Re: [uportal-dev] uPortal 3.0 and ldap authentication
OK, I finally managed to set up a up2.6 install against the same LDAP source, and it worked fine. There do seem to be a new properties in up3's ldap connection. Also, the URL seems to be of the form ldap:port/basePath, rather than ldap:port. New props: java.naming.ldap.version=3, org.springframework.ldap.base.path=cn=Users, dc=unicon, dc=net, java.naming.factory.object=org.springframework.ldap.core.support.DefaultDirObjectFactory - Jen On Tue, May 6, 2008 at 10:49 AM, Jen Bourey [EMAIL PROTECTED] wrote: Unfortunately, no, I don't have a uPortal 2 configuration. Thanks for the documentation on the caching contexts! That all makes sense. - Jen On Tue, May 6, 2008 at 10:42 AM, Eric Dalquist [EMAIL PROTECTED] wrote: Hrm, Some good questions, I did a little testing with LDAP but I don't have much in the way of services to test against. Do you have a functional uPortal 2 ldap config we could look at to try and figure out where the problem is? As for why those classes are gone, http://ja-sig.org/wiki/display/UPC/uPortal+3+API+Changes documents them as they should be used via chaining with the CacheSecurityContext. -Eric Jen Bourey wrote: Hi all, I've been having some trouble getting LDAP authentication to an Active Directory server working in uPortal 3.0. I've been able to configure the packaged CAS instance to successfully authenticate against the AD server using LDAP with simple authentication, and I can also get uPortal to grab person directory information from this AD server. I was hoping that since I'd already done the configuration in ldapContext.xml to allow the person directory lookup to happen, all I'd need to do to enable portal authentication to the AD server would be to add the following line to security.properties: root.ldap=org.jasig.portal.security.provider.SimpleLdapSecurityContextFactory Currently, this leads to the following stack trace in the portal log: ERROR [TP-Processor23] provider.SimpleLdapSecurityContext.[] May/06 06:34:18 - SimpleLdapSecurityContext: LDAP Error with user: myusername; javax.naming.NameNotFoundException: [LDAP: error code 32 - 208D: NameErr: DSID-031001BD, problem 2001 (NO_OBJECT), data 0, best match of : 'CN=Users,DC=unicon,DC=net' [EMAIL PROTECTED]; remaining name 'cn=Users, dc=unicon, dc=net' at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3010) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2931) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2737) at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1808) at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1731) at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:321) at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:248) at org.jasig.portal.security.provider.SimpleLdapSecurityContext.authenticate(SimpleLdapSecurityContext.java:133) at org.jasig.portal.security.provider.ChainingSecurityContext.authenticate(ChainingSecurityContext.java:87) at org.jasig.portal.security.provider.UnionSecurityContext.authenticate(UnionSecurityContext.java:33) at org.jasig.portal.services.Authentication.authenticate(Authentication.java:83) at org.jasig.portal.LoginServlet.service(LoginServlet.java:140) at javax.servlet.http.HttpServlet.service(HttpServlet.java:803) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) at edu.yale.its.tp.cas.client.filter.StaticCasReceiptCacherFilter.doFilter(StaticCasReceiptCacherFilter.java:67) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) at edu.yale.its.tp.cas.client.filter.CASValidateFilter.doFilter(CASValidateFilter.java:337) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:210) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117) at
Re: [uportal-dev] uPortal 3.0 and ldap authentication
Hrm, Some good questions, I did a little testing with LDAP but I don't have much in the way of services to test against. Do you have a functional uPortal 2 ldap config we could look at to try and figure out where the problem is? As for why those classes are gone, http://ja-sig.org/wiki/display/UPC/uPortal+3+API+Changes documents them as they should be used via chaining with the CacheSecurityContext. -Eric Jen Bourey wrote: Hi all, I've been having some trouble getting LDAP authentication to an Active Directory server working in uPortal 3.0. I've been able to configure the packaged CAS instance to successfully authenticate against the AD server using LDAP with simple authentication, and I can also get uPortal to grab person directory information from this AD server. I was hoping that since I'd already done the configuration in ldapContext.xml to allow the person directory lookup to happen, all I'd need to do to enable portal authentication to the AD server would be to add the following line to security.properties: root.ldap=org.jasig.portal.security.provider.SimpleLdapSecurityContextFactory Currently, this leads to the following stack trace in the portal log: ERROR [TP-Processor23] provider.SimpleLdapSecurityContext.[] May/06 06:34:18 - SimpleLdapSecurityContext: LDAP Error with user: myusername; javax.naming.NameNotFoundException: [LDAP: error code 32 - 208D: NameErr: DSID-031001BD, problem 2001 (NO_OBJECT), data 0, best match of : 'CN=Users,DC=unicon,DC=net' [EMAIL PROTECTED]; remaining name 'cn=Users, dc=unicon, dc=net' at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3010) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2931) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2737) at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1808) at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1731) at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:321) at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:248) at org.jasig.portal.security.provider.SimpleLdapSecurityContext.authenticate(SimpleLdapSecurityContext.java:133) at org.jasig.portal.security.provider.ChainingSecurityContext.authenticate(ChainingSecurityContext.java:87) at org.jasig.portal.security.provider.UnionSecurityContext.authenticate(UnionSecurityContext.java:33) at org.jasig.portal.services.Authentication.authenticate(Authentication.java:83) at org.jasig.portal.LoginServlet.service(LoginServlet.java:140) at javax.servlet.http.HttpServlet.service(HttpServlet.java:803) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) at edu.yale.its.tp.cas.client.filter.StaticCasReceiptCacherFilter.doFilter(StaticCasReceiptCacherFilter.java:67) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) at edu.yale.its.tp.cas.client.filter.CASValidateFilter.doFilter(CASValidateFilter.java:337) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:210) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:151) at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:200) at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:283) at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:773) at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:703) at org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:895) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:685) at java.lang.Thread.run(Thread.java:595) After turning debugging on, right above this trace the expected principal and context
Re: [uportal-dev] uPortal 3.0 and ldap authentication
Unfortunately, no, I don't have a uPortal 2 configuration. Thanks for the documentation on the caching contexts! That all makes sense. - Jen On Tue, May 6, 2008 at 10:42 AM, Eric Dalquist [EMAIL PROTECTED] wrote: Hrm, Some good questions, I did a little testing with LDAP but I don't have much in the way of services to test against. Do you have a functional uPortal 2 ldap config we could look at to try and figure out where the problem is? As for why those classes are gone, http://ja-sig.org/wiki/display/UPC/uPortal+3+API+Changes documents them as they should be used via chaining with the CacheSecurityContext. -Eric Jen Bourey wrote: Hi all, I've been having some trouble getting LDAP authentication to an Active Directory server working in uPortal 3.0. I've been able to configure the packaged CAS instance to successfully authenticate against the AD server using LDAP with simple authentication, and I can also get uPortal to grab person directory information from this AD server. I was hoping that since I'd already done the configuration in ldapContext.xml to allow the person directory lookup to happen, all I'd need to do to enable portal authentication to the AD server would be to add the following line to security.properties: root.ldap=org.jasig.portal.security.provider.SimpleLdapSecurityContextFactory Currently, this leads to the following stack trace in the portal log: ERROR [TP-Processor23] provider.SimpleLdapSecurityContext.[] May/06 06:34:18 - SimpleLdapSecurityContext: LDAP Error with user: myusername; javax.naming.NameNotFoundException: [LDAP: error code 32 - 208D: NameErr: DSID-031001BD, problem 2001 (NO_OBJECT), data 0, best match of : 'CN=Users,DC=unicon,DC=net' [EMAIL PROTECTED]; remaining name 'cn=Users, dc=unicon, dc=net' at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3010) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2931) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2737) at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1808) at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1731) at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:321) at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:248) at org.jasig.portal.security.provider.SimpleLdapSecurityContext.authenticate(SimpleLdapSecurityContext.java:133) at org.jasig.portal.security.provider.ChainingSecurityContext.authenticate(ChainingSecurityContext.java:87) at org.jasig.portal.security.provider.UnionSecurityContext.authenticate(UnionSecurityContext.java:33) at org.jasig.portal.services.Authentication.authenticate(Authentication.java:83) at org.jasig.portal.LoginServlet.service(LoginServlet.java:140) at javax.servlet.http.HttpServlet.service(HttpServlet.java:803) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) at edu.yale.its.tp.cas.client.filter.StaticCasReceiptCacherFilter.doFilter(StaticCasReceiptCacherFilter.java:67) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) at edu.yale.its.tp.cas.client.filter.CASValidateFilter.doFilter(CASValidateFilter.java:337) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:210) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:151) at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:200) at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:283) at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:773) at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:703) at