Menu
▾
▴
Java Classpath (include wrapper.jar) Add class path elements as # needed starting from 1 wrapper.java.classpath.1=../shared/lib/.jar wrapper.java.classpath.2=/YOUR_JBOSS_DIR/jboss-4.2.3.GA/server/default/lib/.jar wrapper.java.classpath.3=/YOUR_JBOSS_DIR/jboss-4.2.3.GA/lib/*.jar ...
LDAP
How to authenticate chipster users via LDAP and JNDI
Date: 24.11.2008
Updated: 24.07.2009 (minor changes in chipster version 1.3.0)
Problem description:
Every user with an account in our Active Directory Domain should be able to log into chipster using the Active Directory login credentials.
Remarks:
- JNDI is the Java Naming and Directory Interface
- Java contains a class LdapLoginModule, which does not support initial binding with a special LDAP user who has search rights in the directory. Therefore the class LdapExtLoginModule of JBOSS is utilized.
- JBOSS at http://www.jboss.org/ provides the source of the community release of the J2EE application server. Here jboss-4.2.3.GA-src.tar.gz was used.
- This solution was developed with
- debian linux 4.0 (etch)
- linux kernel 2.6.18-6-amd64
- java version 1.5.0
- apache ant version 1.7.1
- J2EE application server version 4.2.3
- chipster version 1.2.0, 1.3.0
Solution:
1. Download and build a current release of the J2EE application server from http://www.jboss.org/
Build works very straightforward. For our purpose it is sufficient to move the build result, which resides in build/output, to some directory on the chipster server.
2. Edit wrapper.conf of chipsters auth module
auth/conf/wrapper.conf (auth/bin/linux-x86-64/wrapper.conf in chipster versions ...
Java Classpath (include wrapper.jar) Add class path elements as # needed starting from 1 wrapper.java.classpath.1=../shared/lib/.jar wrapper.java.classpath.2=/YOUR_JBOSS_DIR/jboss-4.2.3.GA/server/default/lib/.jar wrapper.java.classpath.3=/YOUR_JBOSS_DIR/jboss-4.2.3.GA/lib/*.jar ...
3. Edit jaas.config of chipsters auth module
auth/conf/jaas.config
(auth/nami-work-files/jaas.config in chipster versions 1.3.0)
/ **Login Configuration for Chipster**
Chipster {
/* fi.csc.microarray.auth.SimpleFileLoginModule sufficient passwdFile="users"; */
/* fi.csc.microarray.auth.UnixCryptLoginModule sufficient passwdFile="chipster_shadow"; */
org.jboss.security.auth.spi.LdapExtLoginModule REQUIRED
java.naming.provider.url="ldap://your.ldap.server:389"
bindDN="your_active_directory_name\\your_ldap_search_user"
bindCredential="your_ldap_search_user_password"
baseCtxDN="OU=your_ou,DC=some_more,DC=your_domain,DC=com"
baseFilter="(&(objectClass=user)(cn={0}))"
rolesCtxDN="OU=your_ou,DC=some_more,DC=your_domain,DC=com"
roleFilter="(&(objectClass=user)(cn={0}))"
roleAttributeID="memberOf"
allowEmptyPasswords="false";
};
The above LDAP information is very specific. You need to know your information to access your LDAP service. To explore and learn about the required LDAP search strings and DNs the tool "LDAP Browser" from LDAPSOFT (http://www.ldapsoft.com) showed to be of great help.
4. Replace all chipster log4j.jar occurrences with the log4j.jar of JBOSS
_This will propably not be necessary in future when chipster uses the newer files itself._ # # chipster version 1.3.0 # cd /YOUR_CHIPSTER_DIR find . -name "log4*" ./shared/lib/log4j-1.2.9.jar ./activemq/example/conf/log4j.properties ./activemq/lib/optional/log4j-1.2.14.jar ./activemq/conf/log4j.properties cp ./shared/lib/log4j-1.2.9.jar ./shared/lib/log4j-1.2.9.jar.bck cp /YOUR_JBOSS_DIR/jboss-4.2.3.GA/client/log4j.jar ./shared/lib/log4j-1.2.9.jar cp ./activemq/lib/optional/log4j-1.2.14.jar ./activemq/lib/optional/log4j-1.2.14.jar.bck cp /YOUR_JBOSS_DIR/jboss-4.2.3.GA/client/log4j.jar ./activemq/lib/optional/log4j-1.2.14.jar # # chipster version
5. Restart chipster
Relevant chipster log files to look for errors and problems are
auth/logs/wrapper.log auth/logs/chipster.log auth/logs/security.log
(In Chipster
Related
Wiki: TechnicalManual
Wiki: TechnicalManual14
Wiki: TechnicalManual20
Wiki: TechnicalManual21
Wiki: TechnicalManual22