Re: [Dspace-tech] Ldap settings
Hi Satish, You probably don't intend to use netid_email_domain (there is an alternative configuration where you might want to use it, but I don't think it will work in what you wrote). Additionally, you specified search.password, but not search.user, this is clearly wrong. id_field is what is used to search for what the user enters as his username, so make sure that the email address is stored in sAMAccountName. Otherwise, if you inted to search for mail, make sure that your LDAP directory indexes this field. Regards, ~~helix84 Compulsory reading: DSpace Mailing List Etiquette https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- Want excitement? Manually upgrade your production database. When you want reliability, choose Perforce. Perforce version control. Predictably reliable. http://pubads.g.doubleclick.net/gampad/clk?id=157508191iu=/4140/ostg.clktrk ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
[Dspace-tech] Ldap settings
Hello everybody, I require help in configuring ldap settings, i am using DSpace 4.2, my configurations are enable = true autoregister = false id_field = sAMAccountName object_context = dc=example, dc=com search_context = dc=example, dc=com email_field = mail givenname_field = givenName search.password = ldappassword netid_email_domain = @example.com i am unable to login by mail in above settings for the below settings i am able to login by user name, but i require users to login my mail id. id_field=cn object_context=cn=users,dc= example, dc=com -- *With Warm Regards,K Satish Kumar* -- Want excitement? Manually upgrade your production database. When you want reliability, choose Perforce Perforce version control. Predictably reliable. http://pubads.g.doubleclick.net/gampad/clk?id=157508191iu=/4140/ostg.clktrk___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] LDAP settings
LDAPServlet is one of those strange remnants where despite having an pluggable authentication system, this remains from before that. So it is normal to see entries relating to it in the logs: dspace/log/dspace.log.2010-06-15:2010-06-15 07:16:41,862 INFO org.dspace.app.webui.servlet.LDAPServlet @ stuart.le...@testathon.net:session_id=5CD14C51E5AB3672D7E537F99EC361DD:ip_addr=0:0:0:0:0:0:0:1%0:login:type=explicit IIRC, its use is controlled by the ldap.enable flag in dspace.cfg Cheers, Stuart Lewis IT Innovations Analyst and Developer Te Tumu Herenga The University of Auckland Library Auckland Mail Centre, Private Bag 92019, Auckland 1142, New Zealand Ph: +64 (0)9 373 7599 x81928 On 7/09/2010, at 7:25 AM, Flavio Botelho wrote: You are using the LDAP Servlet, when it seems you want to use LDAP Hierarchical?? You should use the normal login screen to use the LDAPHierarchicalAuthentication... BTW, hasn't LDAPServlet been removed already? Kudos, Flavio On Fri, Sep 3, 2010 at 3:10 AM, Webshet, Sisay (ILRI) s.webs...@cgiar.org wrote: Hi, I checked with some other browser like softera.look How the structure viewed. The log file says this. 010-09-03 09:04:02,239 INFO org.dspace.app.webui.servlet.LDAPServlet @ anonymous:session_id=EE6A969F57BF518D0D5343F6BF33520C:ip_addr=172.27.5.70:failed_login:netid=Swebshet, result=2 May be you can suggest me on the values for ldap.search.user= Should the system be redeployed? For LDAP to work. I did restart Tomcat only Thanks image001.jpg -Original Message- image002.jpg image005.jpg From: Stuart Lewis [mailto:s.le...@auckland.ac.nz] Sent: Friday, September 03, 2010 1:10 AM To: Flavio Botelho; Webshet, Sisay (ILRI) Cc: dspace-tech@lists.sourceforge.net Tech Subject: Re: [Dspace-tech] LDAP settings You shouldn't need to escape the values at all. Commas are fine, and quite normal in LDAP configurations. Check using a tool such as http://jxplorer.org/ that you can log in to the LDAP server with those credentials. Thanks, Stuart Lewis IT Innovations Analyst and Developer Te Tumu Herenga The University of Auckland Library Auckland Mail Centre, Private Bag 92019, Auckland 1142, New Zealand Ph: +64 (0)9 373 7599 x81928 On 3/09/2010, at 5:42 AM, Flavio Botelho wrote: Please post any errors in the log that are appearing? But I will take a wild guess that there might be problems with escaping, you might need to use 2 backslashes instead of just 1 for each comma... On Thu, Sep 2, 2010 at 9:18 AM, Webshet, Sisay (ILRI) s.webs...@cgiar.org wrote: Hi, Support I login to our local LDAP server using the following settings, but cannot login. I can search users name account using sAMAccountName attribute. Host ILRI.CGIARAD.ORG base DN DC=ILRI,DC=CGIARAD,DC=ORG Bind DN(entry DN) CN=Webshet\, Sisay (ILRI),OU=ILRI Ethiopia Employees,OU=ILRI Ethiopia,DC=ILRI,DC=CGIARAD,DC=ORG What will be the setting in dspace.cfg ( dspace 1.5.2 on debian ) if something is wrong please correct me.i can't login to dspace using LADP. ldap.provider_url = ldap://ILRI.CGIARAD.ORG/ ldap.id_field = sAMAccountName ldap.object_context = OU=ILRI Ethiopia Employees,OU=ILRI Ethiopia,DC=ILRI,DC=CGIARAD,DC=ORG ldap.search_context = OU=ILRI Ethiopia Employees,OU=ILRI Ethiopia,DC=ILRI,DC=CGIARAD,DC=ORG ldap.email_field = mail ldap.surname_field = sn ldap.givenname_field = givenName ldap.phone_field = telephoneNumber Hierarchical LDAP Settings # # If your users are spread out across a hierarchical tree on your # LDAP server, you will need to use the following stackable authentication class: plugin.sequence.org.dspace.authenticate.AuthenticationMethod = \ org.dspace.authenticate.LDAPHierarchicalAuthentication # object scope : 0 # one level scope : 1 # subtree scope : 2 ldap.search_scope = 2 #ldap.search.user = cn=admin,ou=people,o=myu.edu ldap.search.user = CN=Webshet\, Sisay (ILRI),OU=ILRI Ethiopia Employees,OU=ILRI Ethiopia,DC=ILRI,DC=CGIARAD,DC=ORG ldap.search.password = * -- This SF.net Dev2Dev email is sponsored by: Show off your parallel programming skills. Enter the Intel(R) Threading Challenge 2010. http://p.sf.net/sfu/intel-thread-sfd
Re: [Dspace-tech] LDAP settings
The problem is it routes directly to LDAPAuthentication instead of using the pluggable authentication system, doesn't it? On Mon, Sep 6, 2010 at 6:08 PM, Stuart Lewis s.le...@auckland.ac.nz wrote: LDAPServlet is one of those strange remnants where despite having an pluggable authentication system, this remains from before that. So it is normal to see entries relating to it in the logs: dspace/log/dspace.log.2010-06-15:2010-06-15 07:16:41,862 INFO org.dspace.app.webui.servlet.LDAPServlet @ stuart.le...@testathon.net:session_id=5CD14C51E5AB3672D7E537F99EC361DD:ip_addr=0:0:0:0:0:0:0:1%0:login:type=explicit IIRC, its use is controlled by the ldap.enable flag in dspace.cfg Cheers, Stuart Lewis IT Innovations Analyst and Developer Te Tumu Herenga The University of Auckland Library Auckland Mail Centre, Private Bag 92019, Auckland 1142, New Zealand Ph: +64 (0)9 373 7599 x81928 On 7/09/2010, at 7:25 AM, Flavio Botelho wrote: You are using the LDAP Servlet, when it seems you want to use LDAP Hierarchical?? You should use the normal login screen to use the LDAPHierarchicalAuthentication... BTW, hasn't LDAPServlet been removed already? Kudos, Flavio On Fri, Sep 3, 2010 at 3:10 AM, Webshet, Sisay (ILRI) s.webs...@cgiar.org wrote: Hi, I checked with some other browser like softera.look How the structure viewed. The log file says this. 010-09-03 09:04:02,239 INFO org.dspace.app.webui.servlet.LDAPServlet @ anonymous:session_id=EE6A969F57BF518D0D5343F6BF33520C:ip_addr=172.27.5.70:failed_login:netid=Swebshet, result=2 May be you can suggest me on the values for ldap.search.user= Should the system be redeployed? For LDAP to work. I did restart Tomcat only Thanks image001.jpg -Original Message- image002.jpg image005.jpg From: Stuart Lewis [mailto:s.le...@auckland.ac.nz] Sent: Friday, September 03, 2010 1:10 AM To: Flavio Botelho; Webshet, Sisay (ILRI) Cc: dspace-tech@lists.sourceforge.net Tech Subject: Re: [Dspace-tech] LDAP settings You shouldn't need to escape the values at all. Commas are fine, and quite normal in LDAP configurations. Check using a tool such as http://jxplorer.org/ that you can log in to the LDAP server with those credentials. Thanks, Stuart Lewis IT Innovations Analyst and Developer Te Tumu Herenga The University of Auckland Library Auckland Mail Centre, Private Bag 92019, Auckland 1142, New Zealand Ph: +64 (0)9 373 7599 x81928 On 3/09/2010, at 5:42 AM, Flavio Botelho wrote: Please post any errors in the log that are appearing? But I will take a wild guess that there might be problems with escaping, you might need to use 2 backslashes instead of just 1 for each comma... On Thu, Sep 2, 2010 at 9:18 AM, Webshet, Sisay (ILRI) s.webs...@cgiar.org wrote: Hi, Support I login to our local LDAP server using the following settings, but cannot login. I can search users name account using sAMAccountName attribute. Host ILRI.CGIARAD.ORG base DN DC=ILRI,DC=CGIARAD,DC=ORG Bind DN(entry DN) CN=Webshet\, Sisay (ILRI),OU=ILRI Ethiopia Employees,OU=ILRI Ethiopia,DC=ILRI,DC=CGIARAD,DC=ORG What will be the setting in dspace.cfg ( dspace 1.5.2 on debian ) if something is wrong please correct me.i can't login to dspace using LADP. ldap.provider_url = ldap://ILRI.CGIARAD.ORG/ ldap.id_field = sAMAccountName ldap.object_context = OU=ILRI Ethiopia Employees,OU=ILRI Ethiopia,DC=ILRI,DC=CGIARAD,DC=ORG ldap.search_context = OU=ILRI Ethiopia Employees,OU=ILRI Ethiopia,DC=ILRI,DC=CGIARAD,DC=ORG ldap.email_field = mail ldap.surname_field = sn ldap.givenname_field = givenName ldap.phone_field = telephoneNumber Hierarchical LDAP Settings # # If your users are spread out across a hierarchical tree on your # LDAP server, you will need to use the following stackable authentication class: plugin.sequence.org.dspace.authenticate.AuthenticationMethod = \ org.dspace.authenticate.LDAPHierarchicalAuthentication # object scope : 0 # one level scope : 1 # subtree scope : 2 ldap.search_scope = 2 #ldap.search.user = cn=admin,ou=people,o=myu.edu ldap.search.user = CN=Webshet\, Sisay (ILRI),OU=ILRI Ethiopia Employees,OU=ILRI Ethiopia,DC=ILRI,DC=CGIARAD,DC=ORG ldap.search.password = * -- This SF.net Dev2Dev email is sponsored by: Show off your parallel programming skills. Enter the Intel(R) Threading Challenge 2010. http://p.sf.net/sfu/intel-thread-sfd
Re: [Dspace-tech] LDAP settings
It makes use of the authentication stack: Line 110 of LDAPServlet: int status = AuthenticationManager.authenticate(context, netid, password, null, request); Cheers, Stuart On 7/09/2010, at 5:14 PM, Flavio Botelho wrote: The problem is it routes directly to LDAPAuthentication instead of using the pluggable authentication system, doesn't it? On Mon, Sep 6, 2010 at 6:08 PM, Stuart Lewis s.le...@auckland.ac.nz wrote: LDAPServlet is one of those strange remnants where despite having an pluggable authentication system, this remains from before that. So it is normal to see entries relating to it in the logs: dspace/log/dspace.log.2010-06-15:2010-06-15 07:16:41,862 INFO org.dspace.app.webui.servlet.LDAPServlet @ stuart.le...@testathon.net:session_id=5CD14C51E5AB3672D7E537F99EC361DD:ip_addr=0:0:0:0:0:0:0:1%0:login:type=explicit IIRC, its use is controlled by the ldap.enable flag in dspace.cfg Cheers, Stuart Lewis IT Innovations Analyst and Developer Te Tumu Herenga The University of Auckland Library Auckland Mail Centre, Private Bag 92019, Auckland 1142, New Zealand Ph: +64 (0)9 373 7599 x81928 On 7/09/2010, at 7:25 AM, Flavio Botelho wrote: You are using the LDAP Servlet, when it seems you want to use LDAP Hierarchical?? You should use the normal login screen to use the LDAPHierarchicalAuthentication... BTW, hasn't LDAPServlet been removed already? Kudos, Flavio On Fri, Sep 3, 2010 at 3:10 AM, Webshet, Sisay (ILRI) s.webs...@cgiar.org wrote: Hi, I checked with some other browser like softera.look How the structure viewed. The log file says this. 010-09-03 09:04:02,239 INFO org.dspace.app.webui.servlet.LDAPServlet @ anonymous:session_id=EE6A969F57BF518D0D5343F6BF33520C:ip_addr=172.27.5.70:failed_login:netid=Swebshet, result=2 May be you can suggest me on the values for ldap.search.user= Should the system be redeployed? For LDAP to work. I did restart Tomcat only Thanks image001.jpg -Original Message- image002.jpg image005.jpg From: Stuart Lewis [mailto:s.le...@auckland.ac.nz] Sent: Friday, September 03, 2010 1:10 AM To: Flavio Botelho; Webshet, Sisay (ILRI) Cc: dspace-tech@lists.sourceforge.net Tech Subject: Re: [Dspace-tech] LDAP settings You shouldn't need to escape the values at all. Commas are fine, and quite normal in LDAP configurations. Check using a tool such as http://jxplorer.org/ that you can log in to the LDAP server with those credentials. Thanks, Stuart Lewis IT Innovations Analyst and Developer Te Tumu Herenga The University of Auckland Library Auckland Mail Centre, Private Bag 92019, Auckland 1142, New Zealand Ph: +64 (0)9 373 7599 x81928 On 3/09/2010, at 5:42 AM, Flavio Botelho wrote: Please post any errors in the log that are appearing? But I will take a wild guess that there might be problems with escaping, you might need to use 2 backslashes instead of just 1 for each comma... On Thu, Sep 2, 2010 at 9:18 AM, Webshet, Sisay (ILRI) s.webs...@cgiar.org wrote: Hi, Support I login to our local LDAP server using the following settings, but cannot login. I can search users name account using sAMAccountName attribute. Host ILRI.CGIARAD.ORG base DN DC=ILRI,DC=CGIARAD,DC=ORG Bind DN(entry DN) CN=Webshet\, Sisay (ILRI),OU=ILRI Ethiopia Employees,OU=ILRI Ethiopia,DC=ILRI,DC=CGIARAD,DC=ORG What will be the setting in dspace.cfg ( dspace 1.5.2 on debian ) if something is wrong please correct me.i can't login to dspace using LADP. ldap.provider_url = ldap://ILRI.CGIARAD.ORG/ ldap.id_field = sAMAccountName ldap.object_context = OU=ILRI Ethiopia Employees,OU=ILRI Ethiopia,DC=ILRI,DC=CGIARAD,DC=ORG ldap.search_context = OU=ILRI Ethiopia Employees,OU=ILRI Ethiopia,DC=ILRI,DC=CGIARAD,DC=ORG ldap.email_field = mail ldap.surname_field = sn ldap.givenname_field = givenName ldap.phone_field = telephoneNumber Hierarchical LDAP Settings # # If your users are spread out across a hierarchical tree on your # LDAP server, you will need to use the following stackable authentication class: plugin.sequence.org.dspace.authenticate.AuthenticationMethod = \ org.dspace.authenticate.LDAPHierarchicalAuthentication # object scope : 0 # one level scope : 1 # subtree scope : 2 ldap.search_scope = 2 #ldap.search.user = cn=admin,ou=people,o=myu.edu ldap.search.user = CN=Webshet\, Sisay (ILRI),OU=ILRI Ethiopia
Re: [Dspace-tech] LDAP settings
Hi again, Apologies - you may indeed need to escape the comma as this isn't the normal separator between dn/ou/cn type elements. As Flavio suggests, try two backslashes. Java can sometimes be worse than that and require four as it will strip them out twice, each time the string is handled. Depending on which copy of dspace.cfg you update, you may or may not need to redeploy DSpace. If you edit the version in your DSpace installation directory, then a restart of Tomcat is fine. If you edit the version in the source directory where you run 'mvn' from, then you will need to redeploy. Thanks, Stuart On 3/09/2010, at 6:10 PM, Webshet, Sisay (ILRI) wrote: Hi, I checked with some other browser like softera.look How the structure viewed. The log file says this. 010-09-03 09:04:02,239 INFO org.dspace.app.webui.servlet.LDAPServlet @ anonymous:session_id=EE6A969F57BF518D0D5343F6BF33520C:ip_addr=172.27.5.70:failed_login:netid=Swebshet, result=2 May be you can suggest me on the values for ldap.search.user= Should the system be redeployed? For LDAP to work. I did restart Tomcat only Thanks image001.jpg -Original Message- image002.jpg image005.jpg From: Stuart Lewis [mailto:s.le...@auckland.ac.nz] Sent: Friday, September 03, 2010 1:10 AM To: Flavio Botelho; Webshet, Sisay (ILRI) Cc: dspace-tech@lists.sourceforge.net Tech Subject: Re: [Dspace-tech] LDAP settings You shouldn't need to escape the values at all. Commas are fine, and quite normal in LDAP configurations. Check using a tool such as http://jxplorer.org/ that you can log in to the LDAP server with those credentials. Thanks, Stuart Lewis IT Innovations Analyst and Developer Te Tumu Herenga The University of Auckland Library Auckland Mail Centre, Private Bag 92019, Auckland 1142, New Zealand Ph: +64 (0)9 373 7599 x81928 On 3/09/2010, at 5:42 AM, Flavio Botelho wrote: Please post any errors in the log that are appearing? But I will take a wild guess that there might be problems with escaping, you might need to use 2 backslashes instead of just 1 for each comma... On Thu, Sep 2, 2010 at 9:18 AM, Webshet, Sisay (ILRI) s.webs...@cgiar.org wrote: Hi, Support I login to our local LDAP server using the following settings, but cannot login. I can search users name account using sAMAccountName attribute. Host ILRI.CGIARAD.ORG base DN DC=ILRI,DC=CGIARAD,DC=ORG Bind DN(entry DN) CN=Webshet\, Sisay (ILRI),OU=ILRI Ethiopia Employees,OU=ILRI Ethiopia,DC=ILRI,DC=CGIARAD,DC=ORG What will be the setting in dspace.cfg ( dspace 1.5.2 on debian ) if something is wrong please correct me.i can't login to dspace using LADP. ldap.provider_url = ldap://ILRI.CGIARAD.ORG/ ldap.id_field = sAMAccountName ldap.object_context = OU=ILRI Ethiopia Employees,OU=ILRI Ethiopia,DC=ILRI,DC=CGIARAD,DC=ORG ldap.search_context = OU=ILRI Ethiopia Employees,OU=ILRI Ethiopia,DC=ILRI,DC=CGIARAD,DC=ORG ldap.email_field = mail ldap.surname_field = sn ldap.givenname_field = givenName ldap.phone_field = telephoneNumber Hierarchical LDAP Settings # # If your users are spread out across a hierarchical tree on your # LDAP server, you will need to use the following stackable authentication class: plugin.sequence.org.dspace.authenticate.AuthenticationMethod = \ org.dspace.authenticate.LDAPHierarchicalAuthentication # object scope : 0 # one level scope : 1 # subtree scope : 2 ldap.search_scope = 2 #ldap.search.user = cn=admin,ou=people,o=myu.edu ldap.search.user = CN=Webshet\, Sisay (ILRI),OU=ILRI Ethiopia Employees,OU=ILRI Ethiopia,DC=ILRI,DC=CGIARAD,DC=ORG ldap.search.password = * -- This SF.net Dev2Dev email is sponsored by: Show off your parallel programming skills. Enter the Intel(R) Threading Challenge 2010. http://p.sf.net/sfu/intel-thread-sfd ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech -- This SF.net Dev2Dev email is sponsored by: Show off your parallel programming skills. Enter the Intel(R) Threading Challenge 2010. http://p.sf.net/sfu/intel-thread-sfd ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech Stuart Lewis IT Innovations Analyst and Developer Te Tumu Herenga The University of Auckland Library Auckland Mail Centre
[Dspace-tech] LDAP settings
Hi, Support I login to our local LDAP server using the following settings, but cannot login. I can search users name account using sAMAccountName attribute. Host ILRI.CGIARAD.ORG base DN DC=ILRI,DC=CGIARAD,DC=ORG Bind DN(entry DN) CN=Webshet\, Sisay (ILRI),OU=ILRI Ethiopia Employees,OU=ILRI Ethiopia,DC=ILRI,DC=CGIARAD,DC=ORG What will be the setting in dspace.cfg ( dspace 1.5.2 on debian ) if something is wrong please correct me.i can't login to dspace using LADP. ldap.provider_url = ldap://ILRI.CGIARAD.ORG/ ldap.id_field = sAMAccountName ldap.object_context = OU=ILRI Ethiopia Employees,OU=ILRI Ethiopia,DC=ILRI,DC=CGIARAD,DC=ORG ldap.search_context = OU=ILRI Ethiopia Employees,OU=ILRI Ethiopia,DC=ILRI,DC=CGIARAD,DC=ORG ldap.email_field = mail ldap.surname_field = sn ldap.givenname_field = givenName ldap.phone_field = telephoneNumber Hierarchical LDAP Settings # # If your users are spread out across a hierarchical tree on your # LDAP server, you will need to use the following stackable authentication class: plugin.sequence.org.dspace.authenticate.AuthenticationMethod = \ org.dspace.authenticate.LDAPHierarchicalAuthentication # object scope : 0 # one level scope : 1 # subtree scope : 2 ldap.search_scope = 2 #ldap.search.user = cn=admin,ou=people,o=myu.edu ldap.search.user = CN=Webshet\, Sisay (ILRI),OU=ILRI Ethiopia Employees,OU=ILRI Ethiopia,DC=ILRI,DC=CGIARAD,DC=ORG ldap.search.password = * -- This SF.net Dev2Dev email is sponsored by: Show off your parallel programming skills. Enter the Intel(R) Threading Challenge 2010. http://p.sf.net/sfu/intel-thread-sfd___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech
Re: [Dspace-tech] LDAP settings
Please post any errors in the log that are appearing? But I will take a wild guess that there might be problems with escaping, you might need to use 2 backslashes instead of just 1 for each comma... On Thu, Sep 2, 2010 at 9:18 AM, Webshet, Sisay (ILRI) s.webs...@cgiar.org wrote: Hi, Support I login to our local LDAP server using the following settings, but cannot login. I can search users name account using sAMAccountName attribute. Host ILRI.CGIARAD.ORG base DN DC=ILRI,DC=CGIARAD,DC=ORG Bind DN(entry DN) CN=Webshet\, Sisay (ILRI),OU=ILRI Ethiopia Employees,OU=ILRI Ethiopia,DC=ILRI,DC=CGIARAD,DC=ORG What will be the setting in dspace.cfg ( dspace 1.5.2 on debian ) if something is wrong please correct me.i can't login to dspace using LADP. ldap.provider_url = ldap://ILRI.CGIARAD.ORG/ ldap.id_field = sAMAccountName ldap.object_context = OU=ILRI Ethiopia Employees,OU=ILRI Ethiopia,DC=ILRI,DC=CGIARAD,DC=ORG ldap.search_context = OU=ILRI Ethiopia Employees,OU=ILRI Ethiopia,DC=ILRI,DC=CGIARAD,DC=ORG ldap.email_field = mail ldap.surname_field = sn ldap.givenname_field = givenName ldap.phone_field = telephoneNumber Hierarchical LDAP Settings # # If your users are spread out across a hierarchical tree on your # LDAP server, you will need to use the following stackable authentication class: plugin.sequence.org.dspace.authenticate.AuthenticationMethod = \ org.dspace.authenticate.LDAPHierarchicalAuthentication # object scope : 0 # one level scope : 1 # subtree scope : 2 ldap.search_scope = 2 #ldap.search.user = cn=admin,ou=people,o=myu.edu ldap.search.user = CN=Webshet\, Sisay (ILRI),OU=ILRI Ethiopia Employees,OU=ILRI Ethiopia,DC=ILRI,DC=CGIARAD,DC=ORG ldap.search.password = * -- This SF.net Dev2Dev email is sponsored by: Show off your parallel programming skills. Enter the Intel(R) Threading Challenge 2010. http://p.sf.net/sfu/intel-thread-sfd ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech -- This SF.net Dev2Dev email is sponsored by: Show off your parallel programming skills. Enter the Intel(R) Threading Challenge 2010. http://p.sf.net/sfu/intel-thread-sfd ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech
Re: [Dspace-tech] LDAP settings
You shouldn't need to escape the values at all. Commas are fine, and quite normal in LDAP configurations. Check using a tool such as http://jxplorer.org/ that you can log in to the LDAP server with those credentials. Thanks, Stuart Lewis IT Innovations Analyst and Developer Te Tumu Herenga The University of Auckland Library Auckland Mail Centre, Private Bag 92019, Auckland 1142, New Zealand Ph: +64 (0)9 373 7599 x81928 On 3/09/2010, at 5:42 AM, Flavio Botelho wrote: Please post any errors in the log that are appearing? But I will take a wild guess that there might be problems with escaping, you might need to use 2 backslashes instead of just 1 for each comma... On Thu, Sep 2, 2010 at 9:18 AM, Webshet, Sisay (ILRI) s.webs...@cgiar.org wrote: Hi, Support I login to our local LDAP server using the following settings, but cannot login. I can search users name account using sAMAccountName attribute. Host ILRI.CGIARAD.ORG base DN DC=ILRI,DC=CGIARAD,DC=ORG Bind DN(entry DN) CN=Webshet\, Sisay (ILRI),OU=ILRI Ethiopia Employees,OU=ILRI Ethiopia,DC=ILRI,DC=CGIARAD,DC=ORG What will be the setting in dspace.cfg ( dspace 1.5.2 on debian ) if something is wrong please correct me.i can't login to dspace using LADP. ldap.provider_url = ldap://ILRI.CGIARAD.ORG/ ldap.id_field = sAMAccountName ldap.object_context = OU=ILRI Ethiopia Employees,OU=ILRI Ethiopia,DC=ILRI,DC=CGIARAD,DC=ORG ldap.search_context = OU=ILRI Ethiopia Employees,OU=ILRI Ethiopia,DC=ILRI,DC=CGIARAD,DC=ORG ldap.email_field = mail ldap.surname_field = sn ldap.givenname_field = givenName ldap.phone_field = telephoneNumber Hierarchical LDAP Settings # # If your users are spread out across a hierarchical tree on your # LDAP server, you will need to use the following stackable authentication class: plugin.sequence.org.dspace.authenticate.AuthenticationMethod = \ org.dspace.authenticate.LDAPHierarchicalAuthentication # object scope : 0 # one level scope : 1 # subtree scope : 2 ldap.search_scope = 2 #ldap.search.user = cn=admin,ou=people,o=myu.edu ldap.search.user = CN=Webshet\, Sisay (ILRI),OU=ILRI Ethiopia Employees,OU=ILRI Ethiopia,DC=ILRI,DC=CGIARAD,DC=ORG ldap.search.password = * -- This SF.net Dev2Dev email is sponsored by: Show off your parallel programming skills. Enter the Intel(R) Threading Challenge 2010. http://p.sf.net/sfu/intel-thread-sfd ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech -- This SF.net Dev2Dev email is sponsored by: Show off your parallel programming skills. Enter the Intel(R) Threading Challenge 2010. http://p.sf.net/sfu/intel-thread-sfd ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech -- This SF.net Dev2Dev email is sponsored by: Show off your parallel programming skills. Enter the Intel(R) Threading Challenge 2010. http://p.sf.net/sfu/intel-thread-sfd ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech
