roller-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andreas Heizenreder <ahei...@googlemail.com>
Subject Re: LDAP Integration with Roller 4.0.1
Date Mon, 03 May 2010 20:37:30 GMT
Hello!

I found a solution for my problem. The cause of error message is the by
default used
org.apache.roller.weblogger.ui.core.security.AuthoritiesPopulator as
jdbcAuthoritiesPopulator. It tries before populating the Roller DB with LDAP
user data to make a lookup for this user in DB.

The solution is to use
org.acegisecurity.providers.ldap.populator.DefaultLdapAuthoritiesPopulator
as AuthoritiesPopulator:

    <bean id="ldapAuthProvider"
class="org.acegisecurity.providers.ldap.LdapAuthenticationProvider">
        <constructor-arg>
            <bean
class="org.acegisecurity.providers.ldap.authenticator.BindAuthenticator">
                <constructor-arg ref="initialDirContextFactory"/>
                <property name="userSearch" ref="ldapUserSearch"/>
            </bean>
        </constructor-arg>
    <!--    <constructor-arg ref="jdbcAuthoritiesPopulator"/>  -->
             <constructor-arg ref="ldapAuthoritiesPopulator"/>
        <property name="userCache" ref="userCache"/>
    </bean>

        <bean id="ldapAuthoritiesPopulator"
class="org.acegisecurity.providers.ldap.populator.DefaultLdapAuthoritiesPopulator">
           <constructor-arg><ref
local="initialDirContextFactory"/></constructor-arg>
           <constructor-arg value="ou=groups" />
       <property name="groupRoleAttribute" value="ou" />
       <property name="rolePrefix" value=""/>
       <property name="convertToUpperCase" value="false"/>
        </bean>

Very important is also to set property "convertToUpperCase" to "false" to
avoid settings group names to upper case.
All user, who have to be able to login to Roller by their LDAP credentials
have to be added in LDAP to "register" and "editor"/"admin" groups.

Also the line

        /roller-ui/user.do*=register

have to be uncommented in "filterInvocationInterceptor".

In roller-custom.properties I also have to add follow configurations:

      users.sso.registry.ldap.attributes.screenname=cn
      # create LDAP authenticated user automatically in roller
      users.sso.autoProvision.enabled=true

And the biggest change was the Source change in
org.apache.roller.weblogger.ui.core.security.CustomUserRegistry.java:90.
This line have to be uncommented to avoid NullPointerExceptions by creation
process of LDAP User in Roller DB. And after new build of Roller from
changed source all started workig as it have to be.

I hope my notes will you to integrate your Roller instance to LDAP.

Andreas

2010/4/22 Andreas Heizenreder <aheizen@googlemail.com>

> Hello!
>
> I am trying to integrate my Roller installation to Apache Directory Server
> as described under
> https://cwiki.apache.org/confluence/display/ROLLER/Roller+4.0+with+LDAP+and+CAS.
> And it works so long, as a user is present in both systems Roller and ADS.
> If a user from ADS not created in Roller tried to log in, it comes to an
> error "ERROR no user: ..." :
>
> DEBUG 2010-04-22 12:02:15,611 LdapAuthenticationProvider:retrieveUser -
> Retrieving user admin
> DEBUG 2010-04-22 12:02:15,611 DefaultInitialDirContextFactory:connect -
> Creating InitialDirContext with environment
> {java.naming.provider.url=ldap://localhost:10389/dc=example,dc=com,
> java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
> java.naming.security.principal=uid=admin,ou=system,
> com.sun.jndi.ldap.connect.pool=true,
> java.naming.security.authentication=simple,
> java.naming.security.credentials=******}
> DEBUG 2010-04-22 12:02:15,627 FilterBasedLdapUserSearch:searchForUser -
> Searching for user 'admin', in context
> javax.naming.directory.InitialDirContext@10936a1, with user search [
> searchFilter: 'uid={0}', searchBase: '', scope: subtreesearchTimeLimit:
> 0derefLinkFlag: false ]
> DEBUG 2010-04-22 12:02:15,642 DefaultInitialDirContextFactory:connect -
> Creating InitialDirContext with environment
> {java.naming.provider.url=ldap://localhost:10389/dc=example,dc=com,
> java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
> java.naming.security.principal=uid=admin,ou=system,
> com.sun.jndi.ldap.connect.pool=true,
> java.naming.security.authentication=simple,
> java.naming.security.credentials=******}
> DEBUG 2010-04-22 12:02:15,658 DefaultInitialDirContextFactory:connect -
> Creating InitialDirContext with environment
> {java.naming.provider.url=ldap://localhost:10389/dc=example,dc=com,
> java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
> java.naming.security.principal=uid=admin,ou=People,dc=example,dc=com,
> java.naming.security.authentication=simple,
> java.naming.security.credentials=******}
> WARN  2010-04-22 12:02:15,689 LoggerListener:onApplicationEvent -
> Authentication event AuthenticationFailureServiceExceptionEvent: admin;
> details: org.acegisecurity.ui.WebAuthenticationDetails@12afc:
> RemoteIpAddress: 127.0.0.1; SessionId: D09264A777DF96F742E0A6A16F52415D;
> exception: ERROR no user: admin; nested exception is
> org.acegisecurity.ldap.LdapDataAccessException: ERROR no user: admin
>
> I configure all setting from Tutorial and also tried the settings from
> http://mail-archives.apache.org/mod_mbox/roller-user/200908.mbox/%3C8fb9ac720908281403n5eae6602x1fe116f266f689e@mail.gmail.com%3E
>
> My installation parameters:
> - Apache Roller 4.0.1
> - Apache Directory Server 1.5.6
> - Apache Tomcat 6.0.26
> - MySQL 5.0.67
>
> Thanks,
> Andreas
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message