Andreas, Thank you very much for sharing your notes here and on the Roller wiki!
- Dave On Mon, May 3, 2010 at 4:37 PM, Andreas Heizenreder <[email protected]> wrote: > Hello! > > I found a solution for my problem. The cause of error message is the by > default used > org.apache.roller.weblogger.ui.core.security.AuthoritiesPopulator as > jdbcAuthoritiesPopulator. It tries before populating the Roller DB with LDAP > user data to make a lookup for this user in DB. > > The solution is to use > org.acegisecurity.providers.ldap.populator.DefaultLdapAuthoritiesPopulator > as AuthoritiesPopulator: > > <bean id="ldapAuthProvider" > class="org.acegisecurity.providers.ldap.LdapAuthenticationProvider"> > <constructor-arg> > <bean > class="org.acegisecurity.providers.ldap.authenticator.BindAuthenticator"> > <constructor-arg ref="initialDirContextFactory"/> > <property name="userSearch" ref="ldapUserSearch"/> > </bean> > </constructor-arg> > <!-- <constructor-arg ref="jdbcAuthoritiesPopulator"/> --> > <constructor-arg ref="ldapAuthoritiesPopulator"/> > <property name="userCache" ref="userCache"/> > </bean> > > <bean id="ldapAuthoritiesPopulator" > class="org.acegisecurity.providers.ldap.populator.DefaultLdapAuthoritiesPopulator"> > <constructor-arg><ref > local="initialDirContextFactory"/></constructor-arg> > <constructor-arg value="ou=groups" /> > <property name="groupRoleAttribute" value="ou" /> > <property name="rolePrefix" value=""/> > <property name="convertToUpperCase" value="false"/> > </bean> > > Very important is also to set property "convertToUpperCase" to "false" to > avoid settings group names to upper case. > All user, who have to be able to login to Roller by their LDAP credentials > have to be added in LDAP to "register" and "editor"/"admin" groups. > > Also the line > > /roller-ui/user.do*=register > > have to be uncommented in "filterInvocationInterceptor". > > In roller-custom.properties I also have to add follow configurations: > > users.sso.registry.ldap.attributes.screenname=cn > # create LDAP authenticated user automatically in roller > users.sso.autoProvision.enabled=true > > And the biggest change was the Source change in > org.apache.roller.weblogger.ui.core.security.CustomUserRegistry.java:90. > This line have to be uncommented to avoid NullPointerExceptions by creation > process of LDAP User in Roller DB. And after new build of Roller from > changed source all started workig as it have to be. > > I hope my notes will you to integrate your Roller instance to LDAP. > > Andreas > > 2010/4/22 Andreas Heizenreder <[email protected]> > >> Hello! >> >> I am trying to integrate my Roller installation to Apache Directory Server >> as described under >> https://cwiki.apache.org/confluence/display/ROLLER/Roller+4.0+with+LDAP+and+CAS. >> And it works so long, as a user is present in both systems Roller and ADS. >> If a user from ADS not created in Roller tried to log in, it comes to an >> error "ERROR no user: ..." : >> >> DEBUG 2010-04-22 12:02:15,611 LdapAuthenticationProvider:retrieveUser - >> Retrieving user admin >> DEBUG 2010-04-22 12:02:15,611 DefaultInitialDirContextFactory:connect - >> Creating InitialDirContext with environment >> {java.naming.provider.url=ldap://localhost:10389/dc=example,dc=com, >> java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, >> java.naming.security.principal=uid=admin,ou=system, >> com.sun.jndi.ldap.connect.pool=true, >> java.naming.security.authentication=simple, >> java.naming.security.credentials=******} >> DEBUG 2010-04-22 12:02:15,627 FilterBasedLdapUserSearch:searchForUser - >> Searching for user 'admin', in context >> javax.naming.directory.initialdircont...@10936a1, with user search [ >> searchFilter: 'uid={0}', searchBase: '', scope: subtreesearchTimeLimit: >> 0derefLinkFlag: false ] >> DEBUG 2010-04-22 12:02:15,642 DefaultInitialDirContextFactory:connect - >> Creating InitialDirContext with environment >> {java.naming.provider.url=ldap://localhost:10389/dc=example,dc=com, >> java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, >> java.naming.security.principal=uid=admin,ou=system, >> com.sun.jndi.ldap.connect.pool=true, >> java.naming.security.authentication=simple, >> java.naming.security.credentials=******} >> DEBUG 2010-04-22 12:02:15,658 DefaultInitialDirContextFactory:connect - >> Creating InitialDirContext with environment >> {java.naming.provider.url=ldap://localhost:10389/dc=example,dc=com, >> java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, >> java.naming.security.principal=uid=admin,ou=People,dc=example,dc=com, >> java.naming.security.authentication=simple, >> java.naming.security.credentials=******} >> WARN 2010-04-22 12:02:15,689 LoggerListener:onApplicationEvent - >> Authentication event AuthenticationFailureServiceExceptionEvent: admin; >> details: org.acegisecurity.ui.webauthenticationdeta...@12afc: >> RemoteIpAddress: 127.0.0.1; SessionId: D09264A777DF96F742E0A6A16F52415D; >> exception: ERROR no user: admin; nested exception is >> org.acegisecurity.ldap.LdapDataAccessException: ERROR no user: admin >> >> I configure all setting from Tutorial and also tried the settings from >> http://mail-archives.apache.org/mod_mbox/roller-user/200908.mbox/%[email protected]%3e >> >> My installation parameters: >> - Apache Roller 4.0.1 >> - Apache Directory Server 1.5.6 >> - Apache Tomcat 6.0.26 >> - MySQL 5.0.67 >> >> Thanks, >> Andreas >> >> >
