Hi all you Matterhorn gurus!
We're currently trying to integrate our Matterhorn 1.2 setup to our
LDAP. So far we've been successful in setting the ldapuserprovider
settings in
/opt/matterhorn/felix/conf/factories/
org.opencastproject.userdirectory.ldap.LdapUserProvider.properties
-file, where we've set ldap server urls for ssl-enabled ldaps
connections etc. However, according to our ldap sysadmin, our Matterhorn
server is unable to make a proper bind to the ldap server. Our
Matterhorn server queries the ldap server with username, but it doesn't
try to authenticate with a password.
We have tried to follow e.g. the instructions in the following thread
http://opencast.3480289.n2.nabble.com/JIRA-Studio-Commented-MH-7805-Enable-authenticated-LDAP-searches-in-LDAPUserProvider-td6472140.html
but we're stuck as we don't know whether we should also modify e.g.
/opt/matterhorn/felix/conf/config.properties and if we should, how?
Thus, we'd really appreciate any insight on how you have managed to join
your MH installations to your ldap and make user authentication + ldap
group role retrieval work.
Yours, Olli Salo
PS: our ldapuserprovider config is shown under the signature
--
Olli Salo
Tietotekniikkakeskus
Helsingin yliopisto
Tel: +358 9 191 21782
Gsm: +358 50 407 5509
Email: [email protected]
*****************************************************************
Our current configuration:
# The URL to the LDAP server
org.opencastproject.userdirectory.ldap.url.1=ldaps://ldap-internal.it.helsinki.fi:636
# The user and password to authenticate as with LDAP. If left
commented, the LDAP provider with use an anonymous bind.
# If uncommenting these, add them to the keys at the bottom of this file.
org.opencastproject.userdirectory.ldap.userDn.1=ou=matterhorn,ou=login,o=hy
org.opencastproject.userdirectory.ldap.password.1=PASSWORD_HERE
# The base path within LDAP to search for users
org.opencastproject.userdirectory.ldap.searchbase.1=dc=helsinki,dc=fi
# The search filter to use for identifying users by ID
org.opencastproject.userdirectory.ldap.searchfilter.1=(&(uid={0})(objectClass=person))
# The maximum number of users to cache
org.opencastproject.userdirectory.ldap.cache.size.1=1000
# The maximum number of minutes to cache a user
org.opencastproject.userdirectory.ldap.cache.expiration.1=5
# The comma-separated list of attributes that will be translated into
roles. Note that the attributes will be prefixed
# with the string "ROLE_" and the attribute value will be transformed to
upper case.
org.opencastproject.userdirectory.ldap.roleattributes.1=schacHomeOrganization
# The organization for this provider
org.opencastproject.userdirectory.ldap.org.1=mh_default_org
#
# The property keys that can be used when setting up LDAP connections.
Be careful not to include spaces.
#
keys=org.opencastproject.userdirectory.ldap.url,org.opencastproject.userdirectory.ldap.searchbase,\
org.opencastproject.userdirectory.ldap.searchfilter,org.opencastproject.userdirectory.ldap.cache.size,\
org.opencastproject.userdirectory.ldap.cache.expiration,org.opencastproject.userdirectory.ldap.roleattributes,\
org.opencastproject.userdirectory.ldap.org
_______________________________________________
Matterhorn mailing list
[email protected]
http://lists.opencastproject.org/mailman/listinfo/matterhorn
To unsubscribe please email
[email protected]
_______________________________________________
