Hi again, Thank you for your input Pierre, it was certainly valuable, at least to help us understand a bit better what each parameter does on the web.xml file. After checking some of the links you provided (most of the others we already had) and retrying with some different parameters, we still get the same error: "ERROR 43:16 FilterLdap> A initThisSubclass() deferring to super". This is when we start the Fedora server.
Anyone else with some clues regarding this error? Thanks in advance! > From: Pierre-Yves JALLUD <[EMAIL PROTECTED]> > Date: 2008/12/9 > Subject: Re: [Fedora-commons-users] Authenticating with LDAP > To: > Cc: fedora-commons-users@lists.sourceforge.net > > > Tiago Cunha a écrit : > >> Hi, >> >> We're trying to configure Fedora to authenticate users using a LDAP server >> on a remote machine. After reading the manual and discussing the >> configurable parameters with the LDAP administrator, we still aren't >> completely sure of what parameters should be included in the web.xml file. >> >> We also get the following error when we start the Fedora server: "ERROR >> 43:16 FilterLdap> A initThisSubclass() deferring to super" >> We aren't sure this is serious or more of a warning from the server. Where >> can we get more information about this message? >> >> We would also like to know if there's any way we can verify a configuration >> is working properly. For instance, will a correct configuration allow us to >> use LDAP users to login into the fedora client app? Or is it something we >> will only see into effect once we add some policies that use LDAP-related >> attributes? >> >> This is our current LDAP configuration on web.xml: >> >> <filter> >> <filter-name>LdapFilterForAttributes</filter-name> >> >> <filter-class>fedora.server.security.servletfilters.ldap.FilterLdap</filter-class> >> <init-param> >> <param-name>authenticate</param-name> >> <param-value>true</param-value> >> </init-param> >> <init-param> >> <param-name>url</param-name> >> <param-value>ldap://our-machine-name-here:389/</param-value> >> </init-param> >> <init-param> >> <param-name>search-base</param-name> >> <param-value>ou=Users,dc=dummy,dc=pt</param-value> >> </init-param> >> <init-param> >> <param-name>search-filter</param-name> >> <param-value>(cn={0})</param-value> >> </init-param> >> <init-param> >> <param-name>id-attribute</param-name> >> <param-value>cn</param-value> >> </init-param> >> <init-param> >> <param-name>attributes</param-name> >> <param-value>cn</param-value> >> </init-param> >> </filter> >> >> > > I don't know if this will resolve your problems, but I succeed to use > ldap authentication adding those parameters: > > > <filter> > <filter-name>LdapFilterForAttributes</filter-name> > > <filter-class>fedora.server.security.servletfilters.ldap.FilterLdap</filter-class> > <display-name>Fedora Authentication LDAP</display-name> > <init-param> > <param-name>version</param-name> > <param-value>3</param-value> > </init-param> > <init-param> > <param-name>authenticate</param-name> > <param-value>true</param-value> > </init-param> > <init-param> > <param-name>security-authentication</param-name> > <param-value>simple</param-value> > </init-param> > <init-param> > <param-name>security-principal</param-name> > <param-value>AUser,ou=InAOu</param-value> > </init-param> > <init-param> > <param-name>security-credentials</param-name> > <param-value>hispwd</param-value> > </init-param> > > <init-param> > <param-name>id-attribute</param-name> > <param-value>uid</param-value> > </init-param> > <init-param> > <param-name>bind-filter</param-name> > > <param-value>uid={0},ou=organisation,dc=your,dc=site,dc=org</param-value> > </init-param> > > <init-param> > <param-name>url</param-name> > <param-value>ldap://yourmachine:389</param-value> > </init-param> > <init-param> > <param-name>search-base</param-name> > <param-value>ou=organisation,dc=your,dc=site,dc=org</param-value> > </init-param> > <init-param> > <param-name>search-filter</param-name> > <param-value>(uid={0})</param-value> > </init-param> > > <init-param> > <param-name>attributes</param-name> > <param-value>ou</param-value> > </init-param> > > AND don't forget: > > <filter-mapping> > <filter-name>LdapFilterForAttributes</filter-name> > <url-pattern>/*</url-pattern> > </filter-mapping> > > > With my config, you can authenticate with any user under the > search-base. I will probably add group filters... but it's the next > step. > Maybe you can also find solutions on the following links: > > https://fedora-commons.org/confluence/display/FCR30/Securing+Your+Fedora+Repository > https://fedora-commons.org/confluence/display/FCR30/Fedora+Authorization+with+XACML+Policy+Enforcement > https://fedora-commons.org/confluence/display/FCR30/Fedora+XACML+Policy+Writing+Guide > http://fedora.info/confluence/display/FEDINFO/Authenticating+Fedora+2.2+against+LDAP > http://www.muradora.org/muradora/wiki/LdapAuthentication > http://www.muradora.org/muradora/wiki/LdapFilterBSB > > ... :o)) ... there are many pages to read... but it's often interesting!! > > > Best regards > > Pierre-Yves > > ------------------------------------------------------------------------------ > SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. > The future of the web can't happen without you. Join us at MIX09 to help > pave the way to the Next Web now. Learn more and register at > http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ > _______________________________________________ > Fedora-commons-users mailing list > Fedora-commons-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/fedora-commons-users > ------------------------------------------------------------------------------ SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ _______________________________________________ Fedora-commons-users mailing list Fedora-commons-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fedora-commons-users
