[Building Sakai] Sakai LDAP integration
Jaco Gillman
jaco at opencollab.co.za
Thu Jun 21 23:57:34 PDT 2012
Hi all
I am having difficulty configuring LDAP authentication for Sakai. I have
tried setting the "secureConnection" property to true and false. I am not
very knowledgeable on LDAP Security, so after playing around with the
configuration I realized the LDAP instance is secure, so
then secureConnection must be set to true. Is the following properties
still required: keystoreLocation, keystorePassword, secureSocketFactory
(from the comments, all these is required if secureConnection is true)?
<!-- If secureConnection is true, a keystore location must be provided
unless javax.net.ssl.trustStore system property has already been
set -->
<!--property name="keystoreLocation">
<value>/usually/set/at/startup</value>
</property-->
<!-- If secureConnection is true, a keystore password must be provided
unless javax.net.ssl.trustStorePassword system property has already
been set -->
<!--property name="keystorePassword">
<value>usually-set-at-startup</value>
</property-->
<!-- Optional. DN to which to bind for directory searches.
Typically only necessary if autoBind is true -->
<!-- property name="ldapUser">
<value>attr=value,attr=value,attr=value</value>
</property -->
<!-- Optional. Password for ldapUser defined above -->
<!-- property name="ldapPassword">
<value>usually-set-this-value-in-security-dot-properties</value>
</property -->
<!-- Optional. Enables/disables secure LDAP connections.
defaults to JLDAPDirectoryProvider.DEFAULT_IS_SECURE_CONNECTION (false) -->
<property name="secureConnection">
<value>true</value>
</property>
<!-- Optional. If secureConnection is true, this socket
factory
will be assigned globally to LDAPConnections. Defaults to an
instance of com.novell.ldap.LDAPJSSESecureSocketFactory, which
is appropriate for SSL connections. Use
com.novell.ldap.LDAPJSSEStartTLSFactory for TLS. -->
<!-- property name="secureSocketFactory">
<bean class="com.novell.ldap.LDAPJSSESecureSocketFactory" />
</property -->
If "secureConnection" is false, I get this exception:
012-06-21 18:41:36,761 ERROR TP-Processor7
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/sakai-login-tool].[sakai.login]
- Servlet.service() for servlet sakai.login threw exception
java.lang.RuntimeException: searchDirectory(): RuntimeException while
executing search [baseDN = null][filter = cn=ikamva_stud][return attribs =
null][max results = 1]
at
edu.amc.sakai.user.JLDAPDirectoryProvider.searchDirectory(JLDAPDirectoryProvider.java:975)
at
edu.amc.sakai.user.JLDAPDirectoryProvider.searchDirectoryForSingleEntry(JLDAPDirectoryProvider.java:861)
at
edu.amc.sakai.user.JLDAPDirectoryProvider.getUserByEid(JLDAPDirectoryProvider.java:783)
at
edu.amc.sakai.user.JLDAPDirectoryProvider.getUserByEid(JLDAPDirectoryProvider.java:737)
at
edu.amc.sakai.user.JLDAPDirectoryProvider.getUser(JLDAPDirectoryProvider.java:595)
at
org.sakaiproject.user.impl.BaseUserDirectoryService.getProvidedUserByEid(BaseUserDirectoryService.java:650)
at
org.sakaiproject.user.impl.BaseUserDirectoryService.getUserByEid(BaseUserDirectoryService.java:758)
at
org.sakaiproject.user.impl.BaseUserDirectoryService.getInternallyAuthenticatedUser(BaseUserDirectoryService.java:1535)
at
org.sakaiproject.user.impl.BaseUserDirectoryService.authenticate(BaseUserDirectoryService.java:1520)
at
org.sakaiproject.user.impl.UserAuthnComponent.authenticate(UserAuthnComponent.java:108)
at
org.sakaiproject.login.impl.LoginServiceComponent.authenticate(LoginServiceComponent.java:90)
at
org.sakaiproject.login.tool.SkinnableLogin.doPost(SkinnableLogin.java:244)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:647)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
at
org.sakaiproject.util.RequestFilter.doFilter(RequestFilter.java:598)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
at
org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:659)
at
org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:457)
at
org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:359)
at
org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:311)
at
org.sakaiproject.tool.impl.ActiveToolComponent$MyActiveTool.help(ActiveToolComponent.java:581)
at
org.sakaiproject.portal.charon.SkinnableCharonPortal.doLogin(SkinnableCharonPortal.java:954)
at
org.sakaiproject.portal.charon.handlers.XLoginHandler.doGet(XLoginHandler.java:61)
at
org.sakaiproject.portal.charon.handlers.XLoginHandler.doPost(XLoginHandler.java:50)
at
org.sakaiproject.portal.charon.SkinnableCharonPortal.doPost(SkinnableCharonPortal.java:1224)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:647)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
at
org.sakaiproject.util.RequestFilter.doFilter(RequestFilter.java:659)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:172)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174)
at
org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:200)
at
org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:291)
at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:775)
at
org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:704)
at
org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:897)
at
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689)
at java.lang.Thread.run(Thread.java:662)
Caused by: java.lang.RuntimeException: failed to get pooled connection
at
edu.amc.sakai.user.PoolingLdapConnectionManager.getConnection(PoolingLdapConnectionManager.java:94)
at
edu.amc.sakai.user.JLDAPDirectoryProvider.searchDirectory(JLDAPDirectoryProvider.java:913)
... 47 more
Caused by: java.util.NoSuchElementException: Could not create a validated
object, cause: ValidateObject failed
at
org.apache.commons.pool.impl.GenericObjectPool.borrowObject(GenericObjectPool.java:1226)
at
edu.amc.sakai.user.PoolingLdapConnectionManager.getConnection(PoolingLdapConnectionManager.java:89)
... 48 more
Regards,
*Jaco Gillman***
Java Developer
opencollab
*Tel*: +27 21 970 4017 | *Fax*:* *+27 21 914 3098**
*Email*: jaco at opencollab.co.za | *Skype*: gillmanjc
*Web*: www.opencollab.co.za
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/sakai-dev/attachments/20120622/ed5dc705/attachment.html
More information about the sakai-dev
mailing list