Hi,
I am trying to get hippo-repository to use our ldap server for
authentication. I have downloaded Release_HREP_1_2_14 from svn and
enabled ldap in server/build.properties. I am using hippo-cms-v6.05.02
from the binary download.
The repository and cms start fine and work with the root user. I can't
login using any ldap username. I have looked at the packets with
wireshark and can see communication with the ldap server. I can also see
that a bind with my username is working, however the login still fails
and I can't see anything in the logs.
How do I enable debugging for LDAP? I can see the debug statements in
JNDISlideRealmFilter.java but I don't know how to activate them. Is it
in logkit.xconf or log4j.xml?
Regards,
Simeon Walker
P.S. My ldap config files are below
ldap-realm.xml:
<realms>
<namespace name="default">
<!-- cache time in milliseconds -->
<cache-time>5000</cache-time>
<!-- connection setup, super-user needs complete distinguished name!
-->
<super-user>cn=ldapadmincn,o=bangor.ac.uk</super-user>
<super-user-password>thepassword</super-user-password>
<provider-url>ldap://ldap-server:389</provider-url>
<authentication>simple</authentication>
<!-- user discovery -->
<username-attribute>uid</username-attribute>
<password-attribute>userPassword</password-attribute>
<distinguished-name-attribute>dn</distinguished-name-attribute>
<user-search-root>ou=people,o=bangor.ac.uk</user-search-root>
<method>bind</method>
<!--
Location limiting filters to restrict allowed users.
They will be or'ed together.
-->
<filters>
</filters>
</namespace>
</realms>
ldap-users.xml:
<users>
<search dn="ou=people,o=bangor.ac.uk">
</search>
<user name="root" pass="password"/>
<user name="siteuser" pass="siteuser"/>
</users>
ldap-roles.xml:
<groups>
<group name="root">
<member>/users/admin</member>
<member>/users/root</member>
</group>
<group name="editors">
<search dn="ou=group,o=bangor.ac.uk">
<filter>(cn=editors-group)</filter>
<search dn="uid={memberUid},ou=people,o=bangor.ac.uk">
</search>
</search>
</group>
<group name="user">
<search dn="ou=group,o=bangor.ac.uk">
<filter>(cn=users-group)</filter>
<search dn="uid={memberUid},ou=people,o=bangor.ac.uk">
</search>
</search>
</group>
<group name="administrators">
<member>/users/admin</member>
</group>
</groups>
--
Gall y neges e-bost hon, ac unrhyw atodiadau a anfonwyd gyda hi,
gynnwys deunydd cyfrinachol ac wedi eu bwriadu i'w defnyddio'n unig
gan y sawl y cawsant eu cyfeirio ato (atynt). Os ydych wedi derbyn y
neges e-bost hon trwy gamgymeriad, rhowch wybod i'r anfonwr ar
unwaith a dilëwch y neges. Os na fwriadwyd anfon y neges atoch chi,
rhaid i chi beidio â defnyddio, cadw neu ddatgelu unrhyw wybodaeth a
gynhwysir ynddi. Mae unrhyw farn neu safbwynt yn eiddo i'r sawl a'i
hanfonodd yn unig ac nid yw o anghenraid yn cynrychioli barn
Prifysgol Bangor. Nid yw Prifysgol Bangor yn gwarantu
bod y neges e-bost hon neu unrhyw atodiadau yn rhydd rhag firysau neu
100% yn ddiogel. Oni bai fod hyn wedi ei ddatgan yn uniongyrchol yn
nhestun yr e-bost, nid bwriad y neges e-bost hon yw ffurfio contract
rhwymol - mae rhestr o lofnodwyr awdurdodedig ar gael o Swyddfa
Cyllid Prifysgol Bangor. www.bangor.ac.uk
This email and any attachments may contain confidential material and
is solely for the use of the intended recipient(s). If you have
received this email in error, please notify the sender immediately
and delete this email. If you are not the intended recipient(s), you
must not use, retain or disclose any information contained in this
email. Any views or opinions are solely those of the sender and do
not necessarily represent those of the Bangor University.
Bangor University does not guarantee that this email or
any attachments are free from viruses or 100% secure. Unless
expressly stated in the body of the text of the email, this email is
not intended to form a binding contract - a list of authorised
signatories is available from the Bangor University Finance
Office. www.bangor.ac.uk
********************************************
Hippocms-dev: Hippo CMS development public mailinglist
