[daisy] LDAP integration

Caleb Callaway caleb at autometrix.com
Fri Jul 27 11:51:50 CDT 2007 

Jean Meyer wrote:
> Hi all,
>
> I try to use LDAP as an authentification scheme for Daisy as explained 
> on http://cocoondev.org/daisydocs-2_0/373-cd/37-cd.html
> I have changed the myconfig.xml like this:
>
>  <target path="/daisy/repository/authentication/authenticator">
>    <configuration>
>      
> <authenticationSchemeForUserCreation>ldap1</authenticationSchemeForUserCreation> 
>
>    </configuration>
>  </target>
>
>  <target path="/daisy/repository/authentication/ldap">
>    <configuration>
>      <scheme name="ldap1" description="Test LDAP config">
>        <environment>
>          <property name="java.naming.factory.initial" 
> value="com.sun.jndi.ldap.LdapCtxFactory"></property>
>          <property name="java.naming.provider.url" 
> value="ldap://myLdapHostname:389"></property>
>          <property name="java.naming.security.authentication" 
> value="simple"></property>
>          <property name="java.naming.security.principal" 
> value="cn=$daisyLogin,o=myOrganisation"></property>
>        </environment>
>        <cache enabled="true" maxCacheSize="3000" 
> maxCacheDuration="1800000"></cache>
>        <autoCreateUser>
>          <roles>
>            <role>User</role>
>          </roles>
>          <defaultRole>User</defaultRole>
>          <updateableByUser>true</updateableByUser>
>        </autoCreateUser>
>      </scheme>
>    </configuration>
>  </target>
>
> I got an error message:
>
> [ERROR  ] <2007-07-27 17:20:19,680> 
> (daisy.repository.httpconnector.request-errors): Error authenticating 
> user.
> org.outerj.daisy.repository.user.UserNotFoundException: The user with 
> login "meyerj2" does not exist
>    at 
> org.outerj.daisy.repository.serverimpl.user.LocalUserManagementStrategy.getUser(LocalUserManagementStrategy.java:390) 
>
>    at 
> org.outerj.daisy.repository.commonimpl.user.UserCache.getUser(UserCache.java:87) 
>
>    at 
> org.outerj.daisy.repository.commonimpl.user.CommonUserManager.getUser(CommonUserManager.java:80) 
>
>    at 
> org.outerj.daisy.repository.commonimpl.user.UserManagerImpl.getUser(UserManagerImpl.java:73) 
>
>    at 
> org.outerj.daisy.authentication.impl.UserAuthenticatorImpl.authenticate(UserAuthenticatorImpl.java:104) 
>
>    at sun.reflect.GeneratedMethodAccessor9.invoke(Unknown Source)
>    at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) 
>
>    at java.lang.reflect.Method.invoke(Method.java:597)
>    at 
> org.apache.avalon.activation.impl.ApplianceInvocationHandler.invoke(ApplianceInvocationHandler.java:129) 
>
>    at $Proxy7.authenticate(Unknown Source)
>    at sun.reflect.GeneratedMethodAccessor9.invoke(Unknown Source)
>    at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) 
>
>    at java.lang.reflect.Method.invoke(Method.java:597)
>    at 
> org.apache.avalon.activation.impl.BlockInvocationHandler.invoke(BlockInvocationHandler.java:108) 
>
>    at $Proxy9.authenticate(Unknown Source)
>    at 
> org.outerj.daisy.repository.serverimpl.LocalRepositoryManager.getRepository(LocalRepositoryManager.java:159) 
>
>    at sun.reflect.GeneratedMethodAccessor10.invoke(Unknown Source)
>    at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) 
>
>    at java.lang.reflect.Method.invoke(Method.java:597)
>    at 
> org.apache.avalon.activation.impl.ApplianceInvocationHandler.invoke(ApplianceInvocationHandler.java:129) 
>
>    at $Proxy14.getRepository(Unknown Source)
>    at 
> org.outerj.daisy.httpconnector.HttpConnectorImpl$DaisyUserRealm.authenticate(HttpConnectorImpl.java:360) 
>
>    at 
> org.mortbay.http.BasicAuthenticator.authenticate(BasicAuthenticator.java:64) 
>
>    at 
> org.mortbay.http.SecurityConstraint.check(SecurityConstraint.java:442)
>    at 
> org.mortbay.http.HttpContext.checkSecurityConstraints(HttpContext.java:1326) 
>
>    at 
> org.mortbay.http.handler.SecurityHandler.handle(SecurityHandler.java:81)
>    at org.mortbay.http.HttpContext.handle(HttpContext.java:1530)
>    at org.mortbay.http.HttpContext.handle(HttpContext.java:1482)
>    at org.mortbay.http.HttpServer.service(HttpServer.java:909)
>    at org.mortbay.http.HttpConnection.service(HttpConnection.java:816)
>    at org.mortbay.http.HttpConnection.handleNext(HttpConnection.java:982)
>    at org.mortbay.http.HttpConnection.handle(HttpConnection.java:833)
>    at 
> org.mortbay.http.SocketListener.handleConnection(SocketListener.java:244)
>    at org.mortbay.util.ThreadedServer.handle(ThreadedServer.java:357)
>    at org.mortbay.util.ThreadPool$PoolThread.run(ThreadPool.java:534)
>
> If I have well understood with the authenticationSchemeForUserCreation 
> I don't need to create a Daisy user, it is auto-created when I log 
> with my LDAP login and password. Can anybody confirm this ?
>
> Best Regards,
> Jean Meyer
> _______________________________________________
> daisy community mailing list
> Professional Daisy support: 
> http://outerthought.org/site/services/daisy/daisysupport.html
> mail to: daisy at lists.cocoondev.org
> list information: http://lists.cocoondev.org/mailman/listinfo/daisy
>
The configuration you listed is correct for user auto-creation. However, 
it seems you have example values for your "java.naming.provider.url" and 
"java.naming.security.principal" properties. These values need to be set 
to match the configuration of your directory. I'd check that you don't 
have multiple instances of the <target 
path="/daisy/repository/authentication/authenticator"> section in your 
config file.

It would also be worth-while to test  your LDAP configuration with a 
directory browser or a tool like ldapsearch, to make sure the DNs that 
you're trying to match are valid.

More information about the daisy mailing list