I think we've had some discussions around integration with Active
Directory and LDAP earlier, but as far as I remember, it was put on
the back burner? It has surfaced as a request from some participants
at the current Academy. Do we have any plans to support it?
···
--
Knut Staring
Dept. of Informatics, University of Oslo
+4791880522
no concrete plans but I hear the requirement coming up more frequently. I seem to remember that Bob managed to set up some authentication scheme using Spring security LDAP support, and that a challenge was to map the LDAP user to the DHIS user + user role setup. Maybe Bob can comment in more detail.
Lars
···
On Wed, Feb 20, 2013 at 5:56 PM, Knut Staring knutst@gmail.com wrote:
Hi team,
I think we’ve had some discussions around integration with Active
Directory and LDAP earlier, but as far as I remember, it was put on
the back burner? It has surfaced as a request from some participants
at the current Academy. Do we have any plans to support it?
no concrete plans but I hear the requirement coming up more frequently. I
seem to remember that Bob managed to set up some authentication scheme using
Spring security LDAP support, and that a challenge was to map the LDAP user
to the DHIS user + user role setup. Maybe Bob can comment in more detail.
Yes that about summarizes where I got to. And verified that
authentication worked against openldap, apacheDS and 389 Directory
server. I didn't have AD to play with I'd have to go back and
dig up some archives to find the bean configuration, but that part is
relatively straightforward. Associating the logged in user with the
actual dhis2 user and mapping ldap groups to user roles could be a bit
more challenging.
I'll try and find what I did and put the source in a sandbox branch.
Maybe there will be good suggestions how to take it further. This was
back in 2009/10. It might even be easier today.
Bob
···
On 20 February 2013 17:00, Lars Helge Øverland <larshelge@gmail.com> wrote:
Lars
On Wed, Feb 20, 2013 at 5:56 PM, Knut Staring <knutst@gmail.com> wrote:
Hi team,
I think we've had some discussions around integration with Active
Directory and LDAP earlier, but as far as I remember, it was put on
the back burner? It has surfaced as a request from some participants
at the current Academy. Do we have any plans to support it?
--
Knut Staring
Dept. of Informatics, University of Oslo
+4791880522 http://dhis2.org
I can't find that old code. I'll try and resurrect (redo) it next week.
···
On 20 February 2013 17:53, Bob Jolliffe <bobjolliffe@gmail.com> wrote:
On 20 February 2013 17:00, Lars Helge Øverland <larshelge@gmail.com> wrote:
Hi,
no concrete plans but I hear the requirement coming up more frequently. I
seem to remember that Bob managed to set up some authentication scheme using
Spring security LDAP support, and that a challenge was to map the LDAP user
to the DHIS user + user role setup. Maybe Bob can comment in more detail.
Yes that about summarizes where I got to. And verified that
authentication worked against openldap, apacheDS and 389 Directory
server. I didn't have AD to play with I'd have to go back and
dig up some archives to find the bean configuration, but that part is
relatively straightforward. Associating the logged in user with the
actual dhis2 user and mapping ldap groups to user roles could be a bit
more challenging.
I'll try and find what I did and put the source in a sandbox branch.
Maybe there will be good suggestions how to take it further. This was
back in 2009/10. It might even be easier today.
Bob
Lars
On Wed, Feb 20, 2013 at 5:56 PM, Knut Staring <knutst@gmail.com> wrote:
Hi team,
I think we've had some discussions around integration with Active
Directory and LDAP earlier, but as far as I remember, it was put on
the back burner? It has surfaced as a request from some participants
at the current Academy. Do we have any plans to support it?
--
Knut Staring
Dept. of Informatics, University of Oslo
+4791880522 http://dhis2.org
Hi @bobj I tried to configure dhis2 to use AD but it didn’t work , I had this error message : Caused by: java.lang.IllegalArgumentException: Cannot pass null or empty values to constructor at org.springframework.security.core.userdetails.User.<init>(User.java:113) at org.hisp.dhis.security.DefaultUserDetailsService.loadUserByUsername(DefaultUserDetailsService.java:113)
Did you have the opportunity to make it working with AD ?
To be honest I’ve not looked at it much since then. I would myself have to check out what the current state of DHIS2 ldap code is (which I can do), though I am not easily able to test against an AD server (as I dont have one). I will try it out against an LDAP server as soon as I get a chance, but quite busy right now with many things. It would be good if anyone with more recent experience of using LDAP with DHIS2 could comment.
Thanks @bobj for your reply. In fact, I have found a workaround in another topic, the problem was from password which has to be filled even if we use AD. Otherwise it works perfectly now with AD.