Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

[08:29:15 EDT(-0400)] * athena7 (n=athena7@c-24-2-189-230.hsd1.ct.comcast.net) has joined ##uportal
[08:51:54 EDT(-0400)] * anastasiac (n=team@142.150.154.105) has joined ##uportal
[09:35:23 EDT(-0400)] * jessm (n=Jess@142.150.154.101) has joined ##uportal
[10:13:08 EDT(-0400)] * colinclark (n=colin@142.150.154.101) has joined ##uportal
[10:14:15 EDT(-0400)] <athena7> welcome, jess!
[10:14:30 EDT(-0400)] <athena7> i think fluid is outnumbering uportal here today (smile)
[10:14:36 EDT(-0400)] <jessm> thanks so much – very excited to be here
[10:15:11 EDT(-0400)] <athena7> so are you officially started?
[10:15:41 EDT(-0400)] <jessm> yep, in fact, I'm in Toronto all this week working with the uofT Fluid folks
[10:16:12 EDT(-0400)] <athena7> awesome
[10:16:17 EDT(-0400)] <athena7> you're based out of boston, right?
[10:16:46 EDT(-0400)] <jessm> yes, well, not quite yet, i'll be in boston in july
[10:16:51 EDT(-0400)] * EricDalquist (n=dalquist@bohemia.doit.wisc.edu) has joined ##uportal
[10:16:53 EDT(-0400)] <jessm> right now i'm in chapel hill, nc
[10:17:02 EDT(-0400)] <athena7> ah nice
[10:17:08 EDT(-0400)] <jessm> athena7: you nearby to boston?
[10:17:13 EDT(-0400)] <athena7> july sounds like a good month to move northward (smile)
[10:17:20 EDT(-0400)] <athena7> sort of - i'm in new haven, ct
[10:17:21 EDT(-0400)] <athena7> morning eric
[10:18:34 EDT(-0400)] <EricDalquist> morning
[10:20:20 EDT(-0400)] <athena7> the home office definitely needs a new monitor, i've gotten spoiled
[10:20:35 EDT(-0400)] <EricDalquist> lol
[10:20:54 EDT(-0400)] <athena7> that and i can't figure out how to adjust the chair height, not sure if it's broken
[10:20:56 EDT(-0400)] <athena7> but oh wel (smile)
[10:22:45 EDT(-0400)] <EricDalquist> so do you actually have an 'office' area at home?
[10:23:26 EDT(-0400)] <athena7> sort of
[10:23:55 EDT(-0400)] <athena7> the main part of my apartment is a long rectangle - i've kind of separated off a living room area at one end
[10:24:01 EDT(-0400)] <athena7> and then there's my desk near the door
[10:24:18 EDT(-0400)] <athena7> but we're moving in july, at which point i'm hoping to fit my desk into the second bedroom
[10:24:32 EDT(-0400)] <EricDalquist> that will be nice
[10:24:36 EDT(-0400)] <athena7> definitely
[10:24:41 EDT(-0400)] <athena7> it'll be nice to have the extra space
[10:25:02 EDT(-0400)] <athena7> and i'll be able to close the door and talk on the phone and whatever and kris can have the living room to herself to relax
[10:33:11 EDT(-0400)] <athena7> so it looks like the ldap problem i've been having really is related to up3 specifically
[10:33:24 EDT(-0400)] * michelled (n=team@142.150.154.197) has joined ##uportal
[10:33:28 EDT(-0400)] <EricDalquist> yeah I saw your email, could you send a full ldapContext.xml example?
[10:33:53 EDT(-0400)] <athena7> sure
[10:34:00 EDT(-0400)] <athena7> want me to send it to the list?
[10:34:18 EDT(-0400)] <athena7> er, actually, i think i sent you one of those on fri
[10:35:38 EDT(-0400)] <EricDalquist> there was a note with some new properties listed
[10:35:47 EDT(-0400)] <EricDalquist> but it wasn't really clear how to actually configure those in ldapContext.xml
[10:36:54 EDT(-0400)] <athena7> i think i'd sent an email just to you, last week, let me resend it to the list
[10:37:03 EDT(-0400)] <athena7> finding it now
[10:37:24 EDT(-0400)] <athena7> here we go
[10:38:45 EDT(-0400)] <EricDalquist> ah ok, I may have missed it
[10:39:08 EDT(-0400)] <athena7> nah it was when we were talking about stuff the other day
[10:39:09 EDT(-0400)] <athena7> no worries
[10:39:20 EDT(-0400)] <athena7> ok i was not clear with that email over the weekend at all, wow
[10:39:31 EDT(-0400)] <athena7> the "properties" were properties as seen in tomcat's debugger
[10:39:36 EDT(-0400)] <athena7> looking at the actual objects
[10:39:40 EDT(-0400)] <athena7> not ones in spring files
[10:40:33 EDT(-0400)] <EricDalquist> ah
[10:40:43 EDT(-0400)] <EricDalquist> yeah I was kind of confused
[10:41:36 EDT(-0400)] <athena7> yeah no kidding!
[10:41:38 EDT(-0400)] <athena7> sorry about that
[10:41:45 EDT(-0400)] <athena7> i must have been totally fried or something
[10:42:20 EDT(-0400)] <EricDalquist> (smile)
[10:42:25 EDT(-0400)] <EricDalquist> thanks for the reply email
[10:42:33 EDT(-0400)] <athena7> yeah
[10:42:43 EDT(-0400)] <EricDalquist> so what ended up being the problem? Just getting the base & url correct?
[10:42:48 EDT(-0400)] <athena7> no i haven't fixed it
[10:42:56 EDT(-0400)] <athena7> it's still broken
[10:43:04 EDT(-0400)] <athena7> but i did finally set up a up2 install
[10:43:05 EDT(-0400)] <EricDalquist> oh (tongue)
[10:43:08 EDT(-0400)] <athena7> and it works without problem there
[10:43:18 EDT(-0400)] <EricDalquist> weird
[10:43:30 EDT(-0400)] <EricDalquist> can you send me the ldap.xml from that?
[10:43:30 EDT(-0400)] <athena7> so i started looking at what the differences in the connections between up2 and up3 were in the debugger
[10:43:41 EDT(-0400)] <athena7> and came up with the list that made it into my useless email
[10:43:41 EDT(-0400)] <athena7> yes
[10:44:00 EDT(-0400)] <athena7> the really weird thing though is that that ldapContext.xml works perfectly for the person directory connection
[10:45:01 EDT(-0400)] <EricDalquist> I think the problem may be in the ldap security context
[10:45:10 EDT(-0400)] <EricDalquist> I'm wondering if it is appending the baseDN again
[10:45:48 EDT(-0400)] <athena7> i think it is
[10:45:56 EDT(-0400)] <athena7> that was one of the differences I found
[10:46:13 EDT(-0400)] <athena7> the url for up2 is ldapserver:port
[10:46:20 EDT(-0400)] <athena7> and for up3 it's ldapserver:port/baseDN
[10:46:30 EDT(-0400)] <EricDalquist> that was one of the differences with the Spring ldapcontext code versus the uPortal ldapserver code
[10:46:37 EDT(-0400)] <EricDalquist> the uPortal code exposes the baseDn to client code
[10:47:12 EDT(-0400)] <athena7> ah
[10:47:36 EDT(-0400)] <athena7> that might explain why the person dir works and the security context doesn't then?
[10:47:40 EDT(-0400)] <EricDalquist> yup
[10:47:57 EDT(-0400)] <athena7> hm, ok
[10:48:01 EDT(-0400)] <EricDalquist> persondir uses Spring-LDAP so it expects the BaseDN to 'just be there'
[10:48:03 EDT(-0400)] <athena7> any suggestions for fixing it?
[10:48:05 EDT(-0400)] <athena7> right
[10:48:12 EDT(-0400)] <EricDalquist> the uPortal LDAP AuthN code may try to do more work than it needs to
[10:48:19 EDT(-0400)] <EricDalquist> look in the LDAP security context
[10:48:25 EDT(-0400)] <EricDalquist> see if you can find where it uses the BaseDN
[10:48:30 EDT(-0400)] <EricDalquist> and just remove it for now
[10:48:38 EDT(-0400)] <EricDalquist> that would be try 1
[10:48:49 EDT(-0400)] <EricDalquist> try 2 would be do the modifications to just use SpringLDAP in that code
[10:48:54 EDT(-0400)] <EricDalquist> which shouldn't be too much work
[10:49:30 EDT(-0400)] <athena7> sounds reasonable
[10:59:52 EDT(-0400)] * EiNZTEiN (n=einztein@205.241.143.4) has joined ##uportal
[11:03:34 EDT(-0400)] <athena7> ok, i'm not really sure what to think here
[11:03:48 EDT(-0400)] <athena7> i tried setting the search name from the base dn to an empty string
[11:04:09 EDT(-0400)] <athena7> and it breaks in a similar way, although ti seems to get further
[11:04:09 EDT(-0400)] <athena7> LDAP Errorjavax.naming.NameNotFoundException: [LDAP: error cod
[11:04:10 EDT(-0400)] <athena7> e 32 - 0000208D: NameErr: DSID-031001BD, problem 2001 (NO_OBJECT), data 0, best match of:
[11:04:10 EDT(-0400)] <athena7> 'CN=Users,DC=unicon,DC=net'
[11:04:10 EDT(-0400)] <athena7> ^@]; remaining name 'CN=Jennifer Bourey, cn=Users, dc=unicon, dc=net' with user: jbourey
[11:04:25 EDT(-0400)] <athena7> so it seems to somewhat find me?
[11:06:59 EDT(-0400)] <EricDalquist> hrm
[11:08:20 EDT(-0400)] <athena7> i don't imagine than an empty string is really a valid search name
[11:09:13 EDT(-0400)] <EricDalquist> probably not
[11:09:21 EDT(-0400)] <EricDalquist> I'm going to go look at the spring-ldap authn docs
[11:09:27 EDT(-0400)] <athena7> ah
[11:09:39 EDT(-0400)] <athena7> i'd sort of tried to make a spring version at one point
[11:09:51 EDT(-0400)] <athena7> but i'm really not familiar with either ldap or the spring-ldap stuff
[11:17:27 EDT(-0400)] <EricDalquist> yeah either am I
[11:17:33 EDT(-0400)] <EricDalquist> The examples they have are all for Acegi
[11:17:41 EDT(-0400)] <EricDalquist> so I'm trying to figure out what Acegi does (tongue)
[11:18:18 EDT(-0400)] <athena7> ah (smile)
[11:19:03 EDT(-0400)] <EricDalquist> you could just volunteer to replace the security code with spring-security and that would solve the problem (wink)
[11:19:54 EDT(-0400)] <athena7> yeah . . .
[11:19:55 EDT(-0400)] <athena7> haha
[11:20:02 EDT(-0400)] <athena7> except i don't know spring security either (smile)
[11:20:19 EDT(-0400)] <EricDalquist> (smile)
[11:20:37 EDT(-0400)] <athena7> i may not have as much time for a while, we'll see
[11:21:23 EDT(-0400)] <EricDalquist> so ... reading through spring-security gives an example of how they do it
[11:21:30 EDT(-0400)] <athena7> yeah
[11:21:35 EDT(-0400)] <EricDalquist> but I don't think I have the understanding to explain it
[11:21:50 EDT(-0400)] <athena7> yeah
[11:22:17 EDT(-0400)] <athena7> i worry a little, because for this project, not having ldap working for local login is only an annoyance at the moment
[11:22:37 EDT(-0400)] <athena7> but if it crops up for people who rely on it for production use that'll be annoying
[11:22:42 EDT(-0400)] <EricDalquist> yup
[11:22:50 EDT(-0400)] <EricDalquist> yeah we need to get this resolved
[11:24:30 EDT(-0400)] <EricDalquist> http://static.springframework.org/spring-security/site/reference/html/ldap.html
[11:24:49 EDT(-0400)] <EricDalquist> 18.4.5 has the spring bean config they use ...
[11:25:08 EDT(-0400)] <EricDalquist> the more I look at this the more I think SimpleLdapSecurityContext is going to need some work
[11:25:09 EDT(-0400)] <EricDalquist> (sad)
[11:25:25 EDT(-0400)] <athena7> yeah
[11:25:42 EDT(-0400)] <EricDalquist> and if that is the case I'm really wanting to just replace it with spring-security
[11:25:48 EDT(-0400)] <athena7> i'm not very confident at the moment that we'll be able to resolve it without just making the security context springified in some way
[11:25:54 EDT(-0400)] <EricDalquist> yeah
[11:26:00 EDT(-0400)] <athena7> well we'd talked about using spring security in general, right?
[11:26:01 EDT(-0400)] <EricDalquist> I'm not sure either
[11:26:04 EDT(-0400)] <EricDalquist> oh yes
[11:26:09 EDT(-0400)] <EricDalquist> it was on the plan for 3.0
[11:26:15 EDT(-0400)] <EricDalquist> but didn't happen because of time
[11:26:27 EDT(-0400)] <EricDalquist> we have a portal steering committee meeting today so I'll bring this up there
[11:26:34 EDT(-0400)] <EricDalquist> as much as it is a 'big' change
[11:26:38 EDT(-0400)] <athena7> sounds like a good idea
[11:26:39 EDT(-0400)] <EricDalquist> this may have to happen for 3.0.1
[11:26:40 EDT(-0400)] <athena7> yeah
[11:26:50 EDT(-0400)] <athena7> i think we need to resolve it in some way pretty soon
[11:27:02 EDT(-0400)] <athena7> even if we need to shoehorn a temporary fix in, then do the spring security stuff later
[11:27:07 EDT(-0400)] <EricDalquist> because at this point re-writing SimpleLdapSecurityContext seems like a lot of work when that could be put into porting
[11:27:52 EDT(-0400)] <athena7> yeah, very true
[11:28:00 EDT(-0400)] <athena7> if we can do it in a short amount of time, then even better
[11:28:03 EDT(-0400)] <EricDalquist> so it looks like it is a DN issue
[11:28:15 EDT(-0400)] <EricDalquist> the problem is the way I put in spring-ldap
[11:28:24 EDT(-0400)] <EricDalquist> doesn't allow you specify a different basedn for the user
[11:28:30 EDT(-0400)] <EricDalquist> I don't think ...
[11:28:43 EDT(-0400)] <athena7> that kinda sounds right
[11:29:51 EDT(-0400)] <EricDalquist> so
[11:29:59 EDT(-0400)] <EricDalquist> could I ask you to try a few more things?
[11:30:10 EDT(-0400)] <athena7> sure
[11:30:20 EDT(-0400)] <EricDalquist> could you modify ContextSourceLdapServerImpl so that you can set your own baseDn there too?
[11:30:33 EDT(-0400)] <EricDalquist> then the base for the LdapContextSource is one thing