Are we in a position to be able to do this for 3.4? I know there's some work to be done on the AuthZ side before we can fully replace the old Authorization module, but I'm less clear on the AuthN side of things.
http://fedora-commons.org/confluence/display/FCR30/FeSL+Authentication The old AuthN's Xml user file-based AuthN is working fine out of the box today, but it seems like people are constantly running into trouble getting LDAP authentication to work with it. So, actually, a couple questions: 1) What potential gotchas would there be to swapping in FESL's AuthN for 3.4 in place of the old AuthN code? 2) In the meantime, what can we tell people like Jens (below) who are struggling with LDAP integration today? (Is it possible to use FESL's AuthN without it's AuthZ, and what's the set of instructions to do that for 3.3?) - Chris ---------- Forwarded message ---------- From: Jens Pelzetter <[email protected]> Date: 2010/3/10 Subject: [Fedora-commons-users] Need help with LDAP setup To: Fedora Mailing List <[email protected]> Hello everybody, I need help setting up Fedora 3.3 to use an LDAP repository for authentication and authorization. My problem is: It looks like the user is correctly found in LDAP repository. The groups also read successfully from the LDAP, as far as I can tell from the logs. But after this, there is an error in the log: ERROR 2010-03-10 14:09:23.838 [http-8080-1] (BaseCaching) general authenticate() failure authenticate() failure ERROR 2010-03-10 14:09:23.838 [http-8080-1] (BaseCaching) java.lang.Exception ERROR 2010-03-10 14:09:23.839 [http-8080-1] (BaseCaching) Also, I found an exception in the logs of the Tomcat which is running our Fedora installation: java.lang.Exception at fedora.server.security.servletfilters.ExtendedHttpServletRequestWrapper.setAuthenticated(ExtendedHttpServletRequestWrapper.java:79) at fedora.server.security.servletfilters.BaseCaching.authenticate(BaseCaching.java:274) at fedora.server.security.servletfilters.BaseContributing.doThisSubclass(BaseContributing.java:224) at fedora.server.security.servletfilters.FilterSetup.doFilter(FilterSetup.java:211) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at fedora.server.security.servletfilters.FilterSetup.doFilter(FilterSetup.java:234) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at fedora.server.security.servletfilters.FilterSetup.doFilter(FilterSetup.java:234) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at fedora.server.security.servletfilters.FilterSetup.doFilter(FilterSetup.java:234) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:525) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:849) at org.apache.coyote.http11.Http11Protocol $Http11ConnectionHandler.process(Http11Protocol.java:583) at org.apache.tomcat.util.net.JIoEndpoint $Worker.run(JIoEndpoint.java:454) at java.lang.Thread.run(Thread.java:619) Has anybody an idea the problem is here, and how to fix it? Thanks in advance. Jens Pelzetter ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Fedora-commons-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fedora-commons-users ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Fedora-commons-developers mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fedora-commons-developers
