[Building Sakai] Sakai LDAP integration

Steve Swinsburg steve.swinsburg at gmail.com
Fri Jun 22 01:01:30 PDT 2012 

Hi Jaco,

Have you tried using an LDAP client to connect to your LDAP server first? I always recommend this as you can plugin in the settings and off you go. Then you just transfer them into the Sakai LDAP config.
Something like LDapper [1]  for the Mac, or JXplorer for a cross platform app [2]. You could even use the command line.

cheers,
Steve

[1] http://carl-bell-2.baylor.edu/~Carl_Bell/ReadMeFiles/LDapper.html 
[2] http://jxplorer.org/


On 22/06/2012, at 4:57 PM, Jaco Gillman wrote:

> Hi all
> 
> I am having difficulty configuring LDAP authentication for Sakai. I have tried setting the "secureConnection" property to true and false. I am not very knowledgeable on LDAP Security, so after playing around with the configuration I realized the LDAP instance is secure, so then secureConnection must be set to true. Is the following properties still required: keystoreLocation, keystorePassword, secureSocketFactory (from the comments, all these is required if secureConnection is true)?
> 
> 
> <!--  If secureConnection is true, a keystore location must be provided
> 			unless javax.net.ssl.trustStore system property has already been 
> 			set -->
> 		<!--property name="keystoreLocation">
> 			<value>/usually/set/at/startup</value>
> 		</property-->
> 
> 		<!--  If secureConnection is true, a keystore password must be provided
> 			unless javax.net.ssl.trustStorePassword system property has already
> 			been set -->
> 		<!--property name="keystorePassword">
> 			<value>usually-set-at-startup</value>
> 		</property-->
> 
> 		<!-- Optional. DN to which to bind for directory searches. 
> 			Typically only necessary if autoBind is true -->
> 		<!-- property name="ldapUser">
> 			<value>attr=value,attr=value,attr=value</value>
> 		</property -->
> 
> 		<!-- Optional. Password for ldapUser defined above -->
> 		<!--  property name="ldapPassword">
> 			<value>usually-set-this-value-in-security-dot-properties</value>
> 		</property -->
> 
> 		<!-- Optional. Enables/disables secure LDAP connections.
> 			defaults to JLDAPDirectoryProvider.DEFAULT_IS_SECURE_CONNECTION (false) -->
> 		<property name="secureConnection">
> 			<value>true</value>
> 		</property>
> 
>                 <!-- Optional. If secureConnection is true, this socket factory
> 			will be assigned globally to LDAPConnections. Defaults to an
> 			instance of com.novell.ldap.LDAPJSSESecureSocketFactory, which
> 			is appropriate for SSL connections. Use 
> 			com.novell.ldap.LDAPJSSEStartTLSFactory for TLS. -->
> 		<!-- property name="secureSocketFactory">
> 			<bean class="com.novell.ldap.LDAPJSSESecureSocketFactory" />
> 		</property -->
> 
> If "secureConnection" is false, I get this exception:
> 
> 012-06-21 18:41:36,761 ERROR TP-Processor7 org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/sakai-login-tool].[sakai.login] - Servlet.service() for servlet sakai.login threw exception
> java.lang.RuntimeException: searchDirectory(): RuntimeException while executing search [baseDN = null][filter = cn=ikamva_stud][return attribs = null][max results = 1]
>         at edu.amc.sakai.user.JLDAPDirectoryProvider.searchDirectory(JLDAPDirectoryProvider.java:975)
>         at edu.amc.sakai.user.JLDAPDirectoryProvider.searchDirectoryForSingleEntry(JLDAPDirectoryProvider.java:861)
>         at edu.amc.sakai.user.JLDAPDirectoryProvider.getUserByEid(JLDAPDirectoryProvider.java:783)
>         at edu.amc.sakai.user.JLDAPDirectoryProvider.getUserByEid(JLDAPDirectoryProvider.java:737)
>         at edu.amc.sakai.user.JLDAPDirectoryProvider.getUser(JLDAPDirectoryProvider.java:595)
>         at org.sakaiproject.user.impl.BaseUserDirectoryService.getProvidedUserByEid(BaseUserDirectoryService.java:650)
>         at org.sakaiproject.user.impl.BaseUserDirectoryService.getUserByEid(BaseUserDirectoryService.java:758)
>         at org.sakaiproject.user.impl.BaseUserDirectoryService.getInternallyAuthenticatedUser(BaseUserDirectoryService.java:1535)
>         at org.sakaiproject.user.impl.BaseUserDirectoryService.authenticate(BaseUserDirectoryService.java:1520)
>         at org.sakaiproject.user.impl.UserAuthnComponent.authenticate(UserAuthnComponent.java:108)
>         at org.sakaiproject.login.impl.LoginServiceComponent.authenticate(LoginServiceComponent.java:90)
>         at org.sakaiproject.login.tool.SkinnableLogin.doPost(SkinnableLogin.java:244)
>         at javax.servlet.http.HttpServlet.service(HttpServlet.java:647)
>         at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
>         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
>         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
>         at org.sakaiproject.util.RequestFilter.doFilter(RequestFilter.java:598)
>         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
>         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
>         at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:659)
>         at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:457)
>         at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:359)
>         at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:311)
>         at org.sakaiproject.tool.impl.ActiveToolComponent$MyActiveTool.help(ActiveToolComponent.java:581)
>         at org.sakaiproject.portal.charon.SkinnableCharonPortal.doLogin(SkinnableCharonPortal.java:954)
>         at org.sakaiproject.portal.charon.handlers.XLoginHandler.doGet(XLoginHandler.java:61)
>         at org.sakaiproject.portal.charon.handlers.XLoginHandler.doPost(XLoginHandler.java:50)
>         at org.sakaiproject.portal.charon.SkinnableCharonPortal.doPost(SkinnableCharonPortal.java:1224)
>         at javax.servlet.http.HttpServlet.service(HttpServlet.java:647)
>         at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
>         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
>         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
>         at org.sakaiproject.util.RequestFilter.doFilter(RequestFilter.java:659)
>         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
>         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
>         at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
>         at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:172)
>         at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
>         at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
>         at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
>         at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174)
>         at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:200)
>         at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:291)
>         at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:775)
>         at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:704)
>         at org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:897)
>         at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689)
>         at java.lang.Thread.run(Thread.java:662)
> Caused by: java.lang.RuntimeException: failed to get pooled connection
>         at edu.amc.sakai.user.PoolingLdapConnectionManager.getConnection(PoolingLdapConnectionManager.java:94)
>         at edu.amc.sakai.user.JLDAPDirectoryProvider.searchDirectory(JLDAPDirectoryProvider.java:913)
>         ... 47 more
> Caused by: java.util.NoSuchElementException: Could not create a validated object, cause: ValidateObject failed
>         at org.apache.commons.pool.impl.GenericObjectPool.borrowObject(GenericObjectPool.java:1226)
>         at edu.amc.sakai.user.PoolingLdapConnectionManager.getConnection(PoolingLdapConnectionManager.java:89)
>         ... 48 more
> 
> 
> 
> 
> Regards,
> 
> 
> Jaco Gillman
> Java Developer
> opencollab
> Tel: +27 21 970 4017  |  Fax: +27 21 914 3098
> Email: jaco at opencollab.co.za  |  Skype: gillmanjc
> Web: www.opencollab.co.za
> 
> 
> 
> 
> 
> 
> _______________________________________________
> sakai-dev mailing list
> sakai-dev at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
> 
> TO UNSUBSCRIBE: send email to sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of "unsubscribe"

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/sakai-dev/attachments/20120622/90b06140/attachment.html

More information about the sakai-dev mailing list