Re: ldap configuration: a configuration starting to work
|
View:
New views
3 Messages
—
Rating Filter:
Alert me
|
 |
Re: ldap configuration: a configuration starting to work
by jerome.dupont
::
Rate this Message:
Hello I'm still trying to make ldap work, and now it work more or less. I post this message to publish a working example in the web, and because I have some questions. 1/ Basic configuration: Jetpeed connects to ldap, and I have some users with which I can log in. With _ apacheDS 1.5.5 (NOT 1.5.7) _ loading jetspeed schema (but it doesn't seem absolutly necessary) (see in previous post) _ loading an appropriate users example file (consistent with default jetspeed 2.2.1 configuration.) I some example in test code, in ldif exemple (setup2): ./jetspeed-2-2.2.1/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/mapping/ldap/setup2/resources/setup2.ldif ./jetspeed-2-2.2.1/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/mapping/ldap/setup1/resources/setup1.ldif I've imported setup2 in my ldap. _ matching property file with my ldap structure. this is the content of ./webapps/jetspeed/WEB-INF/conf/override.properties in my jetspeed demo configuration It's consistent with LDAP content #------------------------------------------------------------------------- # LDAP #------------------------------------------------------------------------- ldap.url=ldap://localhost:10389 ldap.base=o=sevenSeas ldap.userDn=uid=admin,ou=system ldap.password=secret ldap.context.factory=com.sun.jndi.ldap.LdapCtxFactory ldap.user.filter=(objectclass=person) ldap.search.scope=2 ldap.user.searchBase=o=Jetspeed ldap.user.entryPrefix=uid ldap.role.searchBase=ou=Roles,o=Jetspeed ldap.role.filter = (objectClass=groupOfUniqueNames) ldap.group.searchBase=ou=Groups,o=Jetspeed ldap.group.filter = (objectClass=groupOfUniqueNames) ldap.context.pool.maxActive = 20 ldap.context.pool.maxIdle = 20 #Turn on LDAP Security spring.filter.key = portal.ldap 2/ Setting manually a role to a user After this step I can connect, BUT no user has admin role I've search in xml and source code. Seemly, the relationship used to search (user<->role, or user <-> group, etc) are defined in Jetspeed-2.2.1/webapps/jetspeed/WEB-INF/assembly/security-ldap.xml file In xml file, we can see that user isMemberOf role will defined the relationship (in the ldif example it's something else, uniqueMember) When you look at AttributeBasedRelationDAO.java, there a very interesting comment. If I got the point, the bean is very generic, and permits to define a relation isMemberOf (user isMemberOf) or in the other sens member (role member user) Since I could not create a relation david isMemberOf admin (not in ldap schema), I've created the relation in the role member user direction. So I've added an attribute to cn=admin ldap object, which was attribute name: member, attribute value cn=David,o=Peoples,o=SanFrancisco,o=Jetspeed,o=sevenSeas And it worked David became magically administrator Alternatively, I could have changed the xml file to make it match to my ldap content (using uniqueMember rather thar member), but I didn't to change this part of jetspeed configuration. <bean id="UserRoleRelationDAO" class="org.apache.jetspeed.security.mapping.ldap.dao.impl.AttributeBasedRelationDAO"> <meta key="j2:cat" value="ldapSecurity"/> <property name="relationAttribute" value="member"/> <property name="attributeContainsInternalId" value="true"/> <property name="useFromEntityAttribute" value="false"/> <property name="relationType"> <bean class="org.apache.jetspeed.security.mapping.impl.SecurityEntityRelationTypeImpl"> <constructor-arg index="0" value="isMemberOf"/> <constructor-arg index="1" value="user"/> <constructor-arg index="2" value="role"/> </bean></property></bean> 3/ Adding an user When I create a user through the register portlet, the user is created inthe ldap , but I have an exception Welcome. Please fill out the following form to become a registered user. [Failed to add user.org.apache.jetspeed.administration.RegistrationException: org.apache.jetspeed.security.SecurityException: The role user does not exist.] In the ldap, the user is created in o=Jetspeed,o=sevenSeas It's probably constructed from these properties ldap.base=o=sevenSeas ldap.user.searchBase=o=Jetspeed Right? 4/ jetspeed defaut schema What is the utility of jetspeed ldap schema (j2-role and all that stuff)? Is it necessary? If Yes, I suppose that the configuration has to be changed. Does exists somewhere a configuration with that schema? Any answer or clarification would be useful. I hope this post will help other people trying to ldapize jetspeed. Regards, Jérôme Exposition Enluminures en terre d'Islam entre abstraction et figuration - jusqu'au 25 septembre 2011 - BnF - Richelieu / Galerie Mansart Avant d'imprimer, pensez à l'environnement. --------------------------------------------------------------------- To unsubscribe, e-mail: jetspeed-user-unsubscribe@... For additional commands, e-mail: jetspeed-user-help@... |
|
|
Re: ldap configuration: a configuration starting to work
by cnguyen8
::
Rate this Message:
Hi ,
I'm trying to follow you guide but i'm still not fully understand. I'm new with apacheDS and jetspeed. Current setup - Jetspeed 2.2.2 ApacheDS 1.5.5 I've configured so that Jetspeed 2.2.2 will use LDAP server. on ApacheDS I have it stand alone running in the background. Using Apache Studio, I connect to ApachedS. From ApacheDS console, I can see that when ever i try to login into jetspeed. It display information that user try to login but fail. So I'm thinking that I need to load Jetspeed 2.2.2 schema into ApacheDS. Using the jetspeed schema provided at the http://portals.apache.org/jetspeed-2/deployguide/ldap.html doesn't do anything. So when i try to import setup2.ldif, it fail because ApacheDS doesn't know j2-classname: This is where it starting to fail to import: #!RESULT ERROR #!CONNECTION ldap://localhost:10389 #!DATE 2012-03-01T13:46:47.187 #!ERROR [LDAP: error code 16 - NO_SUCH_ATTRIBUTE: failed for Add Request : ClientEntry dn: cn=accounting,ou=Groups,ou=rootOrg,o=sevenSeas objectClass: jetspeed-2-group objectClass: groupOfUniqueNames objectClass: top uid: accounting uniquemember: user,local,sublocal cn: accounting j2-classname: accounting : OID for name 'jetspeed-2-group' was not found within the OID registry] dn: cn=accounting,ou=Groups,ou=rootOrg,o=sevenSeas objectClass: jetspeed-2-group objectClass: groupOfUniqueNames objectClass: top cn: accounting j2-classname: accounting uid: accounting uniquemember: user,local,sublocal Can you explain how did you manage to load this file? Assume you did load jetspeed schema into apacheDS. How did you do it? I tried to manual create a user in the apacheDS, but login still fail. It did display my login information use as username, surname and such, but with fail message. Thanks
|
|
|
Re: ldap configuration: a configuration starting to work
by jerome.dupont
::
Rate this Message:
Since this summer, I use my own schema (changing xml ldap ), so I don't
have anymore schema import problem :-) But if I remember well, I imported the schema in apache You can find it in the directory components/jetspeed-security-schema/src/main/schema/jetspeed.schema) and converted it to ldif file You can find on the net tools to convert schemas to ldif Alternatively, I found on my disk a ldif I had generated in July (happy holidays this summer :-), this is its content (normally it's importable in apache 1.5.5, but I'm not sure). After that you should be able to create user from jetspeed. Sorry for the long post, but I don't know how to post an attached file # Generated by Apache Directory Studio on 31 juillet 2011 21:37:20 # SCHEMA "JETSPEED" dn: cn=jetspeed, ou=schema objectclass: metaSchema objectclass: top cn: jetspeed m-dependencies: system m-dependencies: inetorgperson m-dependencies: core dn: ou=attributeTypes, cn=jetspeed, ou=schema objectclass: organizationalUnit objectclass: top ou: attributetypes dn: m-oid=1.3.6.1.4.1.8100.1.2.3.1, ou=attributeTypes, cn=jetspeed, ou=schema objectclass: metaAttributeType objectclass: metaTop objectclass: top m-oid: 1.3.6.1.4.1.8100.1.2.3.1 m-name: j2-classname m-description: The java class name of the object. m-equality: caseIgnoreIA5Match m-syntax: 1.3.6.1.4.1.1466.115.121.1.26 m-length: 0 m-singleValue: TRUE dn: m-oid=1.3.6.1.4.1.8100.1.2.3.2, ou=attributeTypes, cn=jetspeed, ou=schema objectclass: metaAttributeType objectclass: metaTop objectclass: top m-oid: 1.3.6.1.4.1.8100.1.2.3.2 m-name: j2-action m-description: An action associated with a permission. This is a multi-valued at tribute. m-equality: caseIgnoreIA5Match m-syntax: 1.3.6.1.4.1.1466.115.121.1.26 m-length: 0 dn: m-oid=1.3.6.1.4.1.8100.1.2.3.3, ou=attributeTypes, cn=jetspeed, ou=schema objectclass: metaAttributeType objectclass: metaTop objectclass: top m-oid: 1.3.6.1.4.1.8100.1.2.3.3 m-name: j2-role m-description: The UID of an associated Role. This is a multi-valued attribute. m-equality: caseExactIA5Match m-syntax: 1.3.6.1.4.1.1466.115.121.1.26 m-length: 0 dn: m-oid=1.3.6.1.4.1.8100.1.2.3.4, ou=attributeTypes, cn=jetspeed, ou=schema objectclass: metaAttributeType objectclass: metaTop objectclass: top m-oid: 1.3.6.1.4.1.8100.1.2.3.4 m-name: j2-group m-description: The UID of an associated Group. This is a multi-valued attribute. m-equality: caseExactIA5Match m-syntax: 1.3.6.1.4.1.1466.115.121.1.26 m-length: 0 dn: m-oid=1.3.6.1.4.1.8100.1.2.3.5, ou=attributeTypes, cn=jetspeed, ou=schema objectclass: metaAttributeType objectclass: metaTop objectclass: top m-oid: 1.3.6.1.4.1.8100.1.2.3.5 m-name: j2-permission m-description: The UID of an associated Permission m-equality: caseExactIA5Match m-syntax: 1.3.6.1.4.1.1466.115.121.1.26 m-length: 0 dn: m-oid=1.3.6.1.4.1.8100.1.2.3.6, ou=attributeTypes, cn=jetspeed, ou=schema objectclass: metaAttributeType objectclass: metaTop objectclass: top m-oid: 1.3.6.1.4.1.8100.1.2.3.6 m-name: creation-date m-description: create date m-equality: caseIgnoreIA5Match m-syntax: 1.3.6.1.4.1.1466.115.121.1.26 m-length: 0 m-singleValue: TRUE dn: m-oid=1.3.6.1.4.1.8100.1.2.3.7, ou=attributeTypes, cn=jetspeed, ou=schema objectclass: metaAttributeType objectclass: metaTop objectclass: top m-oid: 1.3.6.1.4.1.8100.1.2.3.7 m-name: modified-date m-description: modified date m-equality: caseIgnoreIA5Match m-syntax: 1.3.6.1.4.1.1466.115.121.1.26 m-length: 0 m-singleValue: TRUE dn: ou=comparators, cn=jetspeed, ou=schema objectclass: organizationalUnit objectclass: top ou: comparators dn: ou=ditContentRules, cn=jetspeed, ou=schema objectclass: organizationalUnit objectclass: top ou: ditcontentrules dn: ou=ditStructureRules, cn=jetspeed, ou=schema objectclass: organizationalUnit objectclass: top ou: ditstructurerules dn: ou=matchingRules, cn=jetspeed, ou=schema objectclass: organizationalUnit objectclass: top ou: matchingrules dn: ou=matchingRuleUse, cn=jetspeed, ou=schema objectclass: organizationalUnit objectclass: top ou: matchingruleuse dn: ou=nameForms, cn=jetspeed, ou=schema objectclass: organizationalUnit objectclass: top ou: nameforms dn: ou=normalizers, cn=jetspeed, ou=schema objectclass: organizationalUnit objectclass: top ou: normalizers dn: ou=objectClasses, cn=jetspeed, ou=schema objectclass: organizationalUnit objectclass: top ou: objectClasses dn: m-oid=1.3.6.1.4.1.8100.1.2.4.1, ou=objectClasses, cn=jetspeed, ou=schema objectclass: metaObjectClass objectclass: metaTop objectclass: top m-oid: 1.3.6.1.4.1.8100.1.2.4.1 m-name: jetspeed-2-group m-description: Jetspeed-2 group m-supObjectClass: groupOfUniqueNames m-must: j2-classname m-must: uid m-may: j2-role m-may: creation-date m-may: modified-date m-may: cn m-may: ou dn: m-oid=1.3.6.1.4.1.8100.1.2.4.3, ou=objectClasses, cn=jetspeed, ou=schema objectclass: metaObjectClass objectclass: metaTop objectclass: top m-oid: 1.3.6.1.4.1.8100.1.2.4.3 m-name: jetspeed-2-role m-description: Jetspeed-2 role m-supObjectClass: groupOfUniqueNames m-must: j2-classname m-must: uid m-may: creation-date m-may: modified-date m-may: cn m-may: ou dn: m-oid=1.3.6.1.4.1.8100.1.2.4.4, ou=objectClasses, cn=jetspeed, ou=schema objectclass: metaObjectClass objectclass: metaTop objectclass: top m-oid: 1.3.6.1.4.1.8100.1.2.4.4 m-name: jetspeed-2-user m-description: Jetspeed-2 user m-supObjectClass: inetOrgPerson m-must: cn m-must: uid m-may: j2-role m-may: j2-group m-may: j2-permission m-may: creation-date m-may: modified-date dn: m-oid=1.3.6.1.4.1.8100.1.2.4.2, ou=objectClasses, cn=jetspeed, ou=schema objectclass: metaObjectClass objectclass: metaTop objectclass: top m-oid: 1.3.6.1.4.1.8100.1.2.4.2 m-name: jetspeed-2-permission m-description: Jetspeed-2 permission m-must: j2-classname m-must: uid m-may: j2-action m-may: creation-date m-may: modified-date dn: ou=syntaxCheckers, cn=jetspeed, ou=schema objectclass: organizationalUnit objectclass: top ou: syntaxcheckers dn: ou=syntaxes, cn=jetspeed, ou=schema objectclass: organizationalUnit objectclass: top ou: syntaxes |-----------> | | | | | | | | | | |-----------> >--------------------------------------------------------------------------------------------------------------------------------------------| | | | | | Message de : cnguyen8 <cnguyen8@...> | | 01/03/2012 20:31 | | | | | | | | | | | | Veuillez répondre à "Jetspeed Users List" <jetspeed-user@...> | | | | | | | | | | | | | | | | Pour| | jetspeed-user@... | | Copie| | | | Objet| | Re: ldap configuration: a configuration starting to work | | | >--------------------------------------------------------------------------------------------------------------------------------------------| Hi , I'm trying to follow you guide but i'm still not fully understand. I'm new with apacheDS and jetspeed. Current setup - Jetspeed 2.2.2 ApacheDS 1.5.5 I've configured so that Jetspeed 2.2.2 will use LDAP server. on ApacheDS I have it stand alone running in the background. Using Apache Studio, I connect to ApachedS. From ApacheDS console, I can see that when ever i try to login into jetspeed. It display information that user try to login but fail. So I'm thinking that I need to load Jetspeed 2.2.2 schema into ApacheDS. Using the jetspeed schema provided at the http://portals.apache.org/jetspeed-2/deployguide/ldap.html doesn't do anything. So when i try to import setup2.ldif, it fail because ApacheDS doesn't know j2-classname: This is where it starting to fail to import: #!RESULT ERROR #!CONNECTION ldap://localhost:10389 #!DATE 2012-03-01T13:46:47.187 #!ERROR [LDAP: error code 16 - NO_SUCH_ATTRIBUTE: failed for Add Request : ClientEntry dn: cn=accounting,ou=Groups,ou=rootOrg,o=sevenSeas objectClass: jetspeed-2-group objectClass: groupOfUniqueNames objectClass: top uid: accounting uniquemember: user,local,sublocal cn: accounting j2-classname: accounting : OID for name 'jetspeed-2-group' was not found within the OID registry] dn: cn=accounting,ou=Groups,ou=rootOrg,o=sevenSeas objectClass: jetspeed-2-group objectClass: groupOfUniqueNames objectClass: top cn: accounting j2-classname: accounting uid: accounting uniquemember: user,local,sublocal Can you explain how did you manage to load this file? Assume you did load jetspeed schema into apacheDS. How did you do it? I tried to manual create a user in the apacheDS, but login still fail. It did display my login information use as username, surname and such, but with fail message. Thanks Exposition Le Théâtre de la Huchette - jusqu'au 8 avril 2012 - BnF - François-Mitterrand Avant d'imprimer, pensez à l'environnement. --------------------------------------------------------------------- To unsubscribe, e-mail: jetspeed-user-unsubscribe@... For additional commands, e-mail: jetspeed-user-help@... |
| Free embeddable forum powered by Nabble | Forum Help |
