geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Phani Madgula <phanibalaji.madg...@gmail.com>
Subject Re: How to connect to LDAP server on Geronimo from an LDAP client?
Date Fri, 27 Jan 2006 11:13:45 GMT
Hi Hernan/Aaron

The following is the export of my LDAP entries. I could export using
JXplorer. I also used another LDAP client called LDAP Browser/Editor 2.8.2.

In the below LDAP export, there are two users balaji1, balaji2 whose
passwords are MD5 hashed.
Where as for other users, the passwords are stored PLAIN. So, with
balaji1/balaji2, I am getting "Userid/password wrong" message in the browser
while authenticating.

I am trying to find the answers for Aaron's questions. I will update soon.

version: 1
dn: ou=system
objectClass: organizationalUnit
objectClass: top
ou: system
userPassword:: e21kNX1JU012S1hwWHBhZERpVW9PU29BZnd3PT0=

dn: uid=admin,ou=system
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: top
cn: system administrator
displayName: Directory Superuser
sn: administrator
uid: admin
userPassword:: c2VjcmV0

dn: ou=users,ou=system
objectClass: organizationalUnit
objectClass: top
ou: users

dn: uid=system,ou=users,ou=system
objectclass: inetOrgPerson
objectclass: organizationalPerson
objectclass: person
objectclass: top
cn: John Doe
facsimiletelephonenumber: +1 408 555 5556
givenname: John
l: Las Vegas
mail: system@apachecon.comm
ou: People
ou: Human Resources
roomnumber: 4613
sn: Doe
telephonenumber: +1 408 555 5555
uid: system
userPassword:: bWFuYWdlcg==

dn: uid=user1,ou=users,ou=system
objectclass: inetOrgPerson
objectclass: organizationalPerson
objectclass: person
objectclass: top
cn: User
facsimiletelephonenumber: +1 408 555 5556
givenname: User1
l: Las Vegas
mail: user1@apachecon.comm
ou: People
ou: Human Resources
roomnumber: 4613
sn: One
telephonenumber: +1 408 555 5555
uid: user1
userPassword:: dXNlcjE=

dn: uid=user2,ou=users,ou=system
objectclass: inetOrgPerson
objectclass: organizationalPerson
objectclass: person
objectclass: top
cn: User
facsimiletelephonenumber: +1 408 555 5556
givenname: User2
l: Las Vegas
mail: user2@apachecon.comm
ou: People
ou: Human Resources
roomnumber: 4613
sn: Two
telephonenumber: +1 408 555 5555
uid: user2
userPassword:: dXNlcjI=

dn: uid=admin,ou=users,ou=system
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
cn: admin
sn: admin
uid: admin
userPassword:: YWRtaW4=

dn: uid=user3,ou=users,ou=system
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
cn: user3
sn: user3
uid: user3
userPassword:: dXNlcjM=

dn: uid=user4,ou=users,ou=system
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
cn: user4
sn: user4
uid: user4
userPassword:: dXNlcjQ=

dn: uid=phani1,ou=users,ou=system
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
cn: phani1
sn: phani1
uid: phani1
userPassword:: cGhhbmkx

dn: uid=balaji1,ou=users,ou=system
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
cn: balaji1
sn: balaji1
uid: balaji1
userPassword:: e21kNX1wRWdLL2ZSODZXQmlPU1FZYmdFQUpBPT0=

dn: uid=balaji2,ou=users,ou=system
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
cn: balaji2
sn: balaji2
uid: balaji2
userPassword:: e21kNX1zdXNnSkwybWx0V0ZrZlpWWjk3WnBBPT0=

dn: ou=groups,ou=system
objectClass: organizationalUnit
objectClass: top
ou: groups

dn: cn=admin,ou=groups,ou=system
objectClass: groupOfUniqueNames
cn: admin
uniqueMember: uid=system,ou=users,ou=system

dn: cn=guest,ou=groups,ou=system
objectClass: groupOfUniqueNames
cn: guest
uniqueMember: uid=user2,ou=users,ou=system
uniqueMember: uid=user1,ou=users,ou=system

dn: ou=configuration,ou=system
objectClass: organizationalUnit
objectClass: top
ou: configuration

dn: ou=partitions,ou=configuration,ou=system
objectClass: organizationalUnit
objectClass: top
ou: partitions

dn: ou=services,ou=configuration,ou=system
objectClass: organizationalUnit
objectClass: top
ou: services

dn: ou=interceptors,ou=configuration,ou=system
objectClass: organizationalUnit
objectClass: top
ou: interceptors

dn: prefNodeName=sysPrefRoot,ou=system
objectClass: extensibleObject
prefNodeName: sysPrefRoot

dn: uid=phani-users,ou=system
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
cn: user1
sn: user1
uid: phani-users


Thanks
phani





On 1/26/06, Hernan Cunico <hcunico@gmail.com> wrote:
>
> Hi Phani,
> Can you export an LDIF so we can see your LDAP conf? I think the problem
> may be there.
>
> So far I have been able to add new users and alter the groups with my
> other LDAP client. Jxplorer is
> giving me some problems while importing/updating from LDIFs.
>
> Can you summarize the steps you do for adding the user?
>
> Cheers!
> Hernan
>
> Phani Madgula wrote:
> > Hi Hernan,
> >
> > I am using AG1.0. I tried with other LDAP clients.
> > I observed that, some clients store passwords in SHA, by deafult.
> > The authentication is failing in either case [MD5 or SHA]
> >
> > Thanks
> > phani
> >
> >
> > On 1/25/06, *Hernan Cunico* <hcunico@gmail.com
> > <mailto:hcunico@gmail.com>> wrote:
> >
> >     Hi Phani,
> >     So far I am only getting this error while using Jxplorer. What other
> >     client have you tried?
> >
> >     Cheers!
> >     Hernan
> >
> >     Hernan Cunico wrote:
> >      >
> >      >> Hi Phani,
> >      >> sorry for the delay in the reply. I am having some issues too
> while
> >      >> validating the user.
> >      >> Maybe you arlready replied this in a previous note but, what
> >     version
> >      >> of Geronimo are you using?
> >      >>
> >      >> Cheers!
> >      >> Hernan
> >      >>
> >      >> Phani Madgula wrote:
> >      >>
> >      >>> Hi Hernan,
> >      >>>
> >      >>> Thanks for the link. It is quite helpful & informative.
> >      >>>
> >      >>> I did similar operations, as specified in my previous mail, by
> >      >>> deploying the sample application given in the article.  I added
> >     a new
> >      >>> user user3/pass123 in "ou=users, ou=system" in Directory
> >     server, and
> >      >>> in geronimo-web.xml I added the user3 in role mappings
> >      >>>
> >      >>>      <role-mappings>
> >      >>>             <role role-name="content-administrator">
> >      >>>                             <realm realm-name="ldap-realm">
> >      >>>
> >      >>> <principal
> >      >>>
> >     class="
> org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"
> >      >>>
> >      >>>               name="admin" designated-run-as="true"/>
> >      >>> <principal
> >      >>>
> >     class="
> org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"
> >      >>>
> >      >>>               name="system"/>
> >      >>> <principal
> >      >>>
> >     class="
> org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"
> >      >>>
> >      >>>               name="user3"/>
> >      >>>                               </realm>
> >      >>>                      </role>
> >      >>>
> >      >>>              <role role-name="guest">
> >      >>>                 <realm realm-name="ldap-realm">
> >      >>> <principal
> >      >>>
> >     class="
> org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal
> >      >>> "
> >      >>>                   name="guest" designated-run-as="true"/>
> >      >>> <principal
> >      >>>
> >     class="
> org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"
> >      >>>
> >      >>>                  name="user1"/>
> >      >>> <principal
> >      >>>
> >     class="
> org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"
> >      >>>
> >      >>>                   name="user2"/>
> >      >>>                 </realm>
> >      >>>             </role>
> >      >>>
> >      >>>         </role-mappings>
> >      >>>
> >      >>> I used Jxplorer LDAP client to create the new user users3. When
> I
> >      >>> provide password in PLAIN format which uses BASE64 encoding
> >     through
> >      >>> LDAP client, the application is authenticating successfully.
> When I
> >      >>> store it in MD5, the authentication is failing for user3.
> >      >>>
> >      >>> Any issue while using MD5 ?
> >      >>>
> >      >>> thanks
> >      >>> phani
> >      >>>
> >      >>> On 1/21/06, *Hernan Cunico* <hcunico@gmail.com
> >     <mailto:hcunico@gmail.com>
> >      >>> <mailto: hcunico@gmail.com <mailto:hcunico@gmail.com>>
> wrote:
> >      >>>
> >      >>>     Hi Phani,
> >      >>>     Here is an article that may help you configure LDAP
> >      >>>
> >      >>>
> >      >>>
> >
> http://opensource2.atlassian.com/confluence/oss/display/GERONIMO/Configuring+LDAP
> >      >>>
> >      >>>
> >      >>>     Cheers!
> >      >>>     Hernan
> >      >>>
> >      >>>     Phani Madgula wrote:
> >      >>>      > Hi
> >      >>>      >
> >      >>>      > I am facing a problem while connecting to LDAP server
> >     from an
> >      >>>     LDAP client.
> >      >>>      > I have installed Softerra LDAP browser and tried to
> >     connect to
> >      >>> LDAP
> >      >>>      > server running on Geronimo.
> >      >>>      >
> >      >>>      > I always get "Can not connect to the LDAP server : ERROR
> >     91".
> >      >>>      >
> >      >>>      > Any solution?
> >      >>>      >
> >      >>>      > thanks
> >      >>>      > phani
> >      >>>
> >      >>>
> >      >>
> >      >
> >
> >
>

Mime
View raw message