ldap processor

Hello,

I'm currently trying to implement OPS LDAP authentication system.
I've looked at the LDAP processor doc described here :
http://www.orbeon.com/ops/doc/processors-ldap

The processor is supposed to output the query result in an xml as
described in this example :
http://www.orbeon.com/ops/doc/processors-ldap#d39e377

Actually, is there a possibility to check how this output looks like to
ensure that the configuration is right and working ?

Any hints or tips are welcome.

Thanks.



--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws

Have you tried adding a @debug attribute to your processor? If you do
that, you should be able to view the data that passes through that
output in your log.

<p:processor name="oxf:ldap">
        <p:input name="config" href="#config"/>
        <p:input name="filter" href="#filter"/>
        <p:output name="data" id="ldap-results" debug="ldap-results"/>
</p:processor>

Another option, if you have an XPL for your model, you could create
another page element that uses that pipeline as it's view. This gives
you the dual effect of making it easy to view it's output in your
browser as well as exposing an XML output for your future users to
develop against. (be careful not to expose any information that you
wouldn't want people to have access to this way.)

---
Daniel E. Renfer
http://kronkltd.net/

Kim-Vân Ho-Dac wrote:

--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws

If you hook-up a call to this processor in a pipeline, say, ldap.xpl,
like this:

   <p:config>
     <p:param name="data" type="output"/>
     <p:processor name="oxf:ldap">
       <p:input name="config" href="#config"/>
       <p:input name="filter" href="#filter"/>
       <p:output name="data" ref="data"/>
     </p:processor>
   </p:config>

and then hook this up in a page flow:

   <page path="/my-app/ldap" view="ldap.xpl"/>

the XML result should appear in your web browser when you hit that path.

-Erik

Kim-Vân Ho-Dac wrote:
--
Orbeon Forms - Web Forms for the Enterprise Done the Right Way
http://www.orbeon.com/



--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws

Hi,

Thanks for your answer, I could see in an xml file the result of my LDAP
query.

In the login page I store the username and password in an xml instance.
Now I'm wondering about the best way to authenticate any user in the
system, and maybe use this instance for the following solutions :
1) bind-dn attribute, along with password attribute to authenticate the
user ? In this case, the password would be transmitted in clear ?
2) query a userPassword and cn fields on the LDAP server then compare
them with the instance ? But in this case the password is encrypted,
does the LDAP processor manage that ?
3) any other suggestions, or most usual ways to authenticate users on
LDAP servers.

Thanks.





--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws

Kim-Vân Ho-Dac wrote:
 > Hi,
 >
 > Thanks for your answer, I could see in an xml file the result of my LDAP
 > query.
 >
 > In the login page I store the username and password in an xml instance.
 > Now I'm wondering about the best way to authenticate any user in the
 > system, and maybe use this instance for the following solutions :
 > 1) bind-dn attribute, along with password attribute to authenticate the
 > user ? In this case, the password would be transmitted in clear ?
 > 2) query a userPassword and cn fields on the LDAP server then compare
 > them with the instance ? But in this case the password is encrypted,
 > does the LDAP processor manage that ?
 > 3) any other suggestions, or most usual ways to authenticate users on
 > LDAP servers.

The most common way is to use an authentication realm provided by your
app server / servlet container. All of them have LDAP support,
including Tomcat.

The LDAP processor remains useful if you want to query more
information from LDAP about the user, such as full name, phone number,
etc.

-Erik

--
Orbeon Forms - Web Forms for the Enterprise Done the Right Way
http://www.orbeon.com/




--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws

Hello,

I'm using Tomcat.
Actually I'm trying to get started with Tomcat authentication and see
how it works with Orbeon with the authentication sample, I've edited
some files as described here :
http://www.orbeon.com/ops/doc/intro-install#d9e57
That is to say :
-  |TOMCAT_HOME/webapps/ops/WEB-INF/web.xml
- ||TOMCAT_HOME/conf/server.xml
- ||TOMCAT_HOME/conf/tomcat-users.xml

And when I try to launch the url, it doesn't seem to map to any
resources, neither
http://localhost:8080/ops/examples-standalone/authentication nor
http://localhost:8080/ops/examples-standalone/login

Is there anything else to configure to get the authentication sample
working ?

And btw, if we use the BASIC instead of FORM authentication there is no
need to configure the attributes <form-login-page> and <form-error-page> ?
And if I'm using JNDIRealm for LDAP authentication, which additional
configuration needs to be done within Orbeon ||(Adding <realm-name> and
map it to the JNDIRealm name is sufficient?) ||?


|


--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws

The authentication example was no longer availble in 3.5.2, but in
recent builds, we have revied the authentication example and documentation.

The auth example is now under /java-authentication/. If you have a
chance, get a nightly build and see if you have better luck.

With BASIC, there is no form login / error pages required.

I don't think you need any other configuration in Orbeon Forms. The
realm used is meant to be entirely transparent to the web application.

-Erik

Kim-Vân Ho-Dac wrote:
--
Orbeon Forms - Web Forms for the Enterprise Done the Right Way
http://www.orbeon.com/



--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws

I've just tried this nighty build example, but logout feature doesn't
seem to be working, when I click on this logout link
<http://localhost:8080/ops/java-authentication/> , session doesn't
seemed to be closed,  it is supposed to take me back on the login page
but  I stay on the same page.
And when I click on the logout link a second time, this message error
appears : XForms error: Unable to retrieve XForms engine state from
session cache.
Maybe it could be a clue about why it's not working. Same thing happens
on both IE and Firefox.
How can the session be closed properly ?
Thanks.
 
Erik Bruchez a écrit :


--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws

On 8/2/07, Kim-Vân Ho-Dac <[hidden email]> wrote: I can't reproduce this. Is this what you are doing:

http://www.screencast.com/t/DmD5_tN_EY

Alex
--
Orbeon Forms - Web 2.0 Forms, open-source, for the Enterprise
http://www.orbeon.com/



--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws

Yes except that with the configuration explained here :
http://localhost:8080/ops/doc/intro-install
I must login  with admin/password, also Remote  User is admin, and User
Principal and Roles are empty
But when I click on the logout link I'm not taken back to the login page
but I stay on the same page instead.
So the session-validator doesn't seem to work...
Note : I configured this with Orbeon 3.5 and Tomcat 5.5.17

Alessandro Vernet a écrit :


--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws

On 8/3/07, Kim-Vân Ho-Dac <[hidden email]> wrote:
> Yes except that with the configuration explained here :
> http://localhost:8080/ops/doc/intro-install
> I must login  with admin/password, also Remote  User is admin, and User
> Principal and Roles are empty

In section 3 of the page installation documentation you point to, I see:

<tomcat-users>
    <role rolename="orbeon-user"/>
    <role rolename="orbeon-admin"/>
    <user username="orbeonadmin" password="xforms"
roles="orbeon-user,orbeon-admin"/>
</tomcat-users>

So the username is orbeonadmin (not admin), and password is xforms
(not password). Or did I misunderstand what you are saying?

Alex
--
Orbeon Forms - Web 2.0 Forms, open-source, for the Enterprise
http://www.orbeon.com/



--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws

I don't know which version of orbeon you are using, but I am using version 3.5 and the documentation I pointed to is the same that the one on the web site :
http://www.orbeon.com/ops/doc/intro-install
According to this page the username is admin and password password is :
<tomcat-users>
    <role rolename="administrator"/>
    <user username="admin" password="password" roles="administrator"/>
</tomcat-users>
But I guess it is not the problem, because I can see that authentication is successful, only logout fails.

Alessandro Vernet a écrit :

On 8/3/07, Kim-Vân Ho-Dac [hidden email] wrote:
  

Yes except that with the configuration explained here :
http://localhost:8080/ops/doc/intro-install
I must login  with admin/password, also Remote  User is admin, and User
Principal and Roles are empty
    

In section 3 of the page installation documentation you point to, I see:

<tomcat-users>
    <role rolename="orbeon-user"/>
    <role rolename="orbeon-admin"/>
    <user username="orbeonadmin" password="xforms"
roles="orbeon-user,orbeon-admin"/>
</tomcat-users>

So the username is orbeonadmin (not admin), and password is xforms
(not password). Or did I misunderstand what you are saying?

Alex
  

--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: [hidden email]
For general help: [hidden email]
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws
  

--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws

On 8/5/07, Kim-Vân Ho-Dac <[hidden email]> wrote:
>
>  I don't know which version of orbeon you are using, but I am using version
> 3.5 and the documentation I pointed to is the same that the one on the web
> site :

I am using a nightly build :). Hence the difference in the
documentation. I did not realize that section of the documentation had
changed. But like you say, the login you use doesn't matter as long as
tomcat-users.xml is configured accordingly.

Could you try this with a nightly build? I don't remember us changing
something related to login/logout, but since it can't reproduce the
issue on a nightly build, I don't have a bug that I can fix either.

For reference, you can alway download the latest nightly build from:

http://forge.objectweb.org/nightlybuilds/ops/ops/

Alex
--
Orbeon Forms - Web 2.0 Forms, open-source, for the Enterprise
http://www.orbeon.com/



--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws

Alessandro Vernet a écrit : I've just tried with tonight build and it still doesn't work, when I
login, I'm taken to this page which displays the following information :


  Authentication

Loading...

This example shows how:

    * You can restrict the access to a page with the standard
      authentication mechanisms provided by your application server.
    * You can programmatically obtain the name of the currently logged
      in user, as well as other security related information.
    * You can implement a "logout" functionality.

If you have configured authentication in your application server
<http://localhost:8080/ops/doc/intro-install>, access to this
application requires you to login through a login page. After you have
successfully logged in, the application displays your username and other
authentication information.

If you followed the installation instructions to the letter
<http://localhost:8080/ops/doc/intro-install>, the username and password
are |orbeonadmin/xforms|.

You are authenticated. The application has access to the following
information:

Authentication Type FORM
Secure Connection false
Remote User admin
User Principal
Roles

Following this logout link
<http://localhost:8080/ops/java-authentication/> will log you out and
take you back to the login page.

Then when I click on the logout link I still remain on the same page.
By the way, the web.xml from the nightly build should be uptated to
remain consistent with the latest doc :
<role-name>administrator</role-name>
instead of
<role-name>orbeon-admin</role-name>

I've followed exactly the same instructions as stated here :
http://localhost:8080/ops/doc/intro-install#d3e53 (point 3)
except that i dont have the |xercesImpl.jar| and |xmlParserAPIs.jar in
common/endorsed in my tomcat distribution (5.5.17)
|

|Note : I've tried a similair authentication sample provided with orbeon
2.7.2, named examples-standalone/authentication, and logout seemed to
work well.
|

|Both samples use the oxf:session-invalidator processor, but in the
examples-standalone it is a button instead of a link to logout.

Any ideas of what this problem could be dependant of (something else
than orbeon) ?
|



--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws

On 8/7/07, Kim-Vân Ho-Dac <[hidden email]> wrote:
> The results I got were from a last week nightly build.
> I've just tried with tonight build and it still doesn't work, when I
> login, I'm taken to this page which displays the following information :

I am not able to reproduce the issue. I am not sure why it used to
work for me. I created this bug which you can track on:

http://forge.objectweb.org/tracker/index.php?group_id=168&atid=350207

Alex
--
Orbeon Forms - Web 2.0 Forms, open-source, for the Enterprise
http://www.orbeon.com/



--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws

Alessandro Vernet wrote:
> On 8/7/07, Kim-Vân Ho-Dac <[hidden email]> wrote:
>> The results I got were from a last week nightly build.
>> I've just tried with tonight build and it still doesn't work, when I
>> login, I'm taken to this page which displays the following information :
>
> I am not able to reproduce the issue. I am not sure why it used to
> work for me. I created this bug which you can track on:

I assume Alex you mean that you are *now* able to reproduce the issue ;-)

-Erik

--
Orbeon Forms - Web Forms for the Enterprise Done the Right Way
http://www.orbeon.com/



--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws

Alessandro Vernet wrote:
> On 8/7/07, Kim-Vân Ho-Dac <[hidden email]> wrote:
>> The results I got were from a last week nightly build.
>> I've just tried with tonight build and it still doesn't work, when I
>> login, I'm taken to this page which displays the following information :
>
> I am not able to reproduce the issue. I am not sure why it used to
> work for me. I created this bug which you can track on:
>
> http://forge.objectweb.org/tracker/index.php?group_id=168&atid=350207

This bug is now fixed.

-Erik

--
Orbeon Forms - Web Forms for the Enterprise Done the Right Way
http://www.orbeon.com/


--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
OW2 mailing lists service home page: http://www.ow2.org/wws