Announcement Announcement Module
Collapse
No announcement yet.
Ldap Person example using OpenLDAP Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Ldap Person example using OpenLDAP

    Hi,

    What changes do I have to make to the ldap-person example run in openLDAP instead of ApacheDS?

    thank you,
    Julio Cesar

  • #2
    Basically it should be sufficient to comment the line in src/main/webapp/WEB-INF/applicationContext.xml which imports apacheDsContext.xml and edit ldap.properties in the same directory to point to the appropriate server.

    Some data is expected to be present in the target LDAP server, defined in src/main/java/setup_data.ldif.

    Comment


    • #3
      Originally posted by rasky View Post
      Basically it should be sufficient to comment the line in src/main/webapp/WEB-INF/applicationContext.xml which imports apacheDsContext.xml and edit ldap.properties in the same directory to point to the appropriate server.

      Some data is expected to be present in the target LDAP server, defined in src/main/java/setup_data.ldif.
      Yeah, Ive done exactly that, but it didnt worked. It gives me "Bad credential" error. My steps:
      1. Comment import(apacheDS)
      2. Populate openLDAP with base_data.ldif and setup_data.ldif
      3. Replace user(cn=Manager) and password(secret).
      4. Run...
      5. "Bad Credentials"

      Comment


      • #4
        Ah, right, you'll need to change in applicationContext-acegi-security.xml to run against your OpenLDAP server as well (in ContextFactory definition). That's nasty - it should be taken from the properties file. Might I ask you to post a Jira issue so we don't lose track of that problem.

        Comment


        • #5
          Originally posted by rasky View Post
          Ah, right, you'll need to change in applicationContext-acegi-security.xml to run against your OpenLDAP server as well (in ContextFactory definition). That's nasty - it should be taken from the properties file. Might I ask you to post a Jira issue so we don't lose track of that problem.
          Humm...I dont need to change this because my machine(localhost) is running the LDAP server. But im still getting the same error.

          I was looking the setup_data.ldif file from the application, and I noted that ive populated the LDAP with setup_data.ldif from the /docs directory and not the one in src/main/java directory. Does it matter?

          Comment


          • #6
            Originally posted by juliogodel View Post
            Humm...I dont need to change this because my machine(localhost) is running the LDAP server. But im still getting the same error.

            I was looking the setup_data.ldif file from the application, and I noted that ive populated the LDAP with setup_data.ldif from the /docs directory and not the one in src/main/java directory. Does it matter?
            Also, Im trying to use the setup_data.ldif from src/main/java with openLDAP but it gives me the following error:

            >ldapadd -x -D "cn=Manager,dc=jayway,dc=se" -W
            -f C:\...\spring-ldap-person\src\main\java\setup_data.ldif
            Enter LDAP Password: adding new entry "cn=USER,ou=groups,dc=jayway,dc=se"
            ldap_add: No such object (32)

            Comment


            • #7
              Let's focus on populating OpenLDAP first. I just deleted all data and added it again, so if you follow these steps with this data, you should be OK.


              slapd.conf (adjust path according to your situation):

              Code:
              C:\Program\OpenLDAP>cat slapd.conf
              #
              # LDAP Defaults
              #
              
              # See ldap.conf(5) for details
              # This file should be world readable but not world writable.
              
              #BASE   dc=example, dc=com
              #URI    ldap://ldap.example.com ldap://ldap-master.example.com:666
              
              #SIZELIMIT      12
              #TIMELIMIT      15
              #DEREF          never
              
              include "c:/Program/OpenLDAP/schema/core.schema"
              include "c:/Program/OpenLDAP/schema/cosine.schema"
              include "c:/Program/OpenLDAP/schema/inetorgperson.schema"
              database bdb
              suffix  "dc=jayway,dc=se"
              rootdn  "cn=Manager,dc=jayway,dc=se"
              rootpw  secret
              directory "c:/Program/OpenLDAP/data"
              
              TLSCipherSuite HIGH:MEDIUM:+SSLv2
              TLSCACertificateFile /tmp/cacert.pem
              TLSCertificateFile /tmp/servercrt.pem
              TLSCertificateKeyFile /tmp/serverkey.pem
              TLSVerifyClient never

              Start slapd in another terminal window:

              Code:
              C:\Program\OpenLDAP>slapd -d 1
              main: new debug level is: 1
              main: new config file is: .\slapd.conf
              @(#) $OpenLDAP: slapd 2.2.29 (Oct 21 2005 16:01:14) $
              ...
              slapd starting

              Here is the teardown_data.ldif:

              Code:
              C:\Program\OpenLDAP>cat teardown_data.ldif
              ou=groups,dc=jayway,dc=se
              
              c=Sweden,dc=jayway,dc=se
              
              c=Norway,dc=jayway,dc=se

              Make sure your database is empty:

              Code:
              C:\Program\OpenLDAP>ldapdelete.exe -D cn=Manager,dc=jayway,dc=se -w secret -x -r -f teardown_data.ldif
              ldap_search: No such object (32)
                      matched DN: dc=jayway,dc=se
              Delete Result: No such object (32)
              Matched DN: dc=jayway,dc=se

              Here is spring-ldap-person/src/main/java/setup_data.ldif (not spring-ldap/src/itests/java/setup_data.ldif):

              Code:
              C:\Program\OpenLDAP>cat setup_data.ldif
              dn: ou=groups,dc=jayway,dc=se
              objectclass: top
              objectclass: organizationalUnit
              ou: groups
              
              dn: cn=USER,ou=groups,dc=jayway,dc=se
              objectclass: top
              objectclass: groupOfUniqueNames
              cn: USER
              uniqueMember: cn=Some Person,ou=company1,c=Sweden,dc=jayway,dc=se
              uniqueMember: cn=Some Person2,ou=company1,c=Sweden,dc=jayway,dc=se
              uniqueMember: cn=Some Person,ou=company1,c=Norway,dc=jayway,dc=se
              uniqueMember: cn=Some Person,ou=company2,c=Sweden,dc=jayway,dc=se
              uniqueMember: cn=Some Person3,ou=company1,c=Sweden,dc=jayway,dc=se
              
              dn: cn=ADMIN,ou=groups,dc=jayway,dc=se
              objectclass: top
              objectclass: groupOfUniqueNames
              cn: ADMIN
              uniqueMember: cn=Some Person2,ou=company1,c=Sweden,dc=jayway,dc=se
              
              dn: c=Sweden,dc=jayway,dc=se
              objectclass: top
              objectclass: country
              c: Sweden
              description: The country of Sweden
              
              dn: c=Norway,dc=jayway,dc=se
              objectclass: top
              objectclass: country
              c: Norway
              description: The country of Norway
              
              dn: ou=company1,c=Sweden,dc=jayway,dc=se
              objectclass: top
              objectclass: organizationalUnit
              ou: company1
              description: First company in Sweden
              
              dn: ou=company2,c=Sweden,dc=jayway,dc=se
              objectclass: top
              objectclass: organizationalUnit
              ou: company2
              description: Second company in Sweden
              
              dn: ou=company1,c=Norway,dc=jayway,dc=se
              objectclass: top
              objectclass: organizationalUnit
              ou: company1
              description: First company in Norway
              
              dn: cn=Some Person,ou=company1,c=Sweden,dc=jayway,dc=se
              objectclass: top
              objectclass: person
              objectclass: organizationalPerson
              objectclass: inetOrgPerson
              uid: some.person
              userPassword: password
              cn: Some Person
              sn: Person
              description: USER
              telephoneNumber: +46 555-123456
              
              dn: cn=Some Person2,ou=company1,c=Sweden,dc=jayway,dc=se
              objectclass: top
              objectclass: person
              objectclass: organizationalPerson
              objectclass: inetOrgPerson
              uid: some.person2
              userPassword: password
              cn: Some Person2
              sn: Person2
              description: USER
              description: ADMIN
              telephoneNumber: +46 555-654321
              
              dn: cn=Some Person3,ou=company1,c=Sweden,dc=jayway,dc=se
              objectclass: top
              objectclass: person
              objectclass: organizationalPerson
              objectclass: inetOrgPerson
              uid: some.person3
              userPassword: password
              cn: Some Person3
              sn: Person3
              description: USER
              telephoneNumber: +46 555-123654
              
              dn: cn=Some Person,ou=company2,c=Sweden,dc=jayway,dc=se
              objectclass: top
              objectclass: person
              objectclass: organizationalPerson
              objectclass: inetOrgPerson
              uid: some.person4
              userPassword: password
              cn: Some Person
              sn: Person
              description: USER
              telephoneNumber: +46 555-456321
              
              dn: cn=Some Person,ou=company1,c=Norway,dc=jayway,dc=se
              objectclass: top
              objectclass: person
              objectclass: organizationalPerson
              objectclass: inetOrgPerson
              uid: some.norwegian
              userPassword: password
              cn: Some Person
              sn: Person
              description: USER
              telephoneNumber: +45 555-654123

              Add new data:

              Code:
              C:\Program\OpenLDAP>ldapadd -D cn=Manager,dc=jayway,dc=se -w secret -x -f setup_data.ldif
              adding new entry "ou=groups,dc=jayway,dc=se"
              
              adding new entry "cn=USER,ou=groups,dc=jayway,dc=se"
              
              adding new entry "cn=ADMIN,ou=groups,dc=jayway,dc=se"
              
              adding new entry "c=Sweden,dc=jayway,dc=se"
              
              adding new entry "c=Norway,dc=jayway,dc=se"
              
              adding new entry "ou=company1,c=Sweden,dc=jayway,dc=se"
              
              adding new entry "ou=company2,c=Sweden,dc=jayway,dc=se"
              
              adding new entry "ou=company1,c=Norway,dc=jayway,dc=se"
              
              adding new entry "cn=Some Person,ou=company1,c=Sweden,dc=jayway,dc=se"
              
              adding new entry "cn=Some Person2,ou=company1,c=Sweden,dc=jayway,dc=se"
              
              adding new entry "cn=Some Person3,ou=company1,c=Sweden,dc=jayway,dc=se"
              
              adding new entry "cn=Some Person,ou=company2,c=Sweden,dc=jayway,dc=se"
              
              adding new entry "cn=Some Person,ou=company1,c=Norway,dc=jayway,dc=se"
              Last edited by ulsa; Jan 17th, 2007, 04:51 PM.

              Comment


              • #8
                Now that OpenLDAP works OK, let's make the changes required for running the spring-ldap-person sample using OpenLDAP instead of ApacheDS.

                1. Comment out the import element in src/main/webapp/WEB-INF/applicationContext.xml:

                Code:
                <!--	<import resource="apacheDsContext.xml"/>-->
                2. Change the userDn property in src/main/webapp/WEB-INF/ldap.properties:

                Change to this:
                Code:
                userDn=cn=Manager,dc=jayway,dc=se
                Note: It must be the full DN. "cn=Manager" is not enough.

                3. Clean up and build war.

                a) Remove any existing ldap-person in webapps (or wherever your wars are unpacked). Also clean any temp and work directories your web server might be using.

                b) Build a clean war:

                Code:
                C:\src\svn\spring-ldap\spring-ldap-person>ant clean war
                c) Install new war:

                Code:
                C:\src\svn\spring-ldap\spring-ldap-person>copy target\artifacts\war\ldap-person.war \java\jakarta-tomcat-5.0.28\webapps
                Note: When you start the web server, make sure you don't get a line in the log saying that setup_data.ldif was loaded. If that happens, you're still running an old version of the webapp, and it will overwrite the data in your OpenLDAP with ApacheDS-specific stuff. If that occurs, you must re-populate your OpenLDAP according to the previous post.

                Comment


                • #9
                  Hi Ulrik,
                  Thank you for the instructions. My problem with openLDAP was that I forgot to import 2 schemas (cosine and inetorgperson).
                  I think that the name of the property is "userName" and not "userDN", right?
                  The application is authenticating (I see in tomcat messages) but now it gives me access denied . (with both users).
                  Ill try to find out what is going on and post a reply here.

                  Thank you,

                  Julio Cesar

                  Comment


                  • #10
                    Originally posted by juliogodel View Post
                    Hi Ulrik,
                    Thank you for the instructions. My problem with openLDAP was that I forgot to import 2 schemas (cosine and inetorgperson).
                    I think that the name of the property is "userName" and not "userDN", right?
                    The application is authenticating (I see in tomcat messages) but now it gives me access denied . (with both users).
                    Ill try to find out what is going on and post a reply here.

                    Thank you,

                    Julio Cesar
                    All right Ulrik, I see now what is the problem. The roles in the setup_data.ldif file were wrong: "ROLE_ADMIN" should be only "ADMIN". Thank you.

                    Comment


                    • #11
                      Originally posted by juliogodel View Post
                      All right Ulrik, I see now what is the problem. The roles in the setup_data.ldif file were wrong: "ROLE_ADMIN" should be only "ADMIN". Thank you.
                      A last note: You need to run base_data.ldif before running setup_data.ldif. Its all running! Thank you again, Julio Cesar.

                      Comment


                      • #12
                        Originally posted by juliogodel View Post
                        I think that the name of the property is "userName" and not "userDN", right?
                        Yes, unless you're on Subversion trunk. In 1.2 it will be the more correct "userDn".

                        Comment


                        • #13
                          Originally posted by juliogodel View Post
                          A last note: You need to run base_data.ldif before running setup_data.ldif. Its all running! Thank you again, Julio Cesar.
                          The fact that the integration tests and the person sample both use very similar data sets confuses things for all of us, including me. We'll try to either make these identical, or make them so different that you won't confuse them.

                          Comment

                          Working...
                          X