• FEATURES
  • PRICING
  • MARKETPLACE
  • CASE STUDIES
  • BLOG
  • LDAP Auth domain registration

    Hi,

    There appears to be two conflicting documents for the rest api for registering a new LDAP domain for OS 2.x.

    Here: https://openspecimen.atlassian.net/wiki/display/CAT/Register+Authentication+Domain
    And
    Here: https://openspecimen.atlassian.net/wiki/display/CAT/LDAP+Configuration

    The attributes for the LDAP config seem different. Like “password”: “bind password” vs “bindPassword”:“john” where I assume the binding password is for the DN of the user who can read the directory for searching. However it could be that one is the openpspecimen user bind and one is for the search user/manager that is searching the directory. The props that seem to be used in the LdapAuthenticationServiceImpl.java seem to match the LDAP+Configuration page.

    So it’s unclear where things are failing when trying to configure OS 2.0 for LDAP authentication. Default logging doesn’t show much. Also PUT and DELETE fail as not supported for trying to update or delete a domain and config so I’ve been removing from the database manually, which is not ideal.

    Any clarification would be great!

    Thanks,
    Randy

    Hi Randy,

    Here is the correct link:
    https://openspecimen.atlassian.net/wiki/x/OgcR

    The other link was referring to the older API of v1.1, we have deleted that link.

    Yes correct, the bind password is for the DN of user who has the read access to the directory. OpenSpecimen uses this to connect and search the user in the LDAP.

    Only POST and PUT are supported. Use POST to register the domain in OpenSpecimen and use PUT if you want to update any data for the registered domain.

    If you still face any issue, please share the log folder.

    Updating the config works now, however the bind may still be failing. DEBUG logging carries too much sensitive data, I’ll have to scrub and then post what I can if I’m not able to figure it out. I’ll need to TRACE log what happens after this:

    2015-09-09 17:39:19,834 [http-bio-8443-exec-5] DEBUG org.springframework.security.ldap.authentication.BindAuthenticator - Attempting to bind as —
    (In between here there should be a bind failure that is logged but I’m not seeing it.)
    2015-09-09 17:39:19,834 [http-bio-8443-exec-5] DEBUG org.springframework.security.ldap.DefaultSpringSecurityContextSource - Removing pooling flag for user —

    Still trying to figure it out. Will let you know. Thanks for the clarification.

    Just a quick update. In order to get the domain authentication service to pick up the BindAuthenticator props after a change a restart of Tomcat is seems to be required. The implementation doesn’t populate the props from the database on every call. Once it’s set it seems to be set for the length of the session.

    It does work however, just need to kick the app server to get it to drop the cached properties.

    -Randy