permaculture playing cards*
The moose likes JForum and the fly likes Problems setting up JForum with LDAP Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of OCM Java EE 6 Enterprise Architect Exam Guide this week in the OCMJEA forum!
JavaRanch » Java Forums » Products » JForum
Bookmark "Problems setting up JForum with LDAP" Watch "Problems setting up JForum with LDAP" New topic
Author

Problems setting up JForum with LDAP

Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
I'm having some problems integrating JForum with our local LDAP repository. I've read the documentation, and followed the guide to making modifications to SystemGlobals.properties, which looks as follows:



After I'd set this up and restarted the application, there no longer appeared to be any way to log in to JForum - you are stuck as the Anonymous user without any way to log in and test your LDAP connection. In addition, the documentation makes reference to this being expected - but this makes no sense.... how are you supposed to log in without any login form or login page? Is JForum configured with LDAP completely dependent upon it being part of another site?

I really don't get it..
[originally posted on jforum.net by jsp1611]
Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
There are two methods of doing external authentication:

The first (which I think you want) is to use JForum's own login screen, but validate the id and password against a non-jforum user database. If the user is validated, a jforum user entry is automatically created for them.

This is done via a class that implements the LoginAuthenticator interface. Like the LDAPAuthenticator class.

The minimum needed to set this up in your config are the following properties.



NOTE: You have the authenticatin type set to sso above.

The other external authentication method is to use Single Sign On (SSO). This assumes that your main application is going to have the login screen and be passing information about the authenticated user to jforum. To do this, you need to have a class that implements the SSO interface (e.g. RemoteUserSSO).

The minimum properties for this are:



[originally posted on jforum.net by monroe]
Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
Thanks very much for taking the time to reply. What you've said makes a lot more sense than what I thought was the case.

I've been reading up on LDAP over the last couple of days, and trying to understand how it functions, and how it's accessed via JNDI. I've also been looking at the source for LDAPAuthenticator, as I've been having problems in getting the connection to Active Directory working. I can see a few problems with the class as it stands:

1. The initial connection to the LDAP repository is made using the credentials of the user who is logging in - this means that when an exception is thrown, you cannot tell if the problem is with the connection itself, or with the users credentials.
2. Possibly as a result of the above, logging has been omitted from the class. This makes diagnosis of LDAP connection problems difficult.

I've written a quick replacement for the class; which works well with Apache Directory server; although it still doesn't work with our local Active Directory install - I think this is because of Active Directory. The approach is different - you connect with an administrative account (in the same way you would with, say, JDBC), run a search on the username supplied, and if you get something back, reconnect to the repository as that user. This allows you to differentiate between situations where there's a problem with the LDAP setup, and where the user has supplied an incorrect username or password.

This is still a work in progress until I can confirm it works with AD; but here you go:



I made some changes to the LDAP section of the props file as well.



If I figure out what the problem is with AD, I'll let you know.
[originally posted on jforum.net by jsp1611]
Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
Forget what I said in the above post about Active Directory - this class works perfectly well with Active Directory, I was just using the wrong authentication details!

The above class has the added benefit that you no longer need any AD specific properties in your props file! Source code; yours if you want it.
[originally posted on jforum.net by jsp1611]
Sri mutyala
Greenhorn

Joined: Oct 01, 2012
Posts: 6
Hi,

Do i need to configure any thing for LDAP other than SystemGlobals.properties file in JForum1.9 to activate the LDAP in the forum. If so kindly please explain me the sequence of steps to do.

Regards,
Sri
edward daniel
Greenhorn

Joined: Feb 19, 2013
Posts: 1
I'm sorry guys, but I need an information.

how did you change the LDAPAuthenticato.class ?
I couldn't change it.

Thank you.

please reply it soon, I really need your help.
 
Don't get me started about those stupid light bulbs.
 
subject: Problems setting up JForum with LDAP