Question: How to I configure caArray for LDAP authentication?
Topic: caArray and UPT Integration
Release: Up to caArray 2.x
Date entered: 03/27/2009
Details about the Question
I wanted to integrate caArray and LDAP authentication with my university's login account. In the same way, my colleagues should also be able to log into caArray using their accounts. What do I need to do to achieve this?
Answer
To use LDAP authentication, you need to configure the installation property, and make sure all the users are being created in UPT.
Step 1. Configure Installation Property
You can use either the GUI installer or Command Line installation to modify the configuration file. The following information is necessary:
GUI Installer Text : Property Name
"LDAP Host Name" : ldap.host (E.g., ldap_host.mydomain.com) "LDAP Search Base" : ldap.searchbase (The subdirectory in LDAP where users/roles should be searched for. E.g., ou=users, o=mydomain.com) "LDAP Search Prefix" : ldap.searchprefix (The user ID prefix which is used by your LDAP server. uid=)
Commend Line installation (install.properties)
ldap.host= ldap.host (E.g., ldap_host.mydomain.com) ldap.searchbase= ldap.searchbase ldap.searchprefix=: ldap.searchprefix (The user ID prefix which is used by your LDAP server. uid=)
Step 2. Create User in UPT
In order for someone with an LDAP account to log in to caArray, they need to be added to the UPT. (For details, see caArrat003, How to create caArray user with UPT?
Log into the UPT for the caarray application Click on the User Tab Click on "Create a New User" Enter the user's LDAP account into the "User Login Name" Field Enter user's first name Enter user's last name Enter user's email address (You can add other information you would like about the user, but *DO NOT enter* a password) Click on the "Add" button On the next screen, click on the "Associated Groups" button Add the proper group (i.e. Principal Investigator, Lab Scientist, etc.) Click on the "Update Associations" button
The user should now be able to login using their LDAP account credentials. The UPT is designed to first check for a password provided in the UPT. If the password field is blank, it will then try to look for an LDAP connection and authentication.
Step 3: LDAP configuration in caArray 2.2.1 and under
Several bugs were identified in the caArray installer (release 2.2.1 & under) with regard to the proper LDAP configuration. The bugs have been fixed in the caArray 2.3.0 release. In order to make sure the LDAP is working properly with any caArray instance prior to caArray version 2.3.0, however, the user needs to manually configure the web.xml inside the caarray.war file, which is inside the caarray.ear file, following the steps below:
- Back up your <caArray installation home>/jboss-4.0.5.GA/server/default/deploy/caarray.ear file
- Extract the caarray.war file from the caarray.ear file using a zip utility
- Extract the web.xml file from the caarray.war file using zip utility
- Manually configure these two context-param elements with param-values set for your unique environment:
<context-param> <param-name>ldapHost</param-name> <param-value>ldaps://nci6116-ds2.nci.nih.gov:636</param-value> </context-param> <context-param> <param-name>ldapSearchableBase</param-name> <param-value>ou=nci,o=nih</param-value> </context-param>
- Save the modified web.xml and reinsert it into the proper location inside the caarray.war file using a zip utility (goes to <war root>/WEB-INF/web.xml)
- Reinsert the caarray.war file back into the root of the caarray.ear file using a zip utility (goes to <ear root>/caarray.war)
- Restart JBoss
Troubleshooting
- Application name is case sensitive.
Have a comment?
Please leave your comment in the caArray End User Forum.