Re: [Dspace-tech] dspace ldap

2015-06-16 Thread Saidy Binta 
Okay, thanks.

Regards
Binta

-Original Message-
From: ivan.ma...@gmail.com [mailto:ivan.ma...@gmail.com] On Behalf Of helix84
Sent: 16 June 2015 08:43
To: Saidy Binta
Cc: dspace-tech@lists.sourceforge.net
Subject: Re: [Dspace-tech] dspace ldap

On Tue, Jun 16, 2015 at 10:22 AM, Saidy Binta  wrote:
> Please I need to know, if I have to install ldap server on my machine before 
> I can use the dspace ldap authentication.

No, you can use an existing LDAP server on another machine, if you already have 
one.

If you don't already have one, I see no point in installing your own LDAP 
server just for DSpace, in that case you can just use PasswordAuthentication.


Regards,
~~helix84

Compulsory reading: DSpace Mailing List Etiquette 
https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette



DISCLAIMER: This message is private and confidential. If you have received this 
message in error please notify us and remove it from your system. Any views and 
opinions expressed in this message are those of the individual sender and do 
not necessarily represent the views and opinions of Medical Research Council 
Unit, The Gambia

___
This communication is confidential and may contain privileged information 
intended solely for the named recipient(s). It may not be used or disclosed 
except for the purpose for which it has been sent. If you are not the intended 
recipient, you must not copy, distribute, take any action or reliance on it. If 
you have received this communication in error, do not open any attachments but 
please notify the Help Desk by e-mailing h...@mrc.gm quoting the sender 
details, and then delete this message along with any attached files. E-mail 
messages are not secure and attachments could contain software viruses which 
may damage your computer system. Whilst every reasonable precaution has been 
taken to minimise this risk, The MRC Unit The Gambia cannot accept any 
liability for any damage sustained as a result of these factors. You are 
advised to carry out your own virus checks before opening any attachments. 
Unless expressly stated, opinions in this message are those of the e-mail 
author and not 
 of the Medical Research Council Unit The Gambia.

--
___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

Re: [Dspace-tech] dspace ldap

2015-06-16 Thread helix84 
On Tue, Jun 16, 2015 at 10:22 AM, Saidy Binta  wrote:
> Please I need to know, if I have to install ldap server on my machine before 
> I can use the dspace ldap authentication.

No, you can use an existing LDAP server on another machine, if you
already have one.

If you don't already have one, I see no point in installing your own
LDAP server just for DSpace, in that case you can just use
PasswordAuthentication.


Regards,
~~helix84

Compulsory reading: DSpace Mailing List Etiquette
https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

--
___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

[Dspace-tech] dspace ldap

2015-06-16 Thread Saidy Binta 
Hi,

Please I need to know, if I have to install ldap server on my machine before I 
can use the dspace ldap authentication.

Regards
Binta



DISCLAIMER: This message is private and confidential. If you have received this 
message in error please notify us and remove it from your system. Any views and 
opinions expressed in this message are those of the individual sender and do 
not necessarily represent the views and opinions of Medical Research Council 
Unit, The Gambia

___
This communication is confidential and may contain privileged information 
intended solely for the named recipient(s). It may not be used or disclosed 
except for the purpose for which it has been sent. If you are not the intended 
recipient, you must not copy, distribute, take any action or reliance on it. If 
you have received this communication in error, do not open any attachments but 
please notify the Help Desk by e-mailing h...@mrc.gm quoting the sender 
details, and then delete this message along with any attached files. E-mail 
messages are not secure and attachments could contain software viruses which 
may damage your computer system. Whilst every reasonable precaution has been 
taken to minimise this risk, The MRC Unit The Gambia cannot accept any 
liability for any damage sustained as a result of these factors. You are 
advised to carry out your own virus checks before opening any attachments. 
Unless expressly stated, opinions in this message are those of the e-mail 
author and not of the Medical Research Council Unit The Gambia.
--
___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

Re: [Dspace-tech] DSpace LDAP authentication problem

2013-10-29 Thread helix84 
Hi Keir,

I finally got around to fixing the issue with null appended to netid
[1]. Could you please test it? You can download the whole LDAP class
here [2] and either try it with 3.x or with latest master
(almost-4.0rc1). This class also includes the new feature for grabbing
the group name from an LDAP attribute, so give it a spin, too. Make
sure to use it with the newly introduced "login.groupmap.attribute"
configuration option [2].

Are there any more remaining bugs to fix here? I'd appreciate if you
could base any of your changes on this new file and keep the diff
minimal so I can see what changed. Thanks in advance!


[1] https://jira.duraspace.org/browse/DS-1739
[2] 
https://raw.github.com/helix84/DSpace/88b9d8fe78bb990d777c315abb31dcd823a5a208/dspace-api/src/main/java/org/dspace/authenticate/LDAPAuthentication.java
[3] 
https://raw.github.com/DSpace/DSpace/master/dspace/config/modules/authentication-ldap.cfg

Regards,
~~helix84

Compulsory reading: DSpace Mailing List Etiquette
https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

--
Android is increasing in popularity, but the open development platform that
developers love is also attractive to malware creators. Download this white
paper to learn more about secure code signing practices that can help keep
Android apps secure.
http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk
___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

Re: [Dspace-tech] DSpace LDAP authentication problem

2013-09-17 Thread helix84 
On Tue, Sep 17, 2013 at 7:32 AM, Keir Vaughan-Taylor  wrote:
> My test user "resotest" ends up with an email of "resotestnull".
> Some debugging reveals that the call to
>
> ConfigurationManager.getProperty("authentication-ldap",
> "netid_email_domain")
>
> Is returning not a null character but instead the string "null"
> I think this is a bug.

Yes, sounds like a bug. Please, file a Jira issue so that we don't
forget about it.


Regards,
~~helix84

Compulsory reading: DSpace Mailing List Etiquette
https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

--
LIMITED TIME SALE - Full Year of Microsoft Training For Just $49.99!
1,500+ hours of tutorials including VisualStudio 2012, Windows 8, SharePoint
2013, SQL 2012, MVC 4, more. BEST VALUE: New Multi-Library Power Pack includes
Mobile, Cloud, Java, and UX Design. Lowest price ever! Ends 9/20/13. 
http://pubads.g.doubleclick.net/gampad/clk?id=58041151&iu=/4140/ostg.clktrk
___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

Re: [Dspace-tech] DSpace LDAP authentication problem

2013-09-16 Thread Keir Vaughan-Taylor 
I find that when there is no email returned the email is assigned the
string of the netid pluss the string "null".

My test user "resotest" ends up with an email of "resotestnull".
Some debugging reveals that the call to 

ConfigurationManager.getProperty("authentication-ldap",
"netid_email_domain")

Is returning not a null character but instead the string "null"
I think this is a bug.

A workaround is to add the local email  netid_email_domain
to then end of the config file
authentication-ldap.cfg
I'm not sure what happens if it is left blank but don't try to enclode
text in double quotes since then the identity is impossible to delete in
the GUI.

I feel that if the  config of this item is not filled in the call to
configuation manager should return a null character or an empty string.




On Wed, 2013-07-24 at 12:44 +0200, helix84 wrote: 
> On Wed, Jul 24, 2013 at 3:00 AM, Keir Vaughan-Taylor  wrote:
> > My problem arises in that an undregistered user get authenticated and
> > entered into DSpace but their user name is modified to contain the
> > letters "NULL" after their user name. How can I prevent this happening?
> 
> I assume you're using autoregister = true.
> 
> These are the fields that map LDAP attributes to DSpace ePerson
> surname and given name. Please, check that these attributes are
> present and have values in your LDAP.
> 
> [dspace]/modules/authentication-ldap.cfg:
> surname_field = sn
> givenname_field = givenName
> 
> Please, remember that if you change this, the users who already
> autoregistered will not have the existing values updated on login, so
> either try this on a new person who never logged in or delete the
> dspace user so that he can autoregister again upon next login.
> 
> 
> Regards,
> ~~helix84
> 
> Compulsory reading: DSpace Mailing List Etiquette
> https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

-- 



--
LIMITED TIME SALE - Full Year of Microsoft Training For Just $49.99!
1,500+ hours of tutorials including VisualStudio 2012, Windows 8, SharePoint
2013, SQL 2012, MVC 4, more. BEST VALUE: New Multi-Library Power Pack includes
Mobile, Cloud, Java, and UX Design. Lowest price ever! Ends 9/20/13. 
http://pubads.g.doubleclick.net/gampad/clk?id=58041151&iu=/4140/ostg.clktrk
___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

Re: [Dspace-tech] DSpace LDAP authentication problem

2013-07-29 Thread helix84 
On Mon, Jul 29, 2013 at 11:31 PM, Keir Vaughan-Taylor  wrote:
> Attached is the old authentication-ldap.cfg that works.

I'll try to take a look at it later.

> Also the LDAPAuthenticate.java with the group feature added.

I created a branch in my repo for it for ease of reviewing and commenting:
https://github.com/helix84/DSpace/commit/b0d04133d599d2fc88c7e3c6798c727a200eceb0

We'll surely need to work on this. For one, this modifies the
(non-hierarchical) LDAPAuthentication from DSpace 1.8. In 3.x, we
merged LDAPAuthentication and LDAPHierarchicalAuthentication into
LDAPAuthentication. Secondly, I don't like how the group name is
passed in the ldapTGroup variable. I understand why you did it that
way, but there must be a better way, we'll have to figure that out.

We'll also need a Jira issue for this new feature. Or did you manage
to find the old issue number?


Regards,
~~helix84

Compulsory reading: DSpace Mailing List Etiquette
https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

--
Get your SQL database under version control now!
Version control is standard for application code, but databases havent 
caught up. So what steps can you take to put your SQL databases under 
version control? Why should you start doing it? Read more to find out.
http://pubads.g.doubleclick.net/gampad/clk?id=49501711&iu=/4140/ostg.clktrk
___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

Re: [Dspace-tech] DSpace LDAP authentication problem

2013-07-29 Thread Keir Vaughan-Taylor 
Attached is the old authentication-ldap.cfg that works.

the position_field defines the field from the LDAP server that defines a
users role. For example staff,student, contractor etc.

The groupMapping_field is a string of comma separated string pairs,
separated by colons. If the position_field is staff then the group in
DSpace becomes staffsubmit, if enrolled then studentsubmit.

Also the LDAPAuthenticate.java with the group feature added.



On Mon, 2013-07-29 at 11:21 +0200, helix84 wrote:
> On Mon, Jul 29, 2013 at 6:58 AM, Keir Vaughan-Taylor  wrote:
> > The routine is only executed when a user is an admin user or if the
> > config allows anonymous search.
> 
> Yes, that was the intention. If, however, the previous version allowed
> your use case (you can get you own information but no-one else's), it
> is a regression and we should fix it.
> 
> I thought get-your-own-information worked in the anonymous search
> scenario, but I have no way of actually testing that. Did you try not
> to specify search.user and set search.anonymous = true?
> 
> Could you send us your old authentication-ldap.cfg that used to work?
> 
> > LDAP servers mostly use a challenge
> > response system where information for a person is supplied from a netid
> > (user name) and a correct password. That is; you can get you own
> > information but no-one else's.
> 
> As a workaround / supported use case, you could set up search.user to
> be a new LDAP user with search access to all user's attributes (only
> those needed by DSpace).
> 
> 
> Regards,
> ~~helix84
> 
> Compulsory reading: DSpace Mailing List Etiquette
> https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

-- 
#---#
#LDAP AUTHENTICATION CONFIGURATIONS-#
#---#
# Configuration properties used by the LDAP Authentication  #
# plugin, when it is enabled.   #
#---#
#
# In order to enable LDAP Authentication, you must first ensure the
# 'org.dspace.authenticate.LDAPAuthentication' OR 
# 'org.dspace.authenticate.LDAPHierarchicalAuthentication'
# class is added to the list of enabled AuthenticationMethods in 
'authenticate.cfg'.  
# See 'authenticate.cfg' for more info.
#
# If LDAP is enabled, then new users will be able to register
# by entering their username and  password without being sent the
# registration token. If users do not have a username and password,
# then they  can still register and login with just their email address
# the same way they do now.
#
# For providing any special privileges to LDAP users,
# you will still need to extend the SiteAuthenticator class to
# automatically put people who have a netid into a special
# group.  You might also want to give certain email addresses
# special privileges. Refer to the DSpace documentation for more
# information about how to do this.
#
# It may be necessary to obtain the values of these settings from the
# LDAP server administrators as LDAP configuration will vary from server
# to server.

# This setting will enable or disable LDAP authentication in DSpace.
# With the setting off, users will be required to register and login with
# their email address.  With this setting on, users will be able to login
# and register with their LDAP user ids and passwords.
# This setting is only used by the JSPUI.
enable = true


# LDAP AutoRegister Settings #

# This will turn LDAP autoregistration on or off.  With this
# on, a new EPerson object will be created for any user who
# successfully authenticates against the LDAP server when they
# first login.  With this setting off, the user
# must first register to get an EPerson object by
# entering their ldap username and password and filling out
# the forms.
autoregister = true


# This is the url to the institution's ldap server. The /o=myu.edu
# may or may not be required depending on the LDAP server setup.
# A server may also require the ldaps:// protocol.
#provider_url = ldap://ldap.myu.edu/o=myu.edu
provider_url = ldap://ldap.library.usyd.edu.au

# This is the unique identifier field in the LDAP directory
# where the username is stored.
#id_field = uid
id_field = uid

# This is the object context used when authenticating the
# user.  It is appended to the id_field and username.
# For example uid=username,ou=people,o=myu.edu.  This must match
# the LDAP server configuration.
#object_context = ou=people,o=myu.edu
object_context = ou=people,dc=ucc,dc=usyd,dc=edu,dc=au

# This is the search context used when looking up a user's
# LDAP object to retrieve their data for autoregistering.
# With autoregister turned on, when a user authenticates
# without an EPerson object, a search on the LDAP directory to
# get their name and email address is initiated so that DSpace
# can create a EPerson object for them.  So after we have a

Re: [Dspace-tech] DSpace LDAP authentication problem

2013-07-29 Thread helix84 
On Mon, Jul 29, 2013 at 6:58 AM, Keir Vaughan-Taylor  wrote:
> The routine is only executed when a user is an admin user or if the
> config allows anonymous search.

Yes, that was the intention. If, however, the previous version allowed
your use case (you can get you own information but no-one else's), it
is a regression and we should fix it.

I thought get-your-own-information worked in the anonymous search
scenario, but I have no way of actually testing that. Did you try not
to specify search.user and set search.anonymous = true?

Could you send us your old authentication-ldap.cfg that used to work?

> LDAP servers mostly use a challenge
> response system where information for a person is supplied from a netid
> (user name) and a correct password. That is; you can get you own
> information but no-one else's.

As a workaround / supported use case, you could set up search.user to
be a new LDAP user with search access to all user's attributes (only
those needed by DSpace).


Regards,
~~helix84

Compulsory reading: DSpace Mailing List Etiquette
https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

--
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

Re: [Dspace-tech] DSpace LDAP authentication problem

2013-07-28 Thread helix84 
On Mon, Jul 29, 2013 at 6:58 AM, Keir Vaughan-Taylor  wrote:
> For the time being we cannot update to this new version.

 I'll try to take a look and understand the problem.

For now I wanted to tell you, that there was no change in the
authentication method API - you can simply replace
LDAPAuthentication.java or LDAPAuthenticationHierarchical.java with an
older version or with your modified version. It will compile and work
just fine.


Regards,
~~helix84

Compulsory reading: DSpace Mailing List Etiquette
https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

--
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

Re: [Dspace-tech] DSpace LDAP authentication problem

2013-07-28 Thread Keir Vaughan-Taylor 

Today I started debugging why the ldap fields are not populating in
version DSpace 3.1. and why the email address get assigned the netid
with the letters "null" appended.

Inserting debug lines and recompiling the LDAPAuthentication module I
have found that the routine ldap.getDNOfUser in the SpeakerToLDAP is not
being executed. This routine contains the code to assign ldap variables
such as phone, first name, last name  are not populating the ldap
instance variables.   ldap.getDNOfUser was previously called
ldapAuthenticate.

The routine is only executed when a user is an admin user or if the
config allows anonymous search. LDAP servers mostly use a challenge
response system where information for a person is supplied from a netid
(user name) and a correct password. That is; you can get you own
information but no-one else's.

The ldapAuthenticate used to verify if the user was legitimate but now
replaced with "getDNOfUser" it no longer seems to do that. 

I think this is a bug rather than a feature and hopefully we can get it
corrected.

For the time being we cannot update to this new version.




On Mon, 2013-07-29 at 00:59 +0200, helix84 wrote:
> On Sat, Jul 27, 2013 at 12:51 AM, Keir Vaughan-Taylor  
> wrote:
> > Okay thanks for that.
> > I have written an LDAPAuthentication module that does do the mapping to
> > group by LDAP field and we have been using it for some years.
> >
> > When I saw the group feature and (misunderstood its workings) I thought
> > great! Every time a new version of DSpace comes out I have to step
> > through the new LDAP code and merge my  code into the new changes in the
> > LDAPAuthenictation module which is time consuming and never works the
> > first time.
> >
> > I have in the past sent the code to the DSpace development group but I
> > understand there is a lot going on and it was forgotten.  If anyone in
> > the development team is interested I would be glad to supply the code
> > again and hopefully they would include it in  future releases and save
> > me this regular task.
> 
> You're right about that keeping customizations up-to-date with latest
> code can be a bother. In fact, this is the main reason why most people
> become DSpace contributors (and later commiters) - to move the
> maintenance burden away from yourself or your institution and simply
> receive them as part of the upstream DSpace package.
> 
> I'm sorry to hear that your contribution was ignored in the past. It's
> a manpower problem - there are too few people reviewing patches. While
> this is primarily the responsibility of commiters (there are quite few
> of us, too), you can help by testing patches other people sent to Jira
> and submitting your review to Jira comments. Asking us to put reviewed
> changes into DSpace is much better than waiting for us to review them.
> 
> I'll be happy to review this particular feature you're proposing. What
> was the old Jira issue number? If you're going to port it to the
> latest code (git master branch), please make sure it is configurable
> in the same way as the new login.groupmap.* feature. They do the same
> thing, so they should look the same to the user. I suggest calling it
> login.groupmap-attr.*. We'll have the 4.0 feature freeze coming up in
> a few weeks, so please submit it as soon as possible.
> 
> 
> Regards,
> ~~helix84
> 
> Compulsory reading: DSpace Mailing List Etiquette
> https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

-- 


--
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

Re: [Dspace-tech] DSpace LDAP authentication problem

2013-07-28 Thread helix84 
On Sat, Jul 27, 2013 at 12:51 AM, Keir Vaughan-Taylor  wrote:
> Okay thanks for that.
> I have written an LDAPAuthentication module that does do the mapping to
> group by LDAP field and we have been using it for some years.
>
> When I saw the group feature and (misunderstood its workings) I thought
> great! Every time a new version of DSpace comes out I have to step
> through the new LDAP code and merge my  code into the new changes in the
> LDAPAuthenictation module which is time consuming and never works the
> first time.
>
> I have in the past sent the code to the DSpace development group but I
> understand there is a lot going on and it was forgotten.  If anyone in
> the development team is interested I would be glad to supply the code
> again and hopefully they would include it in  future releases and save
> me this regular task.

You're right about that keeping customizations up-to-date with latest
code can be a bother. In fact, this is the main reason why most people
become DSpace contributors (and later commiters) - to move the
maintenance burden away from yourself or your institution and simply
receive them as part of the upstream DSpace package.

I'm sorry to hear that your contribution was ignored in the past. It's
a manpower problem - there are too few people reviewing patches. While
this is primarily the responsibility of commiters (there are quite few
of us, too), you can help by testing patches other people sent to Jira
and submitting your review to Jira comments. Asking us to put reviewed
changes into DSpace is much better than waiting for us to review them.

I'll be happy to review this particular feature you're proposing. What
was the old Jira issue number? If you're going to port it to the
latest code (git master branch), please make sure it is configurable
in the same way as the new login.groupmap.* feature. They do the same
thing, so they should look the same to the user. I suggest calling it
login.groupmap-attr.*. We'll have the 4.0 feature freeze coming up in
a few weeks, so please submit it as soon as possible.


Regards,
~~helix84

Compulsory reading: DSpace Mailing List Etiquette
https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

--
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

Re: [Dspace-tech] DSpace LDAP authentication problem

2013-07-26 Thread Keir Vaughan-Taylor 

Okay thanks for that. 
I have written an LDAPAuthentication module that does do the mapping to
group by LDAP field and we have been using it for some years.

When I saw the group feature and (misunderstood its workings) I thought
great! Every time a new version of DSpace comes out I have to step
through the new LDAP code and merge my  code into the new changes in the
LDAPAuthenictation module which is time consuming and never works the
first time.

I have in the past sent the code to the DSpace development group but I
understand there is a lot going on and it was forgotten.  If anyone in
the development team is interested I would be glad to supply the code
again and hopefully they would include it in  future releases and save
me this regular task.


On Fri, 2013-07-26 at 09:59 +0200, helix84 wrote:
> On Thu, Jul 25, 2013 at 11:47 PM, Keir Vaughan-Taylor  
> wrote:
> > USYDPERSONENTITLEMENT: staff
> 
> Hi Keir,
> 
> the groupmap option doesn't work with attributes. It only tries to
> match components of the full DN. So you could match e.g. ou=people or
> dc=ucc:
> login.groupmap.1 = dc=ucc:dspace-group-for-ucc
> 
> I agree that an option to assign group based on attributes would be
> nice, it just doesn't currently work that way. The modification to
> LDAPAuthentication.java wouldn't be hard, if you want to try.
> 
> I have yet to look the null problem.
> 
> 
> Regards,
> ~~helix84
> 
> Compulsory reading: DSpace Mailing List Etiquette
> https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette



--
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

Re: [Dspace-tech] DSpace LDAP authentication problem

2013-07-26 Thread helix84 
The difference I see between your DSpace configuration and your
ldapsearch is that in DSpace you're using anonymous bind, in
ldapsearch you're binding as resotest. Try setting:

search.anonymous = false
search.user = uid=resotest,ou=people,dc=ucc,dc=usyd,dc=edu,dc=au
search.password = resotestpassword

Try that first and let me know if it helped.


Regards,
~~helix84

Compulsory reading: DSpace Mailing List Etiquette
https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

--
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

Re: [Dspace-tech] DSpace LDAP authentication problem

2013-07-26 Thread helix84 
On Thu, Jul 25, 2013 at 11:47 PM, Keir Vaughan-Taylor  wrote:
> USYDPERSONENTITLEMENT: staff

Hi Keir,

the groupmap option doesn't work with attributes. It only tries to
match components of the full DN. So you could match e.g. ou=people or
dc=ucc:
login.groupmap.1 = dc=ucc:dspace-group-for-ucc

I agree that an option to assign group based on attributes would be
nice, it just doesn't currently work that way. The modification to
LDAPAuthentication.java wouldn't be hard, if you want to try.

I have yet to look the null problem.


Regards,
~~helix84

Compulsory reading: DSpace Mailing List Etiquette
https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

--
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

Re: [Dspace-tech] DSpace LDAP authentication problem

2013-07-25 Thread helix84 
On Thu, Jul 25, 2013 at 12:42 AM, Keir Vaughan-Taylor  wrote:
> LifeH2O is correct in that it is the email address being populated with
> NULL characters added to the username.

Is this the "email" column or the "netid" column of the "eperson"
table, or both?

Please, also send your whole LDAP configuration. I'm especially
interested in your value of id_field.

> I can see this using the unix command ldapsearch

Just to make sure, when you do ldapsearch, are you binding as the same
user as dspace? E.g. anonymous search or a particular admin user in
both cases? Attributes can have different visibility for different
LDAP users.


Regards,
~~helix84

Compulsory reading: DSpace Mailing List Etiquette
https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

--
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

Re: [Dspace-tech] DSpace LDAP authentication problem

2013-07-24 Thread Keir Vaughan-Taylor 
LifeH2O is correct in that it is the email address being populated with
NULL characters added to the username. 

I noticed also  if i delete a test user and re-autoregister the first
name last name phone and so on is not picked up.

In config/modules/authentication-ldap.cfg the email variable is set

email_field = mail   

with "mail: myu...@mail.usyd.edu.au"  being the field returned by the
LDAP server. I can see this using the unix command ldapsearch

Also other prior versions of DSpace these fields are picked up okay from
the same LDAP server.



From:   helix84 
Reply-to:   heli...@centrum.sk
To: k...@usyd.edu.au
Cc: dspace-tech@lists.sourceforge.net
Subject:    Re: [Dspace-tech] DSpace LDAP authentication problem
Date:   07/24/2013 08:44:00 PM


On Wed, Jul 24, 2013 at 3:00 AM, Keir Vaughan-Taylor 
wrote:
> My problem arises in that an undregistered user get authenticated and
> entered into DSpace but their user name is modified to contain the
> letters "NULL" after their user name. How can I prevent this
happening?

I assume you're using autoregister = true.

These are the fields that map LDAP attributes to DSpace ePerson
surname and given name. Please, check that these attributes are
present and have values in your LDAP.

[dspace]/modules/authentication-ldap.cfg:
surname_field = sn
givenname_field = givenName

Please, remember that if you change this, the users who already
autoregistered will not have the existing values updated on login, so
either try this on a new person who never logged in or delete the
dspace user so that he can autoregister again upon next login.


Regards,
~~helix84

Compulsory reading: DSpace Mailing List Etiquette
https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette



On Wed, 2013-07-24 at 03:35 -0700, LifeH2O wrote:
> For me null is added to email address (for which I ask user to enter correct
> email address) not the user name. Please recheck.
> 
> 
> 
> --
> View this message in context: 
> http://dspace.2283337.n4.nabble.com/DSpace-LDAP-authentication-problem-tp4665853p4665865.html
> Sent from the DSpace - Tech mailing list archive at Nabble.com.
> 
> --
> See everything from the browser to the database with AppDynamics
> Get end-to-end visibility with application monitoring from AppDynamics
> Isolate bottlenecks and diagnose root cause in seconds.
> Start your free trial of AppDynamics Pro today!
> http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
> ___
> DSpace-tech mailing list
> DSpace-tech@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/dspace-tech
> List Etiquette: 
> https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette





-- 


--
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

Re: [Dspace-tech] DSpace LDAP authentication problem

2013-07-24 Thread helix84 
On Wed, Jul 24, 2013 at 3:00 AM, Keir Vaughan-Taylor  wrote:
> My problem arises in that an undregistered user get authenticated and
> entered into DSpace but their user name is modified to contain the
> letters "NULL" after their user name. How can I prevent this happening?

I assume you're using autoregister = true.

These are the fields that map LDAP attributes to DSpace ePerson
surname and given name. Please, check that these attributes are
present and have values in your LDAP.

[dspace]/modules/authentication-ldap.cfg:
surname_field = sn
givenname_field = givenName

Please, remember that if you change this, the users who already
autoregistered will not have the existing values updated on login, so
either try this on a new person who never logged in or delete the
dspace user so that he can autoregister again upon next login.


Regards,
~~helix84

Compulsory reading: DSpace Mailing List Etiquette
https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

--
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

Re: [Dspace-tech] DSpace LDAP authentication problem

2013-07-24 Thread LifeH2O 
For me null is added to email address (for which I ask user to enter correct
email address) not the user name. Please recheck.



--
View this message in context: 
http://dspace.2283337.n4.nabble.com/DSpace-LDAP-authentication-problem-tp4665853p4665865.html
Sent from the DSpace - Tech mailing list archive at Nabble.com.

--
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

[Dspace-tech] DSpace LDAP authentication problem

2013-07-23 Thread Keir Vaughan-Taylor 
I have installed DSpace 3.1 on a test machine.
I want to use the new feature where a new user authenticate with an LDAP
server and then based on an LDAP field result they are registered and
placed in a group appropriate to that LDAP field.

So for example the entry in authentication-ldap.cfg
is

login.groupmap.1 = USYDPERSONENTITLEMENT=staff:staffsubmit
login.groupmap.2 = USYDPERSONENTITLEMENT=enrolled:studentsubmit
Thus is the LDAP field USYDPERSONENTITLEMENT is staff they get put into
the DSpace group staffsubmit

My problem arises in that an undregistered user get authenticated and
entered into DSpace but their user name is modified to contain the
letters "NULL" after their user name. How can I prevent this happening?


-- 


--
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

Re: [Dspace-tech] DSpace LDAP + TLS

2013-03-13 Thread Hilton Gibson 
Found this on wikipedia: It should be noted that some "LDAPS" client
libraries only encrypt communication, they do not check the host name
against the name in the supplied
certificate.[13]

LDAPS was used with LDAPv2, because the StartTLS operation had not yet been
defined. The use of LDAPS is deprecated, and modern software should only
use StartTLS.

See:
http://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol#StartTLS




On 13 March 2013 21:57, Walker Sampson  wrote:

> Thank you both for the feedback, and helix84 for posting an issue on it -
> much obliged.
>
> As it stands now TLS is rigid requirement for LDAP, so LDAPS doesn't
> appear to be an option. The repository runs behind a firewall but other
> LDAP clients do not.
>
> In any case there are alternatives, and if I do sort out something with
> TLS I'll be sure to post back.
>
> Best-
> Walker
>
> On 03/13/2013 10:17 AM, Hilton Gibson wrote:
>
>> "Hilton's response is in this case inaccurate, because he's talking
>> only about securing the connection of DSpace with the client"
>>
>> I did not look at port 636 because I was not sure what to do with the
>> cert on the server side.
>> Anyway our LDAP connection is behind our campus firewall but if yours is
>> outside, then you have a problem.
>>
>>
>> On 13 March 2013 17:02, helix84 > > wrote:
>>
>> On Wed, Mar 13, 2013 at 3:17 PM, Walker Sampson
>> > >
>> wrote:
>>  > I'm running DSpace 3.1 and would like to set up LDAP. I
>> understand from
>>  > our own IT that their LDAP requires authenticated bind lookup and
>> TLS
>>  > encryption.
>>  >
>>  >  From reading the authentication-ldap.cfg file it appears DSpace
>> does
>>  > support authenticated bind lookups, but I'm unsure as to whether it
>>  > supports TLS encryption, which I suppose would be in the form of
>> StartTLS.
>>  >
>>  > Does anyone have experience with this?
>>
>> Hi Walker,
>>
>> you're right, the DSpace LDAPAuthentication module doesn't support
>> StartTLS. I agree that it's a serious omission and should be
>> corrected. I filed a new Jira issue to keep track of this task:
>> 
>> https://jira.duraspace.org/**browse/DS-1518
>>
>> I also explained some details there and gave some pointers, so you may
>> try to di it yourself. If you are successfull, please contribute your
>> code so that we can test it and include it into future DSpace
>> versions.
>>
>> Hilton's response is in this case inaccurate, because he's talking
>> only about securing the connection of DSpace with the client, while
>> you're asking about connection of DSpace with the LDAP server. Of
>> course, both connections should be secured.
>>
>>
>> Regards,
>> ~~helix84
>>
>> Compulsory reading: DSpace Mailing List Etiquette
>> 
>> https://wiki.duraspace.org/**display/DSPACE/Mailing+List+**Etiquette
>>
>> --**--**
>> --
>> Everyone hates slow websites. So do we.
>> Make your web apps faster with AppDynamics
>> Download AppDynamics Lite for free today:
>> http://p.sf.net/sfu/appdyn_**d2d_mar
>> __**_
>> DSpace-tech mailing list
>> DSpace-tech@lists.sourceforge.**net
>> 
>> > >
>> 
>> https://lists.sourceforge.net/**lists/listinfo/dspace-tech
>> List Etiquette:
>> 
>> https://wiki.duraspace.org/**display/DSPACE/Mailing+List+**Etiquette
>>
>>
>>
>>
>> --
>> *Hilton Gibson*
>> Systems Administrator
>> JS Gericke Library
>> Room 1025D
>> Stellenbosch University
>> Private Bag X5036
>> Stellenbosch
>> 7599
>> South Africa
>>
>> Tel: +27 21 808 4100 | Cell: +27 84 646 4758
>> http://library.sun.ac.za
>> http://scholar.sun.ac.za
>> http://ar1.sun.ac.za
>> http://aj1.sun.ac.za
>>
>
> --
> Walker Sampson
> Electronic Records Analyst, Government Records
> Mississippi Department of Archives & History
> 601-576-6929
> wsamp...@mdah.state.ms.us
>



-- 
*Hilton Gibson*
Systems Administrator
JS Gericke Library
Room 1025D
Stellenbosch University
Private Bag X5036
Stellenbosch
7599
South Africa

Tel: +27 21 808 4100 | Cell: +27 84 646 4758
http://library.sun.ac.za
http://scholar.sun.ac.za
http://ar1.sun.ac.za
http://aj1.sun.ac.za
--
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/

Re: [Dspace-tech] DSpace LDAP + TLS

2013-03-13 Thread Walker Sampson 
Thank you both for the feedback, and helix84 for posting an issue on it 
- much obliged.

As it stands now TLS is rigid requirement for LDAP, so LDAPS doesn't 
appear to be an option. The repository runs behind a firewall but other 
LDAP clients do not.

In any case there are alternatives, and if I do sort out something with 
TLS I'll be sure to post back.

Best-
Walker

On 03/13/2013 10:17 AM, Hilton Gibson wrote:
> "Hilton's response is in this case inaccurate, because he's talking
> only about securing the connection of DSpace with the client"
>
> I did not look at port 636 because I was not sure what to do with the
> cert on the server side.
> Anyway our LDAP connection is behind our campus firewall but if yours is
> outside, then you have a problem.
>
>
> On 13 March 2013 17:02, helix84  > wrote:
>
> On Wed, Mar 13, 2013 at 3:17 PM, Walker Sampson
> mailto:wsamp...@mdah.state.ms.us>> wrote:
>  > I'm running DSpace 3.1 and would like to set up LDAP. I
> understand from
>  > our own IT that their LDAP requires authenticated bind lookup and TLS
>  > encryption.
>  >
>  >  From reading the authentication-ldap.cfg file it appears DSpace does
>  > support authenticated bind lookups, but I'm unsure as to whether it
>  > supports TLS encryption, which I suppose would be in the form of
> StartTLS.
>  >
>  > Does anyone have experience with this?
>
> Hi Walker,
>
> you're right, the DSpace LDAPAuthentication module doesn't support
> StartTLS. I agree that it's a serious omission and should be
> corrected. I filed a new Jira issue to keep track of this task:
> https://jira.duraspace.org/browse/DS-1518
>
> I also explained some details there and gave some pointers, so you may
> try to di it yourself. If you are successfull, please contribute your
> code so that we can test it and include it into future DSpace
> versions.
>
> Hilton's response is in this case inaccurate, because he's talking
> only about securing the connection of DSpace with the client, while
> you're asking about connection of DSpace with the LDAP server. Of
> course, both connections should be secured.
>
>
> Regards,
> ~~helix84
>
> Compulsory reading: DSpace Mailing List Etiquette
> https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
>
> 
> --
> Everyone hates slow websites. So do we.
> Make your web apps faster with AppDynamics
> Download AppDynamics Lite for free today:
> http://p.sf.net/sfu/appdyn_d2d_mar
> ___
> DSpace-tech mailing list
> DSpace-tech@lists.sourceforge.net
> 
> https://lists.sourceforge.net/lists/listinfo/dspace-tech
> List Etiquette:
> https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
>
>
>
>
> --
> *Hilton Gibson*
> Systems Administrator
> JS Gericke Library
> Room 1025D
> Stellenbosch University
> Private Bag X5036
> Stellenbosch
> 7599
> South Africa
>
> Tel: +27 21 808 4100 | Cell: +27 84 646 4758
> http://library.sun.ac.za
> http://scholar.sun.ac.za
> http://ar1.sun.ac.za
> http://aj1.sun.ac.za

-- 
Walker Sampson
Electronic Records Analyst, Government Records
Mississippi Department of Archives & History
601-576-6929
wsamp...@mdah.state.ms.us

--
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_mar
___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

Re: [Dspace-tech] DSpace LDAP + TLS

2013-03-13 Thread helix84 
On Wed, Mar 13, 2013 at 4:17 PM, Hilton Gibson  wrote:
> "Hilton's response is in this case inaccurate, because he's talking
> only about securing the connection of DSpace with the client"
>
> I did not look at port 636 because I was not sure what to do with the cert
> on the server side.

You mean on the LDAP server side?

http://www.openldap.org/pub/ksoper/OpenLDAP_TLS.html

> Anyway our LDAP connection is behind our campus firewall but if yours is
> outside, then you have a problem.

Yes, that's why I used the generic term "to secure the connection".
E.g. if you have the communication between DSpace and LDAP contained
within a completely separate VLAN, it's adequate. It's necessary to
keep in mind that LDAP is essentially plain text.


Regards,
~~helix84

Compulsory reading: DSpace Mailing List Etiquette
https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

--
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_mar
___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

Re: [Dspace-tech] DSpace LDAP + TLS

2013-03-13 Thread Hilton Gibson 
"Hilton's response is in this case inaccurate, because he's talking
only about securing the connection of DSpace with the client"

I did not look at port 636 because I was not sure what to do with the cert
on the server side.
Anyway our LDAP connection is behind our campus firewall but if yours is
outside, then you have a problem.


On 13 March 2013 17:02, helix84  wrote:

> On Wed, Mar 13, 2013 at 3:17 PM, Walker Sampson
>  wrote:
> > I'm running DSpace 3.1 and would like to set up LDAP. I understand from
> > our own IT that their LDAP requires authenticated bind lookup and TLS
> > encryption.
> >
> >  From reading the authentication-ldap.cfg file it appears DSpace does
> > support authenticated bind lookups, but I'm unsure as to whether it
> > supports TLS encryption, which I suppose would be in the form of
> StartTLS.
> >
> > Does anyone have experience with this?
>
> Hi Walker,
>
> you're right, the DSpace LDAPAuthentication module doesn't support
> StartTLS. I agree that it's a serious omission and should be
> corrected. I filed a new Jira issue to keep track of this task:
> https://jira.duraspace.org/browse/DS-1518
>
> I also explained some details there and gave some pointers, so you may
> try to di it yourself. If you are successfull, please contribute your
> code so that we can test it and include it into future DSpace
> versions.
>
> Hilton's response is in this case inaccurate, because he's talking
> only about securing the connection of DSpace with the client, while
> you're asking about connection of DSpace with the LDAP server. Of
> course, both connections should be secured.
>
>
> Regards,
> ~~helix84
>
> Compulsory reading: DSpace Mailing List Etiquette
> https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
>
>
> --
> Everyone hates slow websites. So do we.
> Make your web apps faster with AppDynamics
> Download AppDynamics Lite for free today:
> http://p.sf.net/sfu/appdyn_d2d_mar
> ___
> DSpace-tech mailing list
> DSpace-tech@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/dspace-tech
> List Etiquette:
> https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
>



-- 
*Hilton Gibson*
Systems Administrator
JS Gericke Library
Room 1025D
Stellenbosch University
Private Bag X5036
Stellenbosch
7599
South Africa

Tel: +27 21 808 4100 | Cell: +27 84 646 4758
http://library.sun.ac.za
http://scholar.sun.ac.za
http://ar1.sun.ac.za
http://aj1.sun.ac.za
--
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_mar___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

Re: [Dspace-tech] DSpace LDAP + TLS

2013-03-13 Thread helix84 
On Wed, Mar 13, 2013 at 3:17 PM, Walker Sampson
 wrote:
> I'm running DSpace 3.1 and would like to set up LDAP. I understand from
> our own IT that their LDAP requires authenticated bind lookup and TLS
> encryption.
>
>  From reading the authentication-ldap.cfg file it appears DSpace does
> support authenticated bind lookups, but I'm unsure as to whether it
> supports TLS encryption, which I suppose would be in the form of StartTLS.
>
> Does anyone have experience with this?

Hi Walker,

you're right, the DSpace LDAPAuthentication module doesn't support
StartTLS. I agree that it's a serious omission and should be
corrected. I filed a new Jira issue to keep track of this task:
https://jira.duraspace.org/browse/DS-1518

I also explained some details there and gave some pointers, so you may
try to di it yourself. If you are successfull, please contribute your
code so that we can test it and include it into future DSpace
versions.

Hilton's response is in this case inaccurate, because he's talking
only about securing the connection of DSpace with the client, while
you're asking about connection of DSpace with the LDAP server. Of
course, both connections should be secured.


Regards,
~~helix84

Compulsory reading: DSpace Mailing List Etiquette
https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

--
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_mar
___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

Re: [Dspace-tech] DSpace LDAP + TLS

2013-03-13 Thread Hilton Gibson 
Hi Walker

We use LDAP with a secure connection.
See:
http://wiki.lib.sun.ac.za/index.php/SUNScholar/Secure_Internet_Connections
And: http://wiki.lib.sun.ac.za/index.php/SUNScholar/User_Management

Therefore, once logged in, all traffic is secure, including initial login.

Cheers

hg


On 13 March 2013 16:17, Walker Sampson  wrote:

> I'm running DSpace 3.1 and would like to set up LDAP. I understand from
> our own IT that their LDAP requires authenticated bind lookup and TLS
> encryption.
>
>  From reading the authentication-ldap.cfg file it appears DSpace does
> support authenticated bind lookups, but I'm unsure as to whether it
> supports TLS encryption, which I suppose would be in the form of StartTLS.
>
> Does anyone have experience with this?
>
> Thank you,
> Walker
>
>
> --
> Everyone hates slow websites. So do we.
> Make your web apps faster with AppDynamics
> Download AppDynamics Lite for free today:
> http://p.sf.net/sfu/appdyn_d2d_mar
> ___
> DSpace-tech mailing list
> DSpace-tech@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/dspace-tech
> List Etiquette:
> https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
>



-- 
*Hilton Gibson*
Systems Administrator
JS Gericke Library
Room 1025D
Stellenbosch University
Private Bag X5036
Stellenbosch
7599
South Africa

Tel: +27 21 808 4100 | Cell: +27 84 646 4758
http://library.sun.ac.za
http://scholar.sun.ac.za
http://ar1.sun.ac.za
http://aj1.sun.ac.za
--
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_mar___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

[Dspace-tech] DSpace LDAP + TLS

2013-03-13 Thread Walker Sampson 
I'm running DSpace 3.1 and would like to set up LDAP. I understand from 
our own IT that their LDAP requires authenticated bind lookup and TLS 
encryption.

 From reading the authentication-ldap.cfg file it appears DSpace does 
support authenticated bind lookups, but I'm unsure as to whether it 
supports TLS encryption, which I suppose would be in the form of StartTLS.

Does anyone have experience with this?

Thank you,
Walker

--
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_mar
___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

Re: [Dspace-tech] DSpace LDAP schema

2010-11-02 Thread Stuart Lewis 
Hi Edgaraa,

> Does DSpace have any specific LDAP schema? Or is it perfectly enough to
> use just standard oranizationalPerson, inetOrgPerson object classes?

DSpace is very flexible - just configure the right ldap field names in 
dspace.cfg

For example:

 ldap.provider_url = ldap://ldap.testathon.net:389/
 ldap.id_field = cn
 ldap.object_context = OU=users,DC=testathon,DC=net
 ldap.search_context = OU=users,DC=testathon,DC=net
 ldap.email_field = mail
 ldap.surname_field = sn
 ldap.givenname_field = givenName
 ldap.phone_field = telephoneNumber

Thanks,


Stuart Lewis
IT Innovations Analyst and Developer
Te Tumu Herenga The University of Auckland Library
Auckland Mail Centre, Private Bag 92019, Auckland 1142, New Zealand
Ph: +64 (0)9 373 7599 x81928


--
Nokia and AT&T present the 2010 Calling All Innovators-North America contest
Create new apps & games for the Nokia N8 for consumers in  U.S. and Canada
$10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing
Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store 
http://p.sf.net/sfu/nokia-dev2dev
___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech

[Dspace-tech] DSpace LDAP schema

2010-11-02 Thread Edgaras 
Hello,

does DSpace have any specific LDAP schema? Or is it perfectly enough to
use just standard oranizationalPerson, inetOrgPerson object classes?


--
Nokia and AT&T present the 2010 Calling All Innovators-North America contest
Create new apps & games for the Nokia N8 for consumers in  U.S. and Canada
$10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing
Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store 
http://p.sf.net/sfu/nokia-dev2dev
___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech

Re: [Dspace-tech] Dspace LDAP Accounts

2010-01-12 Thread Robin Taylor 
There is another class in 1.5.2 called  LDAPHierarchicalAuthentication, I
don't know if it was in 1.5.1. I just cut and pasted this from the code ...

/**
 * This LDAP authentication method is more complex than the simple
'LDAPAuthentication'
 * in that it allows authentication against structured heirarchical LDAP
trees of
 * users. An initial bind is required using a user name and password in
order to
 * searchthe tree and find the DN of the user. A second bind is then
required to
 * chack the credentials of the user by binding directly to their DN.
 *

It would be worth checking with your LDAP administrator to see if he can
give you any guidance about the structure of your LDAP. 

Its probably obvious that my knowledge here is pretty thin, but I did have a
similar problem to the one you describe and this was the root of my
troubles.

Cheers, Robin.
 




> -Original Message-
> From: Evans, Kevin [mailto:kevin.ev...@exeter.ac.uk] 
> Sent: 12 January 2010 16:31
> To: rtayl...@staffmail.ed.ac.uk; dspace-tech@lists.sourceforge.net
> Subject: RE: [Dspace-tech] Dspace LDAP Accounts
> 
> Hi Robin,
> 
> We are using dspace 1.5.1 (I think)
> 
> We are using org.dspace.authenticate.LDAPAuthentication in dspace.cfg
> 
> Kevin 
> 
> -Original Message-
> From: Robin Taylor [mailto:robin.tay...@ed.ac.uk]
> Sent: 12 January 2010 14:48
> To: Evans, Kevin; dspace-tech@lists.sourceforge.net
> Subject: RE: [Dspace-tech] Dspace LDAP Accounts
> 
> Hi Kevin,
> 
> I am definitely no expert but here goes anyway... I think it 
> depends on the structure of your LDAP. It seems there are 
> typically two types, one flat and one hierarchical. My guess 
> is that yours is the hierarchical and you are finding matches 
> for those users at the level you are coming in at, but you 
> are missing out on those further down the tree. I think that 
> the latest version of Dspace comes with 2 LDAP 
> authenticators. Can you find out which one you are using ?
> 
> Cheers, Robin. 
>   
> 
> > -Original Message-
> > From: Evans, Kevin [mailto:kevin.ev...@exeter.ac.uk]
> > Sent: 12 January 2010 13:06
> > To: 'dspace-tech@lists.sourceforge.net'
> > Subject: [Dspace-tech] Dspace LDAP Accounts
> > 
> > Hi,
> >  
> > We have set up LDAP Authentication on our Dspace repository, and is 
> > configured correctly.
> >  
> > BUT, only some users are able to access the repository using LDAP, 
> > others are not (all exist in our LDAP)
> >  
> > Am  I missing something?
> >  
> > Cheers
> >  
> > Kevin
> >  
> >  
> > Kevin Evans MA
> > Web Services Developer,
> > Integration and Webservices,
> > Room 901,
> > 9th Floor, Laver Building,
> > University of Exeter
> > North Park Road,
> > Exeter,
> > EX4 4RN
> > 01392 725573
> > 07775027574
> > http://my.exeter.ac.uk <http://my.exeter.ac.uk/>
> >  
> > Times Higher University of the Year 2007-2008
> >  
> > This email and any attachment may contain information that is 
> > confidential, privileged, or subject to copyright, and which may be 
> > exempt from disclosure under applicable legislation.
> > It is intended for the addressee only. If you received this 
> message in 
> > error, please let me know and delete the email and any attachments 
> > immediately. The University will not accept responsibility for the 
> > accuracy/completeness of this e-mail and its attachments. The 
> > University cannot guarantee that this message and any 
> attachments are 
> > virus free. Any views or opinions expressed in this message 
> are my own 
> > and do not necessarily represent those of the Universitydon't 
> > waste your life reading this trash and get out and live.
> >  
> > 
> 
> 
> --
> The University of Edinburgh is a charitable body, registered 
> in Scotland, with registration number SC005336.
> 
> 


-- 
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.


--
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev 
___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech

Re: [Dspace-tech] Dspace LDAP Accounts

2010-01-12 Thread Evans, Kevin 
Hi Robin,

We are using dspace 1.5.1 (I think)

We are using org.dspace.authenticate.LDAPAuthentication in dspace.cfg

Kevin 

-Original Message-
From: Robin Taylor [mailto:robin.tay...@ed.ac.uk] 
Sent: 12 January 2010 14:48
To: Evans, Kevin; dspace-tech@lists.sourceforge.net
Subject: RE: [Dspace-tech] Dspace LDAP Accounts

Hi Kevin,

I am definitely no expert but here goes anyway... I think it depends on the
structure of your LDAP. It seems there are typically two types, one flat and
one hierarchical. My guess is that yours is the hierarchical and you are
finding matches for those users at the level you are coming in at, but you
are missing out on those further down the tree. I think that the latest
version of Dspace comes with 2 LDAP authenticators. Can you find out which
one you are using ?

Cheers, Robin. 
  

> -Original Message-
> From: Evans, Kevin [mailto:kevin.ev...@exeter.ac.uk]
> Sent: 12 January 2010 13:06
> To: 'dspace-tech@lists.sourceforge.net'
> Subject: [Dspace-tech] Dspace LDAP Accounts
> 
> Hi,
>  
> We have set up LDAP Authentication on our Dspace repository, and is 
> configured correctly.
>  
> BUT, only some users are able to access the repository using LDAP, 
> others are not (all exist in our LDAP)
>  
> Am  I missing something?
>  
> Cheers
>  
> Kevin
>  
>  
> Kevin Evans MA
> Web Services Developer,
> Integration and Webservices,
> Room 901,
> 9th Floor, Laver Building,
> University of Exeter
> North Park Road,
> Exeter,
> EX4 4RN
> 01392 725573
> 07775027574
> http://my.exeter.ac.uk <http://my.exeter.ac.uk/>
>  
> Times Higher University of the Year 2007-2008
>  
> This email and any attachment may contain information that is 
> confidential, privileged, or subject to copyright, and which may be 
> exempt from disclosure under applicable legislation.
> It is intended for the addressee only. If you received this message in 
> error, please let me know and delete the email and any attachments 
> immediately. The University will not accept responsibility for the 
> accuracy/completeness of this e-mail and its attachments. The 
> University cannot guarantee that this message and any attachments are 
> virus free. Any views or opinions expressed in this message are my own 
> and do not necessarily represent those of the Universitydon't 
> waste your life reading this trash and get out and live.
>  
> 


--
The University of Edinburgh is a charitable body, registered in Scotland,
with registration number SC005336.



smime.p7s
Description: S/MIME cryptographic signature
--
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev ___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech

Re: [Dspace-tech] Dspace LDAP Accounts

2010-01-12 Thread Robin Taylor 
Hi Kevin,

I am definitely no expert but here goes anyway... I think it depends on the
structure of your LDAP. It seems there are typically two types, one flat and
one hierarchical. My guess is that yours is the hierarchical and you are
finding matches for those users at the level you are coming in at, but you
are missing out on those further down the tree. I think that the latest
version of Dspace comes with 2 LDAP authenticators. Can you find out which
one you are using ?

Cheers, Robin. 
  

> -Original Message-
> From: Evans, Kevin [mailto:kevin.ev...@exeter.ac.uk] 
> Sent: 12 January 2010 13:06
> To: 'dspace-tech@lists.sourceforge.net'
> Subject: [Dspace-tech] Dspace LDAP Accounts
> 
> Hi, 
>  
> We have set up LDAP Authentication on our Dspace repository, 
> and is configured correctly. 
>  
> BUT, only some users are able to access the repository using 
> LDAP, others are not (all exist in our LDAP)
>  
> Am  I missing something?
>  
> Cheers
>  
> Kevin
>  
>  
> Kevin Evans MA
> Web Services Developer,
> Integration and Webservices,
> Room 901,
> 9th Floor, Laver Building,
> University of Exeter
> North Park Road,
> Exeter,
> EX4 4RN
> 01392 725573
> 07775027574
> http://my.exeter.ac.uk <http://my.exeter.ac.uk/> 
>  
> Times Higher University of the Year 2007-2008
>  
> This email and any attachment may contain information that is 
> confidential, privileged, or subject to copyright, and which 
> may be exempt from disclosure under applicable legislation. 
> It is intended for the addressee only. If you received this 
> message in error, please let me know and delete the email and 
> any attachments immediately. The University will not accept 
> responsibility for the accuracy/completeness of this e-mail 
> and its attachments. The University cannot guarantee that 
> this message and any attachments are virus free. Any views or 
> opinions expressed in this message are my own and do not 
> necessarily represent those of the Universitydon't waste 
> your life reading this trash and get out and live.
>  
> 


-- 
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.


--
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev 
___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech

[Dspace-tech] Dspace LDAP Accounts

2010-01-12 Thread Evans, Kevin 
Hi, 
 
We have set up LDAP Authentication on our Dspace repository, and is
configured correctly. 
 
BUT, only some users are able to access the repository using LDAP, others
are not (all exist in our LDAP)
 
Am  I missing something?
 
Cheers
 
Kevin
 
 
Kevin Evans MA
Web Services Developer,
Integration and Webservices,
Room 901,
9th Floor, Laver Building,
University of Exeter
North Park Road,
Exeter,
EX4 4RN
01392 725573
07775027574
http://my.exeter.ac.uk  
 
Times Higher University of the Year 2007-2008
 
This email and any attachment may contain information that is confidential,
privileged, or subject to copyright, and which may be exempt from disclosure
under applicable legislation. It is intended for the addressee only. If you
received this message in error, please let me know and delete the email and
any attachments immediately. The University will not accept responsibility
for the accuracy/completeness of this e-mail and its attachments. The
University cannot guarantee that this message and any attachments are virus
free. Any views or opinions expressed in this message are my own and do not
necessarily represent those of the Universitydon't waste your life
reading this trash and get out and live.
 
<>

smime.p7s
Description: S/MIME cryptographic signature
--
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev ___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech

Re: [Dspace-tech] DSpace LDAP jungle

2008-01-18 Thread Robin Taylor 
Hi Mathias,

This is what I think has happened - Until 1.4 you had the option of using
the standard login or the LDAP login. If you set ldap.enable=true then you
would be directed to the LDAPServlet and the LDAP login screen. In fact, as
you describe, LDAPServlet also allowed for 'traditional' login if the id was
of the form of an email address, otherwise it assumed it was an LDAP id. I
haven't seen Dspace 1.4 but I have played with 1.5. There is now no need to
set ldap.enable=true, intead you specify a stack of authentication classes
eg

 Stackable Authentication Methods #
# Stack of authentication methods
#  (See org.dspace.authenticate.AuthenticationManager)
plugin.sequence.org.dspace.authenticate.AuthenticationMethod = \
org.dspace.authenticate.PasswordAuthentication, \
org.dspace.authenticate.LDAPAuthentication

I had expected that the authentication would 'fall through' the stack ie if
you failed the password authentication the you would be passed on to the
LDAPAuthentication. However, I was surprised when I was asked to choose
which authentication method I wanted to use (chooser.jsp). This is not
really what I want and I may have to change the code so that the user does
not get a choice. In addition the new class
org.dspace.authenticate.LDAPAuthentication does contain a comment to say it
is untested. Whenever we migrate to 1.5 I will test it but I don't know when
this will be.

Not sure if that helps or just confuses matters further.

Cheers, Robin.


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mathias
Hjelt
Sent: 17 January 2008 07:03
To: dspace-tech@lists.sourceforge.net
Subject: [Dspace-tech] DSpace LDAP jungle

Hi all,

I'm trying to get a grasp of how LDAP is working in DSpace 1.4.2, with or
without patches.

DSpace docs and some earlier posts suggest that LDAP authentication in 1.4.x
is enabled by setting:

ldap.enable = true
plugin.sequence.org.dspace.eperson.AuthenticationMethod = \
org.dspace.eperson.LDAPAuthentication

However, sporadic posts and some stuff on SourceForge suggests that
ldap.enable is "unnecessary". There's also stuff on SourceForge suggesting
that stackable authentication is "broken". And there's a mail by Christophe
Dupriez (18 Nov 2007) suggesting that the LDAPAuthentication class is an
"untested embryon", while other posts suggest that LDAPServlet is obsolete
(even though it seems to be the class doing the hard work!)

All this is rather contradictory, as it seems that both the "unnecessary"
ldap.enable AND the "untested embryon" LDAPAuthentication are needed in
order to have LDAP enabled and working in an unpatched, off-the-shelf DSpace
1.4.2. In fact, this combination of "unnecessary"
and "untested" LDAP stuff works fine. It gives me exactly the end user
experience that I want: a logon screen prompting for username OR email, and
accepts either. The only thing it doesn't give me is support for
hierarchical LDAP, which I badly need (users reside in several different
OU's.)

Now, there is this patch #1597831 on SourceForge which eliminates the
"unnecessary" ldap.enable, "fixes" the apparently broken stackable
authentication, and introduces support for hierarchical LDAP (yay!). It
seems to work (except for when browsing deeper in Active Directory), but
there are some odd things about it. First off, when clicking on My Dspace, I
get a page where I have to choose authentication method.
Cumbersome. What's more, REGARDLESS of which method I choose (and get
redirected to ldap-login or password-login respectively), I can use either
an LDAP username or a dspace account to log in! Why prompt the user for
which method to use, if both "methods" accept both types of credentials?
Also, if invalid credentials (neither valid LDAP nor valid dspace eperson)
are supplied at ldap-login, the "try again" page is served by
password-login. Very, very confusing for the end user and for the
admin/developer..

So, what I'm wondering is: if I need to change the LDAP code somewhat in
order to get LDAP working against multi-OU Active Directory, should I hack
the original DSpace 1.4.2 code (which is confusing with its LDAPServlet vs
LDAPAuthentication split), or should I carry on working with the 1597831
patch (which is confusing in terms of user experience)?
Or should I sit tight and wait for 1.5 and hope that this jungle has been
sorted out by someone else? 

best regards,

Mathias Hjelt


-
This SF.net email is sponsored by: Microsoft Defy all challenges.
Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/
___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/

[Dspace-tech] DSpace LDAP jungle

2008-01-16 Thread Mathias Hjelt 
Hi all,

I'm trying to get a grasp of how LDAP is working in DSpace 1.4.2, with
or without patches.

DSpace docs and some earlier posts suggest that LDAP authentication in
1.4.x is enabled by setting:

ldap.enable = true
plugin.sequence.org.dspace.eperson.AuthenticationMethod = \
org.dspace.eperson.LDAPAuthentication

However, sporadic posts and some stuff on SourceForge suggests that
ldap.enable is "unnecessary". There's also stuff on SourceForge
suggesting that stackable authentication is "broken". And there's a mail
by Christophe Dupriez (18 Nov 2007) suggesting that the
LDAPAuthentication class is an "untested embryon", while other posts
suggest that LDAPServlet is obsolete (even though it seems to be the
class doing the hard work!)

All this is rather contradictory, as it seems that both the
"unnecessary" ldap.enable AND the "untested embryon" LDAPAuthentication
are needed in order to have LDAP enabled and working in an unpatched,
off-the-shelf DSpace 1.4.2. In fact, this combination of "unnecessary"
and "untested" LDAP stuff works fine. It gives me exactly the end user
experience that I want: a logon screen prompting for username OR email,
and accepts either. The only thing it doesn't give me is support for
hierarchical LDAP, which I badly need (users reside in several different
OU's.)

Now, there is this patch #1597831 on SourceForge which eliminates the
"unnecessary" ldap.enable, "fixes" the apparently broken stackable
authentication, and introduces support for hierarchical LDAP (yay!). It
seems to work (except for when browsing deeper in Active Directory), but
there are some odd things about it. First off, when clicking on My
Dspace, I get a page where I have to choose authentication method.
Cumbersome. What's more, REGARDLESS of which method I choose (and get
redirected to ldap-login or password-login respectively), I can use
either an LDAP username or a dspace account to log in! Why prompt the
user for which method to use, if both "methods" accept both types of
credentials? Also, if invalid credentials (neither valid LDAP nor valid
dspace eperson) are supplied at ldap-login, the "try again" page is
served by password-login. Very, very confusing for the end user and for
the admin/developer..

So, what I'm wondering is: if I need to change the LDAP code somewhat in
order to get LDAP working against multi-OU Active Directory, should I
hack the original DSpace 1.4.2 code (which is confusing with its
LDAPServlet vs LDAPAuthentication split), or should I carry on working
with the 1597831 patch (which is confusing in terms of user experience)?
Or should I sit tight and wait for 1.5 and hope that this jungle has
been sorted out by someone else? 

best regards,

Mathias Hjelt


-
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/
___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech

Re: [Dspace-tech] Dspace, LDAP & Windows AD

2007-12-03 Thread Robin Taylor 
Re. the first part of the original question

"The first problem is that I can login and autoregister using CN, but email
address, surname, given name and phone number remain blank."

There was a bug in Dspace 1.4.2 with global/instance variables being used in
a servlet which could result in null values. It looks to have been fixed in
1.5. 

Cheers, Robin.


-Original Message-
From: Robin Taylor [mailto:[EMAIL PROTECTED] 
Sent: 28 November 2007 15:39
To: 'Mohammad Ehtesham'; 'Dámaso Hernández';
'DSpace-tech@lists.sourceforge.net'
Subject: RE: [Dspace-tech] Dspace, LDAP & Windows AD

Hi Mohammed/Damaso,

Is there anything in dspace.log ? If the search for the attributes fails it
should write something to the log. This is the bit of java code that does
it...

log.warn(LogManager.getHeader(context,"ldap_attribute_lookup",
"type=failed_search "+e));

So look for that text in the log.

Cheers, Robin.

Ps. I have attached an alternative LDAP Servlet that authenticates using an
anonymous bind and searches down the tree. I doubt it is of any use to you
but it might be to someone else with LDAP problems looking through the
mailing lists.



-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mohammad
Ehtesham
Sent: 28 November 2007 11:33
To: Dámaso Hernández; DSpace-tech@lists.sourceforge.net
Subject: Re: [Dspace-tech] Dspace, LDAP & Windows AD

Hi,

 

Did anyone got the solution of this problem I am also having the similar
problem with my DSpace 1.4.2 MS AD Ldap integration.

After integration can able to login with the CN but not by the Account id.
Ie. sAMAccount. And the other fields like “email, sn, givenName is also
empty after registration.

 

Regards

Ehtesham

 



From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dámaso
Hernández
Sent: Tuesday, November 13, 2007 1:25 PM
To: DSpace-tech@lists.sourceforge.net
Subject: [Dspace-tech] Dspace, LDAP & Windows AD

 

I´m trying to use DSpace with the users of my Windows 2003 Server domain.
The firs problem is that I can login and autoregister using CN, but email
address, surname, given name and phone number remain blank.

The second problem is that I wanted to use sAMAccount as ldap.id_field so
users can log in with their system usernames. I change ldap.id_field in
dspace.cfg to sAMAccount and than I cannot log in.

Using dspace-1.4.2 and Debian Etch 2.6.18-4-686

Can anybody help?

Thanks.

Damaso.


dspace.cfg ldap configuration:
---
webui.ldap.autoregister = true
ldap.enable = true
ldap.id_field = CN
ldap.object_context = CN=Users,DC=vi,DC=ieo,DC=es ldap.search_context =
CN=Users,DC=vi,DC=ieo,DC=es ldap.email_field = mail ldap.surname_field = sn
ldap.givenname_field = givenName ldap.phone_field = telephoneNumber

One user data in my AD obtained using ldp.exe Windows tool:

---
Expanding base 'CN=Luisa Ferrer,CN=Users,DC=vi,DC=ieo,DC=es'...
Result <0>: (null)
Matched DNs: 
Getting 1 entries:
>> Dn: CN=Luisa Ferrer,CN=Users,DC=vi,DC=ieo,DC=es
4> objectClass: top; person; organizationalPerson; user; 
1> cn: Luisa Ferrer; 
1> sn: Ferrer; 
1> givenName: Luisa; 
1> initials: LF; 
1> distinguishedName: CN=Luisa Ferrer,CN=Users,DC=vi,DC=ieo,DC=es; 
1> instanceType: 4; 
1> whenCreated: 11/27/2003 12:8:49 Hora estándar romance Hora estándar
romance; 
1> whenChanged: 4/21/2005 8:55:0 Hora estándar romance Hora estándar
romance; 
1> displayName: Luisa Ferrer; 
1> uSNCreated: 32233; 
13> memberOf: ... 
1> homeMTA: CN=Microsoft MTA,CN=xx,CN=Servers,CN=Primer grupo
administrativo,CN=Administrative Groups,CN=Vigo,CN=Microsoft
Exchange,CN=Services,CN=Configuration,DC=vi,DC=ieo,DC=es; 
2> proxyAddresses: SMTP:[EMAIL PROTECTED]; X400:c=ES;a=
;p=Vigo;o=Exchange;s=Ferrer;g=Luisa;i=MF;;
...
1> name: Matilde Ferrer;
...
1> sAMAccountName: luisa; 
1> sAMAccountType: 805306368;
...
1> legacyExchangeDN: /o=Vigo/ou=Primer grupo
administrativo/cn=Recipients/cn=luisa;

1> mail: [EMAIL PROTECTED] ; 
1> msExchHomeServerName: /o=Vigo/ou=Primer grupo
administrativo/cn=Configuration/cn=Servers/cn=xx;


DISCLAIMER:"The information contained in this message and the attachments
(if any) may be privileged and confidential and protected from disclosure.
You are hereby notified that any unauthorized use, dissemination,
distribution or copying of this communication, review, retransmission, or
taking of any action based upon this information, by persons or entities
other than the intended recipient, is strictly prohibited. If you are not
the intended recipient or an employee or agent responsible for delivering
this message, and

Re: [Dspace-tech] Dspace, LDAP & Windows AD

2007-11-28 Thread Robin Taylor 
Hi Mohammed/Damaso,

Is there anything in dspace.log ? If the search for the attributes fails it
should write something to the log. This is the bit of java code that does
it...

log.warn(LogManager.getHeader(context,"ldap_attribute_lookup",
"type=failed_search "+e));

So look for that text in the log.

Cheers, Robin.

Ps. I have attached an alternative LDAP Servlet that authenticates using an
anonymous bind and searches down the tree. I doubt it is of any use to you
but it might be to someone else with LDAP problems looking through the
mailing lists.



-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mohammad
Ehtesham
Sent: 28 November 2007 11:33
To: Dámaso Hernández; DSpace-tech@lists.sourceforge.net
Subject: Re: [Dspace-tech] Dspace, LDAP & Windows AD

Hi,

 

Did anyone got the solution of this problem I am also having the similar
problem with my DSpace 1.4.2 MS AD Ldap integration.

After integration can able to login with the CN but not by the Account id.
Ie. sAMAccount. And the other fields like “email, sn, givenName is also
empty after registration.

 

Regards

Ehtesham

 



From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dámaso
Hernández
Sent: Tuesday, November 13, 2007 1:25 PM
To: DSpace-tech@lists.sourceforge.net
Subject: [Dspace-tech] Dspace, LDAP & Windows AD

 

I´m trying to use DSpace with the users of my Windows 2003 Server domain.
The firs problem is that I can login and autoregister using CN, but email
address, surname, given name and phone number remain blank.

The second problem is that I wanted to use sAMAccount as ldap.id_field so
users can log in with their system usernames. I change ldap.id_field in
dspace.cfg to sAMAccount and than I cannot log in.

Using dspace-1.4.2 and Debian Etch 2.6.18-4-686

Can anybody help?

Thanks.

Damaso.


dspace.cfg ldap configuration:
---
webui.ldap.autoregister = true
ldap.enable = true
ldap.id_field = CN
ldap.object_context = CN=Users,DC=vi,DC=ieo,DC=es ldap.search_context =
CN=Users,DC=vi,DC=ieo,DC=es ldap.email_field = mail ldap.surname_field = sn
ldap.givenname_field = givenName ldap.phone_field = telephoneNumber

One user data in my AD obtained using ldp.exe Windows tool:

---
Expanding base 'CN=Luisa Ferrer,CN=Users,DC=vi,DC=ieo,DC=es'...
Result <0>: (null)
Matched DNs: 
Getting 1 entries:
>> Dn: CN=Luisa Ferrer,CN=Users,DC=vi,DC=ieo,DC=es
4> objectClass: top; person; organizationalPerson; user; 
1> cn: Luisa Ferrer; 
1> sn: Ferrer; 
1> givenName: Luisa; 
1> initials: LF; 
1> distinguishedName: CN=Luisa Ferrer,CN=Users,DC=vi,DC=ieo,DC=es; 
1> instanceType: 4; 
1> whenCreated: 11/27/2003 12:8:49 Hora estándar romance Hora estándar
romance; 
1> whenChanged: 4/21/2005 8:55:0 Hora estándar romance Hora estándar
romance; 
1> displayName: Luisa Ferrer; 
1> uSNCreated: 32233; 
13> memberOf: ... 
1> homeMTA: CN=Microsoft MTA,CN=xx,CN=Servers,CN=Primer grupo
administrativo,CN=Administrative Groups,CN=Vigo,CN=Microsoft
Exchange,CN=Services,CN=Configuration,DC=vi,DC=ieo,DC=es; 
2> proxyAddresses: SMTP:[EMAIL PROTECTED]; X400:c=ES;a=
;p=Vigo;o=Exchange;s=Ferrer;g=Luisa;i=MF;;
...
1> name: Matilde Ferrer;
...
1> sAMAccountName: luisa; 
1> sAMAccountType: 805306368;
...
1> legacyExchangeDN: /o=Vigo/ou=Primer grupo
administrativo/cn=Recipients/cn=luisa;

1> mail: [EMAIL PROTECTED] ; 
1> msExchHomeServerName: /o=Vigo/ou=Primer grupo
administrativo/cn=Configuration/cn=Servers/cn=xx;


DISCLAIMER:"The information contained in this message and the attachments
(if any) may be privileged and confidential and protected from disclosure.
You are hereby notified that any unauthorized use, dissemination,
distribution or copying of this communication, review, retransmission, or
taking of any action based upon this information, by persons or entities
other than the intended recipient, is strictly prohibited. If you are not
the intended recipient or an employee or agent responsible for delivering
this message, and have received this communication in error, please notify
us immediately by replying to the message and kindly delete the original
message, attachments, if any, and all its copies from your computer system.
Thank you for your cooperation." 


LDAPServlet.java-rev633.svn003.tmp.java
Description: Binary data
-
SF.Net email is sponsored by: The Future of Linux Business White Paper
from Novell.  From the desktop to the data center, Linux is going
mainstream.  Let it simplify your IT future.
http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4__

Re: [Dspace-tech] Dspace, LDAP & Windows AD

2007-11-28 Thread Mohammad Ehtesham 
Hi,

 

Did anyone got the solution of this problem I am also having the similar 
problem with my DSpace 1.4.2 MS AD Ldap integration.

After integration can able to login with the CN but not by the Account id. Ie. 
sAMAccount. And the other fields like "email, sn, givenName is also empty after 
registration.

 

Regards

Ehtesham

 



From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dámaso Hernández
Sent: Tuesday, November 13, 2007 1:25 PM
To: DSpace-tech@lists.sourceforge.net
Subject: [Dspace-tech] Dspace, LDAP & Windows AD

 

I´m trying to use DSpace with the users of my Windows 2003 Server domain.
The firs problem is that I can login and autoregister using CN, but email 
address, surname, given name and phone number remain blank.

The second problem is that I wanted to use sAMAccount as ldap.id_field so users 
can log in with their system usernames. I change ldap.id_field in dspace.cfg to 
sAMAccount and than I cannot log in.

Using dspace-1.4.2 and Debian Etch 2.6.18-4-686

Can anybody help?

Thanks.

Damaso.


dspace.cfg ldap configuration:
---
webui.ldap.autoregister = true
ldap.enable = true
ldap.id_field = CN
ldap.object_context = CN=Users,DC=vi,DC=ieo,DC=es 
ldap.search_context = CN=Users,DC=vi,DC=ieo,DC=es
ldap.email_field = mail
ldap.surname_field = sn
ldap.givenname_field = givenName
ldap.phone_field = telephoneNumber

One user data in my AD obtained using ldp.exe Windows tool:
---
Expanding base 'CN=Luisa Ferrer,CN=Users,DC=vi,DC=ieo,DC=es'...
Result <0>: (null)
Matched DNs: 
Getting 1 entries:
>> Dn: CN=Luisa Ferrer,CN=Users,DC=vi,DC=ieo,DC=es
4> objectClass: top; person; organizationalPerson; user; 
1> cn: Luisa Ferrer; 
1> sn: Ferrer; 
1> givenName: Luisa; 
1> initials: LF; 
1> distinguishedName: CN=Luisa Ferrer,CN=Users,DC=vi,DC=ieo,DC=es; 
1> instanceType: 4; 
1> whenCreated: 11/27/2003 12:8:49 Hora estándar romance Hora estándar 
romance; 
1> whenChanged: 4/21/2005 8:55:0 Hora estándar romance Hora estándar 
romance; 
1> displayName: Luisa Ferrer; 
1> uSNCreated: 32233; 
13> memberOf: ... 
1> homeMTA: CN=Microsoft MTA,CN=xx,CN=Servers,CN=Primer grupo 
administrativo,CN=Administrative Groups,CN=Vigo,CN=Microsoft 
Exchange,CN=Services,CN=Configuration,DC=vi,DC=ieo,DC=es; 
2> proxyAddresses: SMTP:[EMAIL PROTECTED]; X400:c=ES;a= 
;p=Vigo;o=Exchange;s=Ferrer;g=Luisa;i=MF;; 
...
1> name: Matilde Ferrer; 
...
1> sAMAccountName: luisa; 
1> sAMAccountType: 805306368; 
...
1> legacyExchangeDN: /o=Vigo/ou=Primer grupo 
administrativo/cn=Recipients/cn=luisa;

1> mail: [EMAIL PROTECTED] ; 
1> msExchHomeServerName: /o=Vigo/ou=Primer grupo 
administrativo/cn=Configuration/cn=Servers/cn=xx; 



DISCLAIMER:"The information contained in this message and the attachments (if 
any) may be privileged and confidential and protected from disclosure. You are 
hereby notified that any unauthorized use, dissemination, distribution or 
copying of this communication, review, retransmission, or taking of any action 
based upon this information, by persons or entities other than the intended 
recipient, is strictly prohibited. If you are not the intended recipient or an 
employee or agent responsible for delivering this message, and have received 
this communication in error, please notify us immediately by replying to the 
message and kindly delete the original message, attachments, if any, and all 
its copies from your computer system. Thank you for your cooperation."
-
SF.Net email is sponsored by: The Future of Linux Business White Paper
from Novell.  From the desktop to the data center, Linux is going
mainstream.  Let it simplify your IT future.
http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech

[Dspace-tech] Dspace, LDAP & Windows AD

2007-11-12 Thread Dámaso Hernández 
I´m trying to use DSpace with the users of my Windows 2003 Server domain.
The firs problem is that I can login and autoregister using CN, but email
address, surname, given name and phone number remain blank.

The second problem is that I wanted to use sAMAccount as ldap.id_field so
users can log in with their system usernames. I change ldap.id_field in
dspace.cfg to sAMAccount and than I cannot log in.

Using dspace-1.4.2 and Debian Etch 2.6.18-4-686

Can anybody help?

Thanks.

Damaso.


dspace.cfg ldap configuration:
---
webui.ldap.autoregister = true
ldap.enable = true
ldap.id_field = CN
ldap.object_context = CN=Users,DC=vi,DC=ieo,DC=es
ldap.search_context = CN=Users,DC=vi,DC=ieo,DC=es
ldap.email_field = mail
ldap.surname_field = sn
ldap.givenname_field = givenName
ldap.phone_field = telephoneNumber

One user data in my AD obtained using ldp.exe Windows tool:
---
Expanding base 'CN=Luisa Ferrer,CN=Users,DC=vi,DC=ieo,DC=es'...
Result <0>: (null)
Matched DNs:
Getting 1 entries:
>> Dn: CN=Luisa Ferrer,CN=Users,DC=vi,DC=ieo,DC=es
4> objectClass: top; person; organizationalPerson; user;
1> cn: Luisa Ferrer;
1> sn: Ferrer;
1> givenName: Luisa;
1> initials: LF;
1> distinguishedName: CN=Luisa Ferrer,CN=Users,DC=vi,DC=ieo,DC=es;
1> instanceType: 4;
1> whenCreated: 11/27/2003 12:8:49 Hora estándar romance Hora estándar
romance;
1> whenChanged: 4/21/2005 8:55:0 Hora estándar romance Hora estándar
romance;
1> displayName: Luisa Ferrer;
1> uSNCreated: 32233;
13> memberOf: ...
1> homeMTA: CN=Microsoft MTA,CN=xx,CN=Servers,CN=Primer grupo
administrativo,CN=Administrative Groups,CN=Vigo,CN=Microsoft
Exchange,CN=Services,CN=Configuration,DC=vi,DC=ieo,DC=es;
2> proxyAddresses: SMTP:[EMAIL PROTECTED]; X400:c=ES;a=
;p=Vigo;o=Exchange;s=Ferrer;g=Luisa;i=MF;;
...
1> name: Matilde Ferrer;
...
1> sAMAccountName: luisa;
1> sAMAccountType: 805306368;
...
1> legacyExchangeDN: /o=Vigo/ou=Primer grupo
administrativo/cn=Recipients/cn=luisa;

1> mail: [EMAIL PROTECTED];
1> msExchHomeServerName: /o=Vigo/ou=Primer grupo
administrativo/cn=Configuration/cn=Servers/cn=xx;

-
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech

Re: [Dspace-tech] DSpace LDAP login using Windows 2003 Active Directory

2007-04-17 Thread Stuart Lewis [sdl] 
Hi Jayan,

> (2) Other valid users with object context as
> ou=Users,ou=SCI,dc=staff,dc=main,dc=ntu,dc=edu,dc=sg cannot login. How to
> enable this although these users come under the same AD root context
> dc=staff,dc=main,dc=ntu,dc=edu,dc=sg.
>  
> Can you please suggest how to make LDAP work with all users under different
> OU? 

Try this patch:

http://sourceforge.net/tracker/index.php?func=detail&aid=1597831&group_id=19
984&atid=319984

If it works OK for you, please could you add a comment saying so to the
patch in SourceForge?

Hope this helps,


Stuart
_

Datblygydd Cymwysiadau'r WeWeb Applications Developer
Gwasanaethau Gwybodaeth  Information Services
Prifysgol Cymru Aberystwyth   University of Wales Aberystwyth

E-bost / E-mail: [EMAIL PROTECTED]
 Ffon / Tel: (01970) 622860
_


-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech

[Dspace-tech] DSpace LDAP login using Windows 2003 Active Directory

2007-04-17 Thread Jayan Chirayath Kurian 
Hi!,

 

LDAP login to windows 2003 AD was fine with the following default Dspace config 
parameters for a user with object_context = 
dc=staff,dc=main,dc=ntu,dc=edu,dc=sg.

 

ldap.provider_url = ldap://staff.main.ntu.edu.sg:389

 

ldap.id_field = CN

 

ldap.object_context = dc=staff,dc=main,dc=ntu,dc=edu,dc=sg

 

ldap.search_context = dc=staff,dc=main,dc=ntu,dc=edu,dc=sg

 

(1) Although login was fine the log file shows the following exception 
"ldap_attribute_lookup:type=failed_search javax.naming.PartialResultException: 
Unprocessed Continuation Reference(s); remaining name 
'dc=staff,dc=main,dc=ntu,dc=edu,dc=sg'. The full log file is given below. 

 

 

2007-04-16 17:41:34,025 WARN  org.dspace.app.webui.servlet.LDAPServlet @ 
anonymous:session_id=F154B40A59678BAC8DAB73F6E0B0A1A5:ip_addr=155.69.104.75:ldap_attribute_lookup:type=failed_search
 javax.naming.PartialResultException: Unprocessed Continuation Reference(s); 
remaining name 'dc=staff,dc=main,dc=ntu,dc=edu,dc=sg'

2007-04-16 17:41:34,025 INFO  org.dspace.app.webui.servlet.LDAPServlet @ [EMAIL 
PROTECTED]:session_id=F154B40A59678BAC8DAB73F6E0B0A1A5:ip_addr=155.69.104.75:login:type=ldap

2007-04-16 17:41:34,035 INFO  org.dspace.app.webui.servlet.MyDSpaceServlet @ 
[EMAIL 
PROTECTED]:session_id=F154B40A59678BAC8DAB73F6E0B0A1A5:ip_addr=155.69.104.75:view_mydspace:

 

(2) Other valid users with object context as 
ou=Users,ou=SCI,dc=staff,dc=main,dc=ntu,dc=edu,dc=sg cannot login. How to 
enable this although these users come under the same AD root context 
dc=staff,dc=main,dc=ntu,dc=edu,dc=sg.

 

Can you please suggest how to make LDAP work with all users under different OU? 

 

Thanks,

Jayan

 

-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech

[Dspace-tech] DSpace LDAP login using Windows 2003 Active Directory

2007-04-16 Thread Jayan Chirayath Kurian 
Hi!

 

LDAP login to windows 2003 AD was fine with the following default Dspace
config parameters for a user with object_context =
dc=staff,dc=main,dc=ntu,dc=edu,dc=sg.

 

plugin.sequence.org.dspace.eperson.AuthenticationMethod = \

   org.dspace.eperson.PasswordAuthentication,
org.dspace.eperson.LDAPAuthentication

 

webui.ldap.autoregister = true

 

ldap.enable = true

 

ldap.provider_url = ldap://staff.main.ntu.edu.sg:389

 

ldap.id_field = CN

 

ldap.object_context = dc=staff,dc=main,dc=ntu,dc=edu,dc=sg

 

ldap.search_context = dc=staff,dc=main,dc=ntu,dc=edu,dc=sg

 

(1) Although login was fine the log file shows the following exception
"ldap_attribute_lookup:type=failed_search
javax.naming.PartialResultException: Unprocessed Continuation
Reference(s); remaining name 'dc=staff,dc=main,dc=ntu,dc=edu,dc=sg'. The
full log file is given below. 

 

 

2007-04-16 17:41:34,025 WARN  org.dspace.app.webui.servlet.LDAPServlet @
anonymous:session_id=F154B40A59678BAC8DAB73F6E0B0A1A5:ip_addr=155.69.104
.75:ldap_attribute_lookup:type=failed_search
javax.naming.PartialResultException: Unprocessed Continuation
Reference(s); remaining name 'dc=staff,dc=main,dc=ntu,dc=edu,dc=sg'

2007-04-16 17:41:34,025 INFO  org.dspace.app.webui.servlet.LDAPServlet @
[EMAIL PROTECTED]:session_id=F154B40A59678BAC8DAB73F6E0B0A1A5:ip_ad
dr=155.69.104.75:login:type=ldap

2007-04-16 17:41:34,035 INFO
org.dspace.app.webui.servlet.MyDSpaceServlet @
[EMAIL PROTECTED]:session_id=F154B40A59678BAC8DAB73F6E0B0A1A5:ip_ad
dr=155.69.104.75:view_mydspace:

 

(2) Other valid users with object context as
ou=Users,ou=SCI,dc=staff,dc=main,dc=ntu,dc=edu,dc=sg cannot login. How
to enable this although these users come under the same AD root context
dc=staff,dc=main,dc=ntu,dc=edu,dc=sg.

 

(3) For Active Directory, LDAP login all the users need to be having the
same object context? Here all users are under different OU (e.g. EE, IT,
CS,SCI etc). How to make LDAP work with all users under different OU?

 

Please suggest.

 

Thanks,

Jayan

 

-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech