connecting irplus to a active directory
37 views
Skip to first unread message
jmg
Apr 26, 2011, 4:08:42 PM4/26/11
to irplus
I am having trouble connecting irplus to active directory.
Normally you have to enter an account and verify it with a password.
#ldap configuration^M
external.authentication.enabled = true^M
external.account.type.name = ldapaccount^M
ldap.server.location = ldap://activedirectory:389/^M
user.dn = dc=ldapserver,dc=ca^M
"ir_plus.properties" 78 lines, 2688 characters
has anyone connected irplus to active directory.
Please send me your section in ir_plus.properties
thanks, John
Normally you have to enter an account and verify it with a password.
#ldap configuration^M
external.authentication.enabled = true^M
external.account.type.name = ldapaccount^M
ldap.server.location = ldap://activedirectory:389/^M
user.dn = dc=ldapserver,dc=ca^M
"ir_plus.properties" 78 lines, 2688 characters
has anyone connected irplus to active directory.
Please send me your section in ir_plus.properties
thanks, John
Nate Sarr
Apr 26, 2011, 5:29:15 PM4/26/11
to irp...@googlegroups.com
Hi John,
We connect using active directory. Connecting via active directory is a little tricky and takes a few steps to configure.
Here are the steps to do it:
1. You will want to add the following to your ir_plus.properties file so you are not connecting anonymously
and you will want to give the external connection type a name:
external.account.type.name = active_directory
[Note: You will need to change the DC and OU values to what ever you need - the important part is the end sAMAccountName also
objectClass usually equals user but can sometimes be a different value]
ldap2.server.location = ldap://[ldap location]/DC=blah,DC=foo,DC=edu?sAMAccountName?sub?(objectClass=user)
user.dn = [user_name]
ldap.password = [your_password]
[Note: make sure the user above can look-up users in the directory]
2. You will need to modify the acegi-security.xml file. There are two ways to do this.
a. Modify the file in the unzipped directory and rebuild. Located here:
[unzip_dir]/ir_web/spring-config/local/acegi-security.xml
b. Modify the file in the in the webapps directory - this will allow you to restart the server each time to test your changes
without having to rebuild and may be faster for testing and then copy your changes back into the unzipped directory when things are working.
Just make sure you are making the changes in the same spots for both the ir_plus.properties file and acegi-security.xml:
$CATALINA_HOME/webapps/ir_plus/WEB-INF/acegi-security.xml
In this file change the following:
<!-- context source for connecting to the LDAP directory -->
<bean id="contextSource"
class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
<constructor-arg value="${ldap.server.location}"/>
<property name="userDn" value="${user.dn}"/>
<property name="anonymousReadOnly" value="true"/>
</bean>
to:
<bean id="contextSource"
class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
<constructor-arg value="${ldap.server.location}"/>
<property name="userDn" value="${user.dn}"/>
<property name="password" value="${ldap.password}"/>
</bean>
Also change the following:
<!-- user search for the LDAP directory -->
<bean id="userSearch"
class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
<constructor-arg index="0" value=""/>
<constructor-arg index="1" value="(uid={0})"/>
<constructor-arg index="2" ref="contextSource" />
</bean>
to:
<!-- user search for the LDAP directory -->
<bean id="userSearch"
class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
<constructor-arg index="0" value=""/>
<constructor-arg index="1" value="(sAMAccountName={0})"/>
<constructor-arg index="2" ref="contextSource" />
<property name="searchSubtree" value="true" />
</bean>
3. Restart tomcat after you have made all of the changes - [if you are making the changes in the unzip directory (option a) you will need to rebuild the war file
and delete the old war file and ir_plus directory in $CATALINA_HOME/webapps/
4. You will need to log in to IR+ as the administrator and add the new
external account to IR+.
administrator->External Account Types
Select the Add New Account Type button and create the new external account type with the name set above in the properties file in this case it would be:
active_directory
I hope this helps and let me know how it goes or if you have any questions.
-Nate
We connect using active directory. Connecting via active directory is a little tricky and takes a few steps to configure.
Here are the steps to do it:
1. You will want to add the following to your ir_plus.properties file so you are not connecting anonymously
and you will want to give the external connection type a name:
external.account.type.name = active_directory
[Note: You will need to change the DC and OU values to what ever you need - the important part is the end sAMAccountName also
objectClass usually equals user but can sometimes be a different value]
ldap2.server.location = ldap://[ldap location]/DC=blah,DC=foo,DC=edu?sAMAccountName?sub?(objectClass=user)
user.dn = [user_name]
ldap.password = [your_password]
[Note: make sure the user above can look-up users in the directory]
2. You will need to modify the acegi-security.xml file. There are two ways to do this.
a. Modify the file in the unzipped directory and rebuild. Located here:
[unzip_dir]/ir_web/spring-config/local/acegi-security.xml
b. Modify the file in the in the webapps directory - this will allow you to restart the server each time to test your changes
without having to rebuild and may be faster for testing and then copy your changes back into the unzipped directory when things are working.
Just make sure you are making the changes in the same spots for both the ir_plus.properties file and acegi-security.xml:
$CATALINA_HOME/webapps/ir_plus/WEB-INF/acegi-security.xml
In this file change the following:
<!-- context source for connecting to the LDAP directory -->
<bean id="contextSource"
class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
<constructor-arg value="${ldap.server.location}"/>
<property name="userDn" value="${user.dn}"/>
<property name="anonymousReadOnly" value="true"/>
</bean>
to:
<bean id="contextSource"
class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
<constructor-arg value="${ldap.server.location}"/>
<property name="userDn" value="${user.dn}"/>
<property name="password" value="${ldap.password}"/>
</bean>
Also change the following:
<!-- user search for the LDAP directory -->
<bean id="userSearch"
class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
<constructor-arg index="0" value=""/>
<constructor-arg index="1" value="(uid={0})"/>
<constructor-arg index="2" ref="contextSource" />
</bean>
to:
<!-- user search for the LDAP directory -->
<bean id="userSearch"
class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
<constructor-arg index="0" value=""/>
<constructor-arg index="1" value="(sAMAccountName={0})"/>
<constructor-arg index="2" ref="contextSource" />
<property name="searchSubtree" value="true" />
</bean>
3. Restart tomcat after you have made all of the changes - [if you are making the changes in the unzip directory (option a) you will need to rebuild the war file
and delete the old war file and ir_plus directory in $CATALINA_HOME/webapps/
4. You will need to log in to IR+ as the administrator and add the new
external account to IR+.
administrator->External Account Types
Select the Add New Account Type button and create the new external account type with the name set above in the properties file in this case it would be:
active_directory
I hope this helps and let me know how it goes or if you have any questions.
-Nate
--
You received this message because you are subscribed to the Google Groups "irplus" group.
To post to this group, send email to irp...@googlegroups.com.
To unsubscribe from this group, send email to irplus+un...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/irplus?hl=en.
Reply all
Reply to author
Forward
0 new messages