I want to enable LDAP user authentication
for Roller 5.0.3. There are some relating tutorials for Roller 4 but seems not
working on the new spring security framework. I find some spring security 2
configuration examples, trying to figure it out with no success. Hoping someone
will help me...
this is my progress so far: I'm using an
openldap server with some testing account and added some properties in roller
custom setting file:
users.sso.enabled=true
users.sso.autoProvision.enabled=true
users.sso.registry.ldap.attributes.name=uid
users.sso.registry.ldap.attributes.screenname=cn
then I modified the security.xml:
<beans:bean id="contextSource"
class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
<beans:constructor-arg
value="ldap://localhost:389/dc=test,dc=com"; />
<beans:property
name="userDn" value="cn=Manager,dc=test,dc=com" />
<beans:property
name="password" value="111111" />
</beans:bean>
<beans:bean
id="ldapAuthProvider"
class="org.springframework.security.providers.ldap.LdapAuthenticationProvider">
<custom-authentication-provider
/>
<beans:constructor-arg>
<beans:bean
class="org.springframework.security.providers.ldap.authenticator.BindAuthenticator">
<beans:constructor-arg
ref="contextSource" />
<beans:property
name="userSearch" ref="userSearch" />
</beans:bean>
</beans:constructor-arg>
<beans:constructor-arg>
<beans:bean
class="org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator">
<beans:constructor-arg
ref="contextSource" />
<beans:constructor-arg
value="ou=Tester" />
<beans:property
name="searchSubtree" value="false" />
<beans:property
name="defaultRole" value="register" />
<beans:property
name="convertToUpperCase" value="false" />
<beans:property
name="groupRoleAttribute" value=""/>
<beans:property
name="rolePrefix" value="" />
</beans:bean>
</beans:constructor-arg>
</beans:bean>
<beans:bean id="userSearch"
class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
<beans:constructor-arg
index="0" value="" />
<beans:constructor-arg
index="1" value="(uid={0})" />
<beans:constructor-arg
index="2" ref="contextSource" />
<beans:property
name="searchSubtree" value="true" />
</beans:bean>
(Deploying roller with this configuration
will get error message "java.lang.NoClassDefFoundError:
com.sun.jndi.ldap.ctl.ResponseControlFactory", I found a solution at
http://www.chrissearle.org/2007/08/30/spring-ldap_and_NoClassDefFoundError_com_sun_jndi_ldap_ctl_ResponseControlFactory/)
Now when using ldap username/password the
page will jump to roller_j_security_check and display following error message:
500
Filter execution
threw an exception
Roller has
encountered and logged an unexpected exception.
Using a wrong password will get the same
error message, If entering a non-existed username/password roller will display
"Wrong username and password combination".
There are relating search messages in
openldap.log, maybe I just need some tweak to fix the problem? Does anyone have
any suggestions for solutions? thanks in advance.
