Herta,
Ok, this could go on a bit, so please bear with me!
Below are the current configs I have been modifying;
But to start off its worth mentioning the following;
I have created a user account(s) on the BB6 server for each user account
that will need to access the system. (This is a given for BB6 and LDAP to
work).
I have created a test LDAP account on our main LDAP server in the Users org
unit.
I have tested the connection to LDAP via windows address book and am able to
query the AD/LDAP directory with secure password authentication ONLY.
Anonymous binds don't appear to work on our servers.
Onto the configs; (blackboard\config\authentication.properties) /
(blackboard\config\bb-config.properties) &
(blackboard\config\service-config.properties)
Within the bb-config.properties file I have set 'bbconfig.auth.type=LDAP'
Within service-config.properties file I have set
'blackboard.service.log.param.logdef.default.verbosity=debug'
The second line allows debug output to the log file
'blackboard\logs\bb-services-log.txt'
----- (blackboard\config\authentication.properties) -----
In the first section I am allowing fallback to BB login auth as some
administrators need to see modules I recently migrated from a dev5.5
platform. In future these will be turned off.
auth.type.ldap.error_fallback_to_bb=true
auth.type.ldap.user_not_found_fallback_to_bb=true
### This value must be updated for every server configuration that is added
below
auth.type.ldap.num_servers=1
### Server #1 Configuration ###
### Note: this variable indicates whether interaction between
Bb-installation-server and LDAP server should be over SSL
auth.type.ldap.server_ssl.1=false
auth.type.ldap.base_search_fdn.1=cn=Users,dc=internal,dc=uwic,dc=ac,dc=uk
auth.type.ldap.deref_aliases.1=never
auth.type.ldap.server_url.1=ldap://<servername and start of DN or FDN as
Blackboard call it>.uwic.ac.uk:389
auth.type.ldap.use_priv_user.1=false
auth.type.ldap.user_fdn.1=cn=<test ldap
account>,dc=internal,dc=uwic,dc=ac,dc=uk
auth.type.ldap.user_pwd.1=<password>
auth.type.ldap.user_tag.1=cn
auth.type.ldap.referral.1=ignore
auth.type.ldap.referral_limit.1=0
auth.type.ldap.server_error_fatal.1=true
After pushing these config updates via the BB6 system I am unable to connect
to the BB6 system via login.
I get 'Username or password is incorrect'.
the services log tells me;
2003-02-12 12:31:25 -
blackboard.platform.security.authentication.LDAPAuthModule : authenticate :
Authenticating User.
2003-02-12 12:31:25 -
blackboard.platform.security.authentication.LDAPAuthModule : authenticate :
trying ldap://<servername and dn>.uwic.ac.uk:389
2003-02-12 12:31:25 -
blackboard.platform.security.authentication.LDAPAuthModule : authenticate :
binding anonymously.
2003-02-12 12:31:25 - LDAPAuth:Getting initial context.
2003-02-12 12:31:25 -
blackboard.platform.security.authentication.LDAPAuthModule : authenticate:
user not found.
2003-02-12 12:31:25 -
blackboard.platform.security.authentication.LDAPAuthModule : authenticate :
User not found in LDAP,
I have tried many different variations in the authentication.properties
file, subsituting cn with ou where necessary, different users etc..
anonymous access...
I have literally trawled the depths of the known internet for more
information even to the point of working out how java authenticates with
ldap.
Nothing seems to work.
Chris.
-----Original Message-----
From: Herta Van den Eynde [mailto:[log in to unmask]]
Sent: 12 February 2003 11:11
To: Chris Dadswell @ UWIC
Cc: [log in to unmask]
Subject: Re: BB6(Trial) and LDAP Configuration Issues
Chris,
Can you give us more specifics? Errors messages, whether or not the
ldap server receives the authentication request, ...
I haven't looked at ldap on 6 yet, but on 5.5.1, we had a minor problem,
because the documentation had left out that you also needed to specify
the ldap.base_search_fdn.x property.
Also, in version 5, if you use ldap, the password was no longer MD5
encrypted, but simply base64 encoded, so we changed the login to use ssl.
Kind regards,
Herta
Chris Dadswell @ UWIC wrote:
>Hi,
>
>I'm fairly new to the Blackboard *experience* and just recently, before
>December I installed a trial copy of BB6 onto a new Dev server.
>
>During this month I have managed to complete a successful trial migration
>from our 5.5 Dev server. All is well...
>
>Until we started to make the move towards LDAP authentication thru BB6.
>
>This apparently out of the box authentication method looked to be easy to
>configure from the outset. But after many weeks of head scratching and hair
>pulling I am still unable to get this working.
>
>Is there anyone out there working on this/done it already that maybe able
>to share their knowledge of the experience?
>
>FYI, We are currently running a mixed-mode Windows 2000 Active Directory
>environment.
>
>Any help would be gratefully accepted.
>
>Christian Dadswell (University of Wales Institute, Cardiff)
>
>
--
******************************************************
Herta Van den Eynde
Toledo system management
K.U.Leuven - Ludit
W.de Croylaan 52A
B-3001 Heverlee
Belgium
tel: +32 (0)16 322 166
fax: +32 (0)16 322 999
******************************************************
"For something fulfilled this hour, loved or endured."
(W.H. Auden)
******************************************************
|