File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes JForum and the fly likes LDAP authentication only works for users in Administrators group Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » JForum
Bookmark "LDAP authentication only works for users in Administrators group" Watch "LDAP authentication only works for users in Administrators group" New topic
Author

LDAP authentication only works for users in Administrators group

Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
Hi,

I am trying to enable LDAP authentication in jforum. I am running it on Weblogic 9.2 server, with a Oracle backend. My LDAP server is an ADAM (Acvtive Directory Application Mode) instance.

Initially I defined a ActiveDirectoryProvider in my weblogic security realm (called myrealm), and updated the web.xml of jforum with the following:



But it did not work.
-----------------------------------------------------

Then I modified the following in SystemGlobal.properties:


Now the problem is that only users who belong to the Administrators group in my LDAP instance are reflected in the jforum application.

Any idea why?


My LDAP instance has all users under the following container:
CN=Users,CN=TopContainer
and groups under the following container:
CN=Roles,CN=TopContainer



[originally posted on jforum.net by rana]
Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
A couple of thought here...

First, the authenticator (and SSO mechanism) only deal with the question: Is this user who they say they are? It does not deal with "What rights does this user have?" or "User information" issues. For a good post on this see:

http://www.coderanch.com/t/577916 #18306

(and check my bookmarks for various other articles).

To answer the "is this user who the say they are" question, these mechanisms validate the user's credentials against the LDAP server and then adds a jForum user entry that matches the person's id (and maybe sets their e-mail address from LDAP).

So, in the jforum admin screens, you will only see the users who have logged into jforum. All the other users in LDAP are not "seen" by the admin screens (because they arent in jForum's db yet).

Perhaps this is what you are "seeing"?

Another possibility is due to the fact that the default LDAP code doesn't search any "sub-branches of the LDAP directory. It just creates a DN from the user id and the prefix and looks at this. Are the missing users in a sub-branch?

If this is the case, you'll need to modify the supplied code to do the search you need.

An alternative might be to go back to the container layer authentications (e.g. the web.xml stuff you were doing the first time). But add in the RemoteUser SSO code to jForum. This way, if the container security follows the specs, it would authenticate against LDAP and then set the user principal in the request object. The Remote User SSO code will use this to log in the user (and create a simple "jforum" user stub if needed).
[originally posted on jforum.net by monroe]
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: LDAP authentication only works for users in Administrators group
 
Similar Threads
Get Error messages/Exceptions from Active Directory Server(ADS) with Weblogic 9.2
Windwos Authentication using local window xp users and Tomcat (Prompt window to the users)
war, weblogic 8.1 and security realm's
Tomcat 7.0.20 authentication w/ LDAP
How to configure Tomcat for authentication against Active Directory of Windows Server 2003