• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
  • Campbell Ritchie
  • Liutauras Vilda
  • Tim Cooke
  • Jeanne Boyarsky
  • Bear Bibeault
  • Knute Snortum
  • paul wheaton
  • Devaka Cooray
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Ron McLeod
  • Piet Souris
  • Ganesh Patekar
  • Tim Holloway
  • Carey Brown
  • salvin francis

LDAP authentication only works for users in Administrators group

Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

I am trying to enable LDAP authentication in jforum. I am running it on Weblogic 9.2 server, with a Oracle backend. My LDAP server is an ADAM (Acvtive Directory Application Mode) instance.

Initially I defined a ActiveDirectoryProvider in my weblogic security realm (called myrealm), and updated the web.xml of jforum with the following:

But it did not work.

Then I modified the following in SystemGlobal.properties:

Now the problem is that only users who belong to the Administrators group in my LDAP instance are reflected in the jforum application.

Any idea why?

My LDAP instance has all users under the following container:
and groups under the following container:

[originally posted on jforum.net by rana]
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
A couple of thought here...

First, the authenticator (and SSO mechanism) only deal with the question: Is this user who they say they are? It does not deal with "What rights does this user have?" or "User information" issues. For a good post on this see:

http://www.coderanch.com/t/577916 #18306

(and check my bookmarks for various other articles).

To answer the "is this user who the say they are" question, these mechanisms validate the user's credentials against the LDAP server and then adds a jForum user entry that matches the person's id (and maybe sets their e-mail address from LDAP).

So, in the jforum admin screens, you will only see the users who have logged into jforum. All the other users in LDAP are not "seen" by the admin screens (because they arent in jForum's db yet).

Perhaps this is what you are "seeing"?

Another possibility is due to the fact that the default LDAP code doesn't search any "sub-branches of the LDAP directory. It just creates a DN from the user id and the prefix and looks at this. Are the missing users in a sub-branch?

If this is the case, you'll need to modify the supplied code to do the search you need.

An alternative might be to go back to the container layer authentications (e.g. the web.xml stuff you were doing the first time). But add in the RemoteUser SSO code to jForum. This way, if the container security follows the specs, it would authenticate against LDAP and then set the user principal in the request object. The Remote User SSO code will use this to log in the user (and create a simple "jforum" user stub if needed).
[originally posted on jforum.net by monroe]
sunglasses are a type of coolness prosthetic. Check out the sunglasses on this tiny ad:
create, convert, edit or print DOC and DOCX in Java
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!