You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@roller.apache.org by Andreas Heizenreder <ah...@googlemail.com> on 2010/04/22 15:33:06 UTC
LDAP Integration with Roller 4.0.1
Hello!
I am trying to integrate my Roller installation to Apache Directory Server
as described under
https://cwiki.apache.org/confluence/display/ROLLER/Roller+4.0+with+LDAP+and+CAS.
And it works so long, as a user is present in both systems Roller and ADS.
If a user from ADS not created in Roller tried to log in, it comes to an
error "ERROR no user: ..." :
DEBUG 2010-04-22 12:02:15,611 LdapAuthenticationProvider:retrieveUser -
Retrieving user admin
DEBUG 2010-04-22 12:02:15,611 DefaultInitialDirContextFactory:connect -
Creating InitialDirContext with environment
{java.naming.provider.url=ldap://localhost:10389/dc=example,dc=com,
java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
java.naming.security.principal=uid=admin,ou=system,
com.sun.jndi.ldap.connect.pool=true,
java.naming.security.authentication=simple,
java.naming.security.credentials=******}
DEBUG 2010-04-22 12:02:15,627 FilterBasedLdapUserSearch:searchForUser -
Searching for user 'admin', in context
javax.naming.directory.InitialDirContext@10936a1, with user search [
searchFilter: 'uid={0}', searchBase: '', scope: subtreesearchTimeLimit:
0derefLinkFlag: false ]
DEBUG 2010-04-22 12:02:15,642 DefaultInitialDirContextFactory:connect -
Creating InitialDirContext with environment
{java.naming.provider.url=ldap://localhost:10389/dc=example,dc=com,
java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
java.naming.security.principal=uid=admin,ou=system,
com.sun.jndi.ldap.connect.pool=true,
java.naming.security.authentication=simple,
java.naming.security.credentials=******}
DEBUG 2010-04-22 12:02:15,658 DefaultInitialDirContextFactory:connect -
Creating InitialDirContext with environment
{java.naming.provider.url=ldap://localhost:10389/dc=example,dc=com,
java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
java.naming.security.principal=uid=admin,ou=People,dc=example,dc=com,
java.naming.security.authentication=simple,
java.naming.security.credentials=******}
WARN 2010-04-22 12:02:15,689 LoggerListener:onApplicationEvent -
Authentication event AuthenticationFailureServiceExceptionEvent: admin;
details: org.acegisecurity.ui.WebAuthenticationDetails@12afc:
RemoteIpAddress: 127.0.0.1; SessionId: D09264A777DF96F742E0A6A16F52415D;
exception: ERROR no user: admin; nested exception is
org.acegisecurity.ldap.LdapDataAccessException: ERROR no user: admin
I configure all setting from Tutorial and also tried the settings from
http://mail-archives.apache.org/mod_mbox/roller-user/200908.mbox/%3C8fb9ac720908281403n5eae6602x1fe116f266f689e@mail.gmail.com%3E
My installation parameters:
- Apache Roller 4.0.1
- Apache Directory Server 1.5.6
- Apache Tomcat 6.0.26
- MySQL 5.0.67
Thanks,
Andreas
Re: LDAP Integration with Roller 4.0.1
Posted by Dave <sn...@gmail.com>.
Andreas,
Thank you very much for sharing your notes here and on the Roller wiki!
- Dave
On Mon, May 3, 2010 at 4:37 PM, Andreas Heizenreder
<ah...@googlemail.com> wrote:
> Hello!
>
> I found a solution for my problem. The cause of error message is the by
> default used
> org.apache.roller.weblogger.ui.core.security.AuthoritiesPopulator as
> jdbcAuthoritiesPopulator. It tries before populating the Roller DB with LDAP
> user data to make a lookup for this user in DB.
>
> The solution is to use
> org.acegisecurity.providers.ldap.populator.DefaultLdapAuthoritiesPopulator
> as AuthoritiesPopulator:
>
> <bean id="ldapAuthProvider"
> class="org.acegisecurity.providers.ldap.LdapAuthenticationProvider">
> <constructor-arg>
> <bean
> class="org.acegisecurity.providers.ldap.authenticator.BindAuthenticator">
> <constructor-arg ref="initialDirContextFactory"/>
> <property name="userSearch" ref="ldapUserSearch"/>
> </bean>
> </constructor-arg>
> <!-- <constructor-arg ref="jdbcAuthoritiesPopulator"/> -->
> <constructor-arg ref="ldapAuthoritiesPopulator"/>
> <property name="userCache" ref="userCache"/>
> </bean>
>
> <bean id="ldapAuthoritiesPopulator"
> class="org.acegisecurity.providers.ldap.populator.DefaultLdapAuthoritiesPopulator">
> <constructor-arg><ref
> local="initialDirContextFactory"/></constructor-arg>
> <constructor-arg value="ou=groups" />
> <property name="groupRoleAttribute" value="ou" />
> <property name="rolePrefix" value=""/>
> <property name="convertToUpperCase" value="false"/>
> </bean>
>
> Very important is also to set property "convertToUpperCase" to "false" to
> avoid settings group names to upper case.
> All user, who have to be able to login to Roller by their LDAP credentials
> have to be added in LDAP to "register" and "editor"/"admin" groups.
>
> Also the line
>
> /roller-ui/user.do*=register
>
> have to be uncommented in "filterInvocationInterceptor".
>
> In roller-custom.properties I also have to add follow configurations:
>
> users.sso.registry.ldap.attributes.screenname=cn
> # create LDAP authenticated user automatically in roller
> users.sso.autoProvision.enabled=true
>
> And the biggest change was the Source change in
> org.apache.roller.weblogger.ui.core.security.CustomUserRegistry.java:90.
> This line have to be uncommented to avoid NullPointerExceptions by creation
> process of LDAP User in Roller DB. And after new build of Roller from
> changed source all started workig as it have to be.
>
> I hope my notes will you to integrate your Roller instance to LDAP.
>
> Andreas
>
> 2010/4/22 Andreas Heizenreder <ah...@googlemail.com>
>
>> Hello!
>>
>> I am trying to integrate my Roller installation to Apache Directory Server
>> as described under
>> https://cwiki.apache.org/confluence/display/ROLLER/Roller+4.0+with+LDAP+and+CAS.
>> And it works so long, as a user is present in both systems Roller and ADS.
>> If a user from ADS not created in Roller tried to log in, it comes to an
>> error "ERROR no user: ..." :
>>
>> DEBUG 2010-04-22 12:02:15,611 LdapAuthenticationProvider:retrieveUser -
>> Retrieving user admin
>> DEBUG 2010-04-22 12:02:15,611 DefaultInitialDirContextFactory:connect -
>> Creating InitialDirContext with environment
>> {java.naming.provider.url=ldap://localhost:10389/dc=example,dc=com,
>> java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
>> java.naming.security.principal=uid=admin,ou=system,
>> com.sun.jndi.ldap.connect.pool=true,
>> java.naming.security.authentication=simple,
>> java.naming.security.credentials=******}
>> DEBUG 2010-04-22 12:02:15,627 FilterBasedLdapUserSearch:searchForUser -
>> Searching for user 'admin', in context
>> javax.naming.directory.InitialDirContext@10936a1, with user search [
>> searchFilter: 'uid={0}', searchBase: '', scope: subtreesearchTimeLimit:
>> 0derefLinkFlag: false ]
>> DEBUG 2010-04-22 12:02:15,642 DefaultInitialDirContextFactory:connect -
>> Creating InitialDirContext with environment
>> {java.naming.provider.url=ldap://localhost:10389/dc=example,dc=com,
>> java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
>> java.naming.security.principal=uid=admin,ou=system,
>> com.sun.jndi.ldap.connect.pool=true,
>> java.naming.security.authentication=simple,
>> java.naming.security.credentials=******}
>> DEBUG 2010-04-22 12:02:15,658 DefaultInitialDirContextFactory:connect -
>> Creating InitialDirContext with environment
>> {java.naming.provider.url=ldap://localhost:10389/dc=example,dc=com,
>> java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
>> java.naming.security.principal=uid=admin,ou=People,dc=example,dc=com,
>> java.naming.security.authentication=simple,
>> java.naming.security.credentials=******}
>> WARN 2010-04-22 12:02:15,689 LoggerListener:onApplicationEvent -
>> Authentication event AuthenticationFailureServiceExceptionEvent: admin;
>> details: org.acegisecurity.ui.WebAuthenticationDetails@12afc:
>> RemoteIpAddress: 127.0.0.1; SessionId: D09264A777DF96F742E0A6A16F52415D;
>> exception: ERROR no user: admin; nested exception is
>> org.acegisecurity.ldap.LdapDataAccessException: ERROR no user: admin
>>
>> I configure all setting from Tutorial and also tried the settings from
>> http://mail-archives.apache.org/mod_mbox/roller-user/200908.mbox/%3C8fb9ac720908281403n5eae6602x1fe116f266f689e@mail.gmail.com%3E
>>
>> My installation parameters:
>> - Apache Roller 4.0.1
>> - Apache Directory Server 1.5.6
>> - Apache Tomcat 6.0.26
>> - MySQL 5.0.67
>>
>> Thanks,
>> Andreas
>>
>>
>
Re: LDAP Integration with Roller 4.0.1
Posted by Andreas Heizenreder <ah...@googlemail.com>.
Hello!
I found a solution for my problem. The cause of error message is the by
default used
org.apache.roller.weblogger.ui.core.security.AuthoritiesPopulator as
jdbcAuthoritiesPopulator. It tries before populating the Roller DB with LDAP
user data to make a lookup for this user in DB.
The solution is to use
org.acegisecurity.providers.ldap.populator.DefaultLdapAuthoritiesPopulator
as AuthoritiesPopulator:
<bean id="ldapAuthProvider"
class="org.acegisecurity.providers.ldap.LdapAuthenticationProvider">
<constructor-arg>
<bean
class="org.acegisecurity.providers.ldap.authenticator.BindAuthenticator">
<constructor-arg ref="initialDirContextFactory"/>
<property name="userSearch" ref="ldapUserSearch"/>
</bean>
</constructor-arg>
<!-- <constructor-arg ref="jdbcAuthoritiesPopulator"/> -->
<constructor-arg ref="ldapAuthoritiesPopulator"/>
<property name="userCache" ref="userCache"/>
</bean>
<bean id="ldapAuthoritiesPopulator"
class="org.acegisecurity.providers.ldap.populator.DefaultLdapAuthoritiesPopulator">
<constructor-arg><ref
local="initialDirContextFactory"/></constructor-arg>
<constructor-arg value="ou=groups" />
<property name="groupRoleAttribute" value="ou" />
<property name="rolePrefix" value=""/>
<property name="convertToUpperCase" value="false"/>
</bean>
Very important is also to set property "convertToUpperCase" to "false" to
avoid settings group names to upper case.
All user, who have to be able to login to Roller by their LDAP credentials
have to be added in LDAP to "register" and "editor"/"admin" groups.
Also the line
/roller-ui/user.do*=register
have to be uncommented in "filterInvocationInterceptor".
In roller-custom.properties I also have to add follow configurations:
users.sso.registry.ldap.attributes.screenname=cn
# create LDAP authenticated user automatically in roller
users.sso.autoProvision.enabled=true
And the biggest change was the Source change in
org.apache.roller.weblogger.ui.core.security.CustomUserRegistry.java:90.
This line have to be uncommented to avoid NullPointerExceptions by creation
process of LDAP User in Roller DB. And after new build of Roller from
changed source all started workig as it have to be.
I hope my notes will you to integrate your Roller instance to LDAP.
Andreas
2010/4/22 Andreas Heizenreder <ah...@googlemail.com>
> Hello!
>
> I am trying to integrate my Roller installation to Apache Directory Server
> as described under
> https://cwiki.apache.org/confluence/display/ROLLER/Roller+4.0+with+LDAP+and+CAS.
> And it works so long, as a user is present in both systems Roller and ADS.
> If a user from ADS not created in Roller tried to log in, it comes to an
> error "ERROR no user: ..." :
>
> DEBUG 2010-04-22 12:02:15,611 LdapAuthenticationProvider:retrieveUser -
> Retrieving user admin
> DEBUG 2010-04-22 12:02:15,611 DefaultInitialDirContextFactory:connect -
> Creating InitialDirContext with environment
> {java.naming.provider.url=ldap://localhost:10389/dc=example,dc=com,
> java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
> java.naming.security.principal=uid=admin,ou=system,
> com.sun.jndi.ldap.connect.pool=true,
> java.naming.security.authentication=simple,
> java.naming.security.credentials=******}
> DEBUG 2010-04-22 12:02:15,627 FilterBasedLdapUserSearch:searchForUser -
> Searching for user 'admin', in context
> javax.naming.directory.InitialDirContext@10936a1, with user search [
> searchFilter: 'uid={0}', searchBase: '', scope: subtreesearchTimeLimit:
> 0derefLinkFlag: false ]
> DEBUG 2010-04-22 12:02:15,642 DefaultInitialDirContextFactory:connect -
> Creating InitialDirContext with environment
> {java.naming.provider.url=ldap://localhost:10389/dc=example,dc=com,
> java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
> java.naming.security.principal=uid=admin,ou=system,
> com.sun.jndi.ldap.connect.pool=true,
> java.naming.security.authentication=simple,
> java.naming.security.credentials=******}
> DEBUG 2010-04-22 12:02:15,658 DefaultInitialDirContextFactory:connect -
> Creating InitialDirContext with environment
> {java.naming.provider.url=ldap://localhost:10389/dc=example,dc=com,
> java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
> java.naming.security.principal=uid=admin,ou=People,dc=example,dc=com,
> java.naming.security.authentication=simple,
> java.naming.security.credentials=******}
> WARN 2010-04-22 12:02:15,689 LoggerListener:onApplicationEvent -
> Authentication event AuthenticationFailureServiceExceptionEvent: admin;
> details: org.acegisecurity.ui.WebAuthenticationDetails@12afc:
> RemoteIpAddress: 127.0.0.1; SessionId: D09264A777DF96F742E0A6A16F52415D;
> exception: ERROR no user: admin; nested exception is
> org.acegisecurity.ldap.LdapDataAccessException: ERROR no user: admin
>
> I configure all setting from Tutorial and also tried the settings from
> http://mail-archives.apache.org/mod_mbox/roller-user/200908.mbox/%3C8fb9ac720908281403n5eae6602x1fe116f266f689e@mail.gmail.com%3E
>
> My installation parameters:
> - Apache Roller 4.0.1
> - Apache Directory Server 1.5.6
> - Apache Tomcat 6.0.26
> - MySQL 5.0.67
>
> Thanks,
> Andreas
>
>