Win a copy of Node.js Design Patterns: Design and implement production-grade Node.js applications using proven patterns and techniques this week in the Server-Side JavaScript and NodeJS forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Rob Spoor
  • Tim Cooke
  • Junilu Lacar
Sheriffs:
  • Henry Wong
  • Liutauras Vilda
  • Jeanne Boyarsky
Saloon Keepers:
  • Jesse Silverman
  • Tim Holloway
  • Stephan van Hulst
  • Tim Moores
  • Carey Brown
Bartenders:
  • Al Hobbs
  • Mikalai Zaikin
  • Piet Souris

Can anyone post the SystemGlobals.properties here for successful LDAP/AD integration? Thanks.

 
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I have worked for JForum LDAP/AD integration for a while. But any try I did doesn't work. I am thinking that i may not do correctly in SystemGlobals.properties file. If you are successful in LDAP integration, would you please post SSO / User authentication and LDAP sessions here? I very appreciate your help.

[originally posted on jforum.net by steveCh]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Sorry, I don't have an example settings. But one common "gotcha" is that the LDAP SSO code assumes that the user id exists in the branch specified by your settings. It DOES NOT SEARCH for id's under the tree.

In other words, it assume the users are in a big pile under a single OU. So, if you have users in OU's below what you set it up for, it will not find them.

If you look at the code, you will see the user DN string is produced like this:



Where LDAP_LOGIN_* are the related config parameters.

This is used with the password to define the LDAP security information (e.g. used to log onto the LDAP server). This has to match the exact user DN.

This is combined with a lookup of the e-mail attribute defined by either the DN defined above or:



Note: If the LDAP_LOOKUP* config parameters aren't set, the LDAP_LOGIN* parameters are used. This option is for sites that store authentication location in one place but user attributes in another.

So, two things could be happening. The LDAP DN strings generated by this process don't match the exact DNs of the user. Or maybe the user does not have rights to look up their own attributes.

You could try looking at your LDAP log to see if there is an authentication rejection or add some debug logging code to the LDAP SSO class.
[originally posted on jforum.net by monroe]
 
I'm doing laundry! Look how clean this tiny ad is:
Thread Boost feature
https://coderanch.com/t/674455/Thread-Boost-feature
reply
    Bookmark Topic Watch Topic
  • New Topic