Re: [Coursework-help] Help with LDAP login/authentication in CVS HEAD
Brought to you by:
ianeboston,
john765367
Menu
▾
▴
Re: [Coursework-help] Help with LDAP login/authentication in CVS HEAD
|
From: Mumit K. <mu...@br...> - 2004-11-19 13:20:56
|
Hi Ian, Thanks very much for the explanation, it helps a lot. > This is almost exactly what we do at Cambridge, we have the users in > LDAP and when they first visit Coursework they are auto registered. > From their they can join courses. We have a further added complication > that makes it a little more difficult. Some users authenticate against > the campus wide single sign-on, and so their details have to be auto > entered into both LDAP and the Database. > > You need to > 1. Activate the JAAS based login modules, from memory their is a > properties file where the auth module is defined > edu.stanford.core.authentication ? > > 2. Comment out any reference to Raven in jaas.config and associated > property files. Raven is the UoC single signon mechanism. > > 3. Configure the Database Login Module and the LDAP Login module to > point to the correct places. Database to the coursework DB and LDAP to > your LDAP. We use an OpenLDAP server, with anon bind for search and > auth bind for Authentication. 1-3 done, mostly following some of your responses to the mailing list (supplemented by some uneducated guesswork). > 4. Make certain that you put the jaas.config file in the > CATALINA_HOME/conf directory, and reference it in a command line -D > argument. Jaas doc will help here. Remember their is only on > jaas.config per JVM. Also done. The install process does this already, so I got lucky. I didn't know about -D argument, thanks. > Operation - this is from memory, so could be wrong... ( please correct > me if Im wrong on this ) > The user comes to the login page, enters their username and password. > The Jaas Login modules are called in turn and register callbacks. The > callback handlers take the auth tokens and do things with them. eg > 1. Try to locate the LDAP DN and then bind to the LDAP DN, if > sucessfull a principal is created and set. > 2. Try to locate the username and password inthe DB, if sucessfull a > principal is created. > 3. Use an authenticated principal (from LDAP) to populate the DB. > > There is a readme associated with the deployment of the JAAS framework > that explains this in more detail. > > Does this help ? How far have you got ? This helps significantly, especially as it validated my current understanding. I'll take another hack at it next weekend, when I'll know more. Looks like I can use your cambridge setup for the most part, so I'll try to dig through it first and figure out how it's done in detail and then try ours out. Thanks for a terrific port. Perhaps I can contribute back by documenting our process when I have it done. Regards, Mumit |
