>>
>>> [org.collectionspace.chain.csp.persistence.services.connection.ReturnedDocument:39]
>>> Got error : <html><head><title>Apache Tomcat/6.0.33 - Error
>>> report</title><style><!--H1
>>>
>>> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;}
>>> H2
>>>
>>> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;}
>>> H3
>>>
>>> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;}
>>> BODY
>>> {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;}
>>> B
>>>
>>> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;}
>>> P
>>>
>>> {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A
>>> {color : black;}A.name {color : black;}HR {color : #525D76;}--></style>
>>> </head><body><h1>HTTP Status 401 - Password Incorrect/Password
>>> Required</h1><HR size="1" noshade="noshade"><p><b>type</b> Status
>>> report</p><p><b>message</b> <u>Password Incorrect/Password
>>> Required</u></p><p><b>description</b> <u>This request requires HTTP
>>> authentication (Password Incorrect/Password Required).</u></p><HR
>>> size="1"
>>> noshade="noshade"><h3>Apache Tomcat/6.0.33</h3></body></html>
>>>
>>> 2013-08-12 21:51:30,158 INFO [http-8180-1]
>>>
>>> [org.collectionspace.chain.csp.config.impl.parser.AssemblingContentHandler:156]
>>> XMLMerge result output to:
>>>
>>> /usr/local/share/apache-tomcat-6.0.33/temp/merged-settings.xml_local-omca-settings.xml-.xml
>>>
>>> 2013-08-12 21:51:31,306 INFO [net.sf.ehcache.CacheManager@1b6ab7e]
>>> [net.sf.ehcache.util.UpdateChecker:98] New update(s) found: 2.6.5
>>>
>>> [http://www.terracotta.org/confluence/display/release/Release+Notes+Ehcache+Core+2.6].
>>> Please check http://ehcache.org for the latest version.
>>>
>>>
>>> tenant-bindings.delta.xml:
>>>
>>>
>>> <?xml version="1.0" encoding="UTF-8"?>
>>>
>>> <tenant:TenantBindingConfig
>>>
>>> xmlns:merge='http://xmlmerge.el4j.elca.ch'
>>>
>>> xmlns:tenant='http://collectionspace.org/services/config/tenant'>
>>>
>>>
>>> <tenant:tenantBinding id="5" name="museumca.org" displayName="Oakland
>>> Museum of California" version="0.1">
>>>
>>> <tenant:repositoryDomain name="default-domain"
>>> storageName="omca-domain" repositoryClient="nuxeo-java" />
>>>
>>> </tenant:tenantBinding>
>>>
>>>
>>> </tenant:TenantBindingConfig>
>>>
>>>
>>> tenant-bindings.merged.xml:
>>>
>>>
>>> <?xml version="1.0" encoding="UTF-8"?>
>>>
>>> <!--
>>>
>>> Copyright: Regents of the University of California 2012
>>>
>>> Document : tenants-bindings.xml
>>>
>>> Description: Prototype tenant bindings, specifying the default
>>> services
>>>
>>> layer configuration for a generic, out-of-the-box
>>> tenant.
>>>
>>> These prototype bindings are merged with 'delta'
>>> bindings
>>>
>>> specifying the differences from the prototype
>>> configuration
>>>
>>> for each actual tenant, resulting in 'merged' bindings
>>>
>>> for that tenant.
>>>
>>> $LastChangedRevision$
>>>
>>> $LastChangedDate$
>>>
>>> -->
>>>
>>> <tenant:TenantBindingConfig
>>> xmlns:tenant="http://collectionspace.org/services/config/tenant"
>>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>>> xsi:schemaLocation="http://collectionspace.org/services/config/tenant
>>> http://collectionspace.org/services/config/tenant.xsd">
>>>
>>> <!-- begin prototype collectionspace.org tenant meta-data -->
>>>
>>> <tenant:tenantBinding id="5" name="museumca.org" displayName="Oakland
>>> Museum of California" version="0.1">
>>>
>>> <tenant:repositoryDomain name="default-domain"
>>> storageName="omca-domain" repositoryClient="nuxeo-java" />
>>>
>>> <tenant:properties>
>>>
>>> <types:item
>>> xmlns:types="http://collectionspace.org/services/config/types">
>>>
>>> <types:key>datePattern</types:key>
>>>
>>> <types:value>MM/dd/yyyy</types:value>
>>>
>>> </types:item>
>>>
>>> <types:item
>>> xmlns:types="http://collectionspace.org/services/config/types">
>>>
>>> <types:key>datePattern</types:key>
>>>
>>> <types:value>MMM dd, yyyy</types:value>
>>>
>>> </types:item>
>>>
>>> <types:item
>>> xmlns:types="http://collectionspace.org/services/config/types">
>>>
>>> <types:key>datePattern</types:key>
>>>
>>> <types:value>dd.MM.yyyy</types:value>
>>>
>>> </types:item>
>>>
>>> <!--
>>>
>>> <types:item>
>>>
>>> <types:key>datePattern</types:key>
>>>
>>> <types:value>dd/MM/yyyy</types:value>
>>>
>>> </types:item>
>>>
>>> -->
>>>
>>> <types:item
>>> xmlns:types="http://collectionspace.org/services/config/types">
>>>
>>> <types:key>localeLanguage</types:key>
>>>
>>> <types:value>en</types:value>
>>>
>>> </types:item>
>>>
>>> <!--
>>>
>>> <types:item>
>>>
>>> <types:key>localeLanguage</types:key>
>>>
>>> <types:value>da</types:value>
>>>
>>> "tenant-bindings.merged.xml" 3461L, 227468C
>>> 1,1 Top
>>>
>>>
>>>
>>>
>>> Al Bersch
>>> Digital Project Coordinator
>>> Oakland Museum of California
>>> 1000 Oak Street, Oakland, CA 94607
>>> abersch@museumca.org
>>> 510-318-8468
>>> ________________________________
>>> From: "Jesse Martinez" <mjesse@gmail.com>
>>> To: "Aron Roberts" <aron@socrates.berkeley.edu>
>>> Cc: "Al Bersch" <abersch@museumca.org>, "talk"
>>> <talk@lists.collectionspace.org>, "rescamilla" <rescamilla@museumca.org>
>>> Sent: Wednesday, August 7, 2013 9:22:17 AM
>>> Subject: Re: [Talk] Invalid email/password combination logging into new
>>> tenant
>>>
>>> Can you log into the default core or lifesci tenants? If you can then it
>>> is probably a configuration settings for your omca tenant. If you can't
>>> then
>>> it may be a service or app layer issue.
>>>
>>> A good point of interest is to check the tenant-bindings configuration
>>> file in the services layer.
>>> The deployed copy of this file should be located at:
>>>
>>> /usr/local/share/apache-tomcat-6.0.33/cspace/config/services/tenants/omca/
>>>
>>> A good thing to check is if the tenant-bindings.delta additions/changes
>>> are also present in the tenant-bindings.merged file. But also merged into
>>> the _correct_ places. (This is important!)
>>>
>>> - Jesse
>>>
>>>
>>> On Tue, Aug 6, 2013 at 1:46 PM, Aron Roberts <aron@socrates.berkeley.edu>
>>> wrote:
>>>>
>>>> First place to look: what errors are you seeing in server log files,
>>>> timestamped at the time of the failed login attempt?
>>>>
>>>> You might start with (both in $CSPACE_JEESERVER_HOME/logs):
>>>> cspace-services.log
>>>> cspace-app.log
>>>>
>>>> Error message(s) in those logfiles, particularly cspace-services.log,
>>>> may help identify the issue.
>>>>
>>>> Second, does the 'standard' login using the default administrator user
>>>> account, admin@yourtenant... succeed, if you use the default password,
>>>> 'Administrator'?
>>>>
>>>> Third, you might use a PostgreSQL client, like the command-line 'psql'
>>>> or a GUI utility, to take a look at the 'users' table, to verify that
>>>> a) the name of your tenant's default admin user account is what you
>>>> expect and b) the password was in fact changed from the default.
>>>>
>>>> e.g. from a Linux shell prompt:
>>>> psql -U postgres
>>>> (At the 'Password for user postgres:' prompt, enter the password for
>>>> the 'postgres' database user; e.g. from 'echo $DB_PASSWORD')
>>>> (at successive prompts, enter:)
>>>> \c cspace
>>>> select username, passwd from users;
>>>> (when done, to quit psql, enter:)
>>>> \q
>>>>
>>>> Make sure that a) the admin username for your tenant is what you
>>>> expect and b) the (hashed) password for that account is different from
>>>> the 'admin@core.collectionspace.org' user.
>>>>
>>>> There can be a variety of other reasons for a failed login, but this
>>>> may help identify (or rule out) some obvious possibilities.
>>>>
>>>> Aron
>>>>
>>>> On Tue, Aug 6, 2013 at 10:22 AM, Al Bersch <abersch@museumca.org> wrote:
>>>> > Hello all,
>>>> >
>>>> > I created a new tenant (called omca) and successfully ran all the mvn
>>>> > and
>>>> > ant commands to deploy the ui, applications, and services layers.
>>>> > When
>>>> > I
>>>> > get to the login page for our new tenant, and use the login I set when
>>>> > making changes to the local-{your_museum}-settings.xml file (for us,
>>>> > it's
>>>> > local-omca-settings.xml), I get a message telling me I have an invalid
>>>> > email/password combination. I've looked in previous "talk"
>>>> > conversations,
>>>> > but can't find the solution - anyone know what might be up? I can
>>>> > successfully log into the core tenant using
>>>> > admin@core.collectionspace.org.
>>>> >
>>>> > Thanks,
>>>> >
>>>> > Al
>>>> >
>>>> > Al Bersch
>>>> > Digital Project Coordinator
>>>> > Oakland Museum of California
>>>> > 1000 Oak Street, Oakland, CA 94607
>>>> > abersch@museumca.org
>>>> > 510-318-8468
>>>> >
>>>> > _______________________________________________
>>>> > Talk mailing list
>>>> > Talk@lists.collectionspace.org
>>>> >
>>>> >
>>>> > http://lists.collectionspace.org/mailman/listinfo/talk_lists.collectionspace.org
>>>> >
>>>>
>>>> _______________________________________________
>>>> Talk mailing list
>>>> Talk@lists.collectionspace.org
>>>>
>>>>
>>>> http://lists.collectionspace.org/mailman/listinfo/talk_lists.collectionspace.org
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> Talk mailing list
>>> Talk@lists.collectionspace.org
>>>
>>>
>>> http://lists.collectionspace.org/mailman/listinfo/talk_lists.collectionspace.org
>>>
>>
>>
>> _______________________________________________
>> Talk mailing list
>> Talk@lists.collectionspace.org
>>
>> http://lists.collectionspace.org/mailman/listinfo/talk_lists.collectionspace.org
>>
>
>
> _______________________________________________
> Talk mailing list
> Talk@lists.collectionspace.org
> http://lists.collectionspace.org/mailman/listinfo/talk_lists.collectionspace.org
>
