Ticket #3 (closed bug: fixed)

Opened 4 years ago

Last modified 21 months ago

Active Directory (LDAP) authentication [SF Bug 1677143]

Reported by: kohlhaas Owned by: kohlhaas
Priority: major Milestone: 1.3.2
Version: 1.3.2-RC1 Keywords:
Cc:

Description (last modified by kohlhaas) (diff)

Active Directory (LDAP) authentication Private: (?)
No

I tried to configure rapla with Active Directory (windows 2003):

<plugin connectionPassword="ad123" userSearch="(sAMAccountName={0})"
enabled="true" class="org.rapla.plugin.jndi.JNDIPlugin"
userCn="sAMAccountName" contextFactory="com.sun.jndi.ldap.LdapCtxFactory"
userMail="userPrincipalName" connectionURL="ldap://192.168.36.35:389"
connectionName="CN=PortalAccountResolver,CN=Users,DC=mydomain,DC=com"
userBase="CN=Users,DC=mydomain,DC=com"/>

This is the best setup I managed to create, because it recognizes the
password
but:

when the Active directory password is correct I get a popup :

"Object for id [org.rapla.entities.User_2] not found"

on next try: User_3, User_4 and so on. When incorrent a popup with:

"Login failed"

I tried rapla 1.3 and latest CVS 1.3.1 version with tomcat 5.5.

Any advice? Is it a bug in config or in Rapla?

Change History

  Changed 4 years ago by kohlhaas

We've found the same problem. The question is that when a user is
authenticated using LDAP the user is not created in the local database.
I've include a not very elegant path in the Server Service Impl that creates
the entry in the local database after a successful login.

  Changed 4 years ago by kohlhaas

Its a bug in rapla. You may avoid by creating the user manually, but I
havent tried because I have no access to a running ldap server in the
moment. Fix planned for next version

  Changed 4 years ago by kohlhaas

  • status changed from new to accepted

  Changed 4 years ago by kohlhaas

  • description modified (diff)

  Changed 4 years ago by kohlhaas

  • summary changed from Active Directory (LDAP) authentication [SF Bug 1677143 ] to Active Directory (LDAP) authentication [SF Bug 1677143]

  Changed 3 years ago by Mikael Kermorgant <mikael.kermorgant@…>

The fact that authentification fails if the user doesn't exist in rapla's local database could also be an easy way to restrict who can access the rapla gui.

Only user created in rapla by the administrator could login, authentication being done by the ldap server.

If user is automatically created in rapla's database, this restriction would have to enforced by another way (could be an ldap filter or a group membership in the ldap directory).

  Changed 3 years ago by kohlhaas

  • milestone set to 1.4

  Changed 3 years ago by kohlhaas

  • milestone changed from 1.4 to 1.3.2

  Changed 3 years ago by kohlhaas

  • status changed from accepted to closed
  • resolution set to fixed

(In [1331]) closes #3

  Changed 3 years ago by kohlhaas

  • version changed from 1.3 to 1.3.2-RC1

  Changed 22 months ago by Elpqibpy

comment1,

in reply to: ↑ 2005   Changed 22 months ago by Fpubjuuh

comment4,

in reply to: ↑ 2005   Changed 22 months ago by Jnvskbwr

comment2,

  Changed 21 months ago by SmithJ

dQctBm Lol lol lool lol ha-ha! Lol lol lol?

Note: See TracTickets for help on using tickets.