Re: [Coursework-help] Help with LDAP login/authentication in CVS HEAD
Brought to you by:
ianeboston,
john765367
Menu
▾
▴
Re: [Coursework-help] Help with LDAP login/authentication in CVS HEAD
|
From: Ian B. <ie...@tf...> - 2004-11-19 09:02:34
|
This is almost exactly what we do at Cambridge, we have the users in LDAP and when they first visit Coursework they are auto registered. From their they can join courses. We have a further added complication that makes it a little more difficult. Some users authenticate against the campus wide single sign-on, and so their details have to be auto entered into both LDAP and the Database. You need to 1. Activate the JAAS based login modules, from memory their is a properties file where the auth module is defined edu.stanford.core.authentication ? 2. Comment out any reference to Raven in jaas.config and associated property files. Raven is the UoC single signon mechanism. 3. Configure the Database Login Module and the LDAP Login module to point to the correct places. Database to the coursework DB and LDAP to your LDAP. We use an OpenLDAP server, with anon bind for search and auth bind for Authentication. 4. Make certain that you put the jaas.config file in the CATALINA_HOME/conf directory, and reference it in a command line -D argument. Jaas doc will help here. Remember their is only on jaas.config per JVM. Operation - this is from memory, so could be wrong... ( please correct me if Im wrong on this ) The user comes to the login page, enters their username and password. The Jaas Login modules are called in turn and register callbacks. The callback handlers take the auth tokens and do things with them. eg 1. Try to locate the LDAP DN and then bind to the LDAP DN, if sucessfull a principal is created and set. 2. Try to locate the username and password inthe DB, if sucessfull a principal is created. 3. Use an authenticated principal (from LDAP) to populate the DB. There is a readme associated with the deployment of the JAAS framework that explains this in more detail. Does this help ? How far have you got ? Ian Mumit Khan wrote: > Dear all, > > Is it possible to use an LDAP server to authenticate against existing > users and a database for ones that do not exist in our LDAP server? Our > LDAP server is basically a migration from legacy YP/NIS (aided the PADL > migration tools), so you can imagine what the schema looks like. We > would like our students/staff/faculty to be able to use Coursework > without having to do anything extra, and have the guest users register > themselves in a database. > > I have 3.0RC1 working in the "old" mode, against a database (by editing > security.properties as suggested in an earlier email to the list), but > can't get authentication in CVS HEAD working at all. > > I'm a complete newbie at this, so any help would be terrific in pointing > out what I should be looking at. I have a rough idea about JAAS (from > Sun's docs), but that's not helping much in deciphering Cambridge's > current authentication modules. > > Regards, > Mumit > > > > ------------------------------------------------------- > This SF.Net email is sponsored by: InterSystems CACHE > FREE OODBMS DOWNLOAD - A multidimensional database that combines > robust object and relational technologies, making it a perfect match > for Java, C++,COM, XML, ODBC and JDBC. www.intersystems.com/match8 > _______________________________________________ > Coursework-help mailing list > Cou...@li... > https://lists.sourceforge.net/lists/listinfo/coursework-help |
