Win a copy of 97 Things Every Java Programmer Should Know this week in the Java in General forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
  • Campbell Ritchie
  • Paul Clapham
  • Jeanne Boyarsky
  • Junilu Lacar
  • Henry Wong
  • Ron McLeod
  • Devaka Cooray
  • Tim Cooke
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Frits Walraven
  • Tim Holloway
  • Carey Brown
  • Piet Souris
  • salvin francis
  • fred rosenberger

LDAP authentication only works for users in Administrators group

Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

I am trying to enable LDAP authentication in jforum. I am running it on Weblogic 9.2 server, with a Oracle backend. My LDAP server is an ADAM (Acvtive Directory Application Mode) instance.

Initially I defined a ActiveDirectoryProvider in my weblogic security realm (called myrealm), and updated the web.xml of jforum with the following:

But it did not work.

Then I modified the following in

Now the problem is that only users who belong to the Administrators group in my LDAP instance are reflected in the jforum application.

Any idea why?

My LDAP instance has all users under the following container:
and groups under the following container:

[originally posted on by rana]
Migrated From
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
A couple of thought here...

First, the authenticator (and SSO mechanism) only deal with the question: Is this user who they say they are? It does not deal with "What rights does this user have?" or "User information" issues. For a good post on this see: #18306

(and check my bookmarks for various other articles).

To answer the "is this user who the say they are" question, these mechanisms validate the user's credentials against the LDAP server and then adds a jForum user entry that matches the person's id (and maybe sets their e-mail address from LDAP).

So, in the jforum admin screens, you will only see the users who have logged into jforum. All the other users in LDAP are not "seen" by the admin screens (because they arent in jForum's db yet).

Perhaps this is what you are "seeing"?

Another possibility is due to the fact that the default LDAP code doesn't search any "sub-branches of the LDAP directory. It just creates a DN from the user id and the prefix and looks at this. Are the missing users in a sub-branch?

If this is the case, you'll need to modify the supplied code to do the search you need.

An alternative might be to go back to the container layer authentications (e.g. the web.xml stuff you were doing the first time). But add in the RemoteUser SSO code to jForum. This way, if the container security follows the specs, it would authenticate against LDAP and then set the user principal in the request object. The Remote User SSO code will use this to log in the user (and create a simple "jforum" user stub if needed).
[originally posted on by monroe]
You showed up just in time for the waffles! And this tiny ad:
Devious Experiments for a Truly Passive Greenhouse!
    Bookmark Topic Watch Topic
  • New Topic