Introduction
In this article, we'll walk through integrating OpenLDAP with JasperServer. This article has been tested for both JasperServer 3.7 through JasperReports Server 4.7. For JasperReports Server 5.0 and beyond, please study the sample configuration file that's in the samples directory, under the externalAuth-sample-config subdirectory.
This article assumes that you already have JasperServer already installed, and that you need to install and integrate OpenLDAP with JasperServer. This article also assumes that you're working with Ubuntu. The principal steps are:
- Install necessary libraries before installing OpenLDAP
- Install OpenLDAP
- Configure OpenLDAP
- Load Test Data
- Verify Test Data in OpenLDAP with third-party ldap management GUI tool
- Integrate OpenLDAP with JasperServer
- Test
You can test the integration by going to the JasperServer login page, and using a user login and password that you loaded in the LDAP test data.
At the end of this article, there is a troubleshooting and sample files section, which provide examples of what we are talking about.
Installation
This page is going through the steps to install OpenLDAP version 2.4.23. A Ubuntu 10.04.1 32bit environment was used. Recommended page to guide you: openldap, quick start
Install Berkeley DB
Rather than downloading it from the web and doing manual install Synaptic Package manager gives all you need to get Berkeley DB. You'll need to install these packages:
- libdb4.8++
- libdb4.8-java
- db4.8-util
- libdb-je-java
- libdb-dev (version 4.8)
The Synaptic Package manager will install everything for you; you may need to restart your machine to have the changes take effect.
Install OpenLDAP Download OpenLDAP from here - http://www.openldap.org/software/download/. You will download openldap-2.4.23.tgz. Unzip and untar to a temporary location.
From main OpenLDAP Directory run
$ sudo ./configure
Then run everything as root, if you don't you might get errors.
$ sudo make depend $ sudo make $ sudo make test $ sudo make install
Then found everything installed in /usr/local/etc/openldap
Creating Test Data
The first step is start running the LDAP server. You do this by:
$ cd /usr/local/libexec $ sudo ./slapd
To configure the server, you can modify the slapd.conf and ldap.conf files in /usr/local/etc/openldap. I'm attaching the files I used to this page as a reference.
Using JXPlorer (an LDAP GUI tool)
The second step is to see what data is stored there. A useful, lightweight Java tool that allows you to see the contents of the LDAP store is JXplorer (http://jxplorer.org/). It allows you to see an LDAP structure via a GUI application. If you're just inspecting the data, all you have to do is supply the server hostname, the port (it should be 389 for OpenLDAP, not the default 19389), and you can connect. If you want to do write or delete operations, then you'll have to login as the root LDAP user. There are many other tools available, but this one is sufficient for our purposes here.
Loading Test Data
I created a file with test data to load into the LDAP store, it's called Sample_29112010.ldif and is attached to this page. The entries use the some of the schemas that ship with OpenLDAP. From the command line you can add the test file with this command:
cd [Directory where the sample file lives] $ ldapadd -h ubuntu -p 389 -D "cn=Manager,o=Jaspersoft" -w secret -f Sample_16122010_2.ldif
The test records set up each person with object classes of top, person, and organizationalPerson. Each record defines a person's uid, password, and role. Since this is just an example, I've set up the test data to store a person's JasperServer role in the title field. You can verify the records by downloading the Sample_16122010_2.ldif file that is attached to this page, they are text files you can easily inspect.
You can verify that it loaded successfully by using the JXplorer tool to view the data. You'll be able to see everything except the password.
Searching for Data
You can use the ldapsearch command line tool to search for entries according to criteria you want. Below is an example where we're searching for all entries whose sn value is Jensen, and displaying only the uid and userPassword attributes.
$ ldapsearch -h ubuntu -b "o=Jaspersoft" "sn=Jensen" uid userPassword
Integrate it with JasperServer
The next steps are to:
- Modify the applicationContext-security.xml file
- Modify the applicationContext-multiTenancy-security.xml file
- Restart JasperServer
Modifying the applicationContext-security.xml file
- Uncomment out the reference to the ldapAuthenticationProvider bean in the definition of the authenticationManager bean.
- Uncomment out and modify the values for the ldapContextSource bean - there's an example in the troubleshooting section below
- Specify the location of where to begin the search in the constructor-arg parameter
- Specify the LDAP user DN and password that will be performing the actual operations on the LDAP server.
- Uncomment out the userSearch bean
- Uncomment out the ldapAuthenticationProvider bean
- For our example, look for the groupRoleAttribute property and and modify its value to title - that is the field name in the user record we will be using in this example. By modifying it to title, we're telling JasperServer that this field contains the user's role within JasperServer.
Modifying the applicationContext-multiTenancy-security.xml
There's two items to modify in this file:
- Enable the reference to the ldapExternalUserProcessor bean, which is commented out and is part of the definition of the mtUserAuthorityServiceTarget bean.
- Enable the ldapExternalUserProcessor bean, which is commented out by default.
Troubleshooting
Verify the LDAP structure is right in the ldapContextSource
The integration isn't very complicated, but it does assume that you understand the structure of an LDAP directory. In this example, the node at which the uid search starts is defined in the ldapContextSource bean. It contains a constructor-arg parameter which tells the server where to search for users.
<bean id="ldapContextSource">
<!-- constructor-arg value="ldap://localhost:389/o=Jaspersoft,c=US"/ -->
<constructor-arg value="ldap://localhost:389/o=Jaspersoft"/>
<!-- You may not need the next properties -->
<property name="userDn">
<value>cn=Manager,o=Jaspersoft</value>
</property>
<property name="password">
<value>secret</value>
</property>
</bean>
In the above example, JasperServer requests that the user searches start at the "o=Jaspersoft" node. That means that a user's DN must end with "o=Jaspersoft" for it each to match.
Be careful when editing XML files
Since we're editing XML files by hand, we have to make double-sure that we're not doing something incorrectly!
Look at the logs for clues
You have two logs to look at:
The jasperserver.log file in the /jasperserver-pro/WEB-INF/logs/ directory
- the syslog file in the /var/log directory - if it is not in this directory, use the locate command to find it. It will contain system logging when JasperServer interacts with OpenLDAP.
- OpenLDAP itself can have its own log file, which you can define in the slapd.conf file - setting it up is beyond the scope of this page.
Sample Files
- ApplicationContext-multiTenancy-security.zip - this Zip contains a sample xml file we used for testing the content on this page.
- ApplicationContext-security(1).zip - this Zip contains a sample xml file for the Spring security configuration.
- Ldap.zip - this Zip file contains configuration files for OpenLDAP as well as sample data for testing the integration.
Recommended Comments
There are no comments to display.