These instructions document how to configure uPortal itself to perform authentication against LDAP. It is also possible to configure the bundled CAS instance, or some other CAS server, to connect to LDAP instead of following this approach.
Step 1. Add the ldap connection context
...
- Open and edit the following file: uPortal-4.x/uportal-war/src/main/resources/properties/contexts/ldapContext.xml
- Add your ldap connection url, userName, etc...
| Code Block | ||
|---|---|---|
| ||
<bean id="defaultLdapServer" class="org.jasig.portal.ldap.ContextSourceLdapServerImpl">
<property name="ldapContextSource" ref="legacyLdapContext"/>
<property name="uidAttribute" value="uid"/>
<property name="baseDN" value="ou=People, dc=myuniv, dc=edu"/>
</bean>
<bean id="legacyLdapContext" class="org.springframework.ldap.core.support.LdapContextSource">
<property name="url" value="ldap://ldap.myuniv.edu:389"/>
<property name="userName" value=""/>
<property name="password" value=""/>
</bean>
|
Step 2. Add the SimpleLdapSecurityContextFactory
...
- Open and edit the following file: uPortal-4.x/uportal-war/src/main/resources/properties/security.properties
| Code Block | ||
|---|---|---|
| ||
## This is the factory that supplies the concrete authentication class root=org.jasig.portal.security.provider.UnionSecurityContextFactory root.simple=org.jasig.portal.security.provider.SimpleSecurityContextFactory root.ldap=org.jasig.portal.security.provider.SimpleLdapSecurityContextFactory |
- If you need to uPortal to cache user passwords, you may add the cache security context factory:
...
| Note | ||
|---|---|---|
| ||
Note: If you choose not to configure the CasLoginUrl parameter in the security.properties file, you will receive the following error, "Could not resolve property placeholder ${org.jasig.portal.channels.CLogin.CasLoginUrl}". This error stems from the CasLoginUrl parameter being referenced in two files: jsonRenderingPipelinContext.xml and renderingPipelineContext.xml located in the directory path, uportal-war/src/main/resources/properties/contexts. Therefore, you will need to remove (comment out) the CasLoginUrl parameter reference in the two xml files. <entry key="EXTERNAL_LOGIN_URL" value="${org.jasig.portal.channels.CLogin.CasLoginUrl}" /> For Additional Information see the CAS manual page. |
Step 3. (Optional) Show Login Form for Guest User
| Note | ||
|---|---|---|
| ||
There seems to be a bug in the import script that won't allow you to import the channel if the comment below is left in place in uportal-war/src/main/data/default_entities/layout/guest.layout.xml (https://issues.jasig.org/browse/UP-3176)
|
...
| Code Block | ||
|---|---|---|
| ||
<layout xmlns:dlm="http://www.uportal.org/layout/dlm" script="classpath://org/jasig/portal/io/import-layout_v3-2.crn" username="guest">
<folder hidden="false" immutable="false" name="Root folder" type="root" unremovable="true">
<folder hidden="false" immutable="true" name="Header folder" type="header" unremovable="true">
<channel fname="login" unremovable="false" hidden="false" immutable="false"/>
</folder>
<folder hidden="false" immutable="false" name="Footer folder" type="footer" unremovable="false"/>
</folder>
</layout>
|
Step 4.
...
Rebuild/Redeploy uPortal
From the root of your uPortal distribution (i.e., / uPortal-4.x), execute the following command:
| Code Block |
|---|
ant clean deploy-war |
Step 5: Restart Tomcat
Restart your tomcat servlet container to activate the modifications.
Optional: Using Multiple LDAP servers
See the example at uPortal-4.x/uportal-war/src/main/resources/properties/security.properties
...