I want to enable LDAP user authentication for Roller 5.0.3. There are some
relating tutorials for Roller 4 but seems not working on the new spring
security framework. I find some spring security 2 configuration examples,
trying to figure it out with no success. Hoping someone will help me...
this is my progress so far: I'm using an openldap server with some testing
account and added some properties in roller custom setting
file:users.sso.enabled=trueusers.sso.autoProvision.enabled=trueusers.sso.registry.ldap.attributes.name=uidusers.sso.registry.ldap.attributes.screenname=cn
then I modified the security.xml: <beans:bean id="contextSource"
class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
<beans:constructor-arg value="ldap://localhost:389/dc=test,dc=com"; />
<beans:property name="userDn" value="cn=Manager,dc=test,dc=com" />
<beans:property name="password" value="111111" /> </beans:bean>
<beans:bean id="ldapAuthProvider"
class="org.springframework.security.providers.ldap.LdapAuthenticationProvider">
<custom-authentication-provider /> <beans:constructor-arg>
<beans:bean
class="org.springframework.security.providers.ldap.authenticator.BindAuthenticator">
<beans:constructor-arg ref="contextSource" />
<beans:property name="userSearch" ref="userSearch" /> </beans:bean>
</beans:constructor-arg> <beans:constructor-arg>
<beans:bean
class="org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator">
<beans:constructor-arg ref="contextSource" />
<beans:constructor-arg value="ou=Tester" /> <beans:property
name="searchSubtree" value="false" /> <beans:property
name="defaultRole" value="register" /> <beans:property
name="convertToUpperCase" value="false" /> <beans:property
name="groupRoleAttribute" value=""/> <beans:property
name="rolePrefix" value="" /> </beans:bean>
</beans:constructor-arg> </beans:bean> <beans:bean id="userSearch"
class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
<beans:constructor-arg index="0" value="" /> <beans:constructor-arg
index="1" value="(uid={0})" /> <beans:constructor-arg index="2"
ref="contextSource" /> <beans:property name="searchSubtree" value="true"
/> </beans:bean>
(Deploying roller with this configuration will get error message
"java.lang.NoClassDefFoundError: com.sun.jndi.ldap.ctl.ResponseControlFactory",
I found a solution at
http://www.chrissearle.org/2007/08/30/spring-ldap_and_NoClassDefFoundError_com_sun_jndi_ldap_ctl_ResponseControlFactory/)
Now when using ldap username/password the page will jump to
roller_j_security_check and display following error message: 500Filter
execution threw an exceptionRoller has encountered and logged an unexpected
exception.
Using a wrong password will get the same error message, If entering a
non-existed username/password roller will display "Wrong username and password
combination".
There are relating search messages in openldap.log, maybe I just need some
tweak to fix the problem? Does anyone have any suggestions for solutions?
thanks in advance.
