Grouper Users - Open Discussion List

[Scott Koranda <>]

> > You can have multiple of any type, mix and match, so yes.
> > 
> 
> Thanks. I wante to confirm that before further debugging.
> 
> So I am trying to add a second LDAP as a source but this LDAP
> should be contacted using an anonymous bind. I have configured
> sources.xml to look like this:
> 
> <init-param>
>      <param-name>INITIAL_CONTEXT_FACTORY</param-name>
>      <param-value>com.sun.jndi.ldap.LdapCtxFactory</param-value>
>    </init-param>
>    <init-param>
>      <param-name>PROVIDER_URL</param-name>
>      <param-value>ldap://my.server.edu</param-value>
>    </init-param>
> 
> I am not specifying SECURITY_AUTHENTICATION,
> SECURITY_PRINCIPAL, SECURITY_CREDENTIALS, nor
> SECURITY_PROTOCOL.
> 
> I would have thought then that this should enable an anonymous
> bind, according to the documentation for LdapCtxFactory, but I
> keep getting errors in grouper_error.log.
> 
> Is there anything in the grouper Java code that is requiring a
> non-anonymous bind?
> 

So a work-around is to include SECURITY_AUTHENTICATION,
SECURITY_PRINCIPAL, SECURITY_CREDENTIALS, and
SECURITY_PROTOCOL but then to set SECURITY_AUTHENTICATION to
"none" and put in garbage for the other values:

<init-param>
      <param-name>SECURITY_AUTHENTICATION</param-name>
      <param-value>none</param-value>
    </init-param>
   <init-param>
      <param-name>SECURITY_PRINCIPAL</param-name>
      <param-value>XXXXXXXXXX</param-value>
    </init-param>
    <init-param>
      <param-name>SECURITY_CREDENTIALS</param-name>
      <param-value>XXXXXXXXXX</param-value>
    </init-param>
    <init-param>
      <param-name>SECURITY_PROTOCOL</param-name>
      <param-value>XXXXXXXXXX</param-value>
    </init-param>

Thanks,

Scott