[Deploying Sakai] LDAP Integration Step by Step Guide

Steve Swinsburg steve.swinsburg at gmail.com
Wed Oct 7 15:46:12 PDT 2009


Hi,

What happens if you leave out the OU=xxx altogether and just have the  
other path parts? In my debugging, an LDAP search still works.

Otherwise you could use a custom LDAP provider that chains search  
paths (and indeed completely different LDAP servers) together. This is  
one I worked on a while ago, but it is for 2.4: https://source.sakaiproject.org/contrib/une/providers/


cheers,
Steve


On 07/10/2009, at 11:11 PM, Ishtiaq Ahmad wrote:

> Hi All,
>
> I am facing one problem in LDAP searching user accounts in different  
> OUs (Organizational Unit).
>
> Jldap_bean.xml Configurations
> Base path:
> cn=Users,dc=ldap,dc=city,dc=edu,dc=com
>
> Sakai is able to search those user accounts which exist at base path  
> specified above....but it is not searching user accounts which exist  
> in the OUs. We want to search user accounts in the LDAP whole  
> directory.... Can u please tell me how can i instruct to sakai to  
> search user accounts in the whole directory.?
>
> I have different OUs as defined below...
>
> OU=Staff,DC=ldap,DC=city,DC=edu,DC=com
> OU=Students,DC=ldap,DC=city,DC=edu,DC=com
> OU=Faculty,DC=ldap,DC=city,DC=edu,DC=com.
>
> Thanks,
> Ishtiaq Ahmad
>
> On Fri, Oct 2, 2009 at 8:02 PM, Steve Selby  
> <Steve_Selby at bonfils.org> wrote:
> To turn on LDAP debugging, enter the following 2 lines in your  
> sakai.properties file:
>
>
> log.config.count=1
>
> log.config.1 = DEBUG.edu.amc.sakai.user.JLDAPDirectoryProvider
>
>
> Also make sure that you are not in demo mode – demo mode won’t use  
> LDAP.  Demo mode is usually set by adding -Dsakai.demo=true to your  
> JAVA_OPTS.
>
>
> Finally, the LDAP fields are case sensitive – make sure you have the  
> spelling AND case correct.
>
>
> Steve Selby
>
> Director of Information Technology
>
> Bonfils Blood Center
>
> 717 Yosemite Street
>
> Denver, CO 80230-6918
>
> Direct: 303-363-2296
>
> www.bonfils.org
>
> Advancing Healthcare.  Saving Lives.
>
>
> From: production-bounces at collab.sakaiproject.org [mailto:production-bounces at collab.sakaiproject.org 
> ] On Behalf Of Ishtiaq Ahmad
> Sent: Friday, October 02, 2009 7:40 AM
> To: Steve Swinsburg
>
>
> Cc: production at collab.sakaiproject.org; sakai-dev at collab.sakaiproject.org
> Subject: Re: [Deploying Sakai] LDAP Integration Step by Step Guide
>
>
> Hi Steve,
>
>
>
> I am still unable to authenticate the user from LDAP.
>
> I have run the following scenarios.
>
> 1. User: admin    : this user exist in both sakai and ldap
> password in sakai: admin
> password in LDAP: 1234
>
> sakai is authenticating the user with sakai password
>
>
> 2. User: Salman : this user exist only in LDAP
>
> password in LDAP: 123
>
> sakai is unable to authenticate the user from ldap
>
> Note: I can login with this user name (Salman) on ldap directory  
> domain but not from sakai.
>
> Is there any mechanism to check whether sakai is actually  
> communicating  with LDAP or not?
> how can I see error messages when sakai authenticate the user from  
> LDAP?
>
> I have enabled the logging mode of DEBUG in tomcate5w.exe
>
>
> I am using Windows Server 2003 active directory, and sakai version  
> is 2.5.4.
>
> attached is my "jldap-beans.xml" and ldap directory structure...
>
>
> thanks,
> Ishtiaq Ahmad
>
>
>
> On Fri, Sep 25, 2009 at 6:06 PM, Steve Swinsburg <steve.swinsburg at gmail.com 
> > wrote:
>
> Delete the user from your Sakai instance or use another user in LDAP  
> that doesn't have a record in Sakai. With LDAP you don't need to  
> create the user accounts in Sakai, all of their info will come from  
> LDAP.
>
>
> cheers,
>
> Steve
>
>
>
>
> On 25/09/2009, at 10:36 PM, Ishtiaq Ahmad wrote:
>
>
>
> Hi,
> thanks for a nice document, I have followed all the steps mentioned  
> in this document. But my SAKAI 2.5.4 is not authenticating from  
> LDAP....
> Steps:
> I have a user in sakai and in LDAP: 0056
> Password in sakai: 1234
> Password in LDAP: 0056
>
> Login Successful using sakai password but fail using ldap password...
>
>
> Please tell me if any other configuration...or how can i trace  
> whether sakai is using my specified ldap...?
>
> Regards,
> Ishtiaq Ahmad
>
> On Fri, Sep 25, 2009 at 3:39 PM, Steve Swinsburg <steve.swinsburg at gmail.com 
> > wrote:
>
> Hi,
>
> Here's one I prepared earlier:
>
> http://confluence.sakaiproject.org/display/~steve.swinsburg/LDAP+in 
> +Sakai+2.5
>
> cheers,
> Steve
>
>
>
> On 25/09/2009, at 8:18 PM, Ishtiaq Ahmad wrote:
>
> Need a step by step guide for integrating Sakai with LDAP in 2.5.x.
>
>
>
> -- 
> Regards,
> Ishtiaq Ahmad
>
>
>
>
>
> -- 
> Regards,
> Ishtiaq Ahmad
>
>
>
>
>
> -- 
> Regards,
> Ishtiaq Ahmad
>
>  Please consider our environment before you print this email.
> Confidentiality Notice: This e-mail message, including any  
> attachments, is for the sole use of the intended recipient(s) and  
> may contain confidential and privileged information and must be  
> protected in accordance with those provisions. Any unauthorized  
> review, use, disclosure or distribution is prohibited. If you are  
> not the intended recipient, please contact the sender by reply e- 
> mail and destroy all copies of the original message.
>
>
>
>
> -- 
> Regards,
> Ishtiaq Ahmad

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/production/attachments/20091008/0fcf1b9e/attachment.html 


More information about the production mailing list