Skip to Content.
Sympa Menu

grouper-users - Re: [grouper-users] multiple LDAP for sources.xml?

Subject: Grouper Users - Open Discussion List

List archive

Re: [grouper-users] multiple LDAP for sources.xml?


Chronological Thread 
  • From: Scott Koranda <>
  • To: Chris Hyzer <>
  • Cc: "" <>
  • Subject: Re: [grouper-users] multiple LDAP for sources.xml?
  • Date: Mon, 2 May 2011 14:33:11 -0500
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:user-agent; b=e0NiuljZLgba3vprxY1JjIifYepnw13B9uQgsAntNK4WRRR9399g8VEqdJZBr9GQwK KdWE+wZWVvUDkZcXta3i22zeZSSQMtTHNxCXMrRQiv9Pb4CEMf+3SHLmhAkPs3w9U6b4 8W3TeYd9BfxE0/cYTa6tcgDLf2LE9yFIC7eK4=

> > > You can have multiple of any type, mix and match, so yes.
> > >
> >
> > Thanks. I wante to confirm that before further debugging.
> >
> > So I am trying to add a second LDAP as a source but this LDAP
> > should be contacted using an anonymous bind. I have configured
> > sources.xml to look like this:
> >
> > <init-param>
> > <param-name>INITIAL_CONTEXT_FACTORY</param-name>
> > <param-value>com.sun.jndi.ldap.LdapCtxFactory</param-value>
> > </init-param>
> > <init-param>
> > <param-name>PROVIDER_URL</param-name>
> > <param-value>ldap://my.server.edu</param-value>
> > </init-param>
> >
> > I am not specifying SECURITY_AUTHENTICATION,
> > SECURITY_PRINCIPAL, SECURITY_CREDENTIALS, nor
> > SECURITY_PROTOCOL.
> >
> > I would have thought then that this should enable an anonymous
> > bind, according to the documentation for LdapCtxFactory, but I
> > keep getting errors in grouper_error.log.
> >
> > Is there anything in the grouper Java code that is requiring a
> > non-anonymous bind?
> >
>
> So a work-around is to include SECURITY_AUTHENTICATION,
> SECURITY_PRINCIPAL, SECURITY_CREDENTIALS, and
> SECURITY_PROTOCOL but then to set SECURITY_AUTHENTICATION to
> "none" and put in garbage for the other values:
>
> <init-param>
> <param-name>SECURITY_AUTHENTICATION</param-name>
> <param-value>none</param-value>
> </init-param>
> <init-param>
> <param-name>SECURITY_PRINCIPAL</param-name>
> <param-value>XXXXXXXXXX</param-value>
> </init-param>
> <init-param>
> <param-name>SECURITY_CREDENTIALS</param-name>
> <param-value>XXXXXXXXXX</param-value>
> </init-param>
> <init-param>
> <param-name>SECURITY_PROTOCOL</param-name>
> <param-value>XXXXXXXXXX</param-value>
> </init-param>
>

Sorry, I spoke too soon.

While the above configuration will allow the LDAP source to become
known to Grouper, all queries into the LDAP for
subjects/sources fail with that configuration.

So I still cannot do an anonymous bind and query to the second
LDAP.

Scott



Archive powered by MHonArc 2.6.16.

Top of Page