Skip to Content.
Sympa Menu

grouper-users - RE: [grouper-users] Grouper WS ldap authentication

Subject: Grouper Users - Open Discussion List

List archive

RE: [grouper-users] Grouper WS ldap authentication


Chronological Thread 
  • From: "Hyzer, Chris" <>
  • To: Stephen A Sazama <>, Nathan Baihly <>
  • Cc: "" <>
  • Subject: RE: [grouper-users] Grouper WS ldap authentication
  • Date: Fri, 28 Apr 2017 17:45:58 +0000
  • Accept-language: en-US
  • Authentication-results: umd.edu; dkim=none (message not signed) header.d=none;umd.edu; dmarc=none action=none header.from=isc.upenn.edu;
  • Ironport-phdr: 9a23:DBtx6x/xW3Qje/9uRHKM819IXTAuvvDOBiVQ1KB22uIcTK2v8tzYMVDF4r011RmSDNudt6IP0rOJ+4nbGkU4qa6bt34DdJEeHzQksu4x2zIaPcieFEfgJ+TrZSFpVO5LVVti4m3peRMNQJW2aFLduGC94iAPERvjKwV1Ov71GonPhMiryuy+4ZPebgFJiTanbr5/Lxq6oRjMusQUnIBvNrs/xhzVr3VSZu9Y33loJVWdnxb94se/4ptu+DlOtvwi6sBNT7z0c7w3QrJEAjsmNXs15NDwuhnYUQSP/HocXX4InRdOHgPI8Qv1Xpb1siv9q+p9xCyXNtD4QLwoRTiv6bpgRQT2gykbKTE27GDXitRxjK1FphKhuwd/yJPQbI2MKfZyYr/RcdYcSGFcXMheSjZBD5u8YYUREuQBIehWoYrzp1QMrBuxGQajCfj1xTNUmnP7x7E23/gjHAzAwQcuH8gOsHPRrNjtOqscU+C0zajWwjXZd/9dxCnw6IjSchAguvGAU697fM3UyUYzFwPEjlSRppL/Pz6O1+QNqHSU4/B9VeK3lWEnrQdxriKxycgxl4nEn4QYwU3K+yV+xYY6P9y4SEhjbN6lFptQqz+VN5FwQsw8X2Fkpjw2xaMbtp6mZCQKx44nxxnCa/yfbYeI+AjvVeiKITtggHJlf72/hxms/ki60OHzSNS70EtMoyFYkdfMrmgA2wLO5sWGUPdw8Fmt1SyS2w3Q9u1IO0A5mKTDJ5I8zLM8ioAfvEDeEiPshkn6kaubel859uWq6unqZKjtqIWGOI9ukA7+N7wjmsyhDuQ8NQgDR3CV9Pi72rH/80D1WahHgf8onqXAt5DVPtoUqrS+Aw9IzoYs8BG/Dyqg0NsFh3UHNEhFeBWbj4f3J17OPPH4DfC5g1i2lzdr2uzGPrnmApXKLXjPiqvufbF460JEyQozy85Q545MB70fPf7+W1X9udLGAhMjLgC5wPrrBM99244QQW6PB7WWMKLWsV+G/OIvJOyMaZcQuDnhK/gk5//vgmEjmVIGfKmpxocYZGqlHvR+PUqZZ3zsjs0fHmgXowoyVPbqh0GaUT5Pe3ayWLox5j4hCIKhEIfDXp6igKaY0CemBZ1ZeHpGCkuXHHfsdoWEQOsMaDmMLsN7kzwEU6ShRJE71RGoqgD616RrIvDK9SIFqJKwnORystbPmAky+Do8Joym2nOESmg8yngTTi0/2alXvElxjFqPzP48y9pRCdxa4btjWwY6MY+Um+pxAdnzWgbQVtiMQVeiBN6hBGdiYMg2xopEQ1dvFs/mxjvDxSuxSfdBkreLFY456IrdxHO3Ot5wzXCA2aU82Qp1CvBTPHGr0/YsvzPYAJTExgDAz/6n
  • Spamdiagnosticmetadata: NSPM
  • Spamdiagnosticoutput: 1:99

Stephen,

 

Sorry you are having issues here.  Lets get this working.

 

Yes, it needs to be in grouper-loader.properties.  You will need the grouper-loader.base.properties there too.

 

All LDAP connection configs are in one place which is in that file.

 

Please set the log4j setting mentioned on the wiki and look in the logs and see whats going on.

 

log4j.logger.edu.internet2.middleware.grouper.ws.security.WsGrouperLdapAuthentication = DEBUG

 

Also make sure any web.xml security settings toward bottom are removed.

 

Also make sure you aren’t expecting to be prompted for authn, and that you pre-emptively send that header in the WS call.

 

Ok?

 

Thanks

Chris

 

 

From: Stephen A Sazama [mailto:]
Sent: Thursday, April 27, 2017 12:12 PM
To: Nathan Baihly <>
Cc: Hyzer, Chris <>;
Subject: Re: [grouper-users] Grouper WS ldap authentication

 

Hi Chris,

 

We do have basic auth working in our deployed grouper environments (the local issue might be something with the Maven tomcat plugin). We mainly thought it was strange that the grouper-ws LDAP authn documentation suggested editing grouper-loader.properties since grouper-ws isn't interacting with the loader in any way. Does grouper-ws read loader.properties to get the LDAP host url?

 

When we tried making the change to LDAP with our basic HTTP authn in our development environment, it just said invalid login and didn't give any of the expected debug log messages. We may need to tweak our log4j setup some more to pick it up.

 

Thanks,

Stephen

 

On Wed, Apr 26, 2017 at 11:23 AM, Nathan Baihly <> wrote:

I didn't try getting that to work because I was focused on getting LDAP basic working. I tried to get it working by going off of the Grouper WS Authentication page. I tried putting the tomcat-users.xml file in my tomcat conf dir, and it doesn't seem like I can log in as any of the users listed or ones I created. 

For the LDAP basic authentication I followed the Grouper WS Authentication page and made the changes to grouper-loader.properties, I created a grouper-ws.properties file based off of what was in that page, adding in the information for our ldap. 

 

my run config for grouper-ws is: clean tomcat7:run-war -Dgrouper.home=C:/Users/nbaihly/umd-grouper -Dedu.umd.tomcat.confdir=C:/Users/nbaihly/umd-grouper/conf 

 

On Wed, Apr 12, 2017 at 10:18 AM, Hyzer, Chris <> wrote:

Can you get basic auth without ldap working (user/pass).

 

Can you list your steps that you did in detail and let us know what exactly isn’t work or what error messages you get.

 

Thanks

Chris

 

From: [mailto:] On Behalf Of Nathan Baihly
Sent: Monday, April 10, 2017 1:16 PM
To:
Subject: [grouper-users] Grouper WS ldap authentication

 

Hello,

 

I'm running Grouper 2.2.2 and I am trying to setup HTTP basic authentication with ldap following the instructions here: https://spaces.internet2.edu/display/Grouper/Grouper+WS+Authentication

 

I haven't had any success, and it doesn't seem like Grouper WS is using the grouper-loader.properties file that is mentioned there. I was wondering if the documentation on this page is accurate for Grouper 2.2 or not. Also are there specific run parameters that I might be missing? I am trying this for my run config: clean tomcat7:run-war -Dgrouper.home=C:/Users/nbaihly/umd-grouper -Dedu.umd.tomcat.confdir=C:/Users/nbaihly/umd-grouper/conf 

Thanks!



 

--

Nathan Baihly
(240) 818-5250

 


Archive powered by MHonArc 2.6.19.

Top of Page