Dashboard > SakaiPedia > LDAP Integration
  SakaiPedia Log In | Signup View a printable version of the current page.  
  LDAP Integration
 Browse Space
Added by Dave Ross, last edited by Daniel McCallum on Apr 08, 2008  (view change)
Labels: 

Sakai can be configured to authenticate users against a LDAP-compliant directory (such as Microsoft Active Directory or Novell E-Directory). This is achieved by implementing Sakai's UserDirectoryProvider interface:

An LDAP-enabled user directory provider was contributed to the Sakai community by Albany Medical College. This class makes use of Novell's JLDAP free, open-source library for communicating with LDAP servers. Questions or comments can be directed to Dave Ross

Installation instructions

Sakai 1.5

Albany Med's LDAP provider class and installation instructions can be downloaded here.

Sakai 2.3.x, Sakai 2.4.x
  1. Make sure you have the source distribution of Sakai
  2. Edit the file $sakai-src/providers/component/project.xml and uncomment the JLDAP Provider dependencies
  3. Edit the file $sakai-src/providers/component/src/webapp/WEB-INF/components.xml and uncomment the JLDAP Provider bean configuration
  4. Configure the provider by modifying the properties in components.xml. Alternatively you can configure the provider through sakai.properties. This can be useful when you have multiple Sakai instances that use different LDAP servers.
  5. Rebuild and deploy the providers project. Go to $sakai-src/providers and execute the command maven sakai 1
  6. For 2.4.0 and later: Start Sakai with the JVM option -Dsakai.demo set to false. E.g.:
JAVA_OPTS="-server -Xms768m -Xmx768m -XX:PermSize=128m -XX:MaxPermSize=256m -XX:NewSize=192m -XX:MaxNewSize=384m -Dsakai.demo=false"

1 For instructions on building/deploying sakai code see the installation instructions: http://source.sakaiproject.org/release/2.3.0/install-overview.html

project.xml
<!-- Needed for the JLDAP Provider -->
<dependency>
  <groupId>sakaiproject</groupId>
    <artifactId>sakai-jldap-provider</artifactId>
    <version>${sakai.version}</version>
    <properties>
      <war.bundle>true</war.bundle>
    </properties>
</dependency>
	
<dependency> 
  <groupId>openldap</groupId> 
  <artifactId>ldap</artifactId> 
  <version>2005.03.29</version> 
  <properties> 
    <war.bundle>true</war.bundle> 
  </properties> 
</dependency>
components.xml
<!--    Uncomment and configure to use the JLDAP Provider.
        Default values below point to a test account at nldap.com (free ldap test server). 
        To login with the nldap.com test account -      username: ldap-admin 
                                                        password: admin
                
        Make sure to remove any other UserDirectoryProviders as there can only be one user provider active at any time.
-->
<bean id="org.sakaiproject.user.api.UserDirectoryProvider"
   class="edu.amc.sakai.user.JLDAPDirectoryProvider"
   init-method="init"
   destroy-method="destroy"
   singleton="true">
   <property name="ldapHost"><value>nldap.com</value></property>
   <property name="ldapPort"><value>389</value></property> 
   <property name="secureConnection"><value>false</value></property>
   <property name="keystoreLocation"><value></value></property>
   <property name="keystorePassword"><value></value></property>
   <property name="basePath"><value>ou=sakai-ldap,ou=user,o=novell</value></property>
   <property name="operationTimeout"><value>5000</value></property>
   <property name="cacheTTL"><value>18000000</value></property>
   <property name="attributeMappings">
      <map>
	<entry key="login"><value>cn</value></entry>    
	<entry key="distinguishedName"><value>dn</value></entry>        
	<entry key="firstName"><value>givenName</value></entry> 
	<entry key="lastName"><value>sn</value></entry> 
	<entry key="email"><value>mail</value></entry>  
	<entry key="groupMembership"><value>groupMembership</value></entry>     
      </map>
   </property>
</bean>
sakai.properties
ldapHost@org.sakaiproject.user.api.UserDirectoryProvider=nldap.com
ldapPort@org.sakaiproject.user.api.UserDirectoryProvider=389
basePath@org.sakaiproject.user.api.UserDirectoryProvider=ou=sakai-ldap,ou=user,o=novell

If you have problems getting things running you can set the logging level for the LDAP provider to DEBUG. Add the following lines to sakai.properties:

sakai.properties
log.config.count=1
log.config.1=DEBUG.edu.amc.sakai.user.JLDAPDirectoryProvider

Sakai 2-4-x and 2-5-x

Institutions with directories that require non-anonymous binding may be interested in deploying the refactored JLDAP provider first introduced in contrib for 2-4-* releases. This implementation has continued to evolve and was merged into the mainline SVN repo for 2-5-* releases.

Sakai Version Source Code README Sample Config
2-4-* Source README Config
2-5-* Source README Config

Existing LDAP-related Spring bean configuration should generally be forward compatible with these revisions.
Site running on a free Atlassian Confluence Open Source Project License granted to Sakai Foundation. Evaluate Confluence today.
Powered by Atlassian Confluence, the Enterprise Wiki. (Version: 2.5.5 Build:#811 Jul 25, 2007) - Bug/feature request - Contact Administrators