[Building Sakai] Sakai LDAP integration
Steve Swinsburg
steve.swinsburg at gmail.com
Fri Jun 22 01:01:30 PDT 2012
Hi Jaco,
Have you tried using an LDAP client to connect to your LDAP server first? I always recommend this as you can plugin in the settings and off you go. Then you just transfer them into the Sakai LDAP config.
Something like LDapper [1] for the Mac, or JXplorer for a cross platform app [2]. You could even use the command line.
cheers,
Steve
[1] http://carl-bell-2.baylor.edu/~Carl_Bell/ReadMeFiles/LDapper.html
[2] http://jxplorer.org/
On 22/06/2012, at 4:57 PM, Jaco Gillman wrote:
> Hi all
>
> I am having difficulty configuring LDAP authentication for Sakai. I have tried setting the "secureConnection" property to true and false. I am not very knowledgeable on LDAP Security, so after playing around with the configuration I realized the LDAP instance is secure, so then secureConnection must be set to true. Is the following properties still required: keystoreLocation, keystorePassword, secureSocketFactory (from the comments, all these is required if secureConnection is true)?
>
>
> <!-- If secureConnection is true, a keystore location must be provided
> unless javax.net.ssl.trustStore system property has already been
> set -->
> <!--property name="keystoreLocation">
> <value>/usually/set/at/startup</value>
> </property-->
>
> <!-- If secureConnection is true, a keystore password must be provided
> unless javax.net.ssl.trustStorePassword system property has already
> been set -->
> <!--property name="keystorePassword">
> <value>usually-set-at-startup</value>
> </property-->
>
> <!-- Optional. DN to which to bind for directory searches.
> Typically only necessary if autoBind is true -->
> <!-- property name="ldapUser">
> <value>attr=value,attr=value,attr=value</value>
> </property -->
>
> <!-- Optional. Password for ldapUser defined above -->
> <!-- property name="ldapPassword">
> <value>usually-set-this-value-in-security-dot-properties</value>
> </property -->
>
> <!-- Optional. Enables/disables secure LDAP connections.
> defaults to JLDAPDirectoryProvider.DEFAULT_IS_SECURE_CONNECTION (false) -->
> <property name="secureConnection">
> <value>true</value>
> </property>
>
> <!-- Optional. If secureConnection is true, this socket factory
> will be assigned globally to LDAPConnections. Defaults to an
> instance of com.novell.ldap.LDAPJSSESecureSocketFactory, which
> is appropriate for SSL connections. Use
> com.novell.ldap.LDAPJSSEStartTLSFactory for TLS. -->
> <!-- property name="secureSocketFactory">
> <bean class="com.novell.ldap.LDAPJSSESecureSocketFactory" />
> </property -->
>
> If "secureConnection" is false, I get this exception:
>
> 012-06-21 18:41:36,761 ERROR TP-Processor7 org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/sakai-login-tool].[sakai.login] - Servlet.service() for servlet sakai.login threw exception
> java.lang.RuntimeException: searchDirectory(): RuntimeException while executing search [baseDN = null][filter = cn=ikamva_stud][return attribs = null][max results = 1]
> at edu.amc.sakai.user.JLDAPDirectoryProvider.searchDirectory(JLDAPDirectoryProvider.java:975)
> at edu.amc.sakai.user.JLDAPDirectoryProvider.searchDirectoryForSingleEntry(JLDAPDirectoryProvider.java:861)
> at edu.amc.sakai.user.JLDAPDirectoryProvider.getUserByEid(JLDAPDirectoryProvider.java:783)
> at edu.amc.sakai.user.JLDAPDirectoryProvider.getUserByEid(JLDAPDirectoryProvider.java:737)
> at edu.amc.sakai.user.JLDAPDirectoryProvider.getUser(JLDAPDirectoryProvider.java:595)
> at org.sakaiproject.user.impl.BaseUserDirectoryService.getProvidedUserByEid(BaseUserDirectoryService.java:650)
> at org.sakaiproject.user.impl.BaseUserDirectoryService.getUserByEid(BaseUserDirectoryService.java:758)
> at org.sakaiproject.user.impl.BaseUserDirectoryService.getInternallyAuthenticatedUser(BaseUserDirectoryService.java:1535)
> at org.sakaiproject.user.impl.BaseUserDirectoryService.authenticate(BaseUserDirectoryService.java:1520)
> at org.sakaiproject.user.impl.UserAuthnComponent.authenticate(UserAuthnComponent.java:108)
> at org.sakaiproject.login.impl.LoginServiceComponent.authenticate(LoginServiceComponent.java:90)
> at org.sakaiproject.login.tool.SkinnableLogin.doPost(SkinnableLogin.java:244)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:647)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
> at org.sakaiproject.util.RequestFilter.doFilter(RequestFilter.java:598)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
> at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:659)
> at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:457)
> at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:359)
> at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:311)
> at org.sakaiproject.tool.impl.ActiveToolComponent$MyActiveTool.help(ActiveToolComponent.java:581)
> at org.sakaiproject.portal.charon.SkinnableCharonPortal.doLogin(SkinnableCharonPortal.java:954)
> at org.sakaiproject.portal.charon.handlers.XLoginHandler.doGet(XLoginHandler.java:61)
> at org.sakaiproject.portal.charon.handlers.XLoginHandler.doPost(XLoginHandler.java:50)
> at org.sakaiproject.portal.charon.SkinnableCharonPortal.doPost(SkinnableCharonPortal.java:1224)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:647)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
> at org.sakaiproject.util.RequestFilter.doFilter(RequestFilter.java:659)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
> at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
> at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:172)
> at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174)
> at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:200)
> at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:291)
> at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:775)
> at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:704)
> at org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:897)
> at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689)
> at java.lang.Thread.run(Thread.java:662)
> Caused by: java.lang.RuntimeException: failed to get pooled connection
> at edu.amc.sakai.user.PoolingLdapConnectionManager.getConnection(PoolingLdapConnectionManager.java:94)
> at edu.amc.sakai.user.JLDAPDirectoryProvider.searchDirectory(JLDAPDirectoryProvider.java:913)
> ... 47 more
> Caused by: java.util.NoSuchElementException: Could not create a validated object, cause: ValidateObject failed
> at org.apache.commons.pool.impl.GenericObjectPool.borrowObject(GenericObjectPool.java:1226)
> at edu.amc.sakai.user.PoolingLdapConnectionManager.getConnection(PoolingLdapConnectionManager.java:89)
> ... 48 more
>
>
>
>
> Regards,
>
>
> Jaco Gillman
> Java Developer
> opencollab
> Tel: +27 21 970 4017 | Fax: +27 21 914 3098
> Email: jaco at opencollab.co.za | Skype: gillmanjc
> Web: www.opencollab.co.za
>
>
>
>
>
>
> _______________________________________________
> sakai-dev mailing list
> sakai-dev at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>
> TO UNSUBSCRIBE: send email to sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of "unsubscribe"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/sakai-dev/attachments/20120622/90b06140/attachment.html
More information about the sakai-dev
mailing list