Forum LAMS for Tech-Heads - General Forum: LDAP - Non SSL. What settings?

Back to LAMS for Tech-Heads - General Forum
You may request notification for LDAP - Non SSL. What settings?.	Search:

	1: LDAP - Non SSL. What settings? By: Kent Walker		10/01/07 07:51 PM	[ Reply \| Forward ]
Hello, Is it possible to set up LAMS to not use SSL? I dont know where to look on our 2003 server to set up SSL for LDAP. Thanks Posted by Kent Walker

	2: Re: LDAP - Non SSL. What settings? By: Jun-Dir Liew	In response to 1	10/01/07 08:27 PM	[ Reply \| Forward ]
Yep, from 2.0.3 onwards you can - just don't fill in the ssl related options in lamsauthentication.xml. Posted by Jun-Dir Liew

	3: Re: LDAP - Non SSL. What settings? By: Kent Walker	In response to 1	10/02/07 04:54 PM	[ Reply \| Forward ]
Hi, Thanks for your quick response.. i have done the change, i was wondering if you could cut n paste your section of the file, so i could make sure the settings are right... thanks kent Posted by Kent Walker

	4: Re: Re: LDAP - Non SSL. What settings? By: Jun-Dir Liew	In response to 3	10/02/07 05:58 PM	[ Reply \| Forward ]
<Method Name="MQ-LDAP" Enabled="true"> <Param Name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</Param> <Param Name="java.naming.provider.url">ldap://192.168.111.35</Param> <Param Name="java.naming.security.authentication">simple</Param> <Param Name="principalDNPrefix">cn=</Param> <Param Name="principalDNSuffix">,dc=melcoe,dc=local</Param> <Param Name="dsJndiName">java:/jdbc/lams-ds</Param> <Param Name="principalsQuery">select password from lams_user where login=?</Param> <Param Name="rolesQuery"> SELECT DISTINCT r.name,'Roles' FROM lams_user u LEFT OUTER JOIN lams_user_organisation uo USING(user_id) LEFT OUTER JOIN lams_user_organisation_role urr USING(user_organisation_id) LEFT OUTER JOIN lams_role r USING (role_id) WHERE u.login=? </Param> <!-- Uncomment the following if connecting using SSL <Param Name="java.naming.security.protocol">ssl</Param> <Param Name="truststore.path">D:/MQLdapTrustStore</Param> <Param Name="truststore.password">webauth</Param> --> </Method> This is from the original lamsauthentication.xml, as I don't have a copy of 2.0.3 working with ldap - but that's essentially what it should look like (with your settings for the provider url, and principal prefix/suffix). If you haven't already, have a look at the wiki page at http://wiki.lamsfoundation.org/display/lams/LDAP, there are two things to consider when using LDAP in 2.0.3. Firstly the passwords sent by LAMS to LDAP are already encrypted - so LDAP can't be expecting a cleartext password. Secondly users have to be created manually on the LAMS side, and then flagged in the database to authenticate with LDAP. Posted by Jun-Dir Liew

	5: Re: Re: Re: LDAP - Non SSL. What settings? By: Kent Walker	In response to 4	10/02/07 06:03 PM	[ Reply \| Forward ]
Thanks for your quick reply... I Think i have the file set up correctly then, but the last part has flagged something that i would not have done. Where would i flag in the db that the user is authenticating with LDAP? i dont see this on the user creation page... if i import users, is it one of the columns? thanks Posted by Kent Walker

	6: Re: Re: Re: Re: LDAP - Non SSL. What settings? By: Jun-Dir Liew	In response to 5	10/02/07 06:15 PM	[ Reply \| Forward ]
You're right, it's not in the normal user creation screen. But you can set it in the import users spreadsheet. It's the column called 'authentication_method_id', and by default a value of 'LAMS-Database' is used if there is no value. For an LDAP user, put in a value of 'MQ-LDAP'. Posted by Jun-Dir Liew

Reply to first post on this page

Back to LAMS for Tech-Heads - General Forum