Active Directory

Hi team,

I think we've had some discussions around integration with Active
Directory and LDAP earlier, but as far as I remember, it was put on
the back burner? It has surfaced as a request from some participants
at the current Academy. Do we have any plans to support it?

···

--
Knut Staring
Dept. of Informatics, University of Oslo
+4791880522
http://dhis2.org

Hi,

no concrete plans but I hear the requirement coming up more frequently. I seem to remember that Bob managed to set up some authentication scheme using Spring security LDAP support, and that a challenge was to map the LDAP user to the DHIS user + user role setup. Maybe Bob can comment in more detail.

Lars

···

On Wed, Feb 20, 2013 at 5:56 PM, Knut Staring knutst@gmail.com wrote:

Hi team,

I think we’ve had some discussions around integration with Active

Directory and LDAP earlier, but as far as I remember, it was put on

the back burner? It has surfaced as a request from some participants

at the current Academy. Do we have any plans to support it?

Knut Staring

Dept. of Informatics, University of Oslo

+4791880522

http://dhis2.org


Mailing list: https://launchpad.net/~dhis2-devs

Post to : dhis2-devs@lists.launchpad.net

Unsubscribe : https://launchpad.net/~dhis2-devs

More help : https://help.launchpad.net/ListHelp

Hi,

no concrete plans but I hear the requirement coming up more frequently. I
seem to remember that Bob managed to set up some authentication scheme using
Spring security LDAP support, and that a challenge was to map the LDAP user
to the DHIS user + user role setup. Maybe Bob can comment in more detail.

Yes that about summarizes where I got to. And verified that
authentication worked against openldap, apacheDS and 389 Directory
server. I didn't have AD to play with :slight_smile: I'd have to go back and
dig up some archives to find the bean configuration, but that part is
relatively straightforward. Associating the logged in user with the
actual dhis2 user and mapping ldap groups to user roles could be a bit
more challenging.

I'll try and find what I did and put the source in a sandbox branch.
Maybe there will be good suggestions how to take it further. This was
back in 2009/10. It might even be easier today.

Bob

···

On 20 February 2013 17:00, Lars Helge Øverland <larshelge@gmail.com> wrote:

Lars

On Wed, Feb 20, 2013 at 5:56 PM, Knut Staring <knutst@gmail.com> wrote:

Hi team,

I think we've had some discussions around integration with Active
Directory and LDAP earlier, but as far as I remember, it was put on
the back burner? It has surfaced as a request from some participants
at the current Academy. Do we have any plans to support it?

--
Knut Staring
Dept. of Informatics, University of Oslo
+4791880522
http://dhis2.org

_______________________________________________
Mailing list: https://launchpad.net/~dhis2-devs
Post to : dhis2-devs@lists.launchpad.net
Unsubscribe : https://launchpad.net/~dhis2-devs
More help : https://help.launchpad.net/ListHelp

_______________________________________________
Mailing list: https://launchpad.net/~dhis2-devs
Post to : dhis2-devs@lists.launchpad.net
Unsubscribe : https://launchpad.net/~dhis2-devs
More help : https://help.launchpad.net/ListHelp

1 Like

I can't find that old code. I'll try and resurrect (redo) it next week.

···

On 20 February 2013 17:53, Bob Jolliffe <bobjolliffe@gmail.com> wrote:

On 20 February 2013 17:00, Lars Helge Øverland <larshelge@gmail.com> wrote:

Hi,

no concrete plans but I hear the requirement coming up more frequently. I
seem to remember that Bob managed to set up some authentication scheme using
Spring security LDAP support, and that a challenge was to map the LDAP user
to the DHIS user + user role setup. Maybe Bob can comment in more detail.

Yes that about summarizes where I got to. And verified that
authentication worked against openldap, apacheDS and 389 Directory
server. I didn't have AD to play with :slight_smile: I'd have to go back and
dig up some archives to find the bean configuration, but that part is
relatively straightforward. Associating the logged in user with the
actual dhis2 user and mapping ldap groups to user roles could be a bit
more challenging.

I'll try and find what I did and put the source in a sandbox branch.
Maybe there will be good suggestions how to take it further. This was
back in 2009/10. It might even be easier today.

Bob

Lars

On Wed, Feb 20, 2013 at 5:56 PM, Knut Staring <knutst@gmail.com> wrote:

Hi team,

I think we've had some discussions around integration with Active
Directory and LDAP earlier, but as far as I remember, it was put on
the back burner? It has surfaced as a request from some participants
at the current Academy. Do we have any plans to support it?

--
Knut Staring
Dept. of Informatics, University of Oslo
+4791880522
http://dhis2.org

_______________________________________________
Mailing list: https://launchpad.net/~dhis2-devs
Post to : dhis2-devs@lists.launchpad.net
Unsubscribe : https://launchpad.net/~dhis2-devs
More help : https://help.launchpad.net/ListHelp

_______________________________________________
Mailing list: https://launchpad.net/~dhis2-devs
Post to : dhis2-devs@lists.launchpad.net
Unsubscribe : https://launchpad.net/~dhis2-devs
More help : https://help.launchpad.net/ListHelp

Do you have any news about this?

Thank you
Caveman

···

On Fri, Feb 22, 2013 at 1:33 PM, Bob Jolliffe bobjolliffe@gmail.com wrote:

I can’t find that old code. I’ll try and resurrect (redo) it next week.

On 20 February 2013 17:53, Bob Jolliffe bobjolliffe@gmail.com wrote:

On 20 February 2013 17:00, Lars Helge Øverland larshelge@gmail.com wrote:

Hi,

no concrete plans but I hear the requirement coming up more frequently. I

seem to remember that Bob managed to set up some authentication scheme using

Spring security LDAP support, and that a challenge was to map the LDAP user

to the DHIS user + user role setup. Maybe Bob can comment in more detail.

Yes that about summarizes where I got to. And verified that

authentication worked against openldap, apacheDS and 389 Directory

server. I didn’t have AD to play with :slight_smile: I’d have to go back and

dig up some archives to find the bean configuration, but that part is

relatively straightforward. Associating the logged in user with the

actual dhis2 user and mapping ldap groups to user roles could be a bit

more challenging.

I’ll try and find what I did and put the source in a sandbox branch.

Maybe there will be good suggestions how to take it further. This was

back in 2009/10. It might even be easier today.

Bob

Lars

On Wed, Feb 20, 2013 at 5:56 PM, Knut Staring knutst@gmail.com wrote:

Hi team,

I think we’ve had some discussions around integration with Active

Directory and LDAP earlier, but as far as I remember, it was put on

the back burner? It has surfaced as a request from some participants

at the current Academy. Do we have any plans to support it?

Knut Staring

Dept. of Informatics, University of Oslo

+4791880522

http://dhis2.org


Mailing list: https://launchpad.net/~dhis2-devs

Post to : dhis2-devs@lists.launchpad.net

Unsubscribe : https://launchpad.net/~dhis2-devs

More help : https://help.launchpad.net/ListHelp


Mailing list: https://launchpad.net/~dhis2-devs

Post to : dhis2-devs@lists.launchpad.net

Unsubscribe : https://launchpad.net/~dhis2-devs

More help : https://help.launchpad.net/ListHelp


Mailing list: https://launchpad.net/~dhis2-devs

Post to : dhis2-devs@lists.launchpad.net

Unsubscribe : https://launchpad.net/~dhis2-devs

More help : https://help.launchpad.net/ListHelp

Hi @bobj I tried to configure dhis2 to use AD but it didn’t work , I had this error message :
Caused by: java.lang.IllegalArgumentException: Cannot pass null or empty values to constructor at org.springframework.security.core.userdetails.User.<init>(User.java:113) at org.hisp.dhis.security.DefaultUserDetailsService.loadUserByUsername(DefaultUserDetailsService.java:113)

Did you have the opportunity to make it working with AD ?

Thanks
Regards

Hi @Ahammi

7 years is an old thread :slight_smile:

To be honest I’ve not looked at it much since then. I would myself have to check out what the current state of DHIS2 ldap code is (which I can do), though I am not easily able to test against an AD server (as I dont have one). I will try it out against an LDAP server as soon as I get a chance, but quite busy right now with many things. It would be good if anyone with more recent experience of using LDAP with DHIS2 could comment.

Regards
Bob

1 Like

Thanks @bobj for your reply. In fact, I have found a workaround in another topic, the problem was from password which has to be filled even if we use AD. Otherwise it works perfectly now with AD.

Regards