I am trying to enable LDAP authentication in jforum. I am running it on Weblogic 9.2 server, with a Oracle backend. My LDAP server is an ADAM (Acvtive Directory Application Mode) instance.
Initially I defined a ActiveDirectoryProvider in my weblogic security realm (called myrealm), and updated the web.xml of jforum with the following:
But it did not work.
Then I modified the following in SystemGlobal.properties:
Now the problem is that only users who belong to the Administrators group in my LDAP instance are reflected in the jforum application.
Any idea why?
My LDAP instance has all users under the following container:
CN=Users,CN=TopContainer and groups under the following container:
[originally posted on jforum.net by rana]
Migrated From Jforum.net
Joined: Apr 22, 2012
A couple of thought here...
First, the authenticator (and SSO mechanism) only deal with the question: Is this user who they say they are? It does not deal with "What rights does this user have?" or "User information" issues. For a good post on this see:
(and check my bookmarks for various other articles).
To answer the "is this user who the say they are" question, these mechanisms validate the user's credentials against the LDAP server and then adds a jForum user entry that matches the person's id (and maybe sets their e-mail address from LDAP).
So, in the jforum admin screens, you will only see the users who have logged into jforum. All the other users in LDAP are not "seen" by the admin screens (because they arent in jForum's db yet).
Perhaps this is what you are "seeing"?
Another possibility is due to the fact that the default LDAP code doesn't search any "sub-branches of the LDAP directory. It just creates a DN from the user id and the prefix and looks at this. Are the missing users in a sub-branch?
If this is the case, you'll need to modify the supplied code to do the search you need.
An alternative might be to go back to the container layer authentications (e.g. the web.xml stuff you were doing the first time). But add in the RemoteUser SSO code to jForum. This way, if the container security follows the specs, it would authenticate against LDAP and then set the user principal in the request object. The Remote User SSO code will use this to log in the user (and create a simple "jforum" user stub if needed). [originally posted on jforum.net by monroe]
subject: LDAP authentication only works for users in Administrators group