Bypassing LDAP

Owned by David Chudnow (Deactivated)
Last updated: Jun 20, 2014
2 min read

Issue

The current (rSmart hosted) disaster recovery cloud environment does not have an LDAP implementation and imports certain personal information from a UConn provided LDAP extraction.  It is necessary for Rice/KFS to be environmentally aware enough to bypass any specific LDAP queries in the disaster recovery cloud. 

Solution

Not implemented in version 1.19.0 targeted for future build before next DR test (Jira KRICE-174)

 

The relatively simple solution

  1. add a parameter to the rice-config.xml and kfs/security.properties file indicating if the application is running in a disaster recovery environment
rice-config.xml
    <!-- Set to true if this is a disaster recovery cloud environment     -->
    <param name="dr.cloud.environment">false</param>
kfs/security.properties
# Set to true if this is a disaster recovery cloud environment 
dr.cloud.environment=false

2. Include a check in the edu.uconn.kuali.rice.kns.web.struts.action.UConnKualiPortalAction class

.
.
.
boolean drEnv = KNSServiceLocator.getKualiConfigurationService().getPropertyAsBoolean(UConnRiceConstants.DR_CLOUD_ENV);
.
.
        if (!drEnv) {
            if (this.isAuthroized(netId)) {
                if ((env != null) && (prd != null) && ((appCode != null))) {
                    if (!env.equalsIgnoreCase(prd)) {
                        backdoorRestriction = isBackdoorRestricted(userId, principalId, appCode);
                    }
                }
            } else {
                forward = "notAuthorized";
            }
        }

If the parameter is not included in the configuration files the KNSServiceLocator.getKualiConfigurationService().getPropertyAsBoolean returns false so it is necessary to include the correctly valued parameter in the files we send to the disaster recovery provider.  

 

 

 

 

 

Â