Question: How to I configure caArray for LDAP authentication?

Topic: caArray and UPT Integration

Release: Up to caArray 2.x

Date entered: 03/27/2009

Details about the Question

I wanted to integrate caArray and LDAP authentication with my university's login account. In the same way, my colleagues should also be able to log into caArray using their accounts. What do I need to do to achieve this?

Answer

To use LDAP authentication, you need to configure the installation property, and make sure all the users are being created in UPT.

Step 1. Configure Installation Property

You can use either the GUI installer or Command Line installation to modify the configuration file. The following information is necessary:

GUI Installer Text : Property Name

  "LDAP Host Name" : ldap.host (E.g., ldap_host.mydomain.com)
  "LDAP Search Base" : ldap.searchbase (The subdirectory in LDAP where users/roles should be searched for. E.g., ou=users, o=mydomain.com)
  "LDAP Search Prefix" : ldap.searchprefix (The user ID prefix which is used by your LDAP server. uid=)

Commend Line installation (install.properties)

  ldap.host=  ldap.host (E.g., ldap_host.mydomain.com)
  ldap.searchbase= ldap.searchbase
  ldap.searchprefix=: ldap.searchprefix (The user ID prefix which is used by your LDAP server. uid=)

Step 2. Create User in UPT

In order for someone with an LDAP account to log in to caArray, they need to be added to the UPT. (For details, see caArrat003, How to create caArray user with UPT?

  Log into the UPT for the caarray application
  Click on the User Tab
  Click on "Create a New User"
  Enter the user's LDAP account into the "User Login Name" Field
  Enter user's first name
  Enter user's last name
  Enter user's email address
    (You can add other information you would like about the user, but *DO NOT enter* a password)
  Click on the "Add" button
  On the next screen, click on the "Associated Groups" button
  Add the proper group (i.e. Principal Investigator, Lab Scientist, etc.)
  Click on the "Update Associations" button

The user should now be able to login using their LDAP account credentials. The UPT is designed to first check for a password provided in the UPT. If the password field is blank, it will then try to look for an LDAP connection and authentication.

Step 3: LDAP configuration in caArray 2.2.1 and under

Several bugs were identified in the caArray installer (release 2.2.1 & under) with regard to the proper LDAP configuration. The bugs have been fixed in the caArray 2.3.0 release. In order to make sure the LDAP is working properly with any caArray instance prior to caArray version 2.3.0, however, the user needs to manually configure the web.xml inside the caarray.war file, which is inside the caarray.ear file, following the steps below:

• Back up your <caArray installation home>/jboss-4.0.5.GA/server/default/deploy/caarray.ear file
• Extract the caarray.war file from the caarray.ear file using a zip utility
• Extract the web.xml file from the caarray.war file using zip utility
• Manually configure these two context-param elements with param-values set for your unique environment:

 <context-param>
 <param-name>ldapHost</param-name>
 <param-value>ldaps://nci6116-ds2.nci.nih.gov:636</param-value>
 </context-param>
 <context-param>
 <param-name>ldapSearchableBase</param-name>
 <param-value>ou=nci,o=nih</param-value>
 </context-param>

• Save the modified web.xml and reinsert it into the proper location inside the caarray.war file using a zip utility (goes to <war root>/WEB-INF/web.xml)
• Reinsert the caarray.war file back into the root of the caarray.ear file using a zip utility (goes to <ear root>/caarray.war)
• Restart JBoss

Troubleshooting

• Application name is case sensitive.

Have a comment?

Please leave your comment in the caArray End User Forum.