Hi , I'm trying to follow you guide but i'm still not fully understand. I'm new with apacheDS and jetspeed.
Current setup - Jetspeed 2.2.2 ApacheDS 1.5.5 I've configured so that Jetspeed 2.2.2 will use LDAP server. on ApacheDS I have it stand alone running in the background. Using Apache Studio, I connect to ApachedS. >From ApacheDS console, I can see that when ever i try to login into jetspeed. It display information that user try to login but fail. So I'm thinking that I need to load Jetspeed 2.2.2 schema into ApacheDS. Using the jetspeed schema provided at the http://portals.apache.org/jetspeed-2/deployguide/ldap.html doesn't do anything. So when i try to import setup2.ldif, it fail because ApacheDS doesn't know j2-classname: This is where it starting to fail to import: #!RESULT ERROR #!CONNECTION ldap://localhost:10389 #!DATE 2012-03-01T13:46:47.187 #!ERROR [LDAP: error code 16 - NO_SUCH_ATTRIBUTE: failed for Add Request : ClientEntry dn: cn=accounting,ou=Groups,ou=rootOrg,o=sevenSeas objectClass: jetspeed-2-group objectClass: groupOfUniqueNames objectClass: top uid: accounting uniquemember: user,local,sublocal cn: accounting j2-classname: accounting : OID for name 'jetspeed-2-group' was not found within the OID registry] dn: cn=accounting,ou=Groups,ou=rootOrg,o=sevenSeas objectClass: jetspeed-2-group objectClass: groupOfUniqueNames objectClass: top cn: accounting j2-classname: accounting uid: accounting uniquemember: user,local,sublocal Can you explain how did you manage to load this file? Assume you did load jetspeed schema into apacheDS. How did you do it? I tried to manual create a user in the apacheDS, but login still fail. It did display my login information use as username, surname and such, but with fail message. Thanks jerome.dupont wrote: > > > > Hello > > I'm still trying to make ldap work, and now it work more or less. > I post this message to publish a working example in the web, and because > I have some questions. > > > 1/ Basic configuration: Jetpeed connects to ldap, and I have some users > with which I can log in. > > With > _ apacheDS 1.5.5 (NOT 1.5.7) > _ loading jetspeed schema (but it doesn't seem absolutly necessary) (see > in previous post) > _ loading an appropriate users example file (consistent with default > jetspeed 2.2.1 configuration.) > I some example in test code, in ldif exemple (setup2): > > ./jetspeed-2-2.2.1/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/mapping/ldap/setup2/resources/setup2.ldif > > > ./jetspeed-2-2.2.1/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/mapping/ldap/setup1/resources/setup1.ldif > > I've imported setup2 in my ldap. > _ matching property file with my ldap structure. > this is the content of > ./webapps/jetspeed/WEB-INF/conf/override.properties in my jetspeed demo > configuration > It's consistent with LDAP content > > #------------------------------------------------------------------------- > # LDAP > #------------------------------------------------------------------------- > > ldap.url=ldap://localhost:10389 > ldap.base=o=sevenSeas > ldap.userDn=uid=admin,ou=system > ldap.password=secret > ldap.context.factory=com.sun.jndi.ldap.LdapCtxFactory > ldap.user.filter=(objectclass=person) > ldap.search.scope=2 > ldap.user.searchBase=o=Jetspeed > ldap.user.entryPrefix=uid > ldap.role.searchBase=ou=Roles,o=Jetspeed > ldap.role.filter = (objectClass=groupOfUniqueNames) > ldap.group.searchBase=ou=Groups,o=Jetspeed > ldap.group.filter = (objectClass=groupOfUniqueNames) > ldap.context.pool.maxActive = 20 > ldap.context.pool.maxIdle = 20 > > #Turn on LDAP Security > spring.filter.key = portal.ldap > > 2/ Setting manually a role to a user > After this step I can connect, BUT no user has admin role > > I've search in xml and source code. > Seemly, the relationship used to search (user<->role, or user <-> group, > etc) are defined in > Jetspeed-2.2.1/webapps/jetspeed/WEB-INF/assembly/security-ldap.xml file > > In xml file, we can see that user isMemberOf role will defined the > relationship (in the ldif example it's something else, uniqueMember) > When you look at AttributeBasedRelationDAO.java, there a very > interesting comment. > If I got the point, the bean is very generic, and permits to define a > relation isMemberOf (user isMemberOf) or in the other sens member (role > member user) > > Since I could not create a relation david isMemberOf admin (not in ldap > schema), I've created the relation in the role member user direction. > So I've added an attribute to cn=admin ldap object, which was attribute > name: member, attribute value > cn=David,o=Peoples,o=SanFrancisco,o=Jetspeed,o=sevenSeas > And it worked David became magically administrator > > > Alternatively, I could have changed the xml file to make it match to my > ldap content (using uniqueMember rather thar member), but I didn't to > change this part of jetspeed configuration. > <bean id="UserRoleRelationDAO" > class="org.apache.jetspeed.security.mapping.ldap.dao.impl.AttributeBasedRelationDAO"> > > <meta key="j2:cat" value="ldapSecurity"/> > <property name="relationAttribute" value="member"/> > <property name="attributeContainsInternalId" value="true"/> > <property name="useFromEntityAttribute" value="false"/> > <property name="relationType"> > <bean > class="org.apache.jetspeed.security.mapping.impl.SecurityEntityRelationTypeImpl"> > > <constructor-arg index="0" value="isMemberOf"/> > <constructor-arg index="1" value="user"/> > <constructor-arg index="2" value="role"/> > </bean></property></bean> > > > > 3/ Adding an user > > When I create a user through the register portlet, the user is created > inthe ldap , but I have an exception > > Welcome. Please fill out the following form to become a registered user. > > [Failed to add > user.org.apache.jetspeed.administration.RegistrationException: > org.apache.jetspeed.security.SecurityException: The role user does not > exist.] > > In the ldap, the user is created in o=Jetspeed,o=sevenSeas > It's probably constructed from these properties > ldap.base=o=sevenSeas > ldap.user.searchBase=o=Jetspeed > Right? > > 4/ jetspeed defaut schema > > What is the utility of jetspeed ldap schema (j2-role and all that stuff)? > > Is it necessary? > If Yes, I suppose that the configuration has to be changed. > Does exists somewhere a configuration with that schema? > > Any answer or clarification would be useful. > I hope this post will help other people trying to ldapize jetspeed. > > Regards, > Jérôme > > Exposition Enluminures en terre d'Islam entre abstraction et figuration > - jusqu'au 25 septembre 2011 - BnF - Richelieu / Galerie Mansart Avant > d'imprimer, pensez à l'environnement. > --------------------------------------------------------------------- > To unsubscribe, e-mail: jetspeed-user-unsubscr...@portals.apache.org > For additional commands, e-mail: jetspeed-user-h...@portals.apache.org > > > -- View this message in context: http://old.nabble.com/Re%3A-ldap-configuration%3A-a-configuration-starting-to-work-tp32354906p33423806.html Sent from the Jetspeed - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: jetspeed-user-unsubscr...@portals.apache.org For additional commands, e-mail: jetspeed-user-h...@portals.apache.org
