[Building Sakai] Looking for debugging tips -- Sakai vs. AD
will at serensoft.com
will at serensoft.com
Fri Aug 7 13:21:06 PDT 2009
Short version:
We have Sakai (running on Debian) trying to authenticate against
Active Directory (on windows of course) but are having no success. Are
there linux/windows tools/tricks you folks would recommend to check
for/confirm Sakai/LDAP traffic?
Long version:
Sakai authenticates internal-only users just fine. So the database
(MySQL 5.0.51a) is fine, the OS (Debian 5.0.2) is fine, Sakai (2.6.x
r65601) is fine.
We can connect to the Active Directory LDAP server via ldapsearch on
the command line:
$ ldapsearch -W -x -H ldap://ldap.school.edu \
-D "cn=ldapuser,ou=special accounts,ou=unit,dc=school,dc=edu" \
-b "ou=unit,dc=school,dc=edu" \
"(attr=value)"
And once we enter the ldapuser password, we get our results back just
as expected. (Without the password we get empty, so authentication
from the command-line is confirmed.)
So -- we translated those specs into the XML of jldap-beans.xml and
recompiled (mvn clean install sakai:deploy) and...
No catalina.out messages, no stack traces, no runs no hits no errors.
:( Sakai still authenticates internal users just fine, but it's as if
there's no external LDAP at all. (We conscientiously mis-configured a
few variables in jldap-beans.xml earlier to make sure we would see
something in the logs, and yep, stack traces abounded. Then we put the
variables 'right' and... no info at all!)
We're looking for some (hopefully LDAP-savvy) tools or tricks to see
if/how Sakai is actually trying to communicate with the AD server,
either on the Linux end, Windows end, or both. Network sniffers? LDAP
forwarding proxy?
Ideas?
--
will trillich
"Tis the set of the sails / And not the gales / That tells the way we
go." -- Ella Wheeler Wilcox
More information about the sakai-dev
mailing list