You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@roller.apache.org by leofreesand <yu...@hotmail.com> on 2014/01/26 15:36:18 UTC
How to enable LDAP authentication for Roller 5?
I want to enable LDAP user authentication for Roller 5.0.3. There are some relating tutorials for Roller 4 but seems not working on the new spring security framework. I find some spring security 2 configuration examples, trying to figure it out with no success. Hoping someone will help me...
this is my progress so far: I'm using an openldap server with some testing account and added some properties in roller custom setting file:users.sso.enabled=trueusers.sso.autoProvision.enabled=trueusers.sso.registry.ldap.attributes.name=uidusers.sso.registry.ldap.attributes.screenname=cn
then I modified the security.xml: <beans:bean id="contextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource"> <beans:constructor-arg value="ldap://localhost:389/dc=test,dc=com" /> <beans:property name="userDn" value="cn=Manager,dc=test,dc=com" /> <beans:property name="password" value="111111" /> </beans:bean> <beans:bean id="ldapAuthProvider" class="org.springframework.security.providers.ldap.LdapAuthenticationProvider"> <custom-authentication-provider /> <beans:constructor-arg> <beans:bean class="org.springframework.security.providers.ldap.authenticator.BindAuthenticator"> <beans:constructor-arg ref="contextSource" /> <beans:property name="userSearch" ref="userSearch" /> </beans:bean> </beans:constructor-arg> <beans:constructor-arg> <beans:bean class="org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator"> <beans:constructor-arg ref="contextSource" /> <beans:constructor-arg value="ou=Tester" /> <beans:property name="searchSubtree" value="false" /> <beans:property name="defaultRole" value="register" /> <beans:property name="convertToUpperCase" value="false" /> <beans:property name="groupRoleAttribute" value=""/> <beans:property name="rolePrefix" value="" /> </beans:bean> </beans:constructor-arg> </beans:bean> <beans:bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch"> <beans:constructor-arg index="0" value="" /> <beans:constructor-arg index="1" value="(uid={0})" /> <beans:constructor-arg index="2" ref="contextSource" /> <beans:property name="searchSubtree" value="true" /> </beans:bean>
(Deploying roller with this configuration will get error message "java.lang.NoClassDefFoundError: com.sun.jndi.ldap.ctl.ResponseControlFactory", I found a solution at http://www.chrissearle.org/2007/08/30/spring-ldap_and_NoClassDefFoundError_com_sun_jndi_ldap_ctl_ResponseControlFactory/)
Now when using ldap username/password the page will jump to roller_j_security_check and display following error message: 500Filter execution threw an exceptionRoller has encountered and logged an unexpected exception.
Using a wrong password will get the same error message, If entering a non-existed username/password roller will display "Wrong username and password combination".
There are relating search messages in openldap.log, maybe I just need some tweak to fix the problem? Does anyone have any suggestions for solutions? thanks in advance.