[daisy] LDAP integration

Caleb Callaway caleb at autometrix.com
Fri Jul 27 12:56:26 CDT 2007 

Jean Meyer wrote:
> Caleb Callaway a écrit :
>> Jean Meyer wrote:
>>> Hi all,
>>>
>>> I try to use LDAP as an authentification scheme for Daisy as 
>>> explained on http://cocoondev.org/daisydocs-2_0/373-cd/37-cd.html
>>> I have changed the myconfig.xml like this:
>>>
>>>  <target path="/daisy/repository/authentication/authenticator">
>>>    <configuration>
>>>      
>>> <authenticationSchemeForUserCreation>ldap1</authenticationSchemeForUserCreation> 
>>>
>>>    </configuration>
>>>  </target>
>>>
>>>  <target path="/daisy/repository/authentication/ldap">
>>>    <configuration>
>>>      <scheme name="ldap1" description="Test LDAP config">
>>>        <environment>
>>>          <property name="java.naming.factory.initial" 
>>> value="com.sun.jndi.ldap.LdapCtxFactory"></property>
>>>          <property name="java.naming.provider.url" 
>>> value="ldap://myLdapHostname:389"></property>
>>>          <property name="java.naming.security.authentication" 
>>> value="simple"></property>
>>>          <property name="java.naming.security.principal" 
>>> value="cn=$daisyLogin,o=myOrganisation"></property>
>>>        </environment>
>>>        <cache enabled="true" maxCacheSize="3000" 
>>> maxCacheDuration="1800000"></cache>
>>>        <autoCreateUser>
>>>          <roles>
>>>            <role>User</role>
>>>          </roles>
>>>          <defaultRole>User</defaultRole>
>>>          <updateableByUser>true</updateableByUser>
>>>        </autoCreateUser>
>>>      </scheme>
>>>    </configuration>
>>>  </target>
>>>
>>> I got an error message:
>>>
>>> [ERROR  ] <2007-07-27 17:20:19,680> 
>>> (daisy.repository.httpconnector.request-errors): Error 
>>> authenticating user.
>>> org.outerj.daisy.repository.user.UserNotFoundException: The user 
>>> with login "meyerj2" does not exist
>>>    at 
>>> org.outerj.daisy.repository.serverimpl.user.LocalUserManagementStrategy.getUser(LocalUserManagementStrategy.java:390) 
>>>
>>>    at 
>>> org.outerj.daisy.repository.commonimpl.user.UserCache.getUser(UserCache.java:87) 
>>>
>>>    at 
>>> org.outerj.daisy.repository.commonimpl.user.CommonUserManager.getUser(CommonUserManager.java:80) 
>>>
>>>    at 
>>> org.outerj.daisy.repository.commonimpl.user.UserManagerImpl.getUser(UserManagerImpl.java:73) 
>>>
>>>    at 
>>> org.outerj.daisy.authentication.impl.UserAuthenticatorImpl.authenticate(UserAuthenticatorImpl.java:104) 
>>>
>>>    at sun.reflect.GeneratedMethodAccessor9.invoke(Unknown Source)
>>>    at 
>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) 
>>>
>>>    at java.lang.reflect.Method.invoke(Method.java:597)
>>>    at 
>>> org.apache.avalon.activation.impl.ApplianceInvocationHandler.invoke(ApplianceInvocationHandler.java:129) 
>>>
>>>    at $Proxy7.authenticate(Unknown Source)
>>>    at sun.reflect.GeneratedMethodAccessor9.invoke(Unknown Source)
>>>    at 
>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) 
>>>
>>>    at java.lang.reflect.Method.invoke(Method.java:597)
>>>    at 
>>> org.apache.avalon.activation.impl.BlockInvocationHandler.invoke(BlockInvocationHandler.java:108) 
>>>
>>>    at $Proxy9.authenticate(Unknown Source)
>>>    at 
>>> org.outerj.daisy.repository.serverimpl.LocalRepositoryManager.getRepository(LocalRepositoryManager.java:159) 
>>>
>>>    at sun.reflect.GeneratedMethodAccessor10.invoke(Unknown Source)
>>>    at 
>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) 
>>>
>>>    at java.lang.reflect.Method.invoke(Method.java:597)
>>>    at 
>>> org.apache.avalon.activation.impl.ApplianceInvocationHandler.invoke(ApplianceInvocationHandler.java:129) 
>>>
>>>    at $Proxy14.getRepository(Unknown Source)
>>>    at 
>>> org.outerj.daisy.httpconnector.HttpConnectorImpl$DaisyUserRealm.authenticate(HttpConnectorImpl.java:360) 
>>>
>>>    at 
>>> org.mortbay.http.BasicAuthenticator.authenticate(BasicAuthenticator.java:64) 
>>>
>>>    at 
>>> org.mortbay.http.SecurityConstraint.check(SecurityConstraint.java:442)
>>>    at 
>>> org.mortbay.http.HttpContext.checkSecurityConstraints(HttpContext.java:1326) 
>>>
>>>    at 
>>> org.mortbay.http.handler.SecurityHandler.handle(SecurityHandler.java:81) 
>>>
>>>    at org.mortbay.http.HttpContext.handle(HttpContext.java:1530)
>>>    at org.mortbay.http.HttpContext.handle(HttpContext.java:1482)
>>>    at org.mortbay.http.HttpServer.service(HttpServer.java:909)
>>>    at org.mortbay.http.HttpConnection.service(HttpConnection.java:816)
>>>    at 
>>> org.mortbay.http.HttpConnection.handleNext(HttpConnection.java:982)
>>>    at org.mortbay.http.HttpConnection.handle(HttpConnection.java:833)
>>>    at 
>>> org.mortbay.http.SocketListener.handleConnection(SocketListener.java:244) 
>>>
>>>    at org.mortbay.util.ThreadedServer.handle(ThreadedServer.java:357)
>>>    at org.mortbay.util.ThreadPool$PoolThread.run(ThreadPool.java:534)
>>>
>>> If I have well understood with the 
>>> authenticationSchemeForUserCreation I don't need to create a Daisy 
>>> user, it is auto-created when I log with my LDAP login and password. 
>>> Can anybody confirm this ?
>>>
>>> Best Regards,
>>> Jean Meyer
>>> _______________________________________________
>>> daisy community mailing list
>>> Professional Daisy support: 
>>> http://outerthought.org/site/services/daisy/daisysupport.html
>>> mail to: daisy at lists.cocoondev.org
>>> list information: http://lists.cocoondev.org/mailman/listinfo/daisy
>>>
> Thank you Caleb, I have checked what you said but it looked alright ...
>> The configuration you listed is correct for user auto-creation. 
>> However, it seems you have example values for your 
>> "java.naming.provider.url" and "java.naming.security.principal" 
>> properties. 
> I have just replaced this values in the mail but they are correct in 
> my real config file.
>> These values need to be set to match the configuration of your 
>> directory. I'd check that you don't have multiple instances of the 
>> <target path="/daisy/repository/authentication/authenticator"> 
>> section in your config file.
> No I have just one.
>>
>> It would also be worth-while to test  your LDAP configuration with a 
>> directory browser or a tool like ldapsearch, to make sure the DNs 
>> that you're trying to match are valid.
> yes I have checked these value with an ldapsearch.
>
> Any idea what else it could be ?
>
> cheers
> Jean
>
> _______________________________________________
> daisy community mailing list
> Professional Daisy support: 
> http://outerthought.org/site/services/daisy/daisysupport.html
> mail to: daisy at lists.cocoondev.org
> list information: http://lists.cocoondev.org/mailman/listinfo/daisy
>
I found Bruno's test program from 
http://lists.cocoondev.org/pipermail/daisy/2006-February/003178.html to 
be helpful in debugging my LDAP configuration. It might shed some light 
on the issues you're having....

-Caleb

More information about the daisy mailing list