OpenOlat authentication using Active directory

[Bhaskar Sharma]

Hi,

I am trying to setup OpenOlat with active directory based authentication but i am unable to do so.My queries regarding this are as follows:-
1. Do i need to setup a LDAP client between the OpenOLAT and Acive directory to make connection happen.If yes, which open source LDAPClient will you recommend.
2. We have two Olap.properties file, under web-inf folder and web-inf/classes folders. Which one needs to be chaanged.
3. In olap.properties files, what all changes do i need to do for just authentication of users in the following lines
  

ldap.enable=false

# is ldap your default provider? true or false

ldap.default=false

ldap.activeDirectory=false

# The date format is not the same for OpenLDAP (yyyyMMddHHmmss'Z') or

# ActiveDirectory (yyyyMMddHHmmss'.0Z')

ldap.dateFormat=yyyyMMddHHmmss'Z'

ldap.dateFormat.values=yyyyMMddHHmmss'Z',yyyyMMddHHmmss'.0Z'

# The LDAP Provider from the Oracle's JDKs (standard and JRockit) allows the use of multiple LDAP servers.

# Write the URLs of all the servers with a space as separator and a trailing slash.

ldap.ldapUrl=ldap://ldap.olat.org:389

ldap.ldapUrl.values=ldap://ldap1.olat.org:389/ ldap://ldap2.olat.org:389/ ldap://ldap3.olat.org:389/

# System user: used for getting all users and connection testing

ldap.ldapSystemDN=CN=Frentix,OU=Benutzer,DC=olat,DC=ch

ldap.ldapSystemPW=ldap4olat

# List of bases where to find users. To use multiple bases you must edit the config file manually

ldap.ldapBases=OU=Students,DC=olat,DC=ch

# SSL configuration for LDAP

ldap.sslEnabled=false

ldap.trustStoreLocation=/usr/lib/j2sdk1.5-sun/jre/lib/security/cacerts

ldap.trustStorePwd=changeit

ldap.trustStoreType=JKS

4. In the above lines, we can't find any line where i can set userid for connecting to ldap though i get ldapsystemPW for setting password. If i use LDAPBrowser s/w, i asks me for principal and password to connect to Active directory.

  Here in Olap.properties, here are two line where i think that username should be captured but not sure where

ldap.ldapSystemDN=CN=Frentix,OU=Benutzer,DC=olat,DC=ch

ldap.ldapSystemPW=ldap4olat

Kindly guide on the above
regards
Bhaskar

[Stéphane Rossé]

Hi

First concerning the olat.properties, the file is in WEB-INF/classes/serviceconfig. Don't change this file. It has all the default settings. Create a file olat.local.properties and move it in your classpath, in WEB-INF/classes or in tomcat/lib for example.

For Active directory, you need to set

ldap.activeDirectory=true

ldap.dateFormat=yyyyMMddHHmmss'.0Z'

And you must set the base, admin user and password:

The user: ldap.ldapSystemDN

The password: ldap.ldapSystemPW
The base where are located the users: ldap.ldapBases

You don't need any client, the Java Runtime has its own one. There is a Java Application which use it, http://jxplorer.org if you want see the LDAP directory or test your user/password/base.

Best regards

Stéphane Rossé