Howto configure LDAP with Essentials

October 22, 2015 13:43

Hi,

I am using the acme-ldap.jar from GeoServer to test some functionalitty (http://docs.geoserver.org/latest/en/user/security/tutorials/ldap/index.html). This LDAP server has out-of-the-box three users and two groups I would like to use to test the security functionality in Essentials. The problem I am facing is that whatever I configure, the Identity Server cannot connect to my acme-ldap server. If I use JExplorer or "LDAPExplorerTool 2" I can access the information and even add users and groups.

Hopefully there is somebody that can help me getting the Identity Server connect to the acme-ldap server.

This is my configuration:

connectioString.config

<add name="IdentityServerConfiguration"

connectionString="Data Source=|DataDirectory|\IdentityServerConfiguration.sdf"

providerName="System.Data.SqlServerCe.4.0" />

<add name="ProviderDB"

connectionString="Data Source=|DataDirectory|\IdentityServerUsers.sdf"

providerName="System.Data.SqlServerCe.4.0" />

<add name="ADConnString"

connectionString="ldap://localhost:10389/ou=people,dc=acme,dc=org" />

<add name="ADRolesConnString"

connectionString="LDAP://localhost:10389/ou=groups,dc=acme,dc=org" />

</connectionStrings>

membership.config

<add name="DefaultMembershipProvider"

type="System.Web.Providers.DefaultMembershipProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"

connectionStringName="ProviderDB"

enablePasswordRetrieval="false"

enablePasswordReset="true"

requiresQuestionAndAnswer="false"

requiresUniqueEmail="false"

maxInvalidPasswordAttempts="20"

minRequiredPasswordLength="6"

minRequiredNonalphanumericCharacters="0"

passwordAttemptWindow="5"

applicationName="/" />

<add name="XmlMembershipProvider"

type="Geocortex.IdentityServer.Integration.Membership.XmlMembershipProvider, Geocortex.IdentityServer.Integration"

userList="App_Data/GlobalSecurityProvider.xml" />

<add name="ActiveDirectoryMembershipProvider"

type="System.Web.Security.ActiveDirectoryMembershipProvider"

connectionStringName="ADConnString"

<!-- anonymous access

connectionUsername=""

connectionPassword=""

attributeMapUsername="sAMAccountName"

-->

enableSearchMethods="true" />

</providers>

</membership>

roleManager.config

<add name="DefaultRoleProvider"

type="System.Web.Providers.DefaultRoleProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"

connectionStringName="ProviderDB"

applicationName="/" />

<add name="XmlRoleProvider"

type="Geocortex.IdentityServer.Integration.Membership.XmlRoleProvider, Geocortex.IdentityServer.Integration"

userList="App_Data/GlobalSecurityProvider.xml" />

<add name="ActiveDirectoryRoleProvider"

type="Geocortex.IdentityServer.Integration.Membership.ActiveDirectoryRoleProvider, Geocortex.IdentityServer.Integration"

activeDirectoryUsersConnectionString="ADConnString"

activeDirectoryGroupsConnectionString="ADRolesConnString"

securityGroupsOnly="false"

groupsToUse="admin;user" />

</providers>

</roleManager>

Comments

3 comments

Luuk Schaminée

October 22, 2015 14:04
Some extra information. I get the following error from Essentials:

An error occurred while processing your request.

Unable to manage users and roles for security provider 'Geocortex Identity Server'. Unable to connect to the remote server

Details

Controller: SecurityUsersAndRoles

Action: Index

Error Info

Source: Geocortex.Essentials.RestManager

Message: Unable to manage users and roles for security provider 'Geocortex Identity Server'. Unable to connect to the remote server

Root Message(s):

(1) Unable to manage users and roles for security provider 'Geocortex Identity Server'. Unable to connect to the remote server

StackTrace: at Geocortex.Essentials.RestManager.Controllers.SecurityUsersAndRolesController.a(String A_0, String A_1, Int32 A_2, Int32 A_3, String A_4, String A_5) at Geocortex.Essentials.RestManager.Controllers.SecurityUsersAndRolesController.Index(String userIssuerId, String roleIssuerId, Int32 usersPageIndex, Int32 rolesPageIndex, String userFilter, String roleFilter) at lambda_method(Closure , ControllerBase , Object[] ) at System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext controllerContext, IDictionary`2 parameters) at System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary`2 parameters) at System.Web.Mvc.ControllerActionInvoker.<>c__DisplayClassd.<InvokeActionMethodWithFilters>b__a() at System.Web.Mvc.ControllerActionInvoker.InvokeActionMethodFilter(IActionFilter filter, ActionExecutingContext preContext, Func`1 continuation) at System.Web.Mvc.ControllerActionInvoker.InvokeActionMethodWithFilters(ControllerContext controllerContext, IList`1 filters, ActionDescriptor actionDescriptor, IDictionary`2 parameters) at System.Web.Mvc.ControllerActionInvoker.InvokeAction(ControllerContext controllerContext, String actionName)

I cannot find any information in the log files. So, some tips there are also appreciated.
0
Luuk Schaminée

November 05, 2015 15:09
I installed a new version of the IdentityServer and changed the configuration a bit. Now I get the following error:

Configuration ErrorDescription: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately.

Parser Error Message: Unable to establish secure connection with the server

Source Error:

Line 26: --> Line 27: <add name="ActiveDirectoryMembershipProvider" Line 28: type="System.Web.Security.ActiveDirectoryMembershipProvider" Line 29: connectionStringName="ADConnString" Line 30: connectionUsername="admin"

Source File: D:\Applic\Latitude Geographics\GeocortexIdentityServerLDAP\Web\configuration\membership.config    Line: 28

So I am almost there. If someone knows the answer, please tell me.

These are the changed settings:

connectionStrings.config

<connectionStrings>



<add name="IdentityServerConfiguration"

       connectionString="Data Source=|DataDirectory|\IdentityServerConfiguration.sdf"

       providerName="System.Data.SqlServerCe.4.0" />



<add name="ProviderDB"

       connectionString="Data Source=|DataDirectory|\IdentityServerUsers.sdf"

       providerName="System.Data.SqlServerCe.4.0" />





<add name="ADConnString"

       connectionString="LDAP://127.0.0.1:10389/cn=user,dc=acme,dc=org" />

<add name="ADRolesConnString"

       connectionString="LDAP://127.0.0.1:10389/cn=user,dc=acme,dc=org" />

</connectionStrings>

membership.config:

<membership defaultProvider="DefaultMembershipProvider">

<providers>

    <add name="DefaultMembershipProvider"

         type="System.Web.Providers.DefaultMembershipProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"

         connectionStringName="ProviderDB"

         enablePasswordRetrieval="false"

         enablePasswordReset="true"

         requiresQuestionAndAnswer="false"

         requiresUniqueEmail="false"

         maxInvalidPasswordAttempts="20"

         minRequiredPasswordLength="6"

         minRequiredNonalphanumericCharacters="0"

         passwordAttemptWindow="5"

         applicationName="/" />

    <add name="XmlMembershipProvider"

         type="Geocortex.IdentityServer.Integration.Membership.XmlMembershipProvider, Geocortex.IdentityServer.Integration"

         userList="App_Data/GlobalSecurityProvider.xml" />

    

    <add name="ActiveDirectoryMembershipProvider"

         type="System.Web.Security.ActiveDirectoryMembershipProvider"

         connectionStringName="ADConnString"

         connectionUsername="admin"

         connectionPassword="admin"

         attributeMapUsername=""

         enableSearchMethods="true" />

</providers>

</membership>

roleManager.config:

<roleManager enabled="true" defaultProvider="DefaultRoleProvider">

<providers>

    <add name="DefaultRoleProvider"

         type="System.Web.Providers.DefaultRoleProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"

         connectionStringName="ProviderDB"

         applicationName="/" />

    <add name="XmlRoleProvider"

         type="Geocortex.IdentityServer.Integration.Membership.XmlRoleProvider, Geocortex.IdentityServer.Integration"

         userList="App_Data/GlobalSecurityProvider.xml" />

    

    <add name="ActiveDirectoryRoleProvider"

         type="Geocortex.IdentityServer.Integration.Membership.ActiveDirectoryRoleProvider, Geocortex.IdentityServer.Integration"

         activeDirectoryUsersConnectionString="ADConnString"

         activeDirectoryGroupsConnectionString="ADRolesConnString"

         securityGroupsOnly="false"

         groupsToUse="user" />

</providers>

</roleManager>

What am I doing wrong? I can open the website of the newly installed IdentityServer, but I cannot login...
0
João Pinheiro

May 16, 2024 14:27
Hello,
I have Geocortex Essentials deployed in the cloud, and I have configured LDAP for the client's AD connection.
Using the windows ldp command, I can establish the LDAP and LDAPS connection and see the AD.
However, in Geocortex Essentials, on the Identity Server provider, when I click to list the users, I get An operations error occurred. (C:\Program Files (x86)\Latitude Geographics\Geocortex Identity Server\Web\configuration\membership.config line 20)
Can you help me understand what the error is?
I have Portal for ArcGIS installed on the same machine and the connection to LDAP works correctly.
I leave the configurations below.
File ConnectionStrings.config

<connectionStrings>

<add name="IdentityServerConfiguration"
connectionString="Data Source=|DataDirectory|\IdentityServerConfiguration.sdf"
providerName="System.Data.SqlServerCe.4.0" />

<add name="ProviderDB"
connectionString="Data Source=|DataDirectory|\IdentityServerUsers.sdf"
providerName="System.Data.SqlServerCe.4.0" />

<add name="ADConnString"
connectionString="LDAP://servername:636/DC=domain,DC=ad" />

<add name="ADRolesConnString"
connectionString="LDAP://servername:636/DC=domain,DC=ad" />

</connectionStrings>

File membership.config

<membership defaultProvider="ActiveDirectoryMembershipProvider">
<providers>
<add name="DefaultMembershipProvider"
type="System.Web.Providers.DefaultMembershipProvider, System.Web.Providers, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
connectionStringName="ProviderDB"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="false"
requiresUniqueEmail="false"
maxInvalidPasswordAttempts="20"
minRequiredPasswordLength="6"
minRequiredNonalphanumericCharacters="0"
passwordAttemptWindow="5"
applicationName="/" />
<add name="XmlMembershipProvider"
type="Geocortex.IdentityServer.Integration.Membership.XmlMembershipProvider, Geocortex.IdentityServer.Integration"
userList="App_Data/GlobalSecurityProvider.xml" />

<add name="ActiveDirectoryMembershipProvider"
type="System.Web.Security.ActiveDirectoryMembershipProvider"
connectionStringName="ADConnString"
connectionUsername="domain\\username"
connectionPassword="******"
attributeMapUsername="sAMAccountName"
enableSearchMethods="true" />

</providers>
</membership>

File roleManager.config
<roleManager enabled="true" defaultProvider="ActiveDirectoryRoleProvider">
<providers>
<add name="DefaultRoleProvider"
type="System.Web.Providers.DefaultRoleProvider, System.Web.Providers, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
connectionStringName="ProviderDB"
applicationName="/" />
<add name="XmlRoleProvider"
type="Geocortex.IdentityServer.Integration.Membership.XmlRoleProvider, Geocortex.IdentityServer.Integration"
userList="App_Data/GlobalSecurityProvider.xml" />

<add name="ActiveDirectoryRoleProvider"
type="Geocortex.IdentityServer.Integration.Membership.ActiveDirectoryRoleProvider, Geocortex.IdentityServer.Integration"
activeDirectoryUsersConnectionString="ADConnString"
activeDirectoryGroupsConnectionString="ADRolesConnString"
securityGroupsOnly="false"
groupsToUse="*"/>

</providers>
</roleManager>
0

Please sign in to leave a comment.

Howto configure LDAP with Essentials

Comments

Didn't find what you were looking for?