Configuring LDAP in sling

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Configuring LDAP in sling

Zi Ming He
I would like to configure LDAP in sling. Currently I have:


org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapProviderConfig
    provider.name="LdapIdentityProvider"
    bind.dn=<my username>
    bind.password=<my password>
    host.hame=<my host name>
    host.port="389"
    user.baseDN=<my user base dn>

  org.apache.jackrabbit.oak.security.authentication.token.TokenLoginModule
    jaas.controlFlag="sufficient"

  org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModule
    jaas.controlFlag="sufficient"
    sync.handlerName="default"
    idp.name="ldap"

  org.apache.jackrabbit.oak.security.authentication.user.LoginModuleImpl
    jaas.controlFlag="sufficient"


in the sling.txt provisioning file (in distribution/src/main/provisioning). I have also tried using the above in the oak.txt provisioning file of the same directory.

When I attempt to log into the default Apache Sling login page with my username, I am rejected (and only admin:admin is accepted). What should I do to crrectly configure LDAP?

(note that everything in <> is a placeholder for confidentiality purposes).

Reply | Threaded
Open this post in threaded view
|

Re: Configuring LDAP in sling

Robert Munteanu-2
Him

On Wed, 2019-05-15 at 17:09 +0000, Zi Ming He wrote:
> I would like to configure LDAP in sling. Currently I have:
>
(snip)

I have not tried configuring LDAP for Sling yet. But, as a first
question, are there any suspicious entries in the error.log?

Thanks,

Robert

Reply | Threaded
Open this post in threaded view
|

Re: Configuring LDAP in sling

Zi Ming He
There does not appear to anything suspcious in error.log. I'm relatively new to this though, so if you want to examine my error.log my judgement may not be correct. If you want to examine my error.log, I can send you a copy of it.
________________________________
From: Robert Munteanu <[hidden email]>
Sent: Thursday, May 16, 2019 11:04 AM
To: [hidden email]
Subject: Re: Configuring LDAP in sling

Him

On Wed, 2019-05-15 at 17:09 +0000, Zi Ming He wrote:
> I would like to configure LDAP in sling. Currently I have:
>
(snip)

I have not tried configuring LDAP for Sling yet. But, as a first
question, are there any suspicious entries in the error.log?

Thanks,

Robert

Reply | Threaded
Open this post in threaded view
|

Re: Configuring LDAP in sling

Robert Munteanu-2
On Thu, 2019-05-16 at 21:23 +0000, Zi Ming He wrote:
> There does not appear to anything suspcious in error.log. I'm
> relatively new to this though, so if you want to examine my error.log
> my judgement may not be correct. If you want to examine my error.log,
> I can send you a copy of it.

I don't have any experience with Sling + LDAP, but feel free to send
the error.log file to me off-list if you think it contains sensitive
data.

Thanks,
Robert

Reply | Threaded
Open this post in threaded view
|

Re: Configuring LDAP in sling

Sergiu Dumitriu
Hi Robert,

We figured it out in the end. For reference, here's the configuration
needed: https://github.com/ccmbioinfo/lfs/pull/10/files

I think the problem was that after reading
https://jackrabbit.apache.org/oak/docs/security/authentication/ldap.html#LDAP_Configuration
we were misled into thinking that the configuration was supposed to be
written for
org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapProviderConfig
 instead of
org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapIdentityProvider

On 5/27/19 4:25 AM, Robert Munteanu wrote:

> On Thu, 2019-05-16 at 21:23 +0000, Zi Ming He wrote:
>> There does not appear to anything suspcious in error.log. I'm
>> relatively new to this though, so if you want to examine my error.log
>> my judgement may not be correct. If you want to examine my error.log,
>> I can send you a copy of it.
>
> I don't have any experience with Sling + LDAP, but feel free to send
> the error.log file to me off-list if you think it contains sensitive
> data.
>
> Thanks,
> Robert
>


--
Sergiu Dumitriu
http://purl.org/net/sergiu
Reply | Threaded
Open this post in threaded view
|

Re: Configuring LDAP in sling

Robert Munteanu-2
Hi Sergiu,

Glad to hear you got it figured out!

Thanks,

Robert

On Mon, 2019-05-27 at 11:51 -0400, Sergiu Dumitriu wrote:

> Hi Robert,
>
> We figured it out in the end. For reference, here's the configuration
> needed: https://github.com/ccmbioinfo/lfs/pull/10/files
>
> I think the problem was that after reading
> https://jackrabbit.apache.org/oak/docs/security/authentication/ldap.html#LDAP_Configuration
> we were misled into thinking that the configuration was supposed to
> be
> written for
> org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapProvi
> derConfig
>  instead of
> org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapIdent
> ityProvider
>
> On 5/27/19 4:25 AM, Robert Munteanu wrote:
> > On Thu, 2019-05-16 at 21:23 +0000, Zi Ming He wrote:
> > > There does not appear to anything suspcious in error.log. I'm
> > > relatively new to this though, so if you want to examine my
> > > error.log
> > > my judgement may not be correct. If you want to examine my
> > > error.log,
> > > I can send you a copy of it.
> >
> > I don't have any experience with Sling + LDAP, but feel free to
> > send
> > the error.log file to me off-list if you think it contains
> > sensitive
> > data.
> >
> > Thanks,
> > Robert
> >
>
>