[dspace-tech] LDAP Authentication + Dspace 7.6 + CentOS

2024-03-07 Thread Emith Suárez Romero 
 

Hello, I can't get authentication to work in Dspace 7.6 using LDAP. I would 
like to comment a little on everything as I have it. All PCs are running 
CentOS7. In one I have LDAP and in another I have Dspace7.6. Add that 
Dspace is http://ip and everything works correctly (Solr, Tomcat, Backend 
and Frontend). I can access it with email normally but not from an LDAP 
user. I would like to share the configurations I have so far and the 
(positive) connectivity tests of the ldap + user with the Dspace PC... 
Thank you and let's see if what I show you can help me with. I have used 
the official documentation all the time.

*authentication.cfg*

# LDAP authentication/authorization. See authentication-ldap.cfg for 
default configuration.

plugin.sequence.org.dspace.authenticate.AuthenticationMethod = 
org.dspace.authenticate.LDAPAuthentication

 

 

*authentication-ldap.cfg*

#---#

#LDAP AUTHENTICATION CONFIGURATIONS-#

#---#

# Configuration properties used by the LDAP Authentication  #

# plugin, when it is enabled.   #

#---#

 

#

# If LDAP is enabled, then new users will be able to register

# by entering their username and  password without being sent the

# registration token. If users do not have a username and password,

# then they  can still register and login with just their email address

# the same way they do now.

#

# For providing any special privileges to LDAP users,

# you will still need to extend the SiteAuthenticator class to

# automatically put people who have a netid into a special

# group.  You might also want to give certain email addresses

# special privileges. Refer to the DSpace documentation for more

# information about how to do this.

#

# It may be necessary to obtain the values of these settings from the

# LDAP server administrators as LDAP configuration will vary from server

# to server.

 

# This setting will enable or disable LDAP authentication in DSpace.

# With the setting off, users will be required to register and login with

# their email address.  With this setting on, users will be able to login

# and register with their LDAP user ids and passwords.

*authentication-ldap.enable = true*

 

 

# LDAP AutoRegister Settings #

 

# This will turn LDAP autoregistration on or off.  With this

# on, a new EPerson object will be created for any user who

# successfully authenticates against the LDAP server when they

# first login.  With this setting off, the user

# must first register to get an EPerson object by

# entering their ldap username and password and filling out

# the forms.

*authentication-ldap.autoregister = true*

 

 

# This is the url to the institution's ldap server. The "o=myu.edu"

# part may or may not be required depending on the LDAP server setup,

# but make sure to include the slash after domain name.

# A server may also require the ldaps:// protocol.

# Note: Prepend commas with a backslash to escape them

*authentication-ldap.provider_url = ldap://ds.intranet.despace.es*

*autenticación-LDAP.starttls = true*

 

# This is the unique identifier field in the LDAP directory

# where the username is stored.

*authentication-ldap.id_field = uid*

 

# This is the object context used when authenticating the

# user.  It is appended to the id_field and username.

# For example uid=username,ou=people,ou=faculties,o=myu.edu.  This must 
match

# the LDAP server configuration.

# Note: Prepend commas with a backslash to escape them

*authentication-ldap.object_context = o= ds.intranet.despace.es*

 

# This is the search context used when looking up a user's

# LDAP object to retrieve their data for autoregistering.

# With autoregister turned on, when a user authenticates

# without an EPerson object, a search on the LDAP directory to

# get their name and email address is initiated so that DSpace

# can create a EPerson object for them.  So after we have authenticated 
against

# uid=username,ou=people,o=byu.edu we now search in ou=people

# for filtering on [uid=username].  Often the

# search_context is the same as the object_context

# parameter.  But again this depends on each individual LDAP server

# configuration.

# Note: Prepend commas with a backslash to escape them

*authentication-ldap.search_context = o= ds.intranet.despace.es*

 

# This is the LDAP object field where the user's email address

# is stored.  "mail" is the default and the most common for

# LDAP servers.  If the mail field is not found the username

# will be used as the email address when creating the eperson

# object.

*authentication-ldap.email_field = mail*

 

# This is the LDAP object field where the user's last name is

# stored.  "sn" is the default and is the most common for LDAP

# servers.  If the

[dspace-tech] LDAP authentication and Dspace 7.6

2023-08-22 Thread 'Poulter, Dale' via DSpace Technical Support 
Good morning,

We are still working to migrate from DSpace 6.x .  We have LDAP working in 
DSpace 6 but it does not work in 7.  We have copied over the credentials,  
enabled it in local.cfg and also in the authentication-ldap.cfg as a test - 
still no luck.  The main issue I am experiencing is that nothing is being 
logged.   Any suggestions on increasing logging?  We are running the FE in dev 
mode (yarn start:dev) .


-Dale

[Vanderbilt]

Dale Poulter
Director, Library Technology and Digital Services
Vanderbilt Libraries | Vanderbilt University
615-343-5388 | dale.poul...@vanderbilt.edu 
| https://www.library.vanderbilt.edu

Pronouns: he/him/his

My working day may not be your working day. Please do not feel obliged to reply 
to this email outside of your normal working hours.


-- 
All messages to this mailing list should adhere to the Code of Conduct: 
https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx
--- 
You received this message because you are subscribed to the Google Groups 
"DSpace Technical Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to dspace-tech+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/dspace-tech/BN0PR08MB747068F4F6C63A6284A5EC25FE1FA%40BN0PR08MB7470.namprd08.prod.outlook.com.

[dspace-tech] ldap Authentication error

2022-03-19 Thread Tesema Getachew 
2022-03-19 16:32:16,829 ERROR unknown unknown 
org.dspace.app.rest.security.StatelessLoginFilter @ Authentication failed 
(status:401)
org.springframework.security.authentication.BadCredentialsException: Login 
failed
at 
org.dspace.app.rest.security.EPersonRestAuthenticationProvider.authenticateNewLogin(EPersonRestAuthenticationProvider.java:129)
 
~[classes/:7.2]
at 
org.dspace.app.rest.security.EPersonRestAuthenticationProvider.authenticate(EPersonRestAuthenticationProvider.java:76)
 
~[classes/:7.2]
at 
org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:175)
 
~[spring-security-core-5.2.2.RELEASE.jar:5.2.2.RELEASE]
at 
org.dspace.app.rest.security.StatelessLoginFilter.attemptAuthentication(StatelessLoginFilter.java:74)
 
[classes/:7.2]
at 
org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212)
 
[spring-security-web-5.2.2.RELEASE.jar:5.2.2.RELEASE]
at 
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
 
[spring-security-web-5.2.2.RELEASE.jar:5.2.2.RELEASE]
at 
org.dspace.app.rest.security.StatelessAuthenticationFilter.doFilterInternal(StatelessAuthenticationFilter.java:102)
 
[classes/:7.2]
at 
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
 
[spring-web-5.2.5.RELEASE.jar:5.2.5.RELEASE]
at 
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
 
[spring-security-web-5.2.2.RELEASE.jar:5.2.2.RELEASE]
at 
org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:141)
 
[spring-security-web-5.2.2.RELEASE.jar:5.2.2.RELEASE]
at 
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
 
[spring-web-5.2.5.RELEASE.jar:5.2.5.RELEASE]
at 
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
 
[spring-security-web-5.2.2.RELEASE.jar:5.2.2.RELEASE]
at 
org.springframework.web.filter.CorsFilter.doFilterInternal(CorsFilter.java:92) 
[spring-web-5.2.5.RELEASE.jar:5.2.5.RELEASE]
at 
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
 
[spring-web-5.2.5.RELEASE.jar:5.2.5.RELEASE]
at 
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
 
[spring-security-web-5.2.2.RELEASE.jar:5.2.2.RELEASE]
at 
org.springframework.security.web.header.HeaderWriterFilter.doHeadersAfter(HeaderWriterFilter.java:92)
 
[spring-security-web-5.2.2.RELEASE.jar:5.2.2.RELEASE]
at 
org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:77)
 
[spring-security-web-5.2.2.RELEASE.jar:5.2.2.RELEASE]
at 
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
 
[spring-web-5.2.5.RELEASE.jar:5.2.5.RELEASE]
at 
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
 
[spring-security-web-5.2.2.RELEASE.jar:5.2.2.RELEASE]
at 
org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
 
[spring-security-web-5.2.2.RELEASE.jar:5.2.2.RELEASE]
at 
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
 
[spring-security-web-5.2.2.RELEASE.jar:5.2.2.RELEASE]
at 
org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)
 
[spring-security-web-5.2.2.RELEASE.jar:5.2.2.RELEASE]
at 
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
 
[spring-web-5.2.5.RELEASE.jar:5.2.5.RELEASE]
at 
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
 
[spring-security-web-5.2.2.RELEASE.jar:5.2.2.RELEASE]
at 
org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215)
 
[spring-security-web-5.2.2.RELEASE.jar:5.2.2.RELEASE]
at 
org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178)
 
[spring-security-web-5.2.2.RELEASE.jar:5.2.2.RELEASE]
at 
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:358)
 
[spring-web-5.2.5.RELEASE.jar:5.2.5.RELEASE]
at 
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:271)
 
[spring-web-5.2.5.RELEASE.jar:5.2.5.RELEASE]
at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
 
[tomcat9-catalina-9.0.31.jar:9.0.31]
at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
 
[tomcat9-catalina-9.0.31.jar:9.0.31]
at

[dspace-tech] LDAP authentication error here

2022-03-14 Thread Tesema Getachew 
org.springframework.security.authentication.BadCredentialsException: Login 
failed
at 
org.dspace.app.rest.security.EPersonRestAuthenticationProvider.authenticateNewLogin(EPersonRestAuthenticationProvider.java:129)
 
~[classes/:7.2]
at 
org.dspace.app.rest.security.EPersonRestAuthenticationProvider.authenticate(EPersonRestAuthenticationProvider.java:76)
 
~[classes/:7.2]
at 
org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:175)
 
~[spring-security-core-5.2.2.RELEASE.jar:5.2.2.RELEASE]
at 
org.dspace.app.rest.security.StatelessLoginFilter.attemptAuthentication(StatelessLoginFilter.java:74)
 
[classes/:7.2]
at 
org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212)
 
[spring-security-web-5.2.2.RELEASE.jar:5.2.2.RELEASE]
at 
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
 
[spring-security-web-5.2.2.RELEASE.jar:5.2.2.RELEASE]
at 
org.dspace.app.rest.security.StatelessAuthenticationFilter.doFilterInternal(StatelessAuthenticationFilter.java:102)
 
[classes/:7.2]
at 
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
 
[spring-web-5.2.5.RELEASE.jar:5.2.5.RELEASE]
at 
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
 
[spring-security-web-5.2.2.RELEASE.jar:5.2.2.RELEASE]
at 
org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:141)
 
[spring-security-web-5.2.2.RELEASE.jar:5.2.2.RELEASE]
at 
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
 
[spring-web-5.2.5.RELEASE.jar:5.2.5.RELEASE]
at 
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
 
[spring-security-web-5.2.2.RELEASE.jar:5.2.2.RELEASE]
at 
org.springframework.web.filter.CorsFilter.doFilterInternal(CorsFilter.java:92) 
[spring-web-5.2.5.RELEASE.jar:5.2.5.RELEASE]
at 
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
 
[spring-web-5.2.5.RELEASE.jar:5.2.5.RELEASE]
at 
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
 
[spring-security-web-5.2.2.RELEASE.jar:5.2.2.RELEASE]
at 
org.springframework.security.web.header.HeaderWriterFilter.doHeadersAfter(HeaderWriterFilter.java:92)
 
[spring-security-web-5.2.2.RELEASE.jar:5.2.2.RELEASE]
at 
org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:77)
 
[spring-security-web-5.2.2.RELEASE.jar:5.2.2.RELEASE]
at 
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
 
[spring-web-5.2.5.RELEASE.jar:5.2.5.RELEASE]
at 
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
 
[spring-security-web-5.2.2.RELEASE.jar:5.2.2.RELEASE]
at 
org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
 
[spring-security-web-5.2.2.RELEASE.jar:5.2.2.RELEASE]
at 
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
 
[spring-security-web-5.2.2.RELEASE.jar:5.2.2.RELEASE]
at 
org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)
 
[spring-security-web-5.2.2.RELEASE.jar:5.2.2.RELEASE]
at 
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
 
[spring-web-5.2.5.RELEASE.jar:5.2.5.RELEASE]
at 
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
 
[spring-security-web-5.2.2.RELEASE.jar:5.2.2.RELEASE]
at 
org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215)
 
[spring-security-web-5.2.2.RELEASE.jar:5.2.2.RELEASE]
at 
org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178)
 
[spring-security-web-5.2.2.RELEASE.jar:5.2.2.RELEASE]
at 
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:358)
 
[spring-web-5.2.5.RELEASE.jar:5.2.5.RELEASE]
at 
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:271)
 
[spring-web-5.2.5.RELEASE.jar:5.2.5.RELEASE]
at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
 
[tomcat9-catalina-9.0.31.jar:9.0.31]
at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
 
[tomcat9-catalina-9.0.31.jar:9.0.31]
at

Re: [dspace-tech] LDAP Authentication

2016-11-23 Thread helix84 
Sure. Here's the Apache configuration I'm using:


RewriteEngine on
#RewriteRule ^.*$ https://%{SERVER_NAME}/ldap-login [L,R]
RewriteRule ^.*$ http://%{SERVER_NAME}/ldap-login [L,R]



Regards,
~~helix84

Compulsory reading: DSpace Mailing List Etiquette
https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette


On Wed, Nov 23, 2016 at 5:04 PM, Donald Bynum  wrote:
> Ah, so it does.  Thanks.  I may end up changing the rendered page then to
> only display a single link, rather than multiple.
>
> Regards,
>
> Don.
>
> On Tuesday, November 22, 2016 at 3:38:53 PM UTC-5, helix84 wrote:
>>
>> On Tue, Nov 22, 2016 at 9:14 PM, Donald Bynum  wrote:
>> > Thanks for that.  There is a slight inconsistency in the docs (after
>> > your
>> > hint I went back and looked again).  The docs suggest that when theer
>> > are
>> > multiple auth mrthods configured that DSpace will try each method until
>> > success.  What I am seeing is, in fact, a list of links (one for each
>> > auth
>> > method) at the login screen.
>>
>> The documentation is correct, the methods are indeed stackable,
>> despite two forms being offered. Try opening up the ldap form and
>> using your DSpace login/password or vice versa.
>>
>>
>> Regards,
>> ~~helix84
>>
>> Compulsory reading: DSpace Mailing List Etiquette
>> https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

-- 
You received this message because you are subscribed to the Google Groups 
"DSpace Technical Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to dspace-tech+unsubscr...@googlegroups.com.
To post to this group, send email to dspace-tech@googlegroups.com.
Visit this group at https://groups.google.com/group/dspace-tech.
For more options, visit https://groups.google.com/d/optout.

Re: [dspace-tech] LDAP Authentication

2016-11-23 Thread Donald Bynum 
Ah, so it does.  Thanks.  I may end up changing the rendered page then to 
only display a single link, rather than multiple.

Regards,

Don.

On Tuesday, November 22, 2016 at 3:38:53 PM UTC-5, helix84 wrote:

> On Tue, Nov 22, 2016 at 9:14 PM, Donald Bynum  > wrote: 
> > Thanks for that.  There is a slight inconsistency in the docs (after 
> your 
> > hint I went back and looked again).  The docs suggest that when theer 
> are 
> > multiple auth mrthods configured that DSpace will try each method until 
> > success.  What I am seeing is, in fact, a list of links (one for each 
> auth 
> > method) at the login screen. 
>
> The documentation is correct, the methods are indeed stackable, 
> despite two forms being offered. Try opening up the ldap form and 
> using your DSpace login/password or vice versa. 
>
>
> Regards, 
> ~~helix84 
>
> Compulsory reading: DSpace Mailing List Etiquette 
> https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette 
>

-- 
You received this message because you are subscribed to the Google Groups 
"DSpace Technical Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to dspace-tech+unsubscr...@googlegroups.com.
To post to this group, send email to dspace-tech@googlegroups.com.
Visit this group at https://groups.google.com/group/dspace-tech.
For more options, visit https://groups.google.com/d/optout.

Re: [dspace-tech] LDAP Authentication

2016-11-22 Thread Donald Bynum 
Jeffrey,

Thanks for that.  There is a slight inconsistency in the docs (after your 
hint I went back and looked again).  The docs suggest that when theer are 
multiple auth mrthods configured that DSpace will try each method until 
success.  What I am seeing is, in fact, a list of links (one for each auth 
method) at the login screen.  I would have preferred it the way the docs 
suggested.  But, in any case, you pointed me in th eright direction to get 
back to where I needed to be.

Regards,

Don.

On Tuesday, November 22, 2016 at 2:39:07 PM UTC-5, Jeffrey Sheldon wrote:

> Don, 
>
> I would recommend enabling both LDAP and Password authentication, at least 
> long enough to log in under the older administrator account and promote any 
> accounts created through LDAP logins (or create a temporary one to feel 
> things out). 
>
> You can configure for both like so in config/modules/authentication.cfg 
>
> plugin.sequence.org.dspace.authenticate.AuthenticationMethod = \ 
> org.dspace.authenticate.LDAPAuthentication, \ 
> org.dspace.authenticate.PasswordAuthentication 
>
>
> I had thought that the LDAP bind simply replaced auth on an existing 
> account, though I can see situations where configuration might cause 
> conflicts. 
>
> If this response misses your point, please let me know. 
>
>
> -Jeff 
>
>  
> From: dspac...@googlegroups.com  <dspac...@googlegroups.com 
> > on behalf of Donald Bynum <byn...@gmail.com > 
> Sent: Tuesday, November 22, 2016 1:25 PM 
> To: DSpace Technical Support 
> Subject: [dspace-tech] LDAP Authentication 
>
> I have DSpace 5.5 with XMLUI and Mirage.  I initially set up DSpace with 
> Password Authentication.  I now want to switch to LDAP Authentication.  I 
> have configured the authentication config file and the ldap config file. 
>  All appears good except that I now see to have zapped my own administrator 
> account.  How can I get my DSpace account back to being an administrator 
> account?  I can revert my DSpace back to Pasword Auth and my old Admin 
> account works as an admin again.  What I need is my LDAP account to also be 
> an admin account, so that I can revert back to LDAP auth and still have 
> admin rights. 
>
> Regards, 
>
> Don. 
>
> -- 
> You received this message because you are subscribed to the Google Groups 
> "DSpace Technical Support" group. 
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to dspace-tech...@googlegroups.com  dspace-tech+unsubscr...@googlegroups.com >. 
> To post to this group, send email to dspac...@googlegroups.com 
> <mailto:dspac...@googlegroups.com >. 
> Visit this group at https://groups.google.com/group/dspace-tech. 
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"DSpace Technical Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to dspace-tech+unsubscr...@googlegroups.com.
To post to this group, send email to dspace-tech@googlegroups.com.
Visit this group at https://groups.google.com/group/dspace-tech.
For more options, visit https://groups.google.com/d/optout.

Re: [dspace-tech] LDAP Authentication

2016-11-22 Thread Terry Brady 
You should be able to provide multiple authentication methods (if
appropriate).  When a user clicks login, they will be prompted for the
authentication method.

You should be able use the create-administrator command from the command
line to make your account an administrator account.

Look at the email address that was created for your LDAP account and make
it into an administrator.

Terry

On Tue, Nov 22, 2016 at 11:25 AM, Donald Bynum  wrote:

> I have DSpace 5.5 with XMLUI and Mirage.  I initially set up DSpace with
> Password Authentication.  I now want to switch to LDAP Authentication.  I
> have configured the authentication config file and the ldap config file.
> All appears good except that I now see to have zapped my own administrator
> account.  How can I get my DSpace account back to being an administrator
> account?  I can revert my DSpace back to Pasword Auth and my old Admin
> account works as an admin again.  What I need is my LDAP account to also be
> an admin account, so that I can revert back to LDAP auth and still have
> admin rights.
>
> Regards,
>
> Don.
>
> --
> You received this message because you are subscribed to the Google Groups
> "DSpace Technical Support" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to dspace-tech+unsubscr...@googlegroups.com.
> To post to this group, send email to dspace-tech@googlegroups.com.
> Visit this group at https://groups.google.com/group/dspace-tech.
> For more options, visit https://groups.google.com/d/optout.
>



-- 
Terry Brady
Applications Programmer Analyst
Georgetown University Library Information Technology
http://georgetown-university-libraries.github.io/

425-298-5498 (Seattle, WA)

-- 
You received this message because you are subscribed to the Google Groups 
"DSpace Technical Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to dspace-tech+unsubscr...@googlegroups.com.
To post to this group, send email to dspace-tech@googlegroups.com.
Visit this group at https://groups.google.com/group/dspace-tech.
For more options, visit https://groups.google.com/d/optout.

Re: [dspace-tech] LDAP Authentication

2016-11-22 Thread Jeffrey Sheldon 
Don,

I would recommend enabling both LDAP and Password authentication, at least long 
enough to log in under the older administrator account and promote any accounts 
created through LDAP logins (or create a temporary one to feel things out).

You can configure for both like so in config/modules/authentication.cfg

plugin.sequence.org.dspace.authenticate.AuthenticationMethod = \
org.dspace.authenticate.LDAPAuthentication, \
org.dspace.authenticate.PasswordAuthentication


I had thought that the LDAP bind simply replaced auth on an existing account, 
though I can see situations where configuration might cause conflicts.

If this response misses your point, please let me know.


-Jeff


From: dspace-tech@googlegroups.com <dspace-tech@googlegroups.com> on behalf of 
Donald Bynum <byn...@gmail.com>
Sent: Tuesday, November 22, 2016 1:25 PM
To: DSpace Technical Support
Subject: [dspace-tech] LDAP Authentication

I have DSpace 5.5 with XMLUI and Mirage.  I initially set up DSpace with 
Password Authentication.  I now want to switch to LDAP Authentication.  I have 
configured the authentication config file and the ldap config file.  All 
appears good except that I now see to have zapped my own administrator account. 
 How can I get my DSpace account back to being an administrator account?  I can 
revert my DSpace back to Pasword Auth and my old Admin account works as an 
admin again.  What I need is my LDAP account to also be an admin account, so 
that I can revert back to LDAP auth and still have admin rights.

Regards,

Don.

--
You received this message because you are subscribed to the Google Groups 
"DSpace Technical Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to 
dspace-tech+unsubscr...@googlegroups.com<mailto:dspace-tech+unsubscr...@googlegroups.com>.
To post to this group, send email to 
dspace-tech@googlegroups.com<mailto:dspace-tech@googlegroups.com>.
Visit this group at https://groups.google.com/group/dspace-tech.
For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"DSpace Technical Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to dspace-tech+unsubscr...@googlegroups.com.
To post to this group, send email to dspace-tech@googlegroups.com.
Visit this group at https://groups.google.com/group/dspace-tech.
For more options, visit https://groups.google.com/d/optout.

[dspace-tech] LDAP Authentication

2016-11-22 Thread Donald Bynum 
I have DSpace 5.5 with XMLUI and Mirage.  I initially set up DSpace with 
Password Authentication.  I now want to switch to LDAP Authentication.  I 
have configured the authentication config file and the ldap config file.  
All appears good except that I now see to have zapped my own administrator 
account.  How can I get my DSpace account back to being an administrator 
account?  I can revert my DSpace back to Pasword Auth and my old Admin 
account works as an admin again.  What I need is my LDAP account to also be 
an admin account, so that I can revert back to LDAP auth and still have 
admin rights.

Regards,

Don.

-- 
You received this message because you are subscribed to the Google Groups 
"DSpace Technical Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to dspace-tech+unsubscr...@googlegroups.com.
To post to this group, send email to dspace-tech@googlegroups.com.
Visit this group at https://groups.google.com/group/dspace-tech.
For more options, visit https://groups.google.com/d/optout.