[Dspace-tech] LDAP registration
We have two different versions of DSpace running (1.6 -yeah it's old) and 4.0 When logging on via LDAP authentication, the authoregister captures the email correctly on the 1.6 version of dspace (jasm...@ysu.edu) and on the 4.0 version it is captureing it as jasmith. Both have the exact same stanzas in the config files for the LDAP server calls and all other considerations. Anyone have a clue as to what may or may be wrong? Thanks, Jeff Jeffrey Trimble, MLS Co-Interim Library Director Associate Director Head of Information Services William F. Maag Library Youngstown State University 330.941.2483 (Office) jatrim...@ysu.edu http://www.maag.ysu.edu http://digital.maag.ysu.edu Pro captu lectoris habent sua fata libelli. -- ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] LDAP registration
Hi Jeff, This sounds like this bug which exists in DSpace 3.x and 4.x, but was fixed in DSpace 5.0 https://jira.duraspace.org/browse/DS-1781 There is a workaround listed in the comments of that ticket though where you configure the netid_email_domain setting to append the correct email ending. - Tim On 8/20/2015 11:46 AM, Jeffrey A Trimble wrote: We have two different versions of DSpace running (1.6 —yeah it’s old) and 4.0 When logging on via LDAP authentication, the authoregister captures the email correctly on the 1.6 version of dspace (jasm...@ysu.edu) and on the 4.0 version it is captureing it as “jasmith”. Both have the exact same stanzas in the config files for the LDAP server calls and all other considerations. Anyone have a clue as to what may or may be wrong? Thanks, Jeff Jeffrey Trimble, MLS Co-Interim Library Director Associate Director Head of Information Services William F. Maag Library Youngstown State University 330.941.2483 (Office) jatrim...@ysu.edu http://www.maag.ysu.edu http://digital.maag.ysu.edu “/Pro captu lectoris habent sua fata libelli/. -- ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- Tim Donohue Technical Lead for DSpace DSpaceDirect DuraSpace.org | DSpace.org | DSpaceDirect.org -- ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
[Dspace-tech] ldap login
Hi , Please can someone help, I use Ldap for login on my institutional repository. I keep getting the error went anyone login to the site. The Error message is * The user name and/or password supplied were not valid. The error the dspace log message is as follows: 2015-06-26 12:09:20,632 INFO org.dspace.authenticate.LDAPAuthentication @ anonymous:session_id=5928CF1B2B5BC0E8D0BEB56D5C152E3F:ip_addr=0:0:0:0:0:0:0:1:auth:attempting trivial auth of user=bisaidy 2015-06-26 12:09:21,942 WARN org.dspace.authenticate.LDAPAuthentication @ anonymous:session_id=5928CF1B2B5BC0E8D0BEB56D5C152E3F:ip_addr=0:0:0:0:0:0:0:1:ldap_authentication:type=failed_auth javax.naming.AuthenticationException\colon; [LDAP\colon; error code 49 - 80090308\colon; LdapErr\colon; DSID-0C0903C8, comment\colon; AcceptSecurityContext error, data 52e, v2580 ] 2015-06-26 12:09:21,942 INFO org.dspace.authenticate.LDAPAuthentication @ anonymous:session_id=5928CF1B2B5BC0E8D0BEB56D5C152E3F:ip_addr=0:0:0:0:0:0:0:1:failed_login:no DN found for user bisaidy 2015-06-26 12:09:21,942 INFO org.dspace.app.xmlui.utils.AuthenticationUtil @ anonymous:session_id=5928CF1B2B5BC0E8D0BEB56D5C152E3F:ip_addr=0:0:0:0:0:0:0:1:failed_login:email=bisaidy, realm=null, result=2 Regards Binta DISCLAIMER: This message is private and confidential. If you have received this message in error please notify us and remove it from your system. Any views and opinions expressed in this message are those of the individual sender and do not necessarily represent the views and opinions of Medical Research Council Unit, The Gambia ___ This communication is confidential and may contain privileged information intended solely for the named recipient(s). It may not be used or disclosed except for the purpose for which it has been sent. If you are not the intended recipient, you must not copy, distribute, take any action or reliance on it. If you have received this communication in error, do not open any attachments but please notify the Help Desk by e-mailing h...@mrc.gm quoting the sender details, and then delete this message along with any attached files. E-mail messages are not secure and attachments could contain software viruses which may damage your computer system. Whilst every reasonable precaution has been taken to minimise this risk, The MRC Unit The Gambia cannot accept any liability for any damage sustained as a result of these factors. You are advised to carry out your own virus checks before opening any attachments. Unless expressly stated, opinions in this message are those of the e-mail author and not of the Medical Research Council Unit The Gambia. -- Monitor 25 network devices or servers for free with OpManager! OpManager is web-based network management software that monitors network devices and physical virtual servers, alerts via email sms for fault. Monitor 25 devices for free with no restriction. Download now http://ad.doubleclick.net/ddm/clk/292181274;119417398;o___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] ldap login
Can you bind to or search to the ldap server with your username from an ldap client other than the one in DSpace? Alastair From: Saidy Binta [mailto:bisa...@mrc.gm] Sent: 26 June 2015 13:16 To: dspace-tech@lists.sourceforge.net Subject: [Dspace-tech] ldap login Hi , Please can someone help, I use Ldap for login on my institutional repository. I keep getting the error went anyone login to the site. The Error message is * The user name and/or password supplied were not valid. The error the dspace log message is as follows: 2015-06-26 12:09:20,632 INFO org.dspace.authenticate.LDAPAuthentication @ anonymous:session_id=5928CF1B2B5BC0E8D0BEB56D5C152E3F:ip_addr=0:0:0:0:0:0:0:1:auth:attempting trivial auth of user=bisaidy 2015-06-26 12:09:21,942 WARN org.dspace.authenticate.LDAPAuthentication @ anonymous:session_id=5928CF1B2B5BC0E8D0BEB56D5C152E3F:ip_addr=0:0:0:0:0:0:0:1:ldap_authentication:type=failed_auth javax.naming.AuthenticationException\colon; [LDAP\colon; error code 49 - 80090308\colon; LdapErr\colon; DSID-0C0903C8, comment\colon; AcceptSecurityContext error, data 52e, v2580 ] 2015-06-26 12:09:21,942 INFO org.dspace.authenticate.LDAPAuthentication @ anonymous:session_id=5928CF1B2B5BC0E8D0BEB56D5C152E3F:ip_addr=0:0:0:0:0:0:0:1:failed_login:no DN found for user bisaidy 2015-06-26 12:09:21,942 INFO org.dspace.app.xmlui.utils.AuthenticationUtil @ anonymous:session_id=5928CF1B2B5BC0E8D0BEB56D5C152E3F:ip_addr=0:0:0:0:0:0:0:1:failed_login:email=bisaidy, realm=null, result=2 Regards Binta DISCLAIMER: This message is private and confidential. If you have received this message in error please notify us and remove it from your system. Any views and opinions expressed in this message are those of the individual sender and do not necessarily represent the views and opinions of Medical Research Council Unit, The Gambia ___ This communication is confidential and may contain privileged information intended solely for the named recipient(s). It may not be used or disclosed except for the purpose for which it has been sent. If you are not the intended recipient, you must not copy, distribute, take any action or reliance on it. If you have received this communication in error, do not open any attachments but please notify the Help Desk by e-mailing h...@mrc.gmmailto:h...@mrc.gm quoting the sender details, and then delete this message along with any attached files. E-mail messages are not secure and attachments could contain software viruses which may damage your computer system. Whilst every reasonable precaution has been taken to minimise this risk, The MRC Unit The Gambia cannot accept any liability for any damage sustained as a result of these factors. You are advised to carry out your own virus checks before opening any attachments. Unless expressly stated, opinions in this message are those of the e-mail author and not of the Medical Research Council Unit The Gambia. -- Monitor 25 network devices or servers for free with OpManager! OpManager is web-based network management software that monitors network devices and physical virtual servers, alerts via email sms for fault. Monitor 25 devices for free with no restriction. Download now http://ad.doubleclick.net/ddm/clk/292181274;119417398;o___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] ldap login
Hi Saidy, The error is the result of a bad Base DN' call by DSpace. See: http://stackoverflow.com/questions/16999627/ldap-server-which-is-my-base-dn This can be deduced from the following error in the log file: *3F:ip_addr=0:0:0:0:0:0:0:1:failed_login:no DN found for user bisaidy* Our configuration does a basic LDAP connection test, see: http://wiki.lib.sun.ac.za/index.php/SUNScholar/Researcher_Authorisation In DSpace terminology , in the LDAP configuration section, the object_context = ou=USERS,o=SU: and search_context = ou=USERS,o=SU are probably the closest to the definition of the Base DN as per LDAP. Check those settings, I suggest. Cheers hg *Hilton Gibson* Ubuntu Linux Systems Administrator Stellenbosch University Library http://staff.lib.sun.ac.za/~hgibson/docs/cv/cv.html On 26 June 2015 at 14:15, Saidy Binta bisa...@mrc.gm wrote: Hi , Please can someone help, I use Ldap for login on my institutional repository. I keep getting the error went anyone login to the site. The Error message is * The user name and/or password supplied were not valid. The error the dspace log message is as follows: 2015-06-26 12:09:20,632 INFO org.dspace.authenticate.LDAPAuthentication @ anonymous:session_id=5928CF1B2B5BC0E8D0BEB56D5C152E3F:ip_addr=0:0:0:0:0:0:0:1:auth:attempting trivial auth of user=bisaidy 2015-06-26 12:09:21,942 WARN org.dspace.authenticate.LDAPAuthentication @ anonymous:session_id=5928CF1B2B5BC0E8D0BEB56D5C152E3F:ip_addr=0:0:0:0:0:0:0:1:ldap_authentication:type=failed_auth javax.naming.AuthenticationException\colon; [LDAP\colon; error code 49 - 80090308\colon; LdapErr\colon; DSID-0C0903C8, comment\colon; AcceptSecurityContext error, data 52e, v2580 ] 2015-06-26 12:09:21,942 INFO org.dspace.authenticate.LDAPAuthentication @ anonymous:session_id=5928CF1B2B5BC0E8D0BEB56D5C152E3F:ip_addr=0:0:0:0:0:0:0:1:failed_login:no DN found for user bisaidy 2015-06-26 12:09:21,942 INFO org.dspace.app.xmlui.utils.AuthenticationUtil @ anonymous:session_id=5928CF1B2B5BC0E8D0BEB56D5C152E3F:ip_addr=0:0:0:0:0:0:0:1:failed_login:email=bisaidy, realm=null, result=2 Regards Binta -- DISCLAIMER: This message is private and confidential. If you have received this message in error please notify us and remove it from your system. Any views and opinions expressed in this message are those of the individual sender and do not necessarily represent the views and opinions of Medical Research Council Unit, The Gambia ___ This communication is confidential and may contain privileged information intended solely for the named recipient(s). It may not be used or disclosed except for the purpose for which it has been sent. If you are not the intended recipient, you must not copy, distribute, take any action or reliance on it. If you have received this communication in error, do not open any attachments but please notify the Help Desk by e-mailing h...@mrc.gm quoting the sender details, and then delete this message along with any attached files. E-mail messages are not secure and attachments could contain software viruses which may damage your computer system. Whilst every reasonable precaution has been taken to minimise this risk, The MRC Unit The Gambia cannot accept any liability for any damage sustained as a result of these factors. You are advised to carry out your own virus checks before opening any attachments. Unless expressly stated, opinions in this message are those of the e-mail author and not of the Medical Research Council Unit The Gambia. -- Monitor 25 network devices or servers for free with OpManager! OpManager is web-based network management software that monitors network devices and physical virtual servers, alerts via email sms for fault. Monitor 25 devices for free with no restriction. Download now http://ad.doubleclick.net/ddm/clk/292181274;119417398;o ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- Monitor 25 network devices or servers for free with OpManager! OpManager is web-based network management software that monitors network devices and physical virtual servers, alerts via email sms for fault. Monitor 25 devices for free with no restriction. Download now http://ad.doubleclick.net/ddm/clk/292181274;119417398;o___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette:
Re: [Dspace-tech] ldap login
Thanks a lot. I will check the links and hopefully see if it will work. Regards Binta From: Hilton Gibson [mailto:hilton.gib...@gmail.com] Sent: 26 June 2015 13:10 To: Saidy Binta Cc: dspace-tech@lists.sourceforge.net Subject: Re: [Dspace-tech] ldap login Hi Saidy, The error is the result of a bad Base DN' call by DSpace. See: http://stackoverflow.com/questions/16999627/ldap-server-which-is-my-base-dn This can be deduced from the following error in the log file: 3F:ip_addr=0:0:0:0:0:0:0:1:failed_login:no DN found for user bisaidy Our configuration does a basic LDAP connection test, see: http://wiki.lib.sun.ac.za/index.php/SUNScholar/Researcher_Authorisation In DSpace terminology , in the LDAP configuration section, the object_context = ou=USERS,o=SU: and search_context = ou=USERS,o=SU are probably the closest to the definition of the Base DN as per LDAP. Check those settings, I suggest. Cheers hg Hilton Gibson Ubuntu Linux Systems Administrator Stellenbosch University Library http://staff.lib.sun.ac.za/~hgibson/docs/cv/cv.html On 26 June 2015 at 14:15, Saidy Binta bisa...@mrc.gmmailto:bisa...@mrc.gm wrote: Hi , Please can someone help, I use Ldap for login on my institutional repository. I keep getting the error went anyone login to the site. The Error message is * The user name and/or password supplied were not valid. The error the dspace log message is as follows: 2015-06-26 12:09:20,632 INFO org.dspace.authenticate.LDAPAuthentication @ anonymous:session_id=5928CF1B2B5BC0E8D0BEB56D5C152E3F:ip_addr=0:0:0:0:0:0:0:1:auth:attempting trivial auth of user=bisaidy 2015-06-26 12:09:21,942 WARN org.dspace.authenticate.LDAPAuthentication @ anonymous:session_id=5928CF1B2B5BC0E8D0BEB56D5C152E3F:ip_addr=0:0:0:0:0:0:0:1:ldap_authentication:type=failed_auth javax.naming.AuthenticationException\colon; [LDAP\colon; error code 49 - 80090308\colon; LdapErr\colon; DSID-0C0903C8, comment\colon; AcceptSecurityContext error, data 52e, v2580 ] 2015-06-26 12:09:21,942 INFO org.dspace.authenticate.LDAPAuthentication @ anonymous:session_id=5928CF1B2B5BC0E8D0BEB56D5C152E3F:ip_addr=0:0:0:0:0:0:0:1:failed_login:no DN found for user bisaidy 2015-06-26 12:09:21,942 INFO org.dspace.app.xmlui.utils.AuthenticationUtil @ anonymous:session_id=5928CF1B2B5BC0E8D0BEB56D5C152E3F:ip_addr=0:0:0:0:0:0:0:1:failed_login:email=bisaidy, realm=null, result=2 Regards Binta DISCLAIMER: This message is private and confidential. If you have received this message in error please notify us and remove it from your system. Any views and opinions expressed in this message are those of the individual sender and do not necessarily represent the views and opinions of Medical Research Council Unit, The Gambia ___ This communication is confidential and may contain privileged information intended solely for the named recipient(s). It may not be used or disclosed except for the purpose for which it has been sent. If you are not the intended recipient, you must not copy, distribute, take any action or reliance on it. If you have received this communication in error, do not open any attachments but please notify the Help Desk by e-mailing h...@mrc.gmmailto:h...@mrc.gm quoting the sender details, and then delete this message along with any attached files. E-mail messages are not secure and attachments could contain software viruses which may damage your computer system. Whilst every reasonable precaution has been taken to minimise this risk, The MRC Unit The Gambia cannot accept any liability for any damage sustained as a result of these factors. You are advised to carry out your own virus checks before opening any attachments. Unless expressly stated, opinions in this message are those of the e-mail author and not of the Medical Research Council Unit The Gambia. -- Monitor 25 network devices or servers for free with OpManager! OpManager is web-based network management software that monitors network devices and physical virtual servers, alerts via email sms for fault. Monitor 25 devices for free with no restriction. Download now http://ad.doubleclick.net/ddm/clk/292181274;119417398;o ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.netmailto:DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette DISCLAIMER: This message is private and confidential. If you have received this message in error please notify us and remove it from your system. Any views and opinions expressed in this message are those of the individual sender and do not necessarily represent the views
[Dspace-tech] ldap configuration
Hi all, [cid:image001.png@01D0AC27.92F20160] Please I want to use LDAP on my institutional repository but I keep having the error. When I click on the provider_url and when I rebuild dspace I just get a blank page. When I change from LDAP to password authentication it works fine. Kindly point me to the right direction. thanks DISCLAIMER: This message is private and confidential. If you have received this message in error please notify us and remove it from your system. Any views and opinions expressed in this message are those of the individual sender and do not necessarily represent the views and opinions of Medical Research Council Unit, The Gambia ___ This communication is confidential and may contain privileged information intended solely for the named recipient(s). It may not be used or disclosed except for the purpose for which it has been sent. If you are not the intended recipient, you must not copy, distribute, take any action or reliance on it. If you have received this communication in error, do not open any attachments but please notify the Help Desk by e-mailing h...@mrc.gm quoting the sender details, and then delete this message along with any attached files. E-mail messages are not secure and attachments could contain software viruses which may damage your computer system. Whilst every reasonable precaution has been taken to minimise this risk, The MRC Unit The Gambia cannot accept any liability for any damage sustained as a result of these factors. You are advised to carry out your own virus checks before opening any attachments. Unless expressly stated, opinions in this message are those of the e-mail author and not of the Medical Research Council Unit The Gambia. -- ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
[Dspace-tech] ldap configuration
Hi all, I am trying to use ldap login on dspace 5.1, but after rebuilding dspace. I just get a blank page. Please anyone access me. I don't know what is wrong and I attached the files. thanks DISCLAIMER: This message is private and confidential. If you have received this message in error please notify us and remove it from your system. Any views and opinions expressed in this message are those of the individual sender and do not necessarily represent the views and opinions of Medical Research Council Unit, The Gambia ___ This communication is confidential and may contain privileged information intended solely for the named recipient(s). It may not be used or disclosed except for the purpose for which it has been sent. If you are not the intended recipient, you must not copy, distribute, take any action or reliance on it. If you have received this communication in error, do not open any attachments but please notify the Help Desk by e-mailing h...@mrc.gm quoting the sender details, and then delete this message along with any attached files. E-mail messages are not secure and attachments could contain software viruses which may damage your computer system. Whilst every reasonable precaution has been taken to minimise this risk, The MRC Unit The Gambia cannot accept any liability for any damage sustained as a result of these factors. You are advised to carry out your own virus checks before opening any attachments. Unless expressly stated, opinions in this message are those of the e-mail author and not of the Medical Research Council Unit The Gambia. authentication-ldap.cfg Description: authentication-ldap.cfg authentication.cfg Description: authentication.cfg -- ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] ldap configuration
Thanks, will check and see. Regards Binta From: alastair.dun...@stfc.ac.uk [mailto:alastair.dun...@stfc.ac.uk] Sent: 18 June 2015 14:05 To: Saidy Binta; dspace-tech@lists.sourceforge.net Subject: RE: ldap configuration I've just setup the ldap authentication and I kept the PasswordAuthentication enabled. How else is the administrator supposed to log in? Can you connect up and search the ldap server you are using from an ldap client such as ldapsearch(http://linux.die.net/man/1/ldapsearch)? By doing this you can check to see if your configuration parameters are correct. Alastair From: Saidy Binta [mailto:bisa...@mrc.gm] Sent: 18 June 2015 14:13 To: dspace-tech@lists.sourceforge.netmailto:dspace-tech@lists.sourceforge.net Subject: [Dspace-tech] FW: ldap configuration Can someone help me. Still waiting From: Saidy Binta [mailto:bisa...@mrc.gm] Sent: 18 June 2015 12:31 To: dspace-tech@lists.sourceforge.netmailto:dspace-tech@lists.sourceforge.net Subject: [Dspace-tech] ldap configuration Hi all, I am trying to use ldap login on dspace 5.1, but after rebuilding dspace. I just get a blank page. Please anyone access me. I don't know what is wrong and I attached the files. thanks DISCLAIMER: This message is private and confidential. If you have received this message in error please notify us and remove it from your system. Any views and opinions expressed in this message are those of the individual sender and do not necessarily represent the views and opinions of Medical Research Council Unit, The Gambia ___ This communication is confidential and may contain privileged information intended solely for the named recipient(s). It may not be used or disclosed except for the purpose for which it has been sent. If you are not the intended recipient, you must not copy, distribute, take any action or reliance on it. If you have received this communication in error, do not open any attachments but please notify the Help Desk by e-mailing h...@mrc.gmmailto:h...@mrc.gm quoting the sender details, and then delete this message along with any attached files. E-mail messages are not secure and attachments could contain software viruses which may damage your computer system. Whilst every reasonable precaution has been taken to minimise this risk, The MRC Unit The Gambia cannot accept any liability for any damage sustained as a result of these factors. You are advised to carry out your own virus checks before opening any attachments. Unless expressly stated, opinions in this message are those of the e-mail author and not of the Medical Research Council Unit The Gambia. DISCLAIMER: This message is private and confidential. If you have received this message in error please notify us and remove it from your system. Any views and opinions expressed in this message are those of the individual sender and do not necessarily represent the views and opinions of Medical Research Council Unit, The Gambia ___ This communication is confidential and may contain privileged information intended solely for the named recipient(s). It may not be used or disclosed except for the purpose for which it has been sent. If you are not the intended recipient, you must not copy, distribute, take any action or reliance on it. If you have received this communication in error, do not open any attachments but please notify the Help Desk by e-mailing h...@mrc.gmmailto:h...@mrc.gm quoting the sender details, and then delete this message along with any attached files. E-mail messages are not secure and attachments could contain software viruses which may damage your computer system. Whilst every reasonable precaution has been taken to minimise this risk, The MRC Unit The Gambia cannot accept any liability for any damage sustained as a result of these factors. You are advised to carry out your own virus checks before opening any attachments. Unless expressly stated, opinions in this message are those of the e-mail author and not of the Medical Research Council Unit The Gambia. DISCLAIMER: This message is private and confidential. If you have received this message in error please notify us and remove it from your system. Any views and opinions expressed in this message are those of the individual sender and do not necessarily represent the views and opinions of Medical Research Council Unit, The Gambia ___ This communication is confidential and may contain privileged information intended solely for the named recipient(s). It may not be used or disclosed except for the purpose for which it has been
Re: [Dspace-tech] ldap configuration
I've just setup the ldap authentication and I kept the PasswordAuthentication enabled. How else is the administrator supposed to log in? Can you connect up and search the ldap server you are using from an ldap client such as ldapsearch(http://linux.die.net/man/1/ldapsearch)? By doing this you can check to see if your configuration parameters are correct. Alastair From: Saidy Binta [mailto:bisa...@mrc.gm] Sent: 18 June 2015 14:13 To: dspace-tech@lists.sourceforge.net Subject: [Dspace-tech] FW: ldap configuration Can someone help me. Still waiting From: Saidy Binta [mailto:bisa...@mrc.gm] Sent: 18 June 2015 12:31 To: dspace-tech@lists.sourceforge.netmailto:dspace-tech@lists.sourceforge.net Subject: [Dspace-tech] ldap configuration Hi all, I am trying to use ldap login on dspace 5.1, but after rebuilding dspace. I just get a blank page. Please anyone access me. I don't know what is wrong and I attached the files. thanks DISCLAIMER: This message is private and confidential. If you have received this message in error please notify us and remove it from your system. Any views and opinions expressed in this message are those of the individual sender and do not necessarily represent the views and opinions of Medical Research Council Unit, The Gambia ___ This communication is confidential and may contain privileged information intended solely for the named recipient(s). It may not be used or disclosed except for the purpose for which it has been sent. If you are not the intended recipient, you must not copy, distribute, take any action or reliance on it. If you have received this communication in error, do not open any attachments but please notify the Help Desk by e-mailing h...@mrc.gmmailto:h...@mrc.gm quoting the sender details, and then delete this message along with any attached files. E-mail messages are not secure and attachments could contain software viruses which may damage your computer system. Whilst every reasonable precaution has been taken to minimise this risk, The MRC Unit The Gambia cannot accept any liability for any damage sustained as a result of these factors. You are advised to carry out your own virus checks before opening any attachments. Unless expressly stated, opinions in this message are those of the e-mail author and not of the Medical Research Council Unit The Gambia. DISCLAIMER: This message is private and confidential. If you have received this message in error please notify us and remove it from your system. Any views and opinions expressed in this message are those of the individual sender and do not necessarily represent the views and opinions of Medical Research Council Unit, The Gambia ___ This communication is confidential and may contain privileged information intended solely for the named recipient(s). It may not be used or disclosed except for the purpose for which it has been sent. If you are not the intended recipient, you must not copy, distribute, take any action or reliance on it. If you have received this communication in error, do not open any attachments but please notify the Help Desk by e-mailing h...@mrc.gmmailto:h...@mrc.gm quoting the sender details, and then delete this message along with any attached files. E-mail messages are not secure and attachments could contain software viruses which may damage your computer system. Whilst every reasonable precaution has been taken to minimise this risk, The MRC Unit The Gambia cannot accept any liability for any damage sustained as a result of these factors. You are advised to carry out your own virus checks before opening any attachments. Unless expressly stated, opinions in this message are those of the e-mail author and not of the Medical Research Council Unit The Gambia. -- ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] ldap configuration
Also see: http://wiki.lib.sun.ac.za/index.php/SUNScholar/Researcher_Authorisation Cheers hg *Hilton Gibson* Ubuntu Linux Systems Administrator Stellenbosch University Library http://staff.lib.sun.ac.za/~hgibson/docs/cv/cv.html On 18 June 2015 at 16:28, Saidy Binta bisa...@mrc.gm wrote: Thanks, will check and see. Regards Binta *From:* alastair.dun...@stfc.ac.uk [mailto:alastair.dun...@stfc.ac.uk] *Sent:* 18 June 2015 14:05 *To:* Saidy Binta; dspace-tech@lists.sourceforge.net *Subject:* RE: ldap configuration I’ve just setup the ldap authentication and I kept the PasswordAuthentication enabled. How else is the administrator supposed to log in? Can you connect up and search the ldap server you are using from an ldap client such as ldapsearch(http://linux.die.net/man/1/ldapsearch)? By doing this you can check to see if your configuration parameters are correct. Alastair *From:* Saidy Binta [mailto:bisa...@mrc.gm bisa...@mrc.gm] *Sent:* 18 June 2015 14:13 *To:* dspace-tech@lists.sourceforge.net *Subject:* [Dspace-tech] FW: ldap configuration Can someone help me. Still waiting *From:* Saidy Binta [mailto:bisa...@mrc.gm bisa...@mrc.gm] *Sent:* 18 June 2015 12:31 *To:* dspace-tech@lists.sourceforge.net *Subject:* [Dspace-tech] ldap configuration Hi all, I am trying to use ldap login on dspace 5.1, but after rebuilding dspace. I just get a blank page. Please anyone access me. I don’t know what is wrong and I attached the files. thanks -- DISCLAIMER: This message is private and confidential. If you have received this message in error please notify us and remove it from your system. Any views and opinions expressed in this message are those of the individual sender and do not necessarily represent the views and opinions of Medical Research Council Unit, The Gambia ___ This communication is confidential and may contain privileged information intended solely for the named recipient(s). It may not be used or disclosed except for the purpose for which it has been sent. If you are not the intended recipient, you must not copy, distribute, take any action or reliance on it. If you have received this communication in error, do not open any attachments but please notify the Help Desk by e-mailing h...@mrc.gm quoting the sender details, and then delete this message along with any attached files. E-mail messages are not secure and attachments could contain software viruses which may damage your computer system. Whilst every reasonable precaution has been taken to minimise this risk, The MRC Unit The Gambia cannot accept any liability for any damage sustained as a result of these factors. You are advised to carry out your own virus checks before opening any attachments. Unless expressly stated, opinions in this message are those of the e-mail author and not of the Medical Research Council Unit The Gambia. -- DISCLAIMER: This message is private and confidential. If you have received this message in error please notify us and remove it from your system. Any views and opinions expressed in this message are those of the individual sender and do not necessarily represent the views and opinions of Medical Research Council Unit, The Gambia ___ This communication is confidential and may contain privileged information intended solely for the named recipient(s). It may not be used or disclosed except for the purpose for which it has been sent. If you are not the intended recipient, you must not copy, distribute, take any action or reliance on it. If you have received this communication in error, do not open any attachments but please notify the Help Desk by e-mailing h...@mrc.gm quoting the sender details, and then delete this message along with any attached files. E-mail messages are not secure and attachments could contain software viruses which may damage your computer system. Whilst every reasonable precaution has been taken to minimise this risk, The MRC Unit The Gambia cannot accept any liability for any damage sustained as a result of these factors. You are advised to carry out your own virus checks before opening any attachments. Unless expressly stated, opinions in this message are those of the e-mail author and not of the Medical Research Council Unit The Gambia. -- DISCLAIMER: This message is private and confidential. If you have received this message in error please notify us and remove it from your system. Any views and opinions expressed in this message are those of the individual sender and do not necessarily represent the views and opinions of Medical
Re: [Dspace-tech] ldap configuration
Hi Saidy, A blank page likely means there's some error behind the scenes (possibly even unrelated to you LDAP configs). You should check your log files for any error messages reported there. Here's some tips on finding troubleshooting error messages in your logs: https://wiki.duraspace.org/display/DSPACE/Troubleshoot+an+error Once you find the error, if you cannot figure it out, feel free to send the full error message to this mailing list and we'll try to help you out. - Tim On 6/18/2015 7:31 AM, Saidy Binta wrote: Hi all, I am trying to use ldap login on dspace 5.1, but after rebuilding dspace. I just get a blank page. Please anyone access me. I don’t know what is wrong and I attached the files. thanks DISCLAIMER: This message is private and confidential. If you have received this message in error please notify us and remove it from your system. Any views and opinions expressed in this message are those of the individual sender and do not necessarily represent the views and opinions of Medical Research Council Unit, The Gambia ___ This communication is confidential and may contain privileged information intended solely for the named recipient(s). It may not be used or disclosed except for the purpose for which it has been sent. If you are not the intended recipient, you must not copy, distribute, take any action or reliance on it. If you have received this communication in error, do not open any attachments but please notify the Help Desk by e-mailing h...@mrc.gm quoting the sender details, and then delete this message along with any attached files. E-mail messages are not secure and attachments could contain software viruses which may damage your computer system. Whilst every reasonable precaution has been taken to minimise this risk, The MRC Unit The Gambia cannot accept any liability for any damage sustained as a result of these factors. You are advised to carry out your own virus checks before opening any attachments. Unless expressly stated, opinions in this message are those of the e-mail author and not of the Medical Research Council Unit The Gambia. -- ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
[Dspace-tech] ldap configuration on windows
Hi everyone, I install dspace on my machine as a test instance for own institutional repository. I want to configure ldap login but it not working. Kindly help. Regards Binta DISCLAIMER: This message is private and confidential. If you have received this message in error please notify us and remove it from your system. Any views and opinions expressed in this message are those of the individual sender and do not necessarily represent the views and opinions of Medical Research Council Unit, The Gambia ___ This communication is confidential and may contain privileged information intended solely for the named recipient(s). It may not be used or disclosed except for the purpose for which it has been sent. If you are not the intended recipient, you must not copy, distribute, take any action or reliance on it. If you have received this communication in error, do not open any attachments but please notify the Help Desk by e-mailing h...@mrc.gm quoting the sender details, and then delete this message along with any attached files. E-mail messages are not secure and attachments could contain software viruses which may damage your computer system. Whilst every reasonable precaution has been taken to minimise this risk, The MRC Unit The Gambia cannot accept any liability for any damage sustained as a result of these factors. You are advised to carry out your own virus checks before opening any attachments. Unless expressly stated, opinions in this message are those of the e-mail author and not of the Medical Research Council Unit The Gambia. -- ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] LDAP auth doesn't send e-mails properly
Xerio, We're running DSpace 4.1 along with the LDAP authentication system. This works well except LDAP doesn't seem to find the correct e-mail address for users. I think there is a patch to apply. You could have a look at: https://jira.duraspace.org/browse/DS-1781 Best regards, olivier In config/modules/authentication-ldap.cfg we have: provider_usr = ldap://ldapserver id_field = uid object_context = cn=Users,dc=ldap,dc=com email_field = usermail If I run the ldapsearch command in the term I can indeed get the email of the user: dspace:mch# ldapsearch -H ldap://ldapserver -b 'cn=Users,dc=ldap,dc=com' -x uid=xerio usermail # xerio, Users, ldap.com dn: uid=xerio,cn=Users,dc=ldap,dc=com usermail: xe...@xerio.com # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 However, DSpace seems to try to send the e-mail to=xerio (the username) instead. Is there a way how can I debug this further or any hint about what could be wrong? Thanks. [1/2:text/html Show] [2:text/plain Hide] -- BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT Develop your own process in accordance with the BPMN 2 standard Learn Process modeling best practices with Bonita BPM through live exercises http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_ source=Sourceforge_BPM_Camp_5_6_15utm_medium=emailutm_campaign=VA_SF [3:text/plain Hide] ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- -- BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT Develop your own process in accordance with the BPMN 2 standard Learn Process modeling best practices with Bonita BPM through live exercises http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_ source=Sourceforge_BPM_Camp_5_6_15utm_medium=emailutm_campaign=VA_SF ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] LDAP auth doesn't send e-mails properly
Seems to work. Thank you so much! 2015-04-08 9:04 GMT+01:00 Olivier Nicole olivier.nic...@cs.ait.ac.th: Xerio, We're running DSpace 4.1 along with the LDAP authentication system. This works well except LDAP doesn't seem to find the correct e-mail address for users. I think there is a patch to apply. You could have a look at: https://jira.duraspace.org/browse/DS-1781 Best regards, olivier In config/modules/authentication-ldap.cfg we have: provider_usr = ldap://ldapserver id_field = uid object_context = cn=Users,dc=ldap,dc=com email_field = usermail If I run the ldapsearch command in the term I can indeed get the email of the user: dspace:mch# ldapsearch -H ldap://ldapserver -b 'cn=Users,dc=ldap,dc=com' -x uid=xerio usermail # xerio, Users, ldap.com dn: uid=xerio,cn=Users,dc=ldap,dc=com usermail: xe...@xerio.com # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 However, DSpace seems to try to send the e-mail to=xerio (the username) instead. Is there a way how can I debug this further or any hint about what could be wrong? Thanks. [1/2:text/html Show] [2:text/plain Hide] -- BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT Develop your own process in accordance with the BPMN 2 standard Learn Process modeling best practices with Bonita BPM through live exercises http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_ source=Sourceforge_BPM_Camp_5_6_15utm_medium=emailutm_campaign=VA_SF [3:text/plain Hide] ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- -- BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT Develop your own process in accordance with the BPMN 2 standard Learn Process modeling best practices with Bonita BPM through live exercises http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_ source=Sourceforge_BPM_Camp_5_6_15utm_medium=emailutm_campaign=VA_SF___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
[Dspace-tech] LDAP auth doesn't send e-mails properly
Hi, We're running DSpace 4.1 along with the LDAP authentication system. This works well except LDAP doesn't seem to find the correct e-mail address for users. In config/modules/authentication-ldap.cfg we have: provider_usr = ldap://ldapserver id_field = uid object_context = cn=Users,dc=ldap,dc=com email_field = usermail If I run the ldapsearch command in the term I can indeed get the email of the user: dspace:mch# ldapsearch -H ldap://ldapserver -b 'cn=Users,dc=ldap,dc=com' -x uid=xerio usermail # xerio, Users, ldap.com dn: uid=xerio,cn=Users,dc=ldap,dc=com usermail: xe...@xerio.com # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 However, DSpace seems to try to send the e-mail to=xerio (the username) instead. Is there a way how can I debug this further or any hint about what could be wrong? Thanks. -- BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT Develop your own process in accordance with the BPMN 2 standard Learn Process modeling best practices with Bonita BPM through live exercises http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_ source=Sourceforge_BPM_Camp_5_6_15utm_medium=emailutm_campaign=VA_SF___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
[Dspace-tech] LDAP authentication mail attribute issue
Hi, I am using LDAP authentication for autoregister. DSpace can communicate with LDAP server and get mail value independently. When I configure ldap to match email_field = mail, it doesn't work. However, it is working as phone_field = mail. I can not understand and find any post related to this issue. I hope someone can help me to figure out it. Regards Hakan Yanaz -- Dive into the World of Parallel Programming. The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] LDAP authentication mail attribute issue
Hi, I am using LDAP authentication for autoregister. DSpace can communicate with LDAP server and get mail value independently. When I configure ldap to match email_field = mail, it doesn't work. However, it is working as phone_field = mail. I can not understand and find any post related to this issue. I hope someone can help me to figure out it. I had that same problem one month ago, the answer given to me wasa: As for the email field problem. There was a known bug regarding this in DSpace 3 and 4. It's now been fixed in DSpace 5. Here's the info on that problem: https://jira.duraspace.org/browse/DS-1781 I applied the patch, mvn -U clean package in [dspace source] and ant update and restart tomcat. Best regards, Olivier -- Dive into the World of Parallel Programming. The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] LDAP autoregister
Thanks Tim, Also, since you are copying these changes to your [dspace-source]/dspace-api/src/main/java/dspace/authenticate/ directory, you MUST be sure to run mvn -U clean package from [dspace-source] (which recompiles EVERYTHING) and NOT from [dspace-source]/dspace/ (which only recompiles the [dspace-source]/dspace/ module). That was it. I recompiled from [dspace-source]/dspace/ I am afraid it's a newbie mistake. By the way, in case of several values for the LDAP mail attribute, the first value will be used, I confirm that point. Best regards, Olivier - Tim On 1/23/2015 4:46 AM, Olivier Nicole wrote: Tim, 3) As for the email field problem. There was a known bug regarding this in DSpace 3 and 4. It's now been fixed in DSpace 5. Here's the info on that problem: https://jira.duraspace.org/browse/DS-1781 Thanks, I will patch that. I have downloaded the new LDAPAuthentication.java from the bugfix page into [dspace-source]/space-api/src/main/java/org/dspace/authenticate/ Then I mvn -U clean package, stopped tomcat, ant update and restart tomcat. Is that the correct procedure to update? Nonetheless, I still have email that is limited to netid, whether netid_email_domain is set or not. Best regards, Olivier -- New Year. New Location. New Benefits. New Data Center in Ashburn, VA. GigeNET is offering a free month of service with a new server in Ashburn. Choose from 2 high performing configs, both with 100TB of bandwidth. Higher redundancy.Lower latency.Increased capacity.Completely compliant. http://p.sf.net/sfu/gigenet ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- -- Dive into the World of Parallel Programming. The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] LDAP autoregister
Olivier, Yes, that process sounds correct. To be clear though, here are the changes that should be in your LDAPAuthentication class to fix DS-1781: https://github.com/DSpace/DSpace/pull/663/files So, if you don't see those changes in your [dspace-source]/dspace-api/src/main/java/dspace/authenticate/LDAPAuthentication.java class, then it's likely you accidentally grabbed the wrong one. Also, since you are copying these changes to your [dspace-source]/dspace-api/src/main/java/dspace/authenticate/ directory, you MUST be sure to run mvn -U clean package from [dspace-source] (which recompiles EVERYTHING) and NOT from [dspace-source]/dspace/ (which only recompiles the [dspace-source]/dspace/ module). - Tim On 1/23/2015 4:46 AM, Olivier Nicole wrote: Tim, 3) As for the email field problem. There was a known bug regarding this in DSpace 3 and 4. It's now been fixed in DSpace 5. Here's the info on that problem: https://jira.duraspace.org/browse/DS-1781 Thanks, I will patch that. I have downloaded the new LDAPAuthentication.java from the bugfix page into [dspace-source]/space-api/src/main/java/org/dspace/authenticate/ Then I mvn -U clean package, stopped tomcat, ant update and restart tomcat. Is that the correct procedure to update? Nonetheless, I still have email that is limited to netid, whether netid_email_domain is set or not. Best regards, Olivier -- New Year. New Location. New Benefits. New Data Center in Ashburn, VA. GigeNET is offering a free month of service with a new server in Ashburn. Choose from 2 high performing configs, both with 100TB of bandwidth. Higher redundancy.Lower latency.Increased capacity.Completely compliant. http://p.sf.net/sfu/gigenet ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- New Year. New Location. New Benefits. New Data Center in Ashburn, VA. GigeNET is offering a free month of service with a new server in Ashburn. Choose from 2 high performing configs, both with 100TB of bandwidth. Higher redundancy.Lower latency.Increased capacity.Completely compliant. http://p.sf.net/sfu/gigenet ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] LDAP autoregister
Hi, OK, I have some answers but it raises much more questions. enable = true autoregister = true provider_url = ldaps://ldap.cs.ait.ac.th/ id_field = uid object_context = ou=People,ou=csim,dc=cs,dc=ait,dc=ac,dc=th # search_context = ou=People email_field = mail It stubornedly refuses to work. surname_field = sn givenname_field = givenName phone_field = telephoneNumber #login.specialgroup = CSIM_LDAP search_scope = 2 #search.anonymous = false This MUST be set to true in order to have autoregister working. #search.user = cn=admin,ou=people,o=myu.edu #search.password = password #netid_email_domain = @example.com #login.groupmap.1 = ou=ldap-dept1:dspace-group1 login.groupmap.attribute = csimAccountPermission This attribute can only have *ONE* value. login.groupmap.1 = dspace:CSIM_LDAP login.groupmap.2 = dspaceadmin:Administrator - So the autoregister of the email is not working (name, phone are working great). I tried with one or two values for the mail attribute, could not get it to work. I can live with that as users are located in the same domain as DSpace and email can be sent with only the username. - The login.groupmap.attribute cannot have several values, I think I can live with it and manage the group hierarchy some other way if I want a user to belong to 2 groups. - But what is really puzzling me is why the search has to be anonymous? The user has provided a username and password, these have been used to successfully bind to LDAP, then the search should be made as the user, not as anonymous (hopefully the user has more visibility to his own data than anonymous has; if the telephone number should not be made world visible for security readon, when bind as the user, the user should be able to see his own phone number). So the anonymous search should be used only when trying to figure out the DN of the user in a hierarchical LDAP. It should not be used to gather the personnal information once the user has successfully bind. Or there is a case i don't understand where the bind DN is different fro the DN that contains the user detail? And this leads me to a more general remark: why creating eperson for a user loged in with LDAP? - when the LDAP account is removed, the user can still login using is eperson account (provided that he has updated his profile and installed a password); so when a user is leaving the system, he must also be deleted from DSpace; - when the LDAP account is updated, the eperson must be updated in the same way; - there is no major difference between finding the person details in LDAP and in Postgres; one should not take longer than the other. Best regards, Olivier -- New Year. New Location. New Benefits. New Data Center in Ashburn, VA. GigeNET is offering a free month of service with a new server in Ashburn. Choose from 2 high performing configs, both with 100TB of bandwidth. Higher redundancy.Lower latency.Increased capacity.Completely compliant. http://p.sf.net/sfu/gigenet ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] LDAP autoregister
Olivier, I only have answers to a couple of your questions, but perhaps that helps a little bit... First: I have the same situation here. Authentication against LDAP works, but the data is not collected correctly from the LDAPserver. All I get is a local entry with the netid, but nothing else (phone number, email, real name etc. are not taken). So I would be very interested how you got that part working... I have created a helper script, which is asking the LDAP for database entries, which are missing in our DSpace DB. That solves the problem, but its still only a workaround. And this leads me to a more general remark: why creating eperson for a user loged in with LDAP? I guess thats because every object (for example items) in DSpace needs to have an eperson, who created it. If this eperson (no matter how it was authenticated) creates an item, DSpace needs to store the internal ID of that eperson for reference. Otherwise the My DSpace area could not work. If a user, who was authenticated via LDAP, is removed from the LDAP, I guess he cannot login into DSpace, because he has no password and though he shouldn't be authenticated successfully. But, to be honest, I haven't tried that yet. In the other points I agree with you: it should not be necessary to copy the personal data into the local database, but read it on demand from the directory, because this is causing update trouble. I also do not understand, why the search has to be anonymous. Best regards Oliver Am 22.01.2015 um 09:34 schrieb Olivier Nicole: Hi, OK, I have some answers but it raises much more questions. enable = true autoregister = true provider_url = ldaps://ldap.cs.ait.ac.th/ id_field = uid object_context = ou=People,ou=csim,dc=cs,dc=ait,dc=ac,dc=th # search_context = ou=People email_field = mail It stubornedly refuses to work. surname_field = sn givenname_field = givenName phone_field = telephoneNumber #login.specialgroup = CSIM_LDAP search_scope = 2 #search.anonymous = false This MUST be set to true in order to have autoregister working. #search.user = cn=admin,ou=people,o=myu.edu #search.password = password #netid_email_domain = @example.com #login.groupmap.1 = ou=ldap-dept1:dspace-group1 login.groupmap.attribute = csimAccountPermission This attribute can only have *ONE* value. login.groupmap.1 = dspace:CSIM_LDAP login.groupmap.2 = dspaceadmin:Administrator - So the autoregister of the email is not working (name, phone are working great). I tried with one or two values for the mail attribute, could not get it to work. I can live with that as users are located in the same domain as DSpace and email can be sent with only the username. - The login.groupmap.attribute cannot have several values, I think I can live with it and manage the group hierarchy some other way if I want a user to belong to 2 groups. - But what is really puzzling me is why the search has to be anonymous? The user has provided a username and password, these have been used to successfully bind to LDAP, then the search should be made as the user, not as anonymous (hopefully the user has more visibility to his own data than anonymous has; if the telephone number should not be made world visible for security readon, when bind as the user, the user should be able to see his own phone number). So the anonymous search should be used only when trying to figure out the DN of the user in a hierarchical LDAP. It should not be used to gather the personnal information once the user has successfully bind. Or there is a case i don't understand where the bind DN is different fro the DN that contains the user detail? And this leads me to a more general remark: why creating eperson for a user loged in with LDAP? - when the LDAP account is removed, the user can still login using is eperson account (provided that he has updated his profile and installed a password); so when a user is leaving the system, he must also be deleted from DSpace; - when the LDAP account is updated, the eperson must be updated in the same way; - there is no major difference between finding the person details in LDAP and in Postgres; one should not take longer than the other. Best regards, Olivier -- New Year. New Location. New Benefits. New Data Center in Ashburn, VA. GigeNET is offering a free month of service with a new server in Ashburn. Choose from 2 high performing configs, both with 100TB of bandwidth. Higher redundancy.Lower latency.Increased capacity.Completely compliant. http://p.sf.net/sfu/gigenet ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] LDAP autoregister
Thank you Tim, Just skimming your configuration, it looks like, based on the DSpace LDAP Documentation you have a slightly odd combination of configs. I'm not sure which version of DSpace you are using though, so I'm assuming this might be 4.x: 4.2 https://wiki.duraspace.org/display/DSDOC4x/Authentication+Plugins#AuthenticationPlugins-LDAPAuthentication In the docs, you'll see a few important configuration notes: 1) search_context notes that With autoregister turned on, when a user authenticates without an EPerson object we search the LDAP directory to get their name and email address so that we can create one for them. You seem to have skipped specifying a search_context for searching LDAP? Not sure if this was on purpose or not. That search_context is not very clear. It is also says Often the search_context is the same as the object_context parameter. I understand that by default it will be made similar and I have to give it a value only in the case it is different. And in LDAP cpntext, So after we have authenticated against uid=username,ou=people,o=byu.edu we now search in ou=people for filtering on [uid=username]. makes little sense: the name and mail are attribute of the LDAP person object that we have just authenticated against, why looking for them elsewhere? 2) Also you have two options when searching LDAP: * You can set search.anonymous=true in which case LDAP is searched anonymously. * OR, you can specify search.user and search.password to search LDAP as a specific Admin account. It looks like you've commented out *both* of these settings, which just defaults to searching anonymously. search.anonymous is not mentionned on the web page you linked to above :) In DSpace-Manual.pdf, search.anonymous is only mentionned in the chapter about upgrading from 1.8 to 3.x, it is about hierarchical LDAP tree. It is also mentionned in authorization-ldap.cfg, under hierarchical LDAP tree. search.user and search.password are both mentionned in the section about hierarchical LDAP tree: in the web page, in the PDF manual and in the comments in authorization-ldap.cfg. I have a flat tree, with all the users residing in the same branch, so I did not see the need to use any of the search.something. 3) As for the email field problem. There was a known bug regarding this in DSpace 3 and 4. It's now been fixed in DSpace 5. Here's the info on that problem: https://jira.duraspace.org/browse/DS-1781 Thanks, I will patch that. Best regards, Olivier As for your questions about why DSpace creates an EPerson. DSpace is only *aware* of EPerson objects in the system. Therefore, all the DSpace authentication plugins create/update a corresponding EPerson object. DSpace primarily uses LDAP (or Shibboleth) to ensure you have access to the system, but after that, all content you create is associated with your *DSpace EPerson*. Hopefully that gives you a few clues to go on. Good luck! - Tim On 1/22/2015 2:34 AM, Olivier Nicole wrote: Hi, OK, I have some answers but it raises much more questions. enable = true autoregister = true provider_url = ldaps://ldap.cs.ait.ac.th/ id_field = uid object_context = ou=People,ou=csim,dc=cs,dc=ait,dc=ac,dc=th # search_context = ou=People email_field = mail It stubornedly refuses to work. surname_field = sn givenname_field = givenName phone_field = telephoneNumber #login.specialgroup = CSIM_LDAP search_scope = 2 #search.anonymous = false This MUST be set to true in order to have autoregister working. #search.user = cn=admin,ou=people,o=myu.edu #search.password = password #netid_email_domain = @example.com #login.groupmap.1 = ou=ldap-dept1:dspace-group1 login.groupmap.attribute = csimAccountPermission This attribute can only have *ONE* value. login.groupmap.1 = dspace:CSIM_LDAP login.groupmap.2 = dspaceadmin:Administrator - So the autoregister of the email is not working (name, phone are working great). I tried with one or two values for the mail attribute, could not get it to work. I can live with that as users are located in the same domain as DSpace and email can be sent with only the username. - The login.groupmap.attribute cannot have several values, I think I can live with it and manage the group hierarchy some other way if I want a user to belong to 2 groups. - But what is really puzzling me is why the search has to be anonymous? The user has provided a username and password, these have been used to successfully bind to LDAP, then the search should be made as the user, not as anonymous (hopefully the user has more visibility to his own data than anonymous has; if the telephone number should not be made world visible for security readon, when bind as the user, the user should be able to see his own phone number). So the anonymous search should be used only when trying to figure out the DN of the user in a hierarchical LDAP. It should
[Dspace-tech] LDAP autoregister
Olivier Nicole olivier.nic...@cs.ait.ac.th writes: Hi, Allow-me to repost my question because it got no answer, I am adraid it was lost in the limbo of the mailinglist. I am trying to understand how to configure LDAP to properly autoregister. When I try to connect with an LDAP account, the e-person is created but the profile is empty (no name, no proepr email, etc.). I had a look at the log of my LDAP server and all I can see is the following: Jan 15 13:51:23 ldap slapd[1512]: conn=26951150 fd=130 ACCEPT from IP=192.41.170.14:56585 (IP=192.41.170.6:636) Jan 15 13:51:23 ldap slapd[1512]: conn=26951150 fd=130 TLS established tls_ssf=256 ssf=256 Jan 15 13:51:23 ldap slapd[1512]: conn=26951150 op=0 BIND dn=uid=on,ou=People,ou=csim,dc=cs,dc=ait,dc=ac,dc=th method=128 Jan 15 13:51:23 ldap slapd[1512]: conn=26951150 op=0 BIND dn=uid=on,ou=People,ou=csim,dc=cs,dc=ait,dc=ac,dc=th mech=SIMPLE ssf=0 Jan 15 13:51:23 ldap slapd[1512]: conn=26951150 op=0 RESULT tag=97 err=0 text= Jan 15 13:51:23 ldap slapd[1512]: conn=26951150 op=1 UNBIND Jan 15 13:51:23 ldap slapd[1512]: conn=26951150 fd=130 closed Showing that DSpace bind/connect to LDAP, to authenticate, but it does not try to get any other data like name, email, etc. There is no SRCH request (search for the values of some attributes in LDAP). So I am wondering what I did wrong? My authentication-ldap.cfg file is: enable = true autoregister = true provider_url = ldaps://ldap.cs.ait.ac.th/ id_field = uid object_context = ou=People,ou=csim,dc=cs,dc=ait,dc=ac,dc=th # search_context = ou=People email_field = mail surname_field = sn givenname_field = givenName phone_field = telephoneNumber #login.specialgroup = CSIM_LDAP search_scope = 2 #search.anonymous = false #search.user = cn=admin,ou=people,o=myu.edu #search.password = password #netid_email_domain = @example.com #login.groupmap.1 = ou=ldap-dept1:dspace-group1 login.groupmap.attribute = csimAccountPermission login.groupmap.1 = dspace:CSIM_LDAP login.groupmap.2 = dspaceadmin:Administrator I have tried several values for search_context, with no result. I have no hierarcgical LDAP, all userss are in the same branch. What am I missing? Help welcome a lot. Best regards, Olivier -- -- New Year. New Location. New Benefits. New Data Center in Ashburn, VA. GigeNET is offering a free month of service with a new server in Ashburn. Choose from 2 high performing configs, both with 100TB of bandwidth. Higher redundancy.Lower latency.Increased capacity.Completely compliant. http://p.sf.net/sfu/gigenet ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
[Dspace-tech] LDAP autoregister
Hi, I am trying to understand how to configure LDAP to properly autoregister. When I try to connect with an LDAP account, the e-person is created but the profile is empty (no name, no proepr email, etc.). I had a look at the log of my LDAP server and all I can see is the following: Jan 15 13:51:23 ldap slapd[1512]: conn=26951150 fd=130 ACCEPT from IP=192.41.170.14:56585 (IP=192.41.170.6:636) Jan 15 13:51:23 ldap slapd[1512]: conn=26951150 fd=130 TLS established tls_ssf=256 ssf=256 Jan 15 13:51:23 ldap slapd[1512]: conn=26951150 op=0 BIND dn=uid=on,ou=People,ou=csim,dc=cs,dc=ait,dc=ac,dc=th method=128 Jan 15 13:51:23 ldap slapd[1512]: conn=26951150 op=0 BIND dn=uid=on,ou=People,ou=csim,dc=cs,dc=ait,dc=ac,dc=th mech=SIMPLE ssf=0 Jan 15 13:51:23 ldap slapd[1512]: conn=26951150 op=0 RESULT tag=97 err=0 text= Jan 15 13:51:23 ldap slapd[1512]: conn=26951150 op=1 UNBIND Jan 15 13:51:23 ldap slapd[1512]: conn=26951150 fd=130 closed Showing that DSpace bind/connect to LDAP, to authenticate, but it does not try to get any other data like name, email, etc. There is no SRCH request (search for the values of some attributes in LDAP). So I am wondering what I did wrong? My authentication-ldap.cfg file is: enable = true autoregister = true provider_url = ldaps://ldap.cs.ait.ac.th/ id_field = uid object_context = ou=People,ou=csim,dc=cs,dc=ait,dc=ac,dc=th # search_context = ou=People email_field = mail surname_field = sn givenname_field = givenName phone_field = telephoneNumber #login.specialgroup = CSIM_LDAP search_scope = 2 #search.anonymous = false #search.user = cn=admin,ou=people,o=myu.edu #search.password = password #netid_email_domain = @example.com #login.groupmap.1 = ou=ldap-dept1:dspace-group1 login.groupmap.attribute = csimAccountPermission login.groupmap.1 = dspace:CSIM_LDAP login.groupmap.2 = dspaceadmin:Administrator I have tried several values for search_context, with no result. I have no hierarcgical LDAP, all userss are in the same branch. What am I missing? Help welcome a lot. Best regards, Olivier -- -- New Year. New Location. New Benefits. New Data Center in Ashburn, VA. GigeNET is offering a free month of service with a new server in Ashburn. Choose from 2 high performing configs, both with 100TB of bandwidth. Higher redundancy.Lower latency.Increased capacity.Completely compliant. http://p.sf.net/sfu/gigenet ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
[Dspace-tech] LDAP Authentication - login.specialgroup property
Dear DSpace community, I want any user log in to dspace to be member of the students group (Note that this group is already created on dspace). So to do that, I changed the login.specialgroup to Students in authentication-ldap.cfg and then restart tomcat. But it doesn't work with me. Can someone help me figuring out Whats missing here? Regards, Nada Abo-Eita -- Dive into the World of Parallel Programming! The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] LDAP Authentication - login.specialgroup property
I already answered your question here: http://dspace.2283337.n4.nabble.com/Adding-e-people-into-groups-automatically-td4675556.html Can you specify what exactly doesn't seem to work? Regards, ~~helix84 Compulsory reading: DSpace Mailing List Etiquette https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- Dive into the World of Parallel Programming! The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] LDAP Authentication - login.specialgroup property
Hi helix, I did exactly what you mentioned here http://dspace.2283337.n4.nabble.com/Adding-e-people-into-groups-automatically-td4675556.html Based on my changes if any user log in to dspace then they should become a member of the specified group in login.specialgroup property in my case (students group). [ This is how it should be ] But what happened with me, the user log in to dspace fine* but without* being a member of the students group [ My problem ]. I hope its clear now. Regards, Nada Abo-Eita On Wed, Jan 7, 2015 at 1:34 PM, helix84 heli...@centrum.sk wrote: I already answered your question here: http://dspace.2283337.n4.nabble.com/Adding-e-people-into-groups-automatically-td4675556.html Can you specify what exactly doesn't seem to work? Regards, ~~helix84 Compulsory reading: DSpace Mailing List Etiquette https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- Dive into the World of Parallel Programming! The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] LDAP Authentication - login.specialgroup property
Hi All When using LDAP auth, does membership rely on the auto-register config setting? Cheers hg *Hilton Gibson* Ubuntu Linux Systems Administrator JS Gericke Library Room 1025C Stellenbosch University Private Bag X5036 Stellenbosch 7599 South Africa Tel: +27 21 808 4100 | Cell: +27 84 646 4758 On 7 January 2015 at 13:06, Nada Abo-Eita naboeit...@gmail.com wrote: Hi helix, I did exactly what you mentioned here http://dspace.2283337.n4.nabble.com/Adding-e-people-into-groups-automatically-td4675556.html Based on my changes if any user log in to dspace then they should become a member of the specified group in login.specialgroup property in my case (students group). [ This is how it should be ] But what happened with me, the user log in to dspace fine* but without* being a member of the students group [ My problem ]. I hope its clear now. Regards, Nada Abo-Eita On Wed, Jan 7, 2015 at 1:34 PM, helix84 heli...@centrum.sk wrote: I already answered your question here: http://dspace.2283337.n4.nabble.com/Adding-e-people-into-groups-automatically-td4675556.html Can you specify what exactly doesn't seem to work? Regards, ~~helix84 Compulsory reading: DSpace Mailing List Etiquette https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- Dive into the World of Parallel Programming! The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- Dive into the World of Parallel Programming! The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] LDAP Authentication - login.specialgroup property
Hi Helix So this all depends on the quality of the metadata in the LDAP tree/server. Is it possible to map an LDAP filter to a group in DSpace? Assuming you only have one LDAP server to refer to, not a separate staff and student LDAP server, just one. Cheers hg *Hilton Gibson* Ubuntu Linux Systems Administrator JS Gericke Library Room 1025C Stellenbosch University Private Bag X5036 Stellenbosch 7599 South Africa Tel: +27 21 808 4100 | Cell: +27 84 646 4758 On 7 January 2015 at 13:28, helix84 heli...@centrum.sk wrote: The way it works is anyone who can log in to LDAP can log into DSpace and then is assigned the specialgroup. If you want only those who are students in LDAP to be able to log into DSpace, that's a different matter. There are two ways how your group information may be stored in LDAP: if your DN is something like uid=username,o=org,dc=Students then the group information is stored in DN. You can limit logins only for this group using: provider_url = ldap://ldap.example.com/o=org,dc=Students If, OTOH, your user group is stored in an attribute (e.g. group=Students), then you can apply a filter: provider_url = ldap://ldap.example.com/???(group=Students) (I haven't tested this second example). Regards, ~~helix84 Compulsory reading: DSpace Mailing List Etiquette https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- Dive into the World of Parallel Programming! The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- Dive into the World of Parallel Programming! The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] LDAP Authentication - login.specialgroup property
On Wed, Jan 7, 2015 at 1:33 PM, Hilton Gibson hilton.gib...@gmail.com wrote: Is it possible to map an LDAP filter to a group in DSpace? Yes, both a filter and an attribute: https://github.com/DSpace/DSpace/blob/dspace-5.0-rc3/dspace/config/modules/authentication-ldap.cfg#L150-168 Assuming you only have one LDAP server to refer to, not a separate staff and student LDAP server, just one. Correct, that's how it works. But as I understood Nada's request, they want to allow only students to log in. Not just put students to a DSpace group. That's why I suggested the solution which changes provider_url. Regards, ~~helix84 Compulsory reading: DSpace Mailing List Etiquette https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- Dive into the World of Parallel Programming! The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] LDAP Authentication - login.specialgroup property
On Wed, Jan 7, 2015 at 1:56 PM, helix84 heli...@centrum.sk wrote: On Wed, Jan 7, 2015 at 1:33 PM, Hilton Gibson hilton.gib...@gmail.com wrote: Is it possible to map an LDAP filter to a group in DSpace? Yes, both a filter and an attribute: https://github.com/DSpace/DSpace/blob/dspace-5.0-rc3/dspace/config/modules/authentication-ldap.cfg#L150-168 Eh, sorry, that wasn't correct. Not a filter in the LDAP sense. Filters are an expression on a set of attributes, you can't do that with the code currently available. But you can match either a part of the DN or an attribute. Regards, ~~helix84 Compulsory reading: DSpace Mailing List Etiquette https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- Dive into the World of Parallel Programming! The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] Ldap settings
Hi Satish, You probably don't intend to use netid_email_domain (there is an alternative configuration where you might want to use it, but I don't think it will work in what you wrote). Additionally, you specified search.password, but not search.user, this is clearly wrong. id_field is what is used to search for what the user enters as his username, so make sure that the email address is stored in sAMAccountName. Otherwise, if you inted to search for mail, make sure that your LDAP directory indexes this field. Regards, ~~helix84 Compulsory reading: DSpace Mailing List Etiquette https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- Want excitement? Manually upgrade your production database. When you want reliability, choose Perforce. Perforce version control. Predictably reliable. http://pubads.g.doubleclick.net/gampad/clk?id=157508191iu=/4140/ostg.clktrk ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
[Dspace-tech] Ldap settings
Hello everybody, I require help in configuring ldap settings, i am using DSpace 4.2, my configurations are enable = true autoregister = false id_field = sAMAccountName object_context = dc=example, dc=com search_context = dc=example, dc=com email_field = mail givenname_field = givenName search.password = ldappassword netid_email_domain = @example.com i am unable to login by mail in above settings for the below settings i am able to login by user name, but i require users to login my mail id. id_field=cn object_context=cn=users,dc= example, dc=com -- *With Warm Regards,K Satish Kumar* -- Want excitement? Manually upgrade your production database. When you want reliability, choose Perforce Perforce version control. Predictably reliable. http://pubads.g.doubleclick.net/gampad/clk?id=157508191iu=/4140/ostg.clktrk___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] Ldap Authentification and profile
Hi Helix, I have used the LDAP modules from 1.8, but that is also not working in the way I would expect. Best regards Stefanie -Ursprüngliche Nachricht- Von: ivan.ma...@gmail.com [mailto:ivan.ma...@gmail.com] Im Auftrag von helix84 Gesendet: Montag, 24. Februar 2014 11:48 An: Stefanie Behnke Cc: dspace-tech Betreff: Re: AW: [Dspace-tech] Ldap Authentification and profile Hi Stefanie, as you can see, I don't have a solution for you right now, sorry about that. But if either of the LDAP modules in 1.8 worked for you, you can still use it with DSpace 3 and 4 (along with its corresponding configuration file from 1.8). The auth modules API hasn't changed since at least 1.5. IIRC, the 1.8 modules didn't support mapping LDAP users into more than one group. Regards, ~~helix84 Compulsory reading: DSpace Mailing List Etiquette https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- Flow-based real-time traffic analytics software. Cisco certified tool. Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer Customize your own dashboards, set traffic alerts and generate reports. Network behavioral analysis security monitoring. All-in-one tool. http://pubads.g.doubleclick.net/gampad/clk?id=126839071iu=/4140/ostg.clktrk ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] Ldap Authentification and profile
On Fri, Feb 28, 2014 at 12:33 PM, Stefanie Behnke s.beh...@online.de wrote: I have used the LDAP modules from 1.8, but that is also not working in the way I would expect. Can you be more specific? The conversation is long and it's becoming hard to follow. Which one of the modules are you using and what would you expect that doesn't work? Regards, ~~helix84 Compulsory reading: DSpace Mailing List Etiquette https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- Flow-based real-time traffic analytics software. Cisco certified tool. Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer Customize your own dashboards, set traffic alerts and generate reports. Network behavioral analysis security monitoring. All-in-one tool. http://pubads.g.doubleclick.net/gampad/clk?id=126839071iu=/4140/ostg.clktrk ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] Ldap Authentification and profile
We use DSpace 3.1 and I started with that LDAP Package, then I used the version from Dspace 4.0 and then from 1.8. Then I tried 4.0 again with the change suggested in http://dspace.2283337.n4.nabble.com/DSpace-LDAP-authentication-problem-td4665853.html#a4668861 All with the same result: -- Login is possible -- the autoregistered eperson has none of the fields: email_field, surname_field, givenname_field, phone_field -- the eperson is concated from id_field and netid_email_domain even when the field email_field exists; I would expect that Dspace uses email_field as user for the eperson. If you have any further idea I can try I would be happy. Thanking you in advance Stefanie -Ursprüngliche Nachricht- Von: ivan.ma...@gmail.com [mailto:ivan.ma...@gmail.com] Im Auftrag von helix84 Gesendet: Freitag, 28. Februar 2014 12:37 An: Stefanie Behnke Cc: dspace-tech Betreff: Re: AW: [Dspace-tech] Ldap Authentification and profile On Fri, Feb 28, 2014 at 12:33 PM, Stefanie Behnke s.beh...@online.de wrote: I have used the LDAP modules from 1.8, but that is also not working in the way I would expect. Can you be more specific? The conversation is long and it's becoming hard to follow. Which one of the modules are you using and what would you expect that doesn't work? Regards, ~~helix84 Compulsory reading: DSpace Mailing List Etiquette https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- Flow-based real-time traffic analytics software. Cisco certified tool. Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer Customize your own dashboards, set traffic alerts and generate reports. Network behavioral analysis security monitoring. All-in-one tool. http://pubads.g.doubleclick.net/gampad/clk?id=126839071iu=/4140/ostg.clktrk ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] Ldap Authentification and profile
On Fri, Feb 28, 2014 at 3:23 PM, Stefanie Behnke s.beh...@online.de wrote: -- the autoregistered eperson has none of the fields: email_field, surname_field, givenname_field, phone_field Does the eperson have the right in LDAP to access their own attributes? Because DSpace will attempt to access them as the user (even if you set a search user who has the rights). -- the eperson is concated from id_field and netid_email_domain even when the field email_field exists; I would expect that Dspace uses email_field as user for the eperson. I don't think I can help you with this right now. This requires a bit larger rework of the assumptions in the DSpace auth system. You could try to do some code changes manually. The auth modules are the most self-contained pieces of code in DSpace (i.e. you don't need to edit outside the LDAPAuthentication.java file), so it's a good place to start playing with the code. Regards, ~~helix84 Compulsory reading: DSpace Mailing List Etiquette https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- Flow-based real-time traffic analytics software. Cisco certified tool. Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer Customize your own dashboards, set traffic alerts and generate reports. Network behavioral analysis security monitoring. All-in-one tool. http://pubads.g.doubleclick.net/gampad/clk?id=126839071iu=/4140/ostg.clktrk ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] Ldap Authentification and profile
Helix84, Thank you for your interest. I don't know if the eperson have rights to access their own attributes because the security server y administrated by other IT personnel in my Institution. I hope that the Dspace team development take this in account and revert the changes to Dspace 3.2 functionality, at least for LDAP validation. I am comfortable with Dspace 3.2 but it's important to maintain upgraded to last version. Regards, Ing. Oscar Sánchez G., MAE Profesional en TI Biblioteca José Figueres Ferrer Instituto Tecnológico de Costa Rica I Tel: 2550-2135 Fax: 2591-4820 F Apdo Postal: 159-7050 -Mensaje original- De: helix84 [mailto:heli...@centrum.sk] Enviado el: viernes, 28 de febrero de 2014 08:36 a.m. Para: Stefanie Behnke CC: dspace-tech Asunto: Re: [Dspace-tech] Ldap Authentification and profile On Fri, Feb 28, 2014 at 3:23 PM, Stefanie Behnke s.beh...@online.de wrote: -- the autoregistered eperson has none of the fields: email_field, surname_field, givenname_field, phone_field Does the eperson have the right in LDAP to access their own attributes? Because DSpace will attempt to access them as the user (even if you set a search user who has the rights). -- the eperson is concated from id_field and netid_email_domain even when the field email_field exists; I would expect that Dspace uses email_field as user for the eperson. I don't think I can help you with this right now. This requires a bit larger rework of the assumptions in the DSpace auth system. You could try to do some code changes manually. The auth modules are the most self-contained pieces of code in DSpace (i.e. you don't need to edit outside the LDAPAuthentication.java file), so it's a good place to start playing with the code. Regards, ~~helix84 Compulsory reading: DSpace Mailing List Etiquette https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- Flow-based real-time traffic analytics software. Cisco certified tool. Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer Customize your own dashboards, set traffic alerts and generate reports. Network behavioral analysis security monitoring. All-in-one tool. http://pubads.g.doubleclick.net/gampad/clk?id=126839071iu=/4140/ostg.clktrk ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- Flow-based real-time traffic analytics software. Cisco certified tool. Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer Customize your own dashboards, set traffic alerts and generate reports. Network behavioral analysis security monitoring. All-in-one tool. http://pubads.g.doubleclick.net/gampad/clk?id=126839071iu=/4140/ostg.clktrk ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] Ldap Authentification and profile
On Fri, Feb 28, 2014 at 4:02 PM, Oscar Sanchez Gomez osanc...@itcr.ac.cr wrote: I don't know if the eperson have rights to access their own attributes because the security server y administrated by other IT personnel in my Institution. You can check that using a tool like ldapsearch. Bind with your own DN and take a look which attributes are you able to see. Regards, ~~helix84 Compulsory reading: DSpace Mailing List Etiquette https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- Flow-based real-time traffic analytics software. Cisco certified tool. Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer Customize your own dashboards, set traffic alerts and generate reports. Network behavioral analysis security monitoring. All-in-one tool. http://pubads.g.doubleclick.net/gampad/clk?id=126839071iu=/4140/ostg.clktrk ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] Ldap Authentification and profile
Hi Stefanie, as you can see, I don't have a solution for you right now, sorry about that. But if either of the LDAP modules in 1.8 worked for you, you can still use it with DSpace 3 and 4 (along with its corresponding configuration file from 1.8). The auth modules API hasn't changed since at least 1.5. IIRC, the 1.8 modules didn't support mapping LDAP users into more than one group. Regards, ~~helix84 Compulsory reading: DSpace Mailing List Etiquette https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- Flow-based real-time traffic analytics software. Cisco certified tool. Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer Customize your own dashboards, set traffic alerts and generate reports. Network behavioral analysis security monitoring. All-in-one tool. http://pubads.g.doubleclick.net/gampad/clk?id=126839071iu=/4140/ostg.clktrk ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] Ldap Authentification and profile
Dear all, I have used the java file provided by Keir. The result is: When logging in first time with ldap authentication there is -- no name seen in the profile: only a blank (-- see attached image) -- no prefilled formfields, I would expect that they are filled with the values of the Ldap server -- the username is concatenated by the value entered for netid_email_domain, if this is commented out, the username is concatenated withnull Is that intended? Thanks and best regards Stefanie -Ursprüngliche Nachricht- Von: Keir Vaughan-Taylor [mailto:kei...@optusnet.com.au] Gesendet: Donnerstag, 20. Februar 2014 22:44 An: Stefanie Behnke Cc: heli...@centrum.sk; 'dspace-tech' Betreff: Re: AW: [Dspace-tech] Ldap Authentification and profile The screenshot doesn;t show a user role field, in which case just leave the config changes out. the code should pick up mail, given name and so on. the screenshot may have cut off the other fields On Thu, 2014-02-20 at 11:41 +0100, Stefanie Behnke wrote: can you please tell me what I should use for especially my case as values: position_field = usydPersonEntitlement groupMapping_field = staff:access,enrolled:access What should I use for “usydPersonEntitlement” and “staff:access,enrolled:access” Here is my ldap configuration: thanking you in advance Stefanie -Ursprüngliche Nachricht- Von: Keir Vaughan-Taylor [mailto:kei...@optusnet.com.au] Gesendet: Donnerstag, 20. Februar 2014 00:59 An: heli...@centrum.sk Cc: Stefanie Behnke; dspace-tech Betreff: Re: [Dspace-tech] Ldap Authentification and profile I've ranted in the past about the ldap Authentication code. There is in my view conflict in anonymous access and having priviledged or root LDAP access. Most people don't have that kind of access and it has to be challenge response. That is make an LDAP request as a user and supply a password and then get only the LDAP information for that user. Sort of a privacy thing. In the current version LDAP field contents is assigned in getDNOfUser and this is the wrong place. I don't think the code assigning attlist variables (LDAP attributes) ever gets executed even with rootly LDAP privileges. All the field collections should be done in the method/routine ldapAuthenticate as was the case in older versions of DSpace. I submitted some code to GIT but the code should be rejigged by someone that properly knows the ins and outs of DSpace java. I have a more recent version but it is really a a temporary thing for our site until DSpace fixes this. The current working java code we are using duplicates the field assignments in ldapAuthenticate and I didn't dare delete the duplicated code from getDNOfUser. Attached is the java code that fixes the problem but it is not esthetically pleasing containing duplicated code and breaks programming guidelines. It needs a DSpace code guru to streamline it. Hey it works! It require two lines in /dspace/config/modules/authentication-ldap.cfg to be added. One line defining the ldap field that contains a users role and one line that allocates the user to a group based on what the role is. (Helix didn't like this scheme but he will come round eventually) e.g. position_field = usydPersonEntitlement groupMapping_field = staff:access,enrolled:access On Wed, 2014-02-19 at 15:38 +0100, helix84 wrote: On Wed, Feb 19, 2014 at 3:22 PM, Stefanie Behnke s.beh...@online.de wrote: It does work so far, although I am not really happy. OK, now I'm a bit lost. Can you tell me again what your problem was before you set email_field = uid and what your problem is now? You're testing in JSPUI, right? Can you also always try the same thing in XMLUI? It should be the same, I just want to confirm it. Any chance to get the fields surname_field =sn, givenname_field =givenName, phone_field =telephoneNumber and mail? I've seen a situation where there was a null appended to the value of these fields but I'm not sure I've heard of a situation where they would be empty (it certainly works for me). If you bind with LDAP with the same user you're trying to log in to DSpace with, does that user see these attributes? My thinking here is that this might be a problem with your LDAP setup, not in DSpace. If this is the case, it might be worked around using the initial bind (with a user who has access to these attributes). Regards, ~~helix84 Compulsory reading: DSpace Mailing List Etiquette https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- Managing the Performance of Cloud-Based Applications Take advantage of what the Cloud has to offer - Avoid Common
Re: [Dspace-tech] Ldap Authentification and profile
On Thu, Feb 20, 2014 at 11:41 AM, Stefanie Behnke s.beh...@online.de wrote: can you please tell me what I should use for especially my case as values: position_field = usydPersonEntitlement groupMapping_field = staff:access,enrolled:access I don't think you need to use these config options at all. I see nothing in your LDAP record that could be used to tell group membership (well, there's gid, but that's your primary group which essentially doesn't tell us more than your username). This is optional. It's only for when you want to put your user into a DSpace group based on information stored in LDAP. I didn't look at Keir's code but it's probably safe to leave it commented out (it definitely is safe with the groupmap option in the DSpace code). Regards, ~~helix84 Compulsory reading: DSpace Mailing List Etiquette https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- Managing the Performance of Cloud-Based Applications Take advantage of what the Cloud has to offer - Avoid Common Pitfalls. Read the Whitepaper. http://pubads.g.doubleclick.net/gampad/clk?id=121054471iu=/4140/ostg.clktrk ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] Ldap Authentification and profile
The screenshot doesn;t show a user role field, in which case just leave the config changes out. the code should pick up mail, given name and so on. the screenshot may have cut off the other fields On Thu, 2014-02-20 at 11:41 +0100, Stefanie Behnke wrote: can you please tell me what I should use for especially my case as values: position_field = usydPersonEntitlement groupMapping_field = staff:access,enrolled:access What should I use for “usydPersonEntitlement” and “staff:access,enrolled:access” Here is my ldap configuration: thanking you in advance Stefanie -Ursprüngliche Nachricht- Von: Keir Vaughan-Taylor [mailto:kei...@optusnet.com.au] Gesendet: Donnerstag, 20. Februar 2014 00:59 An: heli...@centrum.sk Cc: Stefanie Behnke; dspace-tech Betreff: Re: [Dspace-tech] Ldap Authentification and profile I've ranted in the past about the ldap Authentication code. There is in my view conflict in anonymous access and having priviledged or root LDAP access. Most people don't have that kind of access and it has to be challenge response. That is make an LDAP request as a user and supply a password and then get only the LDAP information for that user. Sort of a privacy thing. In the current version LDAP field contents is assigned in getDNOfUser and this is the wrong place. I don't think the code assigning attlist variables (LDAP attributes) ever gets executed even with rootly LDAP privileges. All the field collections should be done in the method/routine ldapAuthenticate as was the case in older versions of DSpace. I submitted some code to GIT but the code should be rejigged by someone that properly knows the ins and outs of DSpace java. I have a more recent version but it is really a a temporary thing for our site until DSpace fixes this. The current working java code we are using duplicates the field assignments in ldapAuthenticate and I didn't dare delete the duplicated code from getDNOfUser. Attached is the java code that fixes the problem but it is not esthetically pleasing containing duplicated code and breaks programming guidelines. It needs a DSpace code guru to streamline it. Hey it works! It require two lines in /dspace/config/modules/authentication-ldap.cfg to be added. One line defining the ldap field that contains a users role and one line that allocates the user to a group based on what the role is. (Helix didn't like this scheme but he will come round eventually) e.g. position_field = usydPersonEntitlement groupMapping_field = staff:access,enrolled:access On Wed, 2014-02-19 at 15:38 +0100, helix84 wrote: On Wed, Feb 19, 2014 at 3:22 PM, Stefanie Behnke s.beh...@online.de wrote: It does work so far, although I am not really happy. OK, now I'm a bit lost. Can you tell me again what your problem was before you set email_field = uid and what your problem is now? You're testing in JSPUI, right? Can you also always try the same thing in XMLUI? It should be the same, I just want to confirm it. Any chance to get the fields surname_field =sn, givenname_field =givenName, phone_field =telephoneNumber and mail? I've seen a situation where there was a null appended to the value of these fields but I'm not sure I've heard of a situation where they would be empty (it certainly works for me). If you bind with LDAP with the same user you're trying to log in to DSpace with, does that user see these attributes? My thinking here is that this might be a problem with your LDAP setup, not in DSpace. If this is the case, it might be worked around using the initial bind (with a user who has access to these attributes). Regards, ~~helix84 Compulsory reading: DSpace Mailing List Etiquette https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- Managing the Performance of Cloud-Based Applications Take advantage of what the Cloud has to offer - Avoid Common Pitfalls. Read the Whitepaper. http://pubads.g.doubleclick.net/gampad/clk?id=121054471iu=/4140/ostg. clktrk ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- Managing the Performance of Cloud-Based Applications Take advantage of what the Cloud has to offer - Avoid Common Pitfalls. Read the Whitepaper. http://pubads.g.doubleclick.net/gampad/clk?id=121054471iu=/4140/ostg.clktrk ___ DSpace-tech mailing
Re: [Dspace-tech] Ldap Authentification and profile
Hello, I am wodering how you were able to connect with ldap with the current setting in your ldap config file (search level no defined and the DN for the search user is commented out) Kindly confirm the user you are using is indeed from ldap. Cheers! On 2/18/14, Stefanie Behnke s.beh...@online.de wrote: Dear helix84, I have now copied the file from https://raw2.github.com/DSpace/DSpace/dspace-4_x/dspace-api/src/main/java/org/dspace/authenticate/LDAPAuthentication.java into /usr/src/dspace-3.1-src-release/dspace-api/src/main/java/org/dspace/authenticate Then I rebuilt Maven: cd /usr/src/dspace-3.1-src-release/dspace/ mvn package updated ant: cd /usr/src/dspace-3.1-src-release/dspace/target/dspace-3.1-build ant update and restarted Tomcat. Logging in results in: where the data from the ldap server are not used. Here is the ldap view: and I have attached the authentication-ldap.cfg. What am I doing wrong? Where is the problem? Your help is very appreciated. Best regards Stefanie -Ursprüngliche Nachricht- Von: ivan.ma...@gmail.com [mailto:ivan.ma...@gmail.com] Im Auftrag von helix84 Gesendet: Montag, 10. Februar 2014 10:57 An: Stefanie Behnke Cc: dspace-tech Betreff: Re: [Dspace-tech] Ldap Authentification and profile Hi Stefanie, you can now just copy the file from here to your dspace-src: https://raw2.github.com/DSpace/DSpace/dspace-4_x/dspace-api/src/main/java/org/dspace/authenticate/LDAPAuthentication.java https://raw2.github.com/DSpace/DSpace/dspace-4_x/dspace-api/src/main/java/org/dspace/authenticate/LDAPAuthentication.java Then rebuild and redeploy DSpace as usual (follow the docs if you're in doubt). Regards, ~~helix84 Compulsory reading: DSpace Mailing List Etiquette https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- *Seun Ojedeji, Federal University Oye-Ekiti web: http://www.fuoye.edu.ng Mobile: +2348035233535 **alt email: http://goog_1872880453seun.ojed...@fuoye.edu.ng* -- Managing the Performance of Cloud-Based Applications Take advantage of what the Cloud has to offer - Avoid Common Pitfalls. Read the Whitepaper. http://pubads.g.doubleclick.net/gampad/clk?id=121054471iu=/4140/ostg.clktrk ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] Ldap Authentification and profile
Hello, I also tried other settings with search level and user, the same result. I can confirm that the user is from ldap. Best regards Stefanie -Ursprüngliche Nachricht- Von: Seun Ojedeji [mailto:seun.ojed...@gmail.com] Gesendet: Mittwoch, 19. Februar 2014 09:45 An: Stefanie Behnke Cc: heli...@centrum.sk; dspace-tech Betreff: Re: [Dspace-tech] Ldap Authentification and profile Hello, I am wodering how you were able to connect with ldap with the current setting in your ldap config file (search level no defined and the DN for the search user is commented out) Kindly confirm the user you are using is indeed from ldap. Cheers! On 2/18/14, Stefanie Behnke s.beh...@online.de wrote: Dear helix84, I have now copied the file from https://raw2.github.com/DSpace/DSpace/dspace-4_x/dspace-api/src/main/j ava/org/dspace/authenticate/LDAPAuthentication.java into /usr/src/dspace-3.1-src-release/dspace-api/src/main/java/org/dspace/au thenticate Then I rebuilt Maven: cd /usr/src/dspace-3.1-src-release/dspace/ mvn package updated ant: cd /usr/src/dspace-3.1-src-release/dspace/target/dspace-3.1-build ant update and restarted Tomcat. Logging in results in: where the data from the ldap server are not used. Here is the ldap view: and I have attached the authentication-ldap.cfg. What am I doing wrong? Where is the problem? Your help is very appreciated. Best regards Stefanie -Ursprüngliche Nachricht- Von: ivan.ma...@gmail.com [mailto:ivan.ma...@gmail.com] Im Auftrag von helix84 Gesendet: Montag, 10. Februar 2014 10:57 An: Stefanie Behnke Cc: dspace-tech Betreff: Re: [Dspace-tech] Ldap Authentification and profile Hi Stefanie, you can now just copy the file from here to your dspace-src: https://raw2.github.com/DSpace/DSpace/dspace-4_x/dspace-api/src/main/ java/org/dspace/authenticate/LDAPAuthentication.java https://raw2.github.com/DSpace/DSpace/dspace-4_x/dspace-api/src/main/j ava/org/dspace/authenticate/LDAPAuthentication.java Then rebuild and redeploy DSpace as usual (follow the docs if you're in doubt). Regards, ~~helix84 Compulsory reading: DSpace Mailing List Etiquette https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- *Seun Ojedeji, Federal University Oye-Ekiti web: http://www.fuoye.edu.ng Mobile: +2348035233535 **alt email: http://goog_1872880453seun.ojed...@fuoye.edu.ng* -- Managing the Performance of Cloud-Based Applications Take advantage of what the Cloud has to offer - Avoid Common Pitfalls. Read the Whitepaper. http://pubads.g.doubleclick.net/gampad/clk?id=121054471iu=/4140/ostg.clktrk ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] Ldap Authentification and profile
Hi Stefanie, I tried reproducing the problem with nulls but couldn't, neither with flat nor hierarchical LDAP. The only thing that I see potentially wrong with your config is that you set email_field = mail, while it needs to be email_field = uid. This is an unfortunate assumption of the DSpace authn system (login=email) that doesn't sit well with LDAP, but fixing it would be quite an extensive change, so try this workaround for now. The consequence is that your LDAP users won't have a valid email address in DSpace, so subscriptions won't work for them. Regards, ~~helix84 Compulsory reading: DSpace Mailing List Etiquette https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- Managing the Performance of Cloud-Based Applications Take advantage of what the Cloud has to offer - Avoid Common Pitfalls. Read the Whitepaper. http://pubads.g.doubleclick.net/gampad/clk?id=121054471iu=/4140/ostg.clktrk ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] Ldap Authentification and profile
Hi helix84, first thanks for your effort, I really appreciate it. It does work so far, although I am not really happy. Any chance to get the fields surname_field =sn, givenname_field =givenName, phone_field =telephoneNumber and mail? Thanks again Stefanie -Ursprüngliche Nachricht- Von: ivan.ma...@gmail.com [mailto:ivan.ma...@gmail.com] Im Auftrag von helix84 Gesendet: Mittwoch, 19. Februar 2014 13:41 An: Stefanie Behnke Cc: Seun Ojedeji; dspace-tech Betreff: Re: [Dspace-tech] Ldap Authentification and profile Hi Stefanie, I tried reproducing the problem with nulls but couldn't, neither with flat nor hierarchical LDAP. The only thing that I see potentially wrong with your config is that you set email_field = mail, while it needs to be email_field = uid. This is an unfortunate assumption of the DSpace authn system (login=email) that doesn't sit well with LDAP, but fixing it would be quite an extensive change, so try this workaround for now. The consequence is that your LDAP users won't have a valid email address in DSpace, so subscriptions won't work for them. Regards, ~~helix84 Compulsory reading: DSpace Mailing List Etiquette https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- Managing the Performance of Cloud-Based Applications Take advantage of what the Cloud has to offer - Avoid Common Pitfalls. Read the Whitepaper. http://pubads.g.doubleclick.net/gampad/clk?id=121054471iu=/4140/ostg.clktrk ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] Ldap Authentification and profile
On Wed, Feb 19, 2014 at 3:22 PM, Stefanie Behnke s.beh...@online.de wrote: It does work so far, although I am not really happy. OK, now I'm a bit lost. Can you tell me again what your problem was before you set email_field = uid and what your problem is now? You're testing in JSPUI, right? Can you also always try the same thing in XMLUI? It should be the same, I just want to confirm it. Any chance to get the fields surname_field =sn, givenname_field =givenName, phone_field =telephoneNumber and mail? I've seen a situation where there was a null appended to the value of these fields but I'm not sure I've heard of a situation where they would be empty (it certainly works for me). If you bind with LDAP with the same user you're trying to log in to DSpace with, does that user see these attributes? My thinking here is that this might be a problem with your LDAP setup, not in DSpace. If this is the case, it might be worked around using the initial bind (with a user who has access to these attributes). Regards, ~~helix84 Compulsory reading: DSpace Mailing List Etiquette https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- Managing the Performance of Cloud-Based Applications Take advantage of what the Cloud has to offer - Avoid Common Pitfalls. Read the Whitepaper. http://pubads.g.doubleclick.net/gampad/clk?id=121054471iu=/4140/ostg.clktrk ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] Ldap Authentification and profile
Hi All, I am using Windows Active Directory to validate user in Dspace versions 1.8, 3.1 and 3.2 and it works fine. I use a special bind user account to validate users in AD. When user is new it create, Dspace creates the account using the email so the user can receive alerts and notifications. I proof this in Dspace 4.0 and the results are different, if user is new the account in Dspace is created with the uid instead of email and the email was lost, so the user cannot receive alerts and notifications. The authenticate-ldap.conf file is the same for all installations. Is this a change direction in Dspace 4.0 to validate users using LDAP? I appreciate your help to solve this problem in Dspace 4.0 Cheers, Ing. Oscar Sánchez G., MAE Profesional en TI Biblioteca José Figueres Ferrer Instituto Tecnológico de Costa Rica I Tel: 2550-2135 Fax: 2591-4820 F Apdo Postal: 159-7050 -Mensaje original- De: helix84 [mailto:heli...@centrum.sk] Enviado el: miércoles, 19 de febrero de 2014 08:38 a.m. Para: Stefanie Behnke CC: dspace-tech Asunto: Re: [Dspace-tech] Ldap Authentification and profile On Wed, Feb 19, 2014 at 3:22 PM, Stefanie Behnke s.beh...@online.de wrote: It does work so far, although I am not really happy. OK, now I'm a bit lost. Can you tell me again what your problem was before you set email_field = uid and what your problem is now? You're testing in JSPUI, right? Can you also always try the same thing in XMLUI? It should be the same, I just want to confirm it. Any chance to get the fields surname_field =sn, givenname_field =givenName, phone_field =telephoneNumber and mail? I've seen a situation where there was a null appended to the value of these fields but I'm not sure I've heard of a situation where they would be empty (it certainly works for me). If you bind with LDAP with the same user you're trying to log in to DSpace with, does that user see these attributes? My thinking here is that this might be a problem with your LDAP setup, not in DSpace. If this is the case, it might be worked around using the initial bind (with a user who has access to these attributes). Regards, ~~helix84 Compulsory reading: DSpace Mailing List Etiquette https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- Managing the Performance of Cloud-Based Applications Take advantage of what the Cloud has to offer - Avoid Common Pitfalls. Read the Whitepaper. http://pubads.g.doubleclick.net/gampad/clk?id=121054471iu=/4140/ostg.clktrk ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- Managing the Performance of Cloud-Based Applications Take advantage of what the Cloud has to offer - Avoid Common Pitfalls. Read the Whitepaper. http://pubads.g.doubleclick.net/gampad/clk?id=121054471iu=/4140/ostg.clktrk ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] Ldap Authentification and profile
The difference between AD and other LDAP servers is that AD uses an email address format for username, while others usually don't. In DSpace, this is configured using netid_email_domain (e.g. @netid_email_domain = example.com) which is then appended to netid (so in this case email is not taken from an LDAP attribute) to form the email address that DSpace uses as username. It's quite difficult to test all the possible configurations. You fix one thing, some other configuration breaks... and if you can't test that configuration, it's a problem. Regards, ~~helix84 Compulsory reading: DSpace Mailing List Etiquette https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- Managing the Performance of Cloud-Based Applications Take advantage of what the Cloud has to offer - Avoid Common Pitfalls. Read the Whitepaper. http://pubads.g.doubleclick.net/gampad/clk?id=121054471iu=/4140/ostg.clktrk ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] Ldap Authentification and profile
On Thu, Feb 20, 2014 at 12:58 AM, Keir Vaughan-Taylor kei...@optusnet.com.au wrote: It require two lines in /dspace/config/modules/authentication-ldap.cfg to be added. One line defining the ldap field that contains a users role and one line that allocates the user to a group based on what the role is. (Helix didn't like this scheme but he will come round eventually) e.g. position_field = usydPersonEntitlement groupMapping_field = staff:access,enrolled:access Umm, I only wanted to reply to this one part right now. We already have mapping of groups specified by a LDAP attribute to DSpace groups since DSpace 4: https://github.com/DSpace/DSpace/blob/dspace-4_x/dspace/config/modules/authentication-ldap.cfg#L158 Sorry, it's late here now and I might be missing something, so correct me if your approach does something different. Regards, ~~helix84 Compulsory reading: DSpace Mailing List Etiquette https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- Managing the Performance of Cloud-Based Applications Take advantage of what the Cloud has to offer - Avoid Common Pitfalls. Read the Whitepaper. http://pubads.g.doubleclick.net/gampad/clk?id=121054471iu=/4140/ostg.clktrk ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] Ldap Authentification and profile
Hi I have the same problem, amongst others, for DSpace 3.2 on Ubuntu 12.04. See: http://wiki.lib.sun.ac.za/index.php/SUNScholar/Upgrading/DSpace/Release_Notes/3.2 Cheers hg *Hilton Gibson* Ubuntu Linux Systems Administrator JS Gericke Library Room 1025D Stellenbosch University Private Bag X5036 Stellenbosch 7599 South Africa Tel: +27 21 808 4100 | Cell: +27 84 646 4758 http://scholar.sun.ac.za http://bit.ly/goodir http://library.sun.ac.za http://za.linkedin.com/in/hiltongibson On 18 February 2014 18:30, Stefanie Behnke s.beh...@online.de wrote: Dear helix84, I have now copied the file from https://raw2.github.com/DSpace/DSpace/dspace-4_x/dspace-api/src/main/java/org/dspace/authenticate/LDAPAuthentication.java into /usr/src/dspace-3.1-src-release/dspace-api/src/main/java/org/dspace/authenticate Then I rebuilt Maven: cd /usr/src/dspace-3.1-src-release/dspace/ mvn package updated ant: cd /usr/src/dspace-3.1-src-release/dspace/target/dspace-3.1-build ant update and restarted Tomcat. Logging in results in: where the data from the ldap server are not used. Here is the ldap view: and I have attached the “authentication-ldap.cfg”. What am I doing wrong? Where is the problem? Your help is very appreciated. Best regards Stefanie -Ursprüngliche Nachricht- Von: ivan.ma...@gmail.com [mailto:ivan.ma...@gmail.com] Im Auftrag von helix84 Gesendet: Montag, 10. Februar 2014 10:57 An: Stefanie Behnke Cc: dspace-tech Betreff: Re: [Dspace-tech] Ldap Authentification and profile Hi Stefanie, you can now just copy the file from here to your dspace-src: https://raw2.github.com/DSpace/DSpace/dspace-4_x/dspace-api/src/main/java/org/dspace/authenticate/LDAPAuthentication.java Then rebuild and redeploy DSpace as usual (follow the docs if you're in doubt). Regards, ~~helix84 Compulsory reading: DSpace Mailing List Etiquette https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- Managing the Performance of Cloud-Based Applications Take advantage of what the Cloud has to offer - Avoid Common Pitfalls. Read the Whitepaper. http://pubads.g.doubleclick.net/gampad/clk?id=121054471iu=/4140/ostg.clktrk ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette inline: image001.pnginline: image002.png-- Managing the Performance of Cloud-Based Applications Take advantage of what the Cloud has to offer - Avoid Common Pitfalls. Read the Whitepaper. http://pubads.g.doubleclick.net/gampad/clk?id=121054471iu=/4140/ostg.clktrk___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] ldap authentication after upgrade 1.8 to 3.2
Hi Erik, what does your LDAP configuration look like? Which field do you use as the user identifier and do you use a suffix (@example.com)? Regards, ~~helix84 Compulsory reading: DSpace Mailing List Etiquette https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- Android apps run on BlackBerry 10 Introducing the new BlackBerry 10.2.1 Runtime for Android apps. Now with support for Jelly Bean, Bluetooth, Mapview and more. Get your Android app in front of a whole new audience. Start now. http://pubads.g.doubleclick.net/gampad/clk?id=124407151iu=/4140/ostg.clktrk ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
[Dspace-tech] ldap authentication after upgrade 1.8 to 3.2
Hello, I upgraded from 1.8.2 to 3.2. The ldap new user registration was not working properly after the upgrade. A new user could authenticate, and was registered, but the ldap attributes would not populate (sn,givenname,mail). Existing users were unaffected. I was not using ldap-hierarchical, and so the changes for ldap in the upgrade notes did not apply to me. I tried adding a search.user and search.password hoping it would then look up the attributes and got partial results, the mail attribute came through, but the sn and givenname still did not. I looked in dspace.log and there was no error, see below for log details. I then reverted to dspace 1.8.2 (with no ldap-hierarchical) and verified that the new users do correctly auto-register with their mail, sn, givenname attributes populated on the old codebase. Perhaps this is a bug introduced with the new combining of ldap-hierarchical and ldap authn methods. Thanks for any insight. Erik from version 3.2 dspace.log 2014-02-13 11:28:54,045 INFO org.dspace.authenticate.LDAPAuthentication @ anonymous:session_id=71264F4ADB19C9EC393AB4AD5D588B3D:ip_addr=153.90.170.8:auth:attempting trivial auth of user=h51 2014-02-13 11:28:54,097 INFO org.dspace.authenticate.LDAPAuthentication @ anonymous:session_id=71264F4ADB19C9EC393AB4AD5D588B3D:ip_addr=153.90.170.8:autoregister:netid=h51 2014-02-13 11:28:54,100 INFO org.dspace.eperson.EPerson @ anonymous:session_id=71264F4ADB19C9EC393AB4AD5D588B3D:ip_addr=153.90.170.8:create_eperson:eperson_id=69 2014-02-13 11:28:54,101 INFO org.dspace.eperson.EPerson @ anonymous:session_id=71264F4ADB19C9EC393AB4AD5D588B3D:ip_addr=153.90.170.8:update_eperson:eperson_id=69 2014-02-13 11:28:54,583 INFO org.dspace.eperson.EPersonConsumer @ anonymous:session_id=71264F4ADB19C9EC393AB4AD5D588B3D:ip_addr=153.90.170.8:registerion_alert:user=h51null 2014-02-13 11:28:54,584 INFO org.dspace.authenticate.LDAPAuthentication @ h51null:session_id=71264F4ADB19C9EC393AB4AD5D588B3D:ip_addr=153.90.170.8:authenticate:type=ldap-login, created ePerson 2014-02-13 11:28:54,584 INFO org.dspace.app.xmlui.utils.AuthenticationUtil @ h51null:session_id=71264F4ADB19C9EC393AB4AD5D588B3D:ip_addr=153.90.170.8:login:type=explicit 2014-02-13 11:28:54,670 INFO org.dspace.app.xmlui.aspect.artifactbrowser.CommunityBrowser @ h51null:session_id=71264F4ADB19C9EC393AB4AD5D588B3D:ip_addr=153.90.170.8:view_community_list: -- Android apps run on BlackBerry 10 Introducing the new BlackBerry 10.2.1 Runtime for Android apps. Now with support for Jelly Bean, Bluetooth, Mapview and more. Get your Android app in front of a whole new audience. Start now. http://pubads.g.doubleclick.net/gampad/clk?id=124407151iu=/4140/ostg.clktrk ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] ldap authentication after upgrade 1.8 to 3.2
Hi Erik I also had problems during an upgrade from 1.8.2 to 3.2 and have documented fixes here: http://wiki.lib.sun.ac.za/index.php/SUNScholar/Upgrading/DSpace/Release_Notes/3.2 One of them was LDAP authentication. Regards *Hilton Gibson* Ubuntu Linux Systems Administrator JS Gericke Library Room 1025D Stellenbosch University Private Bag X5036 Stellenbosch 7599 South Africa Tel: +27 21 808 4100 | Cell: +27 84 646 4758 http://scholar.sun.ac.za http://bit.ly/goodir http://library.sun.ac.za http://za.linkedin.com/in/hiltongibson On 14 February 2014 01:16, Erik Guss eg...@auth.lib.montana.edu wrote: Hello, I upgraded from 1.8.2 to 3.2. The ldap new user registration was not working properly after the upgrade. A new user could authenticate, and was registered, but the ldap attributes would not populate (sn,givenname,mail). Existing users were unaffected. I was not using ldap-hierarchical, and so the changes for ldap in the upgrade notes did not apply to me. I tried adding a search.user and search.password hoping it would then look up the attributes and got partial results, the mail attribute came through, but the sn and givenname still did not. I looked in dspace.log and there was no error, see below for log details. I then reverted to dspace 1.8.2 (with no ldap-hierarchical) and verified that the new users do correctly auto-register with their mail, sn, givenname attributes populated on the old codebase. Perhaps this is a bug introduced with the new combining of ldap-hierarchical and ldap authn methods. Thanks for any insight. Erik from version 3.2 dspace.log 2014-02-13 11:28:54,045 INFO org.dspace.authenticate.LDAPAuthentication @ anonymous:session_id=71264F4ADB19C9EC393AB4AD5D588B3D:ip_addr=153.90.170.8:auth:attempting trivial auth of user=h51 2014-02-13 11:28:54,097 INFO org.dspace.authenticate.LDAPAuthentication @ anonymous:session_id=71264F4ADB19C9EC393AB4AD5D588B3D:ip_addr=153.90.170.8: autoregister:netid=h51 2014-02-13 11:28:54,100 INFO org.dspace.eperson.EPerson @ anonymous:session_id=71264F4ADB19C9EC393AB4AD5D588B3D:ip_addr=153.90.170.8: create_eperson:eperson_id=69 2014-02-13 11:28:54,101 INFO org.dspace.eperson.EPerson @ anonymous:session_id=71264F4ADB19C9EC393AB4AD5D588B3D:ip_addr=153.90.170.8: update_eperson:eperson_id=69 2014-02-13 11:28:54,583 INFO org.dspace.eperson.EPersonConsumer @ anonymous:session_id=71264F4ADB19C9EC393AB4AD5D588B3D:ip_addr=153.90.170.8: registerion_alert:user=h51null 2014-02-13 11:28:54,584 INFO org.dspace.authenticate.LDAPAuthentication @ h51null:session_id=71264F4ADB19C9EC393AB4AD5D588B3D:ip_addr=153.90.170.8:authenticate:type=ldap-login, created ePerson 2014-02-13 11:28:54,584 INFO org.dspace.app.xmlui.utils.AuthenticationUtil @ h51null:session_id=71264F4ADB19C9EC393AB4AD5D588B3D:ip_addr=153.90.170.8: login:type=explicit 2014-02-13 11:28:54,670 INFO org.dspace.app.xmlui.aspect.artifactbrowser.CommunityBrowser @ h51null:session_id=71264F4ADB19C9EC393AB4AD5D588B3D:ip_addr=153.90.170.8: view_community_list: -- Android apps run on BlackBerry 10 Introducing the new BlackBerry 10.2.1 Runtime for Android apps. Now with support for Jelly Bean, Bluetooth, Mapview and more. Get your Android app in front of a whole new audience. Start now. http://pubads.g.doubleclick.net/gampad/clk?id=124407151iu=/4140/ostg.clktrk ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- Android apps run on BlackBerry 10 Introducing the new BlackBerry 10.2.1 Runtime for Android apps. Now with support for Jelly Bean, Bluetooth, Mapview and more. Get your Android app in front of a whole new audience. Start now. http://pubads.g.doubleclick.net/gampad/clk?id=124407151iu=/4140/ostg.clktrk___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] Ldap Authentification and profile
Dear Helix, thanks for your answer. I can change the file dspace-api/src/main/java/org/dspace/authenticate/LDAPAuthentication.java but what are the steps I should do then? Thanking you in advance Stefanie -Ursprüngliche Nachricht- Von: ivan.ma...@gmail.com [mailto:ivan.ma...@gmail.com] Im Auftrag von helix84 Gesendet: Dienstag, 26. November 2013 17:02 An: Stefanie Behnke Cc: dspace-tech Betreff: Re: [Dspace-tech] Ldap Authentification and profile Hi Stefanie, yes, I submitted the fix in this Pull request: https://github.com/DSpace/DSpace/pull/366/files It is meant to be merged for DSpace 4.0, but it seems nobody else reviewed it yet. If you want to to try it, it would help if you can report back that it worked, either in GitHub or in Jira: https://jira.duraspace.org/browse/DS-1739 Let me know if you don't know how to apply the patch. Regards, ~~helix84 Compulsory reading: DSpace Mailing List Etiquette https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- Managing the Performance of Cloud-Based Applications Take advantage of what the Cloud has to offer - Avoid Common Pitfalls. Read the Whitepaper. http://pubads.g.doubleclick.net/gampad/clk?id=121051231iu=/4140/ostg.clktrk ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] Ldap Authentification and profile
Hi Stefanie, you can now just copy the file from here to your dspace-src: https://raw2.github.com/DSpace/DSpace/dspace-4_x/dspace-api/src/main/java/org/dspace/authenticate/LDAPAuthentication.java Then rebuild and redeploy DSpace as usual (follow the docs if you're in doubt). Regards, ~~helix84 Compulsory reading: DSpace Mailing List Etiquette https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- Managing the Performance of Cloud-Based Applications Take advantage of what the Cloud has to offer - Avoid Common Pitfalls. Read the Whitepaper. http://pubads.g.doubleclick.net/gampad/clk?id=121051231iu=/4140/ostg.clktrk ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
[Dspace-tech] LDAP authentication in Dspace 4.0
Hi all, Before Dspace 4.0, the LDAP authentication recognize the email account from the security server and use it as Dspace userid for persons. In Dspace 4.0 the LDAP authentication process create a new account with the id_field (sAMAccountName in Active Directory) in place of the email_field used by Dspace 3.2 and before. I want to use a unified method to register eperson with the email account as userid for password or LDAP authentication process. Can any help me, please? Regards, Ing. Oscar Sánchez G., MAE Profesional en TI Biblioteca José Figueres Ferrer Instituto Tecnológico de Costa Rica * Tel: 2550-2135 7 Fax: 2591-4820 * Apdo Postal: 159-7050 -- WatchGuard Dimension instantly turns raw network data into actionable security intelligence. It gives you real-time visual feedback on key security issues and trends. Skip the complicated setup - simply import a virtual appliance and go from zero to informed in seconds. http://pubads.g.doubleclick.net/gampad/clk?id=123612991iu=/4140/ostg.clktrk___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] Ldap Authentification and profile
Hi Stefanie, yes, I submitted the fix in this Pull request: https://github.com/DSpace/DSpace/pull/366/files It is meant to be merged for DSpace 4.0, but it seems nobody else reviewed it yet. If you want to to try it, it would help if you can report back that it worked, either in GitHub or in Jira: https://jira.duraspace.org/browse/DS-1739 Let me know if you don't know how to apply the patch. Regards, ~~helix84 Compulsory reading: DSpace Mailing List Etiquette https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- Rapidly troubleshoot problems before they affect your business. Most IT organizations don't have a clear picture of how application performance affects their revenue. With AppDynamics, you get 100% visibility into your Java,.NET, PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro! http://pubads.g.doubleclick.net/gampad/clk?id=84349351iu=/4140/ostg.clktrk ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] Ldap Authentification and profile
Hi Stefanie, I'm sorry about that, it's a known bug. I'll try to make a fix later this week. For now, you can use the LDAPAuthentication or LDAPHierarchicalAuthentication class from DSpace 1.8 (along with authentication-ldap.cfg from 1.8). Regards, ~~helix84 Compulsory reading: DSpace Mailing List Etiquette https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register http://pubads.g.doubleclick.net/gampad/clk?id=60135991iu=/4140/ostg.clktrk ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
[Dspace-tech] Ldap Authentification and profile
Dear all, I have successfully logged in using the ldap authentification, but when I call „My DSpace“ all form fields are empty and there is no email field: I am using DSpace 3.1 and the jspui interface. Attached is the authentication-ldap.cfg file and the screenshot of the ldap entry. What is wrong? Thanking you in advance Stefanie image001.png authentication-ldap.cfg Description: Binary data attachment: ldap_screenshot.PNG-- October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register http://pubads.g.doubleclick.net/gampad/clk?id=60135031iu=/4140/ostg.clktrk___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] LDAP auto-registration -- what am I missing?
Hi You might find the information in my blog helpful http://dspacebromley.blogspot.co.uk/2009/04/dspace-installation-procedure-on-centos.html Bear in mind it refers to an older version of DSpace so some of the LDAP settings e.g. special groups have changed Good luck Clive Message: 1 Date: Sun, 15 Sep 2013 23:14:29 +0200 From: helix84 heli...@centrum.sk Subject: Re: [Dspace-tech] LDAP auto-registration -- what am I missing? To: Andrew Reid andrew.r...@nist.gov Cc: dspace-tech dspace-tech@lists.sourceforge.net Message-ID: CAGdvKqjOx8oz95Zdi_duY90W909+kkDKGcVfUj+CnLG= 2j_...@mail.gmail.com Content-Type: text/plain; charset=UTF-8 On Fri, Sep 13, 2013 at 9:56 PM, Andrew Reid andrew.r...@nist.gov wrote: The fact that the authentication succeeds makes me think I'm not too far off. I don't think I've typo'd any of the field names on either side. Is there some subtlety in the permissions that I'm missing? Does this work for other people? Hi Andrew, yes, that sounds like a permissions problem on the side of your LDAP server. I'd say that once your user successfully authenticates, he's not allowed to read his own attributes (name, surname, ...) and thus DSpace stores null. Do try to log in using some LDAP client (e.g. ldapsearch or a GUI client like Apache Directory Studio) using the same user's credentials and see if you can read the values of his attributes. I'm not doing heirarchical authentication, should I be? If you can verify that the problem is what I say it is, you can fix it on the LDAP server side by giving all users permission to read their attributes (at least those that DSpace needs). While you could have one special LDAP account that has read permissions to all the other accounts and use it to retrieve the attribute values, this is not how the code in DSpace currently works. Even if you enable hierarchical auth (which you otherwise don't need - because the authentication itself works for you), DSpace will still use the actual user's account to retrieve its attributes, not the search.user account. Regards, ~~helix84 Compulsory reading: DSpace Mailing List Etiquette https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- LIMITED TIME SALE - Full Year of Microsoft Training For Just $49.99! 1,500+ hours of tutorials including VisualStudio 2012, Windows 8, SharePoint 2013, SQL 2012, MVC 4, more. BEST VALUE: New Multi-Library Power Pack includes Mobile, Cloud, Java, and UX Design. Lowest price ever! Ends 9/20/13. http://pubads.g.doubleclick.net/gampad/clk?id=58041151iu=/4140/ostg.clktrk___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] LDAP auto-registration -- what am I missing?
Hi again -- This appears to be working now -- I needed to set search.anonymous to true and search_scope to 2 in the authentcation-ldap.cfg file, and then it smartened right up. Thanks for the clues. I'm not actually sure I want to go with anonymous searchability, for other reasons, but now I have a working fall-back, and can start tightening up the controls. From: Clive Gould cli...@gmail.com Sent: Monday, September 16, 2013 5:36 AM To: dspace-tech@lists.sourceforge.net Tech; Reid, Andrew C.E. Subject: Re: [Dspace-tech] LDAP auto-registration -- what am I missing? Hi You might find the information in my blog helpful http://dspacebromley.blogspot.co.uk/2009/04/dspace-installation-procedure-on-centos.html Bear in mind it refers to an older version of DSpace so some of the LDAP settings e.g. special groups have changed Good luck Clive Message: 1 Date: Sun, 15 Sep 2013 23:14:29 +0200 From: helix84 heli...@centrum.skmailto:heli...@centrum.sk Subject: Re: [Dspace-tech] LDAP auto-registration -- what am I missing? To: Andrew Reid andrew.r...@nist.govmailto:andrew.r...@nist.gov Cc: dspace-tech dspace-tech@lists.sourceforge.netmailto:dspace-tech@lists.sourceforge.net Message-ID: CAGdvKqjOx8oz95Zdi_duY90W909+kkDKGcVfUj+CnLG=2j_...@mail.gmail.commailto:2j_...@mail.gmail.com Content-Type: text/plain; charset=UTF-8 On Fri, Sep 13, 2013 at 9:56 PM, Andrew Reid andrew.r...@nist.govmailto:andrew.r...@nist.gov wrote: The fact that the authentication succeeds makes me think I'm not too far off. I don't think I've typo'd any of the field names on either side. Is there some subtlety in the permissions that I'm missing? Does this work for other people? Hi Andrew, yes, that sounds like a permissions problem on the side of your LDAP server. I'd say that once your user successfully authenticates, he's not allowed to read his own attributes (name, surname, ...) and thus DSpace stores null. Do try to log in using some LDAP client (e.g. ldapsearch or a GUI client like Apache Directory Studio) using the same user's credentials and see if you can read the values of his attributes. I'm not doing heirarchical authentication, should I be? If you can verify that the problem is what I say it is, you can fix it on the LDAP server side by giving all users permission to read their attributes (at least those that DSpace needs). While you could have one special LDAP account that has read permissions to all the other accounts and use it to retrieve the attribute values, this is not how the code in DSpace currently works. Even if you enable hierarchical auth (which you otherwise don't need - because the authentication itself works for you), DSpace will still use the actual user's account to retrieve its attributes, not the search.user account. Regards, ~~helix84 Compulsory reading: DSpace Mailing List Etiquette https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- LIMITED TIME SALE - Full Year of Microsoft Training For Just $49.99! 1,500+ hours of tutorials including VisualStudio 2012, Windows 8, SharePoint 2013, SQL 2012, MVC 4, more. BEST VALUE: New Multi-Library Power Pack includes Mobile, Cloud, Java, and UX Design. Lowest price ever! Ends 9/20/13. http://pubads.g.doubleclick.net/gampad/clk?id=58041151iu=/4140/ostg.clktrk___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] LDAP auto-registration -- what am I missing?
On Fri, Sep 13, 2013 at 9:56 PM, Andrew Reid andrew.r...@nist.gov wrote: The fact that the authentication succeeds makes me think I'm not too far off. I don't think I've typo'd any of the field names on either side. Is there some subtlety in the permissions that I'm missing? Does this work for other people? Hi Andrew, yes, that sounds like a permissions problem on the side of your LDAP server. I'd say that once your user successfully authenticates, he's not allowed to read his own attributes (name, surname, ...) and thus DSpace stores null. Do try to log in using some LDAP client (e.g. ldapsearch or a GUI client like Apache Directory Studio) using the same user's credentials and see if you can read the values of his attributes. I'm not doing heirarchical authentication, should I be? If you can verify that the problem is what I say it is, you can fix it on the LDAP server side by giving all users permission to read their attributes (at least those that DSpace needs). While you could have one special LDAP account that has read permissions to all the other accounts and use it to retrieve the attribute values, this is not how the code in DSpace currently works. Even if you enable hierarchical auth (which you otherwise don't need - because the authentication itself works for you), DSpace will still use the actual user's account to retrieve its attributes, not the search.user account. Regards, ~~helix84 Compulsory reading: DSpace Mailing List Etiquette https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- LIMITED TIME SALE - Full Year of Microsoft Training For Just $49.99! 1,500+ hours of tutorials including VisualStudio 2012, Windows 8, SharePoint 2013, SQL 2012, MVC 4, more. BEST VALUE: New Multi-Library Power Pack includes Mobile, Cloud, Java, and UX Design. Lowest price ever! Ends 9/22/13. http://pubads.g.doubleclick.net/gampad/clk?id=64545871iu=/4140/ostg.clktrk ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
[Dspace-tech] LDAP auto-registration -- what am I missing?
Hi again all -- I am having some difficulties with auto-registration of LDAP authenticated users. When I first sign in as a user who exists only in LDAP, most of the profile entries are wrong, and I can't figure out why. I thought it was probably permissions, but I have gotten to the point where everything in the LDAP is at least readable by everyone, and it's still failing. One issue is, I can't seem to find any error messages -- I'm new to tomcat and Java generally, so pointers to docs on more verbose logging would be welcome. What I have done is, first set up a DSpace admin user via the regular password mechanism. The plan was then to create a new LDAP user, add it to the admin group, and then turn off password authentication. That actually all works fine, that's independent of the profile issue. Here is an example -- this is all on a VM with local mail transport, it's DSpace 3.2, and CentOS 6.4, and I am using the xmlui interface via mod_jk from Apache 2.2, with a local LDAP service, over https. In LDAP, I have an accounts OU, and there's a user whose LDIF looks like this: dn: uid=dadmin,ou=accounts,dc=rest-of-domain objectClass: inetOrgPerson cn: New Guy sn: Guy givenName: New uid: dadmin userPassword:: e1NTSEF9OUxqZ2ozUU9VNjZtaU9JTkJoSTlqZjlzVHVYM2hJTjg= mail: dadmin@localhost description: Dspace experiment Initially, this user is not present as a DSpace E-Person, until I log in via the LDAP. I successfully authenticate as dadmin, and then the original admin user gets this e-mail: A new user has registered on Example DSpace at URL: Name: null null Email: dadminnull Date: 9/13/13 2:15 PM So, apparently autoregistration is happening, but it's not seeing the right info. The authentication-ldap.cfg file's non-comment entries are these: enable = true autoregister = true provider_url = ldap://localhost/ id_field = uid object_context = ou=accounts,dc=rest-of-domain search_context = ou=accounts,dc=rest-of-domain email_field = mail surname_field = sn givenname_field = givenName The fact that the authentication succeeds makes me think I'm not too far off. I don't think I've typo'd any of the field names on either side. Is there some subtlety in the permissions that I'm missing? Does this work for other people? I'm not doing heirarchical authentication, should I be? I have set xmlui.user.registration=false and xmlui.user.editmetadata=false in dspace.cfg, but these do not appear to affect the auto-registration, only later edits. Any extra clues would be appreciated. -- A. -- Dr. Andrew C. E. Reid Physical Scientist, Computer Operations Administrator Center for Theoretical and Computational Materials Science National Institute of Standards and Technology, Mail Stop 8555 Gaithersburg MD 20899 USA andrew.r...@nist.gov -- How ServiceNow helps IT people transform IT departments: 1. Consolidate legacy IT systems to a single system of record for IT 2. Standardize and globalize service processes across IT 3. Implement zero-touch automation to replace manual, redundant tasks http://pubads.g.doubleclick.net/gampad/clk?id=5127iu=/4140/ostg.clktrk ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] LDAP config - DS-1576?
Sorry for the late reply. After investigating what I found was I had not given the a policy to each group for the submitter All is working! Moving forward rapidly! David Schuster Texas Woman's University Director of Library Information Technology Technical Support PO Box 425528 Denton TX 76204-5528 Phone: 940-898-3909 Fax: 940-898-3764 dschus...@twu.edu -Original Message- From: ivan.ma...@gmail.com [mailto:ivan.ma...@gmail.com] On Behalf Of helix84 Sent: Wednesday, August 28, 2013 2:57 AM To: Schuster, David Subject: Re: [Dspace-tech] LDAP config - DS-1576? On Wed, Aug 28, 2013 at 12:08 AM, Schuster, David dschus...@mail.twu.edu wrote: I am running dspace 3.2 and have LDAP running, but when I assigned a group of submitter in LDAP and have a group for that with all of the collections in it as people log in they are not assigned to anything. * Is this using login.specialgroup (this should work) or using login.groupmap.*? As I wrote before, it seems only login.groupmap.1 works, the rest is broken. * Just to make sure, are you aware that LDAP group membership is transient, not recorded anywhere in DSpace and has to be checked via user profile? * Where is your group membership stored in LDAP? login.groupmap.* takes it from DN (e.g. uid=dschuster,dn=STAFF,dn=twu,dn=edu). It can be also stored in attribute - DSpace currently doesn't support that, but I'd like to implement it for DSpace 4.0 because we just switched to this locally. I also tried a particular collection and it didn't assign the new person into it either. Does that make sense? I would love to test anything you can throw at me! There is a catch there with collection rights, are you aware of this? https://wiki.duraspace.org/display/DSPACE/TechnicalFaq#TechnicalFaq-Ichangedaccessrestrictionsonacollection,butrestrictionsdidn'tchangeonitsitems Regards, ~~helix84 -- Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft technologies and advance your career. Get an incredible 1,500+ hours of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! http://pubads.g.doubleclick.net/gampad/clk?id=58040911iu=/4140/ostg.clktrk ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
[Dspace-tech] LDAP config - DS-1576?
Does this fix the problem where LDAP doesn't automatically assign people to a group as instructed in the authentication-LDAP configuration file? David Schuster Texas Woman's University Director of Library Information Technology Technical Support PO Box 425528 Denton TX 76204-5528 Phone: 940-898-3909 Fax: 940-898-3764 dschus...@twu.edu -- Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft technologies and advance your career. Get an incredible 1,500+ hours of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! http://pubads.g.doubleclick.net/gampad/clk?id=58040911iu=/4140/ostg.clktrk___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] LDAP config - DS-1576?
On Tue, Aug 27, 2013 at 11:17 PM, Schuster, David dschus...@mail.twu.edu wrote: Does this fix the problem where LDAP doesn’t automatically assign people to a group as instructed in the authentication-LDAP configuration file? No, DS-1576 fixes a problem where the right configuration property to enable ldap wouldn't be read. To figure out which problem you're talking about I need to know your DSpace version. Assigining all LDAP users to a single group has always worked, AFAIK (the login.specialgroup option). There was new functionality added in 3.0 that allows multiple groups based on part of DN (see [1]), but this was reported broken - only the first mapped group would be used. I don't see a ticket for it yet, but see [2]. I'd like to fix this in time for DSpace 4.0. [1] https://jira.duraspace.org/browse/DS-1078 [2] http://dspace.2283337.n4.nabble.com/LDAP-and-Special-Groups-Code-td4666099.html Regards, ~~helix84 Compulsory reading: DSpace Mailing List Etiquette https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft technologies and advance your career. Get an incredible 1,500+ hours of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! http://pubads.g.doubleclick.net/gampad/clk?id=58040911iu=/4140/ostg.clktrk ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] LDAP config - DS-1576?
I am running dspace 3.2 and have LDAP running, but when I assigned a group of submitter in LDAP and have a group for that with all of the collections in it as people log in they are not assigned to anything. I also tried a particular collection and it didn't assign the new person into it either. Does that make sense? I would love to test anything you can throw at me! David Schuster Texas Woman's University Director of Library Information Technology Technical Support PO Box 425528 Denton TX 76204-5528 Phone: 940-898-3909 Fax: 940-898-3764 dschus...@twu.edu -Original Message- From: ivan.ma...@gmail.com [mailto:ivan.ma...@gmail.com] On Behalf Of helix84 Sent: Tuesday, August 27, 2013 4:32 PM To: Schuster, David Cc: dspace-tech@lists.sourceforge.net Subject: Re: [Dspace-tech] LDAP config - DS-1576? On Tue, Aug 27, 2013 at 11:17 PM, Schuster, David dschus...@mail.twu.edu wrote: Does this fix the problem where LDAP doesn’t automatically assign people to a group as instructed in the authentication-LDAP configuration file? No, DS-1576 fixes a problem where the right configuration property to enable ldap wouldn't be read. To figure out which problem you're talking about I need to know your DSpace version. Assigining all LDAP users to a single group has always worked, AFAIK (the login.specialgroup option). There was new functionality added in 3.0 that allows multiple groups based on part of DN (see [1]), but this was reported broken - only the first mapped group would be used. I don't see a ticket for it yet, but see [2]. I'd like to fix this in time for DSpace 4.0. [1] https://jira.duraspace.org/browse/DS-1078 [2] http://dspace.2283337.n4.nabble.com/LDAP-and-Special-Groups-Code-td4666099.html Regards, ~~helix84 Compulsory reading: DSpace Mailing List Etiquette https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft technologies and advance your career. Get an incredible 1,500+ hours of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! http://pubads.g.doubleclick.net/gampad/clk?id=58040911iu=/4140/ostg.clktrk ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] Ldap 3.2 working except groups
Hi David I'm pretty sure the special groups code is broken. It was definitely broken in 3.0 and I can't get it to work using the corrected code copied from 3.2 Clive Message: 1 Date: Thu, 15 Aug 2013 22:27:03 + From: Schuster, David dschus...@mail.twu.edu Subject: [Dspace-tech] Ldap 3.2 working except groups To: dspace-tech@lists.sourceforge.net dspace-tech@lists.sourceforge.net Message-ID: 03b6b3e1-bbd6-43ed-a7e3-68bdcef38...@twu.edu Content-Type: text/plain; charset=us-ascii I have LDAP working now and it creates the accounts but is not putting the user in the group I have defined in the authenticate-ldap.cfg. Anyone else see that? -- Get 100% visibility into Java/.NET code with AppDynamics Lite! It's a free troubleshooting tool designed for production. Get down to code-level detail for bottlenecks, with 2% overhead. Download for free and get started troubleshooting in minutes. http://pubads.g.doubleclick.net/gampad/clk?id=48897031iu=/4140/ostg.clktrk___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
[Dspace-tech] Ldap 3.2 working except groups
I have LDAP working now and it creates the accounts but is not putting the user in the group I have defined in the authenticate-ldap.cfg. Anyone else see that? -- Get 100% visibility into Java/.NET code with AppDynamics Lite! It's a free troubleshooting tool designed for production. Get down to code-level detail for bottlenecks, with 2% overhead. Download for free and get started troubleshooting in minutes. http://pubads.g.doubleclick.net/gampad/clk?id=48897031iu=/4140/ostg.clktrk ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] LDAP and Special Groups Code
Hi everyone I'm beginning to suspect the LDAP Special Groups code in DSpace 3.0 is broken Please see the scenarios below, which are excerpts from /home/dspace/config/modules/authentication-ldap.cfg Scenario 1 login.groupmap.1 = OU=StaffUsers:all-staff login.groupmap.2 = OU=StudentUsers:all-students In practice newly authenticated new staff are added to the all-staff, all-authenticated and anonymous groups. Newly authenticated students only belong to the anonymous group Scenario 2 # Added By Clive Gould on 31/07/13 to allow for special groups # login.groupmap.1 = OU=StaffUsers:all-staff # login.groupmap.2 = OU=StudentUsers:all-students login.groupmap.1 = OU=StudentUsers:all-students In practice newly authenticated students are added to the all-students, all-authenticated and anonymous groups. Newly authenticated staff only belong to the anonymous group Scenario 3 # login.groupmap.1 = OU=StaffUsers:all-staff # login.groupmap.2 = OU=StudentUsers:all-students login.groupmap.1 = OU=StudentUsers:all-students login.groupmap.2 = OU=StaffUsers:all-staff Newly authenticated students are added to the all-students, all-authenticated and anonymous groups. Newly authenticated staff only belong to the anonymous group Conclusion It looks horribly as if only the first line login.groupmap.1 is being processed. login.groupmap.2 seems to be ignored Note: If a member of staff or student has logged in and registered once their membership of the special groups appears to be persistent through multiple logins I'm not a Java programmer and haven't time try to understand and debug the code myself. Has anyone actually got this special groups code to work properly or is this a bug that needs fixing? Any ideas anyone? Clive On Tue, Aug 6, 2013 at 10:11 AM, helix84 heli...@centrum.sk wrote: Neither login.specialgroup nor login.groupmap are applied to student, but it is to staff? I'm as baffled as you are. Are you modifying the right config file, i.e. [dspace]/config/modules/authentication-ldap.cfg (maybe you accidentally edited the one in [dspace-source])? Other than that, try sprinkling more log.debug calls around to see which branches of code are executed. Basically you want to check the values that drive the decisions in any relevant if statements. Regards, ~~helix84 Compulsory reading: DSpace Mailing List Etiquette https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- Get 100% visibility into Java/.NET code with AppDynamics Lite! It's a free troubleshooting tool designed for production. Get down to code-level detail for bottlenecks, with 2% overhead. Download for free and get started troubleshooting in minutes. http://pubads.g.doubleclick.net/gampad/clk?id=48897031iu=/4140/ostg.clktrk___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] LDAP and Special Groups Code
Hi everyone I'm not a programmer as I said before but have just been scanning over the source code in LDAPAuthentication.java My concern is with the following lines Before we go into the while loop int i = 1; String groupMap = ConfigurationManager.getProperty(authentication-ldap, login.groupmap. + i); By my understanding this should read the first line login.groupmap.1 Before the end of the while loop to move onto any login.groupmap.2 and login.groupmap.3 etc groupMap = ConfigurationManager.getProperty(ldap.login.groupmap. + ++i); It looks to me as if the last line should read groupMap = ConfigurationManager.getProperty(login.groupmap. + ++i); Have I found a bug or is this just down to the fact I don't understand the code?? Any thoughts most welcome Clive The complete excerpt from /home/dspace/dspace-3.0-src-release/dspace-api/src/main/java/org/dspace/authenticate/LDAPAuthentication.java is shown below: System.out.println(dn: + dn); int i = 1; String groupMap = ConfigurationManager.getProperty(authentication-ldap, login.groupmap. + i); while (groupMap != null) { String t[] = groupMap.split(:); String ldapSearchString = t[0]; String dspaceGroupName = t[1]; if (StringUtils.containsIgnoreCase(dn, ldapSearchString)) { // assign user to this group try { Group ldapGroup = Group.findByName(context, dspaceGroupName); if (ldapGroup != null) { ldapGroup.addMember(context.getCurrentUser()); ldapGroup.update(); context.commit(); } else { // The group does not exist log.warn(LogManager.getHeader(context, ldap_assignGroupsBasedOnLdapDn, Group defined in ldap.login.groupmap. + i + does not exist :: + dspaceGroupName)); } } catch (AuthorizeException ae) { log.debug(LogManager.getHeader(context, assignGroupsBasedOnLdapDn could not authorize addition to group, dspaceGroupName)); } catch (SQLException e) { log.debug(LogManager.getHeader(context, assignGroupsBasedOnLdapDn could not find group, dspaceGroupName)); } } groupMap = ConfigurationManager.getProperty(ldap.login.groupmap. + ++i); } On Wed, Aug 7, 2013 at 10:35 AM, Clive Gould cli...@gmail.com wrote: Hi everyone I'm beginning to suspect the LDAP Special Groups code in DSpace 3.0 is broken Please see the scenarios below, which are excerpts from /home/dspace/config/modules/authentication-ldap.cfg Scenario 1 login.groupmap.1 = OU=StaffUsers:all-staff login.groupmap.2 = OU=StudentUsers:all-students In practice newly authenticated new staff are added to the all-staff, all-authenticated and anonymous groups. Newly authenticated students only belong to the anonymous group Scenario 2 # Added By Clive Gould on 31/07/13 to allow for special groups # login.groupmap.1 = OU=StaffUsers:all-staff # login.groupmap.2 = OU=StudentUsers:all-students login.groupmap.1 = OU=StudentUsers:all-students In practice newly authenticated students are added to the all-students, all-authenticated and anonymous groups. Newly authenticated staff only belong to the anonymous group Scenario 3 # login.groupmap.1 = OU=StaffUsers:all-staff # login.groupmap.2 = OU=StudentUsers:all-students login.groupmap.1 = OU=StudentUsers:all-students login.groupmap.2 = OU=StaffUsers:all-staff Newly authenticated students are added to the all-students, all-authenticated and anonymous groups. Newly authenticated staff only belong to the anonymous group Conclusion It looks horribly as if only the first line login.groupmap.1 is being processed. login.groupmap.2 seems to be ignored Note: If a member of staff or student has logged in and registered once their membership of the special groups appears to be persistent through multiple logins I'm not a Java programmer and haven't time try to understand and debug the code myself. Has anyone actually got this special groups code to work properly or is this a bug that needs fixing? Any ideas anyone? Clive On Tue, Aug 6, 2013 at 10:11 AM, helix84 heli...@centrum.sk wrote: Neither login.specialgroup nor login.groupmap are applied to student, but it is to staff? I'm as baffled as you are. Are you modifying the right config file, i.e. [dspace]/config/modules/authentication-ldap.cfg (maybe you
Re: [Dspace-tech] LDAP and Special Groups Code
Hi everyone It looks as if this was fixed in DSpace 3.2 [dspace@standbyvle ~]$ diff /home/dspace/dspace-3.2-src-release/dspace-api/src/main/java/org/dspace/authenticate/LDAPAuthentication.java /home/dspace/dspace-3.0-src-release/dspace-api/src/main/java/org/dspace/authenticate/LDAPAuthentication.java 615c615 * the authentication-ldap.login.groupmap.* key. --- * the ldap.login.groupmap.* key. 647c647 Group defined in authentication-ldap.login.groupmap. + i + does not exist :: + dspaceGroupName)); --- Group defined in ldap.login.groupmap. + i + does not exist :: + dspaceGroupName)); 660c660 groupMap = ConfigurationManager.getProperty(authentication-ldap, login.groupmap. + ++i); --- groupMap = ConfigurationManager.getProperty(ldap.login.groupmap. + ++i); Thanks Clive On Wed, Aug 7, 2013 at 11:10 AM, Clive Gould cli...@gmail.com wrote: Hi everyone I'm not a programmer as I said before but have just been scanning over the source code in LDAPAuthentication.java My concern is with the following lines Before we go into the while loop int i = 1; String groupMap = ConfigurationManager.getProperty(authentication-ldap, login.groupmap. + i); By my understanding this should read the first line login.groupmap.1 Before the end of the while loop to move onto any login.groupmap.2 and login.groupmap.3 etc groupMap = ConfigurationManager.getProperty(ldap.login.groupmap. + ++i); It looks to me as if the last line should read groupMap = ConfigurationManager.getProperty(login.groupmap. + ++i); Have I found a bug or is this just down to the fact I don't understand the code?? Any thoughts most welcome Clive The complete excerpt from /home/dspace/dspace-3.0-src-release/dspace-api/src/main/java/org/dspace/authenticate/LDAPAuthentication.java is shown below: System.out.println(dn: + dn); int i = 1; String groupMap = ConfigurationManager.getProperty(authentication-ldap, login.groupmap. + i); while (groupMap != null) { String t[] = groupMap.split(:); String ldapSearchString = t[0]; String dspaceGroupName = t[1]; if (StringUtils.containsIgnoreCase(dn, ldapSearchString)) { // assign user to this group try { Group ldapGroup = Group.findByName(context, dspaceGroupName); if (ldapGroup != null) { ldapGroup.addMember(context.getCurrentUser()); ldapGroup.update(); context.commit(); } else { // The group does not exist log.warn(LogManager.getHeader(context, ldap_assignGroupsBasedOnLdapDn, Group defined in ldap.login.groupmap. + i + does not exist :: + dspaceGroupName)); } } catch (AuthorizeException ae) { log.debug(LogManager.getHeader(context, assignGroupsBasedOnLdapDn could not authorize addition to group, dspaceGroupName)); } catch (SQLException e) { log.debug(LogManager.getHeader(context, assignGroupsBasedOnLdapDn could not find group, dspaceGroupName)); } } groupMap = ConfigurationManager.getProperty(ldap.login.groupmap. + ++i); } On Wed, Aug 7, 2013 at 10:35 AM, Clive Gould cli...@gmail.com wrote: Hi everyone I'm beginning to suspect the LDAP Special Groups code in DSpace 3.0 is broken Please see the scenarios below, which are excerpts from /home/dspace/config/modules/authentication-ldap.cfg Scenario 1 login.groupmap.1 = OU=StaffUsers:all-staff login.groupmap.2 = OU=StudentUsers:all-students In practice newly authenticated new staff are added to the all-staff, all-authenticated and anonymous groups. Newly authenticated students only belong to the anonymous group Scenario 2 # Added By Clive Gould on 31/07/13 to allow for special groups # login.groupmap.1 = OU=StaffUsers:all-staff # login.groupmap.2 = OU=StudentUsers:all-students login.groupmap.1 = OU=StudentUsers:all-students In practice newly authenticated students are added to the all-students, all-authenticated and anonymous groups. Newly authenticated staff only belong to the anonymous group Scenario 3 # login.groupmap.1 = OU=StaffUsers:all-staff # login.groupmap.2 = OU=StudentUsers:all-students login.groupmap.1 =
Re: [Dspace-tech] LDAP and Special Groups Code
On Wed, Aug 7, 2013 at 1:20 PM, Clive Gould cli...@gmail.com wrote: It looks as if this was fixed in DSpace 3.2 Right. Sorry about that. You can simply use that newer LDAPAuthentication.java file (beware of OAI being broken in 3.2). Does it work for you now? https://jira.duraspace.org/browse/DS-1576 Regards, ~~helix84 Compulsory reading: DSpace Mailing List Etiquette https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- Get 100% visibility into Java/.NET code with AppDynamics Lite! It's a free troubleshooting tool designed for production. Get down to code-level detail for bottlenecks, with 2% overhead. Download for free and get started troubleshooting in minutes. http://pubads.g.doubleclick.net/gampad/clk?id=48897031iu=/4140/ostg.clktrk ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] LDAP and Special Groups Code
I've just copied over the config file from 3.2 run maven and ant On restarting Tomcat the problem still seems to be there :(( 1026 cp /home/dspace/dspace-3.2-src-release/dspace-api/src/main/java/org/dspace/authenticate/LDAPAuthentication.java /home/dspace/dspace-3.0-src-release/dspace-api/src/main/java/org/dspace/authenticate/LDAPAuthentication.java 1034 cd /home/dspace/dspace-3.0-src-release/dspace 1035 mvn -U clean package 1037 cd /home/dspace/dspace-3.0-src-release/dspace/target/dspace-3.0-build 1038 ant -Dconfig=/home/dspace/config/dspace.cfg update On Wed, Aug 7, 2013 at 12:26 PM, helix84 heli...@centrum.sk wrote: On Wed, Aug 7, 2013 at 1:20 PM, Clive Gould cli...@gmail.com wrote: It looks as if this was fixed in DSpace 3.2 Right. Sorry about that. You can simply use that newer LDAPAuthentication.java file (beware of OAI being broken in 3.2). Does it work for you now? https://jira.duraspace.org/browse/DS-1576 Regards, ~~helix84 Compulsory reading: DSpace Mailing List Etiquette https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- Get 100% visibility into Java/.NET code with AppDynamics Lite! It's a free troubleshooting tool designed for production. Get down to code-level detail for bottlenecks, with 2% overhead. Download for free and get started troubleshooting in minutes. http://pubads.g.doubleclick.net/gampad/clk?id=48897031iu=/4140/ostg.clktrk___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] LDAP and Special Groups Code
Hi everyone Still trying to get the special groups code to work with LDAP login Below is an excerpt from /home/dspace/config/modules/authentication-ldap.cfg # LDAP users group # # If required, a group name can be given here, and all users who log in # to LDAP will automatically become members of this group. This is useful # if you want a group made up of all internal authenticated users. login.specialgroup = all-authenticated # Added By Clive Gould on 31/07/13 to allow for special groups login.groupmap.1 = OU=StaffUsers:all-staff login.groupmap.2 = OU=StudentUsers:all-students If I login as a staff member I get in the log file 2013-08-06 08:19:38,294 DEBUG org.dspace.authenticate.LDAPAuthentication @ anonymous:session_id=8FBFE4389EE44E4DFC0DF5845C9B920C:ip_addr=86.166.91.100:got DN:CN=Clive Gould,OU=School of ICT,OU=CurriculumPartnerships,OU=RookeryLane,OU=StaffUsers,DC=staff,dc=bromley,dc=local Groups EPerson is Member of: Anonymous Administrator COLLECTION_1_SUBMIT COLLECTION_2_SUBMIT COLLECTION_3_SUBMIT COLLECTION_4_SUBMIT COLLECTION_5_SUBMIT all-staff all-authenticated If I login as a student I get in the log file 2013-08-06 08:22:21,847 DEBUG org.dspace.authenticate.LDAPAuthentication @ anonymous:session_id=213AA9495F21ECD6CEB3BA494D2CA761:ip_addr=86.166.91.100:got DN:CN=40035571,OU=2012-13,OU=Orpington,OU=StudentUsers,DC=student,dc=bromley,dc=local Groups EPerson is Member of: Anonymous Any ideas why the student is not being added to the appropraite special groups? Thanks very much Clive -- Get your SQL database under version control now! Version control is standard for application code, but databases havent caught up. So what steps can you take to put your SQL databases under version control? Why should you start doing it? Read more to find out. http://pubads.g.doubleclick.net/gampad/clk?id=48897031iu=/4140/ostg.clktrk___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] LDAP and Special Groups Code
Neither login.specialgroup nor login.groupmap are applied to student, but it is to staff? I'm as baffled as you are. Are you modifying the right config file, i.e. [dspace]/config/modules/authentication-ldap.cfg (maybe you accidentally edited the one in [dspace-source])? Other than that, try sprinkling more log.debug calls around to see which branches of code are executed. Basically you want to check the values that drive the decisions in any relevant if statements. Regards, ~~helix84 Compulsory reading: DSpace Mailing List Etiquette https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- Get your SQL database under version control now! Version control is standard for application code, but databases havent caught up. So what steps can you take to put your SQL databases under version control? Why should you start doing it? Read more to find out. http://pubads.g.doubleclick.net/gampad/clk?id=48897031iu=/4140/ostg.clktrk ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] LDAP and Special Groups Code
On Fri, Aug 2, 2013 at 3:58 PM, Clive Gould cli...@gmail.com wrote: java.io.FileNotFoundException: /${dspace.dir}/config/dspace.cfg (No such file or directory) Somehow you're running with a dspace.cfg that hasn't been through the ant filtering phase. In this phase, references are replaced with actual values, so ${dspace.dir} would be replaced with e.g. /dspace or /opt/dspace or whatever you defined it to be in build.properties. To fix this, make sure you have the correct values in build.properties, run mvn package and ant update again. Do any additional edits to dspace.cfg either in [dspace-source] before running mvn package (this is the officially recommended way, yet somewhat unpractical), or in [dspace] after ant update. Alternatively, you can just search for all occurences of ${whatever} variables in your [dspace]/config/* and replace them manually with actual values. Regards, ~~helix84 Compulsory reading: DSpace Mailing List Etiquette https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- Get your SQL database under version control now! Version control is standard for application code, but databases havent caught up. So what steps can you take to put your SQL databases under version control? Why should you start doing it? Read more to find out. http://pubads.g.doubleclick.net/gampad/clk?id=49501711iu=/4140/ostg.clktrk ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] LDAP and Special Groups Code
Hi Thanks for the suggestions. I've tried everything including mvn, ant and subsequently manually replacing every reference to ${dspace.dir with /home/dspace in all files in /home/dspace/config and its subdirectories However, the error in catalina.out resolutely refuses to go away I just don't have any more time to sort this out so we'll just have to stick with 1.8.1 for the time being Thanks anyway for all the help Clive On Mon, Aug 5, 2013 at 11:31 AM, helix84 heli...@centrum.sk wrote: On Fri, Aug 2, 2013 at 3:58 PM, Clive Gould cli...@gmail.com wrote: java.io.FileNotFoundException: /${dspace.dir}/config/dspace.cfg (No such file or directory) Somehow you're running with a dspace.cfg that hasn't been through the ant filtering phase. In this phase, references are replaced with actual values, so ${dspace.dir} would be replaced with e.g. /dspace or /opt/dspace or whatever you defined it to be in build.properties. To fix this, make sure you have the correct values in build.properties, run mvn package and ant update again. Do any additional edits to dspace.cfg either in [dspace-source] before running mvn package (this is the officially recommended way, yet somewhat unpractical), or in [dspace] after ant update. Alternatively, you can just search for all occurences of ${whatever} variables in your [dspace]/config/* and replace them manually with actual values. Regards, ~~helix84 Compulsory reading: DSpace Mailing List Etiquette https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- Get your SQL database under version control now! Version control is standard for application code, but databases havent caught up. So what steps can you take to put your SQL databases under version control? Why should you start doing it? Read more to find out. http://pubads.g.doubleclick.net/gampad/clk?id=49501711iu=/4140/ostg.clktrk___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] LDAP and Special Groups Code
Hi Problem solved :) I went through all the files below and manually changed ${dspace.dir} for /home/dspace No more error messages in catalina.out Thanks everyone Now to get back to debugging LDAP! Clive [root@standbyvle config]# cd /home/dspace/apache-tomcat-6.0.18/webapps [root@standbyvle webapps]# grep -R dspace.dir * dspace/WEB-INF/web.xml: param-value${dspace.dir}/config/dspace.cfg/param-value dspace/WEB-INF/web.xml:param-value${dspace.dir}/param-value dspace-oai/WEB-INF/web.xml: param-value${dspace.dir}/config/dspace.cfg/param-value dspace-oai/WEB-INF/web.xml: param-value${dspace.dir}/config/oaicat.properties/param-value lni/WEB-INF/web.xml: param-value${dspace.dir}/config/dspace.cfg/param-value solr/WEB-INF/web.xml: env-entry-value${dspace.dir}/solr/env-entry-value sword/WEB-INF/web.xml: param-value${dspace.dir}/config/dspace.cfg/param-value xmlui/WEB-INF/web.xml: param-value${dspace.dir}/config/dspace.cfg/param-value xmlui/WEB-INF/web.xml:param-value${dspace.dir}/param-value On Mon, Aug 5, 2013 at 2:16 PM, helix84 heli...@centrum.sk wrote: On Mon, Aug 5, 2013 at 2:42 PM, Clive Gould cli...@gmail.com wrote: Thanks for the suggestions. I've tried everything including mvn, ant and subsequently manually replacing every reference to ${dspace.dir with /home/dspace in all files in /home/dspace/config and its subdirectories Like Kostas mentioned in another thread, yet another place where these variables are used is in web.xml files in each webapp. But I don't understand where the problem could be - if you made sure dspace.dir has an actual value in [dspace-source]/dspace/config/dspace.cfg before running mvn package, then the change should propagate everywhere during ant update. You can try mvn clean package instead of mvn package, but I don't think it should make a difference. Regards, ~~helix84 Compulsory reading: DSpace Mailing List Etiquette https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- Get your SQL database under version control now! Version control is standard for application code, but databases havent caught up. So what steps can you take to put your SQL databases under version control? Why should you start doing it? Read more to find out. http://pubads.g.doubleclick.net/gampad/clk?id=49501711iu=/4140/ostg.clktrk___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] LDAP and Special Groups Code
A grep tip for faster searching: use the -I option to skip binary files. Regards, ~~helix84 Compulsory reading: DSpace Mailing List Etiquette https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- Get your SQL database under version control now! Version control is standard for application code, but databases havent caught up. So what steps can you take to put your SQL databases under version control? Why should you start doing it? Read more to find out. http://pubads.g.doubleclick.net/gampad/clk?id=49501711iu=/4140/ostg.clktrk ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] LDAP and Special Groups Code
Hi Helix The following excerpt is taken from the authentication-ldap.cfg file # LDAP users group # # If required, a group name can be given here, and all users who log in # to LDAP will automatically become members of this group. This is useful # if you want a group made up of all internal authenticated users. login.specialgroup = all-authenticated # Added By Clive Gould on 31/07/13 to allow for special groups login.groupmap.1 = ou=StaffUsers:all-staff login.groupmap.2 = ou=StudentUsers:all-students The all-staff and all-students groups are the original group names I already use successfully on our production server with DSpace 1.8.1 custom authentication. If as an example I run ldapsearch on AD with a colleagues cn I get the following response: [root@standbyvle openldap]# ldapsearch -x -v -D bromldap@bromley.local -W -L cn=Philip Mann | less version: 1 # # LDAPv3 # base with scope subtree # filter: cn=Philip Mann # requesting: ALL # # Philip Mann, School of ICT, CurriculumPartnerships, RookeryLane, StaffUser s, staff.bromley.local dn: CN=Philip Mann,OU=School of ICT,OU=CurriculumPartnerships,OU=RookeryLane, OU=StaffUsers,DC=staff,DC=bromley,DC=local But if Philip logs into DSpace and I view his ePerson group membership he has not been allocated to either the all-staff or the all-authenticated group Any ideas at all where I might be going wrong? Thanks very much Clive On Wed, Jul 31, 2013 at 2:36 PM, helix84 heli...@centrum.sk wrote: On Wed, Jul 31, 2013 at 2:48 PM, Clive Gould cli...@gmail.com wrote: We used to use custom code to differentiate between staff and student login and assign them to appropriate dynamic special groups Hi Clive, where does your custom code take the group information from? Full DN or attributes? I have tried using the new DSpace 3.0 login.groupmap directive within authentication-ldap.cfg The source of information for this mapping is the LDAP DN. Users are successfully authenticated against AD but apparently not being assigned to the special groups Send an example of your login.groupmap.*. In my opinion, the most likely problem might be misunderstanding the left-hand side of the mapping, e.g.: login.groupmap.1 = ou=Students:ALL_STUDENTS Notice ou=Students. So if I log in as cn=helix84,ou=Students,dc=example,dc=com, this will put me to the DSpace ALL_STUDENTS group. If your LDAP contains group information not in the DN, but in attributes, DSpace 3 doesn't currently support that. But we're currently discussing that functionality here: http://dspace.2283337.n4.nabble.com/DSpace-LDAP-authentication-problem-td4665853.html Second likely problem is that you haven't created the ALL_STUDENTS group in DSpace. This is not created automatically, only the user is assigned to that group dynamically upon login! Is there a table in the database that allows the membership of the dynamically allocated special groups to be viewed? Once I find out the solution I'll log the entire upgrade process on my blog at http://dspacebromley.blogspot.co.uk/ There is no such table. Your page already contains the explanation: This means that users are not added to it as such, but are transient members of it during the period that they are logged in. Therefore you will not see anyone listed in that group, however such users should inherit the permissions of belonging to that group. Stuart Lewis The only easy way to check is to log in as the user and check currently active groups on user's profile page. Please check those two problems and report back. Let us know if something is still unclear. Hope this helps. Regards, ~~helix84 Compulsory reading: DSpace Mailing List Etiquette https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- Get your SQL database under version control now! Version control is standard for application code, but databases havent caught up. So what steps can you take to put your SQL databases under version control? Why should you start doing it? Read more to find out. http://pubads.g.doubleclick.net/gampad/clk?id=49501711iu=/4140/ostg.clktrk___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] LDAP and Special Groups Code
The only thing that comes to mind right away is case sensitivity. It shouldn't matter, but let's check. Try login.groupmap.1 = OU=StaffUsers:all-staff login.groupmap.2 = OU=StudentUsers:all-students Regards, ~~helix84 Compulsory reading: DSpace Mailing List Etiquette https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- Get your SQL database under version control now! Version control is standard for application code, but databases havent caught up. So what steps can you take to put your SQL databases under version control? Why should you start doing it? Read more to find out. http://pubads.g.doubleclick.net/gampad/clk?id=49501711iu=/4140/ostg.clktrk ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] LDAP and Special Groups Code
On Fri, Aug 2, 2013 at 10:24 AM, helix84 heli...@centrum.sk wrote: The only thing that comes to mind right away is case sensitivity. It shouldn't matter, but let's check. Try You can still check, but this shouldn't be the tproblem, because we're using if (StringUtils.containsIgnoreCase(dn, ldapSearchString)) Did you also check dspace.log for any error messages during login? A couple of exceptions can be reported there: Group defined in authentication-ldap.login.groupmap. + i + does not exist :: + dspaceGroupName assignGroupsBasedOnLdapDn could not authorize addition to group, dspaceGroupName assignGroupsBasedOnLdapDn could not find group, dspaceGroupName Regards, ~~helix84 Compulsory reading: DSpace Mailing List Etiquette https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- Get your SQL database under version control now! Version control is standard for application code, but databases havent caught up. So what steps can you take to put your SQL databases under version control? Why should you start doing it? Read more to find out. http://pubads.g.doubleclick.net/gampad/clk?id=49501711iu=/4140/ostg.clktrk___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] LDAP and Special Groups Code
Hi Helix I've made the change you recommended to /home/dspace/dspace-3.0-src-release/dspace/config/modules/authentication-ldap.cfg Restarted Tomcat and also Apache but it still doesn't work Is there any logging within DSpace that I can enable to see what's happening with LDAP auth? Thanks Clive On Fri, Aug 2, 2013 at 9:24 AM, helix84 heli...@centrum.sk wrote: The only thing that comes to mind right away is case sensitivity. It shouldn't matter, but let's check. Try login.groupmap.1 = OU=StaffUsers:all-staff login.groupmap.2 = OU=StudentUsers:all-students Regards, ~~helix84 Compulsory reading: DSpace Mailing List Etiquette https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- Get your SQL database under version control now! Version control is standard for application code, but databases havent caught up. So what steps can you take to put your SQL databases under version control? Why should you start doing it? Read more to find out. http://pubads.g.doubleclick.net/gampad/clk?id=49501711iu=/4140/ostg.clktrk___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] LDAP and Special Groups Code
Hi I need to increase the dspace.log level to debug The wiki says You can control the verbosity of this by editing the * [dspace-source]/config/templates/log4j.properties* file and then running *ant init_configs*. I've edited /home/dspace/dspace-3.0-src-release/dspace/config/log4j.properties Can anyone advise me what directory to run ant init_configs from with DSpace 3.0 ? Thanks Clive On Fri, Aug 2, 2013 at 9:43 AM, Clive Gould cli...@gmail.com wrote: Hi Helix I've made the change you recommended to /home/dspace/dspace-3.0-src-release/dspace/config/modules/authentication-ldap.cfg Restarted Tomcat and also Apache but it still doesn't work Is there any logging within DSpace that I can enable to see what's happening with LDAP auth? Thanks Clive On Fri, Aug 2, 2013 at 9:24 AM, helix84 heli...@centrum.sk wrote: The only thing that comes to mind right away is case sensitivity. It shouldn't matter, but let's check. Try login.groupmap.1 = OU=StaffUsers:all-staff login.groupmap.2 = OU=StudentUsers:all-students Regards, ~~helix84 Compulsory reading: DSpace Mailing List Etiquette https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- Get your SQL database under version control now! Version control is standard for application code, but databases havent caught up. So what steps can you take to put your SQL databases under version control? Why should you start doing it? Read more to find out. http://pubads.g.doubleclick.net/gampad/clk?id=49501711iu=/4140/ostg.clktrk___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] LDAP and Special Groups Code
You're right, you do need to raise the log level to get those messages I listed, sorry I didn't notice it. On Fri, Aug 2, 2013 at 11:30 AM, Clive Gould cli...@gmail.com wrote: I've edited /home/dspace/dspace-3.0-src-release/dspace/config/log4j.properties Can anyone advise me what directory to run ant init_configs from with DSpace 3.0 ? Simply edit [dspace]/config/log4j.properties (not the one in [dspace-source]) and restart DSpace, you don't need to go through the whole ant round - you don't even want to keep log4j.properties with log level debug in [dspace-source]. Regards, ~~helix84 Compulsory reading: DSpace Mailing List Etiquette https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- Get your SQL database under version control now! Version control is standard for application code, but databases havent caught up. So what steps can you take to put your SQL databases under version control? Why should you start doing it? Read more to find out. http://pubads.g.doubleclick.net/gampad/clk?id=49501711iu=/4140/ostg.clktrk ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] LDAP and Special Groups Code
I've edited the /home/dspace/config/log4j.properties file, restarted Tomcat, logged into DSpace. Unfortunately the dspace.log file hasn't changed since DSpace reloaded at 4 am today These are the changes I have made to the log4j file ### # A1 is the name of the appender for most DSpace activity. ### # The root category is the default setting for all non-DSpace code. # Change this from INFO to DEBUG to see extra logging created by non-DSpace # code. log4j.rootCategory=DEBUG, A1 # This line sets the logging level for DSpace code. Set this to DEBUG to see # extra detailed logging for DSpace code. log4j.logger.org.dspace=DEBUG, A1 # Do not change this line And here is the end of dspace.log 2013-08-02 04:00:02,221 INFO org.dspace.servicemanager.DSpaceKernelInit @ Created new kernel: DSpaceKernel:org.dspace:name=83267f65-678a-4f45-b833-4fb8bdab110f,type=DSpaceKernel:lastLoad=null:loadTime=0:running=false:kernel=null 2013-08-02 04:00:02,227 INFO org.dspace.core.ConfigurationManager @ Loading from classloader: file:/home/dspace/config/dspace.cfg 2013-08-02 04:00:02,256 INFO org.dspace.core.ConfigurationManager @ Using dspace provided log configuration (log.init.config) 2013-08-02 04:00:02,257 INFO org.dspace.core.ConfigurationManager @ Loading: /home/dspace/config/log4j.properties [root@standbyvle ~]# I'm sure I'm doing something silly, but what? On Fri, Aug 2, 2013 at 10:41 AM, helix84 heli...@centrum.sk wrote: You're right, you do need to raise the log level to get those messages I listed, sorry I didn't notice it. On Fri, Aug 2, 2013 at 11:30 AM, Clive Gould cli...@gmail.com wrote: I've edited /home/dspace/dspace-3.0-src-release/dspace/config/log4j.properties Can anyone advise me what directory to run ant init_configs from with DSpace 3.0 ? Simply edit [dspace]/config/log4j.properties (not the one in [dspace-source]) and restart DSpace, you don't need to go through the whole ant round - you don't even want to keep log4j.properties with log level debug in [dspace-source]. Regards, ~~helix84 Compulsory reading: DSpace Mailing List Etiquette https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- Get your SQL database under version control now! Version control is standard for application code, but databases havent caught up. So what steps can you take to put your SQL databases under version control? Why should you start doing it? Read more to find out. http://pubads.g.doubleclick.net/gampad/clk?id=49501711iu=/4140/ostg.clktrk___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] LDAP and Special Groups Code
On Fri, Aug 2, 2013 at 1:35 PM, Clive Gould cli...@gmail.com wrote: These are the changes I have made to the log4j file Those should be correct. Unfortunately the dspace.log file hasn't changed since DSpace reloaded at 4 am today Yes, that's weird. Also check tomcat's log (catalina) to see if there are any error messages (about logging being set up wrongly). Does dspace start logging into dspace.log again if you change the two settings back to info? If you get fed up with debuging logging (☺), just change those log.debug() lines in LDAPAuthentication.java to log.info(), as a workaround Regards, ~~helix84 Compulsory reading: DSpace Mailing List Etiquette https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- Get your SQL database under version control now! Version control is standard for application code, but databases havent caught up. So what steps can you take to put your SQL databases under version control? Why should you start doing it? Read more to find out. http://pubads.g.doubleclick.net/gampad/clk?id=49501711iu=/4140/ostg.clktrk ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] LDAP and Special Groups Code
Hi It looks as if there is something seriously wrong with Tomcat talking to DSpace [root@standbyvle ~]# tail -40 /home/dspace/apache-tomcat-6.0.18/logs/catalina.out Aug 2, 2013 2:46:25 PM org.apache.catalina.core.StandardContext start SEVERE: Context [/sword] startup failed due to previous errors log4j:WARN No appenders could be found for logger (org.dspace.servicemanager.DSpaceKernelInit). log4j:WARN Please initialize the log4j system properly. INFO: Loading provided config file: ${dspace.dir}/config/dspace.cfg FATAL: Can't load configuration: file:/${dspace.dir}/config/dspace.cfg java.io.FileNotFoundException: /${dspace.dir}/config/dspace.cfg (No such file or directory) I guess I've messed up somewhere? But why does DSpace seem to run fine despite the above messages? The test server is online at http://standbyvle.bromley.ac.uk/dspace (please ignore the handle references here as it points to the production server) On Fri, Aug 2, 2013 at 12:46 PM, helix84 heli...@centrum.sk wrote: On Fri, Aug 2, 2013 at 1:35 PM, Clive Gould cli...@gmail.com wrote: These are the changes I have made to the log4j file Those should be correct. Unfortunately the dspace.log file hasn't changed since DSpace reloaded at 4 am today Yes, that's weird. Also check tomcat's log (catalina) to see if there are any error messages (about logging being set up wrongly). Does dspace start logging into dspace.log again if you change the two settings back to info? If you get fed up with debuging logging (☺), just change those log.debug() lines in LDAPAuthentication.java to log.info(), as a workaround Regards, ~~helix84 Compulsory reading: DSpace Mailing List Etiquette https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- Get your SQL database under version control now! Version control is standard for application code, but databases havent caught up. So what steps can you take to put your SQL databases under version control? Why should you start doing it? Read more to find out. http://pubads.g.doubleclick.net/gampad/clk?id=49501711iu=/4140/ostg.clktrk___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
[Dspace-tech] LDAP and Special Groups Code
Hi I'm just upgrading from DSpace 1.8.1 to DSpace 3.0 on our test server We used to use custom code to differentiate between staff and student login and assign them to appropriate dynamic special groups I have tried using the new DSpace 3.0 login.groupmap directive within authentication-ldap.cfg Users are successfully authenticated against AD but apparently not being assigned to the special groups Is there a table in the database that allows the membership of the dynamically allocated special groups to be viewed? Once I find out the solution I'll log the entire upgrade process on my blog at http://dspacebromley.blogspot.co.uk/ Thanks very much Clive -- Get your SQL database under version control now! Version control is standard for application code, but databases havent caught up. So what steps can you take to put your SQL databases under version control? Why should you start doing it? Read more to find out. http://pubads.g.doubleclick.net/gampad/clk?id=49501711iu=/4140/ostg.clktrk___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] LDAP and Special Groups Code
On Wed, Jul 31, 2013 at 2:48 PM, Clive Gould cli...@gmail.com wrote: We used to use custom code to differentiate between staff and student login and assign them to appropriate dynamic special groups Hi Clive, where does your custom code take the group information from? Full DN or attributes? I have tried using the new DSpace 3.0 login.groupmap directive within authentication-ldap.cfg The source of information for this mapping is the LDAP DN. Users are successfully authenticated against AD but apparently not being assigned to the special groups Send an example of your login.groupmap.*. In my opinion, the most likely problem might be misunderstanding the left-hand side of the mapping, e.g.: login.groupmap.1 = ou=Students:ALL_STUDENTS Notice ou=Students. So if I log in as cn=helix84,ou=Students,dc=example,dc=com, this will put me to the DSpace ALL_STUDENTS group. If your LDAP contains group information not in the DN, but in attributes, DSpace 3 doesn't currently support that. But we're currently discussing that functionality here: http://dspace.2283337.n4.nabble.com/DSpace-LDAP-authentication-problem-td4665853.html Second likely problem is that you haven't created the ALL_STUDENTS group in DSpace. This is not created automatically, only the user is assigned to that group dynamically upon login! Is there a table in the database that allows the membership of the dynamically allocated special groups to be viewed? Once I find out the solution I'll log the entire upgrade process on my blog at http://dspacebromley.blogspot.co.uk/ There is no such table. Your page already contains the explanation: This means that users are not added to it as such, but are transient members of it during the period that they are logged in. Therefore you will not see anyone listed in that group, however such users should inherit the permissions of belonging to that group. Stuart Lewis The only easy way to check is to log in as the user and check currently active groups on user's profile page. Please check those two problems and report back. Let us know if something is still unclear. Hope this helps. Regards, ~~helix84 Compulsory reading: DSpace Mailing List Etiquette https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- Get your SQL database under version control now! Version control is standard for application code, but databases havent caught up. So what steps can you take to put your SQL databases under version control? Why should you start doing it? Read more to find out. http://pubads.g.doubleclick.net/gampad/clk?id=49501711iu=/4140/ostg.clktrk ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
[Dspace-tech] LDAP permssion
Hi All, We are using dspace 3.1/xmlui version. We implemented LDAP/SSL. Our e-people doesn't have the same permission as the normal dsapce/password login when they login through the LDAP. Any hint on this -- This SF.net email is sponsored by Windows: Build for Windows Store. http://p.sf.net/sfu/windows-dev2dev___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] LDAP permssion
On Thu, Jun 20, 2013 at 9:47 AM, Webshet, Sisay (ILRI) s.webs...@cgiar.org wrote: We implemented LDAP/SSL. Our e-people doesn’t have the same permission as the normal dsapce/password login when they login through the LDAP. Use login.specialgroup and/or login.groupmap.* to assign LDAP users to DSpace groups as described in https://wiki.duraspace.org/display/DSDOC3x/Authentication+Plugins#AuthenticationPlugins-ConfiguringLDAPAuthentication Keep in mind that LDAP groups are assigned dynamically, only for the duration of the login session, so user's membership in such group won't be visible to the administrator using the usual tools. You may, however, check the effective group membership in the user's profile while he's logged in. Regards, ~~helix84 Compulsory reading: DSpace Mailing List Etiquette https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- This SF.net email is sponsored by Windows: Build for Windows Store. http://p.sf.net/sfu/windows-dev2dev ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] LDAP permssion
Thanks, Helix. In this case the problem was that this particular user had registered with an email address (long before we moved to LDAP) which didn't match that of the email address in LDAP; ie ao...@example.org instead of a.o...@example.org. We added the user to the appropriate groups and all is well. Cheers, Alan On 06/20/2013 11:14 AM, helix84 wrote: On Thu, Jun 20, 2013 at 9:47 AM, Webshet, Sisay (ILRI) s.webs...@cgiar.org wrote: We implemented LDAP/SSL. Our e-people doesn’t have the same permission as the normal dsapce/password login when they login through the LDAP. Use login.specialgroup and/or login.groupmap.* to assign LDAP users to DSpace groups as described in https://wiki.duraspace.org/display/DSDOC3x/Authentication+Plugins#AuthenticationPlugins-ConfiguringLDAPAuthentication Keep in mind that LDAP groups are assigned dynamically, only for the duration of the login session, so user's membership in such group won't be visible to the administrator using the usual tools. You may, however, check the effective group membership in the user's profile while he's logged in. Regards, ~~helix84 Compulsory reading: DSpace Mailing List Etiquette https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- This SF.net email is sponsored by Windows: Build for Windows Store. http://p.sf.net/sfu/windows-dev2dev ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- Alan Orth alan.o...@gmail.com http://alaninkenya.org http://mjanja.co.ke I have always wished for my computer to be as easy to use as my telephone; my wish has come true because I can no longer figure out how to use my telephone. -Bjarne Stroustrup, inventor of C++ -- This SF.net email is sponsored by Windows: Build for Windows Store. http://p.sf.net/sfu/windows-dev2dev ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
[Dspace-tech] LDAP group
Hi All, Is there a possibility of creating more than one group (login.specialgroup) who log into LDAP For Dsapce 3.1 Thanks -- Try New Relic Now We'll Send You this Cool Shirt New Relic is the only SaaS-based application performance monitoring service that delivers powerful full stack analytics. Optimize and monitor your browser, app, servers with just a few lines of code. Try New Relic and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] LDAP group
On Fri, May 24, 2013 at 3:08 PM, Webshet, Sisay (ILRI) s.webs...@cgiar.org wrote: Is there a possibility of creating more than one group (login.specialgroup) who log into LDAP For Dsapce 3.1 Yes, this functionality has been added in DSpace 3. See the login.groupmap option in documentation: https://wiki.duraspace.org/display/DSDOC3x/Authentication+Plugins#AuthenticationPlugins-ConfiguringLDAPAuthentication Regards, ~~helix84 Compulsory reading: DSpace Mailing List Etiquette https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- Try New Relic Now We'll Send You this Cool Shirt New Relic is the only SaaS-based application performance monitoring service that delivers powerful full stack analytics. Optimize and monitor your browser, app, servers with just a few lines of code. Try New Relic and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] LDAP not working (AD): error code 34 - 0000208F\colon; NameErr\colon; DSID-031001F7, problem 2006 (BAD_NAME)
OK, got it: object_context was empty, should be set to the ou where the user is. 2013/4/2 helix84 heli...@centrum.sk Sorry I can't be of more help. Here are some more observations, but they probably won't directly help you. Here's what result=2 means: /** User exists, but credentials (eme.g./em passwd) don't match. */ public static final int BAD_CREDENTIALS = 2; Based on the BAD_NAME exception, I'm guessing this could also be a permissions problem in AD. Try the initial bind as the most privileged user (just for testing) to eliminate this possibility. To check whether this is really a problem with space in username, try to create both users (the initial bind DN and the DN you're logging in) without a space in their name. Regards, ~~helix84 Compulsory reading: DSpace Mailing List Etiquette https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- Try New Relic Now We'll Send You this Cool Shirt New Relic is the only SaaS-based application performance monitoring service that delivers powerful full stack analytics. Optimize and monitor your browser, app, servers with just a few lines of code. Try New Relic and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette