[Building Sakai] SAKAI LDAP configuration
Rashid, Amir
arashid at bu.edu
Wed Jul 9 05:58:22 PDT 2014
Hi
Following properties are being used in the jldap-beans.xml file.
Thanks,
--Amir
Amir Rashid - 617.358.2782
Boston University - SMG ITS
<property name="memoryService">
<ref bean="org.sakaiproject.memory.api.MemoryService"/>
</property>
<!-- Required. Host name or address of your LDAP server -->
<property name="ldapHost">
<value>XX.XX.XXX</value>
</property>
<!-- Optional. LDAP connection port. Typically defaults to
JLDAPDirectoryProvider.DEFAULT_LDAP_PORT (389). Secured
connections are usually on 636 -->
<property name="ldapPort">
<value>389</value>
</property>
<!-- If secureConnection is true, a keystore location must be provided
unless javax.net.ssl.trustStore system property has already been
set -->
<!--property name="keystoreLocation">
<value>/usually/set/at/startup</value>
</property-->
<!-- If secureConnection is true, a keystore password must be provided
unless javax.net.ssl.trustStorePassword system property has already
been set -->
<!--property name="keystorePassword">
<value>usually-set-at-startup</value>
</property-->
<!-- Optional. DN to which to bind for directory searches.
Typically only necessary if autoBind is true -->
<property name=“ldapUser”>
<value>cn=XXXXXXX,OU=people,dc=XX,dc=XX,dc=XXX</value>
</property>
<!-- Optional. Password for ldapUser defined above -->
<property name=“ldapPassword”>
<value>XXXXXXXXXX</value>
</property>
<!-- Optional. Enables/disables secure LDAP connections.
defaults to JLDAPDirectoryProvider.DEFAULT_IS_SECURE_CONNECTION (false) -->
<property name="secureConnection">
<value>false</value>
</property>
<!-- Optional. Indicate if connection allocation should
implicitly bind as ${ldapUser}. Defaults to false -->
<property name="autoBind">
<value>true</value>
</property>
<!-- Optional, but usually specified. Base DN for directory searches. -->
<property name="basePath">
<value>dc=XX,dc=XX,dc=XXX</value>
</property>
<!-- Optional. Indicate if connections should follow
referrals. Defaults to
JLDAPDirectoryProvider.DEFAULT_IS_FOLLOW_REFERRALS (false)-->
<property name="followReferrals">
<value>false</value>
</property>
<property name="caseSensitiveCacheKeys">
<value>false</value>
</property>
<property name="ldapAttributeMapper">
<ref bean="edu.amc.sakai.user.LdapAttributeMapper" />
</property>
<!-- Optional. If you don't provide an eidValidator the system
defaults to allowing searches on any EID, including empty
and null Strings. -->
<property name="eidValidator">
<bean class="edu.amc.sakai.user.RegexpBlacklistEidValidator">
<property name="regexpFlags">
<bean id="java.util.regex.Pattern.CASE_INSENSITIVE"
class="org.springframework.beans.factory.config.FieldRetrievingFactoryBean" />
</property>
<property name="eidBlacklist">
<list>
<value>null</value>
<!--value>nobody</value-->
<!--value>adversary</value-->
</list>
</property>
</bean>
</property>
<property name="searchAliases"><value>false</value></property>
</bean>
<!-- An optional bean definition which can be used to customize LDAP
attribute to Sakai User instance member mapping behaviors. This
example describes availabel configuration options for SimpleLdapAttributeMapper
(the default LdapAttributeMapper implementation). -->
<bean id="edu.amc.sakai.user.LdapAttributeMapper"
class="edu.amc.sakai.user.SimpleLdapAttributeMapper"
init-method="init"
singleton="true">
<!-- A typical set of attribute mappings. Keys are logical
names expected by the application. Values are physical LDAP
attribute names. If not specified or empty, defaults to
AttributeMappingConstants.DEFAULT_ATTR_MAPPINGS. -->
<property name="attributeMappings">
<map>
<entry key="login"><value>sAMAccountName</value></entry>
<entry key="firstName"><value>givenName</value></entry>
<!--entry key="preferredFirstName"><value>preferredName</value></entry-->
<entry key="lastName"><value>sn</value></entry>
<entry key="email"><value>mail</value></entry>
<entry key="groupMembership"><value>groupMembership</value></entry>
<!--entry key="jpegPhoto"><value>jpegPhoto</value></entry -->
</map>
</property>
<!-- Several options for calculating Sakai user types based
on LDAP attributes. Defaults to an instance of EmptyStringUserTypeMapper -->
<property name="userTypeMapper">
<!-- Select one of the following beans -->
<!--ref bean="edu.amc.sakai.user.EmptyStringUserTypeMapper" /-->
<!-- ref bean="edu.amc.sakai.user.EntryAttributeToUserTypeMapper" /-->
<!-- ref bean="edu.amc.sakai.user.EntryContainerRdnToUserTypeMapper" /-->
<ref bean="edu.amc.sakai.user.StringUserTypeMapper" />
</property>
</bean>
From: Steve Swinsburg <steve.swinsburg at gmail.com<mailto:steve.swinsburg at gmail.com>>
Date: Tuesday, July 8, 2014 at 11:56 PM
To: "Rashid, Amir" <arashid at bu.edu<mailto:arashid at bu.edu>>
Cc: "sakai-dev at collab.sakaiproject.org<mailto:sakai-dev at collab.sakaiproject.org>" <sakai-dev at collab.sakaiproject.org<mailto:sakai-dev at collab.sakaiproject.org>>
Subject: Re: [Building Sakai] SAKAI LDAP configuration
Looks like you need to provide a username and password in the LDAP config to get a bind. What are your LDAP settings from jldap-beans.xml ?
On Wed, Jul 9, 2014 at 5:36 AM, Rashid, Amir <arashid at bu.edu<mailto:arashid at bu.edu>> wrote:
Hi Folks,
I have 2.81 in production right now. I am using one of the test machine to install SAKAI 10. I am trying to configure it to use LDAP the same as 2.8. Included is the trace from the log file. I can intermittently log in if I try it a few times. Please let me know if there are any undocumented configuration changes to the LDAP configuration settings .
I will appreciate your help in this matter.
--Amir
Amir Rashid - 617.358.2782
Boston University - SMG ITS
2014-07-08 13:26:36,428 WARN ajp-bio-8009-exec-14 org.sakaiproject.portal.util.ErrorReporter - Bug Report bug-id: 573880ae-c5b0-42f5-8b47-534991e591a0 user: null usage-session: null time: Jul 8, 2014 13:26:36 user comment: null stack trace
org.sakaiproject.portal.api.PortalHandlerException: java.lang.RuntimeException: authenticateUser(): LDAPException during authentication attempt [userLogin = arashid][result code = Operations Error][error message = 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece]
at org.sakaiproject.portal.charon.handlers.ReLoginHandler.doPost(ReLoginHandler.java:50)
caused by: java.lang.RuntimeException: authenticateUser(): LDAPException during authentication attempt [userLogin = arashid][result code = Operations Error][error message = 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece]
at org.sakaiproject.user.impl.BaseUserDirectoryService.getProviderAuthenticatedUser(BaseUserDirectoryService.java:1668)
caused by: LDAPException: Operations Error (1) Operations Error
LDAPException: Server Message: 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece
LDAPException: Matched DN:
at com.novell.ldap.LDAPResponse.getResultException(null:-1)
at com.novell.ldap.LDAPResponse.chkResultCode(null:-1)
at com.novell.ldap.LDAPSearchResults.next(null:-1)
at edu.amc.sakai.user.JLDAPDirectoryProvider.searchDirectory(JLDAPDirectoryProvider.java:959)
at edu.amc.sakai.user.JLDAPDirectoryProvider.searchDirectoryForSingleEntry(JLDAPDirectoryProvider.java:856)
at edu.amc.sakai.user.JLDAPDirectoryProvider.getUserByEid(JLDAPDirectoryProvider.java:778)
at edu.amc.sakai.user.JLDAPDirectoryProvider.lookupUserBindDn(JLDAPDirectoryProvider.java:820)
at edu.amc.sakai.user.JLDAPDirectoryProvider.authenticateUser(JLDAPDirectoryProvider.java:397)
at org.sakaiproject.user.impl.BaseUserDirectoryService.getProviderAuthenticatedUser(BaseUserDirectoryService.java:1668)
at org.sakaiproject.user.impl.BaseUserDirectoryService.authenticate(BaseUserDirectoryService.java:1611)
at org.sakaiproject.user.impl.UserAuthnComponent.authenticate(UserAuthnComponent.java:108)
at org.sakaiproject.login.impl.LoginServiceComponent.authenticate(LoginServiceComponent.java:90)
at org.sakaiproject.login.tool.SkinnableLogin.doPost(SkinnableLogin.java:302)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:646)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.sakaiproject.util.RequestFilter.doFilter(RequestFilter.java:394)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:748)
at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:486)
at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:378)
at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:338)
at org.sakaiproject.tool.impl.ActiveToolComponent$MyActiveTool.help(ActiveToolComponent.java:583)
at org.sakaiproject.portal.charon.SkinnableCharonPortal.doLogin(SkinnableCharonPortal.java:997)
at org.sakaiproject.portal.charon.handlers.ReLoginHandler.doGet(ReLoginHandler.java:65)
at org.sakaiproject.portal.charon.handlers.ReLoginHandler.doPost(ReLoginHandler.java:50)
at org.sakaiproject.portal.charon.SkinnableCharonPortal.doPost(SkinnableCharonPortal.java:1296)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:646)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.sakaiproject.util.RequestFilter.doFilter(RequestFilter.java:455)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:193)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:607)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:314)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
Tool Placement:
No Placement
Request:
: AuthType:null
: CharEncoding:UTF-8
: ContentLength:38
: ContentType:application/x-www-form-urlencoded
: ContextPath:/portal
: LocalAddress:smgcms1.bu.edu<http://bu.edu/>
: LocalName:smgcms1.bu.edu<http://smgcms1.bu.edu/>
: LocalPort:443
: Method:POST
: PathInfo:/relogin
: Protocol:HTTP/1.1
: QueryString:null
: RemoteAddress:168.122.33.194
: RemoteHost:168.122.33.194
: RemotePort:-1
: Requested URL:https://smgcms1.bu.edu/portal/relogin<http://smgcms1.bu.edu/portal/relogin>
: Scheme:https
: ServerName:smgcms1.bu.edu<http://smgcms1.bu.edu/>
: Headers:
: Header:host:smgcms1.bu.edu<http://bu.edu/>
: Header:connection:keep-alive
: Header:content-length:38
: Header:Cache-Control:max-age=0
: Header:accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
: Header:Origin:https://smgcms1.bu.edu<http://smgcms1.bu.edu/>
: Header:user-agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36
: Header:content-type:application/x-www-form-urlencoded
: Header:DNT:1
: Header:referer:https://smgcms1.bu.edu/portal/login<http://smgcms1.bu.edu/portal/login>
: Header:accept-encoding:gzip,deflate,sdch
: Header:accept-language:en-US,en;q=0.8
: Header:cookie:---censored---
: Parameters:
: Parameter:eid:0:----censored----
: Parameter:pw:0:----censored----
: Parameter:submit:0:Login
: Attributes:
: Attribute:javax.servlet.request.ssl_session:1C4C47A3FFAEEA4FAF017B65F33A916271C8B1293EB3487C9F7EEC25B8206C46
: Attribute:javax.servlet.request.ssl_session_id:1C4C47A3FFAEEA4FAF017B65F33A916271C8B1293EB3487C9F7EEC25B8206C46
: Attribute:sakai.character.encoding.done:sakai.character.encoding.done
: Attribute:javax.servlet.request.key_size:128
: Attribute:sakai.filtered:sakai.filtered
: Attribute:javax.servlet.request.cipher_suite:DHE-RSA-AES128-SHA
: Attribute:sakai.session:MyS_null{60cc469c-90b1-4a78-9bce-f06c3cc1c81a, userId='null', at=8, ts=2, cs=2, Tue Jul 08 13:24:53 EDT 2014}
Session:
: Created:1404840293523
: LastAccess:1404840396425
: CreationDateAndTime:Tuesday, July 8, 2014
: LastAccessDateAndTime:Tuesday, July 8, 2014
: MaxInactive:3600
: Attributes:
: Attribute:portalskin:neoskin
_______________________________________________
sakai-dev mailing list
sakai-dev at collab.sakaiproject.org<mailto:sakai-dev at collab.sakaiproject.org>
http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
TO UNSUBSCRIBE: send email to sakai-dev-unsubscribe at collab.sakaiproject.org<mailto:sakai-dev-unsubscribe at collab.sakaiproject.org> with a subject of "unsubscribe"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/sakai-dev/attachments/20140709/f0ab7b06/attachment.html
More information about the sakai-dev
mailing list