[Building Sakai] Looking for debugging tips -- Sakai vs. AD

Kevin P. Foote kpfoote at iup.edu
Fri Aug 7 13:33:40 PDT 2009 

Couple things.. don't know if you've tried these .. 

make sure you set your logging to DEBUG for ldap .. if you have not
already.

log.config.count=1
log.config.1 = DEBUG.edu.amc.sakai.user.JLDAPDirectoryProvider

And watch the ldap server event log on the AD side you should see a few logins 
for your 'search' users. 

------
thanks
  kevin.foote

On Fri, 7 Aug 2009, will at serensoft.com wrote:

-> Short version:
-> 
-> We have Sakai (running on Debian) trying to authenticate against
-> Active Directory (on windows of course) but are having no success. Are
-> there linux/windows tools/tricks you folks would recommend to check
-> for/confirm Sakai/LDAP traffic?
-> 
-> 
-> Long version:
-> 
-> Sakai authenticates internal-only users just fine. So the database
-> (MySQL 5.0.51a) is fine, the OS (Debian 5.0.2) is fine, Sakai (2.6.x
-> r65601) is fine.
-> 
-> We can connect to the Active Directory LDAP server via ldapsearch on
-> the command line:
->   $ ldapsearch -W -x -H ldap://ldap.school.edu \
->     -D "cn=ldapuser,ou=special accounts,ou=unit,dc=school,dc=edu" \
->     -b "ou=unit,dc=school,dc=edu" \
->     "(attr=value)"
-> 
-> And once we enter the ldapuser password, we get our results back just
-> as expected. (Without the password we get empty, so authentication
-> from the command-line is confirmed.)
-> 
-> So -- we translated those specs into the XML of jldap-beans.xml and
-> recompiled (mvn clean install sakai:deploy) and...
-> 
-> No catalina.out messages, no stack traces, no runs no hits no errors.
-> :( Sakai still authenticates internal users just fine, but it's as if
-> there's no external LDAP at all. (We conscientiously mis-configured a
-> few variables in jldap-beans.xml earlier to make sure we would see
-> something in the logs, and yep, stack traces abounded. Then we put the
-> variables 'right' and... no info at all!)
-> 
-> We're looking for some (hopefully LDAP-savvy) tools or tricks to see
-> if/how Sakai is actually trying to communicate with the AD server,
-> either on the Linux end, Windows end, or both. Network sniffers? LDAP
-> forwarding proxy?
-> 
-> Ideas?
-> 
-> -- 
-> will trillich
-> "Tis the set of the sails / And not the gales / That tells the way we
-> go." -- Ella Wheeler Wilcox
-> _______________________________________________
-> sakai-dev mailing list
-> sakai-dev at collab.sakaiproject.org
-> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
-> 
-> TO UNSUBSCRIBE: send email to sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of "unsubscribe"
->

More information about the sakai-dev mailing list