[Deploying Sakai] LDAP Integration Step by Step Guide

Steve Swinsburg steve.swinsburg at gmail.com
Thu Oct 8 14:24:18 PDT 2009 

Absolutely. Ldapper is my favorite app on the Mac for debugging LDAP  
conns.

cheers,
Steve


On 09/10/2009, at 2:01 AM, Grossman,John E wrote:

> We found it useful to use an LDAP browsing tool like Jxplorer. You  
> can interactively set your base DN and see if searches behave the  
> way you want. Then once you’re confident you have the right base DN  
> transfer it to jldap-beans.xml.
>
> John
>
>
> On 10/7/09 5:46 PM, "Steve Swinsburg" <steve.swinsburg at gmail.com>  
> wrote:
>
>> Hi,
>>
>> What happens if you leave out the OU=xxx altogether and just have  
>> the other path parts? In my debugging, an LDAP search still works.
>>
>> Otherwise you could use a custom LDAP provider that chains search  
>> paths (and indeed completely different LDAP servers) together. This  
>> is one I worked on a while ago, but it is for 2.4: https://source.sakaiproject.org/contrib/une/providers/
>>
>>
>> cheers,
>> Steve
>>
>>
>> On 07/10/2009, at 11:11 PM, Ishtiaq Ahmad wrote:
>>
>>> Hi All,
>>>
>>> I am facing one problem in LDAP searching user accounts in  
>>> different OUs (Organizational Unit).
>>>
>>> Jldap_bean.xml Configurations
>>> Base path:
>>> cn=Users,dc=ldap,dc=city,dc=edu,dc=com
>>>
>>>  Sakai is able to search those user accounts which exist at base  
>>> path specified above....but it is not searching user accounts  
>>> which exist in the OUs. We want to search user accounts in the  
>>> LDAP whole directory.... Can u please tell me how can i instruct  
>>> to sakai to search user accounts in the whole directory.?
>>>
>>> I have different OUs as defined below...
>>>
>>> OU=Staff,DC=ldap,DC=city,DC=edu,DC=com
>>>  OU=Students,DC=ldap,DC=city,DC=edu,DC=com
>>>  OU=Faculty,DC=ldap,DC=city,DC=edu,DC=com.
>>>
>>> Thanks,
>>> Ishtiaq Ahmad
>>>
>>> On Fri, Oct 2, 2009 at 8:02 PM, Steve Selby  
>>> <Steve_Selby at bonfils.org> wrote:
>>>
>>>>
>>>>
>>>> To turn on LDAP debugging, enter the following 2 lines in your  
>>>> sakai.properties file:
>>>>
>>>>
>>>>
>>>> log.config.count=1
>>>>
>>>> log.config.1 = DEBUG.edu.amc.sakai.user.JLDAPDirectoryProvider
>>>>
>>>>
>>>>
>>>> Also make sure that you are not in demo mode – demo mode won’t  
>>>> use LDAP.  Demo mode is usually set by adding -Dsakai.demo=true  
>>>> to your JAVA_OPTS.
>>>>
>>>>
>>>>
>>>> Finally, the LDAP fields are case sensitive – make sure you have  
>>>> the spelling AND case correct.
>>>>
>>>>
>>>>
>>>> Steve Selby
>>>>
>>>> Director of Information Technology
>>>>
>>>> Bonfils Blood Center
>>>>
>>>> 717 Yosemite Street
>>>>
>>>> Denver, CO 80230-6918
>>>>
>>>> Direct: 303-363-2296
>>>>
>>>> www.bonfils.org <http://www.bonfils.org/>
>>>>
>>>> Advancing Healthcare.  Saving Lives.
>>>>
>>>>
>>>>
>>>> From: production-bounces at collab.sakaiproject.org [mailto:production-bounces at collab.sakaiproject.org 
>>>> ] On Behalf Of Ishtiaq Ahmad
>>>>  Sent: Friday, October 02, 2009 7:40 AM
>>>>  To: Steve Swinsburg
>>>>
>>>>
>>>>  Cc: production at collab.sakaiproject.org; sakai-dev at collab.sakaiproject.org
>>>>  Subject: Re: [Deploying Sakai] LDAP Integration Step by Step Guide
>>>>
>>>>
>>>>
>>>>
>>>> Hi Steve,
>>>>
>>>>
>>>>
>>>>  I am still unable to authenticate the user from LDAP.
>>>>
>>>>  I have run the following scenarios.
>>>>
>>>>  1. User: admin    : this user exist in both sakai and ldap
>>>>
>>>> password in sakai: admin
>>>>  password in LDAP: 1234
>>>>
>>>>  sakai is authenticating the user with sakai password
>>>>
>>>>
>>>>  2. User: Salman : this user exist only in LDAP
>>>>
>>>> password in LDAP: 123
>>>>
>>>>  sakai is unable to authenticate the user from ldap
>>>>
>>>>  Note: I can login with this user name (Salman) on ldap directory  
>>>> domain but not from sakai.
>>>>
>>>> Is there any mechanism to check whether sakai is actually  
>>>> communicating  with LDAP or not?
>>>>  how can I see error messages when sakai authenticate the user  
>>>> from LDAP?
>>>>
>>>>  I have enabled the logging mode of DEBUG in tomcate5w.exe
>>>>
>>>>
>>>>  I am using Windows Server 2003 active directory, and sakai  
>>>> version is 2.5.4.
>>>>
>>>>  attached is my "jldap-beans.xml" and ldap directory structure...
>>>>
>>>>
>>>>  thanks,
>>>>  Ishtiaq Ahmad
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> On Fri, Sep 25, 2009 at 6:06 PM, Steve Swinsburg <steve.swinsburg at gmail.com 
>>>> > wrote:
>>>>
>>>> Delete the user from your Sakai instance or use another user in  
>>>> LDAP that doesn't have a record in Sakai. With LDAP you don't  
>>>> need to create the user accounts in Sakai, all of their info will  
>>>> come from LDAP.
>>>>
>>>>
>>>>
>>>>
>>>> cheers,
>>>>
>>>>
>>>> Steve
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> On 25/09/2009, at 10:36 PM, Ishtiaq Ahmad wrote:
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> Hi,
>>>>  thanks for a nice document, I have followed all the steps  
>>>> mentioned in this document. But my SAKAI 2.5.4 is not  
>>>> authenticating from LDAP....
>>>>  Steps:
>>>>  I have a user in sakai and in LDAP: 0056
>>>>  Password in sakai: 1234
>>>>  Password in LDAP: 0056
>>>>
>>>>  Login Successful using sakai password but fail using ldap  
>>>> password...
>>>>
>>>>
>>>>  Please tell me if any other configuration...or how can i trace  
>>>> whether sakai is using my specified ldap...?
>>>>
>>>>  Regards,
>>>>  Ishtiaq Ahmad
>>>>
>>>> On Fri, Sep 25, 2009 at 3:39 PM, Steve Swinsburg <steve.swinsburg at gmail.com 
>>>> > wrote:
>>>>
>>>> Hi,
>>>>
>>>>  Here's one I prepared earlier:
>>>>
>>>>  http://confluence.sakaiproject.org/display/~steve.swinsburg/LDAP 
>>>> +in <http://confluence.sakaiproject.org/display/%7Esteve.swinsburg/LDAP+in 
>>>> > +Sakai+2.5
>>>>
>>>>  cheers,
>>>>  Steve
>>>>
>>>>
>>>>
>>>>
>>>>  On 25/09/2009, at 8:18 PM, Ishtiaq Ahmad wrote:
>>>>
>>>> Need a step by step guide for integrating Sakai with LDAP in 2.5.x.
>>>>
>>>>
>>>>
>>>>  --
>>>>  Regards,
>>>>  Ishtiaq Ahmad
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>  --
>>>>  Regards,
>>>>  Ishtiaq Ahmad
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>  --
>>>>  Regards,
>>>>  Ishtiaq Ahmad
>>>>
>>>>   Please consider our environment before you print this email.
>>>>
>>>>  Confidentiality Notice: This e-mail message, including any  
>>>> attachments, is for the sole use of the intended recipient(s) and  
>>>> may contain confidential and privileged information and must be  
>>>> protected in accordance with those provisions.  Any unauthorized  
>>>> review, use, disclosure or distribution is prohibited.  If you  
>>>> are not the intended recipient, please contact the sender by  
>>>> reply e-mail and destroy all copies of the original message.
>>>>
>>>
>>>
> _______________________________________________
> production mailing list
> production at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/production
>
> TO UNSUBSCRIBE: send email to production-unsubscribe at collab.sakaiproject.org 
>  with a subject of "unsubscribe"

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/production/attachments/20091009/1e9b7851/attachment.html

More information about the production mailing list