[Deploying Sakai] SAKAI 2.7.1 - LDAP

Richard Gliebe richard.gliebe at fhv.at
Mon Dec 13 01:46:54 PST 2010 

On 12/13/10 1:44 AM Steve Swinsburg wrote:
> Hi Richard,

Hi Steve,

thanks for your anwer.

I've edit the *.xml Files for LDAP, but after restarting tomcat, I still 
getting "Alert: invalid login"

Here are my LDAP settings.

$CATALINA_HOME/components/sakai-provider-pack/META-INF/maven/org.sakaiproject/sakai-provider-pack/pom.xml:
....
<!-- Needed for the JLDAP Provider -->
<dependency>
<groupId>org.sakaiproject</groupId>
<artifactId>sakai-jldap-provider</artifactId>

</dependency>

<dependency>
<groupId>openldap</groupId>
<artifactId>ldap</artifactId>
<version>2005.03.29</version>
</dependency>
<!--    -->
....

$CATALINE_HOME/components/sakai-provider-pack/WEB-INF/components.xml:
....
<!-- Uncomment and configure to use the JLDAPDirectoryProvider -->
<import resource="jldap-beans.xml" />
....

$CATALINA_HOME/components/sakai-provider-pack/WEB-INF/jldap-beans.xml:
....
<!-- Required. Host name or address of your LDAP server -->
<property name="ldapHost">
<value>our.ldap.host.fqdn</value>
</property>

<!-- Optional. LDAP connection port. Typically defaults to
JLDAPDirectoryProvider.DEFAULT_LDAP_PORT (389). Secured connections are 
usually on 636 -->
<property name="ldapPort">
<value>636</value>
</property>
....
<!-- Optional. DN to which to bind for directory searches.
Typically only necessary if autoBind is true -->
<property name="ldapUser">
<value>uid=xxx,ou=xxx,ou=xxx,dc=xxx,dc=xxx</value>
</property>

<!-- Optional. Password for ldapUser defined above -->
<property name="ldapPassword">
<value>ldappassword</value>
</property>

<!-- Optional. Enables/disables secure LDAP connections.
defaults to JLDAPDirectoryProvider.DEFAULT_IS_SECURE_CONNECTION (false) -->
<property name="secureConnection">
<value>true</value>
</property>
....
<property name="autoBind">
<value>false</value>
</property>
....
<!-- Optional, but usually specified. Base DN for directory searches. -->
<property name="basePath">
<value>ou=xxx,ou=xxx,dc=xxx,dc=xxx</value>
</property>
....
<property name="attributeMappings">
<map>
<entry key="login"><value>cn</value></entry>
<entry key="firstName"><value>givenName</value></entry>
<entry key="lastName"><value>sn</value></entry>
<entry key="email"><value>mail</value></entry>
<entry key="groupMembership"><value>fhvisaismemberof</value></entry>
</map>
</property>
....

No Errors found in the catalina log Files, also no errors found in the 
logfiles from our ldap server.

a ldapsearch from our sakai server to our ldap server works:
....
# ldapsearch -H ldaps://our.ldap.server.fydn -x -W -D 
'uid=xxx,ou=xxx,ou=xxx,dc=xxx,dc=xxx' 'uid=xxx'

Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <dc=xxx,dc=xxx> (default) with scope subtree
# filter: uid=xxx
# requesting: ALL
#
... and so an ...

Is there a way to start a debugging mode?

many thanks for your hints.

Richard

>
> Technically you need the source as there are source files you need to modify, however since this particular modification only touches XML config files, which are read and do not provide any filtered values, it is possible you can do it in the deployed version.
>
> cheers,
> Steve

More information about the production mailing list