[Using Sakai] sakai ldap problem
Mustafa Yorukoglu
yorukoglu at sabanciuniv.edu
Fri Jul 29 12:00:01 PDT 2011
Hello Latif,
add the following 2 lines to sakai.properties and restart tomcat. Then watch
catalina.out while trying to login or just attach the related debug lines.
log.config.count=1
log.config.1=DEBUG.edu.amc.sakai.user
Mustafa Y.
2011/7/29 Latif SAĞLAM <lsaglam at anadolu.edu.tr>
> I installed sakai 2.8 binary as follows
> http://source.sakaiproject.org/release/2.8.0/artifacts/sakai-bin-2.8.0.zip<https://cas.porsuk.anadolu.edu.tr/owa/redir.aspx?C=69f5a103a7a24669bd3381b5b15ecd0d&URL=http%3a%2f%2fsource.sakaiproject.org%2frelease%2f2.8.0%2fartifacts%2fsakai-bin-2.8.0.zip>
> ****
>
> My setenv.bat file is below****
>
> ****
>
> set JAVA_OPTS=-server -Xms512m -Xmx1024m -XX:PermSize=128m
> -XX:MaxPermSize=256m -XX:NewSize=192m -XX:MaxNewSize=384m
> -Djava.awt.headless=true -Duser.language=tr -Duser.region=TR
> -Dhttp.agent=Sakai
> -Dorg.apache.jasper.compiler.Parser.STRICT_QUOTE_ESCAPING=false
> -Dsun.lang.ClassLoader.allowArraySyntax=true ****
>
> ****
>
> ****
>
> I installed correctly and it Works.****
>
> ------------**************------------****
>
> ****
>
> ****
>
> my pom.xml in
> C:\opt\tomcat\components\sakai-provider-pack\META-INF\maven\org.sakaiproject\sakai-provider-pack
> below****
>
> ****
>
> <?xml version="1.0"?>****
>
> <project xmlns="http://maven.apache.org/POM/4.0.0">****
>
> <modelVersion>4.0.0</modelVersion>****
>
> <parent>****
>
> <artifactId>providers-base</artifactId>****
>
> <groupId>org.sakaiproject</groupId>****
>
> <version>2.8.0</version>****
>
> <relativePath>../pom.xml</relativePath>****
>
> </parent>****
>
> <name>sakai-provider-pack</name>****
>
> <groupId>org.sakaiproject</groupId>****
>
> <artifactId>sakai-provider-pack</artifactId>****
>
> <organization>****
>
> <name>University of Michigan</name>****
>
> <url>http://sakaiproject.org/</url>****
>
> </organization>****
>
> <inceptionYear>2003</inceptionYear>****
>
> <packaging>sakai-component</packaging>****
>
> <properties>****
>
> <deploy.target>components</deploy.target>****
>
> </properties>****
>
> <dependencies>****
>
> <!-- Needed for the sample provider****
>
> -->****
>
> <dependency>****
>
> <groupId>org.sakaiproject</groupId>****
>
> <artifactId>sakai-sample-provider</artifactId>****
>
> </dependency>****
>
> <!-- -->****
>
> <!--Needed for the JLDAP Provider -->****
>
> <dependency>****
>
>
> <groupId>org.sakaiproject</groupId>****
>
>
> <artifactId>sakai-jldap-provider</artifactId>****
>
>
> <version>${sakai.version}</version>****
>
> <properties>****
>
> <war.bundle>true</war.bundle>****
>
> </properties>****
>
> </dependency>****
>
> ****
>
> <dependency>****
>
> <groupId>openldap</groupId>
> ****
>
>
> <artifactId>ldap</artifactId>****
>
> <version>2005.03.29</version>
> ****
>
> <properties>****
>
> <war.bundle>true</war.bundle>****
>
> </properties>****
>
> </dependency>****
>
> <!-- Needed for the Kerberos Provider-->****
>
> <dependency>****
>
>
> <groupId>org.sakaiproject</groupId>****
>
>
> <artifactId>sakai-kerberos-provider</artifactId>****
>
> ****
>
> </dependency>****
>
> ****
>
> <!-- Needed for the IMS Enterprise Provider****
>
> <dependency>****
>
>
> <groupId>org.sakaiproject</groupId>****
>
>
> <artifactId>sakai-imsent-provider</artifactId>****
>
> ****
>
> </dependency>****
>
> -->****
>
> <!--****
>
> Needed for the (new as of
> Sakai 2.3) CM-based****
>
> AuthzGroupProvider and
> legacy CourseManagementProvider****
>
> -->****
>
> <dependency>****
>
> <groupId>org.sakaiproject</groupId>****
>
> <artifactId>sakai-coursemanagement-authz-provider-impl</artifactId>*
> ***
>
> </dependency>****
>
> <!-- Needed for the Federated provider****
>
> <dependency>****
>
>
> <groupId>org.sakaiproject</groupId>****
>
>
> <artifactId>sakai-federating-provider</artifactId>****
>
> ****
>
> </dependency>****
>
> -->****
>
> <!-- Needed for the All Hands Provider****
>
> <dependency>****
>
>
> <groupId>org.sakaiproject</groupId>****
>
>
> <artifactId>sakai-allhands-provider</artifactId>****
>
> ****
>
> </dependency>****
>
> -->****
>
> <!-- Needed for the K2 Hybrid Provider****
>
> -->****
>
> <dependency>****
>
>
> <groupId>org.sakaiproject.provider</groupId>****
>
>
> <artifactId>sakai-hybrid-provider</artifactId>****
>
> <version>2.8.0</version>***
> *
>
> </dependency>****
>
> ****
>
> <dependency>****
>
> <groupId>openldap</groupId>****
>
> <artifactId>ldap</artifactId>****
>
> <version>2.6.ORC1-SNAPSHOT</version>****
>
> </dependency>****
>
> ****
>
> ****
>
> </dependencies>****
>
> <build>****
>
> <resources/>****
>
> </build>****
>
> </project>****
>
> ****
>
>
> ---------------------------------------------------------**************************-----------------------
> ****
>
> In C:\opt\tomcat\components\sakai-provider-pack\WEB-INF components.xml
> file ok****
>
> ****
>
> <!-- Uncomment and configure to use the JLDAPDirectoryProvider -->****
>
> <import resource="jldap-beans.xml" />****
>
> ****
>
> C:\opt\tomcat\components\sakai-provider-pack\WEB-INF jldap-beans.xml
> file like this****
>
> <?xml version="1.0" encoding="UTF-8"?>****
>
> <!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "
> http://www.springframework.org/dtd/spring-beans.dtd">****
>
> ****
>
> <beans>****
>
> ****
>
> <bean id="org.sakaiproject.user.api.UserDirectoryProvider"
> ****
>
>
> class="edu.amc.sakai.user.JLDAPDirectoryProvider" init-method="init"****
>
> destroy-method="destroy" singleton="true">*
> ***
>
> ****
>
> <property name="memoryService">****
>
> <ref
> bean="org.sakaiproject.memory.api.MemoryService"/>****
>
> </property>****
>
> ****
>
> <!-- Required. Host name or address of your
> LDAP server -->****
>
> <property name="ldapHost">****
>
> <value>10.10.4.180</value>*
> ***
>
> </property>****
>
> ****
>
> <!-- Optional. LDAP connection port.
> Typically defaults to****
>
>
> JLDAPDirectoryProvider.DEFAULT_LDAP_PORT (389). Secured****
>
> connections are usually on
> 636 -->****
>
> <property name="ldapPort">****
>
> <value>10389</value>****
>
> </property>****
>
> ****
>
> <!-- If secureConnection is true, a
> keystore location must be provided****
>
> unless
> javax.net.ssl.trustStore system property has already been****
>
> set -->****
>
> <!--property name="keystoreLocation">****
>
>
> <value>/usually/set/at/startup</value>****
>
> </property-->****
>
> ****
>
> <!-- If secureConnection is true, a
> keystore password must be provided****
>
> unless
> javax.net.ssl.trustStorePassword system property has already****
>
> been set -->****
>
> <!--property name="keystorePassword">****
>
>
> <value>usually-set-at-startup</value>****
>
> </property-->****
>
> ****
>
> <!-- Optional. DN to which to bind for
> directory searches.****
>
> Typically only necessary if
> autoBind is true -->****
>
> <!--property name="ldapUser">****
>
>
> <value>CN=ctest,OU=Test,DC=anadolu1,DC=edu,DC=tr<value>****
>
> </property-->****
>
> ****
>
> <!-- Optional. Password for ldapUser defined
> above -->****
>
> <!--property name="ldapPassword">****
>
> <value>c123456</value>****
>
> </property-->****
>
> ****
>
> <!-- Optional. Enables/disables secure LDAP
> connections.****
>
> defaults to
> JLDAPDirectoryProvider.DEFAULT_IS_SECURE_CONNECTION (false) -->****
>
> <!--property name="secureConnection">****
>
> <value>true</value>****
>
> </property-->****
>
> ****
>
> <!-- Optional. If secureConnection is true,
> this socket factory****
>
> will be assigned globally to
> LDAPConnections. Defaults to an****
>
> instance of
> com.novell.ldap.LDAPJSSESecureSocketFactory, which****
>
> is appropriate for SSL
> connections. Use****
>
>
> com.novell.ldap.LDAPJSSEStartTLSFactory for TLS. -->****
>
> <!-- property name="secureSocketFactory">**
> **
>
> <bean
> class="com.novell.ldap.LDAPJSSESecureSocketFactory" />****
>
> </property -->****
>
> ****
>
> <!-- Optional. Indicate if connection
> allocation should****
>
> implicitly bind as
> ${ldapUser}. Defaults to false -->****
>
> <!--property name="autoBind">****
>
> <value>true</value>****
>
> </property-->****
>
> ****
>
> <!-- Optional, but usually specified. Base
> DN for directory searches. -->****
>
> <property name="basePath">****
>
>
> <value>ou=people,dc=anadolu,dc=edu,dc=tr</value>****
>
> </property>****
>
> ****
>
> <!-- Optional. Indicate if connections
> should follow****
>
> referrals. Defaults to ****
>
>
> JLDAPDirectoryProvider.DEFAULT_IS_FOLLOW_REFERRALS (false)-->****
>
> <!-- property name="followReferrals">****
>
> <value>false</value>****
>
> </property -->****
>
> ****
>
> <!-- Optional. LDAP operation timeout in
> millis. Defaults****
>
> to
> JLDAPDirectoryProvider.DEFAULT_OPERATION_TIMEOUT_MILLIS (5000) -->****
>
> <!-- property name="operationTimeout">****
>
> <value>5000</value>****
>
> </property -->****
>
> ****
>
> <!-- Optional. Control depth of all
> searches. Possible values:****
>
> 0 -
> LDAPConnection.SCOPE_BASE - base object only****
>
> 1 - LDAPConnection.SCOPE_ONE
> - immediate children of base object****
>
> 2 - LDAPConnection.SCOPE_SUB
> - recursive****
>
> Defaults to
> JLDAPDirectoryProvider.DEFAULT_SEARCH_SCOPE (2) -->****
>
> <!-- property name="searchScope">****
>
> <value>2</value>****
>
> </property -->****
>
> ****
>
> <!-- Optional. User entry cache ttl in
> millis. Defaults****
>
> to
> JLDAPDirectoryProvider.DEFAULT_CACHE_TTL (300000)-->****
>
> <!-- property name="cacheTTL">****
>
> <value>300000</value>****
>
> </property -->****
>
> ****
>
> <!-- Optional. Control case-sensitivity of
> cache keys (User.eid values).****
>
> Defaults to false. (Note that this is a
> departure from historical****
>
> behavior.) -->****
>
> <!--property name="caseSensitiveCacheKeys">
> ****
>
> <value>false</value>****
>
> </property-->****
>
> ****
>
> <!-- Optional. Control the return value of
> ****
>
>
> JLDAPDirectoryProvider.authenticateWithProviderFirst(String)****
>
> on a global basis. Defaults to****
>
>
> JLDAPDirectoryProvider.DEFAULT_AUTHENTICATE_WITH_PROVIDER_FIRST. -->****
>
> <!-- property
> name="authenticateWithProviderFirst">****
>
> <value>false</value>****
>
> </property -->****
>
> ****
>
> <!-- Optional. Control whether or not
> authentication is attempted****
>
> on a global basis. "true" enables
> authentication attempts (but****
>
> does not automatically grant all authN
> attempts), "false"****
>
> short-circuits that process and
> refuses all authN****
>
> attempts. Defaults to****
>
>
> JLDAPDirectoryProvider.DEFAULT_ALLOW_AUTHENTICATION -->****
>
> <!-- property name="allowAuthentication">*
> ***
>
> <value>true</value>****
>
> </property -->****
>
> ****
>
> <!-- Optional. Defaults to an instance of**
> **
>
>
> edu.amc.sakai.user.SimpleLdapConnectionManager -->****
>
> <!-- property name="ldapConnectionManager">
> ****
>
> <bean
> class="edu.amc.sakai.user.SimpleLdapConnectionManager" />****
>
> </property -->****
>
> ****
>
> <!-- Optional. Use Connection Pooling?****
>
> Defaults to
> JLDAPDirectoryProvider.DEFAULT_POOLING (false).****
>
> Has no effect if
> ldapConnectionManager has been explicitly****
>
> assigned (unless that object
> honors this flag, of course). -->****
>
> <!-- property name="pooling">****
>
> <value>false</value>****
>
> </property -->****
>
> ****
>
> <!-- Optional. Maxmimum number of
> connections in the pool****
>
> Defaults to
> JLDAPDirectoryProvider.DEFAULT_POOL_MAX_CONNS (10) -->****
>
> <!-- property name="poolMaxConns">****
>
> <value>10</value>****
>
> </property -->****
>
> ****
>
> <!-- Optional. Defaults to an instance of**
> **
>
> edu.amc.sakai.user.SimpleLdapAttributeMapper
> -->****
>
> <property name="ldapAttributeMapper">****
>
> <ref
> bean="edu.amc.sakai.user.LdapAttributeMapper" />****
>
> </property>****
>
> ****
>
> <!-- Optional. Only considered if
> ldapAttributeMapper is not explicitly****
>
> assigned. That is, if you choose to use the
> default LdapAttributeMapper****
>
> implementation, it is sufficient to specify
> attribute mappings here****
>
> and dispense with defining a
> edu.amc.sakai.user.LdapAttributeMapper bean.****
>
> This preserves forward compatibility of
> pre-2.5 config -->****
>
> <!-- property name="attributeMappings">***
> *
>
> <map>****
>
> <entry
> key="logicalAttrName">****
>
>
> <value>physicalAttrName</value>****
>
> </entry>***
> *
>
> </map>****
>
> </property -->****
>
> ****
>
> <!-- Optional. If you don't provide an
> eidValidator the system****
>
> defaults to allowing searches on any EID,
> including empty****
>
> and null Strings. -->****
>
> <property name="eidValidator">****
>
> <bean
> class="edu.amc.sakai.user.RegexpBlacklistEidValidator">****
>
> <property
> name="regexpFlags">****
>
>
> <bean id="java.util.regex.Pattern.CASE_INSENSITIVE"****
>
>
>
> class="org.springframework.beans.factory.config.FieldRetrievingFactoryBean"
> />****
>
> </property>
> ****
>
> <property
> name="eidBlacklist">****
>
>
> <list>****
>
>
> <value>null</value>****
>
>
> <!--value>nobody</value-->****
>
>
> <!--value>adversary</value-->****
>
>
> </list>****
>
> </property>
> ****
>
> </bean>****
>
> </property>****
>
> <property
> name="searchAliases"><value>false</value></property>****
>
> ****
>
> </bean>****
>
> ****
>
> <!-- An optional bean definition which can be used to customize LDAP**
> **
>
> attribute to Sakai User instance member mapping behaviors. This****
>
> example describes availabel configuration options for
> SimpleLdapAttributeMapper****
>
> (the default LdapAttributeMapper implementation). -->****
>
> <bean id="edu.amc.sakai.user.LdapAttributeMapper"****
>
>
> class="edu.amc.sakai.user.SimpleLdapAttributeMapper"****
>
> init-method="init"****
>
> singleton="true">****
>
> ****
>
> <!-- A typical set of attribute mappings.
> Keys are logical****
>
> names expected by the application. Values
> are physical LDAP****
>
> attribute names. If not specified or empty,
> defaults to****
>
>
> AttributeMappingConstants.DEFAULT_ATTR_MAPPINGS. -->****
>
> <property name="attributeMappings">****
>
> <map>****
>
> <entry
> key="login"><value>uid</value></entry> ****
>
> <entry
> key="firstName"><value>givenName</value></entry>****
>
> <entry
> key="preferredFirstName"><value>preferredName</value></entry>****
>
> <entry
> key="lastName"><value>sn</value></entry>****
>
> <entry
> key="email"><value>email</value></entry> ****
>
> <!--entry
> key="groupMembership"><value>groupMembership</value></entry--s> ****
>
> </map>****
>
> </property>****
>
> ****
>
> <!-- Several options for calculating Sakai
> user types based****
>
> on LDAP attributes. Defaults to an instance
> of EmptyStringUserTypeMapper -->****
>
> <property name="userTypeMapper">****
>
> <!-- Select one of the
> following beans -->****
>
> <ref
> bean="edu.amc.sakai.user.EmptyStringUserTypeMapper" />****
>
> <!-- ref
> bean="edu.amc.sakai.user.EntryAttributeToUserTypeMapper" /-->****
>
> <!-- ref
> bean="edu.amc.sakai.user.EntryContainerRdnToUserTypeMapper" /-->****
>
> <!-- ref
> bean="edu.amc.sakai.user.StringUserTypeMapper" /-->****
>
> </property>****
>
> ****
>
> </bean>****
>
> ****
>
> ****
>
> <!-- /// Begin Sample UserTypeMapper Beans /// -->****
>
> ****
>
> <!-- Will usually only need at most one of the following
> UserTypeMapper****
>
> beans. Three "standard" options shown here for
> documentation purposes. The****
>
> "active" bean will be selected by a bean reference in the
> userTypeMapper****
>
> property definition above. -->****
>
> ****
>
> <!-- EmptyStringUserTypeMapper assigns gives all users an*
> ***
>
> empty string as their Sakai "type" -->****
>
> <bean id="edu.amc.sakai.user.EmptyStringUserTypeMapper"***
> *
>
>
> class="edu.amc.sakai.user.EmptyStringUserTypeMapper"****
>
> singleton="true" />****
>
> ****
>
> <!-- StringUserTypeMapper assigns a configurable String to
> all****
>
> users as their Sakai "type". -->****
>
> <bean id="edu.amc.sakai.user.StringUserTypeMapper"****
>
>
> class="edu.amc.sakai.user.StringUserTypeMapper"****
>
> singleton="true">****
>
> ****
>
> <!-- property name="userType">****
>
> <value>Registered</value>**
> **
>
> </property -->****
>
> ****
>
> </bean>****
>
> ****
>
> <!-- EntryAttributeToUserTypeMapper calculates Sakai user*
> ***
>
> types by simply passing attribute values
> through a map with****
>
> configurable "miss" behavior. -->****
>
> <bean
> id="edu.amc.sakai.user.EntryAttributeToUserTypeMapper"****
>
>
> class="edu.amc.sakai.user.EntryAttributeToUserTypeMapper"****
>
> singleton="true">****
>
> ****
>
> <!-- Optional. If not present or empty,
> behavior is****
>
> determined by the value of
> returnLiteralAttributeValueIfNoMapping****
>
> (see below). -->****
>
> <!-- property
> name="attributeValueToSakaiUserTypeMap">****
>
> <map>****
>
> <entry
> key="faculty"><value>faculty</value></entry>****
>
> <entry
> key="students"><value>student</value></entry>****
>
> </map>****
>
> </property -->****
>
> ****
>
> <!-- Required. The logical name of the LDAP
> attribute which****
>
> defines Sakai users' types. Value should be
> a key into the****
>
> attribute mappings associated with this
> LdapAttributeMapper****
>
> instance. -->****
>
> <property name="logicalAttributeName">****
>
>
> <value>groupMembership</value>****
>
> </property>****
>
> ****
>
> <!-- Optional. Defaults to false -->****
>
> <!-- property
> name="returnLiteralAttributeValueIfNoMapping">****
>
> <value>false</value>****
>
> </property -->****
>
> ****
>
> <!-- Optional. Only considered if
> returnLiteralAttributeValueIfNoMapping****
>
> is false. Defaults to null.
> -->****
>
> <!-- property name="defaultSakaiUserType">
> ****
>
> <null />****
>
> </property -->****
>
> ****
>
> </bean>****
>
> ****
>
> <!-- EntryContainerRdnToUserTypeMapper calculates Sakai
> user****
>
> types by filtering a user entry's most-local
> RDN through the****
>
> assigned map. -->****
>
> <bean
> id="edu.amc.sakai.user.EntryContainerRdnToUserTypeMapper"****
>
>
> class="edu.amc.sakai.user.EntryContainerRdnToUserTypeMapper"****
>
> singleton="true">****
>
> ****
>
> <!-- Optional. Maps between container RDN
> values and Sakai user types -->****
>
> <!-- property name="rdnToSakaiUserTypeMap">
> ****
>
> <map>****
>
> <entry
> key="facultyStaff"><value>faculty</value></entry>****
>
> <entry
> key="students"><value>student</value></entry>****
>
> </map>****
>
> </property -->****
>
> ****
>
> <!-- Optional. Defaults to false. -->****
>
> <!-- property
> name="returnLiteralRdnValueIfNoMapping">****
>
> <value>false</value>****
>
> </property -->****
>
> ****
>
> </bean>****
>
> ****
>
> <!-- /// End Sample UserTypeMapper Beans /// -->****
>
> ****
>
> </beans>****
>
> ****
>
> --------------------------***********************------------------------*
> ***
>
> But i cannot login with testuser. What should I do? ****
>
> ** **
>
> _______________________________________________
> sakai-user mailing list
> sakai-user at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/sakai-user
>
> TO UNSUBSCRIBE: send email to
> sakai-user-unsubscribe at collab.sakaiproject.org with a subject of
> "unsubscribe"
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/sakai-user/attachments/20110729/d2455e0f/attachment-0001.html
More information about the sakai-user
mailing list