roller-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From leofreesand <yuqi...@hotmail.com>
Subject How to enable LDAP authentication for Roller 5?‏‏
Date Sun, 26 Jan 2014 14:45:58 GMT
I want to enable LDAP user authentication
for Roller 5.0.3. There are some relating tutorials for Roller 4 but seems not
working on the new spring security framework. I find some spring security 2
configuration examples, trying to figure it out with no success. Hoping someone
will help me...

this is my progress so far: I'm using an
openldap server with some testing account and added some properties in roller
custom setting file:

users.sso.enabled=true

users.sso.autoProvision.enabled=true

users.sso.registry.ldap.attributes.name=uid

users.sso.registry.ldap.attributes.screenname=cn

 

then I modified the security.xml:

    <beans:bean id="contextSource"
class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">

        <beans:constructor-arg
value="ldap://localhost:389/dc=test,dc=com" />

        <beans:property
name="userDn" value="cn=Manager,dc=test,dc=com" />

        <beans:property
name="password" value="111111" />

    </beans:bean>

    <beans:bean
id="ldapAuthProvider" class="org.springframework.security.providers.ldap.LdapAuthenticationProvider">

        <custom-authentication-provider
/>

        <beans:constructor-arg>

            <beans:bean
class="org.springframework.security.providers.ldap.authenticator.BindAuthenticator">

                <beans:constructor-arg
ref="contextSource" />

                <beans:property
name="userSearch" ref="userSearch" />

            </beans:bean>

        </beans:constructor-arg>

        <beans:constructor-arg>

            <beans:bean class="org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator">

                <beans:constructor-arg
ref="contextSource" />

                <beans:constructor-arg
value="ou=Tester" />

                <beans:property
name="searchSubtree" value="false" />

                <beans:property
name="defaultRole" value="register" />

                <beans:property
name="convertToUpperCase" value="false" />

                <beans:property
name="groupRoleAttribute" value=""/>

                <beans:property
name="rolePrefix" value="" />

            </beans:bean>

        </beans:constructor-arg>

    </beans:bean>

    <beans:bean id="userSearch"
class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">

        <beans:constructor-arg
index="0" value="" />

        <beans:constructor-arg
index="1" value="(uid={0})" />

        <beans:constructor-arg
index="2" ref="contextSource" />

        <beans:property
name="searchSubtree" value="true" />

    </beans:bean>

 

(Deploying roller with this configuration
will get error message "java.lang.NoClassDefFoundError:
com.sun.jndi.ldap.ctl.ResponseControlFactory", I found a solution at
http://www.chrissearle.org/2007/08/30/spring-ldap_and_NoClassDefFoundError_com_sun_jndi_ldap_ctl_ResponseControlFactory/)

 

Now when using ldap username/password the
page will jump to roller_j_security_check and display following error message: 

500

Filter execution
threw an exception

Roller has
encountered and logged an unexpected exception.

 

Using a wrong password will get the same
error message, If entering a non-existed username/password roller will display
"Wrong username and password combination".

There are relating search messages in
openldap.log, maybe I just need some tweak to fix the problem? Does anyone have
any suggestions for solutions? thanks in advance. 		 	   		  
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message