Last week, I did a little code re-organizing to isolate the CalCentral dependencies from our local OAE user account provisioning. A first draft of a generic module is here:
https://github.com/raydavis/myberkeley/tree/accountprovider/accountprovider It's very weak on documentation and polish, and a vanilla implementation of the OaeAuthorizableService might make it more immediately useful. But with all the other tasks under way, I'm just going to leave it where it is until/unless someone outside Berkeley gives it a try. Best, Ray On 4/9/12 3:18 PM, Ray Davis wrote: > Come to think of it, I sent a better introduction back in January: > http://collab.sakaiproject.org/pipermail/oae-dev/2012-January/001099.html > > On 4/9/12 3:13 PM, Ray Davis wrote: >> Nakamura doesn't currently support an all-in-one-go "create a usable OAE >> account" service. Server-side account creators like contrib/LDAP >> therefore have to hack their own attempts, which will always be pretty >> brittle. >> >> FWIW, [1] is the "create a usable CalCentral account" service I wrote to >> support our local account integration approaches (all four of them!). It >> contains CalCentral-specific features but it might be useful as a >> comparison point. >> >> Best, >> Ray >> >> [1] >> https://github.com/ets-berkeley-edu/myberkeley/blob/dev/provision/src/main/java/edu/berkeley/myberkeley/provision/CalOaeAuthorizableService.java >> >> On 4/9/12 2:37 PM, Max Whitney wrote: >>>> What version of OAE are you testing with? >>> Yesterday's build (April 8, 2012), built using the rake bld:build command. >>>> What are the ACLs on any one of the areas you mentioned? >>> No ACLs to my knowledge. Everything is local on my local machine, >>> including a dinky local OpenDJ LDAP server. >>>> Do you see the same issue if the user is created but isn't tied to LDAP? >>> Interactive creation of a user without LDAP integration turned on works >>> fine. >>> Interactive creation of a user with LDAP integration turned on works >>> fine. Once created via the interactive process >>> (http://localhost:8080/register.html) connecting with the LDAP password >>> is fine. >>> Curl creation of the user with LDAP integration turned on works fine. >>> Once created, the user can connect with the LDAP password just fine. >>> The only case I'm finding where there is a problem is automatic creation >>> of a user upon first login. >>> >>> Thanks Carl for any insights. >>> >>> And Nate -- thank you. I'm using the curl creation as a fall back example. >>> >>> -- Max >>> >>> On Apr 9, 2012, at 5:26 PM, Carl Hall wrote: >>> >>>> Hey Max, >>>> >>>> What version of OAE are you testing with? >>>> What are the ACLs on any one of the areas you mentioned? >>>> Do you see the same issue if the user is created but isn't tied to LDAP? >>>> >>>> >>>> On Mon, Apr 9, 2012 at 3:26 PM, Max Whitney<m...@nyu.edu >>>> <mailto:m...@nyu.edu>> wrote: >>>> >>>> Hello folks: >>>> >>>> I'm working through examples for LDAP authentication integration. >>>> Things are remarkably straightforward in the basic configuration. >>>> Thank you all for that! >>>> >>>> I'm running into in interesting problem when requesting that a >>>> user account be automatically created on first login. The "About >>>> Me," "Basic Information" and "Publications" sections aren't >>>> populated, and can't be modified for my newly created test user >>>> 'paul'. In the sling/logs/error.log I see these three lines: >>>> === >>>> 09.04.2012 15:19:58.581 *INFO* [127.0.0.1 [1333999198535] GET >>>> /~paul/private/privspace.infinity.json HTTP/1.1] logs/access.log >>>> 127.0.0.1 - paul 09/Apr/2012:15:19:58 -0400 "GET >>>> >>>> /~paul/private/privspace.infinity.json?_charset_=utf-8&_=1333999198432 >>>> HTTP/1.1" 404 9155 "http://localhost:8080/me"; "Mozilla/5.0 >>>> (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.55.3 (KHTML, >>>> like Gecko) Version/5.1.5 Safari/534.55.3" >>>> 09.04.2012 15:19:58.629 *ERROR* [127.0.0.1 [1333999198537] POST >>>> /system/batch HTTP/1.1] >>>> org.apache.sling.servlets.post.impl.operations.ModifyOperation >>>> Access Denied /~paul/public/authprofile/basic/init: not allowed to >>>> add or modify item >>>> 09.04.2012 15:19:58.673 *ERROR* [127.0.0.1 [1333999198537] POST >>>> /system/batch HTTP/1.1] >>>> org.apache.sling.servlets.post.impl.operations.ModifyOperation >>>> Access Denied /~paul/public/authprofile/aboutme/init: not allowed >>>> to add or modify item >>>> 09.04.2012 15:19:58.697 *ERROR* [127.0.0.1 [1333999198537] POST >>>> /system/batch HTTP/1.1] >>>> org.apache.sling.servlets.post.impl.operations.ModifyOperation >>>> Access Denied /~paul/public/authprofile/publications/init: not >>>> allowed to add or modify item >>>> === >>>> >>>> If there's something mildly obvious that I've missed, let me know. >>>> If you'd like to see this as a jira, point me in that direction >>>> instead. >>>> >>>> Thanks, >>>> Max >>>> >>>> >>>> _______________________________________________ >>>> oae-dev mailing list >>>> oae-dev@collab.sakaiproject.org >>>> <mailto:oae-dev@collab.sakaiproject.org> >>>> http://collab.sakaiproject.org/mailman/listinfo/oae-dev >>>> >>>> >>> >>> >>> >>> _______________________________________________ >>> oae-dev mailing list >>> oae-dev@collab.sakaiproject.org >>> http://collab.sakaiproject.org/mailman/listinfo/oae-dev >> >> _______________________________________________ >> oae-dev mailing list >> oae-dev@collab.sakaiproject.org >> http://collab.sakaiproject.org/mailman/listinfo/oae-dev >> > > _______________________________________________ > oae-dev mailing list > oae-dev@collab.sakaiproject.org > http://collab.sakaiproject.org/mailman/listinfo/oae-dev > _______________________________________________ oae-dev mailing list oae-dev@collab.sakaiproject.org http://collab.sakaiproject.org/mailman/listinfo/oae-dev
