• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Problems setting up JForum with LDAP

 
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I'm having some problems integrating JForum with our local LDAP repository. I've read the documentation, and followed the guide to making modifications to SystemGlobals.properties, which looks as follows:



After I'd set this up and restarted the application, there no longer appeared to be any way to log in to JForum - you are stuck as the Anonymous user without any way to log in and test your LDAP connection. In addition, the documentation makes reference to this being expected - but this makes no sense.... how are you supposed to log in without any login form or login page? Is JForum configured with LDAP completely dependent upon it being part of another site?

I really don't get it..
[originally posted on jforum.net by jsp1611]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
There are two methods of doing external authentication:

The first (which I think you want) is to use JForum's own login screen, but validate the id and password against a non-jforum user database. If the user is validated, a jforum user entry is automatically created for them.

This is done via a class that implements the LoginAuthenticator interface. Like the LDAPAuthenticator class.

The minimum needed to set this up in your config are the following properties.



NOTE: You have the authenticatin type set to sso above.

The other external authentication method is to use Single Sign On (SSO). This assumes that your main application is going to have the login screen and be passing information about the authenticated user to jforum. To do this, you need to have a class that implements the SSO interface (e.g. RemoteUserSSO).

The minimum properties for this are:



[originally posted on jforum.net by monroe]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks very much for taking the time to reply. What you've said makes a lot more sense than what I thought was the case.

I've been reading up on LDAP over the last couple of days, and trying to understand how it functions, and how it's accessed via JNDI. I've also been looking at the source for LDAPAuthenticator, as I've been having problems in getting the connection to Active Directory working. I can see a few problems with the class as it stands:

1. The initial connection to the LDAP repository is made using the credentials of the user who is logging in - this means that when an exception is thrown, you cannot tell if the problem is with the connection itself, or with the users credentials.
2. Possibly as a result of the above, logging has been omitted from the class. This makes diagnosis of LDAP connection problems difficult.

I've written a quick replacement for the class; which works well with Apache Directory server; although it still doesn't work with our local Active Directory install - I think this is because of Active Directory. The approach is different - you connect with an administrative account (in the same way you would with, say, JDBC), run a search on the username supplied, and if you get something back, reconnect to the repository as that user. This allows you to differentiate between situations where there's a problem with the LDAP setup, and where the user has supplied an incorrect username or password.

This is still a work in progress until I can confirm it works with AD; but here you go:



I made some changes to the LDAP section of the props file as well.



If I figure out what the problem is with AD, I'll let you know.
[originally posted on jforum.net by jsp1611]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Forget what I said in the above post about Active Directory - this class works perfectly well with Active Directory, I was just using the wrong authentication details!

The above class has the added benefit that you no longer need any AD specific properties in your props file! Source code; yours if you want it.
[originally posted on jforum.net by jsp1611]
 
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

Do i need to configure any thing for LDAP other than SystemGlobals.properties file in JForum1.9 to activate the LDAP in the forum. If so kindly please explain me the sequence of steps to do.

Regards,
Sri
 
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I'm sorry guys, but I need an information.

how did you change the LDAPAuthenticato.class ?
I couldn't change it.

Thank you.

please reply it soon, I really need your help.
 
reply
    Bookmark Topic Watch Topic
  • New Topic