You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-user@portals.apache.org by david malkin <dm...@gmail.com> on 2006/03/09 20:07:03 UTC
LDAP Help
I am having dificulty setting up LDAP on Jetspeed2. Here are the
details of my situation.
1. Using Novell NDS
2. Installed binany "Jetspeed2.0-MultiDb-install.jar"
3. Copied "security-spi-ldap-atn.xml" to
"$CATALINA_HOME/webapps/jetspeed/WEB-INF/assembly"
4. Copied "security-spi-ldap.xml" to
"$CATALINA_HOME/webapps/jetspeed/WEB-INF/assembly"
5. Populated "security-spi-ldap.xml" with the following LDAP settings
-- Arg1 (IP Address of LDAP server) = 10.60.XX.YY
-- Arg2 (LDAP Port) = 389
-- Arg3 (DN suffix) - left blank
-- Arg4 (Root context) = o=svcs
-- Arg5 (Root DN) = cn=admin,o=svcs
-- Arg6 (Root Password = BlahBlah
-- Arg7 (Users org unit) = svcs
-- Arg8 (Groups Org Unit) = rcsc
-- Arg9 (Roles Org Unit) - removed this due to error message while starting up
6. Removed "security-spi-atn.xml" from
"$CATALINA_HOME/webapps/jetspeed/WEB-INF/assembly"
7. Installed "JXplorer_LDAP_Browser" LDAP client and was able to
connect and browse around using the credentials specified above
8. Started up tomcat
9. No errors, stack traces, or messages about LDAP were found in
"$CATALINA_HOME/logs/catalina.out"
10. No errors or stack traces were found in
"$CATALINA_HOME/webapps/jetspeed/logs/jetspeed.log"
11. "$CATALINA_HOME/webapps/jetspeed/logs/jetspeed.log" did display
the following message during startup
"2006-03-09 09:33:06,792 [Main Thread] WARN
org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig - The
LDAP directory should already be initialized. If this is not the
case, an exceptionoccured during initialization."
12. With browser, go to "http://~MY_HOST~:8080/jetspeed
13. Fill in Login Portlet with user name = "admin" and password = "BlahBlah"
14. Click Login button
15. "Invalid username" message returned in Login Portlet
So, does anyone have any suggestions?
Thanks,
David Malkin
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-user-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-user-help@portals.apache.org
Re: LDAP Help
Posted by david malkin <dm...@gmail.com>.
Aaron
Yes, I see what you mean. The source code for the ring DAOs doesn't
look too bad at all. I should be easy enough to write my own.
Thanks for all of your help.
David Malkin
On 3/9/06, Aaron Evans <aa...@gmail.com> wrote:
> Right, essentially, you are going to have either modify the existing LDAP
> based SPI components or write your own. It is not that bad to write your
> own if you use the existing ones as reference.
>
> The security-atn.xml references the existing implementations and the
> interfaces they implement (
> org.apache.jetspeed.security.spi.UserSecurityHandler and possibly
> org.apache.jetspeed.security.spi.CredentialHandler if your passwords are
> handled differently).
>
> I think you should be able to modify the existing LDAP ones mostly by
> modifying the spring LDAP data access objects.
>
> Since I am not familiar with spring DAO and I have my own data access layer
> for accessing LDAP, I just implemented my own. It wasn't that bad because I
> used the existing LDAP ones as a guide. In fact, I also implemented the
> interfaces in security-atz.xml (roles, groups and mappings to users) as
> well.
>
> For jetspeed related documentation, start here:
> http://portals.apache.org/jetspeed-2/guides/guide-security.html
>
> HTH,
> aaron
>
>
> On 3/9/06, david malkin <dm...@gmail.com> wrote:
> >
> > Aaron
> >
> > We are, in fact, looking to use an existing schema. Where should I
> > start looking for information about making the necessary
> > customizations?
> >
> > Thanks
> > David Malkin
> >
> > On 3/9/06, Aaron Evans <aa...@gmail.com> wrote:
> > > Firstly, the user you connect with to LDAP is admin/BlahBlah, but this
> > may
> > > or may not be a valid J2 user. Did you populate your directory with the
> > J2
> > > LDAP schema and sample data?
> > >
> > > By default, the authentication will be looking for users of object class
> > > j2-user I believe.
> > >
> > > If you are looking to use an existing schema, you have some
> > customization
> > > work to do...
> > >
> > > On 3/9/06, david malkin <dm...@gmail.com> wrote:
> > > >
> > > > I am having dificulty setting up LDAP on Jetspeed2. Here are the
> > > > details of my situation.
> > > > 1. Using Novell NDS
> > > > 2. Installed binany "Jetspeed2.0-MultiDb-install.jar"
> > > > 3. Copied "security-spi-ldap-atn.xml" to
> > > > "$CATALINA_HOME/webapps/jetspeed/WEB-INF/assembly"
> > > > 4. Copied "security-spi-ldap.xml" to
> > > > "$CATALINA_HOME/webapps/jetspeed/WEB-INF/assembly"
> > > > 5. Populated "security-spi-ldap.xml" with the following LDAP settings
> > > > -- Arg1 (IP Address of LDAP server) = 10.60.XX.YY
> > > > -- Arg2 (LDAP Port) = 389
> > > > -- Arg3 (DN suffix) - left blank
> > > > -- Arg4 (Root context) = o=svcs
> > > > -- Arg5 (Root DN) = cn=admin,o=svcs
> > > > -- Arg6 (Root Password = BlahBlah
> > > > -- Arg7 (Users org unit) = svcs
> > > > -- Arg8 (Groups Org Unit) = rcsc
> > > > -- Arg9 (Roles Org Unit) - removed this due to error message while
> > > > starting up
> > > > 6. Removed "security-spi-atn.xml" from
> > > > "$CATALINA_HOME/webapps/jetspeed/WEB-INF/assembly"
> > > > 7. Installed "JXplorer_LDAP_Browser" LDAP client and was able to
> > > > connect and browse around using the credentials specified above
> > > > 8. Started up tomcat
> > > > 9. No errors, stack traces, or messages about LDAP were found in
> > > > "$CATALINA_HOME/logs/catalina.out"
> > > > 10. No errors or stack traces were found in
> > > > "$CATALINA_HOME/webapps/jetspeed/logs/jetspeed.log"
> > > > 11. "$CATALINA_HOME/webapps/jetspeed/logs/jetspeed.log" did display
> > > > the following message during startup
> > > > "2006-03-09 09:33:06,792 [Main Thread] WARN
> > > > org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig - The
> > > > LDAP directory should already be initialized. If this is not the
> > > > case, an exceptionoccured during initialization."
> > > > 12. With browser, go to "http://~MY_HOST~:8080/jetspeed
> > > > 13. Fill in Login Portlet with user name = "admin" and password =
> > > > "BlahBlah"
> > > > 14. Click Login button
> > > > 15. "Invalid username" message returned in Login Portlet
> > > >
> > > > So, does anyone have any suggestions?
> > > >
> > > > Thanks,
> > > > David Malkin
> > > >
> > > > ---------------------------------------------------------------------
> > > > To unsubscribe, e-mail: jetspeed-user-unsubscribe@portals.apache.org
> > > > For additional commands, e-mail: jetspeed-user-help@portals.apache.org
> > > >
> > > >
> > >
> > >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: jetspeed-user-unsubscribe@portals.apache.org
> > For additional commands, e-mail: jetspeed-user-help@portals.apache.org
> >
> >
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-user-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-user-help@portals.apache.org
Re: LDAP Help
Posted by Aaron Evans <aa...@gmail.com>.
Right, essentially, you are going to have either modify the existing LDAP
based SPI components or write your own. It is not that bad to write your
own if you use the existing ones as reference.
The security-atn.xml references the existing implementations and the
interfaces they implement (
org.apache.jetspeed.security.spi.UserSecurityHandler and possibly
org.apache.jetspeed.security.spi.CredentialHandler if your passwords are
handled differently).
I think you should be able to modify the existing LDAP ones mostly by
modifying the spring LDAP data access objects.
Since I am not familiar with spring DAO and I have my own data access layer
for accessing LDAP, I just implemented my own. It wasn't that bad because I
used the existing LDAP ones as a guide. In fact, I also implemented the
interfaces in security-atz.xml (roles, groups and mappings to users) as
well.
For jetspeed related documentation, start here:
http://portals.apache.org/jetspeed-2/guides/guide-security.html
HTH,
aaron
On 3/9/06, david malkin <dm...@gmail.com> wrote:
>
> Aaron
>
> We are, in fact, looking to use an existing schema. Where should I
> start looking for information about making the necessary
> customizations?
>
> Thanks
> David Malkin
>
> On 3/9/06, Aaron Evans <aa...@gmail.com> wrote:
> > Firstly, the user you connect with to LDAP is admin/BlahBlah, but this
> may
> > or may not be a valid J2 user. Did you populate your directory with the
> J2
> > LDAP schema and sample data?
> >
> > By default, the authentication will be looking for users of object class
> > j2-user I believe.
> >
> > If you are looking to use an existing schema, you have some
> customization
> > work to do...
> >
> > On 3/9/06, david malkin <dm...@gmail.com> wrote:
> > >
> > > I am having dificulty setting up LDAP on Jetspeed2. Here are the
> > > details of my situation.
> > > 1. Using Novell NDS
> > > 2. Installed binany "Jetspeed2.0-MultiDb-install.jar"
> > > 3. Copied "security-spi-ldap-atn.xml" to
> > > "$CATALINA_HOME/webapps/jetspeed/WEB-INF/assembly"
> > > 4. Copied "security-spi-ldap.xml" to
> > > "$CATALINA_HOME/webapps/jetspeed/WEB-INF/assembly"
> > > 5. Populated "security-spi-ldap.xml" with the following LDAP settings
> > > -- Arg1 (IP Address of LDAP server) = 10.60.XX.YY
> > > -- Arg2 (LDAP Port) = 389
> > > -- Arg3 (DN suffix) - left blank
> > > -- Arg4 (Root context) = o=svcs
> > > -- Arg5 (Root DN) = cn=admin,o=svcs
> > > -- Arg6 (Root Password = BlahBlah
> > > -- Arg7 (Users org unit) = svcs
> > > -- Arg8 (Groups Org Unit) = rcsc
> > > -- Arg9 (Roles Org Unit) - removed this due to error message while
> > > starting up
> > > 6. Removed "security-spi-atn.xml" from
> > > "$CATALINA_HOME/webapps/jetspeed/WEB-INF/assembly"
> > > 7. Installed "JXplorer_LDAP_Browser" LDAP client and was able to
> > > connect and browse around using the credentials specified above
> > > 8. Started up tomcat
> > > 9. No errors, stack traces, or messages about LDAP were found in
> > > "$CATALINA_HOME/logs/catalina.out"
> > > 10. No errors or stack traces were found in
> > > "$CATALINA_HOME/webapps/jetspeed/logs/jetspeed.log"
> > > 11. "$CATALINA_HOME/webapps/jetspeed/logs/jetspeed.log" did display
> > > the following message during startup
> > > "2006-03-09 09:33:06,792 [Main Thread] WARN
> > > org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig - The
> > > LDAP directory should already be initialized. If this is not the
> > > case, an exceptionoccured during initialization."
> > > 12. With browser, go to "http://~MY_HOST~:8080/jetspeed
> > > 13. Fill in Login Portlet with user name = "admin" and password =
> > > "BlahBlah"
> > > 14. Click Login button
> > > 15. "Invalid username" message returned in Login Portlet
> > >
> > > So, does anyone have any suggestions?
> > >
> > > Thanks,
> > > David Malkin
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: jetspeed-user-unsubscribe@portals.apache.org
> > > For additional commands, e-mail: jetspeed-user-help@portals.apache.org
> > >
> > >
> >
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jetspeed-user-unsubscribe@portals.apache.org
> For additional commands, e-mail: jetspeed-user-help@portals.apache.org
>
>
Re: LDAP Help
Posted by david malkin <dm...@gmail.com>.
Aaron
We are, in fact, looking to use an existing schema. Where should I
start looking for information about making the necessary
customizations?
Thanks
David Malkin
On 3/9/06, Aaron Evans <aa...@gmail.com> wrote:
> Firstly, the user you connect with to LDAP is admin/BlahBlah, but this may
> or may not be a valid J2 user. Did you populate your directory with the J2
> LDAP schema and sample data?
>
> By default, the authentication will be looking for users of object class
> j2-user I believe.
>
> If you are looking to use an existing schema, you have some customization
> work to do...
>
> On 3/9/06, david malkin <dm...@gmail.com> wrote:
> >
> > I am having dificulty setting up LDAP on Jetspeed2. Here are the
> > details of my situation.
> > 1. Using Novell NDS
> > 2. Installed binany "Jetspeed2.0-MultiDb-install.jar"
> > 3. Copied "security-spi-ldap-atn.xml" to
> > "$CATALINA_HOME/webapps/jetspeed/WEB-INF/assembly"
> > 4. Copied "security-spi-ldap.xml" to
> > "$CATALINA_HOME/webapps/jetspeed/WEB-INF/assembly"
> > 5. Populated "security-spi-ldap.xml" with the following LDAP settings
> > -- Arg1 (IP Address of LDAP server) = 10.60.XX.YY
> > -- Arg2 (LDAP Port) = 389
> > -- Arg3 (DN suffix) - left blank
> > -- Arg4 (Root context) = o=svcs
> > -- Arg5 (Root DN) = cn=admin,o=svcs
> > -- Arg6 (Root Password = BlahBlah
> > -- Arg7 (Users org unit) = svcs
> > -- Arg8 (Groups Org Unit) = rcsc
> > -- Arg9 (Roles Org Unit) - removed this due to error message while
> > starting up
> > 6. Removed "security-spi-atn.xml" from
> > "$CATALINA_HOME/webapps/jetspeed/WEB-INF/assembly"
> > 7. Installed "JXplorer_LDAP_Browser" LDAP client and was able to
> > connect and browse around using the credentials specified above
> > 8. Started up tomcat
> > 9. No errors, stack traces, or messages about LDAP were found in
> > "$CATALINA_HOME/logs/catalina.out"
> > 10. No errors or stack traces were found in
> > "$CATALINA_HOME/webapps/jetspeed/logs/jetspeed.log"
> > 11. "$CATALINA_HOME/webapps/jetspeed/logs/jetspeed.log" did display
> > the following message during startup
> > "2006-03-09 09:33:06,792 [Main Thread] WARN
> > org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig - The
> > LDAP directory should already be initialized. If this is not the
> > case, an exceptionoccured during initialization."
> > 12. With browser, go to "http://~MY_HOST~:8080/jetspeed
> > 13. Fill in Login Portlet with user name = "admin" and password =
> > "BlahBlah"
> > 14. Click Login button
> > 15. "Invalid username" message returned in Login Portlet
> >
> > So, does anyone have any suggestions?
> >
> > Thanks,
> > David Malkin
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: jetspeed-user-unsubscribe@portals.apache.org
> > For additional commands, e-mail: jetspeed-user-help@portals.apache.org
> >
> >
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-user-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-user-help@portals.apache.org
Re: LDAP Help
Posted by Aaron Evans <aa...@gmail.com>.
Firstly, the user you connect with to LDAP is admin/BlahBlah, but this may
or may not be a valid J2 user. Did you populate your directory with the J2
LDAP schema and sample data?
By default, the authentication will be looking for users of object class
j2-user I believe.
If you are looking to use an existing schema, you have some customization
work to do...
On 3/9/06, david malkin <dm...@gmail.com> wrote:
>
> I am having dificulty setting up LDAP on Jetspeed2. Here are the
> details of my situation.
> 1. Using Novell NDS
> 2. Installed binany "Jetspeed2.0-MultiDb-install.jar"
> 3. Copied "security-spi-ldap-atn.xml" to
> "$CATALINA_HOME/webapps/jetspeed/WEB-INF/assembly"
> 4. Copied "security-spi-ldap.xml" to
> "$CATALINA_HOME/webapps/jetspeed/WEB-INF/assembly"
> 5. Populated "security-spi-ldap.xml" with the following LDAP settings
> -- Arg1 (IP Address of LDAP server) = 10.60.XX.YY
> -- Arg2 (LDAP Port) = 389
> -- Arg3 (DN suffix) - left blank
> -- Arg4 (Root context) = o=svcs
> -- Arg5 (Root DN) = cn=admin,o=svcs
> -- Arg6 (Root Password = BlahBlah
> -- Arg7 (Users org unit) = svcs
> -- Arg8 (Groups Org Unit) = rcsc
> -- Arg9 (Roles Org Unit) - removed this due to error message while
> starting up
> 6. Removed "security-spi-atn.xml" from
> "$CATALINA_HOME/webapps/jetspeed/WEB-INF/assembly"
> 7. Installed "JXplorer_LDAP_Browser" LDAP client and was able to
> connect and browse around using the credentials specified above
> 8. Started up tomcat
> 9. No errors, stack traces, or messages about LDAP were found in
> "$CATALINA_HOME/logs/catalina.out"
> 10. No errors or stack traces were found in
> "$CATALINA_HOME/webapps/jetspeed/logs/jetspeed.log"
> 11. "$CATALINA_HOME/webapps/jetspeed/logs/jetspeed.log" did display
> the following message during startup
> "2006-03-09 09:33:06,792 [Main Thread] WARN
> org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig - The
> LDAP directory should already be initialized. If this is not the
> case, an exceptionoccured during initialization."
> 12. With browser, go to "http://~MY_HOST~:8080/jetspeed
> 13. Fill in Login Portlet with user name = "admin" and password =
> "BlahBlah"
> 14. Click Login button
> 15. "Invalid username" message returned in Login Portlet
>
> So, does anyone have any suggestions?
>
> Thanks,
> David Malkin
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jetspeed-user-unsubscribe@portals.apache.org
> For additional commands, e-mail: jetspeed-user-help@portals.apache.org
>
>