[daisy] Authentication to Active Directory Server

Bruno Dumon bruno at outerthought.org
Thu Jul 27 12:28:19 CDT 2006 

Hi,

The user will only be created if checking the user's credentials against
the ldap succeeds.

I see you have this in your configuration:

>          <property name="java.naming.security.principal"
> value="${daisyLogin}@rijnh.nl"/>

which probably isn't the intention, since there shouldn't be { and } in
$daisyLogin, this is likely the reason the authentication fails.

On Thu, 2006-07-27 at 13:56 +0200, Gwendolyn van der Linden wrote:
> Hi,
> 
> We've decided on using Daisy for our internal and external website, so
> we're busy getting everything working as desired.  First of all, kudos
> to the Daisy developers!
> 
> I'm trying to get authentication to our Active Directory Server going,
> using a fresh install of 1.5-M2.  First I've tested authentication using
> a Java program that uses javax.naming.directory.InitialDirContext
> (following the example Bruno posted some time ago), using the following
> configuration:
> 
> INITIAL_CONTEXT_FACTORY = com.sun.jndi.ldap.LdapCtxFactory
> PROVIDER_URL = ldap://ws1:3268
> SECURITY_AUTHENTICATION = simple
> SECURITY_PRINCIPAL = <username>@rijnh.nl
> SECURITY_CREDENTIALS = <password>
> 
> This works OK, as long as I don't enable SSL.
> 
> I've configured daisydata/conf/myconfig.xml as follows:
> 
>   <target path="/daisy/repository/authentication/authenticator">
>     <configuration>
>       <!-- Indicates which authentication scheme to use, if any, to
> automatically create new users. -->
>  
> <authenticationSchemeForUserCreation>ldap-ws1</authenticationSchemeForUs
> erCreation>
>     </configuration>
>   </target>
> 
> and:
> 
>       <scheme name="ldap-ws1" description="Windows Active Directory
> Server">
>         <environment>
>           <property name="java.naming.factory.initial"
> value="com.sun.jndi.ldap.LdapCtxFactory"/>
>           <property name="java.naming.provider.url"
> value="ldap://ws1.rijnh.nl:3268"/>
>           <property name="java.naming.security.authentication"
> value="simple"/>
>           <!-- <property name="java.naming.security.protocol"
> value="ssl"/> -->
>           <property name="java.naming.security.principal"
> value="${daisyLogin}@rijnh.nl"/>
>         </environment>
>         <cache enabled="true" maxCacheSize="3000"
> maxCacheDuration="1800000"/>
>         <autoCreateUser>
>           <roles>
>             <role>User</role>
>           </roles>
>           <defaultRole>User</defaultRole>
>           <updateableByUser>true</updateableByUser>
>         </autoCreateUser>
>       </scheme>
> 
> Note that SSL is not configured.  Now if I try to login using my Windows
> account (with no daisy user with that name), I get:
> 
> [ERROR  ] <2006-07-27 11:34:49,409>
> (daisy.repository.httpconnector.request-errors): Error authenticating
> user.
> org.outerj.daisy.repository.user.UserNotFoundException: The user with
> login "vdlinden" does not exist
> 
> I had hoped of course that the user would be created automatically, and
> logged in succesfully.  What am I missing here?
> 
> Thanks,
> Gwendolyn.
> 
> --
> Gwendolyn van der Linden
> FOM Institute for Plasma Physics Rijnhuizen
> Nieuwegein, The Netherlands

-- 
Bruno Dumon                             http://outerthought.org/
Outerthought - Open Source, Java & XML Competence Support Center
bruno at outerthought.org                          bruno at apache.org

More information about the daisy mailing list