LDAP configuration

Hi Team,

I am trying to configure a dhis instance against a LDAP server for authentication.

I followed this doc.

http://dhis2.github.io/dhis2-docs/2.23/en/implementer/html/dhis2_implementation_guide_en_full.html#d4040e1283

LDAP server is installed in another ubuntu machine in the same network.

https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-a-basic-ldap-server-on-an-ubuntu-12-04-vps

after configure dhis.conf file when restart tomcat it gives an error.

here I attached the dhis.conf and tomcat command prompt.

dhis instance :- 2.23

please let me know anything I am missing here.

image

Thanks,

Chameera.

That ldap.url looks like the http url of your php ldap frontend web application. You need to point it at the running ldap service not the php web interface.

image

···

On 8 June 2016 at 07:00, Chameera Mirihella chameera9019@gmail.com wrote:

Hi Team,

I am trying to configure a dhis instance against a LDAP server for authentication.

I followed this doc.

http://dhis2.github.io/dhis2-docs/2.23/en/implementer/html/dhis2_implementation_guide_en_full.html#d4040e1283

LDAP server is installed in another ubuntu machine in the same network.

https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-a-basic-ldap-server-on-an-ubuntu-12-04-vps

after configure dhis.conf file when restart tomcat it gives an error.

here I attached the dhis.conf and tomcat command prompt.

dhis instance :- 2.23

please let me know anything I am missing here.

Thanks,

Chameera.


Mailing list: https://launchpad.net/~dhis2-devs

Post to : dhis2-devs@lists.launchpad.net

Unsubscribe : https://launchpad.net/~dhis2-devs

More help : https://help.launchpad.net/ListHelp

Thanks Bob, I understand, I will look into that.

Thanks again

Chameera.

image

···

On 8 June 2016 at 07:00, Chameera Mirihella chameera9019@gmail.com wrote:

Hi Team,

I am trying to configure a dhis instance against a LDAP server for authentication.

I followed this doc.

http://dhis2.github.io/dhis2-docs/2.23/en/implementer/html/dhis2_implementation_guide_en_full.html#d4040e1283

LDAP server is installed in another ubuntu machine in the same network.

https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-a-basic-ldap-server-on-an-ubuntu-12-04-vps

after configure dhis.conf file when restart tomcat it gives an error.

here I attached the dhis.conf and tomcat command prompt.

dhis instance :- 2.23

please let me know anything I am missing here.

Thanks,

Chameera.


Mailing list: https://launchpad.net/~dhis2-devs

Post to : dhis2-devs@lists.launchpad.net

Unsubscribe : https://launchpad.net/~dhis2-devs

More help : https://help.launchpad.net/ListHelp

Hi Team,

I’m trying to configure a dhis instance against a LDAP server for authentication.

attached is my dhis.conf file with ldap parameters.

after ldap configuration when I access the login page it is just the usual login interface (I expected something different like when we configured openid) and I have no clue whether it is connected to the ldap server.

but one thing I noticed, it use local db for authentication.

I checked the ldap parameters using a ldap client browser and I am 99% sure about the parameters I have provided in dhis.conf

Is there anything i am missing, can someone please help…?

Thanks,

Chameera.

image

···

On 8 June 2016 at 07:00, Chameera Mirihella chameera9019@gmail.com wrote:

Hi Team,

I am trying to configure a dhis instance against a LDAP server for authentication.

I followed this doc.

http://dhis2.github.io/dhis2-docs/2.23/en/implementer/html/dhis2_implementation_guide_en_full.html#d4040e1283

LDAP server is installed in another ubuntu machine in the same network.

https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-a-basic-ldap-server-on-an-ubuntu-12-04-vps

after configure dhis.conf file when restart tomcat it gives an error.

here I attached the dhis.conf and tomcat command prompt.

dhis instance :- 2.23

please let me know anything I am missing here.

Thanks,

Chameera.


Mailing list: https://launchpad.net/~dhis2-devs

Post to : dhis2-devs@lists.launchpad.net

Unsubscribe : https://launchpad.net/~dhis2-devs

More help : https://help.launchpad.net/ListHelp

Hi Chameera,

can you tell us the output of the tomcat log which is produced while you attempt to log in?

Also, during startup, the system will output “LDAP configuration enabled” or something like that to the Tomcat log if in fact detected.

regards,

Lars

image

···

On Fri, Jun 10, 2016 at 1:05 PM, Chameera Mirihella chameera9019@gmail.com wrote:

Hi Team,

I’m trying to configure a dhis instance against a LDAP server for authentication.

attached is my dhis.conf file with ldap parameters.

after ldap configuration when I access the login page it is just the usual login interface (I expected something different like when we configured openid) and I have no clue whether it is connected to the ldap server.

but one thing I noticed, it use local db for authentication.

I checked the ldap parameters using a ldap client browser and I am 99% sure about the parameters I have provided in dhis.conf

Is there anything i am missing, can someone please help…?

Thanks,

Chameera.

On Wed, Jun 8, 2016 at 6:09 PM Chameera Mirihella chameera9019@gmail.com wrote:

Thanks Bob, I understand, I will look into that.

Thanks again

Chameera.

On Wed, Jun 8, 2016 at 1:48 PM Bob Jolliffe bobjolliffe@gmail.com wrote:

That ldap.url looks like the http url of your php ldap frontend web application. You need to point it at the running ldap service not the php web interface.


Mailing list: https://launchpad.net/~dhis2-devs

Post to : dhis2-devs@lists.launchpad.net

Unsubscribe : https://launchpad.net/~dhis2-devs

More help : https://help.launchpad.net/ListHelp

On 8 June 2016 at 07:00, Chameera Mirihella chameera9019@gmail.com wrote:

Hi Team,

I am trying to configure a dhis instance against a LDAP server for authentication.

I followed this doc.

http://dhis2.github.io/dhis2-docs/2.23/en/implementer/html/dhis2_implementation_guide_en_full.html#d4040e1283

LDAP server is installed in another ubuntu machine in the same network.

https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-a-basic-ldap-server-on-an-ubuntu-12-04-vps

after configure dhis.conf file when restart tomcat it gives an error.

here I attached the dhis.conf and tomcat command prompt.

dhis instance :- 2.23

please let me know anything I am missing here.

Thanks,

Chameera.


Mailing list: https://launchpad.net/~dhis2-devs

Post to : dhis2-devs@lists.launchpad.net

Unsubscribe : https://launchpad.net/~dhis2-devs

More help : https://help.launchpad.net/ListHelp

Lars Helge Øverland

Lead developer, DHIS 2

University of Oslo

Skype: larshelgeoverland

lars@dhis2.org

http://www.dhis2.org

Hi Lars,

Thank you so much for the reply.

This is the output when try to login

image

and I search through tomcat log to find LDAP related message and I couldn’t find any.

I use 2.23 instance and I use this doc as a reference.

https://dhis2.github.io/dhis2-docs/2.23/en/implementer/html/ch08s05.html

any suggestions, pls ?

Thanks,

Chameera.

image

···

On Fri, Jun 10, 2016 at 1:05 PM, Chameera Mirihella chameera9019@gmail.com wrote:

Hi Team,

I’m trying to configure a dhis instance against a LDAP server for authentication.

attached is my dhis.conf file with ldap parameters.

after ldap configuration when I access the login page it is just the usual login interface (I expected something different like when we configured openid) and I have no clue whether it is connected to the ldap server.

but one thing I noticed, it use local db for authentication.

I checked the ldap parameters using a ldap client browser and I am 99% sure about the parameters I have provided in dhis.conf

Is there anything i am missing, can someone please help…?

Thanks,

Chameera.

On Wed, Jun 8, 2016 at 6:09 PM Chameera Mirihella chameera9019@gmail.com wrote:

Thanks Bob, I understand, I will look into that.

Thanks again

Chameera.

On Wed, Jun 8, 2016 at 1:48 PM Bob Jolliffe bobjolliffe@gmail.com wrote:

That ldap.url looks like the http url of your php ldap frontend web application. You need to point it at the running ldap service not the php web interface.


Mailing list: https://launchpad.net/~dhis2-devs

Post to : dhis2-devs@lists.launchpad.net

Unsubscribe : https://launchpad.net/~dhis2-devs

More help : https://help.launchpad.net/ListHelp

On 8 June 2016 at 07:00, Chameera Mirihella chameera9019@gmail.com wrote:

Hi Team,

I am trying to configure a dhis instance against a LDAP server for authentication.

I followed this doc.

http://dhis2.github.io/dhis2-docs/2.23/en/implementer/html/dhis2_implementation_guide_en_full.html#d4040e1283

LDAP server is installed in another ubuntu machine in the same network.

https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-a-basic-ldap-server-on-an-ubuntu-12-04-vps

after configure dhis.conf file when restart tomcat it gives an error.

here I attached the dhis.conf and tomcat command prompt.

dhis instance :- 2.23

please let me know anything I am missing here.

Thanks,

Chameera.


Mailing list: https://launchpad.net/~dhis2-devs

Post to : dhis2-devs@lists.launchpad.net

Unsubscribe : https://launchpad.net/~dhis2-devs

More help : https://help.launchpad.net/ListHelp


Lars Helge Øverland

Lead developer, DHIS 2

University of Oslo

Skype: larshelgeoverland

lars@dhis2.org

http://www.dhis2.org

Hi Team,

As per my knowledge there are two version, ldap v2 and ldap v3.

Does dhis2 support any specific version of ldap or it doesn’t matter ?

Thanks,

Chameera.

image

image

···

On Fri, Jun 10, 2016 at 1:05 PM, Chameera Mirihella chameera9019@gmail.com wrote:

Hi Team,

I’m trying to configure a dhis instance against a LDAP server for authentication.

attached is my dhis.conf file with ldap parameters.

after ldap configuration when I access the login page it is just the usual login interface (I expected something different like when we configured openid) and I have no clue whether it is connected to the ldap server.

but one thing I noticed, it use local db for authentication.

I checked the ldap parameters using a ldap client browser and I am 99% sure about the parameters I have provided in dhis.conf

Is there anything i am missing, can someone please help…?

Thanks,

Chameera.

On Wed, Jun 8, 2016 at 6:09 PM Chameera Mirihella chameera9019@gmail.com wrote:

Thanks Bob, I understand, I will look into that.

Thanks again

Chameera.

On Wed, Jun 8, 2016 at 1:48 PM Bob Jolliffe bobjolliffe@gmail.com wrote:

That ldap.url looks like the http url of your php ldap frontend web application. You need to point it at the running ldap service not the php web interface.


Mailing list: https://launchpad.net/~dhis2-devs

Post to : dhis2-devs@lists.launchpad.net

Unsubscribe : https://launchpad.net/~dhis2-devs

More help : https://help.launchpad.net/ListHelp

On 8 June 2016 at 07:00, Chameera Mirihella chameera9019@gmail.com wrote:

Hi Team,

I am trying to configure a dhis instance against a LDAP server for authentication.

I followed this doc.

http://dhis2.github.io/dhis2-docs/2.23/en/implementer/html/dhis2_implementation_guide_en_full.html#d4040e1283

LDAP server is installed in another ubuntu machine in the same network.

https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-a-basic-ldap-server-on-an-ubuntu-12-04-vps

after configure dhis.conf file when restart tomcat it gives an error.

here I attached the dhis.conf and tomcat command prompt.

dhis instance :- 2.23

please let me know anything I am missing here.

Thanks,

Chameera.


Mailing list: https://launchpad.net/~dhis2-devs

Post to : dhis2-devs@lists.launchpad.net

Unsubscribe : https://launchpad.net/~dhis2-devs

More help : https://help.launchpad.net/ListHelp


Lars Helge Øverland

Lead developer, DHIS 2

University of Oslo

Skype: larshelgeoverland

lars@dhis2.org

http://www.dhis2.org

Hi Lars

I just tried this but also don’t see anything in the log file on startup. Using configuration from https://dhis2.github.io/dhis2-docs/2.23/en/implementer/html/ch08s05.html.

Do you know does anyone have this working who can confirm for Chameera.

Bob

image

···

On 10 June 2016 at 12:26, Lars Helge Øverland lars@dhis2.org wrote:

Hi Chameera,

can you tell us the output of the tomcat log which is produced while you attempt to log in?

Also, during startup, the system will output “LDAP configuration enabled” or something like that to the Tomcat log if in fact detected.

regards,

Lars

On Fri, Jun 10, 2016 at 1:05 PM, Chameera Mirihella chameera9019@gmail.com wrote:

Hi Team,

I’m trying to configure a dhis instance against a LDAP server for authentication.

attached is my dhis.conf file with ldap parameters.

after ldap configuration when I access the login page it is just the usual login interface (I expected something different like when we configured openid) and I have no clue whether it is connected to the ldap server.

but one thing I noticed, it use local db for authentication.

I checked the ldap parameters using a ldap client browser and I am 99% sure about the parameters I have provided in dhis.conf

Is there anything i am missing, can someone please help…?

Thanks,

Chameera.

On Wed, Jun 8, 2016 at 6:09 PM Chameera Mirihella chameera9019@gmail.com wrote:

Thanks Bob, I understand, I will look into that.

Thanks again

Chameera.

On Wed, Jun 8, 2016 at 1:48 PM Bob Jolliffe bobjolliffe@gmail.com wrote:

That ldap.url looks like the http url of your php ldap frontend web application. You need to point it at the running ldap service not the php web interface.


Mailing list: https://launchpad.net/~dhis2-devs

Post to : dhis2-devs@lists.launchpad.net

Unsubscribe : https://launchpad.net/~dhis2-devs

More help : https://help.launchpad.net/ListHelp

Lars Helge Øverland

Lead developer, DHIS 2

University of Oslo

Skype: larshelgeoverland

lars@dhis2.org

http://www.dhis2.org

On 8 June 2016 at 07:00, Chameera Mirihella chameera9019@gmail.com wrote:

Hi Team,

I am trying to configure a dhis instance against a LDAP server for authentication.

I followed this doc.

http://dhis2.github.io/dhis2-docs/2.23/en/implementer/html/dhis2_implementation_guide_en_full.html#d4040e1283

LDAP server is installed in another ubuntu machine in the same network.

https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-a-basic-ldap-server-on-an-ubuntu-12-04-vps

after configure dhis.conf file when restart tomcat it gives an error.

here I attached the dhis.conf and tomcat command prompt.

dhis instance :- 2.23

please let me know anything I am missing here.

Thanks,

Chameera.


Mailing list: https://launchpad.net/~dhis2-devs

Post to : dhis2-devs@lists.launchpad.net

Unsubscribe : https://launchpad.net/~dhis2-devs

More help : https://help.launchpad.net/ListHelp

1 Like

Hi All,

I can confirm that I have it working with ldap v3 (turned on for Active Directory) on a test and production instance for a client. One thing that you’ll have to do is make sure the users don’t have a valid encrypted password, because it will try this first so I used the query

UPDATE users SET password = 'ldapuser' WHERE ldapid IS NOT null;

Dan Cocos
Principal, BAO Systems
dcocos@baosystems.com | http://www.baosystems.com | 2900 K Street, Suite 404, Washington D.C. 20007

···

On Jul 13, 2016, at 12:07 PM, Bob Jolliffe <bobjolliffe@gmail.com> wrote:

Hi Lars

I just tried this but also don't see anything in the log file on startup. Using configuration from https://dhis2.github.io/dhis2-docs/2.23/en/implementer/html/ch08s05.html.

Do you know does anyone have this working who can confirm for Chameera.

Bob

On 10 June 2016 at 12:26, Lars Helge Øverland <lars@dhis2.org> wrote:
Hi Chameera,

can you tell us the output of the tomcat log which is produced while you attempt to log in?

Also, during startup, the system will output "LDAP configuration enabled" or something like that to the Tomcat log if in fact detected.

regards,

Lars

On Fri, Jun 10, 2016 at 1:05 PM, Chameera Mirihella <chameera9019@gmail.com> wrote:
Hi Team,

I'm trying to configure a dhis instance against a LDAP server for authentication.

attached is my dhis.conf file with ldap parameters.

after ldap configuration when I access the login page it is just the usual login interface (I expected something different like when we configured openid) and I have no clue whether it is connected to the ldap server.

but one thing I noticed, it use local db for authentication.

I checked the ldap parameters using a ldap client browser and I am 99% sure about the parameters I have provided in dhis.conf

Is there anything i am missing, can someone please help..?

<ldap-config.png>

Thanks,
Chameera.

On Wed, Jun 8, 2016 at 6:09 PM Chameera Mirihella <chameera9019@gmail.com> wrote:
Thanks Bob, I understand, I will look into that.

Thanks again
Chameera.

On Wed, Jun 8, 2016 at 1:48 PM Bob Jolliffe <bobjolliffe@gmail.com> wrote:
That ldap.url looks like the http url of your php ldap frontend web application. You need to point it at the running ldap service not the php web interface.

On 8 June 2016 at 07:00, Chameera Mirihella <chameera9019@gmail.com> wrote:
Hi Team,

I am trying to configure a dhis instance against a LDAP server for authentication.

I followed this doc.
http://dhis2.github.io/dhis2-docs/2.23/en/implementer/html/dhis2_implementation_guide_en_full.html#d4040e1283

LDAP server is installed in another ubuntu machine in the same network.

https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-a-basic-ldap-server-on-an-ubuntu-12-04-vps

after configure dhis.conf file when restart tomcat it gives an error.

here I attached the dhis.conf and tomcat command prompt.

dhis instance :- 2.23

please let me know anything I am missing here.

<ldap-config.png>

<ldap-tomcat error.png>

Thanks,
Chameera.

_______________________________________________
Mailing list: https://launchpad.net/~dhis2-devs
Post to : dhis2-devs@lists.launchpad.net
Unsubscribe : https://launchpad.net/~dhis2-devs
More help : https://help.launchpad.net/ListHelp

_______________________________________________
Mailing list: https://launchpad.net/~dhis2-devs
Post to : dhis2-devs@lists.launchpad.net
Unsubscribe : https://launchpad.net/~dhis2-devs
More help : https://help.launchpad.net/ListHelp

--
Lars Helge Øverland
Lead developer, DHIS 2
University of Oslo
Skype: larshelgeoverland
lars@dhis2.org
http://www.dhis2.org

_______________________________________________
Mailing list: https://launchpad.net/~dhis2-devs
Post to : dhis2-devs@lists.launchpad.net
Unsubscribe : https://launchpad.net/~dhis2-devs
More help : https://help.launchpad.net/ListHelp

1 Like

Hi Dan,

I followed your suggestion and now it is working. Thanks Dan.

Chameera.

···

On Wed, Jul 13, 2016 at 10:03 PM dan@dancocos.com wrote:

Hi All,

I can confirm that I have it working with ldap v3 (turned on for Active Directory) on a test and production instance for a client. One thing that you’ll have to do is make sure the users don’t have a valid encrypted password, because it will try this first so I used the query

UPDATE users SET password = ‘ldapuser’ WHERE ldapid IS NOT null;

Dan Cocos

Principal, BAO Systems

dcocos@baosystems.com | http://www.baosystems.com | 2900 K Street, Suite 404, Washington D.C. 20007

On Jul 13, 2016, at 12:07 PM, Bob Jolliffe bobjolliffe@gmail.com wrote:

Hi Lars

I just tried this but also don’t see anything in the log file on startup. Using configuration from https://dhis2.github.io/dhis2-docs/2.23/en/implementer/html/ch08s05.html.

Do you know does anyone have this working who can confirm for Chameera.

Bob

On 10 June 2016 at 12:26, Lars Helge Øverland lars@dhis2.org wrote:

Hi Chameera,

can you tell us the output of the tomcat log which is produced while you attempt to log in?

Also, during startup, the system will output “LDAP configuration enabled” or something like that to the Tomcat log if in fact detected.

regards,

Lars

On Fri, Jun 10, 2016 at 1:05 PM, Chameera Mirihella chameera9019@gmail.com wrote:

Hi Team,

I’m trying to configure a dhis instance against a LDAP server for authentication.

attached is my dhis.conf file with ldap parameters.

after ldap configuration when I access the login page it is just the usual login interface (I expected something different like when we configured openid) and I have no clue whether it is connected to the ldap server.

but one thing I noticed, it use local db for authentication.

I checked the ldap parameters using a ldap client browser and I am 99% sure about the parameters I have provided in dhis.conf

Is there anything i am missing, can someone please help…?

<ldap-config.png>

Thanks,

Chameera.

On Wed, Jun 8, 2016 at 6:09 PM Chameera Mirihella chameera9019@gmail.com wrote:

Thanks Bob, I understand, I will look into that.

Thanks again

Chameera.

On Wed, Jun 8, 2016 at 1:48 PM Bob Jolliffe bobjolliffe@gmail.com wrote:

That ldap.url looks like the http url of your php ldap frontend web application. You need to point it at the running ldap service not the php web interface.

On 8 June 2016 at 07:00, Chameera Mirihella chameera9019@gmail.com wrote:

Hi Team,

I am trying to configure a dhis instance against a LDAP server for authentication.

I followed this doc.

http://dhis2.github.io/dhis2-docs/2.23/en/implementer/html/dhis2_implementation_guide_en_full.html#d4040e1283

LDAP server is installed in another ubuntu machine in the same network.

https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-a-basic-ldap-server-on-an-ubuntu-12-04-vps

after configure dhis.conf file when restart tomcat it gives an error.

here I attached the dhis.conf and tomcat command prompt.

dhis instance :- 2.23

please let me know anything I am missing here.

<ldap-config.png>

Thanks,

Chameera.


Mailing list: https://launchpad.net/~dhis2-devs

Post to : dhis2-devs@lists.launchpad.net

Unsubscribe : https://launchpad.net/~dhis2-devs

More help : https://help.launchpad.net/ListHelp


Mailing list: https://launchpad.net/~dhis2-devs

Post to : dhis2-devs@lists.launchpad.net

Unsubscribe : https://launchpad.net/~dhis2-devs

More help : https://help.launchpad.net/ListHelp

Lars Helge Øverland

Lead developer, DHIS 2

University of Oslo

Skype: larshelgeoverland

lars@dhis2.org

http://www.dhis2.org


Mailing list: https://launchpad.net/~dhis2-devs

Post to : dhis2-devs@lists.launchpad.net

Unsubscribe : https://launchpad.net/~dhis2-devs

More help : https://help.launchpad.net/ListHelp


Mailing list: https://launchpad.net/~dhis2-devs

Post to : dhis2-devs@lists.launchpad.net

Unsubscribe : https://launchpad.net/~dhis2-devs

More help : https://help.launchpad.net/ListHelp

1 Like

Thank you all for sharing the information. We have configured LDAP for our (MSF OCB) implementation.

1 Like

Thank you very much for this solution !!