[Deploying Sakai] LDAP Integration Step by Step Guide
Steve Swinsburg
steve.swinsburg at gmail.com
Thu Oct 8 14:24:18 PDT 2009
Absolutely. Ldapper is my favorite app on the Mac for debugging LDAP
conns.
cheers,
Steve
On 09/10/2009, at 2:01 AM, Grossman,John E wrote:
> We found it useful to use an LDAP browsing tool like Jxplorer. You
> can interactively set your base DN and see if searches behave the
> way you want. Then once you’re confident you have the right base DN
> transfer it to jldap-beans.xml.
>
> John
>
>
> On 10/7/09 5:46 PM, "Steve Swinsburg" <steve.swinsburg at gmail.com>
> wrote:
>
>> Hi,
>>
>> What happens if you leave out the OU=xxx altogether and just have
>> the other path parts? In my debugging, an LDAP search still works.
>>
>> Otherwise you could use a custom LDAP provider that chains search
>> paths (and indeed completely different LDAP servers) together. This
>> is one I worked on a while ago, but it is for 2.4: https://source.sakaiproject.org/contrib/une/providers/
>>
>>
>> cheers,
>> Steve
>>
>>
>> On 07/10/2009, at 11:11 PM, Ishtiaq Ahmad wrote:
>>
>>> Hi All,
>>>
>>> I am facing one problem in LDAP searching user accounts in
>>> different OUs (Organizational Unit).
>>>
>>> Jldap_bean.xml Configurations
>>> Base path:
>>> cn=Users,dc=ldap,dc=city,dc=edu,dc=com
>>>
>>> Sakai is able to search those user accounts which exist at base
>>> path specified above....but it is not searching user accounts
>>> which exist in the OUs. We want to search user accounts in the
>>> LDAP whole directory.... Can u please tell me how can i instruct
>>> to sakai to search user accounts in the whole directory.?
>>>
>>> I have different OUs as defined below...
>>>
>>> OU=Staff,DC=ldap,DC=city,DC=edu,DC=com
>>> OU=Students,DC=ldap,DC=city,DC=edu,DC=com
>>> OU=Faculty,DC=ldap,DC=city,DC=edu,DC=com.
>>>
>>> Thanks,
>>> Ishtiaq Ahmad
>>>
>>> On Fri, Oct 2, 2009 at 8:02 PM, Steve Selby
>>> <Steve_Selby at bonfils.org> wrote:
>>>
>>>>
>>>>
>>>> To turn on LDAP debugging, enter the following 2 lines in your
>>>> sakai.properties file:
>>>>
>>>>
>>>>
>>>> log.config.count=1
>>>>
>>>> log.config.1 = DEBUG.edu.amc.sakai.user.JLDAPDirectoryProvider
>>>>
>>>>
>>>>
>>>> Also make sure that you are not in demo mode – demo mode won’t
>>>> use LDAP. Demo mode is usually set by adding -Dsakai.demo=true
>>>> to your JAVA_OPTS.
>>>>
>>>>
>>>>
>>>> Finally, the LDAP fields are case sensitive – make sure you have
>>>> the spelling AND case correct.
>>>>
>>>>
>>>>
>>>> Steve Selby
>>>>
>>>> Director of Information Technology
>>>>
>>>> Bonfils Blood Center
>>>>
>>>> 717 Yosemite Street
>>>>
>>>> Denver, CO 80230-6918
>>>>
>>>> Direct: 303-363-2296
>>>>
>>>> www.bonfils.org <http://www.bonfils.org/>
>>>>
>>>> Advancing Healthcare. Saving Lives.
>>>>
>>>>
>>>>
>>>> From: production-bounces at collab.sakaiproject.org [mailto:production-bounces at collab.sakaiproject.org
>>>> ] On Behalf Of Ishtiaq Ahmad
>>>> Sent: Friday, October 02, 2009 7:40 AM
>>>> To: Steve Swinsburg
>>>>
>>>>
>>>> Cc: production at collab.sakaiproject.org; sakai-dev at collab.sakaiproject.org
>>>> Subject: Re: [Deploying Sakai] LDAP Integration Step by Step Guide
>>>>
>>>>
>>>>
>>>>
>>>> Hi Steve,
>>>>
>>>>
>>>>
>>>> I am still unable to authenticate the user from LDAP.
>>>>
>>>> I have run the following scenarios.
>>>>
>>>> 1. User: admin : this user exist in both sakai and ldap
>>>>
>>>> password in sakai: admin
>>>> password in LDAP: 1234
>>>>
>>>> sakai is authenticating the user with sakai password
>>>>
>>>>
>>>> 2. User: Salman : this user exist only in LDAP
>>>>
>>>> password in LDAP: 123
>>>>
>>>> sakai is unable to authenticate the user from ldap
>>>>
>>>> Note: I can login with this user name (Salman) on ldap directory
>>>> domain but not from sakai.
>>>>
>>>> Is there any mechanism to check whether sakai is actually
>>>> communicating with LDAP or not?
>>>> how can I see error messages when sakai authenticate the user
>>>> from LDAP?
>>>>
>>>> I have enabled the logging mode of DEBUG in tomcate5w.exe
>>>>
>>>>
>>>> I am using Windows Server 2003 active directory, and sakai
>>>> version is 2.5.4.
>>>>
>>>> attached is my "jldap-beans.xml" and ldap directory structure...
>>>>
>>>>
>>>> thanks,
>>>> Ishtiaq Ahmad
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> On Fri, Sep 25, 2009 at 6:06 PM, Steve Swinsburg <steve.swinsburg at gmail.com
>>>> > wrote:
>>>>
>>>> Delete the user from your Sakai instance or use another user in
>>>> LDAP that doesn't have a record in Sakai. With LDAP you don't
>>>> need to create the user accounts in Sakai, all of their info will
>>>> come from LDAP.
>>>>
>>>>
>>>>
>>>>
>>>> cheers,
>>>>
>>>>
>>>> Steve
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> On 25/09/2009, at 10:36 PM, Ishtiaq Ahmad wrote:
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> Hi,
>>>> thanks for a nice document, I have followed all the steps
>>>> mentioned in this document. But my SAKAI 2.5.4 is not
>>>> authenticating from LDAP....
>>>> Steps:
>>>> I have a user in sakai and in LDAP: 0056
>>>> Password in sakai: 1234
>>>> Password in LDAP: 0056
>>>>
>>>> Login Successful using sakai password but fail using ldap
>>>> password...
>>>>
>>>>
>>>> Please tell me if any other configuration...or how can i trace
>>>> whether sakai is using my specified ldap...?
>>>>
>>>> Regards,
>>>> Ishtiaq Ahmad
>>>>
>>>> On Fri, Sep 25, 2009 at 3:39 PM, Steve Swinsburg <steve.swinsburg at gmail.com
>>>> > wrote:
>>>>
>>>> Hi,
>>>>
>>>> Here's one I prepared earlier:
>>>>
>>>> http://confluence.sakaiproject.org/display/~steve.swinsburg/LDAP
>>>> +in <http://confluence.sakaiproject.org/display/%7Esteve.swinsburg/LDAP+in
>>>> > +Sakai+2.5
>>>>
>>>> cheers,
>>>> Steve
>>>>
>>>>
>>>>
>>>>
>>>> On 25/09/2009, at 8:18 PM, Ishtiaq Ahmad wrote:
>>>>
>>>> Need a step by step guide for integrating Sakai with LDAP in 2.5.x.
>>>>
>>>>
>>>>
>>>> --
>>>> Regards,
>>>> Ishtiaq Ahmad
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Regards,
>>>> Ishtiaq Ahmad
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Regards,
>>>> Ishtiaq Ahmad
>>>>
>>>> Please consider our environment before you print this email.
>>>>
>>>> Confidentiality Notice: This e-mail message, including any
>>>> attachments, is for the sole use of the intended recipient(s) and
>>>> may contain confidential and privileged information and must be
>>>> protected in accordance with those provisions. Any unauthorized
>>>> review, use, disclosure or distribution is prohibited. If you
>>>> are not the intended recipient, please contact the sender by
>>>> reply e-mail and destroy all copies of the original message.
>>>>
>>>
>>>
> _______________________________________________
> production mailing list
> production at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/production
>
> TO UNSUBSCRIBE: send email to production-unsubscribe at collab.sakaiproject.org
> with a subject of "unsubscribe"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/production/attachments/20091009/1e9b7851/attachment.html
More information about the production
mailing list