Forum LAMS for Tech-Heads - General Forum: LDAP - Non SSL. What settings?


 
You may request notification for LDAP - Non SSL. What settings?.
Search: 

1: LDAP - Non SSL. What settings?
10/01/07 07:51 PM
[ Reply | Forward ]
Hello, Is it possible to set up LAMS to not use SSL?

I dont know where to look on our 2003 server to set up SSL for LDAP.

Thanks

Posted by Kent Walker

2: Re: LDAP - Non SSL. What settings?
In response to 1 10/01/07 08:27 PM
[ Reply | Forward ]
Yep, from 2.0.3 onwards you can - just don't fill in the ssl related options in lamsauthentication.xml.

Posted by Jun-Dir Liew

3: Re: LDAP - Non SSL. What settings?
In response to 1 10/02/07 04:54 PM
[ Reply | Forward ]
Hi,

Thanks for your quick response..

i have done the change, i was wondering if you could cut n paste your section of the file, so i could make sure the settings are right...

thanks

kent

Posted by Kent Walker

4: Re: Re: LDAP - Non SSL. What settings?
In response to 3 10/02/07 05:58 PM
[ Reply | Forward ]
<Method Name="MQ-LDAP" Enabled="true">
<Param Name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</Param>
<Param Name="java.naming.provider.url">ldap://192.168.111.35</Param>
<Param Name="java.naming.security.authentication">simple</Param>
<Param Name="principalDNPrefix">cn=</Param>
<Param Name="principalDNSuffix">,dc=melcoe,dc=local</Param>
<Param Name="dsJndiName">java:/jdbc/lams-ds</Param>
<Param Name="principalsQuery">select password from lams_user where login=?</Param>

    <Param Name="rolesQuery">

                SELECT DISTINCT  r.name,'Roles' FROM
                lams_user u LEFT OUTER JOIN lams_user_organisation uo USING(user_id)
                LEFT OUTER JOIN lams_user_organisation_role urr USING(user_organisation_id)
                LEFT OUTER JOIN lams_role r USING (role_id)
                WHERE u.login=?

</Param>

    <!--
Uncomment the following if connecting using SSL
    <Param Name="java.naming.security.protocol">ssl</Param>
    <Param Name="truststore.path">D:/MQLdapTrustStore</Param>
    <Param Name="truststore.password">webauth</Param>

-->
</Method>


This is from the original lamsauthentication.xml, as I don't have a copy of 2.0.3 working with ldap - but that's essentially what it should look like (with your settings for the provider url, and principal prefix/suffix).

If you haven't already, have a look at the wiki page at http://wiki.lamsfoundation.org/display/lams/LDAP, there are two things to consider when using LDAP in 2.0.3.  Firstly the passwords sent by LAMS to LDAP are already encrypted - so LDAP can't be expecting a cleartext password.  Secondly users have to be created manually on the LAMS side, and then flagged in the database to authenticate with LDAP.

Posted by Jun-Dir Liew

5: Re: Re: Re: LDAP - Non SSL. What settings?
In response to 4 10/02/07 06:03 PM
[ Reply | Forward ]
Thanks for your quick reply...

I Think i have the file set up correctly then, but the last part has flagged something that i would not have done. Where would i flag in the db that the user is authenticating with LDAP? i dont see this on the user creation page...

if i import users, is it one of the columns?

thanks

Posted by Kent Walker

6: Re: Re: Re: Re: LDAP - Non SSL. What settings?
In response to 5 10/02/07 06:15 PM
[ Reply | Forward ]
You're right, it's not in the normal user creation screen. But you can set it in the import users spreadsheet. It's the column called 'authentication_method_id', and by default a value of 'LAMS-Database' is used if there is no value. For an LDAP user, put in a value of 'MQ-LDAP'.

Posted by Jun-Dir Liew

Reply to first post on this page
Back to LAMS for Tech-Heads - General Forum