Re: [Dspace-tech] Ldap settings
Hi Satish, You probably don't intend to use "netid_email_domain" (there is an alternative configuration where you might want to use it, but I don't think it will work in what you wrote). Additionally, you specified "search.password", but not "search.user", this is clearly wrong. "id_field" is what is used to search for what the user enters as his username, so make sure that the email address is stored in "sAMAccountName". Otherwise, if you inted to search for "mail", make sure that your LDAP directory indexes this field. Regards, ~~helix84 Compulsory reading: DSpace Mailing List Etiquette https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- Want excitement? Manually upgrade your production database. When you want reliability, choose Perforce. Perforce version control. Predictably reliable. http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
[Dspace-tech] Ldap settings
Hello everybody, I require help in configuring ldap settings, i am using DSpace 4.2, my configurations are enable = true autoregister = false id_field = sAMAccountName object_context = dc=example, dc=com search_context = dc=example, dc=com email_field = mail givenname_field = givenName search.password = ldappassword netid_email_domain = @example.com i am unable to login by mail in above settings for the below settings i am able to login by user name, but i require users to login my mail id. id_field=cn object_context=cn=users,dc= example, dc=com -- *With Warm Regards,K Satish Kumar* -- Want excitement? Manually upgrade your production database. When you want reliability, choose Perforce Perforce version control. Predictably reliable. http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] LDAP settings
It makes use of the authentication stack: Line 110 of LDAPServlet: int status = AuthenticationManager.authenticate(context, netid, password, null, request); Cheers, Stuart On 7/09/2010, at 5:14 PM, Flavio Botelho wrote: > The problem is it routes directly to LDAPAuthentication instead of > using the pluggable authentication system, doesn't it? > > On Mon, Sep 6, 2010 at 6:08 PM, Stuart Lewis wrote: >> LDAPServlet is one of those strange remnants where despite having an >> pluggable authentication system, this remains from before that. So it is >> normal to see entries relating to it in the logs: >> >> dspace/log/dspace.log.2010-06-15:2010-06-15 07:16:41,862 INFO >> org.dspace.app.webui.servlet.LDAPServlet @ >> stuart.le...@testathon.net:session_id=5CD14C51E5AB3672D7E537F99EC361DD:ip_addr=0:0:0:0:0:0:0:1%0:login:type=explicit >> >> IIRC, its use is controlled by the ldap.enable flag in dspace.cfg >> >> Cheers, >> >> >> Stuart Lewis >> IT Innovations Analyst and Developer >> Te Tumu Herenga The University of Auckland Library >> Auckland Mail Centre, Private Bag 92019, Auckland 1142, New Zealand >> Ph: +64 (0)9 373 7599 x81928 >> >> >> On 7/09/2010, at 7:25 AM, Flavio Botelho wrote: >> >>> You are using the LDAP Servlet, when it seems you want to use LDAP >>> Hierarchical?? >>> >>> You should use the "normal" login screen to use the >>> LDAPHierarchicalAuthentication... >>> >>> BTW, hasn't LDAPServlet been removed already? >>> >>> Kudos, >>> Flavio >>> >>> On Fri, Sep 3, 2010 at 3:10 AM, Webshet, Sisay (ILRI) >>> wrote: >>> Hi, >>> >>> >>> I checked with some other browser like softera.look >>> >>> How the structure viewed. >>> >>> The log file says this. >>> >>> 010-09-03 09:04:02,239 INFO org.dspace.app.webui.servlet.LDAPServlet @ >>> anonymous:session_id=EE6A969F57BF518D0D5343F6BF33520C:ip_addr=172.27.5.70:failed_login:netid=Swebshet, >>> result=2 >>> >>> >>> May be you can suggest me on the values for ldap.search.user= >>> >>> Should the system be redeployed? For LDAP to work. >>> >>> I did restart Tomcat only >>> >>> Thanks >>> >>> >>> >>> >>> -Original Message- >>> >>> >>> >>> >>> >>> >>> >>> >>> From: Stuart Lewis [mailto:s.le...@auckland.ac.nz] >>> Sent: Friday, September 03, 2010 1:10 AM >>> To: Flavio Botelho; Webshet, Sisay (ILRI) >>> Cc: dspace-tech@lists.sourceforge.net Tech >>> Subject: Re: [Dspace-tech] LDAP settings >>> >>> >>> You shouldn't need to escape the values at all. Commas are fine, and quite >>> normal in LDAP configurations. >>> >>> >>> Check using a tool such as http://jxplorer.org/ that you can log in to the >>> LDAP server with those credentials. >>> >>> >>> Thanks, >>> >>> >>> >>> Stuart Lewis >>> >>> IT Innovations Analyst and Developer >>> >>> Te Tumu Herenga The University of Auckland Library >>> >>> Auckland Mail Centre, Private Bag 92019, Auckland 1142, New Zealand >>> >>> Ph: +64 (0)9 373 7599 x81928 >>> >>> >>> >>> >>> On 3/09/2010, at 5:42 AM, Flavio Botelho wrote: >>> >>> >>>> Please post any errors in the log that are appearing? >>> >>>> >>> >>>> But I will take a wild guess that there might be problems with >>> >>>> escaping, you might need to use 2 backslashes instead of just 1 for >>> >>>> each comma... >>> >>>> >>> >>>> On Thu, Sep 2, 2010 at 9:18 AM, Webshet, Sisay (ILRI) >>> >>>> wrote: >>> >>>>> >>> >>>>> >>> >>>>> Hi, >>> >>>>> >>> >>>>> >>> >>>>> >>> >>>>> Support >>> >>>>> >>> >>>>> >>> >>>>> >>> >>>>> I login to our local LDAP server using the following settings, but >>>>> cannot >
Re: [Dspace-tech] LDAP settings
The problem is it routes directly to LDAPAuthentication instead of using the pluggable authentication system, doesn't it? On Mon, Sep 6, 2010 at 6:08 PM, Stuart Lewis wrote: > LDAPServlet is one of those strange remnants where despite having an > pluggable authentication system, this remains from before that. So it is > normal to see entries relating to it in the logs: > > dspace/log/dspace.log.2010-06-15:2010-06-15 07:16:41,862 INFO > org.dspace.app.webui.servlet.LDAPServlet @ > stuart.le...@testathon.net:session_id=5CD14C51E5AB3672D7E537F99EC361DD:ip_addr=0:0:0:0:0:0:0:1%0:login:type=explicit > > IIRC, its use is controlled by the ldap.enable flag in dspace.cfg > > Cheers, > > > Stuart Lewis > IT Innovations Analyst and Developer > Te Tumu Herenga The University of Auckland Library > Auckland Mail Centre, Private Bag 92019, Auckland 1142, New Zealand > Ph: +64 (0)9 373 7599 x81928 > > > On 7/09/2010, at 7:25 AM, Flavio Botelho wrote: > >> You are using the LDAP Servlet, when it seems you want to use LDAP >> Hierarchical?? >> >> You should use the "normal" login screen to use the >> LDAPHierarchicalAuthentication... >> >> BTW, hasn't LDAPServlet been removed already? >> >> Kudos, >> Flavio >> >> On Fri, Sep 3, 2010 at 3:10 AM, Webshet, Sisay (ILRI) >> wrote: >> Hi, >> >> >> I checked with some other browser like softera.look >> >> How the structure viewed. >> >> The log file says this. >> >> 010-09-03 09:04:02,239 INFO org.dspace.app.webui.servlet.LDAPServlet @ >> anonymous:session_id=EE6A969F57BF518D0D5343F6BF33520C:ip_addr=172.27.5.70:failed_login:netid=Swebshet, >> result=2 >> >> >> May be you can suggest me on the values for ldap.search.user= >> >> Should the system be redeployed? For LDAP to work. >> >> I did restart Tomcat only >> >> Thanks >> >> >> >> >> -Original Message- >> >> >> >> >> >> >> >> >> From: Stuart Lewis [mailto:s.le...@auckland.ac.nz] >> Sent: Friday, September 03, 2010 1:10 AM >> To: Flavio Botelho; Webshet, Sisay (ILRI) >> Cc: dspace-tech@lists.sourceforge.net Tech >> Subject: Re: [Dspace-tech] LDAP settings >> >> >> You shouldn't need to escape the values at all. Commas are fine, and quite >> normal in LDAP configurations. >> >> >> Check using a tool such as http://jxplorer.org/ that you can log in to the >> LDAP server with those credentials. >> >> >> Thanks, >> >> >> >> Stuart Lewis >> >> IT Innovations Analyst and Developer >> >> Te Tumu Herenga The University of Auckland Library >> >> Auckland Mail Centre, Private Bag 92019, Auckland 1142, New Zealand >> >> Ph: +64 (0)9 373 7599 x81928 >> >> >> >> >> On 3/09/2010, at 5:42 AM, Flavio Botelho wrote: >> >> >> > Please post any errors in the log that are appearing? >> >> > >> >> > But I will take a wild guess that there might be problems with >> >> > escaping, you might need to use 2 backslashes instead of just 1 for >> >> > each comma... >> >> > >> >> > On Thu, Sep 2, 2010 at 9:18 AM, Webshet, Sisay (ILRI) >> >> > wrote: >> >> >> >> >> >> >> >> >> Hi, >> >> >> >> >> >> >> >> >> >> >> >> Support >> >> >> >> >> >> >> >> >> >> >> >> I login to our local LDAP server using the following settings, but >> >> cannot >> >> >> login. I can search users name >> >> >> >> >> >> account using sAMAccountName attribute. >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> Host ILRI.CGIARAD.ORG >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> base DN DC=ILRI,DC=CGIARAD,DC=ORG >> >> >> >> >> >> >> >> >> >> >> >> Bind DN(entry DN) CN=Webshet\, Sisay (ILRI),OU=ILRI Ethiopia >> >> >> Employees,OU=ILRI Ethiopia,DC=ILRI,DC=CGIARAD,DC=ORG >> >> >> >> >> >
Re: [Dspace-tech] LDAP settings
LDAPServlet is one of those strange remnants where despite having an pluggable authentication system, this remains from before that. So it is normal to see entries relating to it in the logs: dspace/log/dspace.log.2010-06-15:2010-06-15 07:16:41,862 INFO org.dspace.app.webui.servlet.LDAPServlet @ stuart.le...@testathon.net:session_id=5CD14C51E5AB3672D7E537F99EC361DD:ip_addr=0:0:0:0:0:0:0:1%0:login:type=explicit IIRC, its use is controlled by the ldap.enable flag in dspace.cfg Cheers, Stuart Lewis IT Innovations Analyst and Developer Te Tumu Herenga The University of Auckland Library Auckland Mail Centre, Private Bag 92019, Auckland 1142, New Zealand Ph: +64 (0)9 373 7599 x81928 On 7/09/2010, at 7:25 AM, Flavio Botelho wrote: > You are using the LDAP Servlet, when it seems you want to use LDAP > Hierarchical?? > > You should use the "normal" login screen to use the > LDAPHierarchicalAuthentication... > > BTW, hasn't LDAPServlet been removed already? > > Kudos, > Flavio > > On Fri, Sep 3, 2010 at 3:10 AM, Webshet, Sisay (ILRI) > wrote: > Hi, > > > I checked with some other browser like softera.look > > How the structure viewed. > > The log file says this. > > 010-09-03 09:04:02,239 INFO org.dspace.app.webui.servlet.LDAPServlet @ > anonymous:session_id=EE6A969F57BF518D0D5343F6BF33520C:ip_addr=172.27.5.70:failed_login:netid=Swebshet, > result=2 > > > May be you can suggest me on the values for ldap.search.user= > > Should the system be redeployed? For LDAP to work. > > I did restart Tomcat only > > Thanks > > > > > -Original Message- > > > > > > > > > From: Stuart Lewis [mailto:s.le...@auckland.ac.nz] > Sent: Friday, September 03, 2010 1:10 AM > To: Flavio Botelho; Webshet, Sisay (ILRI) > Cc: dspace-tech@lists.sourceforge.net Tech > Subject: Re: [Dspace-tech] LDAP settings > > > You shouldn't need to escape the values at all. Commas are fine, and quite > normal in LDAP configurations. > > > Check using a tool such as http://jxplorer.org/ that you can log in to the > LDAP server with those credentials. > > > Thanks, > > > > Stuart Lewis > > IT Innovations Analyst and Developer > > Te Tumu Herenga The University of Auckland Library > > Auckland Mail Centre, Private Bag 92019, Auckland 1142, New Zealand > > Ph: +64 (0)9 373 7599 x81928 > > > > > On 3/09/2010, at 5:42 AM, Flavio Botelho wrote: > > > > Please post any errors in the log that are appearing? > > > > > > But I will take a wild guess that there might be problems with > > > escaping, you might need to use 2 backslashes instead of just 1 for > > > each comma... > > > > > > On Thu, Sep 2, 2010 at 9:18 AM, Webshet, Sisay (ILRI) > > > wrote: > > >> > > >> > > >> Hi, > > >> > > >> > > >> > > >> Support > > >> > > >> > > >> > > >> I login to our local LDAP server using the following settings, but cannot > > >> login. I can search users name > > >> > > >> account using sAMAccountName attribute. > > >> > > >> > > >> > > >> > > >> > > >> Host ILRI.CGIARAD.ORG > > >> > > >> > > >> > > >> > > >> > > >> base DN DC=ILRI,DC=CGIARAD,DC=ORG > > >> > > >> > > >> > > >> Bind DN(entry DN) CN=Webshet\, Sisay (ILRI),OU=ILRI Ethiopia > > >> Employees,OU=ILRI Ethiopia,DC=ILRI,DC=CGIARAD,DC=ORG > > >> > > >> > > >> > > >> > > >> > > >> > > >> > > >> What will be the setting in dspace.cfg ( dspace 1.5.2 on debian ) > > >> > > >> if something is wrong please correct me.i can't login to dspace using LADP. > > >> > > >> > > >> > > >> ldap.provider_url = ldap://ILRI.CGIARAD.ORG/ > > >> > > >> > > >> > > >> ldap.id_field = sAMAccountName > > >> > > >> > > >> > > >> ldap.object_context = OU=ILRI Ethiopia Employees,OU=ILRI > > >> Ethiopia,DC=ILRI,DC=CGIARAD,DC=ORG > > >> > > >> > > >> > > >> ldap.search_context = OU=ILR
Re: [Dspace-tech] LDAP settings
Hi again, Apologies - you may indeed need to escape the comma as this isn't the normal separator between dn/ou/cn type elements. As Flavio suggests, try two backslashes. Java can sometimes be worse than that and require four as it will strip them out twice, each time the string is handled. Depending on which copy of dspace.cfg you update, you may or may not need to redeploy DSpace. If you edit the version in your DSpace installation directory, then a restart of Tomcat is fine. If you edit the version in the source directory where you run 'mvn' from, then you will need to redeploy. Thanks, Stuart On 3/09/2010, at 6:10 PM, Webshet, Sisay (ILRI) wrote: > Hi, > > I checked with some other browser like softera.look > How the structure viewed. > The log file says this. > 010-09-03 09:04:02,239 INFO org.dspace.app.webui.servlet.LDAPServlet @ > anonymous:session_id=EE6A969F57BF518D0D5343F6BF33520C:ip_addr=172.27.5.70:failed_login:netid=Swebshet, > result=2 > > May be you can suggest me on the values for ldap.search.user= > Should the system be redeployed? For LDAP to work. > I did restart Tomcat only > Thanks > > > > -Original Message- > > > > > > > > From: Stuart Lewis [mailto:s.le...@auckland.ac.nz] > Sent: Friday, September 03, 2010 1:10 AM > To: Flavio Botelho; Webshet, Sisay (ILRI) > Cc: dspace-tech@lists.sourceforge.net Tech > Subject: Re: [Dspace-tech] LDAP settings > > You shouldn't need to escape the values at all. Commas are fine, and quite > normal in LDAP configurations. > > Check using a tool such as http://jxplorer.org/ that you can log in to the > LDAP server with those credentials. > > Thanks, > > > Stuart Lewis > IT Innovations Analyst and Developer > Te Tumu Herenga The University of Auckland Library > Auckland Mail Centre, Private Bag 92019, Auckland 1142, New Zealand > Ph: +64 (0)9 373 7599 x81928 > > > > On 3/09/2010, at 5:42 AM, Flavio Botelho wrote: > > > Please post any errors in the log that are appearing? > > > > But I will take a wild guess that there might be problems with > > escaping, you might need to use 2 backslashes instead of just 1 for > > each comma... > > > > On Thu, Sep 2, 2010 at 9:18 AM, Webshet, Sisay (ILRI) > > wrote: > >> > >> > >> Hi, > >> > >> > >> > >> Support > >> > >> > >> > >> I login to our local LDAP server using the following settings, but cannot > >> login. I can search users name > >> > >> account using sAMAccountName attribute. > >> > >> > >> > >> > >> > >> Host ILRI.CGIARAD.ORG > >> > >> > >> > >> > >> > >> base DN DC=ILRI,DC=CGIARAD,DC=ORG > >> > >> > >> > >> Bind DN(entry DN) CN=Webshet\, Sisay (ILRI),OU=ILRI Ethiopia > >> Employees,OU=ILRI Ethiopia,DC=ILRI,DC=CGIARAD,DC=ORG > >> > >> > >> > >> > >> > >> > >> > >> What will be the setting in dspace.cfg ( dspace 1.5.2 on debian ) > >> > >> if something is wrong please correct me.i can't login to dspace using LADP. > >> > >> > >> > >> ldap.provider_url = ldap://ILRI.CGIARAD.ORG/ > >> > >> > >> > >> ldap.id_field = sAMAccountName > >> > >> > >> > >> ldap.object_context = OU=ILRI Ethiopia Employees,OU=ILRI > >> Ethiopia,DC=ILRI,DC=CGIARAD,DC=ORG > >> > >> > >> > >> ldap.search_context = OU=ILRI Ethiopia Employees,OU=ILRI > >> Ethiopia,DC=ILRI,DC=CGIARAD,DC=ORG > >> > >> > >> > >> ldap.email_field = mail > >> > >> > >> > >> ldap.surname_field = sn > >> > >> > >> > >> ldap.givenname_field = givenName > >> > >> > >> > >> ldap.phone_field = telephoneNumber > >> > >> > >> > >> > >> > >> Hierarchical LDAP Settings # > >> > >> > >> > >> # If your users are spread out across a hierarchical tree on your > >> > >> # LDAP server, you will need to use the following stackable authentication > >> > >> class: > >> > >> plugin.sequence.org.dspace.authenticate.AuthenticationMethod = \ > >> > >> org.dspace.authenticate.LDAPHierarchicalAuth
Re: [Dspace-tech] LDAP settings
You shouldn't need to escape the values at all. Commas are fine, and quite normal in LDAP configurations. Check using a tool such as http://jxplorer.org/ that you can log in to the LDAP server with those credentials. Thanks, Stuart Lewis IT Innovations Analyst and Developer Te Tumu Herenga The University of Auckland Library Auckland Mail Centre, Private Bag 92019, Auckland 1142, New Zealand Ph: +64 (0)9 373 7599 x81928 On 3/09/2010, at 5:42 AM, Flavio Botelho wrote: > Please post any errors in the log that are appearing? > > But I will take a wild guess that there might be problems with > escaping, you might need to use 2 backslashes instead of just 1 for > each comma... > > On Thu, Sep 2, 2010 at 9:18 AM, Webshet, Sisay (ILRI) > wrote: >> >> >> Hi, >> >> >> >> Support >> >> >> >> I login to our local LDAP server using the following settings, but cannot >> login. I can search users name >> >> account using sAMAccountName attribute. >> >> >> >> >> >> Host ILRI.CGIARAD.ORG >> >> >> >> >> >> base DN DC=ILRI,DC=CGIARAD,DC=ORG >> >> >> >> Bind DN(entry DN) CN=Webshet\, Sisay (ILRI),OU=ILRI Ethiopia >> Employees,OU=ILRI Ethiopia,DC=ILRI,DC=CGIARAD,DC=ORG >> >> >> >> >> >> >> >> What will be the setting in dspace.cfg ( dspace 1.5.2 on debian ) >> >> if something is wrong please correct me.i can't login to dspace using LADP. >> >> >> >> ldap.provider_url = ldap://ILRI.CGIARAD.ORG/ >> >> >> >> ldap.id_field = sAMAccountName >> >> >> >> ldap.object_context = OU=ILRI Ethiopia Employees,OU=ILRI >> Ethiopia,DC=ILRI,DC=CGIARAD,DC=ORG >> >> >> >> ldap.search_context = OU=ILRI Ethiopia Employees,OU=ILRI >> Ethiopia,DC=ILRI,DC=CGIARAD,DC=ORG >> >> >> >> ldap.email_field = mail >> >> >> >> ldap.surname_field = sn >> >> >> >> ldap.givenname_field = givenName >> >> >> >> ldap.phone_field = telephoneNumber >> >> >> >> >> >> Hierarchical LDAP Settings # >> >> >> >> # If your users are spread out across a hierarchical tree on your >> >> # LDAP server, you will need to use the following stackable authentication >> >> class: >> >> plugin.sequence.org.dspace.authenticate.AuthenticationMethod = \ >> >> org.dspace.authenticate.LDAPHierarchicalAuthentication >> >> >> >> # object scope : 0 >> >> # one level scope : 1 >> >> # subtree scope : 2 >> >> ldap.search_scope = 2 >> >> >> >> >> >> #ldap.search.user = cn=admin,ou=people,o=myu.edu >> >> ldap.search.user = CN=Webshet\, Sisay (ILRI),OU=ILRI Ethiopia >> Employees,OU=ILRI Ethiopia,DC=ILRI,DC=CGIARAD,DC=ORG >> >> ldap.search.password = * >> >> >> >> >> >> >> >> -- >> This SF.net Dev2Dev email is sponsored by: >> >> Show off your parallel programming skills. >> Enter the Intel(R) Threading Challenge 2010. >> http://p.sf.net/sfu/intel-thread-sfd >> ___ >> DSpace-tech mailing list >> DSpace-tech@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/dspace-tech >> >> > > -- > This SF.net Dev2Dev email is sponsored by: > > Show off your parallel programming skills. > Enter the Intel(R) Threading Challenge 2010. > http://p.sf.net/sfu/intel-thread-sfd > ___ > DSpace-tech mailing list > DSpace-tech@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/dspace-tech -- This SF.net Dev2Dev email is sponsored by: Show off your parallel programming skills. Enter the Intel(R) Threading Challenge 2010. http://p.sf.net/sfu/intel-thread-sfd ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech
Re: [Dspace-tech] LDAP settings
Please post any errors in the log that are appearing? But I will take a wild guess that there might be problems with escaping, you might need to use 2 backslashes instead of just 1 for each comma... On Thu, Sep 2, 2010 at 9:18 AM, Webshet, Sisay (ILRI) wrote: > > > Hi, > > > > Support > > > > I login to our local LDAP server using the following settings, but cannot > login. I can search users name > > account using sAMAccountName attribute. > > > > > > Host ILRI.CGIARAD.ORG > > > > > > base DN DC=ILRI,DC=CGIARAD,DC=ORG > > > > Bind DN(entry DN) CN=Webshet\, Sisay (ILRI),OU=ILRI Ethiopia > Employees,OU=ILRI Ethiopia,DC=ILRI,DC=CGIARAD,DC=ORG > > > > > > > > What will be the setting in dspace.cfg ( dspace 1.5.2 on debian ) > > if something is wrong please correct me.i can't login to dspace using LADP. > > > > ldap.provider_url = ldap://ILRI.CGIARAD.ORG/ > > > > ldap.id_field = sAMAccountName > > > > ldap.object_context = OU=ILRI Ethiopia Employees,OU=ILRI > Ethiopia,DC=ILRI,DC=CGIARAD,DC=ORG > > > > ldap.search_context = OU=ILRI Ethiopia Employees,OU=ILRI > Ethiopia,DC=ILRI,DC=CGIARAD,DC=ORG > > > > ldap.email_field = mail > > > > ldap.surname_field = sn > > > > ldap.givenname_field = givenName > > > > ldap.phone_field = telephoneNumber > > > > > > Hierarchical LDAP Settings # > > > > # If your users are spread out across a hierarchical tree on your > > # LDAP server, you will need to use the following stackable authentication > > class: > > plugin.sequence.org.dspace.authenticate.AuthenticationMethod = \ > > org.dspace.authenticate.LDAPHierarchicalAuthentication > > > > # object scope : 0 > > # one level scope : 1 > > # subtree scope : 2 > > ldap.search_scope = 2 > > > > > > #ldap.search.user = cn=admin,ou=people,o=myu.edu > > ldap.search.user = CN=Webshet\, Sisay (ILRI),OU=ILRI Ethiopia > Employees,OU=ILRI Ethiopia,DC=ILRI,DC=CGIARAD,DC=ORG > > ldap.search.password = * > > > > > > > > -- > This SF.net Dev2Dev email is sponsored by: > > Show off your parallel programming skills. > Enter the Intel(R) Threading Challenge 2010. > http://p.sf.net/sfu/intel-thread-sfd > ___ > DSpace-tech mailing list > DSpace-tech@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/dspace-tech > > -- This SF.net Dev2Dev email is sponsored by: Show off your parallel programming skills. Enter the Intel(R) Threading Challenge 2010. http://p.sf.net/sfu/intel-thread-sfd ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech
[Dspace-tech] LDAP settings
Hi, Support I login to our local LDAP server using the following settings, but cannot login. I can search users name account using sAMAccountName attribute. Host ILRI.CGIARAD.ORG base DN DC=ILRI,DC=CGIARAD,DC=ORG Bind DN(entry DN) CN=Webshet\, Sisay (ILRI),OU=ILRI Ethiopia Employees,OU=ILRI Ethiopia,DC=ILRI,DC=CGIARAD,DC=ORG What will be the setting in dspace.cfg ( dspace 1.5.2 on debian ) if something is wrong please correct me.i can't login to dspace using LADP. ldap.provider_url = ldap://ILRI.CGIARAD.ORG/ ldap.id_field = sAMAccountName ldap.object_context = OU=ILRI Ethiopia Employees,OU=ILRI Ethiopia,DC=ILRI,DC=CGIARAD,DC=ORG ldap.search_context = OU=ILRI Ethiopia Employees,OU=ILRI Ethiopia,DC=ILRI,DC=CGIARAD,DC=ORG ldap.email_field = mail ldap.surname_field = sn ldap.givenname_field = givenName ldap.phone_field = telephoneNumber Hierarchical LDAP Settings # # If your users are spread out across a hierarchical tree on your # LDAP server, you will need to use the following stackable authentication class: plugin.sequence.org.dspace.authenticate.AuthenticationMethod = \ org.dspace.authenticate.LDAPHierarchicalAuthentication # object scope : 0 # one level scope : 1 # subtree scope : 2 ldap.search_scope = 2 #ldap.search.user = cn=admin,ou=people,o=myu.edu ldap.search.user = CN=Webshet\, Sisay (ILRI),OU=ILRI Ethiopia Employees,OU=ILRI Ethiopia,DC=ILRI,DC=CGIARAD,DC=ORG ldap.search.password = * -- This SF.net Dev2Dev email is sponsored by: Show off your parallel programming skills. Enter the Intel(R) Threading Challenge 2010. http://p.sf.net/sfu/intel-thread-sfd___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech
