Hi,
I am new to dotcms, I am trying to integrate the openLDAP with trial enterprise edition of dotcms 4.1.1. I have installed dotcms 4.1.1 and openLDAP 2.4.* in my local windows operating system.
I have read the documentation and followed the below steps
1. Logged in as admin and created a new role in dotcms. Role name is "cms" and key for this role is "dotcmsadmin". Provided access to the Tabs.
2. I have logged into openLDAP and created users and groups. Ldap tree looks like this.
suffix- dc=maxcrc,dc=com
ou=groups (1) (ou=groups,dc=maxcrc,dc=com)
cn=dotcmsadmin ( cn=dotcmsadmin,ou=groups,dc=maxcrc,dc=com)
ou=People(2)
cn=ram (cn=ram,ou=People,dc=maxcrc,dc=com)
cn=krish (cn=krish,ou=People,dc=maxcrc,dc=com)
I added 2 users to the "dotcmsadmin" group as a member
following are the user(ram) attributes in LDAP
objectclass =inetOrgPerson (structural)
objectclass =organizationalPerson (structural)
objectclass =person (structural)
objectclass =top (abstract)
cn =ram
sn =ram
displayName =ram
givenName =ram
manager =cn=dotcmsadmin,ou=groups,dc=maxcrc,dc=com
title =dotcmsadmin
userPassword =xxxxxxxxx
Note: Since I am not able to add memberOf attribute to the user, I have mapped group details to "manager" attribute
2. I have used ROOT Folder plugin to override the portal.properties file. Copied "dotcms_4.1.1\dotserver\tomcat-8.0.18\webapps\ROOT\WEB-INF\classes\portal.properties" to
"\dotcms_4.1.1\plugins\com.dotcms.config\ROOT\dotserver\tomcat-8.0.18\webapps\ROOT\WEB-INF\classes\portal-ext.properties" and modified the below properties
# LDAP (LDAP Servers)
# once a user is authenticated, LDAP will query the user and pull a list
# of groups that the user belongs to
# These groups will be created in the CMS on the fly and the CMS user will
# be associated with them.
auth.pipeline.pre=com.dotcms.enterprise.LDAPProxy
auth.impl.ldap.initial.context.factory=com.sun.jndi.ldap.LdapCtxFactory
# Set SSL if you are using LDAPS or leave blank
auth.impl.ldap.security.authentication=
# set path to keystore with root server cert imported or leave blank
auth.impl.ldap.security.keystore.path=
auth.impl.ldap.host=localhost
auth.impl.ldap.port=389
# should be full dn of user
auth.impl.ldap.userid=cn=Manager,dc=maxcrc,dc=com
auth.impl.ldap.password=secret
auth.impl.ldap.domainlookup=dc=maxcrc,dc=com
auth.impl.build.groups=true
auth.impl.ldap.build.group.name.filter=^(.+)
# Prefix the dotcms should strip from group name. Leave blank to not strip any prefix.
auth.impl.ldap.build.group.name.filter.strip=
#If you set to false any user created from LDAP will not be able to log into the dotCMS if LDAP is not availible.
auth.impl.ldap.syncPassword=true
# The following attributes can be used to match up dotCMS user properties to LDAP Attributes. Uncomment all attributes.
# If you leave the attribute blank then it will not be synced from LDAP.
# NOTE: YOU CANNOT HAVE A GROUP NAME WITH A "=" IN IT
auth.impl.ldap.attrib.user=mail
auth.impl.ldap.attrib.firstName=cn
auth.impl.ldap.attrib.middleName=givenName
auth.impl.ldap.attrib.lastName=sn
auth.impl.ldap.attrib.nickName=
auth.impl.ldap.attrib.email=mail
auth.impl.ldap.attrib.gender=
auth.impl.ldap.attrib.group=manager
3. deployed using "deploy-plugins.bat" and restarted the dotcms
Issue :
When i try to login with default admin user "
ad...@dotcms.com" it is not able to login and in console it is showing "
Authentication failed. Please try again". (In LDAP also we don't have a user with the name "admin".
Even when i try with the LDAP user "r...@test.com" its giving "
Authentication failed. Please try again" message. Nothing is displayed in log files except below message
ERROR ejb.UserManagerImpl: Could not find the user: null, return DNE
Tried below things as well
1. able to connect to LDAP through Jxplorer
2. auth.impl.ldap.attrib.group=manager (change the attribute to "title" instead of "manager")
I am clue less now, hope someone can help on this.
Thanks,
Ravi.