You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@roller.apache.org by leofreesand <yu...@hotmail.com> on 2014/01/26 15:45:58 UTC

How to enable LDAP authentication for Roller 5?‏‏

I want to enable LDAP user authentication
for Roller 5.0.3. There are some relating tutorials for Roller 4 but seems not
working on the new spring security framework. I find some spring security 2
configuration examples, trying to figure it out with no success. Hoping someone
will help me...

this is my progress so far: I'm using an
openldap server with some testing account and added some properties in roller
custom setting file:

users.sso.enabled=true

users.sso.autoProvision.enabled=true

users.sso.registry.ldap.attributes.name=uid

users.sso.registry.ldap.attributes.screenname=cn

 

then I modified the security.xml:

    <beans:bean id="contextSource"
class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">

        <beans:constructor-arg
value="ldap://localhost:389/dc=test,dc=com" />

        <beans:property
name="userDn" value="cn=Manager,dc=test,dc=com" />

        <beans:property
name="password" value="111111" />

    </beans:bean>

    <beans:bean
id="ldapAuthProvider" class="org.springframework.security.providers.ldap.LdapAuthenticationProvider">

        <custom-authentication-provider
/>

        <beans:constructor-arg>

            <beans:bean
class="org.springframework.security.providers.ldap.authenticator.BindAuthenticator">

                <beans:constructor-arg
ref="contextSource" />

                <beans:property
name="userSearch" ref="userSearch" />

            </beans:bean>

        </beans:constructor-arg>

        <beans:constructor-arg>

            <beans:bean class="org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator">

                <beans:constructor-arg
ref="contextSource" />

                <beans:constructor-arg
value="ou=Tester" />

                <beans:property
name="searchSubtree" value="false" />

                <beans:property
name="defaultRole" value="register" />

                <beans:property
name="convertToUpperCase" value="false" />

                <beans:property
name="groupRoleAttribute" value=""/>

                <beans:property
name="rolePrefix" value="" />

            </beans:bean>

        </beans:constructor-arg>

    </beans:bean>

    <beans:bean id="userSearch"
class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">

        <beans:constructor-arg
index="0" value="" />

        <beans:constructor-arg
index="1" value="(uid={0})" />

        <beans:constructor-arg
index="2" ref="contextSource" />

        <beans:property
name="searchSubtree" value="true" />

    </beans:bean>

 

(Deploying roller with this configuration
will get error message "java.lang.NoClassDefFoundError:
com.sun.jndi.ldap.ctl.ResponseControlFactory", I found a solution at
http://www.chrissearle.org/2007/08/30/spring-ldap_and_NoClassDefFoundError_com_sun_jndi_ldap_ctl_ResponseControlFactory/)

 

Now when using ldap username/password the
page will jump to roller_j_security_check and display following error message: 

500

Filter execution
threw an exception

Roller has
encountered and logged an unexpected exception.

 

Using a wrong password will get the same
error message, If entering a non-existed username/password roller will display
"Wrong username and password combination".

There are relating search messages in
openldap.log, maybe I just need some tweak to fix the problem? Does anyone have
any suggestions for solutions? thanks in advance.

Re: How to enable LDAP authentication for Roller 5?‏‏

Posted by Glen Mazza <gl...@gmail.com>.

Thanks for letting us know, I created a JIRA item to track the matter: 
https://issues.apache.org/jira/browse/ROL-1987

Glen

On 02/03/2014 06:16 AM, leofreesand wrote:
> I sovled this problem finally!
>
> First I checked tomcat logfile the above 500 error is caused by a 
> java.lang.IllegalAccessError and found a solution there:
> http://osdir.com/ml/java.springframework.user/2008-10/msg00017.html
> (simply using spring-ldap-1.2.1.jar instead of spring-ldap-1.2.jar...)
>
> Then when using ldap username/password the page will jump to 
> roller-ui/login-redirect.rol and display a '500 
> java.lang.NullPointerException' error -- the same error mentioned by 
> Andreas Heizenreder's wiki page comment:
> https://cwiki.apache.org/confluence/display/ROLLER/Roller+4.0+with+LDAP+and+CAS 
>
>
> Then I added folling code in 
> roller-weblogger-5.0.3-source\weblogger-web\src\main\java\org\apache\roller\weblogger\ui\core\security\BasicUserAutoProvision.java:
> public boolean execute(HttpServletRequest request) {
>  User ud = CustomUserRegistry.getUserDetailsFromAuthentication(request);
>  if(ud != null) {
>    UserManager mgr;
>    // leo-- 
> ud.setId(org.apache.roller.util.UUIDGenerator.generateUUID());
>    // --leo
>
> Now rebuild source code to get a new roller-weblogger-web-5.0.3.jar, 
> when a ldap user logged in the program will create same user in 
> rollerdb automatically.
> (one more thing: the defaultRole for ldap user must be 'editor' 
> instead of 'register', or you will get a '403 Access Denied' error.)
>
>

Re: How to enable LDAP authentication for Roller 5?‏‏

Posted by leofreesand <yu...@hotmail.com>.

I sovled this problem finally!

First I checked tomcat logfile the above 500 error is caused by a 
java.lang.IllegalAccessError and found a solution there:
http://osdir.com/ml/java.springframework.user/2008-10/msg00017.html
(simply using spring-ldap-1.2.1.jar instead of spring-ldap-1.2.jar...)

Then when using ldap username/password the page will jump to 
roller-ui/login-redirect.rol and display a '500 
java.lang.NullPointerException' error -- the same error mentioned by Andreas 
Heizenreder's wiki page comment:
https://cwiki.apache.org/confluence/display/ROLLER/Roller+4.0+with+LDAP+and+CAS

Then I added folling code in 
roller-weblogger-5.0.3-source\weblogger-web\src\main\java\org\apache\roller\weblogger\ui\core\security\BasicUserAutoProvision.java:
public boolean execute(HttpServletRequest request) {
  User ud = CustomUserRegistry.getUserDetailsFromAuthentication(request);
  if(ud != null) {
    UserManager mgr;
    // leo-- 
    ud.setId(org.apache.roller.util.UUIDGenerator.generateUUID());
    // --leo

Now rebuild source code to get a new roller-weblogger-web-5.0.3.jar, when a 
ldap user logged in the program will create same user in rollerdb 
automatically.
(one more thing: the defaultRole for ldap user must be 'editor' instead of 
'register', or you will get a '403 Access Denied' error.)