I got it working!
I added org.dspace.eperson.X509Authentication
to my authentication stack and defined keystores via:
## method 1, using keystore
#authentication.x509.keystore.path = ${dspace.dir}/config/keystore
#authentication.x509.keystore.password = dspace
## method 2, using CA certificate
#authentication.x509.ca.cert = ${dspace.dir}/config/HY-CA.pem
Even if the user is authenticated from LDAP it seems that he has to
create a userid in DSpace. Is this really the case? Is there a way to
automatically place LDAP user to a specific group etc?
-Mika
> No idea I'm afraid. With regards to specifying a location - you can write
> your own code that requires a keystore file and in that case you could
> specify the location in the web.xml. However, in this case the code should
> look for it in the default location so I can't explain the error. Are you
> confident that the certificate was imported ok ? You can check with 'keytool
> -v -list -keystore cacerts'.
>
> Cheers, Robin.
>
>
> -----Original Message-----
> From: Mika Stenberg [mailto:[EMAIL PROTECTED]
> Sent: 14 March 2008 08:49
> To: [EMAIL PROTECTED]
> Cc: dspace-tech@lists.sourceforge.net
> Subject: Re: [Dspace-tech] LDAP on dspace
>
> Thanks for the tips, Robin. It doesnt seem to fix this for me. I have
> already imported my certificate with keytool. I also tried creating a new
> cacerts file, which you can do only by specifying a location on the command
> file (if file doesnt exist, new will be created) and specifying this on
> dspace.cfg.
>
> Any other ideas what might be wrong?
>
> -Mika
>
>
>
>
>
>
>
>> Sorry, previous answer was a bit crap. You can find the keystore in
>> $JAVA_HOME/jre/lib/security/cacerts. The default password is 'changeit'.
>> Import your certificate using the 'keytool' command
>> http://java.sun.com/j2se/1.3/docs/tooldocs/win32/keytool.html.
>>
>> If you do find out how to store the keystore in a different location I
>> would be glad to know how !
>>
>> Cheers, Robin.
>>
>>
>> -----Original Message-----
>> From: [EMAIL PROTECTED]
>> [mailto:[EMAIL PROTECTED] On Behalf Of Mika
>> Stenberg
>> Sent: 13 March 2008 14:15
>> To: 'dspace-tech@lists.sourceforge.net'
>> Subject: [Dspace-tech] LDAP on dspace
>>
>> Im trying to use LDAP on DSpace login. I edited dspace.cfg for the
>> required properties and am in fact getting an option to choose LDAP
>> username and password on login. When trying to login, however, I get login
> failed.
>> On Dspace.log I have the following, which suggests that I need to
>> install my intitutions certificate somewhere (using ldaps:// instead
>> of plain ldap). I also tried configuring these in dspace.cfg but still I
> get the same message.
>> So, what Im wondering is where to configure the certificate required
>> to use ldaps?
>>
>> --
>> 2008-03-13 16:07:09,958 WARN org.dspace.app.webui.servlet.LDAPServlet
>> @
>>
> anonymous:session_id=0914729BD4A6F96B069F3F11F283E723:ip_addr=128.214.60.16:
>> ldap_authentication:type=failed_auth
>> javax.naming.CommunicationException: simple bind failed:
>> ldap-internal.it.helsinki.fi:636 [Root exception is
>> javax.net.ssl.SSLHandshakeException:
>> sun.security.validator.ValidatorException: PKIX path building failed:
>> sun.security.provider.certpath.SunCertPathBuilderException: unable to
>> find valid certification path to requested target]
>>
>> --
>>
>> Thanks,
>> Mika
>>
>> ----------------------------------------------------------------------
>> --- This SF.net email is sponsored by: Microsoft Defy all challenges.
>> Microsoft(R) Visual Studio 2008.
>> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
>> _______________________________________________
>> DSpace-tech mailing list
>> DSpace-tech@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/dspace-tech
>>
>>
>>
>
>
>
>
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
