Aha! I now realize what it is. The ldap.search_scope value is commented out by default in the config file. I mistakenly believed that this implied a default value of 2. If you leave the value commented out and enable Hierarchical LDAP authentication, you generate a NullPointerException.
All appears to be well. Thanks everyone. Jason On 6/25/10 4:24 PM, Stuart Lewis wrote: > Hi Jason, > > DSpace ships with two LDAP options - LDAPAuthentication and > LDAPHeirarchicalAuthentication. > > If all your users are in one branch of an ldap tree (e.g. they all exist in > ou=users,dc=unb,dc=ca) then you can use the former. This does not perform an > initial bind, it just binds to the user's DN using their credentials. If the > bind is successful then it allows the user to log in to DSpace. > > If your users are scattered across many different branches, then you'll need > to use the LDAPHeirarchicalAuthentication option. This has extra settings in > dspace.cfg to set the DN and password of a user who has search rights across > the LDAP directory. DSpace will bind as that user and then perform a search > to find the DN of the user who is trying to log in. Once it finds that, it > then binds a second time to that DN, using the user's password. > > Hopefully the comments in dspace.cfg will guide you through the different > settings. This blog post has some examples settings in that might help > demonstrate what you need to put in where: > > - > http://blog.stuartlewis.com/2008/08/18/test-ldap-service-upgraded-now-with-branches/ > > Thanks, > > > Stuart Lewis > IT Innovations Analyst and Developer > Te Tumu Herenga The University of Auckland Library > Auckland Mail Centre, Private Bag 92019, Auckland 1142, New Zealand > Ph: +64 (0)9 373 7599 x81928 > > > On 26/06/2010, at 2:51 AM, Jason Nugent wrote: > >> Hi folks, >> >> Just to confirm, does DSpace perform a two step check and then bind for >> authentication? I ask, because I've been talking to the fellow who has >> access to our LDAP server logs and he has informed me that it appears as >> though DSpace is attempting to bind with uid=jnugent,dc=unb,dc=ca, which >> is obviously incorrect. What it *should* be doing is an initial search >> with (uid=jnugent) as a filter, using the >> ldap.search_user/search_password, and then retrieving the DN for my >> record and binding with that, and the supplied password. In my case, my >> full DN is unbCaId=XXXXXXX,ou=people,dc=unb,dc=ca where XXXXXX is a >> unique string. Our users would never know what that string was. >> >> It sounds as though the setting for ldap.object_context is involved in >> this, since it is appended to the ldap.id_field and username, but in my >> case, I'd want it appended to unbCaID=XXXXXX, not my uid=jnugent string. >> >> Regards, >> >> Jason >> -- >> Jason Nugent >> Systems Programmer/Database Developer >> Electronic Text Centre >> University of New Brunswick >> [email protected] >> (506) 447 3177 >> >> ------------------------------------------------------------------------------ >> ThinkGeek and WIRED's GeekDad team up for the Ultimate >> GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the >> lucky parental unit. See the prize list and enter to win: >> http://p.sf.net/sfu/thinkgeek-promo >> _______________________________________________ >> DSpace-tech mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/dspace-tech > > > > -- Jason Nugent Systems Programmer/Database Developer Electronic Text Centre University of New Brunswick [email protected] (506) 447 3177 ------------------------------------------------------------------------------ ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo _______________________________________________ DSpace-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dspace-tech
