Grouper Users - Open Discussion List

["Bryan E. Wooten" <>]

 

 

From: Bryan E. Wooten
Sent: Wednesday, February 27, 2013 2:03 PM
To: 'Gagné Sébastien'
Subject: RE: [grouper-users] Trouble getting AD to work as a subject source in the WEB UI

 

Thanks for catching that, unfortunately I get the same error.

 

I found the source code for the error message in LdapSourceAdapter.java:

 

try {
265          ldapPool = new SoftLimitLdapPool(factory);
266          ldapPool.initialize();
267          initialized = true;
268       } catch (Exception e) {
269          log.error("Error creating ldappool = " + e);
270       }

 

from preceding code it appears I am missing an init parameter. I just have no idea which one or its value.

 

-Bryan

 

From: Gagné Sébastien []
Sent: Wednesday, February 27, 2013 1:39 PM
To: Bryan E. Wooten
Subject: RE: [grouper-users] Trouble getting AD to work as a subject source in the WEB UI

 

Could it be the double dots in :

edu.vt.middleware..ldapUrl=ldap://idm-win1.acs.utah.edu:389

 

also there :

edu.vt.middleware..bindDn=cn=IDMFull,OU=Services,OU=Administration,dc=testad,dc=utah,dc=edu

edu.vt.middleware..bindCredential=secret

 

It seems all reference to “ldap” were removed, is it only for the list ?

 

De : [] De la part de Bryan E. Wooten
Envoyé : 27 février 2013 15:19
À :
Objet : [grouper-users] Trouble getting AD to work as a subject source in the WEB UI

 

When I configure the UI sources.xml and ldap.poperties (I’ve renamed it ad.properties and make the appropriate changes to sources.xml) to use AD I get the following error when I start Tomcat:

 

2013-02-27 12:17:41,891: [main] ERROR LdapSourceAdapter.initializeLdap(287) -  - Error creating ldappool = java.lang.NullPointerException

2013-02-27 12:17:41,897: [main] ERROR LdapSourceAdapter.getLdapResultsHelper(654) -  - Ldap Exception: null

java.lang.NullPointerException

        at java.util.Hashtable.put(Hashtable.java:411)

        at edu.vt.middleware.ldap.handler.AbstractConnectionHandler.connect(AbstractConnectionHandler.java:149)

 

As far as I can tell (using tcpdump and Windows Server Manager on the AD server) the UI is not even attempting to access my AD server. My properties file and sources.xml file follow. Any suggestions?

 

I have not made the same changes in the API conf directory. I don’t believe this should have any affect.

 

-Bryan

 

# This is the configuration file for vt-ldap.

# See http://code.google.com/p/vt-middleware/wiki/vtldapProperties

 

 

# AD Connection

edu.vt.middleware..ldapUrl=ldap://idm-win1.acs.utah.edu:389

edu.vt.middleware.ldap.searchScope=SUBTREE

 

# authn if simple

 

#AD Connection

edu.vt.middleware..bindDn=cn=IDMFull,OU=Services,OU=Administration,dc=testad,dc=utah,dc=edu

edu.vt.middleware..bindCredential=secret

# The bind credential may be external and encrypted: https://bugs.internet2.edu/jira/browse/GRP-122

# edu.vt.middleware.ldap.bindCredential=/path/to/ldap.pwd

edu.vt.middleware.ldap.authtype=simple

 

# encryption

edu.vt.middleware.ldap.ssl=false

edu.vt.middleware.ldap.tls=false

 

# pooling options

edu.vt.middleware.ldap.pool.minPoolSize = 2

edu.vt.middleware.ldap.pool.maxPoolSize = 5

 

# paged results

edu.vt.middleware.ldap.pagedResultsSize=0

 

# authn for sasl external (certificates)

# edu.vt.middleware.ldap.authtype=EXTERNAL

# edu.vt.middleware.ldap.tls=true

# edu.vt.middleware.ldap.serviceUser=cn=admin.example.edu

# these to use PEM format cert and key

# pemCaFile=/path/to/ca.pem

# pemCertFile=/path/to/cert.pem

# pemKeyFile=/path/to/key.pem

 

 

# The default base DN for searches.

# All subordinate objects will be deleted during tests !

#edu.vt.middleware.ldap.baseDn=dc=example,dc=edu

 

#AD Connection

edu.vt.middleware.baseDn=dc=testad,dc=utah,dc=edu

 

# The base DN for groups.

 

# AD Connection

edu.internet2.middleware.psp.groupsBaseDn=ou=groups,ou=grouper,dc=testad,dc=utah,dc=edu

#edu.internet2.middleware.psp.groupsBaseDn=o=utah.edu

 

# The base DN for people.

edu.internet2.middleware.psp.peopleBaseDn=ou=people,dc=testad,dc=utah,dc=edu

 

 

 

# The group object class.

# OpenLDAP, RedHat, 389, ApacheDS, etc.

 

#AD Connection

edu.internet2.middleware.psp..groupObjectClass=group

#edu.internet2.middleware.psp.groupObjectClass=*

# Active Directory

# edu.internet2.middleware.psp.groupObjectClass=group

 

# The base Grouper stem to be provisioned.

edu.internet2.middleware.psp.baseStem=

 

# The ldap DN structure may be either flat or bushy.

# In a flat structure all groups are provisioned under a single base DN (container ID).

# A flat group's ldap RDN is its Grouper name or displayName.

edu.internet2.middleware.psp.structure=bushy

edu.internet2.middleware.psp.cnSourceAttributeID=name

 

 

# In a bushy structure groups are provisioned hierarchically, with stems as branches in the tree.

# A bushy group's RDN is its Grouper extension or displayExtension.

#edu.internet2.middleware.psp.structure=bushy

#edu.internet2.middleware.psp.cnSourceAttributeID=extension

 

# The QuotedDnResultHandler removes quotes from DNs of the form "CN=quoted/name",DC=edu.

# The FqdnSearchResultHandler makes sure that all ldap dns are fully qualified.

# You may wish to comment out the following property for the Grouper UI or WS.

#edu.vt.middleware.ldap.searchResultHandlers=edu.internet2.middleware.psp.ldap.QuotedDnResultHandler,edu.vt.middleware.ldap.handler.FqdnSearchResultHandler

 

# handle Active Directory groups with a large (>1500) number of members

# see https://bugs.internet2.edu/jira/browse/GRP-335

# see http://code.google.com/p/vt-middleware/wiki/vtldapAD#Range_Attributes

# edu.vt.middleware.ldap.searchResultHandlers=edu.internet2.middleware.ldappc.util.QuotedDnResultHandler,edu.vt.middleware.ldap.handler.FqdnSearchResultHandler,edu.internet2.middleware.ldappc.util.RangeSearchResultHandler

 

Sources:

 

<!-- Active Directory Subject Resolver -->

 

 

  <source adapterClass="edu.internet2.middleware.subject.provider.LdapSourceAdapter">

    <id>ad</id>

    <name>ADSourceAdapter</name>

    <type>person</type>

    <!-- Note that most of the ldap configuration is in the properties file.

         The filename can be a file in your classpath or an absolute pathname. -->

 

    <init-param>

      <param-name>ldapProperties_file</param-name>

      <param-value>ad.properties</param-value>

    </init-param>

   

    <init-param>

      <param-name>Multiple_Results</param-name>

      <param-value>false</param-value>

    </init-param>

   

    <init-param>

      <param-name>sortAttribute0</param-name>

      <param-value>cn</param-value>

    </init-param>

    <init-param>

      <param-name>searchAttribute0</param-name>

      <param-value>cn</param-value>

    </init-param>    

    

     <init-param>

      <param-name>SubjectID_AttributeType</param-name>

      <param-value>cn</param-value>

    </init-param>

    <init-param>

      <param-name>Name_AttributeType</param-name>

      <param-value>displayName</param-value>

    </init-param>

    <init-param>

      <param-name>Description_AttributeType</param-name>

      <param-value>displayName</param-value>

    </init-param>

 

    <search>

        <searchType>searchSubject</searchType>

        <param>

            <param-name>filter</param-name>

            <param-value>

                (&amp;(cn=%TERM%)(objectclass=person))

            </param-value>

        </param>

        <param>

            <param-name>scope</param-name>

            <param-value>SUBTREE_SCOPE</param-value>

        </param>

        <param>

            <param-name>base</param-name>

            <param-value>ou=people,dc=testad,dc=utah,dc=edu</param-value>           

        </param>

        

    </search>

    <search>

        <searchType>searchSubjectByIdentifier</searchType>

        <param>

            <param-name>filter</param-name>

            <param-value>

                (&amp;(cn=%TERM%)(objectclass=person))

            </param-value>

        </param>

        <param>

            <param-name>scope</param-name>

            <param-value>SUBTREE_SCOPE</param-value>

        </param>

        <param>

            <param-name>base</param-name>

            <param-value>ou=people,dc=testad,dc=utah,dc=edu</param-value>

        </param>

    </search>

   

    <!-- use the firstlastfilter to allow: last, first lookup -->

    <search>

       <searchType>search</searchType>

         <param>

            <param-name>filter</param-name>

            <param-value>

                 (&amp;(cn=%TERM%)(objectclass=person))

            </param-value>

        </param>

        <!--

         <param>

            <param-name>firstlastfilter</param-name>

            <param-value>

                (&amp;(sn=%TERM%)(objectclass=person)))

            </param-value>

        </param>

        -->

        <param>

            <param-name>scope</param-name>

            <param-value>SUBTREE_SCOPE</param-value>

        </param>

         <param>

            <param-name>base</param-name>

            <param-value>ou=people,dc=testad,dc=utah,dc=edu</param-value>

        </param>

    </search>

    <init-param>

      <param-name>subjectVirtualAttribute_0_searchAttribute0</param-name>

      <param-value>${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('uid'), "")},${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('cn'), "")},${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('exampleEduRegId'), "")}</param-value>

    </init-param>

    <init-param>

      <param-name>sortAttribute0</param-name>

      <param-value>cn</param-value>

    </init-param>

    <init-param>

      <param-name>searchAttribute0</param-name>

      <param-value>searchAttribute0</param-value>

    </init-param>

    <internal-attribute>searchAttribute0</internal-attribute>

    ///Attributes you would like to display when doing a search

    <attribute>cn</attribute>

    <attribute>displayName</attribute>

    <attribute>unid</attribute>

  

  </source>