Grouper has built-in LDAP authentication for web service. This feature is in 2.1.4+. Pass the user/pass in basic auth (over SSL), and Grouper can bind to an ldap server. The username will be the subject id or identifier (or it can be manipulated).
Manage users in your LDAP
Note the file locations in the container are listed in the v2.5 container documentation
File | Value | Description | |
---|---|---|---|
grouper.hibernate.properties | grouper.is.ws.basicAuthn=false | This is the default provided with container, do not overlay | |
web.xml | Should be an empty element | This is the default provided with container, do not overlay | |
server.xml | ajp 8009 connector element: tomcatAuthentication="false" | This is the default provided with container, do not overlay Tomcat is not doing authn so that attribute needs to be false | |
grouper-ws.properties |
| Overlay the grouper-ws.properties or configure in | |
grouper-www.conf | Do not have any authn directives here | This is the default provided with container, do not overlay |
Note, if you want to debug this, put this in the log4j.properties:
log4j.logger.edu.internet2.middleware.grouper.ws.security.WsGrouperLdapAuthentication = DEBUG |