[Using Sakai] Sakai 2.9 multiple LDAP servers
Sam Ottenhoff
ottenhoff at longsight.com
Thu Feb 28 10:50:26 PST 2013
Are you really going to have the same username in both LDAP servers? If
not, I wouldn't test that way.
Feel free to rip out any caching inside of JLDAPDirectoryProvider, it's not
the right place for the caching anyway... there is already a central cache
in UserDirectoryService that should centrally handle user caching. That
said, I don't think caching is your problem. When you use one LDAP server
only, do you still receive that exception during authenticateUser?
--Sam
On Thu, Feb 28, 2013 at 1:31 PM, Fatemeh Asl <aa2821 at nyumc.org> wrote:
> Hi everyone,
>
> I have checked out sakai 2.9.x-all and trying
> to set it up to be albe to xlogin.
> Our institution has two different LDAP servers
> and I have followed Steve's LDAP
> integration instruction plus uncommented the
> Federating UserDirectoryProvider in
> /Providers/../WEB-INF/components.xml and also
> have defined 2 separate beans
> named org.sakaiproject.user.api.
> UserDirectoryProvider.provider1 and
> org.sakaiproject.user.api.UserDirectoryProvider.
> provider2 corresponding to each
> one of our servers in jldap-bean.xml.
> I have an account on each one of these
> server. The username is the same but the
> password is different (and actually
> this is the case for a lot of our users).
> The problem is that I am never able to
> login with my credential from second provider.
> when I try to loggin with my
> second provider credentials sakai throws the
> following exception:
>
> org.sakaiproject.portal.api.PortalHandlerException:
> java.lang.RuntimeException:
> authenticateUser(): LDAPException during authentication
> attempt [userLogin =
> aaaa][result code = No Such Object][error message = null]
> at
> org.sakaiproject.portal.charon.handlers.ReLoginHandler.
> doPost(ReLoginHandler.java:50)
> caused by: java.lang.RuntimeException: authenticateUser():
> LDAPException during
> authentication attempt [userLogin = aaaa][result code =
> No Such Object][error
> message = null]
> at
> org.sakaiproject.provider.user.FilterUserDirectoryProvider.
> authenticateUser(FilterUserDirectoryProvider.java:513)
> caused by: LDAPException: No Such Object (32) No Such Object
> LDAPException: Matched DN:
> at com.novell.ldap.LDAPResponse.getResultException(null:-1)
> at com.novell.ldap.LDAPResponse.chkResultCode(null:-1)
> at com.novell.ldap.LDAPConnection.chkResultCode(null:-1)
> at com.novell.ldap.LDAPConnection.bind(null:-1)
> at com.novell.ldap.LDAPConnection.bind(null:-1)
> at
> edu.amc.sakai.user.SimpleLdapConnectionManager.bind
> (SimpleLdapConnectionManager.java:109)
> at
> edu.amc.sakai.user.SimpleLdapConnectionManager.
> getBoundConnection(SimpleLdapConnectionManager.java:96)
> at
> edu.amc.sakai.user.JLDAPDirectoryProvider.authenticateUser
> (JLDAPDirectoryProvider.java:442)
> at
> org.sakaiproject.provider.user.FilterUserDirectoryProvider.
> authenticateUser(FilterUserDirectoryProvider.java:513)
> at
> org.sakaiproject.provider.user.FilterUserDirectoryProvider.
> authenticateUser(FilterUserDirectoryProvider.java:517)
> at
> org.sakaiproject.user.impl.BaseUserDirectoryService.
> getProviderAuthenticatedUser(BaseUserDirectoryService.java:1597)
> at
> org.sakaiproject.user.impl.BaseUserDirectoryService.
> authenticate(BaseUserDirectoryService.java:1540)
> at
> org.sakaiproject.user.impl.UserAuthnComponent.
> authenticate(UserAuthnComponent.java:108)
> at
> org.sakaiproject.login.impl.LoginServiceComponent.
> authenticate(LoginServiceComponent.java:90)
> at org.sakaiproject.login.tool.SkinnableLogin.doPost
> (SkinnableLogin.java:250)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:647)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
> at
> org.apache.catalina.core.ApplicationFilterChain.
> internalDoFilter(ApplicationFilterChain.java:305)
> at
> org.apache.catalina.core.ApplicationFilterChain.
> doFilter(ApplicationFilterChain.java:210)
> at org.sakaiproject.util.RequestFilter.
> doFilter(RequestFilter.java:634)
> at
> org.apache.catalina.core.ApplicationFilterChain.
> internalDoFilter(ApplicationFilterChain.java:243)
> at
> org.apache.catalina.core.ApplicationFilterChain.
> doFilter(ApplicationFilterChain.java:210)
> at
> org.apache.catalina.core.ApplicationDispatcher.
> invoke(ApplicationDispatcher.java:749)
> at
> org.apache.catalina.core.ApplicationDispatcher.
> processRequest(ApplicationDispatcher.java:487)
> at
> org.apache.catalina.core.ApplicationDispatcher.
> doForward(ApplicationDispatcher.java:379)
> at
> org.apache.catalina.core.ApplicationDispatcher.
> forward(ApplicationDispatcher.java:339)
> at
> org.sakaiproject.tool.impl.ActiveToolComponent$MyActiveTool.
> help(ActiveToolComponent.java:581)
> at
> org.sakaiproject.portal.charon.SkinnableCharonPortal.
> doLogin(SkinnableCharonPortal.java:972)
> at
> org.sakaiproject.portal.charon.handlers.ReLoginHandler.
> doGet(ReLoginHandler.java:65)
> at
> org.sakaiproject.portal.charon.handlers.ReLoginHandler.
> doPost(ReLoginHandler.java:50)
> at
> org.sakaiproject.portal.charon.SkinnableCharonPortal.
> doPost(SkinnableCharonPortal.java:1260)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:647)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
> at
> org.apache.catalina.core.ApplicationFilterChain.
> internalDoFilter(ApplicationFilterChain.java:305)
> at
> org.apache.catalina.core.ApplicationFilterChain.
> doFilter(ApplicationFilterChain.java:210)
> at org.sakaiproject.util.RequestFilter.
> doFilter(RequestFilter.java:695)
> at
> org.apache.catalina.core.ApplicationFilterChain.
> internalDoFilter(ApplicationFilterChain.java:243)
> at
> org.apache.catalina.core.ApplicationFilterChain.
> doFilter(ApplicationFilterChain.java:210)
> at
> org.apache.catalina.core.StandardWrapperValve.
> invoke(StandardWrapperValve.java:222)
> at
> org.apache.catalina.core.StandardContextValve.
> invoke(StandardContextValve.java:123)
> at
> org.apache.catalina.authenticator.AuthenticatorBase.
> invoke(AuthenticatorBase.java:472)
> at org.apache.catalina.core.StandardHostValve.
> invoke(StandardHostValve.java:171)
> at org.apache.catalina.valves.ErrorReportValve.
> invoke(ErrorReportValve.java:99)
> at org.apache.catalina.valves.AccessLogValve.
> invoke(AccessLogValve.java:936)
> at
> org.apache.catalina.core.StandardEngineValve.
> invoke(StandardEngineValve.java:118)
> at org.apache.catalina.connector.CoyoteAdapter.
> service(CoyoteAdapter.java:407)
> at org.apache.coyote.ajp.AjpProcessor.
> process(AjpProcessor.java:200)
> at
> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.
> process(AbstractProtocol.java:589)
> at
> org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.
> run(JIoEndpoint.java:310)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.
> runTask(ThreadPoolExecutor.java:886)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.
> run(ThreadPoolExecutor.java:908)
> at java.lang.Thread.run(Thread.java:619)
>
>
>
> My guess is that it tries to use the BindDn
> from the first prover while
> connecting to second server. Because it already
> exists in userCache. I tried to
> disable caching in sakai.properties but I couldn't.
>
> Let me mention that this setting is used to work
> perfectly fine with our sakai
> 2.7.1 version. the difference that I see between 2.7.1
> and 2.9 is the addition of
> <property name="memoryService">
> <ref bean="org.sakaiproject.
> memory.api.MemoryService"/>
> </property>
> to UserDirectoryProvider bean in jldap-beans.xml,
> which is the caching memory
> bean. I tried to instantiate separate instances of
> the memory bean for each one
> of my userDirectoryProvider1 and userDirectoryProvider2
> in hope that would fix
> the problem but I end up getting tones of errors.
>
> Any help on this would be extremely appreciated.
>
> Fatemeh
>
>
>
> _______________________________________________
> sakai-user mailing list
> sakai-user at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/sakai-user
>
> TO UNSUBSCRIBE: send email to
> sakai-user-unsubscribe at collab.sakaiproject.org with a subject of
> "unsubscribe"
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/sakai-user/attachments/20130228/ecda42e7/attachment.html
More information about the sakai-user
mailing list