Re: [uportal-dev] Anyone got SmartLDAP successfully working in uPortal 3.1?

Tue, 03 Nov 2009 08:23:51 -0800

We are using an implementation of IPersonAttributeDao written here by Joe Valerio.  We planned to contribute this and so I just checked in into jasig sandbox: https://www.ja-sig.org/svn/sandbox/AdGroupsPersonAttributeDao.  (Need to figure out the right way to package it since it sort of belongs in PersonDirectory but that seems to be deprecated.)  We are not getting any other attributes from ldap so I made config changes:
  1. ldapContext to point to Ad
  2. personDirectoryContext added bean configured as in the test-context.xml and added it to the list of merging personAttributeDaos
  3. in SmartLdapGroupStoreContext added ldap context again and basedn for ou of groups we are interested in.
The reason for the 2 contests is that the portal gets the groups when it starts and those then appear in groups manager like PAGS groups.  When a person logs in it uses the person directory ldap config to get all the groups for that user.  Using this DAO both mechanisms are constrained to the ou defined in groupBaseDn / basedn.

I cc Joe here who is ldap guru but not on the uPortal lists.
Susan

Susan Bramhall wrote:
Sorry - I missed the original post.  Studying now...

Gherna, Andrew Robert wrote: 
In uPortal 3.1.1, the parts it looks like I'm having trouble with is org/jasig/portal/groups/smartldap/SmartLdapGroupStore.java.  The line in my original post calls the (deprecated) org/jasig/portal/services/PersonDirectory.java which gets the IPersonAttributeDAO.  The implementation we are using is OverwritingPersonAttributeDao which calls into the PersonDirectroy api.


On 11/3/09 8:57 AM, "Eric Dalquist" <eric.dalqu...@doit.wisc.edu> wrote:

Could you detail the changes since it sounds like Andy is having problems getting it working at all?

Also, where is the source for this thing since it isn't part of uPortal right now?

-Eric

Susan Bramhall wrote:
Yes.  We're using it and made some changes to allow it to look for groups only in certain OUs.  Love it.
Susan

Gherna, Andrew Robert wrote:

Hi all,

Apologies for cross-posting, but this seems like a developer issue to me.

Andy


------ Forwarded Message
From: Andy Gherna <aghe...@illinois.edu> <mailto:aghe...@illinois.edu>
Reply-To: <uportal-u...@lists.ja-sig.org> <mailto:uportal-u...@lists.ja-sig.org>
Date: Mon, 2 Nov 2009 20:52:56 -0600
To: <uportal-u...@lists.ja-sig.org> <mailto:uportal-u...@lists.ja-sig.org>
Subject: Re:[uportal-user] Anyone got SmartLDAP successfully working in uPortal 3.1?



We are having problems with this too.  The cause is in SmartLdapGroupStore,
specifically in the findContainingGroups method.  Here's how we came across
it.

We are initializing uPortal 3.1.1.  SmartLdap is configured via
SmartLdapGroupStoreConfig.xml and turned on in compositeGroupServices.xml.
We are running the initportal target in the ant file.  Everything goes well
until it's time to import channels into the database.

When channels are published, any old channel data is deleted from the
database.  Part of this process is collecting the categories from the
ChannelRegistryStore that the channel was originally published under so that
they can be removed from the channel definition.  Part of retrieving the
categories is to iterate through any child groups and their containing
groups.  When SmartLdap is turned on, these groups are not empty (we have a
connection to the backing store and SmartLdap has read through the groups it
can access and has cached them by now).  This is when findContainingGroups
is called.

The findContainingGroups code notices that the GroupMember it's passed is an
entity.  So, it builds an IPerson object.  This is the key part.  The
IPerson is empty.  A Map of Attributes is built from this line:

Map<String,List> attr =
PersonDirectory.getPersonAttributeDao().getMultivaluedUserAttributes(seed);

The value of seed (which is itself a Map of Lists keyed by a String) in this
case is a single-valued List containing the key of an EntityIdentifier (I'm
assuming a channel ID).  This Map is passed into the IPerson's (which
through debugging we saw that it's PersonImpl) setAttributes method.  This
method expects to be able to iterate over the Set of Entry objects in the
attr Map.  In the for() statement, the NullPointerException is thrown.  So
there's something going on with the way this attr Map is being built.

>From a SmartLdap standpoint, what should be brought back from the call to
PersonDirectory.getPersonAttributeDao().getMultivaluedUserAttributes(Map)?
Could this be a configuration problem or is it deeper than that?


Eric Dalquist wrote:



So it looks like SmartLDAP is trying to call PersonImpl.setAttributes
and pass in NULL. The method was refactored for 3.0 but the old method
would have failed in the same way.

Where is the source for SmartLDAP?

-Eric

Domazlicky, Eric wrote:



Has anyone got SmartLDAP to work in uPortal 3.1 with Active Directory?
I tried setting it up in a configuration that seems right and then run
"ant initportal". Importing the groups seems to go well but importing
channels and other default objects seems to fail with this error:



     [java] Caused by: java.lang.NullPointerException

     [java]     at
org.jasig.portal.security.provider.PersonImpl.setAttributes(P

ersonImpl.java:153)

     [java]     at
org.jasig.portal.groups.smartldap.SmartLdapGroupStore.findCon

tainingGroups(SmartLdapGroupStore.java:167)

     [java]     at
org.jasig.portal.groups.ReferenceIndividualGroupService.findC

ontainingGroups(ReferenceIndividualGroupService.java:193)

     [java]     at
org.jasig.portal.groups.ReferenceCompositeGroupService.findCo

ntainingGroups(ReferenceCompositeGroupService.java:62)

     [java]     at
org.jasig.portal.groups.GroupMemberImpl.initializeContainingG

roupKeys(GroupMemberImpl.java:267)



If I go ahead and start the Portal and login I get basically the exact
same error upon logging in via a CAS server that uses our LDAP/AD
server for authentication.




--

You are currently subscribed to uportal-u...@lists.ja-sig.org as:
eric.dalqu...@doit.wisc.edu
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/uportal-user








--
View this message in context: http://n4.nabble.com/Anyone-got-SmartLDAP-successfully-working-in-uPortal-3-1-tp271700p360887.html
Sent from the uPortal Users mailing list archive at Nabble.com.

---
You are currently subscribed to uportal-u...@lists.ja-sig.org as: aghe...@illinois.edu
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/uportal-user


------ End of Forwarded Message

--

Susan Bramhall (susan.bramh...@yale.edu)
Senior Developer, Infrastructure Systems and Architecture (formerly T&P)
Yale University Information Technology Services (ITS)
25 Science Park, 150 Munson St, New Haven, CT 06520
Phone:  203 432 6697

-- 

You are currently subscribed to uportal-dev@lists.ja-sig.org as: susan.bramh...@yale.edu
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/uportal-dev

--

Susan Bramhall (susan.bramh...@yale.edu)
Senior Developer, Infrastructure Systems and Architecture (formerly T&P)
Yale University Information Technology Services (ITS)
25 Science Park, 150 Munson St, New Haven, CT 06520
Phone:  203 432 6697

-- 

You are currently subscribed to uportal-dev@lists.ja-sig.org as: arch...@mail-archive.com
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/uportal-dev

Reply via email to