LDAP issue with Sakai 25.1

71 views
Skip to first unread message

Mishel Maurice

unread,
Feb 5, 2026, 2:12:51 PMFeb 5
to saka...@apereo.org

Greetings, 

I built sakai 25.1on an isolated environment. I can login using local accounts, but all my efforts to link sakai to active directory failed. 

I searched up the issue online and there is a opinion of standing CAS server, we don’t have that capability at the moment, can we link directly to Active directory to get user to login using their AD accounts?

 

I edited the unbounded_ldap.xml file as directed but I am still getting login failed in Catalina.out everytime I try to login.

Sent from my iPhone

Sam Ottenhoff

unread,
Feb 5, 2026, 2:18:21 PMFeb 5
to Mishel Maurice, saka...@apereo.org
Yes, Sakai works great directly against an LDAP server.

1) components.xml must import the unboundid XML
2) turn up debugging in the logs for the relevant code
3) restart sakai
4) post the relevant errors in catalina.out

Are you connecting on clear-text port or LDAPs port? Is it a real cert or self-signed? Did you import the cert into a custom keystore?

--Sam

--
You received this message because you are subscribed to the Google Groups "Sakai Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sakai-dev+...@apereo.org.
To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/sakai-dev/68D2EF22-7AC6-4C1B-8C02-404EE11C1917%40gmail.com.

Mishel Yossef

unread,
Feb 5, 2026, 2:23:54 PMFeb 5
to Sam Ottenhoff, saka...@apereo.org
I did the component.xml 
Edited the the unboundid_ldap.xml
We are using LDAPS BUT THE SERVER DOESNT HAVE real cert we are using self signed. We imported dc and it is ca and root to the java trust store

Thanks


Mishel Yossef

Mishel Yossef

unread,
Feb 5, 2026, 3:18:06 PMFeb 5
to Sam Ottenhoff, saka...@apereo.org
We are using container.login=true and top logging false
In the top of all the file attached there is a line that said failed to login empty identifier

Thanks

Mishel Yossef

catalina.out.txt

Sam Ottenhoff

unread,
Feb 5, 2026, 3:20:31 PMFeb 5
to Mishel Yossef, saka...@apereo.org
Container login is a very different concept (SAML or CAS) and not relevant here.

Sakai can't communicate with your AD server dc.server.name.com:636. Either because of network rules or because of lack of trust (keystore).

Mishel Yossef

unread,
Feb 5, 2026, 4:13:43 PMFeb 5
to Sam Ottenhoff, saka...@apereo.org
But I tried ldap search and it was successful. I added all the certs to java trust store

Thanks

Mishel Yossef

Reply all
Reply to author
Forward
0 new messages