[Deploying Sakai] LDAP Integration Step by Step Guide

Steve Swinsburg steve.swinsburg at gmail.com
Mon Sep 28 16:45:33 PDT 2009


The issue with users being about to edit their account settings is 
because they have an account in Sakai. Using the LDAP provider you 
should not need to create accounts. My bet is the LDAP integration isn't 
setup quite right.

As a test, have a user that exists in both LDAP and Sakai with identical 
passwords, login with that user then change their password in Sakai. 
Logout, log back in again and see what password works. That should tell 
you from what source they are authenticating.

I'll run some tests on a local instance to see if I can reproduce your 
issue.

cheers,
Steve

-- 
Steve Swinsburg
Systems Developer
Enterprise Systems
Division of Information
K Block, Building 3K
The Australian National University
Canberra ACT 0200 Australia

T: +61 2 6125 6608
F: +61 2 6125 0449

CRICOS Provider # 00120C



Grossman,John E wrote:
>
> Steve -- We recently set up LDAP in 2.6.0 using your instructions. 
> However, we find that we do need to create the user accounts in Sakai 
> by entering a user id. Otherwise, the LDAP authentication fails. Is 
> there a setting that eliminates the need to do this?
>
>  
>
> We also have a related concern. Users can edit their account settings 
> and create weak passwords in Sakai. Since Sakai allows authentication 
> to fall through from LDAP to application-managed authentication, the 
> users can then authenticate with these weak passwords. Do you have any 
> suggestions for
>
> 1.       preventing LDAP-authenticated users from authenticating with 
> internal Sakai passwords
>
> 2.       enforcing strong passwords for those users who don't have 
> LDAP entries?
>
>  
>
> John
>
>  
>
>  
>
> *From:* production-bounces at collab.sakaiproject.org 
> [mailto:production-bounces at collab.sakaiproject.org] *On Behalf Of 
> *Steve Swinsburg
> *Sent:* Friday, September 25, 2009 8:07 AM
> *To:* organic.ishtiaq at gmail.com
> *Cc:* production at collab.sakaiproject.org; 
> sakai-dev at collab.sakaiproject.org
> *Subject:* Re: [Deploying Sakai] LDAP Integration Step by Step Guide
>
>  
>
> Delete the user from your Sakai instance or use another user in LDAP 
> that doesn't have a record in Sakai. With LDAP you don't need to 
> create the user accounts in Sakai, all of their info will come from LDAP.
>
>  
>
> cheers,
>
> Steve
>
>  
>
>  
>
>  
>
> On 25/09/2009, at 10:36 PM, Ishtiaq Ahmad wrote:
>
>
>
> Hi,
> thanks for a nice document, I have followed all the steps mentioned in 
> this document. But my SAKAI 2.5.4 is not authenticating from LDAP....
> Steps:
> I have a user in sakai and in LDAP: 0056
> Password in sakai: 1234
> Password in LDAP: 0056
>
> Login Successful using sakai password but fail using ldap password...
>
>
> Please tell me if any other configuration...or how can i trace whether 
> sakai is using my specified ldap...?
>
> Regards,
> Ishtiaq Ahmad
>
> On Fri, Sep 25, 2009 at 3:39 PM, Steve Swinsburg 
> <steve.swinsburg at gmail.com <mailto:steve.swinsburg at gmail.com>> wrote:
>
> Hi,
>
> Here's one I prepared earlier:
>
> http://confluence.sakaiproject.org/display/~steve.swinsburg/LDAP+in 
> <http://confluence.sakaiproject.org/display/%7Esteve.swinsburg/LDAP+in>+Sakai+2.5
>
> cheers,
> Steve
>
>
>
> On 25/09/2009, at 8:18 PM, Ishtiaq Ahmad wrote:
>
> Need a step by step guide for integrating Sakai with LDAP in 2.5.x.
>
>
>
> -- 
> Regards,
> Ishtiaq Ahmad
>
>  
>
>
>
>
> -- 
> Regards,
> Ishtiaq Ahmad
>
>  
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/production/attachments/20090929/06e06562/attachment.html 


More information about the production mailing list