[Using Sakai] sakai ldap problem
Steve Swinsburg
steve.swinsburg at gmail.com
Fri Jul 29 23:17:58 PDT 2011
Hi,
You can't use the binary AND configure it with LDAP. You need the source as it requires additional dependencies to be packaged and deployed. The pom you edited is the deployed one which has no effect once deployed.
Grab the source of Sakai, build it with Maven and then start customising.
cheers,
Steve
On 30/07/2011, at 12:42 AM, Latif SAĞLAM wrote:
> I installed sakai 2.8 binary as follows http://source.sakaiproject.org/release/2.8.0/artifacts/sakai-bin-2.8.0.zip
> My setenv.bat file is below
>
> set JAVA_OPTS=-server -Xms512m -Xmx1024m -XX:PermSize=128m -XX:MaxPermSize=256m -XX:NewSize=192m -XX:MaxNewSize=384m -Djava.awt.headless=true -Duser.language=tr -Duser.region=TR -Dhttp.agent=Sakai -Dorg.apache.jasper.compiler.Parser.STRICT_QUOTE_ESCAPING=false -Dsun.lang.ClassLoader.allowArraySyntax=true
>
>
> I installed correctly and it Works.
> ------------**************------------
>
>
> my pom.xml in C:\opt\tomcat\components\sakai-provider-pack\META-INF\maven\org.sakaiproject\sakai-provider-pack below
>
> <?xml version="1.0"?>
> <project xmlns="http://maven.apache.org/POM/4.0.0">
> <modelVersion>4.0.0</modelVersion>
> <parent>
> <artifactId>providers-base</artifactId>
> <groupId>org.sakaiproject</groupId>
> <version>2.8.0</version>
> <relativePath>../pom.xml</relativePath>
> </parent>
> <name>sakai-provider-pack</name>
> <groupId>org.sakaiproject</groupId>
> <artifactId>sakai-provider-pack</artifactId>
> <organization>
> <name>University of Michigan</name>
> <url>http://sakaiproject.org/</url>
> </organization>
> <inceptionYear>2003</inceptionYear>
> <packaging>sakai-component</packaging>
> <properties>
> <deploy.target>components</deploy.target>
> </properties>
> <dependencies>
> <!-- Needed for the sample provider
> -->
> <dependency>
> <groupId>org.sakaiproject</groupId>
> <artifactId>sakai-sample-provider</artifactId>
> </dependency>
> <!-- -->
> <!--Needed for the JLDAP Provider -->
> <dependency>
> <groupId>org.sakaiproject</groupId>
> <artifactId>sakai-jldap-provider</artifactId>
> <version>${sakai.version}</version>
> <properties>
> <war.bundle>true</war.bundle>
> </properties>
> </dependency>
>
> <dependency>
> <groupId>openldap</groupId>
> <artifactId>ldap</artifactId>
> <version>2005.03.29</version>
> <properties>
> <war.bundle>true</war.bundle>
> </properties>
> </dependency>
> <!-- Needed for the Kerberos Provider-->
> <dependency>
> <groupId>org.sakaiproject</groupId>
> <artifactId>sakai-kerberos-provider</artifactId>
>
> </dependency>
>
> <!-- Needed for the IMS Enterprise Provider
> <dependency>
> <groupId>org.sakaiproject</groupId>
> <artifactId>sakai-imsent-provider</artifactId>
>
> </dependency>
> -->
> <!--
> Needed for the (new as of Sakai 2.3) CM-based
> AuthzGroupProvider and legacy CourseManagementProvider
> -->
> <dependency>
> <groupId>org.sakaiproject</groupId>
> <artifactId>sakai-coursemanagement-authz-provider-impl</artifactId>
> </dependency>
> <!-- Needed for the Federated provider
> <dependency>
> <groupId>org.sakaiproject</groupId>
> <artifactId>sakai-federating-provider</artifactId>
>
> </dependency>
> -->
> <!-- Needed for the All Hands Provider
> <dependency>
> <groupId>org.sakaiproject</groupId>
> <artifactId>sakai-allhands-provider</artifactId>
>
> </dependency>
> -->
> <!-- Needed for the K2 Hybrid Provider
> -->
> <dependency>
> <groupId>org.sakaiproject.provider</groupId>
> <artifactId>sakai-hybrid-provider</artifactId>
> <version>2.8.0</version>
> </dependency>
>
> <dependency>
> <groupId>openldap</groupId>
> <artifactId>ldap</artifactId>
> <version>2.6.ORC1-SNAPSHOT</version>
> </dependency>
>
>
> </dependencies>
> <build>
> <resources/>
> </build>
> </project>
>
> ---------------------------------------------------------**************************-----------------------
> In C:\opt\tomcat\components\sakai-provider-pack\WEB-INF components.xml file ok
>
> <!-- Uncomment and configure to use the JLDAPDirectoryProvider -->
> <import resource="jldap-beans.xml" />
>
> C:\opt\tomcat\components\sakai-provider-pack\WEB-INF jldap-beans.xml file like this
> <?xml version="1.0" encoding="UTF-8"?>
> <!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
>
> <beans>
>
> <bean id="org.sakaiproject.user.api.UserDirectoryProvider"
> class="edu.amc.sakai.user.JLDAPDirectoryProvider" init-method="init"
> destroy-method="destroy" singleton="true">
>
> <property name="memoryService">
> <ref bean="org.sakaiproject.memory.api.MemoryService"/>
> </property>
>
> <!-- Required. Host name or address of your LDAP server -->
> <property name="ldapHost">
> <value>10.10.4.180</value>
> </property>
>
> <!-- Optional. LDAP connection port. Typically defaults to
> JLDAPDirectoryProvider.DEFAULT_LDAP_PORT (389). Secured
> connections are usually on 636 -->
> <property name="ldapPort">
> <value>10389</value>
> </property>
>
> <!-- If secureConnection is true, a keystore location must be provided
> unless javax.net.ssl.trustStore system property has already been
> set -->
> <!--property name="keystoreLocation">
> <value>/usually/set/at/startup</value>
> </property-->
>
> <!-- If secureConnection is true, a keystore password must be provided
> unless javax.net.ssl.trustStorePassword system property has already
> been set -->
> <!--property name="keystorePassword">
> <value>usually-set-at-startup</value>
> </property-->
>
> <!-- Optional. DN to which to bind for directory searches.
> Typically only necessary if autoBind is true -->
> <!--property name="ldapUser">
> <value>CN=ctest,OU=Test,DC=anadolu1,DC=edu,DC=tr<value>
> </property-->
>
> <!-- Optional. Password for ldapUser defined above -->
> <!--property name="ldapPassword">
> <value>c123456</value>
> </property-->
>
> <!-- Optional. Enables/disables secure LDAP connections.
> defaults to JLDAPDirectoryProvider.DEFAULT_IS_SECURE_CONNECTION (false) -->
> <!--property name="secureConnection">
> <value>true</value>
> </property-->
>
> <!-- Optional. If secureConnection is true, this socket factory
> will be assigned globally to LDAPConnections. Defaults to an
> instance of com.novell.ldap.LDAPJSSESecureSocketFactory, which
> is appropriate for SSL connections. Use
> com.novell.ldap.LDAPJSSEStartTLSFactory for TLS. -->
> <!-- property name="secureSocketFactory">
> <bean class="com.novell.ldap.LDAPJSSESecureSocketFactory" />
> </property -->
>
> <!-- Optional. Indicate if connection allocation should
> implicitly bind as ${ldapUser}. Defaults to false -->
> <!--property name="autoBind">
> <value>true</value>
> </property-->
>
> <!-- Optional, but usually specified. Base DN for directory searches. -->
> <property name="basePath">
> <value>ou=people,dc=anadolu,dc=edu,dc=tr</value>
> </property>
>
> <!-- Optional. Indicate if connections should follow
> referrals. Defaults to
> JLDAPDirectoryProvider.DEFAULT_IS_FOLLOW_REFERRALS (false)-->
> <!-- property name="followReferrals">
> <value>false</value>
> </property -->
>
> <!-- Optional. LDAP operation timeout in millis. Defaults
> to JLDAPDirectoryProvider.DEFAULT_OPERATION_TIMEOUT_MILLIS (5000) -->
> <!-- property name="operationTimeout">
> <value>5000</value>
> </property -->
>
> <!-- Optional. Control depth of all searches. Possible values:
> 0 - LDAPConnection.SCOPE_BASE - base object only
> 1 - LDAPConnection.SCOPE_ONE - immediate children of base object
> 2 - LDAPConnection.SCOPE_SUB - recursive
> Defaults to JLDAPDirectoryProvider.DEFAULT_SEARCH_SCOPE (2) -->
> <!-- property name="searchScope">
> <value>2</value>
> </property -->
>
> <!-- Optional. User entry cache ttl in millis. Defaults
> to JLDAPDirectoryProvider.DEFAULT_CACHE_TTL (300000)-->
> <!-- property name="cacheTTL">
> <value>300000</value>
> </property -->
>
> <!-- Optional. Control case-sensitivity of cache keys (User.eid values).
> Defaults to false. (Note that this is a departure from historical
> behavior.) -->
> <!--property name="caseSensitiveCacheKeys">
> <value>false</value>
> </property-->
>
> <!-- Optional. Control the return value of
> JLDAPDirectoryProvider.authenticateWithProviderFirst(String)
> on a global basis. Defaults to
> JLDAPDirectoryProvider.DEFAULT_AUTHENTICATE_WITH_PROVIDER_FIRST. -->
> <!-- property name="authenticateWithProviderFirst">
> <value>false</value>
> </property -->
>
> <!-- Optional. Control whether or not authentication is attempted
> on a global basis. "true" enables authentication attempts (but
> does not automatically grant all authN attempts), "false"
> short-circuits that process and refuses all authN
> attempts. Defaults to
> JLDAPDirectoryProvider.DEFAULT_ALLOW_AUTHENTICATION -->
> <!-- property name="allowAuthentication">
> <value>true</value>
> </property -->
>
> <!-- Optional. Defaults to an instance of
> edu.amc.sakai.user.SimpleLdapConnectionManager -->
> <!-- property name="ldapConnectionManager">
> <bean class="edu.amc.sakai.user.SimpleLdapConnectionManager" />
> </property -->
>
> <!-- Optional. Use Connection Pooling?
> Defaults to JLDAPDirectoryProvider.DEFAULT_POOLING (false).
> Has no effect if ldapConnectionManager has been explicitly
> assigned (unless that object honors this flag, of course). -->
> <!-- property name="pooling">
> <value>false</value>
> </property -->
>
> <!-- Optional. Maxmimum number of connections in the pool
> Defaults to JLDAPDirectoryProvider.DEFAULT_POOL_MAX_CONNS (10) -->
> <!-- property name="poolMaxConns">
> <value>10</value>
> </property -->
>
> <!-- Optional. Defaults to an instance of
> edu.amc.sakai.user.SimpleLdapAttributeMapper -->
> <property name="ldapAttributeMapper">
> <ref bean="edu.amc.sakai.user.LdapAttributeMapper" />
> </property>
>
> <!-- Optional. Only considered if ldapAttributeMapper is not explicitly
> assigned. That is, if you choose to use the default LdapAttributeMapper
> implementation, it is sufficient to specify attribute mappings here
> and dispense with defining a edu.amc.sakai.user.LdapAttributeMapper bean.
> This preserves forward compatibility of pre-2.5 config -->
> <!-- property name="attributeMappings">
> <map>
> <entry key="logicalAttrName">
> <value>physicalAttrName</value>
> </entry>
> </map>
> </property -->
>
> <!-- Optional. If you don't provide an eidValidator the system
> defaults to allowing searches on any EID, including empty
> and null Strings. -->
> <property name="eidValidator">
> <bean class="edu.amc.sakai.user.RegexpBlacklistEidValidator">
> <property name="regexpFlags">
> <bean id="java.util.regex.Pattern.CASE_INSENSITIVE"
> class="org.springframework.beans.factory.config.FieldRetrievingFactoryBean" />
> </property>
> <property name="eidBlacklist">
> <list>
> <value>null</value>
> <!--value>nobody</value-->
> <!--value>adversary</value-->
> </list>
> </property>
> </bean>
> </property>
> <property name="searchAliases"><value>false</value></property>
>
> </bean>
>
> <!-- An optional bean definition which can be used to customize LDAP
> attribute to Sakai User instance member mapping behaviors. This
> example describes availabel configuration options for SimpleLdapAttributeMapper
> (the default LdapAttributeMapper implementation). -->
> <bean id="edu.amc.sakai.user.LdapAttributeMapper"
> class="edu.amc.sakai.user.SimpleLdapAttributeMapper"
> init-method="init"
> singleton="true">
>
> <!-- A typical set of attribute mappings. Keys are logical
> names expected by the application. Values are physical LDAP
> attribute names. If not specified or empty, defaults to
> AttributeMappingConstants.DEFAULT_ATTR_MAPPINGS. -->
> <property name="attributeMappings">
> <map>
> <entry key="login"><value>uid</value></entry>
> <entry key="firstName"><value>givenName</value></entry>
> <entry key="preferredFirstName"><value>preferredName</value></entry>
> <entry key="lastName"><value>sn</value></entry>
> <entry key="email"><value>email</value></entry>
> <!--entry key="groupMembership"><value>groupMembership</value></entry--s>
> </map>
> </property>
>
> <!-- Several options for calculating Sakai user types based
> on LDAP attributes. Defaults to an instance of EmptyStringUserTypeMapper -->
> <property name="userTypeMapper">
> <!-- Select one of the following beans -->
> <ref bean="edu.amc.sakai.user.EmptyStringUserTypeMapper" />
> <!-- ref bean="edu.amc.sakai.user.EntryAttributeToUserTypeMapper" /-->
> <!-- ref bean="edu.amc.sakai.user.EntryContainerRdnToUserTypeMapper" /-->
> <!-- ref bean="edu.amc.sakai.user.StringUserTypeMapper" /-->
> </property>
>
> </bean>
>
>
> <!-- /// Begin Sample UserTypeMapper Beans /// -->
>
> <!-- Will usually only need at most one of the following UserTypeMapper
> beans. Three "standard" options shown here for documentation purposes. The
> "active" bean will be selected by a bean reference in the userTypeMapper
> property definition above. -->
>
> <!-- EmptyStringUserTypeMapper assigns gives all users an
> empty string as their Sakai "type" -->
> <bean id="edu.amc.sakai.user.EmptyStringUserTypeMapper"
> class="edu.amc.sakai.user.EmptyStringUserTypeMapper"
> singleton="true" />
>
> <!-- StringUserTypeMapper assigns a configurable String to all
> users as their Sakai "type". -->
> <bean id="edu.amc.sakai.user.StringUserTypeMapper"
> class="edu.amc.sakai.user.StringUserTypeMapper"
> singleton="true">
>
> <!-- property name="userType">
> <value>Registered</value>
> </property -->
>
> </bean>
>
> <!-- EntryAttributeToUserTypeMapper calculates Sakai user
> types by simply passing attribute values through a map with
> configurable "miss" behavior. -->
> <bean id="edu.amc.sakai.user.EntryAttributeToUserTypeMapper"
> class="edu.amc.sakai.user.EntryAttributeToUserTypeMapper"
> singleton="true">
>
> <!-- Optional. If not present or empty, behavior is
> determined by the value of returnLiteralAttributeValueIfNoMapping
> (see below). -->
> <!-- property name="attributeValueToSakaiUserTypeMap">
> <map>
> <entry key="faculty"><value>faculty</value></entry>
> <entry key="students"><value>student</value></entry>
> </map>
> </property -->
>
> <!-- Required. The logical name of the LDAP attribute which
> defines Sakai users' types. Value should be a key into the
> attribute mappings associated with this LdapAttributeMapper
> instance. -->
> <property name="logicalAttributeName">
> <value>groupMembership</value>
> </property>
>
> <!-- Optional. Defaults to false -->
> <!-- property name="returnLiteralAttributeValueIfNoMapping">
> <value>false</value>
> </property -->
>
> <!-- Optional. Only considered if returnLiteralAttributeValueIfNoMapping
> is false. Defaults to null. -->
> <!-- property name="defaultSakaiUserType">
> <null />
> </property -->
>
> </bean>
>
> <!-- EntryContainerRdnToUserTypeMapper calculates Sakai user
> types by filtering a user entry's most-local RDN through the
> assigned map. -->
> <bean id="edu.amc.sakai.user.EntryContainerRdnToUserTypeMapper"
> class="edu.amc.sakai.user.EntryContainerRdnToUserTypeMapper"
> singleton="true">
>
> <!-- Optional. Maps between container RDN values and Sakai user types -->
> <!-- property name="rdnToSakaiUserTypeMap">
> <map>
> <entry key="facultyStaff"><value>faculty</value></entry>
> <entry key="students"><value>student</value></entry>
> </map>
> </property -->
>
> <!-- Optional. Defaults to false. -->
> <!-- property name="returnLiteralRdnValueIfNoMapping">
> <value>false</value>
> </property -->
>
> </bean>
>
> <!-- /// End Sample UserTypeMapper Beans /// -->
>
> </beans>
>
> --------------------------***********************------------------------
> But i cannot login with testuser. What should I do?
>
> _______________________________________________
> sakai-user mailing list
> sakai-user at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/sakai-user
>
> TO UNSUBSCRIBE: send email to sakai-user-unsubscribe at collab.sakaiproject.org with a subject of "unsubscribe"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/sakai-user/attachments/20110730/f5fd0429/attachment-0001.html
More information about the sakai-user
mailing list