Hi all,
I've been having some trouble getting LDAP authentication to an Active
Directory server working in uPortal 3.0. I've been able to configure the
packaged CAS instance to successfully authenticate against the AD server
using LDAP with simple authentication, and I can also get uPortal to grab
person directory information from this AD server. I was hoping that since
I'd already done the configuration in ldapContext.xml to allow the person
directory lookup to happen, all I'd need to do to enable portal
authentication to the AD server would be to add the following line to
security.properties:
root.ldap=org.jasig.portal.security.provider.SimpleLdapSecurityContextFactory
Currently, this leads to the following stack trace in the portal log:
ERROR [TP-Processor23] provider.SimpleLdapSecurityContext.[] May/06 06:34:18
- SimpleLdapSecurityContext: LDAP Error with user: myusername;
javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D:
NameErr: DSID-031001BD, problem 2001 (NO_OBJECT), data 0, best match of
:
'CN=Users,DC=unicon,DC=net'
[EMAIL PROTECTED]; remaining name 'cn=Users, dc=unicon, dc=net'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3010)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2931)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2737)
at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1808)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1731)
at
com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368)
at
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338)
at
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:321)
at
javax.naming.directory.InitialDirContext.search(InitialDirContext.java:248)
at
org.jasig.portal.security.provider.SimpleLdapSecurityContext.authenticate(SimpleLdapSecurityContext.java:133)
at
org.jasig.portal.security.provider.ChainingSecurityContext.authenticate(ChainingSecurityContext.java:87)
at
org.jasig.portal.security.provider.UnionSecurityContext.authenticate(UnionSecurityContext.java:33)
at
org.jasig.portal.services.Authentication.authenticate(Authentication.java:83)
at org.jasig.portal.LoginServlet.service(LoginServlet.java:140)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
at
edu.yale.its.tp.cas.client.filter.StaticCasReceiptCacherFilter.doFilter(StaticCasReceiptCacherFilter.java:67)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
at
edu.yale.its.tp.cas.client.filter.CASValidateFilter.doFilter(CASValidateFilter.java:337)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:210)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:151)
at
org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:200)
at
org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:283)
at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:773)
at
org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:703)
at
org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:895)
at
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:685)
at java.lang.Thread.run(Thread.java:595)
After turning debugging on, right above this trace the expected principal
and context information is printed out, so it must be getting at least some
correct LDAP configuration information.
Is there a step I maybe missed somewhere? Is anyone currently successfully
using LDAP authentication in uPortal 3?
On a somewhat-related note, it appears that the CacheLdapSecurityContext and
CacheLdapSecurityContextFactory disappeared in uPortal 3.0. Was this
intentional? Is there a reason those classes would not be expected to work
in up3?
Thanks!
- Jen
--
Join your friends and colleagues at JA-SIG 2008 - "Higher Education Solutions:
The Community Source Way!"
April 27th - 30th, 2008 in St. Paul, Minnesota USA
Featuring CAS, DSpace, Fedora, Fluid, Internet2, Kuali, Sakai, uPortal, and
more!
Information/Registration at:
http://www.ja-sig.org/conferences/08spring/index.html
Subscribe to the conference blog, The Community Source Way
http://jasig2008.blogspot.com, for news and updates about the event.
Join the Conference networking site at http://ja-sigspring08.crowdvine.com/
You are currently subscribed to uportal-dev@lists.ja-sig.org as: [EMAIL
PROTECTED]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/uportal-dev
