[Building Sakai] Usage of LDAP attributes for Signon and Course/Site Management
Ray Davis
ray at media.berkeley.edu
Thu Mar 11 14:36:02 PST 2010
> The diff in kernel-impl.diff is for the BaseUserDirectoryService.java. I
> had to change the function call from ensureMappedIdForProvidedUser to
> checkAndEnsureMappedIdForProvidedUser because the first time Sakai
> searches for the Sakai ID, it does so with the login id which is not
> what we want to use as the EID. Changing the function call forces Sakai
> to look for an internal ID using the correct EID obtained from LDAP.
It's possible that the AuthenticatedUserProvider functionality
introduced in Sakai 2.5 might help avoid this. "If this interface's
"getAuthenticatedUser" is given a legitimate login ID (not necessarily
the same as the eventual user EID) and a password, the integration
service should both authenticate and return a user record. Internally,
that user record might be supplied by other integration code (using the
usual UserDirectorProvider methods) or by searching the Sakai default
user database (using the UserDirectoryService)." (Quoting
<http://confluence.sakaiproject.org/display/SAKDEV/Creating+Sakai+user+records+from+an+authentication+service>.)
At UC Berkeley, we have a single class implementing
UserDirectoryProvider, AuthenticatedUserProvider, and DisplayAdvisorUDP
to carry on similar shenanigans, and you might be able to layer
something similar into your UDaytonLdapDirectoryProvider code. Here's a
snapshot of our class:
https://source.sakaiproject.org/contrib/ucb/ucb-integration-samples/bspace-user-provider-impl/src/main/java/edu/berkeley/bspace/UserDirectoryProviderBspaceImpl.java
Best,
Ray
On 3/11/10 12:28 PM, mizematr at notes.udayton.edu wrote:
>
> This is something that I also have been working on this week. I think I
> got it working, but in order to do so I had to make some very slight
> changes to the JLDAP Provider, site-manage project, and
> BaseUserDirectoryService.java in the kernel. We will be testing this fix
> all next week before deploying in production. However, changing the
> kernel makes me nervous and I was hoping the community would be willing
> to look at these patches for me (they're very small) and tell me if I
> did anything the wrong way.
>
> Thanks in advance for any feedback you might have.
>
> ==========
> UDaytonLdapDirectoryProvider extends JLDAPDirectoryProvider so that I
> could implement DisplayAdvisorUDP. This allowed me to control what is
> used for the display ID and overrides the default which is to display
> the EID.
>
>
> ==========
> UDaytonLdapAttributeMapper extends SimpleLdapAttributeMapper so that I
> could override mapUserDataOntoUserEdit
>
>
> ==========
> The diff in kernel-impl.diff is for the BaseUserDirectoryService.java. I
> had to change the function call from ensureMappedIdForProvidedUser to
> checkAndEnsureMappedIdForProvidedUser because the first time Sakai
> searches for the Sakai ID, it does so with the login id which is not
> what we want to use as the EID. Changing the function call forces Sakai
> to look for an internal ID using the correct EID obtained from LDAP.
>
>
> ==========
> The diff in site-manage.diff is me using the display ID instead of the
> EID on the add participants pages. There might be other locations which
> are using EID instead of display ID, but we have not yet found them.
>
>
> ==========
> The diff in providers.diff is mostly adding new entries to
> jldap-config.xml (although I've removed the values that we are using for
> security's sake) and a new constant I added to
> AttributeMappingConstants. I also, however, had to change a function
> call in JLDAPDirectoryProvider because it was using the EID from before
> it was mapped from LDAP and so it overwrote the new EID. I simply
> replaced the parameter with the correct EID.
>
> --------------------------------------------------
> Matt Mize, Systems Administrator
> - Pay no attention to the man in the back office....
> Matt.Mize at notes.udayton.edu
> (937) 229-1024
>
> UDit Department, University of Dayton
> 300 College Park, Dayton, OH, 45469-1302
>
>
> *Ishtiaq Ahmad <organic.ishtiaq at gmail.com>*
>
> 03/09/10 11:22 PM
> Please respond to
> organic.ishtiaq at gmail.com
>
>
>
> To
> mizematr at notes.udayton.edu
> cc
>
> Subject
> Re: [Building Sakai] Usage of LDAP attributes for Signon and
> Course/Site Management
>
>
>
>
>
>
> *Ishtiaq Ahmad <**_organic.ishtiaq at gmail.com_*
> <mailto:organic.ishtiaq at gmail.com>*>*
> Sent by: _sakai-dev-bounces at collab.sakaiproject.org_
> <mailto:sakai-dev-bounces at collab.sakaiproject.org>
>
> 03/09/10 08:02 AM
>
>
> Please respond to_
> __organic.ishtiaq at gmail.com_ <mailto:organic.ishtiaq at gmail.com>
>
>
>
> To
> "_sakai-dev at collab.sakaiproject.org_
> <mailto:sakai-dev at collab.sakaiproject.org> Developers"
> <_sakai-dev at collab.sakaiproject.org_
> <mailto:sakai-dev at collab.sakaiproject.org>>
> cc
>
> Subject
> Re: [Building Sakai] Usage of LDAP attributes for Signon and
> Course/Site Management
>
>
>
>
>
>
>
>
>
>
> any one can help me to achieve the following behavior?
>
> On Tue, Mar 9, 2010 at 12:48 PM, Ishtiaq Ahmad
> <_organic.ishtiaq at gmail.com_ <mailto:organic.ishtiaq at gmail.com>> wrote:
>
> Hi All,
>
> I am using Sakai 2.5.4 as a LMS and Active Directory for authentication.
>
> I need to achieve the following behavior, Let me know how can I achieve
> this.?
>
> Following is the format of active directory Person.
>
> cn (commonName) = *abc.efg*
> sn (sirName) = *efg*
> displayName =* abc efg*
> employeeNumber = *12345*
> uid = *abc.efg*
>
>
> I would like to use *uid* for login name, and for further processing i
> want that sakai use *employeeNumber* for site search and any other
> operation in the SAKAI.
>
> For Example
> When I log In to sakai, I would like to use *uid* for authentication
> (*This is is clear to me how to do this configuration*) and after
> authentication Sakai use *employeeNumber* for course sites search of the
> logged In person.
> let suppose site with ID *1* has member as instructor with
> employeeNumber *12345*. If any user *abc.efg* logged in then sakai
> display site with employeeNumber *12345* in his member sites.
>
> How can I change *jldapbean.xml* file configurations to achieve the
> above mapping behavior.
>
> --
> Regards,
> Ishtiaq Ahmad
>
>
>
> --
> Regards,
> Ishtiaq Ahmad_______________________________________________
>
> sakai-dev mailing list_
> __sakai-dev at collab.sakaiproject.org_
> <mailto:sakai-dev at collab.sakaiproject.org>
> _http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>
> TO UNSUBSCRIBE: send email to
> sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of
> "unsubscribe"_
More information about the sakai-dev
mailing list