Re: LDAP Configuration Problems

Tue, 22 Sep 2009 22:52:44 -0700 

Hi,

ldap.user.searchBase property has a bug. Take a look at the jira issue: 
http://issues.apache.org/jira/browse/JS2-1030 . If you can deal with the source 
code you can fix your portal yourself (that's what I've done). Check-out the 
source code of Jetspeed2.2.0 from SVN and fix the class 
org.apache.jetspeed.security.impl.LdapAuthenticationProvider, method 
getSearchDomain as this:

    private String getSearchDomain()
    {
        StringBuffer searchDomain = new StringBuffer();
        if (!StringUtils.isEmpty(context.getUserSearchBase()))
        {
            searchDomain.append(context.getUserSearchBase());
        }
        if (searchDomain.length() == 0)
        {
            if (!StringUtils.isEmpty(context.getRootContext()))
            {
                searchDomain.append(context.getRootContext());
            }
        }
        else
        {
            if (!StringUtils.isEmpty(context.getRootContext()))
            {
                searchDomain.append("," + context.getRootContext());
            }
        }
        return searchDomain.toString();
    }

Otherwise leave the property empty.
Good luck,
Aysegul.




________________________________
From: Christopher Marshall <ch...@avenue100.com>
To: ch...@avenue100.com
Cc: jetspeed-user@portals.apache.org
Sent: Tuesday, September 22, 2009 12:41:40 AM
Subject: Re: LDAP Configuration Problems

Looking at my post again, I have a cut and paste error.  In "CASE 2" ldap.base= 
have an empty value.

Chris

Christopher Marshall wrote:
> I have been attempting to get Jetspeed to talk to the Fedora directory server 
> without success and it looks as though the requests being made by Jetspeed 
> are incorrect. I have configured the the override.properties three different 
> ways and had different results with each.  The structure of the LDAP 
> directory is a little different than the sample, as there is dc=com at the 
> top and an ou=jetspeed below it.
> 
> CASE 1 =========================
> override.properties
> 
> ldap.url=ldap://localhost:389
> ldap.base=dc=com
> ldap.userDn=uid=cmarshall,ou=people,dc=a100sys,dc=com
> ldap.password=< password >
> ldap.context.factory=com.sun.jndi.ldap.LdapCtxFactory
> ldap.user.filter = (objectclass=person)
> ldap.search.scope = 2
> ldap.user.searchBase=ou=People,ou=sevenSeas,ou=jetspeed,dc=com
> ldap.user.entryPrefix=uid
> ldap.role.searchBase=ou=Roles,ou=sevenSeas,ou=jetspeed,dc=com
> ldap.group.searchBase=ou=Groups,ou=sevenSeas,ou=jetspeed,dc=com
> 
> Jetspeed successfully binds with the ldap.userDn  and makes the request
> 
> SRCH base="ou=People,ou=sevenSeas,ou=jetspeed,dc=com" scope=2 
> filter="(&(uid=cmarshall)(objectClass=person))" attrs="objectClass 
> javaSerializedData javaClassName javaFactory javaCodebase 
> javaReferenceAddress javaClassNames javaremotelocation"
> RESULT err=0 tag=101 nentries=1 etime=0
> 
> Jetspeed then succesfully binds again with the ldap.userDN and makes the 
> request
> 
> SRCH base="ou=People,ou=sevenSeas,ou=jetspeed,dc=com,dc=com" scope=2 
> filter="(&(objectClass=inetOrgPerson)(&(objectClass=inetOrgPerson)(uid=cmarshall)))
>  attrs=ALL
> RESULT err=32 tag=101 nentries=0 etime=0
> 
> Note the repeat of dc=com,dc=com
> 
> CASE 2 ==========================
> override.properties
> 
> ldap.url=ldap://localhost:389
> ldap.base=dc=com
> ldap.userDn=uid=cmarshall,ou=people,dc=a100sys,dc=com
> ldap.password=< password >
> ldap.context.factory=com.sun.jndi.ldap.LdapCtxFactory
> ldap.user.filter = (objectclass=person)
> ldap.search.scope = 2
> ldap.user.searchBase=ou=People,ou=sevenSeas,ou=jetspeed,dc=com
> ldap.user.entryPrefix=uid
> ldap.role.searchBase=ou=Roles,ou=sevenSeas,ou=jetspeed,dc=com
> ldap.group.searchBase=ou=Groups,ou=sevenSeas,ou=jetspeed,dc=com
> 
> Jetspeed successfully binds with the ldap.userDn and makes the request
> 
> SRCH base="ou=People,ou=sevenSeas,ou=jetspeed,dc=com" scope=2 
> filter="(&(uid=cmarshall)(objectClass=person))" attrs="objectClass 
> javaSerializedData javaClassName javaFactory javaCodebase 
> javaReferenceAddress javaClassNames javaremotelocation"
> RESULT err=0 tag=101 nentries=1 etime=0
> 
> Jetspeed attempts to bind with
> 
> BIND dn="uid=CMarshall,ou=Peopleou=sevenSeasou=jetspeeddc=com" method=128 
> version=3
> RESULT err=32 tag=97 nentries=0 etime=0
> 
> Yes, the commas that should be there are really missing.
> 
> CASE 3 =============================
> override.properties
> 
> ldap.url=ldap://localhost:389
> ldap.base=dc=com
> ldap.userDn=uid=cmarshall,ou=people,dc=a100sys,dc=com
> ldap.password=< password >
> ldap.context.factory=com.sun.jndi.ldap.LdapCtxFactory
> ldap.user.filter = (objectclass=person)
> ldap.search.scope = 2
> ldap.user.searchBase=ou=People,ou=sevenSeas,ou=jetspeed
> ldap.user.entryPrefix=uid
> ldap.role.searchBase=ou=Roles,ou=sevenSeas,ou=jetspeed
> ldap.group.searchBase=ou=Groups,ou=sevenSeas,ou=jetspeed
> 
> Jetspeed successfully binds with the ldap.userDn amd makes the request
> 
> SRCH base="ou=People,ou=sevenSeas,ou=jetspeed" scope=2 
> filter="(&(uid=cmarshall)(objectClass=person))" attrs="objectClass 
> javaSerializedData javaClassName javaFactory javaCodebase 
> javaReferenceAddress javaClassNames javaremotelocation"
> RESULT err=32 tag=101 nentries=0 etime=0
> 
> Note that the dc=com has not appended to the end of the search base.
> 
> Suggestions?
> 
> Chris Marshall
> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-user-unsubscr...@portals.apache.org
For additional commands, e-mail: jetspeed-user-h...@portals.apache.org

Reply via email to