Hi
You might find the information in my blog helpful
http://dspacebromley.blogspot.co.uk/2009/04/dspace-installation-procedure-on-centos.html
Bear in mind it refers to an older version of DSpace so some of the LDAP
settings e.g. special groups have changed
Good luck
Clive
> Message: 1
> Date: Sun, 15 Sep 2013 23:14:29 +0200
> From: helix84 <heli...@centrum.sk>
> Subject: Re: [Dspace-tech] LDAP auto-registration -- what am I
> missing?
> To: Andrew Reid <andrew.r...@nist.gov>
> Cc: dspace-tech <dspace-tech@lists.sourceforge.net>
> Message-ID:
> <CAGdvKqjOx8oz95Zdi_duY90W909+kkDKGcVfUj+CnLG=
> 2j_...@mail.gmail.com>
> Content-Type: text/plain; charset=UTF-8
>
> On Fri, Sep 13, 2013 at 9:56 PM, Andrew Reid <andrew.r...@nist.gov> wrote:
> > The fact that the authentication succeeds makes me think I'm
> > not too far off. I don't think I've typo'd any of the field
> > names on either side. Is there some subtlety in the permissions
> > that I'm missing? Does this work for other people?
>
> Hi Andrew,
>
> yes, that sounds like a permissions "problem" on the side of your LDAP
> server. I'd say that once your user successfully authenticates, he's
> not allowed to read his own attributes (name, surname, ...) and thus
> DSpace stores null.
>
> Do try to log in using some LDAP client (e.g. ldapsearch or a GUI
> client like Apache Directory Studio) using the same user's credentials
> and see if you can read the values of his attributes.
>
> > I'm not doing heirarchical authentication, should I be?
>
> If you can verify that the problem is what I say it is, you can fix it
> on the LDAP server side by giving all users permission to read their
> attributes (at least those that DSpace needs).
>
> While you could have one special LDAP account that has read
> permissions to all the other accounts and use it to retrieve the
> attribute values, this is not how the code in DSpace currently works.
> Even if you enable hierarchical auth (which you otherwise don't need -
> because the authentication itself works for you), DSpace will still
> use the actual user's account to retrieve its attributes, not the
> search.user account.
>
>
> Regards,
> ~~helix84
>
> Compulsory reading: DSpace Mailing List Etiquette
> https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
>
>
>
------------------------------------------------------------------------------
LIMITED TIME SALE - Full Year of Microsoft Training For Just $49.99!
1,500+ hours of tutorials including VisualStudio 2012, Windows 8, SharePoint
2013, SQL 2012, MVC 4, more. BEST VALUE: New Multi-Library Power Pack includes
Mobile, Cloud, Java, and UX Design. Lowest price ever! Ends 9/20/13.
http://pubads.g.doubleclick.net/gampad/clk?id=58041151&iu=/4140/ostg.clktrk
_______________________________________________
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
