[Dspace-tech] Dspace 1.42 LDAP configuration problems

Mon, 19 Nov 2007 08:49:54 -0800 

Hi, all,

 

We're new to dspace, and we've having some trouble getting LDAP
authentication configured correct with dspace v1.42 running on RHEL5.

 

Here are the relevant parts of the dspace.cfg file

 

webui.ldap.autoregister = true

plugin.sequence.org.dspace.eperson.AuthenticationMethod = \

            org.dspace.eperson.LDAPAuthentication

 

plugin.sequence.org.dspace.eperson.AuthenticationMethod = \

            org.dspace.eperson.LDAPAuthentication

 

ldap.enable = true

ldap.provider_url = ldaps://ldap.tcu.edu:636

ldap.id_field = sAMAccountName

ldap.object_context = ou=tcu test ou,dc=tcu,dc=edu

ldap.object_context = ou=tcu test ou,dc=tcu,dc=edu

ldap.email_field = mail

ldap.surname_field = sn

ldap.givenname_field = givenName

ldap.phone_field = telephoneNumber

 

 

Now when I attempt a logon using LDAP (authenticating against a Win2003
domain), this is what I get in dspace.log:

 

2007-11-16 21:33:07,924 WARN  org.dspace.app.webui.servlet.LDAPServlet @
anonymous:session_id=3507DC8C516B98A5B375786103EFF30E:ip_addr=138.237.37
.156:ldap_authentication:type=failed_auth
javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308:
LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525,
vece]

2007-11-16 21:33:07,924 INFO  org.dspace.app.webui.servlet.LDAPServlet @
anonymous:session_id=3507DC8C516B98A5B375786103EFF30E:ip_addr=138.237.37
.156:failed_login:netid=zlduncan1

 

It's looking to me like it's trying to do an anonymous bind.  In
searching the net and discussion forums, I'm come away with conflicting
understandings of what dspace does in LDAP authentication.  I think I've
read somewhere that it only does initial anonymous binds, but I also got
the sense that it'll bind with the user it's trying to authenticate.
Can you tell me which is true?

We don't allow anonymous binds, so that'd explain the error above, I
think; is there a way to do the other?

 

Thanks a ton!  -Lane

 

Lane Duncan

Texas Christian Unversity

 


-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech

Reply via email to