I got it working! I added org.dspace.eperson.X509Authentication to my authentication stack and defined keystores via:
## method 1, using keystore #authentication.x509.keystore.path = ${dspace.dir}/config/keystore #authentication.x509.keystore.password = dspace ## method 2, using CA certificate #authentication.x509.ca.cert = ${dspace.dir}/config/HY-CA.pem Even if the user is authenticated from LDAP it seems that he has to create a userid in DSpace. Is this really the case? Is there a way to automatically place LDAP user to a specific group etc? -Mika > No idea I'm afraid. With regards to specifying a location - you can write > your own code that requires a keystore file and in that case you could > specify the location in the web.xml. However, in this case the code should > look for it in the default location so I can't explain the error. Are you > confident that the certificate was imported ok ? You can check with 'keytool > -v -list -keystore cacerts'. > > Cheers, Robin. > > > -----Original Message----- > From: Mika Stenberg [mailto:[EMAIL PROTECTED] > Sent: 14 March 2008 08:49 > To: [EMAIL PROTECTED] > Cc: dspace-tech@lists.sourceforge.net > Subject: Re: [Dspace-tech] LDAP on dspace > > Thanks for the tips, Robin. It doesnt seem to fix this for me. I have > already imported my certificate with keytool. I also tried creating a new > cacerts file, which you can do only by specifying a location on the command > file (if file doesnt exist, new will be created) and specifying this on > dspace.cfg. > > Any other ideas what might be wrong? > > -Mika > > > > > > > >> Sorry, previous answer was a bit crap. You can find the keystore in >> $JAVA_HOME/jre/lib/security/cacerts. The default password is 'changeit'. >> Import your certificate using the 'keytool' command >> http://java.sun.com/j2se/1.3/docs/tooldocs/win32/keytool.html. >> >> If you do find out how to store the keystore in a different location I >> would be glad to know how ! >> >> Cheers, Robin. >> >> >> -----Original Message----- >> From: [EMAIL PROTECTED] >> [mailto:[EMAIL PROTECTED] On Behalf Of Mika >> Stenberg >> Sent: 13 March 2008 14:15 >> To: 'dspace-tech@lists.sourceforge.net' >> Subject: [Dspace-tech] LDAP on dspace >> >> Im trying to use LDAP on DSpace login. I edited dspace.cfg for the >> required properties and am in fact getting an option to choose LDAP >> username and password on login. When trying to login, however, I get login > failed. >> On Dspace.log I have the following, which suggests that I need to >> install my intitutions certificate somewhere (using ldaps:// instead >> of plain ldap). I also tried configuring these in dspace.cfg but still I > get the same message. >> So, what Im wondering is where to configure the certificate required >> to use ldaps? >> >> -- >> 2008-03-13 16:07:09,958 WARN org.dspace.app.webui.servlet.LDAPServlet >> @ >> > anonymous:session_id=0914729BD4A6F96B069F3F11F283E723:ip_addr=128.214.60.16: >> ldap_authentication:type=failed_auth >> javax.naming.CommunicationException: simple bind failed: >> ldap-internal.it.helsinki.fi:636 [Root exception is >> javax.net.ssl.SSLHandshakeException: >> sun.security.validator.ValidatorException: PKIX path building failed: >> sun.security.provider.certpath.SunCertPathBuilderException: unable to >> find valid certification path to requested target] >> >> -- >> >> Thanks, >> Mika >> >> ---------------------------------------------------------------------- >> --- This SF.net email is sponsored by: Microsoft Defy all challenges. >> Microsoft(R) Visual Studio 2008. >> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ >> _______________________________________________ >> DSpace-tech mailing list >> DSpace-tech@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/dspace-tech >> >> >> > > > > ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech