Skip to Content.
Sympa Menu

grouper-users - [grouper-users] Trouble getting AD to work as a subject source in the WEB UI

Subject: Grouper Users - Open Discussion List

List archive

[grouper-users] Trouble getting AD to work as a subject source in the WEB UI


Chronological Thread 
  • From: "Bryan E. Wooten" <>
  • To: "" <>
  • Subject: [grouper-users] Trouble getting AD to work as a subject source in the WEB UI
  • Date: Wed, 27 Feb 2013 20:19:19 +0000
  • Accept-language: en-US
  • Authentication-results: sfpop-ironport05.merit.edu; dkim=neutral (message not signed) header.i=none

When I configure the UI sources.xml and ldap.poperties (I’ve renamed it ad.properties and make the appropriate changes to sources.xml) to use AD I get the following error when I start Tomcat:

 

2013-02-27 12:17:41,891: [main] ERROR LdapSourceAdapter.initializeLdap(287) -  - Error creating ldappool = java.lang.NullPointerException

2013-02-27 12:17:41,897: [main] ERROR LdapSourceAdapter.getLdapResultsHelper(654) -  - Ldap Exception: null

java.lang.NullPointerException

        at java.util.Hashtable.put(Hashtable.java:411)

        at edu.vt.middleware.ldap.handler.AbstractConnectionHandler.connect(AbstractConnectionHandler.java:149)

 

As far as I can tell (using tcpdump and Windows Server Manager on the AD server) the UI is not even attempting to access my AD server. My properties file and sources.xml file follow. Any suggestions?

 

I have not made the same changes in the API conf directory. I don’t believe this should have any affect.

 

-Bryan

 

# This is the configuration file for vt-ldap.

# See http://code.google.com/p/vt-middleware/wiki/vtldapProperties

 

 

# AD Connection

edu.vt.middleware..ldapUrl=ldap://idm-win1.acs.utah.edu:389

edu.vt.middleware.ldap.searchScope=SUBTREE

 

# authn if simple

 

#AD Connection

edu.vt.middleware..bindDn=cn=IDMFull,OU=Services,OU=Administration,dc=testad,dc=utah,dc=edu

edu.vt.middleware..bindCredential=secret

# The bind credential may be external and encrypted: https://bugs.internet2.edu/jira/browse/GRP-122

# edu.vt.middleware.ldap.bindCredential=/path/to/ldap.pwd

edu.vt.middleware.ldap.authtype=simple

 

# encryption

edu.vt.middleware.ldap.ssl=false

edu.vt.middleware.ldap.tls=false

 

# pooling options

edu.vt.middleware.ldap.pool.minPoolSize = 2

edu.vt.middleware.ldap.pool.maxPoolSize = 5

 

# paged results

edu.vt.middleware.ldap.pagedResultsSize=0

 

# authn for sasl external (certificates)

# edu.vt.middleware.ldap.authtype=EXTERNAL

# edu.vt.middleware.ldap.tls=true

# edu.vt.middleware.ldap.serviceUser=cn=admin.example.edu

# these to use PEM format cert and key

# pemCaFile=/path/to/ca.pem

# pemCertFile=/path/to/cert.pem

# pemKeyFile=/path/to/key.pem

 

 

# The default base DN for searches.

# All subordinate objects will be deleted during tests !

#edu.vt.middleware.ldap.baseDn=dc=example,dc=edu

 

#AD Connection

edu.vt.middleware.baseDn=dc=testad,dc=utah,dc=edu

 

# The base DN for groups.

 

# AD Connection

edu.internet2.middleware.psp.groupsBaseDn=ou=groups,ou=grouper,dc=testad,dc=utah,dc=edu

#edu.internet2.middleware.psp.groupsBaseDn=o=utah.edu

 

# The base DN for people.

edu.internet2.middleware.psp.peopleBaseDn=ou=people,dc=testad,dc=utah,dc=edu

 

 

 

# The group object class.

# OpenLDAP, RedHat, 389, ApacheDS, etc.

 

#AD Connection

edu.internet2.middleware.psp..groupObjectClass=group

#edu.internet2.middleware.psp.groupObjectClass=*

# Active Directory

# edu.internet2.middleware.psp.groupObjectClass=group

 

# The base Grouper stem to be provisioned.

edu.internet2.middleware.psp.baseStem=

 

# The ldap DN structure may be either flat or bushy.

# In a flat structure all groups are provisioned under a single base DN (container ID).

# A flat group's ldap RDN is its Grouper name or displayName.

edu.internet2.middleware.psp.structure=bushy

edu.internet2.middleware.psp.cnSourceAttributeID=name

 

 

# In a bushy structure groups are provisioned hierarchically, with stems as branches in the tree.

# A bushy group's RDN is its Grouper extension or displayExtension.

#edu.internet2.middleware.psp.structure=bushy

#edu.internet2.middleware.psp.cnSourceAttributeID=extension

 

# The QuotedDnResultHandler removes quotes from DNs of the form "CN=quoted/name",DC=edu.

# The FqdnSearchResultHandler makes sure that all ldap dns are fully qualified.

# You may wish to comment out the following property for the Grouper UI or WS.

#edu.vt.middleware.ldap.searchResultHandlers=edu.internet2.middleware.psp.ldap.QuotedDnResultHandler,edu.vt.middleware.ldap.handler.FqdnSearchResultHandler

 

# handle Active Directory groups with a large (>1500) number of members

# see https://bugs.internet2.edu/jira/browse/GRP-335

# see http://code.google.com/p/vt-middleware/wiki/vtldapAD#Range_Attributes

# edu.vt.middleware.ldap.searchResultHandlers=edu.internet2.middleware.ldappc.util.QuotedDnResultHandler,edu.vt.middleware.ldap.handler.FqdnSearchResultHandler,edu.internet2.middleware.ldappc.util.RangeSearchResultHandler

 

Sources:

 

<!-- Active Directory Subject Resolver -->

 

 

  <source adapterClass="edu.internet2.middleware.subject.provider.LdapSourceAdapter">

    <id>ad</id>

    <name>ADSourceAdapter</name>

    <type>person</type>

    <!-- Note that most of the ldap configuration is in the properties file.

         The filename can be a file in your classpath or an absolute pathname. -->

 

    <init-param>

      <param-name>ldapProperties_file</param-name>

      <param-value>ad.properties</param-value>

    </init-param>

   

    <init-param>

      <param-name>Multiple_Results</param-name>

      <param-value>false</param-value>

    </init-param>

   

    <init-param>

      <param-name>sortAttribute0</param-name>

      <param-value>cn</param-value>

    </init-param>

    <init-param>

      <param-name>searchAttribute0</param-name>

      <param-value>cn</param-value>

    </init-param>    

    

     <init-param>

      <param-name>SubjectID_AttributeType</param-name>

      <param-value>cn</param-value>

    </init-param>

    <init-param>

      <param-name>Name_AttributeType</param-name>

      <param-value>displayName</param-value>

    </init-param>

    <init-param>

      <param-name>Description_AttributeType</param-name>

      <param-value>displayName</param-value>

    </init-param>

 

    <search>

        <searchType>searchSubject</searchType>

        <param>

            <param-name>filter</param-name>

            <param-value>

                (&amp;(cn=%TERM%)(objectclass=person))

            </param-value>

        </param>

        <param>

            <param-name>scope</param-name>

            <param-value>SUBTREE_SCOPE</param-value>

        </param>

        <param>

            <param-name>base</param-name>

            <param-value>ou=people,dc=testad,dc=utah,dc=edu</param-value>           

        </param>

        

    </search>

    <search>

        <searchType>searchSubjectByIdentifier</searchType>

        <param>

            <param-name>filter</param-name>

            <param-value>

                (&amp;(cn=%TERM%)(objectclass=person))

            </param-value>

        </param>

        <param>

            <param-name>scope</param-name>

            <param-value>SUBTREE_SCOPE</param-value>

        </param>

        <param>

            <param-name>base</param-name>

            <param-value>ou=people,dc=testad,dc=utah,dc=edu</param-value>

        </param>

    </search>

   

    <!-- use the firstlastfilter to allow: last, first lookup -->

    <search>

       <searchType>search</searchType>

         <param>

            <param-name>filter</param-name>

            <param-value>

                 (&amp;(cn=%TERM%)(objectclass=person))

            </param-value>

        </param>

        <!--

         <param>

            <param-name>firstlastfilter</param-name>

            <param-value>

                (&amp;(sn=%TERM%)(objectclass=person)))

            </param-value>

        </param>

        -->

        <param>

            <param-name>scope</param-name>

            <param-value>SUBTREE_SCOPE</param-value>

        </param>

         <param>

            <param-name>base</param-name>

            <param-value>ou=people,dc=testad,dc=utah,dc=edu</param-value>

        </param>

    </search>

    <init-param>

      <param-name>subjectVirtualAttribute_0_searchAttribute0</param-name>

      <param-value>${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('uid'), "")},${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('cn'), "")},${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('exampleEduRegId'), "")}</param-value>

    </init-param>

    <init-param>

      <param-name>sortAttribute0</param-name>

      <param-value>cn</param-value>

    </init-param>

    <init-param>

      <param-name>searchAttribute0</param-name>

      <param-value>searchAttribute0</param-value>

    </init-param>

    <internal-attribute>searchAttribute0</internal-attribute>

    ///Attributes you would like to display when doing a search

    <attribute>cn</attribute>

    <attribute>displayName</attribute>

    <attribute>unid</attribute>

  

  </source>

 




Archive powered by MHonArc 2.6.16.

Top of Page