Hi Herta,
The config I sent you has since changed to reflect priv_user=true. And now I
get an error in the service log stating several java errors.
I don't feel as though I am getting any closer to a fix for this.
The other annoying issue is the lack of *feedback* from BB Support... I
logged a similar call two weeks ago and nothing from them as yet..
Were getting to a stage now where we need this working to go with other
integration projects we are running.
Thanks,
Chris.
-----Original Message-----
From: Herta Van den Eynde [mailto:[log in to unmask]]
Sent: 12 February 2003 13:11
To: Dadswell, Christian
Cc: [log in to unmask]
Subject: Re: BB6(Trial) and LDAP Configuration Issues
Chris,
The good thing is that at least you can connect to the ldap server. Now
all you need to figure out is why it cannot find the user - or perhaps
even, which user, it cannot find.
Our ldap server allows for anonymous requests, so we specified
user_fdn.1=none and user_pwd.1=none. What strikes me as odd is that you
specified a user, but set auth.type.ldap.use_priv_user.1=false. Can you
try changing that to 'true'?
Also, in our 5.5.1 version, we needed to specify 'y' and 'n', instead of
'true" and 'false', but that may be a version difference.
Kind regards,
Herta
Dadswell, Christian wrote:
>Herta,
>
>Ok, this could go on a bit, so please bear with me!
>
>Below are the current configs I have been modifying;
>
>But to start off its worth mentioning the following;
>I have created a user account(s) on the BB6 server for each user account
>that will need to access the system. (This is a given for BB6 and LDAP to
>work).
>I have created a test LDAP account on our main LDAP server in the Users org
>unit.
>I have tested the connection to LDAP via windows address book and am able
to
>query the AD/LDAP directory with secure password authentication ONLY.
>Anonymous binds don't appear to work on our servers.
>
>Onto the configs; (blackboard\config\authentication.properties) /
>(blackboard\config\bb-config.properties) &
>(blackboard\config\service-config.properties)
>
>Within the bb-config.properties file I have set 'bbconfig.auth.type=LDAP'
>Within service-config.properties file I have set
>'blackboard.service.log.param.logdef.default.verbosity=debug'
>The second line allows debug output to the log file
>'blackboard\logs\bb-services-log.txt'
>
>----- (blackboard\config\authentication.properties) -----
>
>In the first section I am allowing fallback to BB login auth as some
>administrators need to see modules I recently migrated from a dev5.5
>platform. In future these will be turned off.
>
>auth.type.ldap.error_fallback_to_bb=true
>auth.type.ldap.user_not_found_fallback_to_bb=true
>
>### This value must be updated for every server configuration that is added
>below
>auth.type.ldap.num_servers=1
>
>### Server #1 Configuration ###
>### Note: this variable indicates whether interaction between
>Bb-installation-server and LDAP server should be over SSL
>auth.type.ldap.server_ssl.1=false
>
>auth.type.ldap.base_search_fdn.1=cn=Users,dc=internal,dc=uwic,dc=ac,dc=uk
>auth.type.ldap.deref_aliases.1=never
>auth.type.ldap.server_url.1=ldap://<servername and start of DN or FDN as
>Blackboard call it>.uwic.ac.uk:389
>auth.type.ldap.use_priv_user.1=false
>auth.type.ldap.user_fdn.1=cn=<test ldap
>account>,dc=internal,dc=uwic,dc=ac,dc=uk
>auth.type.ldap.user_pwd.1=<password>
>auth.type.ldap.user_tag.1=cn
>auth.type.ldap.referral.1=ignore
>auth.type.ldap.referral_limit.1=0
>auth.type.ldap.server_error_fatal.1=true
>
>After pushing these config updates via the BB6 system I am unable to
connect
>to the BB6 system via login.
>I get 'Username or password is incorrect'.
>
>the services log tells me;
>
>2003-02-12 12:31:25 -
>blackboard.platform.security.authentication.LDAPAuthModule : authenticate :
>Authenticating User.
>2003-02-12 12:31:25 -
>blackboard.platform.security.authentication.LDAPAuthModule : authenticate :
>trying ldap://<servername and dn>.uwic.ac.uk:389
>2003-02-12 12:31:25 -
>blackboard.platform.security.authentication.LDAPAuthModule : authenticate :
>binding anonymously.
>2003-02-12 12:31:25 - LDAPAuth:Getting initial context.
>2003-02-12 12:31:25 -
>blackboard.platform.security.authentication.LDAPAuthModule : authenticate:
>user not found.
>2003-02-12 12:31:25 -
>blackboard.platform.security.authentication.LDAPAuthModule : authenticate :
>User not found in LDAP,
>
>I have tried many different variations in the authentication.properties
>file, subsituting cn with ou where necessary, different users etc..
>anonymous access...
>
>I have literally trawled the depths of the known internet for more
>information even to the point of working out how java authenticates with
>ldap.
>
>Nothing seems to work.
>
>Chris.
>
>
>-----Original Message-----
>From: Herta Van den Eynde [mailto:[log in to unmask]]
>Sent: 12 February 2003 11:11
>To: Chris Dadswell @ UWIC
>Cc: [log in to unmask]
>Subject: Re: BB6(Trial) and LDAP Configuration Issues
>
>
>Chris,
>
>Can you give us more specifics? Errors messages, whether or not the
>ldap server receives the authentication request, ...
>
>I haven't looked at ldap on 6 yet, but on 5.5.1, we had a minor problem,
>because the documentation had left out that you also needed to specify
>the ldap.base_search_fdn.x property.
>
>Also, in version 5, if you use ldap, the password was no longer MD5
>encrypted, but simply base64 encoded, so we changed the login to use ssl.
>
>Kind regards,
>
>Herta
>
>Chris Dadswell @ UWIC wrote:
>
>
>
>>Hi,
>>
>>I'm fairly new to the Blackboard *experience* and just recently, before
>>December I installed a trial copy of BB6 onto a new Dev server.
>>
>>During this month I have managed to complete a successful trial migration
>>
>>
>>from our 5.5 Dev server. All is well...
>
>
>>Until we started to make the move towards LDAP authentication thru BB6.
>>
>>This apparently out of the box authentication method looked to be easy to
>>configure from the outset. But after many weeks of head scratching and
hair
>>pulling I am still unable to get this working.
>>
>>Is there anyone out there working on this/done it already that maybe able
>>to share their knowledge of the experience?
>>
>>FYI, We are currently running a mixed-mode Windows 2000 Active Directory
>>environment.
>>
>>Any help would be gratefully accepted.
>>
>>Christian Dadswell (University of Wales Institute, Cardiff)
>>
>>
>>
>>
>
>
>
--
******************************************************
Herta Van den Eynde
Toledo system management
K.U.Leuven - Ludit
W.de Croylaan 52A
B-3001 Heverlee
Belgium
tel: +32 (0)16 322 166
fax: +32 (0)16 322 999
******************************************************
"For something fulfilled this hour, loved or endured."
(W.H. Auden)
******************************************************
|