Hi Ralph
It's certainly worth considering using SSL to secure the connection
between Blackboard and your LDAP servers which isn't as straight forward
as it should be but is well documented on the US BBADMIN-L list here:
https://lists.asu.edu/cgi-bin/wa?A2=ind0503&L=BBADMIN-L&P=R21869&X=63FA4B37A1E144FE0F&Y=
Phil
>>> Alyn SCOTT <[log in to unmask]> 19/09/07 11:33 >>>
Here is an example authentication properties file with the changes
highlighted.(I have commented out the password field) Just change the
domain name and user name as appropriate. I created a user called LDAP
User and gave it read permissions to the entire active directory
######################################################
##
## RDBMS Authentication Properties
##
## ( default authentication scheme,
## uses challenge-response authentication )
##
########################################################
auth.type.rdbms.impl=blackboard.platform.security.authentication.BaseAut
henticationModule
# Note: If the use_challenge property is true, then MD5-based
challenge-response is used on the login form values
auth.type.rdbms.use_challenge=true
######################################################
##
## LDAP Authentication Properties
##
########################################################
auth.type.ldap.impl=blackboard.platform.security.authentication.LDAPAuth
Module
# Note: The current Bb-LDAP implementation will not authenticate users
if use_challenge is set to true.
# ( See use_challenge note for RDBMS authentication. )
auth.type.ldap.use_challenge=false
auth.type.ldap.error_fallback_to_bb=false
auth.type.ldap.user_not_found_fallback_to_bb=true
### This value must be updated for every server configuration that is
added below
auth.type.ldap.num_servers=2
### Server #1 Configuration ###
### Note: this variable indicates whether interaction between
Bb-installation-server and LDAP server should be over SSL
auth.type.ldap.server_ssl.1=false
auth.type.ldap.base_search_fdn.1=ou=email users,dc=merton,dc=ac,dc=uk
auth.type.ldap.deref_aliases.1=never
auth.type.ldap.server_url.1=ldap://pan.merton.ac.uk:389
auth.type.ldap.use_priv_user.1=true
auth.type.ldap.user_fdn.1=cn=LDAP
User2,ou=computerunit,dc=merton,dc=ac,dc=uk
auth.type.ldap.user_pwd.1=#########
auth.type.ldap.user_tag.1=sAMAccountName
auth.type.ldap.referral.1=ignore
auth.type.ldap.referral_limit.1=0
auth.type.ldap.server_error_fatal.1=true
### Server #2 Configuration ###
### Note: this variable indicates whether interaction between
Bb-installation-server and LDAP server should be over SSL
auth.type.ldap.server_ssl.2=false
auth.type.ldap.base_search_fdn.2=ou=Users,ou=MertonCollege,dc=student,dc
=merton,dc=ac,dc=uk
auth.type.ldap.deref_aliases.2=never
auth.type.ldap.server_url.2=ldap://thames.student.merton.ac.uk:389
auth.type.ldap.use_priv_user.2=true
auth.type.ldap.user_fdn.2=cn=LDAP
User,ou=cu,ou=Users,ou=MertonCollege,dc=student,dc=merton,dc=ac,dc=uk
auth.type.ldap.user_pwd.2=#########
auth.type.ldap.user_tag.2= sAMAccountName
auth.type.ldap.referral.2=ignore
auth.type.ldap.referral_limit.2=0
auth.type.ldap.server_error_fatal.2=true
########################################################
##
## Web-Server Delegation Authentication Properties
##
########################################################
auth.type.webserver.impl=blackboard.platform.security.authentication.Win
dowsAuthModule
auth.type.webserver.user_account=reconcile
# Acceptable entries for user_account are: reconcile, create, deny
auth.type.webserver.allowed_domains=DC,AZ
# Enter the allowed domains ( separated by commas )
auth.type.webserver.def_key=UserRegistry
# Accepted values for def_key are BatchUid or UserRegistry
######################################################
##
## Passport Authentication Properties
##
########################################################
auth.type.passport.impl=blackboard.platform.security.authentication.Pass
portAuthModule
auth.type.passport.user_account=reconcile
# note: acceptable entries for user_account are: reconcile, create,
deny
auth.type.passport.def_key=UserRegistry
# Accepted values for def_key are BatchUid or UserRegistry
######################################################
##
## Shibboleth Authentication Properties
##
########################################################
#auth.type.shib.impl=blackboard.platform.security.authentication.BbShibb
olethAuthModule
#auth.type.shib.user_account=reconcile
# note: acceptable entries for user_account are: reconcile, create,
deny
#auth.type.shib.def_key=BatchUid
# Accepted values for def_key are BatchUid or UserRegistry
######################################################
##
## Datatel
##
########################################################
auth.type.datatel.impl=blackboard.platform.security.authentication.Datat
elAuthModule
Alyn Scott
Medrton College
________________________________
From: Blackboard/Courseinfo userslist
[mailto:[log in to unmask]] On Behalf Of Jim Boone
Sent: 19 September 2007 11:14
To: [log in to unmask]
Subject: Re: Blackboard LDAP Authentication[Scanned]
LDAP auth is pretty straightforward on blackboard, you just need to
configure the authentication config file to point at an ldap service,
and tell the main bb-config.properties you are using ldap in the auth
field. It really isn't hard, but sometimes fiddly, if you are sure
you
have a functioning LDAP service running then feel free to email me off
list and we can sort the auth file.
Regards
Jim
________________________________
From: Blackboard/Courseinfo userslist
[mailto:[log in to unmask]] On Behalf Of Ralph
Holland
Sent: 19 September 2007 11:02
To: [log in to unmask]
Subject: Blackboard LDAP Authentication[Scanned]
Can anyone help point me, I'm looking for the documentation on how to
turn on LDAP Authentication for Blackboard. I have scanned behind the
blackboard and cannot see anything. Can anyone help me...
Regards Ralph
Ralph Holland
VLE Administrator
E-Learning & ICT Department
TELE: 0191 427 3500 EXT. 3800
FAX: 0191 427 3535
________________________________
DISCLAIMER:
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are
addressed. If you have received this email in error please notify the
system manager. Please note that any views or opinions presented in
this
email are solely those of the author and do not necessarily represent
those of the company. Finally, the recipient should check this email
and
any attachments for the presence of viruses. The company accepts no
liability for any damage caused by any virus transmitted by this
email.
South Tyneside College,
St Georges Ave,
South Shields,
Tyne & Wear,
www.stc.ac.uk.
VAT No: GB605 5084 59
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
______________________________________________________________________
Merton College
Morden
Surrey SM4 5QX
Please note that cars parked on site without a valid permit may be
clamped - if in doubt use the pay & display carpark near the swimming
pool.
Morden Park Centre:
Tel: 020 8408 6400
Fax: 020 8408 6666
www.merton.ac.uk
Unless expressly stated otherwise, the contents of this email represent
only the views of the sender as expressed only to the intended
recipient. It does not commit Merton College to any course of action or
legal responsibility. No statement shall be construed as giving
industrial/confidential advice within/outside the UK. This email and the
information that it contains may be privileged and/or confidential. It
is for the intended addressee(s) only. If you are not the intended
recipient, please notify [log in to unmask] immediately and delete
the message from your computer. Please note - the contents of the
e-mail, and the attachments may not be disclosed to a third party
without our consent.
|
