Re: [Dspace-tech] LDAP authentication

[Stuart Lewis]

Hi Bin,

> I have just installed DSpace 1.5.1 on a Ubuntu server.  I would like to enable
> authentication against LDAP server (AD).  From the documentation, it seems
> that LDAP authentication only work with JSPUI, not XMLUI.  Is this true?  What
> will it take to make it work with XMLUI?

It should work fine. It was broken in 1.5, but is fixed in 1.5.1.

Where did you read this? We need to update that part of the documentation.
  
> I have not actually tried with JSPUI, but I could not find where in dspace.cfg
> I could specify a binding ID and password.

How is your LDAP tree structured? If all users are within one OU, then you
do not need to provide a username and password. DSpace binds to the LDAP
tree using the user's credentials. If it can bind then the username and
password they provided are OK.

If your LDAP tree is structured in a hierarchical manner such that users are
spread out across different OUs (e.g. An OU for faculty and an OU for
students) then you will need to provide a username and password of a user
who has read access across the whole tree. This user binds and does a search
for the correct DN of the user who is trying to login. Once the DN is found,
a second bind is attempted directly to that DN using the user's password.

Hierarchical LDAP support is not included in DSpace 1.5.1 however I am
working on a generic hierarchical LDAP authentication method with a few
other DSpace developers (that reminds me - I really must get on with that!)
and we can get it included in the next release of DSpace. If you need to use
it now, install the following patches:

http://sourceforge.net/tracker/index.php?func=detail&aid=2057231&group_id=19
984&atid=319984

http://sourceforge.net/tracker/index.php?func=detail&aid=2057378&group_id=19
984&atid=319984

The patches have full instructions, except for an omission to say that you
need to change your authentication plugin line in dspace.cfg to:

plugin.sequence.org.dspace.authenticate.AuthenticationMethod = \
org.dspace.authenticate.LDAPHierarchicalAuthentication

Thanks,


Stuart
_

Gwasanaethau Gwybodaeth  Information Services
Prifysgol Aberystwyth  Aberystwyth University

E-bost / E-mail: [EMAIL PROTECTED]
 Ffon / Tel: (01970) 622860
_


-
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech

Re: [Dspace-tech] LDAP authentication

[Eric Luhrs]

Stuart,
Thanks for this message.  I think it may explain why I haven't been able to
get LDAP to work even after installing LDAPHierarchicalAuthentication.java.
If I read your email correctly, it means I will also have to install patch
2057231 before hierarchical LDAP authentication will work.  Is this
correct?  If so, can you say a little about how to install a .patch file?

I should also confirm that I installed LDAPHierarchicalAuthentication.java
correctly.  I placed it in the same directory with the rest of the
authentication modules (password, ip, LDAP, etc), re-built the war files,
and then added the new lines to the conf file.  Does that sound about right?

Eric Luhrs
Lafayette College


On Wed, Sep 17, 2008 at 2:00 AM, Stuart Lewis <[EMAIL PROTECTED]> wrote:

> Hi Bin,
>
> > I have just installed DSpace 1.5.1 on a Ubuntu server.  I would like to
> enable
> > authentication against LDAP server (AD).  From the documentation, it
> seems
> > that LDAP authentication only work with JSPUI, not XMLUI.  Is this true?
> What
> > will it take to make it work with XMLUI?
>
> It should work fine. It was broken in 1.5, but is fixed in 1.5.1.
>
> Where did you read this? We need to update that part of the documentation.
>
> > I have not actually tried with JSPUI, but I could not find where in
> dspace.cfg
> > I could specify a binding ID and password.
>
> How is your LDAP tree structured? If all users are within one OU, then you
> do not need to provide a username and password. DSpace binds to the LDAP
> tree using the user's credentials. If it can bind then the username and
> password they provided are OK.
>
> If your LDAP tree is structured in a hierarchical manner such that users
> are
> spread out across different OUs (e.g. An OU for faculty and an OU for
> students) then you will need to provide a username and password of a user
> who has read access across the whole tree. This user binds and does a
> search
> for the correct DN of the user who is trying to login. Once the DN is
> found,
> a second bind is attempted directly to that DN using the user's password.
>
> Hierarchical LDAP support is not included in DSpace 1.5.1 however I am
> working on a generic hierarchical LDAP authentication method with a few
> other DSpace developers (that reminds me - I really must get on with that!)
> and we can get it included in the next release of DSpace. If you need to
> use
> it now, install the following patches:
>
>
> http://sourceforge.net/tracker/index.php?func=detail&aid=2057231&group_id=19
> 984&atid=319984
>
>
> http://sourceforge.net/tracker/index.php?func=detail&aid=2057378&group_id=19
> 984&atid=319984
>
> The patches have full instructions, except for an omission to say that you
> need to change your authentication plugin line in dspace.cfg to:
>
> plugin.sequence.org.dspace.authenticate.AuthenticationMethod = \
>org.dspace.authenticate.LDAPHierarchicalAuthentication
>
> Thanks,
>
>
> Stuart
> _
>
> Gwasanaethau Gwybodaeth  Information Services
> Prifysgol Aberystwyth  Aberystwyth University
>
>E-bost / E-mail: [EMAIL PROTECTED]
> Ffon / Tel: (01970) 622860
> _
>
>
> -
> This SF.Net email is sponsored by the Moblin Your Move Developer's
> challenge
> Build the coolest Linux based applications with Moblin SDK & win great
> prizes
> Grand prize is a trip for two to an Open Source event anywhere in the world
> http://moblin-contest.org/redirect.php?banner_id=100&url=/
> ___
> DSpace-tech mailing list
> DSpace-tech@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/dspace-tech
>
-
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech

Re: [Dspace-tech] LDAP authentication

[Reuben Pasquini]

Hi Eric,

I submitted the following patch that works with A.D.:
   
https://sourceforge.net/tracker/?func=detail&atid=319984&aid=2100378&group_id=19984
The patched files are also available here:
 http://erwg.lib.auburn.edu/dspace-ldap_20080828.zip
.  The patch modifies a few files in the org.dspace.authentication
package of the dspace-api jar module, so you can do something like
this:

o. svn checkout the dspace code base
o. lay over the patched files
o. build a new dspace-api.jar file
o. install the new dspace-api.jar file under
   WEB-INF/lib
of whichever webapp (xmlui or jspui) you're running

In our A.D. setup - it is not necessary to specify a
traditional LDAP distinguished name at bind-time -
rather we can just specify the
   windows-domain\username
or
   [EMAIL PROTECTED]
, so you can do something like this
(using the SLAPD ldapsearch command-line tool):
  $ ldapsearch -x -H ldap://ldap.whatever.edu -D AUBURN\\rdp0004 -b
dc=auburn,dc=edu -W cn=rdp0004
rather than having to specify:
  -D
cn=RDP0004,ou=Library,ou=User_IDs,ou=Employees,ou=People,ou=AuMain,dc=auburn,dc=edu
I suspect most AD setups are like this.
The patch just modifies the code to take advantage of this A.D. quirk,
so it's not necessary to bind as a well-known user, then search for 
the user you're trying to authenticate - just bind with
DOMAIN\\USERNAME.
I hope the dspace team will take a look at the patch eventually.

Good luck!
Reuben




>>> "Eric Luhrs" <[EMAIL PROTECTED]> 9/17/2008 7:24 AM >>>
Stuart,
Thanks for this message.  I think it may explain why I haven't been
able to
get LDAP to work even after installing
LDAPHierarchicalAuthentication.java.
If I read your email correctly, it means I will also have to install
patch
2057231 before hierarchical LDAP authentication will work.  Is this
correct?  If so, can you say a little about how to install a .patch
file?

I should also confirm that I installed
LDAPHierarchicalAuthentication.java
correctly.  I placed it in the same directory with the rest of the
authentication modules (password, ip, LDAP, etc), re-built the war
files,
and then added the new lines to the conf file.  Does that sound about
right?

Eric Luhrs
Lafayette College


On Wed, Sep 17, 2008 at 2:00 AM, Stuart Lewis <[EMAIL PROTECTED]> wrote:

> Hi Bin,
>
> > I have just installed DSpace 1.5.1 on a Ubuntu server.  I would
like to
> enable
> > authentication against LDAP server (AD).  From the documentation,
it
> seems
> > that LDAP authentication only work with JSPUI, not XMLUI.  Is this
true?
> What
> > will it take to make it work with XMLUI?
>
> It should work fine. It was broken in 1.5, but is fixed in 1.5.1.
>
> Where did you read this? We need to update that part of the
documentation.
>
> > I have not actually tried with JSPUI, but I could not find where
in
> dspace.cfg
> > I could specify a binding ID and password.
>
> How is your LDAP tree structured? If all users are within one OU,
then you
> do not need to provide a username and password. DSpace binds to the
LDAP
> tree using the user's credentials. If it can bind then the username
and
> password they provided are OK.
>
> If your LDAP tree is structured in a hierarchical manner such that
users
> are
> spread out across different OUs (e.g. An OU for faculty and an OU
for
> students) then you will need to provide a username and password of a
user
> who has read access across the whole tree. This user binds and does
a
> search
> for the correct DN of the user who is trying to login. Once the DN
is
> found,
> a second bind is attempted directly to that DN using the user's
password.
>
> Hierarchical LDAP support is not included in DSpace 1.5.1 however I
am
> working on a generic hierarchical LDAP authentication method with a
few
> other DSpace developers (that reminds me - I really must get on with
that!)
> and we can get it included in the next release of DSpace. If you need
to
> use
> it now, install the following patches:
>
>
>
http://sourceforge.net/tracker/index.php?func=detail&aid=2057231&group_id=19

>
984&atid=319984
>
>
>
http://sourceforge.net/tracker/index.php?func=detail&aid=2057378&group_id=19

>
984&atid=319984
>
> The patches have full instructions, except for an omission to say
that you
> need to change your authentication plugin line in dspace.cfg to:
>
> plugin.sequence.org.dspace.authenticate.AuthenticationMethod = \
>org.dspace.authenticate.LDAPHierarchicalAuthentication
>
> Thanks,
>
>
> Stuart
> _
>
> Gwasanaethau Gwybodaeth  Information Services
> Prifysgol Aberystwyth  Aberystwyth University
>
>E-bost / E-mail: [EMAIL PROTECTED] 
> Ffon / Tel: (01970) 622860
> _

Re: [Dspace-tech] LDAP authentication

[Stuart Lewis]

Hi Eric,

> Thanks for this message.  I think it may explain why I haven't been able to
> get LDAP to work even after installing LDAPHierarchicalAuthentication.java.
> If I read your email correctly, it means I will also have to install patch
> 2057231 before hierarchical LDAP authentication will work.  Is this correct?
> If so, can you say a little about how to install a .patch file?

You'll need to install 2057231 if you want it to work in the JSPUI. It will
work OK in the XMLUI without it.

If you'd prefer not patching the file, I have uploaded a complete version of
it to the SourceForge patch entry page.
 
> I should also confirm that I installed LDAPHierarchicalAuthentication.java
> correctly.  I placed it in the same directory with the rest of the
> authentication modules (password, ip, LDAP, etc), re-built the war files, and
> then added the new lines to the conf file.  Does that sound about right?

Yes. Run 'mvn package', then the 'ant update' etc.

Thanks,


Stuart
_

Gwasanaethau Gwybodaeth  Information Services
Prifysgol Aberystwyth  Aberystwyth University

E-bost / E-mail: [EMAIL PROTECTED]
 Ffon / Tel: (01970) 622860
_


-
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech

Re: [Dspace-tech] LDAP authentication

[Eric Luhrs]

Thanks, Stuart.
I think it must be a local configuration issue because I was able to login
against your test LDAP server (thanks for that!).  I am fairly sure that my
local LDAP settings are correct, though I'll look more into this.

I noticed that "ikandros" posted a comment about failed logins if the user
doesn't have any mail on the LDAP server (
http://sourceforge.net/tracker/index.php?func=detail&aid=2057378&group_id=19984&atid=319984).
I wonder if this could be the problem.  Do you have any additional
information about this report?  I am not sure how to make the modification
that he suggested.

Thanks again,

Eric


On Wed, Sep 17, 2008 at 10:50 AM, Stuart Lewis <[EMAIL PROTECTED]> wrote:

> Hi Eric,
>
> > Thanks for this message.  I think it may explain why I haven't been able
> to
> > get LDAP to work even after installing
> LDAPHierarchicalAuthentication.java.
> > If I read your email correctly, it means I will also have to install
> patch
> > 2057231 before hierarchical LDAP authentication will work.  Is this
> correct?
> > If so, can you say a little about how to install a .patch file?
>
> You'll need to install 2057231 if you want it to work in the JSPUI. It will
> work OK in the XMLUI without it.
>
> If you'd prefer not patching the file, I have uploaded a complete version
> of
> it to the SourceForge patch entry page.
>
> > I should also confirm that I installed
> LDAPHierarchicalAuthentication.java
> > correctly.  I placed it in the same directory with the rest of the
> > authentication modules (password, ip, LDAP, etc), re-built the war files,
> and
> > then added the new lines to the conf file.  Does that sound about right?
>
> Yes. Run 'mvn package', then the 'ant update' etc.
>
> Thanks,
>
>
> Stuart
> _
>
> Gwasanaethau Gwybodaeth  Information Services
> Prifysgol Aberystwyth  Aberystwyth University
>
>E-bost / E-mail: [EMAIL PROTECTED]
> Ffon / Tel: (01970) 622860
> _
>
>
> -
> This SF.Net email is sponsored by the Moblin Your Move Developer's
> challenge
> Build the coolest Linux based applications with Moblin SDK & win great
> prizes
> Grand prize is a trip for two to an Open Source event anywhere in the world
> http://moblin-contest.org/redirect.php?banner_id=100&url=/
> ___
> DSpace-tech mailing list
> DSpace-tech@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/dspace-tech
>
-
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech

Re: [Dspace-tech] LDAP authentication

[Mark Diggory]

Stuart, any chance could you get these patches commited into the  
1.5.x branch so that were not maintaining such fixes in the patch  
queue into perpetuity? Nows the time to get in your fixes.

-Mark

On Sep 17, 2008, at 7:50 AM, Stuart Lewis wrote:

> Hi Eric,
>
>> Thanks for this message.  I think it may explain why I haven't  
>> been able to
>> get LDAP to work even after installing  
>> LDAPHierarchicalAuthentication.java.
>> If I read your email correctly, it means I will also have to  
>> install patch
>> 2057231 before hierarchical LDAP authentication will work.  Is  
>> this correct?
>> If so, can you say a little about how to install a .patch file?
>
> You'll need to install 2057231 if you want it to work in the JSPUI.  
> It will
> work OK in the XMLUI without it.
>
> If you'd prefer not patching the file, I have uploaded a complete  
> version of
> it to the SourceForge patch entry page.
>
>> I should also confirm that I installed  
>> LDAPHierarchicalAuthentication.java
>> correctly.  I placed it in the same directory with the rest of the
>> authentication modules (password, ip, LDAP, etc), re-built the war  
>> files, and
>> then added the new lines to the conf file.  Does that sound about  
>> right?
>
> Yes. Run 'mvn package', then the 'ant update' etc.
>
> Thanks,
>
>
> Stuart
> _
>
> Gwasanaethau Gwybodaeth  Information Services
> Prifysgol Aberystwyth  Aberystwyth University
>
> E-bost / E-mail: [EMAIL PROTECTED]
>  Ffon / Tel: (01970) 622860
> _
>
>
> -- 
> ---
> This SF.Net email is sponsored by the Moblin Your Move Developer's  
> challenge
> Build the coolest Linux based applications with Moblin SDK & win  
> great prizes
> Grand prize is a trip for two to an Open Source event anywhere in  
> the world
> http://moblin-contest.org/redirect.php?banner_id=100&url=/
> ___
> DSpace-tech mailing list
> DSpace-tech@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/dspace-tech


-
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech

Re: [Dspace-tech] LDAP authentication

[Stuart Lewis]

Hi Eric,

> I think it must be a local configuration issue because I was able to login
> against your test LDAP server (thanks for that!).  I am fairly sure that my
> local LDAP settings are correct, though I'll look more into this.

Try using the same settings to log in with an LDAP browser (e.g.
http://www.mcs.anl.gov/~gawor/ldap/download.html) and see if you can log in
OK.

Do you know how to turn  DSpace logging up to DEBUG? If so, do that and send
us the logs created. (Basically edit [dspace]/config/log4j.properties and
change INFO to DEBUG. Then restart tomcat. Logs are held in
[dspace]/log/dspace.log).
 
> I noticed that "ikandros" posted a comment about failed logins if the user
> doesn't have any mail on the LDAP server
> (http://sourceforge.net/tracker/index.php?func=detail&aid=2057378&group_id=199
> 84&atid=319984).  I wonder if this could be the problem.  Do you have any
> additional information about this report?  I am not sure how to make the
> modification that he suggested.

I need to include those in my hierarchical patch. You'll be able to tell by
logging in with an LDAP browser of some tool which allows you to query your
LDAP server, and see if there is an attribute which has a full email address
in it. If not, then that will be your problem.

If you can post your logs on here, that will be the best help for us to
diagnose the problem.

Thanks and good luck,


Stuart
_

Gwasanaethau Gwybodaeth  Information Services
Prifysgol Aberystwyth  Aberystwyth University

E-bost / E-mail: [EMAIL PROTECTED]
 Ffon / Tel: (01970) 622860
_


-
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech

Re: [Dspace-tech] LDAP authentication

[Stuart Lewis]

Hi all,

> Stuart, any chance could you get these patches commited into the
> 1.5.x branch so that were not maintaining such fixes in the patch
> queue into perpetuity? Nows the time to get in your fixes.

All done :)

A quick list of the changes:

 - Addition of a new pluggable authentication class which supports
hierarchical LDAP server.

 - Support for a special group populated by all LDAP users. If everyone is
happy with this, we can add it to the normal LDAP authN class too.

 - Support for LDAP servers which do not hold an email attribute for users.
Again if this is good, we can add it to the normal LDAP authN class.

Hopefully the comments in dpsace.cfg are good enough to help you use this.

I've done some preliminary testing of this patch, but it needs a lot more.
If anyone wants access to a test LDAP server, read this blog post for
details of one: http://blog.stuartlewis.com/tag/ldap/

There are several LDAP patches on the patch queue, and I have tried to take
the particular things each one is addressing and roll it into one patch. So
huge thanks to the following for their work on this:

Chris Yates
Flavio Botelho
Alex Barbieri
Reuben Pasquini

(apologies if I have missed anyone out - please correct me if I have).

If everyone is happy with this as a solution, I'll close all the other
LDAP-related patches on the patch queue. Please do test this, and get back
to me with any issues.

The only thing I haven't tackled is the removal of ldap.enable and the
LDAPServlet, but that's a discussion for another day!

Thanks,


Stuart
_

Gwasanaethau Gwybodaeth  Information Services
Prifysgol Aberystwyth  Aberystwyth University

E-bost / E-mail: [EMAIL PROTECTED]
 Ffon / Tel: (01970) 622860
_


-
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech

Re: [Dspace-tech] LDAP authentication

[Eric Luhrs]

Hi Stuart,
It turns out that my test user didn't have an email address, and this was
causing the failed LDAP logins. The confusing thing was that DSpace got the
DN from LDAP, and then just dropped the connection.   I figured it out by
comparing dspace.log results from a successful login to your
ldap.testathon.net server to an unsuccessful login to our local LDAP
server.  I became suspicious after noticing that Alice had a full email
address listed in the log file while my test user had only a username.  Once
I added an email address, LDAP worked fine.

Thanks again for all of your help with this.

Eric

On Wed, Sep 17, 2008 at 5:34 PM, Stuart Lewis <[EMAIL PROTECTED]> wrote:

> Hi Eric,
>
> > I think it must be a local configuration issue because I was able to
> login
> > against your test LDAP server (thanks for that!).  I am fairly sure that
> my
> > local LDAP settings are correct, though I'll look more into this.
>
> Try using the same settings to log in with an LDAP browser (e.g.
> http://www.mcs.anl.gov/~gawor/ldap/download.html)
> and see if you can log in
> OK.
>
> Do you know how to turn  DSpace logging up to DEBUG? If so, do that and
> send
> us the logs created. (Basically edit [dspace]/config/log4j.properties and
> change INFO to DEBUG. Then restart tomcat. Logs are held in
> [dspace]/log/dspace.log).
>
> > I noticed that "ikandros" posted a comment about failed logins if the
> user
> > doesn't have any mail on the LDAP server
> > (
> http://sourceforge.net/tracker/index.php?func=detail&aid=2057378&group_id=199
> > 84&atid=319984).  I wonder if this could be the problem.  Do you have any
> > additional information about this report?  I am not sure how to make the
> > modification that he suggested.
>
> I need to include those in my hierarchical patch. You'll be able to tell by
> logging in with an LDAP browser of some tool which allows you to query your
> LDAP server, and see if there is an attribute which has a full email
> address
> in it. If not, then that will be your problem.
>
> If you can post your logs on here, that will be the best help for us to
> diagnose the problem.
>
> Thanks and good luck,
>
>
> Stuart
> _
>
> Gwasanaethau Gwybodaeth  Information Services
> Prifysgol Aberystwyth  Aberystwyth University
>
>E-bost / E-mail: [EMAIL PROTECTED]
> Ffon / Tel: (01970) 622860
> _
>
>
-
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech

Re: [Dspace-tech] LDAP authentication

[Eric Luhrs]

Stuart,
I just patched a fresh install with your latest LDAP patch (along with patch
2057231).  LDAP works fine, but now password authentication fails. I noticed
that your patch replaced:

plugin.sequence.org.dspace.authenticate.AuthenticationMethod = \
 org.dspace.authenticate.PasswordAuthentication, \
 org.dspace.authenticate.LDAPHierarchicalAuthentication, \
 org.dspace.authenticate.X509Authentication

with:

plugin.sequence.org.dspace.authenticate.AuthenticationMethod = \
 org.dspace.authenticate.LDAPHierarchicalAuthentication

I changed it back and still got the same error (see Java stacktrace below).

Eric Luhrs
Lafayette College

--

java.lang.NullPointerException
at 
org.dspace.authenticate.LDAPHierarchicalAuthentication.getSpecialGroups(LDAPHierarchicalAuthentication.java:143)
at 
org.dspace.authenticate.AuthenticationManager.getSpecialGroups(AuthenticationManager.java:308)

at 
org.dspace.app.xmlui.utils.AuthenticationUtil.logIn(AuthenticationUtil.java:222)
at 
org.dspace.app.xmlui.utils.AuthenticationUtil.Authenticate(AuthenticationUtil.java:147)
at 
org.dspace.app.xmlui.aspect.eperson.AuthenticateAction.act(AuthenticateAction.java:109)

at 
org.apache.cocoon.components.treeprocessor.sitemap.ActTypeNode.invoke(ActTypeNode.java:124)
at 
org.apache.cocoon.components.treeprocessor.AbstractParentProcessingNode.invokeNodes(AbstractParentProcessingNode.java:46)

at 
org.apache.cocoon.components.treeprocessor.sitemap.PreparableMatchNode.invoke(PreparableMatchNode.java:130)
at 
org.apache.cocoon.components.treeprocessor.AbstractParentProcessingNode.invokeNodes(AbstractParentProcessingNode.java:68)

at 
org.apache.cocoon.components.treeprocessor.sitemap.PipelineNode.invoke(PipelineNode.java:142)
at 
org.apache.cocoon.components.treeprocessor.AbstractParentProcessingNode.invokeNodes(AbstractParentProcessingNode.java:68)

at 
org.apache.cocoon.components.treeprocessor.sitemap.PipelinesNode.invoke(PipelinesNode.java:92)
at 
org.apache.cocoon.components.treeprocessor.ConcreteTreeProcessor.process(ConcreteTreeProcessor.java:234)
at 
org.apache.cocoon.components.treeprocessor.ConcreteTreeProcessor.buildPipeline(ConcreteTreeProcessor.java:192)

at 
org.apache.cocoon.components.treeprocessor.TreeProcessor.buildPipeline(TreeProcessor.java:265)
at 
org.apache.cocoon.components.treeprocessor.sitemap.MountNode.invoke(MountNode.java:110)
at 
org.apache.cocoon.components.treeprocessor.AbstractParentProcessingNode.invokeNodes(AbstractParentProcessingNode.java:68)

at 
org.apache.cocoon.components.treeprocessor.sitemap.SelectNode.invoke(SelectNode.java:102)
at 
org.apache.cocoon.components.treeprocessor.AbstractParentProcessingNode.invokeNodes(AbstractParentProcessingNode.java:46)

at 
org.apache.cocoon.components.treeprocessor.sitemap.MatchNode.invoke(MatchNode.java:107)
at 
org.apache.cocoon.components.treeprocessor.AbstractParentProcessingNode.invokeNodes(AbstractParentProcessingNode.java:68)

at 
org.apache.cocoon.components.treeprocessor.sitemap.PipelineNode.invoke(PipelineNode.java:142)
at 
org.apache.cocoon.components.treeprocessor.AbstractParentProcessingNode.invokeNodes(AbstractParentProcessingNode.java:68)

at 
org.apache.cocoon.components.treeprocessor.sitemap.PipelinesNode.invoke(PipelinesNode.java:92)
at 
org.apache.cocoon.components.treeprocessor.ConcreteTreeProcessor.process(ConcreteTreeProcessor.java:234)
at 
org.apache.cocoon.components.treeprocessor.ConcreteTreeProcessor.buildPipeline(ConcreteTreeProcessor.java:192)

at 
org.apache.cocoon.components.treeprocessor.TreeProcessor.buildPipeline(TreeProcessor.java:265)
at 
org.apache.cocoon.components.treeprocessor.sitemap.MountNode.invoke(MountNode.java:110)
at 
org.apache.cocoon.components.treeprocessor.AbstractParentProcessingNode.invokeNodes(AbstractParentProcessingNode.java:46)

at 
org.apache.cocoon.components.treeprocessor.sitemap.PreparableMatchNode.invoke(PreparableMatchNode.java:130)
at 
org.apache.cocoon.components.treeprocessor.AbstractParentProcessingNode.invokeNodes(AbstractParentProcessingNode.java:68)

at 
org.apache.cocoon.components.treeprocessor.sitemap.PipelineNode.invoke(PipelineNode.java:142)
at 
org.apache.cocoon.components.treeprocessor.AbstractParentProcessingNode.invokeNodes(AbstractParentProcessingNode.java:68)

at 
org.apache.cocoon.components.treeprocessor.sitemap.PipelinesNode.invoke(PipelinesNode.java:92)
at 
org.apache.cocoon.components.treeprocessor.ConcreteTreeProcessor.process(ConcreteTreeProcessor.java:234)
at 
org.apache.cocoon.components.treeprocessor.ConcreteTreeProcessor.buildPipeline(ConcreteTreeProcessor.java:192)

at 
org.apache.cocoon.components.treeprocessor.TreeProcessor.buildPipeline(TreeP

Re: [Dspace-tech] LDAP authentication

[Stuart Lewis]

Hi Eric,

> I just patched a fresh install with your latest LDAP patch (along with patch
> 2057231).  LDAP works fine, but now password authentication fails. I noticed
> that your patch replaced:
> 
> plugin.sequence.org.dspace.authenticate.AuthenticationMethod = \
>  org.dspace.authenticate.PasswordAuthentication, \
>  org.dspace.authenticate.LDAPHierarchicalAuthentication, \
>  org.dspace.authenticate.X509Authentication
> 
> with:
> 
> plugin.sequence.org.dspace.authenticate.AuthenticationMethod = \
>  org.dspace.authenticate.LDAPHierarchicalAuthentication

Yes - that was just an example for how to use only hierarchical LDAP authN,
but as you found you can still use the stackable system as you wish.
 
> I changed it back and still got the same error (see Java stacktrace below).
> 
> java.lang.NullPointerException
> at 
> org.dspace.authenticate.LDAPHierarchicalAuthentication.getSpecialGroups(LDAPHi
> erarchicalAuthentication.java:143)
> at 
> org.dspace.authenticate.AuthenticationManager.getSpecialGroups(AuthenticationM
> anager.java:308)

Hmmm, weird. It seems to be suggesting that the context is null. Try
replacing the getSpecialGroups method in HierarchicalLDAPAuthentication.java
with:

public int[] getSpecialGroups(Context context, HttpServletRequest
request)
{
// Prevents anonymous users from being added to this group, and the
second check
// ensures they are LDAP users
if ((context != null) &&
(context.getCurrentUser() != null) &&
(!context.getCurrentUser().getNetid().equals("")))
{
if (ldapGroup == null)
{ // Oops - the group isn't there.
log.warn(LogManager.getHeader(context,
"ldap_specialgroup",
"Group defined in ldap.login.specialgroup does not
exist"));
return new int[0];
} else
{
return new int[] { ldapGroup.getID() };
}
}
return new int[0];
}

Thanks,


Stuart
_

Gwasanaethau Gwybodaeth  Information Services
Prifysgol Aberystwyth  Aberystwyth University

E-bost / E-mail: [EMAIL PROTECTED]
 Ffon / Tel: (01970) 622860
_


-
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech

Re: [Dspace-tech] LDAP authentication

[Eric Luhrs]

Hi Stuart,
I replaced the getSpecialGroups method in LDAPHierachicalAuthentication.java
with the code you sent.  I then ran "mvn package" followed by "ant update"
and "ant init_configs".  After restarting Tomcat, I was able to login via
LDAP, but not with a local password.  Here several lines dspace.log,
followed by the Java stacktrace.

Eric

2008-09-18 15:08:02,348 INFO  org.dspace.authenticate.PasswordAuthentication
@
anonymous:session_id=F1FB96AF6FA3464C393A3366621534A4:ip_addr=139.147.66.108:authenticate:attempting
password auth of user=
2008-09-18 15:08:02,349 INFO
org.dspace.authenticate.LDAPHierarchicalAuthentication @
anonymous:session_id=F1FB96AF6FA3464C393A3366621534A4:ip_addr=139.147.66.108:auth:attempting
trivial auth of user=
2008-09-18 15:08:02,354 INFO
org.dspace.authenticate.LDAPHierarchicalAuthentication @
anonymous:session_id=F1FB96AF6FA3464C393A3366621534A4:ip_addr=139.147.66.108:failed_login:no
DN found for user
2008-09-18 15:08:02,354 INFO  org.dspace.app.xmlui.utils.AuthenticationUtil
@
anonymous:session_id=F1FB96AF6FA3464C393A3366621534A4:ip_addr=139.147.66.108:failed_login:email=,
realm=null, result=2
2008-09-18 15:08:13,262 INFO  org.dspace.authenticate.PasswordAuthentication
@
anonymous:session_id=F1FB96AF6FA3464C393A3366621534A4:ip_addr=139.147.66.108:authenticate:attempting
password auth of
[EMAIL PROTECTED]
2008-09-18 15:08:13,263 INFO  org.dspace.authenticate.PasswordAuthentication
@ [EMAIL PROTECTED]:
session_id=F1FB96AF6FA3464C393A3366621534A4:ip_addr=139.147.66.108:
authenticate:type=PasswordAuthentication
2008-09-18 15:08:13,263 INFO  org.dspace.app.xmlui.utils.AuthenticationUtil
@ [EMAIL PROTECTED]:
session_id=F1FB96AF6FA3464C393A3366621534A4:ip_addr=139.147.66.108:
login:type=explicit

java.lang.NullPointerException
at 
org.dspace.authenticate.LDAPHierarchicalAuthentication.getSpecialGroups(LDAPHierarchicalAuthentication.java:144)
at 
org.dspace.authenticate.AuthenticationManager.getSpecialGroups(AuthenticationManager.java:308)
at 
org.dspace.app.xmlui.utils.AuthenticationUtil.logIn(AuthenticationUtil.java:222)
at 
org.dspace.app.xmlui.utils.AuthenticationUtil.Authenticate(AuthenticationUtil.java:147)
at 
org.dspace.app.xmlui.aspect.eperson.AuthenticateAction.act(AuthenticateAction.java:109)
at 
org.apache.cocoon.components.treeprocessor.sitemap.ActTypeNode.invoke(ActTypeNode.java:124)
at 
org.apache.cocoon.components.treeprocessor.AbstractParentProcessingNode.invokeNodes(AbstractParentProcessingNode.java:46)
at 
org.apache.cocoon.components.treeprocessor.sitemap.PreparableMatchNode.invoke(PreparableMatchNode.java:130)
at 
org.apache.cocoon.components.treeprocessor.AbstractParentProcessingNode.invokeNodes(AbstractParentProcessingNode.java:68)
at 
org.apache.cocoon.components.treeprocessor.sitemap.PipelineNode.invoke(PipelineNode.java:142)
at 
org.apache.cocoon.components.treeprocessor.AbstractParentProcessingNode.invokeNodes(AbstractParentProcessingNode.java:68)
at 
org.apache.cocoon.components.treeprocessor.sitemap.PipelinesNode.invoke(PipelinesNode.java:92)
at 
org.apache.cocoon.components.treeprocessor.ConcreteTreeProcessor.process(ConcreteTreeProcessor.java:234)
at 
org.apache.cocoon.components.treeprocessor.ConcreteTreeProcessor.buildPipeline(ConcreteTreeProcessor.java:192)
at 
org.apache.cocoon.components.treeprocessor.TreeProcessor.buildPipeline(TreeProcessor.java:265)
at 
org.apache.cocoon.components.treeprocessor.sitemap.MountNode.invoke(MountNode.java:110)
at 
org.apache.cocoon.components.treeprocessor.AbstractParentProcessingNode.invokeNodes(AbstractParentProcessingNode.java:68)
at 
org.apache.cocoon.components.treeprocessor.sitemap.SelectNode.invoke(SelectNode.java:102)
at 
org.apache.cocoon.components.treeprocessor.AbstractParentProcessingNode.invokeNodes(AbstractParentProcessingNode.java:46)
at 
org.apache.cocoon.components.treeprocessor.sitemap.MatchNode.invoke(MatchNode.java:107)
at 
org.apache.cocoon.components.treeprocessor.AbstractParentProcessingNode.invokeNodes(AbstractParentProcessingNode.java:68)
at 
org.apache.cocoon.components.treeprocessor.sitemap.PipelineNode.invoke(PipelineNode.java:142)
at 
org.apache.cocoon.components.treeprocessor.AbstractParentProcessingNode.invokeNodes(AbstractParentProcessingNode.java:68)
at 
org.apache.cocoon.components.treeprocessor.sitemap.PipelinesNode.invoke(PipelinesNode.java:92)
at 
org.apache.cocoon.components.treeprocessor.ConcreteTreeProcessor.process(ConcreteTreeProcessor.java:234)
at 
org.apache.cocoon.components.treeprocessor.ConcreteTreeProcessor.buildPipeline(ConcreteTreeProcessor.java:192)
at 
org.apache.cocoon.components.treeprocessor.TreeProcessor.buildPipeline(TreeProcessor.java:265)
at 
org.apache.cocoon.components.treeprocessor.sitemap.MountNode.invoke(MountNode.java:110)
   

Re: [Dspace-tech] LDAP authentication

[Stuart Lewis]

Hi Eric,

> I replaced the getSpecialGroups method in LDAPHierachicalAuthentication.java
> with the code you sent.  I then ran "mvn package" followed by "ant update" and
> "ant init_configs".  After restarting Tomcat, I was able to login via LDAP,
> but not with a local password.  Here several lines dspace.log, followed by the
> Java stacktrace.

Sorry - my fault. I sent that new method when I was up far too late last
night! In the cold light of day I can see what is causing the problem, have
fixed it in SVN, and tested it in both the JSPUI and Manakin.

Use this instead:

public int[] getSpecialGroups(Context context, HttpServletRequest request)
{
// Prevents anonymous users from being added to this group, and the
second check
// ensures they are LDAP users
try
{
if (!context.getCurrentUser().getNetid().equals(""))
{
if (ldapGroup == null)
{ 
// Oops - the group isn't there.
log.warn(LogManager.getHeader(context,
"ldap_specialgroup",
"Group defined in ldap.login.specialgroup does
not exist"));
return new int[0];
} else
{
return new int[] { ldapGroup.getID() };
}
}
}
catch (NullPointerException npe) {
// The user is not an LDAP user, so we don't need to worry about
them
}
return new int[0];
}

Thanks,


Stuart
_

Gwasanaethau Gwybodaeth  Information Services
Prifysgol Aberystwyth  Aberystwyth University

E-bost / E-mail: [EMAIL PROTECTED]
 Ffon / Tel: (01970) 622860
_


-
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech

Re: [Dspace-tech] LDAP Authentication

[Hilton Gibson]

Hi Sean

Your setup looks good.
What do your DSpace logs say.

Cheers

hg

On 13 May 2010 11:53, Sean Carte  wrote:

> I've got a simple ldap server configured primarily to allow
> authentication for EZProxy; now I'd like to be able to get DSpace to
> use it for authentication. But I can't get it to work.
>
> I followed the DSpace configuration steps outlined at
> , and have the
> following in my dspace.cfg:
>
> plugin.sequence.org.dspace.authenticate.AuthenticationMethod = \
>org.dspace.authenticate.LDAPAuthentication, \
>org.dspace.authenticate.PasswordAuthentication
>
> ldap.enable = true
> ldap.provider_url = ldap://localhost:389/
> ldap.id_field = uid
> ldap.object_context = ou=People,dc=esal,dc=ac,dc=za
> ldap.search_context = ou=People
> ldap.email_field = mail
> ldap.surname_field = sn
> ldap.givenname_field = givenName
> ldap.phone_field = telephoneNumber
> webui.ldap.autoregister = false
>
> DSpace and LDAP are running on the same server, and I can use
> ldapsearch to return information on a user:
>
> r...@uzspace:~# ldapsearch -xLLL -b "dc=esal,dc=ac,dc=za" 'uid=UZP0899'
> dn: uid=UZP0899,ou=People,dc=esal,dc=ac,dc=za
> objectClass: inetOrgPerson
> cn: Carte,S R
> sn: Carte
> uid: UZP0899
> mail:
>
> But DSpace returns an invalid username/password message when I try to
> log in using its LDAP authentication. The following is what gets
> output when running slapd in debug:
>
> r...@uzspace:~# slapd -d 2
> @(#) $OpenLDAP: slapd 2.4.9 (Mar 31 2009 07:12:16) $
>bui...@rothera
> :/build/buildd/openldap2.3-2.4.9/debian/build/servers/slapd
> /etc/ldap/slapd.conf: line 111: rootdn is always granted unlimited
> privileges.
> /etc/ldap/slapd.conf: line 129: rootdn is always granted unlimited
> privileges.
> slapd starting
> ldap_read: want=8, got=8
>  :  30 39 02 01 01 60 34 0209...`4.
> ldap_read: want=51, got=51
>  :  01 03 04 29 75 69 64 3d  55 5a 50 30 38 39 39 2c   ...)uid=UZP0899,
>  0010:  6f 75 3d 50 65 6f 70 6c  65 2c 64 63 3d 65 73 61   ou=People,dc=esa
>  0020:  6c 2c 64 63 3d 61 63 2c  64 63 3d 7a 61 80 04 37   l,dc=ac,dc=za..x
>  0030:  33 32 36   xxx
> ldap_read: want=8 error=Resource temporarily unavailable
>  :  30 0c 02 01 01 61 07 0a  01 00 04 00 04 00 0a
> ldap_write: want=14, written=14
>  :  30 0c 02 01 01 61 07 0a  01 00 04 00 04 00 0a
> ldap_read: want=8, got=8
>  :  30 76 02 01 02 63 54 040v...cT.
> ldap_read: want=112, got=112
>  :  09 6f 75 3d 50 65 6f 70  6c 65 0a 01 01 0a 01 03   .ou=People..
>  0010:  02 01 00 02 01 00 01 01  00 a0 10 a3 0e 04 03 75   ...u
>  0020:  69 64 04 07 55 5a 50 30  38 39 39 30 26 04 04 6d   id..UZP08990&..m
>  0030:  61 69 6c 04 09 67 69 76  65 6e 4e 61 6d 65 04 02   ail..givenName..
>  0040:  73 6e 04 0f 74 65 6c 65  70 68 6f 6e 65 4e 75 6d   sn..telephoneNum
>  0050:  62 65 72 a0 1b 30 19 04  17 32 2e 31 36 2e 38 34   ber..0...2.16.84
>  0060:  30 2e 31 2e 31 31 33 37  33 30 2e 33 2e 34 2e 32   0.1.113730.3.4.2
> ldap_read: want=8 error=Resource temporarily unavailable
>  :  30 0c 02 01 02 65 07 0a  01 20 04 00 04 00 0e... 
> ldap_write: want=14, written=14
>  :  30 0c 02 01 02 65 07 0a  01 20 04 00 04 00 0e... 
> ldap_read: want=8, got=8
>  :  30 22 02 01 03 42 00 a00"...B..
> ldap_read: want=28, got=28
>  :  1b 30 19 04 17 32 2e 31  36 2e 38 34 30 2e 31 2e   .0...2.16.840.1.
>  0010:  31 31 33 37 33 30 2e 33  2e 34 2e 32   113730.3.4.2
> ldap_read: want=8 error=Resource temporarily unavailable
>
> And here is the debug output when successfully authenticating using
> the OCLC EZProxy login:
>
> r...@uzspace:~# slapd -d 2
> @(#) $OpenLDAP: slapd 2.4.9 (Mar 31 2009 07:12:16) $
>bui...@rothera
> :/build/buildd/openldap2.3-2.4.9/debian/build/servers/slapd
> /etc/ldap/slapd.conf: line 111: rootdn is always granted unlimited
> privileges.
> /etc/ldap/slapd.conf: line 129: rootdn is always granted unlimited
> privileges.
> slapd starting
> ldap_read: want=8, got=8
>  :  30 0c 02 01 01 60 07 020`..
> ldap_read: want=6, got=6
>  :  01 03 04 00 80 00  ..
> ldap_read: want=8 error=Resource temporarily unavailable
>  :  30 0c 02 01 01 61 07 0a  01 00 04 00 04 00
> 0a
> ldap_write: want=14, written=14
>  :  30 0c 02 01 01 61 07 0a  01 00 04 00 04 00
> 0a
> ldap_read: want=8, got=8
>  :  30 7a 02 01 02 63 75 040z...cu.
> ldap_read: want=116, got=116
>  :  1d 6f 75 3d 50 65 6f 70  6c 65 2c 64 63 3d 65 73
> .ou=People,dc=es
>  0010:  61 6c 2c 64 63 3d 61 63  2c 64 63 3d 7a 61 0a 01
> al,dc=ac,dc=za..
>  0020:  02 0a 01 00 02 01 02 02  01 00 01 01 00 a0 27 a3
> ..'.
>  0

Re: [Dspace-tech] LDAP Authentication

[Sean Carte]

Oops. Forwarding to the lists too.


-- Forwarded message --
From: Sean Carte 
Date: 13 May 2010 13:05:14 UTC+2
Subject: Re: [Dspace-tech] LDAP Authentication
To: Hilton Gibson 




On 13 May 2010 12:45, Hilton Gibson  wrote:
> Your setup looks good.
> What do your DSpace logs say.

Hi Hilton

2010-05-13 13:04:52,676 INFO
org.dspace.authenticate.LDAPAuthentication @
anonymous:session_id=FEEF4E6CAEF6454C72E375F1F79804AD:ip_addr=196.21.56.47:auth:attempting
trivial auth of user=UZP0899
2010-05-13 13:04:52,883 INFO
org.dspace.authenticate.LDAPAuthentication @
anonymous:session_id=FEEF4E6CAEF6454C72E375F1F79804AD:ip_addr=196.21.56.47:autoregister:netid=UZP0899
2010-05-13 13:04:52,883 INFO
org.dspace.authenticate.PasswordAuthentication @
anonymous:session_id=FEEF4E6CAEF6454C72E375F1F79804AD:ip_addr=196.21.56.47:authenticate:attempting
password auth of user=UZP0899
2010-05-13 13:04:52,884 INFO
org.dspace.app.xmlui.utils.AuthenticationUtil @
anonymous:session_id=FEEF4E6CAEF6454C72E375F1F79804AD:ip_addr=196.21.56.47:failed_login:email=UZP0899,
realm=null, result=4

Sean
--
Sean Carte
esAL Library Systems Manager
+27 72 898 8775
+27 31 373 2490
fax: 0866741254
http://esal.dut.ac.za/




-- 
Sean Carte
esAL Library Systems Manager
+27 72 898 8775
+27 31 373 2490
fax: 0866741254
http://esal.dut.ac.za/

--

___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech

Re: [Dspace-tech] LDAP Authentication

[Sean Carte]

On 13 May 2010 14:39, Hilton Gibson  wrote:
> Aaah there it is.
>
> failed_login:email=UZP0899
>
> DSpace is using a email/eperson account details to login a netid/ldap user.
> Why ? I do not know !!
> Check the DSpace database for user accounts and the fields.
> Maybe a bug ??

Well spotted! Thanks Hilton.

The simplest solution then is to log-in using the e-mail rather than
the uid field.

Sean
-- 
Sean Carte
esAL Library Systems Manager
+27 72 898 8775
+27 31 373 2490
fax: 0866741254
http://esal.dut.ac.za/

--

___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech

Re: [Dspace-tech] LDAP Authentication

[helix84]

On 13 May 2010 14:39, Hilton Gibson  wrote:
> Aaah there it is.
>
> failed_login:email=UZP0899
>
> DSpace is using a email/eperson account details to login a netid/ldap user.
> Why ? I do not know !!
> Check the DSpace database for user accounts and the fields.
> Maybe a bug ??

The reason is
ldap.email_field = mail

Just use
ldap.email_field = cn
I use it in my setup for LDAP users (I don't need DSpace to email LDAP
users directly). I use regular email/password login for admins. Hope
that helps.

Regards,
~~helix84

--

___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech

Re: [Dspace-tech] Ldap authentication

[helix84]

On Thu, Aug 19, 2010 at 10:07, Webshet, Sisay (ILRI)
 wrote:
> § Base DN =DC=ILRI,DC=CGIARAD,DC=ORG
>
> § Distinguished name to login =CN=Webshet\, Sisay (ILRI),OU=ILRI
> Ethiopia Employees,OU=ILRI Ethiopia,DC=ILRI,DC=CGIARAD,DC=ORG

You might try to do this:
ldap.id_field = cn

What's in your sAMAccountName?

Regards,
~~helix84

--
This SF.net email is sponsored by 

Make an app they can't live without
Enter the BlackBerry Developer Challenge
http://p.sf.net/sfu/RIM-dev2dev 
___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech

Re: [Dspace-tech] LDAP Authentication

[Hilton Gibson]

Hi Karen

Check this out for some tips.
http://wiki.lib.sun.ac.za/index.php/SUNScholar/User_Management

Cheers

hg

On 03/02/2011 17:46, Savage, Karen R. wrote:

I'm upgrading our instance of Dspace from 1.3 to 1.7 and at the same time, 
migrating to a new server. I have the LDAP config information from the old 
config file (and have confirmed with our IT guy that it is still correct), but 
when I enter it on the new config file, I can't log in. Is there something I 
need to do to the server itself before it'll work? (I wasn't around when our 
live instance first went up). This is the last bit I need to get working.

Running:
RHEL 4.1
Tomcat 6.0
Java JDK 1.6
PostgreSQL 9.0
Dspace 1.7

--
Karen Savage
Baylor University Libraries
Electronic Library
Library Systems
karen_sav...@baylor.edu
(254) 710-3275

--
Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
Finally, a world-class log management solution at an even better price-free!
Download using promo code Free_Logger_4_Dev2Dev. Offer expires
February 28th, so secure your free ArcSight Logger TODAY!
http://p.sf.net/sfu/arcsight-sfd2d
___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech


--
Hilton Gibson
Systems Administrator
JS Gericke Library Room 1025
Stellenbosch University
Private Bag X5036
Stellenbosch
7599
South Africa

Tel: +27 21 808 4100 | Cell: +27 84 646 4758

"Simplicity is the ultimate sophistication"
Leonardo da Vinci

--
Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
Finally, a world-class log management solution at an even better price-free!
Download using promo code Free_Logger_4_Dev2Dev. Offer expires 
February 28th, so secure your free ArcSight Logger TODAY! 
http://p.sf.net/sfu/arcsight-sfd2d___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech

Re: [Dspace-tech] LDAP Authentication

[Stuart Lewis]

Hi Karen,

> I'm upgrading our instance of Dspace from 1.3 to 1.7 and at the same time, 
> migrating to a new server. I have the LDAP config information from the old 
> config file (and have confirmed with our IT guy that it is still correct), 
> but when I enter it on the new config file, I can't log in. Is there 
> something I need to do to the server itself before it'll work? (I wasn't 
> around when our live instance first went up). This is the last bit I need to 
> get working.

If you look in your [dspace]/log/dspace.log-{datestamp} file, there should be 
some information saying why the authentication failed.  This might give a clue 
as to what is going on.

Thanks,


Stuart Lewis
Digital Development Manager
Te Tumu Herenga The University of Auckland Library
Auckland Mail Centre, Private Bag 92019, Auckland 1142, New Zealand
Ph: +64 (0)9 373 7599 x81928


--
The modern datacenter depends on network connectivity to access resources
and provide services. The best practices for maximizing a physical server's
connectivity to a physical network are well understood - see how these
rules translate into the virtual world? 
http://p.sf.net/sfu/oracle-sfdevnlfb
___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech

Re: [Dspace-tech] LDAP Authentication

[Savage, Karen R.]

Hi Stuart,

I'm looking into my log configuration now, because there hasn't been any 
activity in the logs since Tuesday, when I last restarted the web server.

--
Karen Savage
Baylor University Libraries
Electronic Library
Library Systems
karen_sav...@baylor.edu
(254) 710-3275



On 2/3/11 1:49 PM, "Stuart Lewis"  wrote:

Hi Karen,

> I'm upgrading our instance of Dspace from 1.3 to 1.7 and at the same time, 
> migrating to a new server. I have the LDAP config information from the old 
> config file (and have confirmed with our IT guy that it is still correct), 
> but when I enter it on the new config file, I can't log in. Is there 
> something I need to do to the server itself before it'll work? (I wasn't 
> around when our live instance first went up). This is the last bit I need to 
> get working.

If you look in your [dspace]/log/dspace.log-{datestamp} file, there should be 
some information saying why the authentication failed.  This might give a clue 
as to what is going on.

Thanks,


Stuart Lewis
Digital Development Manager
Te Tumu Herenga The University of Auckland Library
Auckland Mail Centre, Private Bag 92019, Auckland 1142, New Zealand
Ph: +64 (0)9 373 7599 x81928



--
The modern datacenter depends on network connectivity to access resources
and provide services. The best practices for maximizing a physical server's
connectivity to a physical network are well understood - see how these
rules translate into the virtual world? 
http://p.sf.net/sfu/oracle-sfdevnlfb
___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech

Re: [Dspace-tech] LDAP Authentication

[Andrea Schweer]

Hi Karen,

On 04/02/11 08:51, Savage, Karen R. wrote:
> I'm looking into my log configuration now, because there hasn't been
> any activity in the logs since Tuesday, when I last restarted the web
> server.

That's odd -- does your servlet container have write permissions to the
log directory? In fact it probably needs write permissions to the whole
DSpace installation directory.

cheers,
Andrea

-- 
Andrea Schweer
IRR Technical Specialist, ITS Information Systems
The University of Waikato, Hamilton, New Zealand

--
The modern datacenter depends on network connectivity to access resources
and provide services. The best practices for maximizing a physical server's
connectivity to a physical network are well understood - see how these
rules translate into the virtual world? 
http://p.sf.net/sfu/oracle-sfdevnlfb
___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech

Re: [Dspace-tech] LDAP Authentication

[stuart yeates]

However maintains the LDAP at your site almost certainly controls who 
can access it. If your new server has a different machine name or IP 
address, their records may need to be updated.

There are also all manner of firewall issues that can occur, depending 
on the configuration at your site.

cheers
stuart

On 04/02/11 04:46, Savage, Karen R. wrote:
> I'm upgrading our instance of Dspace from 1.3 to 1.7 and at the same time, 
> migrating to a new server. I have the LDAP config information from the old 
> config file (and have confirmed with our IT guy that it is still correct), 
> but when I enter it on the new config file, I can't log in. Is there 
> something I need to do to the server itself before it'll work? (I wasn't 
> around when our live instance first went up). This is the last bit I need to 
> get working.
>
> Running:
> RHEL 4.1
> Tomcat 6.0
> Java JDK 1.6
> PostgreSQL 9.0
> Dspace 1.7
>
> --
> Karen Savage
> Baylor University Libraries
> Electronic Library
> Library Systems
> karen_sav...@baylor.edu
> (254) 710-3275
>
> --
> Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
> Finally, a world-class log management solution at an even better price-free!
> Download using promo code Free_Logger_4_Dev2Dev. Offer expires
> February 28th, so secure your free ArcSight Logger TODAY!
> http://p.sf.net/sfu/arcsight-sfd2d
> ___
> DSpace-tech mailing list
> DSpace-tech@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/dspace-tech
>


-- 
Stuart Yeates
Library Technology Services http://www.victoria.ac.nz/library/

--
The modern datacenter depends on network connectivity to access resources
and provide services. The best practices for maximizing a physical server's
connectivity to a physical network are well understood - see how these
rules translate into the virtual world? 
http://p.sf.net/sfu/oracle-sfdevnlfb
___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech

Re: [Dspace-tech] LDAP Authentication

[Savage, Karen R.]

This is what I'm finding in the log file:

2011-02-07 10:09:04,284 INFO  
org.dspace.authenticate.LDAPHierarchicalAuthentication @ 
anonymous:session_id=36F5668310DE405281CC4104721E98AD:ip_addr=129.62.210.158:auth:attempting
 trivial auth of user=karen_savage
2011-02-07 10:09:04,779 INFO  
org.dspace.authenticate.LDAPHierarchicalAuthentication @ 
anonymous:session_id=36F5668310DE405281CC4104721E98AD:ip_addr=129.62.210.158:failed_login:no
 DN found for user karen_savage
2011-02-07 10:09:04,779 INFO  org.dspace.app.xmlui.utils.AuthenticationUtil @ 
anonymous:session_id=36F5668310DE405281CC4104721E98AD:ip_addr=129.62.210.158:failed_login:email=karen_savage,
 realm=null, result=2

The first thing I'm noticing is the anonymous session. Our LDAP server doesn't 
allow anonymous access and our LDAP guy gave me the DN and password of a user 
to put in the config file. He's also double-checked the rest of the LDAP 
related variables to confirm they are correct. So is it normal for it to say 
anonymous in the log file, or is it missing something in the config file?

Thanks,

-- 
Karen Savage
Baylor University Libraries
Electronic Library
Library Systems
karen_sav...@baylor.edu
(254) 710-3275


-Original Message-
From: Stuart Lewis [mailto:s.le...@auckland.ac.nz] 
Sent: Thursday, February 03, 2011 1:50 PM
To: Savage, Karen R.
Cc: dspace-tech@lists.sourceforge.net
Subject: Re: [Dspace-tech] LDAP Authentication

Hi Karen,

> I'm upgrading our instance of Dspace from 1.3 to 1.7 and at the same time, 
> migrating to a new server. I have the LDAP config information from the old 
> config file (and have confirmed with our IT guy that it is still correct), 
> but when I enter it on the new config file, I can't log in. Is there 
> something I need to do to the server itself before it'll work? (I wasn't 
> around when our live instance first went up). This is the last bit I need to 
> get working.

If you look in your [dspace]/log/dspace.log-{datestamp} file, there should be 
some information saying why the authentication failed.  This might give a clue 
as to what is going on.

Thanks,


Stuart Lewis
Digital Development Manager
Te Tumu Herenga The University of Auckland Library
Auckland Mail Centre, Private Bag 92019, Auckland 1142, New Zealand
Ph: +64 (0)9 373 7599 x81928


--
The modern datacenter depends on network connectivity to access resources
and provide services. The best practices for maximizing a physical server's
connectivity to a physical network are well understood - see how these
rules translate into the virtual world? 
http://p.sf.net/sfu/oracle-sfdevnlfb
___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech

Re: [Dspace-tech] LDAP Authentication

[Stuart Lewis]

Hi Karen,

> This is what I'm finding in the log file:
> 
> 2011-02-07 10:09:04,284 INFO  
> org.dspace.authenticate.LDAPHierarchicalAuthentication @ 
> anonymous:session_id=36F5668310DE405281CC4104721E98AD:ip_addr=129.62.210.158:auth:attempting
>  trivial auth of user=karen_savage
> 2011-02-07 10:09:04,779 INFO  
> org.dspace.authenticate.LDAPHierarchicalAuthentication @ 
> anonymous:session_id=36F5668310DE405281CC4104721E98AD:ip_addr=129.62.210.158:failed_login:no
>  DN found for user karen_savage
> 2011-02-07 10:09:04,779 INFO  org.dspace.app.xmlui.utils.AuthenticationUtil @ 
> anonymous:session_id=36F5668310DE405281CC4104721E98AD:ip_addr=129.62.210.158:failed_login:email=karen_savage,
>  realm=null, result=2
> 
> The first thing I'm noticing is the anonymous session. Our LDAP server 
> doesn't allow anonymous access and our LDAP guy gave me the DN and password 
> of a user to put in the config file. He's also double-checked the rest of the 
> LDAP related variables to confirm they are correct. So is it normal for it to 
> say anonymous in the log file, or is it missing something in the config file?

Seeing the anonymous session is normal.  Once you have logged in, that will 
change to your login.

Could you show us the LDAP configuration values you have (except for the 
password!).  This might give us a clue.  If it helps, there is a set of example 
LDAP settings (which should work if you want to try them against a public LDAP 
server) at:

 - 
http://blog.stuartlewis.com/2008/08/18/test-ldap-service-upgraded-now-with-branches/

Thanks,


Stuart Lewis
Digital Development Manager
Te Tumu Herenga The University of Auckland Library
Auckland Mail Centre, Private Bag 92019, Auckland 1142, New Zealand
Ph: +64 (0)9 373 7599 x81928


--
The modern datacenter depends on network connectivity to access resources
and provide services. The best practices for maximizing a physical server's
connectivity to a physical network are well understood - see how these
rules translate into the virtual world? 
http://p.sf.net/sfu/oracle-sfdevnlfb
___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech

Re: [Dspace-tech] LDAP Authentication

[Savage, Karen R.]

Thanks, Stuart. Looking at your sample, I was able to fix it. I had a blank 
ldap.id_field, which the LDAP guy said was correct, but changing it to 
ldap.id_field = cn allowed me to log in!

-- 
Karen Savage
Baylor University Libraries
Electronic Library
Library Systems
karen_sav...@baylor.edu
(254) 710-3275

-Original Message-
From: Stuart Lewis [mailto:s.le...@auckland.ac.nz] 
Sent: Monday, February 07, 2011 12:00 PM
To: Savage, Karen R.
Cc: dspace-tech@lists.sourceforge.net
Subject: Re: [Dspace-tech] LDAP Authentication

Hi Karen,

> This is what I'm finding in the log file:
> 
> 2011-02-07 10:09:04,284 INFO  
> org.dspace.authenticate.LDAPHierarchicalAuthentication @ 
> anonymous:session_id=36F5668310DE405281CC4104721E98AD:ip_addr=129.62.210.158:auth:attempting
>  trivial auth of user=karen_savage
> 2011-02-07 10:09:04,779 INFO  
> org.dspace.authenticate.LDAPHierarchicalAuthentication @ 
> anonymous:session_id=36F5668310DE405281CC4104721E98AD:ip_addr=129.62.210.158:failed_login:no
>  DN found for user karen_savage
> 2011-02-07 10:09:04,779 INFO  org.dspace.app.xmlui.utils.AuthenticationUtil @ 
> anonymous:session_id=36F5668310DE405281CC4104721E98AD:ip_addr=129.62.210.158:failed_login:email=karen_savage,
>  realm=null, result=2
> 
> The first thing I'm noticing is the anonymous session. Our LDAP server 
> doesn't allow anonymous access and our LDAP guy gave me the DN and password 
> of a user to put in the config file. He's also double-checked the rest of the 
> LDAP related variables to confirm they are correct. So is it normal for it to 
> say anonymous in the log file, or is it missing something in the config file?

Seeing the anonymous session is normal.  Once you have logged in, that will 
change to your login.

Could you show us the LDAP configuration values you have (except for the 
password!).  This might give us a clue.  If it helps, there is a set of example 
LDAP settings (which should work if you want to try them against a public LDAP 
server) at:

 - 
http://blog.stuartlewis.com/2008/08/18/test-ldap-service-upgraded-now-with-branches/

Thanks,


Stuart Lewis
Digital Development Manager
Te Tumu Herenga The University of Auckland Library
Auckland Mail Centre, Private Bag 92019, Auckland 1142, New Zealand
Ph: +64 (0)9 373 7599 x81928


--
The modern datacenter depends on network connectivity to access resources
and provide services. The best practices for maximizing a physical server's
connectivity to a physical network are well understood - see how these
rules translate into the virtual world? 
http://p.sf.net/sfu/oracle-sfdevnlfb
___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech

Re: [Dspace-tech] LDAP Authentication

[helix84]

On Wed, May 2, 2012 at 10:41 AM, johnson sikhumbuzo Dlamini
 wrote:
> PROBLEM: When you login, you are presented with two links to specify whether
> you want password login or ldap login. However, when either of these links
> is clicked the resultant  login screen expects similar inputs (i.e. the
> e-mail and pass-word). I expected to be prompted for the user-name and
> password when I click the ldap-login option.

Hi Johnson,

with a clean DSpace installation what you should see after you choose
our authentication method is E-Mail Address/Password (for
/password-login) and User Name/Password (for /ldap-login). If you see
something different, perhaps it is a result of some of your
customizations?

Your configuration might look like this (don't forget to restart
Tomcat everytime after changing it):

plugin.sequence.org.dspace.authenticate.AuthenticationMethod = \
org.dspace.authenticate.PasswordAuthentication, \
org.dspace.authenticate.LDAPHierarchicalAuthentication


Anyway, regardless of the strings you see in the login form and
regardless of which login form you see, the authentication methods you
configured will be tried in turn, because of the way the DSpace
authentication currently "stacks" methods. So even if you enter
login/password into /ldap-login and ldap_id/password into
/password-login, you should be successfuly logged in. This is
described in https://jira.duraspace.org/browse/DS-367

Regards,
~~helix84

--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech

Re: [Dspace-tech] LDAP Authentication

[helix84]

On Wed, May 2, 2012 at 4:29 PM, johnson sikhumbuzo Dlamini
 wrote:
> Hi helix
>
> Thanks for your informative  response.
> I in-fact have the authentication class as you suggested  above   in the
> authentication.cfg file. i.e.
>
> plugin.sequence.org.dspace.authenticate.AuthenticationMethod = \
> org.dspace.authenticate.PasswordAuthentication, \
> org.dspace.authenticate.LDAPHierarchicalAuthentication
>
> which is the reason am presented with the two choices at login.
>
> Could you please advise me on ways to skip this login type selection screen
> such that when a user logs-in is immediately presented with textboxes
> enquiring the ldap-userName and Password. The system is expected to
> implicitly validate the user based on whether ldap-userName/email was
> entered.
>
> Thanks for your time.
>
> Johnson


Please, keep the CC when replying to dspace-tech.

I described a workaround I use here:

http://www.mail-archive.com/dspace-tech@lists.sourceforge.net/msg16563.html

Regards,
~~helix84

--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech

Re: [Dspace-tech] LDAP Authentication failure

[Stuart Lewis [sdl]]

Hi,

> We are using DSpace 1.4.2; We are facing this problem on a RHEL box.
> 
> 2008-08-12 15:33:33,847 INFO  org.dspace.eperson*.*PasswordAuthentication @
> anonymous:session_id=86F90023214655DE8C1AA34B81B2B2B5:ip_addr=10.10.3.205:auth
> enticate:attempting
> password auth of [EMAIL PROTECTED]
>  2008-08-12 15:33:33,852 INFO
> org.dspace.app.webui.servlet.PasswordServlet @
> anonymous:session_id=86F90023214655DE8C1AA34B81B2B2B5:*ip_addr=10.10.3.205:fai
> led_login:[EMAIL PROTECTED],
> result=4*

The subject of your email suggests that you are wanting to use LDAP to
authenticate your users?

If this is the case it looks like you might not have set it up correctly as
DSpace is still trying to authenticate using its own in-built password
system.

To enable LDAP, do the following in [dspace]/config/dspace.cfg:

 - Set 'ldap.enable' to 'true'
 - Set LDAP as the authentication method:
   - plugin.sequence.org.dspace.eperson.AuthenticationMethod = \
org.dspace.eperson.LDAPAuthentication
 - Set all your LDAP parameters to your local server settings
 - Restart tomcat

> Also, *how to reflect new changes made to any Java file, before
> rebuilding the dspace.war*?

Re-run ant, as follows:

 - ant -D[dspace]/config/dspace.cfg update

Thanks,


Stuart
_

Gwasanaethau Gwybodaeth  Information Services
Prifysgol Aberystwyth  Aberystwyth University

E-bost / E-mail: [EMAIL PROTECTED]
 Ffon / Tel: (01970) 622860
_

-
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech

Re: [Dspace-tech] LDAP Authentication failure

[Gagan mandayam]

Stuart Lewis [sdl] wrote:


Hi,

> We are using DSpace 1.4.2; We are facing this problem on a RHEL box.
>
> 2008-08-12 15:33:33,847 INFO  
org.dspace.eperson*.*PasswordAuthentication @
> 
anonymous:session_id=86F90023214655DE8C1AA34B81B2B2B5:ip_addr=10.10.3.205:auth

> enticate:attempting
> password auth of [EMAIL PROTECTED]
>  2008-08-12 15:33:33,852 INFO
> org.dspace.app.webui.servlet.PasswordServlet @
> 
anonymous:session_id=86F90023214655DE8C1AA34B81B2B2B5:*ip_addr=10.10.3.205:fai

> led_login:[EMAIL PROTECTED],
> result=4*

The subject of your email suggests that you are wanting to use LDAP to
authenticate your users?

If this is the case it looks like you might not have set it up 
correctly as

DSpace is still trying to authenticate using its own in-built password
system.

To enable LDAP, do the following in [dspace]/config/dspace.cfg:

 - Set 'ldap.enable' to 'true'
 - Set LDAP as the authentication method:
   - plugin.sequence.org.dspace.eperson.AuthenticationMethod = \
org.dspace.eperson.LDAPAuthentication
 - Set all your LDAP parameters to your local server settings
 - Restart tomcat

> Also, *how to reflect new changes made to any Java file, before
> rebuilding the dspace.war*?

Re-run ant, as follows:

 - ant -D[dspace]/config/dspace.cfg update

Thanks,




Hi STuart,

Thanks a lot for ur solution. Even after changing the Authentication 
method, we are not able to get into our LDAP;
We *do not have 'object_context' in our LDAP settings*, but this is a 
requirement in Dspace LDAP settings;

SO how to go customize it now?

[ In our LDAP server, we have [ l= 
dc=vijayanagar,cn=Locations,dc=jsw,dc=in ]


We tried this setting ldap.object_context = 
ou=people,dc=vijayanagar,cn=Locations,dc=jsw,dc=in; even this did not work;


ANy idea??


Stuart
_

Gwasanaethau Gwybodaeth  Information Services
Prifysgol Aberystwyth  Aberystwyth University

E-bost / E-mail: [EMAIL PROTECTED]
 Ffon / Tel: (01970) 622860
_



-
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/


___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
  
*DISCLAIMER STATEMENT*

" Save a tree. don't print this email or any documents unless you really 
need to"

*Confidentiality Warning : This e-mail and any files transmitted along with it 
are for the sole use of the intended recipient(s) and may contain confidential 
and privileged information. If you are not the intended recipient, you are 
hereby notified that any review, re-transmission, conversion to hard copy, 
copying, circulation or other use of this message and any attachments is 
strictly prohibited. If you are not the intended recipient, please notify the 
sender immediately by return e-mail, and destroy the original message along 
with all copies of the same and any attachments, from your system.



Virus Warning:  Although the company has taken reasonable precautions to ensure 
no viruses are present in this email, the company cannot accept responsibility 
for any loss or damage arising from the use of this email or attachment."*-
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech

Re: [Dspace-tech] LDAP Authentication issues

[Darren Arsenault]

Hi all,

Just a quick update for those who responded to my last posting about LDAP 
authentication issues in DSPace:

My user changed their password back to what it had previously been, and then 
selected a new password once again. The issue (inability to login using the new 
credentials) is gone, and cannot be reproduced. (Several of us have tried.)

Thank you to all who gave of their time and advice.

Darren Arsenault
Programmer
Algonquin College
1385 Woodroffe Avenue
Ottawa, ON, K2G 1V8

--
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_jan
___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

Re: [Dspace-tech] LDAP Authentication generating Exception

[Flavio Botelho]

I dont have the code here with me, but a wild guess would be that uid
isnt the field that stores the complete DN.

> ldap.id_field = uid

Probably should be set to something else (the usual name for the field
is 'dn' i guess)?

Kudos,
Flavio Botelho

On Thu, Jun 24, 2010 at 12:13 PM, Jason Nugent  wrote:
> Hi everyone,
>
> I am configuring a DSpace 1.6.0 instance to authenticate users to my
> LDAP server.  I believe I have the necessary configuration options in
> dspace.cfg specified correctly, but if I add
> org.dspace.authenticate.LDAPHierarchicalAuthentication to my
> Authentication stack, I receive a NullPointerException.  If I use the
> regular org.dspace.authenticate.LDAPAuthentication method, my logins do
> not work.
>
> My relevant bits of dspace.cfg:
>
> ldap.enable = true
> ldap.provider_url = ldaps://ldap.unb.ca/
> ldap.id_field = uid
> ldap.object_context = dc=unb,dc=ca
> ldap.search_context = dc=unb,dc=ca
> ldap.email_field = mail
> webui.ldap.autoregister = true
> ldap.search_scope = 2
> ldap.search.user = uid=authentication,dc=unb,dc=ca
> ldap.search.password = #
>
>
> For Hierarchical authentication, I receive the following stack trace:
>
> java.lang.NullPointerException
>        at
> org.dspace.authenticate.LDAPHierarchicalAuthentication$SpeakerToLDAP.getDNOfUser(LDAPHierarchicalAuthentication.java:381)
>        at
> org.dspace.authenticate.LDAPHierarchicalAuthentication.authenticate(LDAPHierarchicalAuthentication.java:212)
>        at
> org.dspace.authenticate.AuthenticationManager.authenticateInternal(AuthenticationManager.java:197)
>        at
> org.dspace.authenticate.AuthenticationManager.authenticate(AuthenticationManager.java:134)
>        at
> org.dspace.app.xmlui.utils.AuthenticationUtil.Authenticate(AuthenticationUtil.java:139)
>        at
> org.dspace.app.xmlui.aspect.eperson.LDAPAuthenticateAction.act(LDAPAuthenticateAction.java:100)
>
>
> When I switch back to the other method, I see this in dspace.log:
>
> 2010-06-24 12:09:36,234 INFO  org.dspace.authenticate.LDAPAuthentication
> @
> anonymous:session_id=C9E51723EA5FACD476F97B1300ABC5E8:ip_addr=131.202.32.219:auth:attempting
> trivial auth of user=jnugent
>
> 2010-06-24 12:09:36,234 DEBUG org.dspace.storage.rdbms.DatabaseManager @
> Running query "select * from eperson where netid = ? "  with parameters:
> jnugent
>
> 2010-06-24 12:09:37,233 WARN  org.dspace.authenticate.LDAPAuthentication
> @
> anonymous:session_id=C9E51723EA5FACD476F97B1300ABC5E8:ip_addr=131.202.32.219:ldap_authentication:type=failed_auth
> javax.naming.AuthenticationException\colon; [LDAP\colon; error code 32 -
> No Such Object]
>
> That's better, but now I am wondering why my LDAP server is returning No
> Such Object.  OpenLDAP's ldapsearch tool seems to correctly find my
> record, using the same command line arguments.  I am prompted for my
> authentication password for the authenticated search DN and find my
> jnugent record.
>
> ldapsearch -W -D uid=authentication,dc=unb,dc=ca -v -x -H
> ldaps://ldap.unb.ca  "(uid=jnugent)"
>
> Suggestions are appreciated.
>
> Regards,
>
> Jason
>
>
> --
> Jason Nugent
> Systems Programmer/Database Developer
> Electronic Text Centre
> University of New Brunswick
> jnug...@unb.ca
> (506) 447 3177
>
> --
> ThinkGeek and WIRED's GeekDad team up for the Ultimate
> GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the
> lucky parental unit.  See the prize list and enter to win:
> http://p.sf.net/sfu/thinkgeek-promo
> ___
> DSpace-tech mailing list
> DSpace-tech@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/dspace-tech
>

--
ThinkGeek and WIRED's GeekDad team up for the Ultimate 
GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the 
lucky parental unit.  See the prize list and enter to win: 
http://p.sf.net/sfu/thinkgeek-promo
___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech

Re: [Dspace-tech] LDAP Authentication generating Exception

[Jason Nugent]

Hi Flavio,

On 6/24/10 6:26 PM, Flavio Botelho wrote:
> I dont have the code here with me, but a wild guess would be that uid
> isnt the field that stores the complete DN.
> 
>> ldap.id_field = uid

I was under the assumption that this field was used to initially search
the tree to find the user's dn, which was then used in a bind to verify
the password.  In my case, the filter would be (uid=jnugent).

At any rate, I gave your suggestion a shot and the issue is still
occurring.  I will continue to investigate.

Regards,

Jason

-- 
Jason Nugent
Systems Programmer/Database Developer
Electronic Text Centre
University of New Brunswick
jnug...@unb.ca
(506) 447 3177

--
ThinkGeek and WIRED's GeekDad team up for the Ultimate 
GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the 
lucky parental unit.  See the prize list and enter to win: 
http://p.sf.net/sfu/thinkgeek-promo
___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech

Re: [Dspace-tech] LDAP Authentication generating Exception

[Jason Nugent]

Hi folks,

Just to confirm, does DSpace perform a two step check and then bind for
authentication?  I ask, because I've been talking to the fellow who has
access to our LDAP server logs and he has informed me that it appears as
though DSpace is attempting to bind with uid=jnugent,dc=unb,dc=ca, which
is obviously incorrect.  What it *should* be doing is an initial search
with (uid=jnugent) as a filter, using the
ldap.search_user/search_password, and then retrieving the DN for my
record and binding with that, and the supplied password.  In my case, my
 full DN is unbCaId=XXX,ou=people,dc=unb,dc=ca where XX is a
unique string. Our users would never know what that string was.

It sounds as though the setting for ldap.object_context is involved in
this, since it is appended to the ldap.id_field and username, but in my
case, I'd want it appended to unbCaID=XX, not my uid=jnugent string.

Regards,

Jason
-- 
Jason Nugent
Systems Programmer/Database Developer
Electronic Text Centre
University of New Brunswick
jnug...@unb.ca
(506) 447 3177

--
ThinkGeek and WIRED's GeekDad team up for the Ultimate 
GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the 
lucky parental unit.  See the prize list and enter to win: 
http://p.sf.net/sfu/thinkgeek-promo
___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech

Re: [Dspace-tech] LDAP Authentication generating Exception

[Stuart Lewis]

Hi Jason,

DSpace ships with two LDAP options - LDAPAuthentication and 
LDAPHeirarchicalAuthentication.

If all your users are in one branch of an ldap tree (e.g. they all exist in 
ou=users,dc=unb,dc=ca) then you can use the former. This does not perform an 
initial bind, it just binds to the user's DN using their credentials. If the 
bind is successful then it allows the user to log in to DSpace.

If your users are scattered across many different branches, then you'll need to 
use the LDAPHeirarchicalAuthentication option. This has extra settings in 
dspace.cfg to set the DN and password of a user who has search rights across 
the LDAP directory. DSpace will bind as that user and then perform a search to 
find the DN of the user who is trying to log in. Once it finds that, it then 
binds a second time to that DN, using the user's password.

Hopefully the comments in dspace.cfg will guide you through the different 
settings. This blog post has some examples settings in that might help 
demonstrate what you need to put in where:

 - 
http://blog.stuartlewis.com/2008/08/18/test-ldap-service-upgraded-now-with-branches/

Thanks,


Stuart Lewis
IT Innovations Analyst and Developer
Te Tumu Herenga The University of Auckland Library
Auckland Mail Centre, Private Bag 92019, Auckland 1142, New Zealand
Ph: +64 (0)9 373 7599 x81928


On 26/06/2010, at 2:51 AM, Jason Nugent wrote:

> Hi folks,
> 
> Just to confirm, does DSpace perform a two step check and then bind for
> authentication?  I ask, because I've been talking to the fellow who has
> access to our LDAP server logs and he has informed me that it appears as
> though DSpace is attempting to bind with uid=jnugent,dc=unb,dc=ca, which
> is obviously incorrect.  What it *should* be doing is an initial search
> with (uid=jnugent) as a filter, using the
> ldap.search_user/search_password, and then retrieving the DN for my
> record and binding with that, and the supplied password.  In my case, my
> full DN is unbCaId=XXX,ou=people,dc=unb,dc=ca where XX is a
> unique string. Our users would never know what that string was.
> 
> It sounds as though the setting for ldap.object_context is involved in
> this, since it is appended to the ldap.id_field and username, but in my
> case, I'd want it appended to unbCaID=XX, not my uid=jnugent string.
> 
> Regards,
> 
> Jason
> -- 
> Jason Nugent
> Systems Programmer/Database Developer
> Electronic Text Centre
> University of New Brunswick
> jnug...@unb.ca
> (506) 447 3177
> 
> --
> ThinkGeek and WIRED's GeekDad team up for the Ultimate 
> GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the 
> lucky parental unit.  See the prize list and enter to win: 
> http://p.sf.net/sfu/thinkgeek-promo
> ___
> DSpace-tech mailing list
> DSpace-tech@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/dspace-tech




--
ThinkGeek and WIRED's GeekDad team up for the Ultimate 
GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the 
lucky parental unit.  See the prize list and enter to win: 
http://p.sf.net/sfu/thinkgeek-promo
___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech

Re: [Dspace-tech] LDAP Authentication generating Exception

[Flavio Botelho]

Looking at the code:
http://scm.dspace.org/svn/repo/dspace/tags/dspace-1.6.0/dspace-api/src/main/java/org/dspace/authenticate/LDAPHierarchicalAuthentication.java

The place where the problem is ocurring seems bizarre..
It is as if ldap.search_scope was not being found in the config file?

Kudos,
Flavio Botelho

On Thu, Jun 24, 2010 at 12:13 PM, Jason Nugent  wrote:
> Hi everyone,
>
> I am configuring a DSpace 1.6.0 instance to authenticate users to my
> LDAP server.  I believe I have the necessary configuration options in
> dspace.cfg specified correctly, but if I add
> org.dspace.authenticate.LDAPHierarchicalAuthentication to my
> Authentication stack, I receive a NullPointerException.  If I use the
> regular org.dspace.authenticate.LDAPAuthentication method, my logins do
> not work.
>
> My relevant bits of dspace.cfg:
>
> ldap.enable = true
> ldap.provider_url = ldaps://ldap.unb.ca/
> ldap.id_field = uid
> ldap.object_context = dc=unb,dc=ca
> ldap.search_context = dc=unb,dc=ca
> ldap.email_field = mail
> webui.ldap.autoregister = true
> ldap.search_scope = 2
> ldap.search.user = uid=authentication,dc=unb,dc=ca
> ldap.search.password = #
>
>
> For Hierarchical authentication, I receive the following stack trace:
>
> java.lang.NullPointerException
>        at
> org.dspace.authenticate.LDAPHierarchicalAuthentication$SpeakerToLDAP.getDNOfUser(LDAPHierarchicalAuthentication.java:381)
>        at
> org.dspace.authenticate.LDAPHierarchicalAuthentication.authenticate(LDAPHierarchicalAuthentication.java:212)
>        at
> org.dspace.authenticate.AuthenticationManager.authenticateInternal(AuthenticationManager.java:197)
>        at
> org.dspace.authenticate.AuthenticationManager.authenticate(AuthenticationManager.java:134)
>        at
> org.dspace.app.xmlui.utils.AuthenticationUtil.Authenticate(AuthenticationUtil.java:139)
>        at
> org.dspace.app.xmlui.aspect.eperson.LDAPAuthenticateAction.act(LDAPAuthenticateAction.java:100)
>
>
> When I switch back to the other method, I see this in dspace.log:
>
> 2010-06-24 12:09:36,234 INFO  org.dspace.authenticate.LDAPAuthentication
> @
> anonymous:session_id=C9E51723EA5FACD476F97B1300ABC5E8:ip_addr=131.202.32.219:auth:attempting
> trivial auth of user=jnugent
>
> 2010-06-24 12:09:36,234 DEBUG org.dspace.storage.rdbms.DatabaseManager @
> Running query "select * from eperson where netid = ? "  with parameters:
> jnugent
>
> 2010-06-24 12:09:37,233 WARN  org.dspace.authenticate.LDAPAuthentication
> @
> anonymous:session_id=C9E51723EA5FACD476F97B1300ABC5E8:ip_addr=131.202.32.219:ldap_authentication:type=failed_auth
> javax.naming.AuthenticationException\colon; [LDAP\colon; error code 32 -
> No Such Object]
>
> That's better, but now I am wondering why my LDAP server is returning No
> Such Object.  OpenLDAP's ldapsearch tool seems to correctly find my
> record, using the same command line arguments.  I am prompted for my
> authentication password for the authenticated search DN and find my
> jnugent record.
>
> ldapsearch -W -D uid=authentication,dc=unb,dc=ca -v -x -H
> ldaps://ldap.unb.ca  "(uid=jnugent)"
>
> Suggestions are appreciated.
>
> Regards,
>
> Jason
>
>
> --
> Jason Nugent
> Systems Programmer/Database Developer
> Electronic Text Centre
> University of New Brunswick
> jnug...@unb.ca
> (506) 447 3177
>
> --
> ThinkGeek and WIRED's GeekDad team up for the Ultimate
> GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the
> lucky parental unit.  See the prize list and enter to win:
> http://p.sf.net/sfu/thinkgeek-promo
> ___
> DSpace-tech mailing list
> DSpace-tech@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/dspace-tech
>

--
ThinkGeek and WIRED's GeekDad team up for the Ultimate 
GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the 
lucky parental unit.  See the prize list and enter to win: 
http://p.sf.net/sfu/thinkgeek-promo
___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech

Re: [Dspace-tech] LDAP Authentication generating Exception

[Jason Nugent]

Aha!  I now realize what it is.  The ldap.search_scope value is
commented out by default in the config file. I mistakenly believed that
this implied a default value of 2.  If you leave the value commented out
and enable Hierarchical LDAP authentication, you generate a
NullPointerException.

All appears to be well. Thanks everyone.

Jason

On 6/25/10 4:24 PM, Stuart Lewis wrote:
> Hi Jason,
> 
> DSpace ships with two LDAP options - LDAPAuthentication and 
> LDAPHeirarchicalAuthentication.
> 
> If all your users are in one branch of an ldap tree (e.g. they all exist in 
> ou=users,dc=unb,dc=ca) then you can use the former. This does not perform an 
> initial bind, it just binds to the user's DN using their credentials. If the 
> bind is successful then it allows the user to log in to DSpace.
> 
> If your users are scattered across many different branches, then you'll need 
> to use the LDAPHeirarchicalAuthentication option. This has extra settings in 
> dspace.cfg to set the DN and password of a user who has search rights across 
> the LDAP directory. DSpace will bind as that user and then perform a search 
> to find the DN of the user who is trying to log in. Once it finds that, it 
> then binds a second time to that DN, using the user's password.
> 
> Hopefully the comments in dspace.cfg will guide you through the different 
> settings. This blog post has some examples settings in that might help 
> demonstrate what you need to put in where:
> 
>  - 
> http://blog.stuartlewis.com/2008/08/18/test-ldap-service-upgraded-now-with-branches/
> 
> Thanks,
> 
> 
> Stuart Lewis
> IT Innovations Analyst and Developer
> Te Tumu Herenga The University of Auckland Library
> Auckland Mail Centre, Private Bag 92019, Auckland 1142, New Zealand
> Ph: +64 (0)9 373 7599 x81928
> 
> 
> On 26/06/2010, at 2:51 AM, Jason Nugent wrote:
> 
>> Hi folks,
>>
>> Just to confirm, does DSpace perform a two step check and then bind for
>> authentication?  I ask, because I've been talking to the fellow who has
>> access to our LDAP server logs and he has informed me that it appears as
>> though DSpace is attempting to bind with uid=jnugent,dc=unb,dc=ca, which
>> is obviously incorrect.  What it *should* be doing is an initial search
>> with (uid=jnugent) as a filter, using the
>> ldap.search_user/search_password, and then retrieving the DN for my
>> record and binding with that, and the supplied password.  In my case, my
>> full DN is unbCaId=XXX,ou=people,dc=unb,dc=ca where XX is a
>> unique string. Our users would never know what that string was.
>>
>> It sounds as though the setting for ldap.object_context is involved in
>> this, since it is appended to the ldap.id_field and username, but in my
>> case, I'd want it appended to unbCaID=XX, not my uid=jnugent string.
>>
>> Regards,
>>
>> Jason
>> -- 
>> Jason Nugent
>> Systems Programmer/Database Developer
>> Electronic Text Centre
>> University of New Brunswick
>> jnug...@unb.ca
>> (506) 447 3177
>>
>> --
>> ThinkGeek and WIRED's GeekDad team up for the Ultimate 
>> GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the 
>> lucky parental unit.  See the prize list and enter to win: 
>> http://p.sf.net/sfu/thinkgeek-promo
>> ___
>> DSpace-tech mailing list
>> DSpace-tech@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/dspace-tech
> 
> 
> 
> 

-- 
Jason Nugent
Systems Programmer/Database Developer
Electronic Text Centre
University of New Brunswick
jnug...@unb.ca
(506) 447 3177

--
ThinkGeek and WIRED's GeekDad team up for the Ultimate 
GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the 
lucky parental unit.  See the prize list and enter to win: 
http://p.sf.net/sfu/thinkgeek-promo
___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech

Re: [Dspace-tech] LDAP authentication stopped working

[helix84]

On Wed, May 4, 2011 at 15:20, Savage, Karen R.  wrote:
> I've had LDAP authentication working on my upgrade for the past couple of 
> months, but now I find that it's not working again. The only config change 
> I've made since I got it working is setting up the server to run through port 
> 8443. Would that affect authentication?

If you changed the port of your LDAP server, you need to use the
following format:

ldap://hostname:port/
or
ldaps://hostname:port/

If you mean you changed the port of your HTTP server, then no, it
wouldn't affect authentication.
In that case enable
true
and try to log in, this should display any errors in the ldap_*
functions called in the lib/Xerxes/authentication/LDAP.php file. That
should indicate the problem more closely.

Regards,
~~helix84

--
WhatsUp Gold - Download Free Network Management Software
The most intuitive, comprehensive, and cost-effective network 
management toolset available today.  Delivers lowest initial 
acquisition cost and overall TCO of any competing solution.
http://p.sf.net/sfu/whatsupgold-sd
___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech

Re: [Dspace-tech] LDAP authentication stopped working

[helix84]

On Wed, May 4, 2011 at 15:37, helix84  wrote:
> On Wed, May 4, 2011 at 15:20, Savage, Karen R.  
> wrote:
>> I've had LDAP authentication working on my upgrade for the past couple of 
>> months, but now I find that it's not working again. The only config change 
>> I've made since I got it working is setting up the server to run through 
>> port 8443. Would that affect authentication?
>
> If you changed the port of your LDAP server, you need to use the
> following format:
>
> ldap://hostname:port/
> or
> ldaps://hostname:port/

In this case, if you also changed your LDAP server to TLS, you need to
turn this on:
true

Please note that LDAPS and LDAP+TLS are two different things.

Regards,
~~helix84

--
WhatsUp Gold - Download Free Network Management Software
The most intuitive, comprehensive, and cost-effective network 
management toolset available today.  Delivers lowest initial 
acquisition cost and overall TCO of any competing solution.
http://p.sf.net/sfu/whatsupgold-sd
___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech

Re: [Dspace-tech] LDAP authentication stopped working

[helix84]

Please, disregard what I wrote so far. I didn't notice this came from
the DSpace mailing list, not the Xerxes one.

Karen, I assume you changed the port your webserver is listening on.
This shouldn't have any influence on LDAP authentication in DSpace.
Might any other change slip by at the same time?

Regards,
~~helix84

--
WhatsUp Gold - Download Free Network Management Software
The most intuitive, comprehensive, and cost-effective network 
management toolset available today.  Delivers lowest initial 
acquisition cost and overall TCO of any competing solution.
http://p.sf.net/sfu/whatsupgold-sd
___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech

Re: [Dspace-tech] LDAP authentication stopped working

[Savage, Karen R.]

Ah, that explains why I wasn't able to find any of the files you were
referring to. :)

Yes, I set it up to listen through port 8443 rather than 8080.

I'm the only admin making changes to this server at this time, and
switching to port 8443 is the only thing I remember doing since getting
LDAP running.

Our live 1.3 instance hasn't been affected, but I'll check with the LDAP
guy in IT to make sure there haven't been any changes made on their end.

Thanks,

Karen S.

On 5/4/11 9:51 AM, "helix84"  wrote:

>Please, disregard what I wrote so far. I didn't notice this came from
>the DSpace mailing list, not the Xerxes one.
>
>Karen, I assume you changed the port your webserver is listening on.
>This shouldn't have any influence on LDAP authentication in DSpace.
>Might any other change slip by at the same time?
>
>Regards,
>~~helix84


--
WhatsUp Gold - Download Free Network Management Software
The most intuitive, comprehensive, and cost-effective network 
management toolset available today.  Delivers lowest initial 
acquisition cost and overall TCO of any competing solution.
http://p.sf.net/sfu/whatsupgold-sd
___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech

Re: [Dspace-tech] LDAP authentication stopped working

[helix84]

On Wed, May 4, 2011 at 16:56, Savage, Karen R.  wrote:
> Our live 1.3 instance hasn't been affected, but I'll check with the LDAP
> guy in IT to make sure there haven't been any changes made on their end.

If the other instance works, then the mistake will probably be at your end.
Just copying over the ldap.* settings from your live instance to your
testing instance might fix the problem. At least I can't think of any
other config option which would break your LDAP. If that's not the
problem, that of course leaves connectivity and firewall issues.

Regards,
~~helix84

--
WhatsUp Gold - Download Free Network Management Software
The most intuitive, comprehensive, and cost-effective network 
management toolset available today.  Delivers lowest initial 
acquisition cost and overall TCO of any competing solution.
http://p.sf.net/sfu/whatsupgold-sd
___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech

Re: [Dspace-tech] LDAP authentication stopped working

[Savage, Karen R.]

I think I've figured it out. As part of switching over to port 8443, I
copied the certificate from the old server to the new one. The certificate
is in the name of the alias, which hasn't yet been set to point to the new
server, so as far as the LDAP server is concerned, it's invalid.

Karen S.

On 5/4/11 10:03 AM, "helix84"  wrote:

>On Wed, May 4, 2011 at 16:56, Savage, Karen R. 
>wrote:
>> Our live 1.3 instance hasn't been affected, but I'll check with the LDAP
>> guy in IT to make sure there haven't been any changes made on their end.
>
>If the other instance works, then the mistake will probably be at your
>end.
>Just copying over the ldap.* settings from your live instance to your
>testing instance might fix the problem. At least I can't think of any
>other config option which would break your LDAP. If that's not the
>problem, that of course leaves connectivity and firewall issues.
>
>Regards,
>~~helix84


--
WhatsUp Gold - Download Free Network Management Software
The most intuitive, comprehensive, and cost-effective network 
management toolset available today.  Delivers lowest initial 
acquisition cost and overall TCO of any competing solution.
http://p.sf.net/sfu/whatsupgold-sd
___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech

Re: [Dspace-tech] LDAP authentication stopped working

[helix84]

On Mon, May 9, 2011 at 16:14, Savage, Karen R.  wrote:
> I think I've figured it out. As part of switching over to port 8443, I
> copied the certificate from the old server to the new one. The certificate
> is in the name of the alias, which hasn't yet been set to point to the new
> server, so as far as the LDAP server is concerned, it's invalid.

Thanks for sharing back the solution. Did you spot the problem in a
log file or otherwise?

Regards,
~~helix84

--
WhatsUp Gold - Download Free Network Management Software
The most intuitive, comprehensive, and cost-effective network 
management toolset available today.  Delivers lowest initial 
acquisition cost and overall TCO of any competing solution.
http://p.sf.net/sfu/whatsupgold-sd
___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech

Re: [Dspace-tech] LDAP authentication in v3

[helix84]

On Wed, Feb 6, 2013 at 8:57 PM, Poulter, Dale
 wrote:
> We have Dspace 3.0 up and running well.  We have been able to get the LDAP
> authentication to work but it does not pull in any of the attributes (email,
> name, etc.).  I have confirmed that our mapping email_field = mail is
> correct as far as the ldap server is concerned.  Has anyone else experienced
> this issue?  Thanks.

Hi Dale, do you have autoregister = true in authentication-ldap.cfg?


Regards,
~~helix84

Compulsory reading: DSpace Mailing List Etiquette
https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

--
Free Next-Gen Firewall Hardware Offer
Buy your Sophos next-gen firewall before the end March 2013 
and get the hardware for free! Learn more.
http://p.sf.net/sfu/sophos-d2d-feb
___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

Re: [Dspace-tech] LDAP authentication in v3

[helix84]

Do you need and have search_scope = 2?

It would be easier if you pasted your authentication-ldap.cfg here.


Regards,
~~helix84

Compulsory reading: DSpace Mailing List Etiquette
https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

--
Free Next-Gen Firewall Hardware Offer
Buy your Sophos next-gen firewall before the end March 2013 
and get the hardware for free! Learn more.
http://p.sf.net/sfu/sophos-d2d-feb
___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

Re: [Dspace-tech] LDAP authentication in v3

[Poulter, Dale]

Yes,


autoregister = true

-Original Message-
From: ivan.ma...@gmail.com [mailto:ivan.ma...@gmail.com] On Behalf Of helix84
Sent: Wednesday, February 06, 2013 2:37 PM
To: Poulter, Dale
Cc: Dspace-tech@lists.sourceforge.net
Subject: Re: [Dspace-tech] LDAP authentication in v3

On Wed, Feb 6, 2013 at 8:57 PM, Poulter, Dale  
wrote:
> We have Dspace 3.0 up and running well.  We have been able to get the 
> LDAP authentication to work but it does not pull in any of the 
> attributes (email, name, etc.).  I have confirmed that our mapping 
> email_field = mail is correct as far as the ldap server is concerned.  
> Has anyone else experienced this issue?  Thanks.

Hi Dale, do you have autoregister = true in authentication-ldap.cfg?


Regards,
~~helix84

Compulsory reading: DSpace Mailing List Etiquette 
https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

--
Free Next-Gen Firewall Hardware Offer
Buy your Sophos next-gen firewall before the end March 2013 
and get the hardware for free! Learn more.
http://p.sf.net/sfu/sophos-d2d-feb
___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

Re: [Dspace-tech] LDAP authentication in v3

[Poulter, Dale]

# Hierarchical LDAP Settings #

# If your users are spread out across a hierarchical tree on your
# LDAP server, you will need to search the tree to find the full DN of
# the user who is logging in.
#
# * If anonymous search is allowed on your LDAP server, you will need to set
#   search.anonymous = true
# * If not, you will need to specify the full DN and password of a 
#   user that is allowed to bind in order to search for the users.
# * If neither search.anonymous is true, nor search.user is specified,
#   LDAP will not do the hierarchical search for a DN and will assume
#   a flat directory structure.

# This is the optional search scope value for the LDAP search during
# autoregistering. This will depend on your LDAP server setup.
# This value must be one of the following integers corresponding
# to the following values:
# object scope : 0
# one level scope : 1
# subtree scope : 2
search_scope = 2

# If true, the initial bind will be performed anonymously.
search.anonymous = false

# The full DN and password of a user allowed to connect to the LDAP server
# and search for the DN of the user trying to log in.
#search.user = cn=admin,ou=people,o=myu.edu
#search.password = password



# If your LDAP server does not hold an email address for a user, you can use
# the following field to specify your email domain. This value is appended
# to the netid in order to make an email address. E.g. a netid of 'user' and
# netid_email_domain as '@example.com' would set the email of the user
# to be 'u...@example.com
#netid_email_domain = @example.com

-Original Message-
From: ivan.ma...@gmail.com [mailto:ivan.ma...@gmail.com] On Behalf Of helix84
Sent: Wednesday, February 06, 2013 2:51 PM
To: Poulter, Dale
Cc: Dspace-tech@lists.sourceforge.net
Subject: Re: [Dspace-tech] LDAP authentication in v3

Do you need and have search_scope = 2?

It would be easier if you pasted your authentication-ldap.cfg here.


Regards,
~~helix84

Compulsory reading: DSpace Mailing List Etiquette 
https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

--
Free Next-Gen Firewall Hardware Offer
Buy your Sophos next-gen firewall before the end March 2013 
and get the hardware for free! Learn more.
http://p.sf.net/sfu/sophos-d2d-feb
___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

Re: [Dspace-tech] LDAP authentication in v3

[helix84]

I assume you do have search.user/password set.

Nothing in your config strikes me as odd. So if you look at the
eperson table on the row that was just added, what are the values of
the individual fields?


Regards,
~~helix84

Compulsory reading: DSpace Mailing List Etiquette
https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

--
Free Next-Gen Firewall Hardware Offer
Buy your Sophos next-gen firewall before the end March 2013 
and get the hardware for free! Learn more.
http://p.sf.net/sfu/sophos-d2d-feb
___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

Re: [Dspace-tech] LDAP authentication in v3

[Poulter, Dale]

It adds the username null and the remaining fields are empty.

Sent from iphone


On Feb 6, 2013, at 3:16 PM, "helix84"  wrote:

> I assume you do have search.user/password set.
> 
> Nothing in your config strikes me as odd. So if you look at the
> eperson table on the row that was just added, what are the values of
> the individual fields?
> 
> 
> Regards,
> ~~helix84
> 
> Compulsory reading: DSpace Mailing List Etiquette
> https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
> 


--
Free Next-Gen Firewall Hardware Offer
Buy your Sophos next-gen firewall before the end March 2013 
and get the hardware for free! Learn more.
http://p.sf.net/sfu/sophos-d2d-feb
___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

Re: [Dspace-tech] LDAP authentication in v3

[Poulter, Dale]

After doing some additional research and testing it appears that a missing "/" 
at the end of the provider was causing the problem.  What is so perplexing is 
that it was still authenticating but just not bringing in the data.  

Thanks for the help.

-Original Message-
From: ivan.ma...@gmail.com [mailto:ivan.ma...@gmail.com] On Behalf Of helix84
Sent: Wednesday, February 06, 2013 3:16 PM
To: Poulter, Dale
Cc: Dspace-tech@lists.sourceforge.net
Subject: Re: [Dspace-tech] LDAP authentication in v3

I assume you do have search.user/password set.

Nothing in your config strikes me as odd. So if you look at the eperson table 
on the row that was just added, what are the values of the individual fields?


Regards,
~~helix84

Compulsory reading: DSpace Mailing List Etiquette 
https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

--
Free Next-Gen Firewall Hardware Offer
Buy your Sophos next-gen firewall before the end March 2013 
and get the hardware for free! Learn more.
http://p.sf.net/sfu/sophos-d2d-feb
___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

Re: [Dspace-tech] LDAP authentication in v3

[M. Àngels Pulido]

  
  
Hello Dale,
I recently had a similar problem with ldap hierarchical. But we have
Dspace 1.7.2. I do not know the version 3.0 but... we fixed the
problem filling this parameter in dspace.cfg:
ldap.netid_email_domain = @ uvic.cat (your domain)
But do not know if this parameter is also in version 3.0
I hope I can help !

El 07/02/2013 2:34, Poulter, Dale
  escribió:


  After doing some additional research and testing it appears that a missing "/" at the end of the provider was causing the problem.  What is so perplexing is that it was still authenticating but just not bringing in the data.  

Thanks for the help.

-Original Message-
From: ivan.ma...@gmail.com [mailto:ivan.ma...@gmail.com] On Behalf Of helix84
Sent: Wednesday, February 06, 2013 3:16 PM
To: Poulter, Dale
Cc: Dspace-tech@lists.sourceforge.net
Subject: Re: [Dspace-tech] LDAP authentication in v3

I assume you do have search.user/password set.

Nothing in your config strikes me as odd. So if you look at the eperson table on the row that was just added, what are the values of the individual fields?


Regards,
~~helix84

Compulsory reading: DSpace Mailing List Etiquette https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

--
Free Next-Gen Firewall Hardware Offer
Buy your Sophos next-gen firewall before the end March 2013 
and get the hardware for free! Learn more.
http://p.sf.net/sfu/sophos-d2d-feb
___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette




-- 
  
M. Àngels Pulido Medina
  Biblioteca - Servei de Recursos
Informàtics
  
  Universitat de Vic
  C. Sagrada Família, 7
  08500 Vic
  Tel. 938 816 170 (8333)
  m.angels.pul...@uvic.cat 
  www.uvic.cat
  

  

--
Free Next-Gen Firewall Hardware Offer
Buy your Sophos next-gen firewall before the end March 2013 
and get the hardware for free! Learn more.
http://p.sf.net/sfu/sophos-d2d-feb___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

Re: [Dspace-tech] LDAP authentication in v3

[Hilton Gibson]

Perhaps this will help:
http://wiki.lib.sun.ac.za/index.php/SUNScholar/User_Management



On 7 February 2013 09:35, "M. Àngels Pulido" wrote:

>  Hello Dale,
> I recently had a similar problem with ldap hierarchical. But we have
> Dspace 1.7.2. I do not know the version 3.0 but... we fixed the problem
> filling this parameter in dspace.cfg:
> ldap.netid_email_domain = @ uvic.cat (your domain)
> But do not know if this parameter is also in version 3.0
> I hope I can help !
>
> El 07/02/2013 2:34, Poulter, Dale escribió:
>
> After doing some additional research and testing it appears that a missing 
> "/" at the end of the provider was causing the problem.  What is so 
> perplexing is that it was still authenticating but just not bringing in the 
> data.
>
> Thanks for the help.
>
> -Original Message-
> From: ivan.ma...@gmail.com [mailto:ivan.ma...@gmail.com 
> ] On Behalf Of helix84
> Sent: Wednesday, February 06, 2013 3:16 PM
> To: Poulter, Dale
> Cc: Dspace-tech@lists.sourceforge.net
> Subject: Re: [Dspace-tech] LDAP authentication in v3
>
> I assume you do have search.user/password set.
>
> Nothing in your config strikes me as odd. So if you look at the eperson table 
> on the row that was just added, what are the values of the individual fields?
>
>
> Regards,
> ~~helix84
>
> Compulsory reading: DSpace Mailing List Etiquette 
> https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
>
> --
> Free Next-Gen Firewall Hardware Offer
> Buy your Sophos next-gen firewall before the end March 2013
> and get the hardware for free! Learn more.http://p.sf.net/sfu/sophos-d2d-feb
> ___
> DSpace-tech mailing 
> listDSpace-tech@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/dspace-tech
> List Etiquette: 
> https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
>
>
> --
>
> *M. Àngels Pulido Medina*
> Biblioteca - Servei de Recursos Informàtics
> [image: Logo UVic]
> *Universitat de Vic*
> C. Sagrada Família, 7
> 08500 Vic
> Tel. 938 816 170 (8333)
> m.angels.pul...@uvic.cat
> *www.uvic.cat*
>
>
> --
> Free Next-Gen Firewall Hardware Offer
> Buy your Sophos next-gen firewall before the end March 2013
> and get the hardware for free! Learn more.
> http://p.sf.net/sfu/sophos-d2d-feb
> ___
> DSpace-tech mailing list
> DSpace-tech@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/dspace-tech
> List Etiquette:
> https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
>



-- 
*Hilton Gibson*
Systems Administrator
JS Gericke Library
Room 1025D
Stellenbosch University
Private Bag X5036
Stellenbosch
7599
South Africa

Tel: +27 21 808 4100 | Cell: +27 84 646 4758
http://library.sun.ac.za
http://scholar.sun.ac.za
http://ar1.sun.ac.za
http://aj1.sun.ac.za
<>--
Free Next-Gen Firewall Hardware Offer
Buy your Sophos next-gen firewall before the end March 2013 
and get the hardware for free! Learn more.
http://p.sf.net/sfu/sophos-d2d-feb___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

Re: [Dspace-tech] LDAP authentication in v3

[helix84]

On Thu, Feb 7, 2013 at 2:34 AM, Poulter, Dale
 wrote:
> After doing some additional research and testing it appears that a missing 
> "/" at the end of the provider was causing the problem.  What is so 
> perplexing is that it was still authenticating but just not bringing in the 
> data.

Hi Dale, I'm glad to hear that you were able to solve it. Could you
please file a Jira issue so that we don't forget to look at it and try
to fix it later? Thanks.


Regards,
~~helix84

Compulsory reading: DSpace Mailing List Etiquette
https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

--
Free Next-Gen Firewall Hardware Offer
Buy your Sophos next-gen firewall before the end March 2013 
and get the hardware for free! Learn more.
http://p.sf.net/sfu/sophos-d2d-feb
___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

Re: [Dspace-tech] LDAP Authentication - login.specialgroup property

[helix84]

I already answered your question here:

http://dspace.2283337.n4.nabble.com/Adding-e-people-into-groups-automatically-td4675556.html

Can you specify what exactly doesn't seem to work?


Regards,
~~helix84

Compulsory reading: DSpace Mailing List Etiquette
https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

--
Dive into the World of Parallel Programming! The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net
___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

Re: [Dspace-tech] LDAP Authentication - login.specialgroup property

[Nada Abo-Eita]

Hi helix,

I did exactly what you mentioned here
http://dspace.2283337.n4.nabble.com/Adding-e-people-into-groups-automatically-td4675556.html

Based on my changes if any user log in to dspace then they should become a
member of the specified group in login.specialgroup property in my case
(students group).   [ This is how it should be ]

But what happened with me, the user log in to dspace fine* but without*
being a member of the students group [ My problem ].

I hope its clear now.


Regards,

Nada Abo-Eita



On Wed, Jan 7, 2015 at 1:34 PM, helix84  wrote:

> I already answered your question here:
>
>
> http://dspace.2283337.n4.nabble.com/Adding-e-people-into-groups-automatically-td4675556.html
>
> Can you specify what exactly doesn't seem to work?
>
>
> Regards,
> ~~helix84
>
> Compulsory reading: DSpace Mailing List Etiquette
> https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
>
--
Dive into the World of Parallel Programming! The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

Re: [Dspace-tech] LDAP Authentication - login.specialgroup property

[Hilton Gibson]

Hi All

When using LDAP auth, does membership rely on the "auto-register" config
setting?

Cheers

hg

*Hilton Gibson*
Ubuntu Linux Systems Administrator
JS Gericke Library
Room 1025C
Stellenbosch University
Private Bag X5036
Stellenbosch
7599
South Africa

Tel: +27 21 808 4100 | Cell: +27 84 646 4758

On 7 January 2015 at 13:06, Nada Abo-Eita  wrote:

> Hi helix,
>
> I did exactly what you mentioned here
>
> http://dspace.2283337.n4.nabble.com/Adding-e-people-into-groups-automatically-td4675556.html
>
> Based on my changes if any user log in to dspace then they should become a
> member of the specified group in login.specialgroup property in my case
> (students group).   [ This is how it should be ]
>
> But what happened with me, the user log in to dspace fine* but without*
> being a member of the students group [ My problem ].
>
> I hope its clear now.
>
>
> Regards,
>
> Nada Abo-Eita
>
>
>
> On Wed, Jan 7, 2015 at 1:34 PM, helix84  wrote:
>
>> I already answered your question here:
>>
>>
>> http://dspace.2283337.n4.nabble.com/Adding-e-people-into-groups-automatically-td4675556.html
>>
>> Can you specify what exactly doesn't seem to work?
>>
>>
>> Regards,
>> ~~helix84
>>
>> Compulsory reading: DSpace Mailing List Etiquette
>> https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
>>
>
>
>
> --
> Dive into the World of Parallel Programming! The Go Parallel Website,
> sponsored by Intel and developed in partnership with Slashdot Media, is
> your
> hub for all things parallel software development, from weekly thought
> leadership blogs to news, videos, case studies, tutorials and more. Take a
> look and join the conversation now. http://goparallel.sourceforge.net
> ___
> DSpace-tech mailing list
> DSpace-tech@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/dspace-tech
> List Etiquette:
> https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
>
--
Dive into the World of Parallel Programming! The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

Re: [Dspace-tech] LDAP Authentication - login.specialgroup property

[helix84]

The way it works is anyone who can log in to LDAP can log into DSpace
and then is assigned the specialgroup.

If you want only those who are students in LDAP to be able to log into
DSpace, that's a different matter. There are two ways how your group
information may be stored in LDAP: if your DN is something like
"uid=username,o=org,dc=Students" then the group information is stored
in DN. You can limit logins only for this group using:
provider_url = ldap://ldap.example.com/o=org,dc=Students
If, OTOH, your user group is stored in an attribute (e.g.
group=Students), then you can apply a filter:
provider_url = ldap://ldap.example.com/???(group=Students)
(I haven't tested this second example).


Regards,
~~helix84

Compulsory reading: DSpace Mailing List Etiquette
https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

--
Dive into the World of Parallel Programming! The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net
___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

Re: [Dspace-tech] LDAP Authentication - login.specialgroup property

[Hilton Gibson]

Hi Helix

So this all depends on the quality of the metadata in the LDAP tree/server.
Is it possible to map an LDAP filter to a group in DSpace?
Assuming you only have one LDAP server to refer to, not a separate staff
and student LDAP server, just one.

Cheers

hg

*Hilton Gibson*
Ubuntu Linux Systems Administrator
JS Gericke Library
Room 1025C
Stellenbosch University
Private Bag X5036
Stellenbosch
7599
South Africa

Tel: +27 21 808 4100 | Cell: +27 84 646 4758

On 7 January 2015 at 13:28, helix84  wrote:

> The way it works is anyone who can log in to LDAP can log into DSpace
> and then is assigned the specialgroup.
>
> If you want only those who are students in LDAP to be able to log into
> DSpace, that's a different matter. There are two ways how your group
> information may be stored in LDAP: if your DN is something like
> "uid=username,o=org,dc=Students" then the group information is stored
> in DN. You can limit logins only for this group using:
> provider_url = ldap://ldap.example.com/o=org,dc=Students
> If, OTOH, your user group is stored in an attribute (e.g.
> group=Students), then you can apply a filter:
> provider_url = ldap://ldap.example.com/???(group=Students)
> (I haven't tested this second example).
>
>
> Regards,
> ~~helix84
>
> Compulsory reading: DSpace Mailing List Etiquette
> https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
>
>
> --
> Dive into the World of Parallel Programming! The Go Parallel Website,
> sponsored by Intel and developed in partnership with Slashdot Media, is
> your
> hub for all things parallel software development, from weekly thought
> leadership blogs to news, videos, case studies, tutorials and more. Take a
> look and join the conversation now. http://goparallel.sourceforge.net
> ___
> DSpace-tech mailing list
> DSpace-tech@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/dspace-tech
> List Etiquette:
> https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
>
--
Dive into the World of Parallel Programming! The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

Re: [Dspace-tech] LDAP Authentication - login.specialgroup property

[helix84]

On Wed, Jan 7, 2015 at 1:33 PM, Hilton Gibson  wrote:
> Is it possible to map an LDAP filter to a group in DSpace?

Yes, both a filter and an attribute:
https://github.com/DSpace/DSpace/blob/dspace-5.0-rc3/dspace/config/modules/authentication-ldap.cfg#L150-168

> Assuming you only have one LDAP server to refer to, not a separate staff and
> student LDAP server, just one.

Correct, that's how it works.

But as I understood Nada's request, they want to allow only students
to log in. Not just put students to a DSpace group. That's why I
suggested the solution which changes provider_url.


Regards,
~~helix84

Compulsory reading: DSpace Mailing List Etiquette
https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

--
Dive into the World of Parallel Programming! The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net
___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

Re: [Dspace-tech] LDAP Authentication - login.specialgroup property

[helix84]

On Wed, Jan 7, 2015 at 1:56 PM, helix84  wrote:
> On Wed, Jan 7, 2015 at 1:33 PM, Hilton Gibson  wrote:
>> Is it possible to map an LDAP filter to a group in DSpace?
>
> Yes, both a filter and an attribute:
> https://github.com/DSpace/DSpace/blob/dspace-5.0-rc3/dspace/config/modules/authentication-ldap.cfg#L150-168

Eh, sorry, that wasn't correct. Not a filter in the LDAP sense.
Filters are an expression on a set of attributes, you can't do that
with the code currently available. But you can match either a part of
the DN or an attribute.


Regards,
~~helix84

Compulsory reading: DSpace Mailing List Etiquette
https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

--
Dive into the World of Parallel Programming! The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net
___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

Re: [Dspace-tech] LDAP authentication mail attribute issue

[Olivier Nicole]

Hi,

> I am using LDAP authentication for autoregister.
>
> DSpace can communicate with LDAP server and get mail value independently.
>
> When I configure ldap to match email_field = mail, it doesn't work.
> However, it is working as phone_field = mail.
>
> I can not understand and find any post related to this issue.
>
> I hope someone can help me to figure out it.

I had that same problem one month ago, the answer given to me wasa:

As for the "email" field problem. There was a known bug regarding
this in DSpace 3 and 4. It's now been fixed in DSpace 5. Here's the info
on that problem: https://jira.duraspace.org/browse/DS-1781

I applied the patch, "mvn -U clean package" in [dspace source] and "ant
update" and restart tomcat.

Best regards,

Olivier

--
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

Re: [Dspace-tech] Ldap authentication on Dspace142 with cn attribute

[Zafeiropoulos Dionisis]

Excuse me for resending the previous message but i used wrong mail adress. 
I am subscriber with the mail [EMAIL PROTECTED] (not that appeared on the 
previous message).
Please consider the following message
 Thanks again.
  - Original Message - 
  From: Zafeiropoulos Dionisis 
  To: dspace-tech@lists.sourceforge.net 
  Cc: [EMAIL PROTECTED] ; [EMAIL PROTECTED] 
  Sent: Sunday, July 01, 2007 11:11 PM
  Subject: Ldap authentication on Dspace142 with cn attribute


  Hello everybody,
  I am resending my message as a subcriber(with current mail).

  We have succesfully installed Dspace 142 and we are trying to do ldap 
  authentication on behalf of Hellenic Open University.

  Our ldap directory contains users with their cn and under user's cn there 
  are attributes(uid,sn,pwd, mailadress,)
  Our ldap tree contains users like,

  CN = Zafeiropoulos Dionisis C,O=directory
  Attribute: mailaddress [EMAIL PROTECTED]
  Attribute: uid=zafeirdio
  Attribute: pwd=
  Attribute: givenname = ( . )
  Attribute: 

  CN=KARAISKAKIS DIONYSIS T,O=directory
  Attribute: mailaddress = ( [EMAIL PROTECTED] )

  Attribute: uid=zafeirdio
  Attribute: pwd=
  Attribute: givenname = ( . )
  Attribute: 

  So when i am trying to setup the LDAP authentication the olny way it works,
   is giving in dspace.cfg in LDAP authentications settings,
  ldap.id_field = cn

  so on in dsapce login page i have to write in the field
  Username
  or Email address:
  KARAISKAKIS DIONYSIS T

  (the full cn, with email or uid it doesnt works.)

  How can i define ldap.id_field in order to do authentication using uid or 
  mailladrees(attributes of every user's CN).

  I would be very gratefull if you could help us.

  Dionisis Zafeiropoulos-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech

Re: [Dspace-tech] ldap authentication after upgrade 1.8 to 3.2

[Hilton Gibson]

Hi Erik

I also had problems during an upgrade from 1.8.2 to 3.2 and have documented
fixes here:
http://wiki.lib.sun.ac.za/index.php/SUNScholar/Upgrading/DSpace/Release_Notes/3.2
One of them was LDAP authentication.

Regards

*Hilton Gibson*
Ubuntu Linux Systems Administrator
JS Gericke Library
Room 1025D
Stellenbosch University
Private Bag X5036
Stellenbosch
7599
South Africa

Tel: +27 21 808 4100 | Cell: +27 84 646 4758
http://scholar.sun.ac.za
http://bit.ly/goodir
http://library.sun.ac.za
http://za.linkedin.com/in/hiltongibson


On 14 February 2014 01:16, Erik Guss  wrote:

> Hello,
> I upgraded from 1.8.2 to 3.2. The ldap new user registration was not
> working properly after the upgrade. A new user could authenticate, and
> was registered, but the ldap attributes would not populate
> (sn,givenname,mail). Existing users were unaffected.
>
> I was not using ldap-hierarchical, and so the changes for ldap in the
> upgrade notes did not apply to me.
>
> I tried adding a search.user and search.password hoping it would then
> look up the attributes and got partial results, the mail attribute came
> through, but the sn and givenname still did not.
>
> I looked in dspace.log and there was no error, see below for log
> details.
>
> I then reverted to dspace 1.8.2 (with no ldap-hierarchical) and verified
> that the new users do correctly auto-register with their mail, sn,
> givenname attributes populated on the old codebase.
>
> Perhaps this is a bug introduced with the new combining of
> ldap-hierarchical and ldap authn methods.
>
> Thanks for any insight.
>
> Erik
>
> from version 3.2 dspace.log 
> 2014-02-13 11:28:54,045 INFO  org.dspace.authenticate.LDAPAuthentication
> @
> anonymous:session_id=71264F4ADB19C9EC393AB4AD5D588B3D:ip_addr=153.90.170.8:auth:attempting
> trivial auth of user=h51
> 2014-02-13 11:28:54,097 INFO  org.dspace.authenticate.LDAPAuthentication
> @
> anonymous:session_id=71264F4ADB19C9EC393AB4AD5D588B3D:ip_addr=153.90.170.8:
> autoregister:netid=h51
> 2014-02-13 11:28:54,100 INFO  org.dspace.eperson.EPerson @
> anonymous:session_id=71264F4ADB19C9EC393AB4AD5D588B3D:ip_addr=153.90.170.8:
> create_eperson:eperson_id=69
> 2014-02-13 11:28:54,101 INFO  org.dspace.eperson.EPerson @
> anonymous:session_id=71264F4ADB19C9EC393AB4AD5D588B3D:ip_addr=153.90.170.8:
> update_eperson:eperson_id=69
> 2014-02-13 11:28:54,583 INFO  org.dspace.eperson.EPersonConsumer @
> anonymous:session_id=71264F4ADB19C9EC393AB4AD5D588B3D:ip_addr=153.90.170.8:
> registerion_alert:user=h51null
> 2014-02-13 11:28:54,584 INFO  org.dspace.authenticate.LDAPAuthentication
> @
>
> h51null:session_id=71264F4ADB19C9EC393AB4AD5D588B3D:ip_addr=153.90.170.8:authenticate:type=ldap-login,
> created ePerson
> 2014-02-13 11:28:54,584 INFO
> org.dspace.app.xmlui.utils.AuthenticationUtil @
>
> h51null:session_id=71264F4ADB19C9EC393AB4AD5D588B3D:ip_addr=153.90.170.8:
> login:type=explicit
> 2014-02-13 11:28:54,670 INFO
> org.dspace.app.xmlui.aspect.artifactbrowser.CommunityBrowser @
>
> h51null:session_id=71264F4ADB19C9EC393AB4AD5D588B3D:ip_addr=153.90.170.8:
> view_community_list:
>
>
>
>
> --
> Android apps run on BlackBerry 10
> Introducing the new BlackBerry 10.2.1 Runtime for Android apps.
> Now with support for Jelly Bean, Bluetooth, Mapview and more.
> Get your Android app in front of a whole new audience.  Start now.
>
> http://pubads.g.doubleclick.net/gampad/clk?id=124407151&iu=/4140/ostg.clktrk
> ___
> DSpace-tech mailing list
> DSpace-tech@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/dspace-tech
> List Etiquette:
> https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
>
--
Android apps run on BlackBerry 10
Introducing the new BlackBerry 10.2.1 Runtime for Android apps.
Now with support for Jelly Bean, Bluetooth, Mapview and more.
Get your Android app in front of a whole new audience.  Start now.
http://pubads.g.doubleclick.net/gampad/clk?id=124407151&iu=/4140/ostg.clktrk___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

Re: [Dspace-tech] ldap authentication after upgrade 1.8 to 3.2

[helix84]

Hi Erik,

what does your LDAP configuration look like?

Which field do you use as the user identifier and do you use a suffix
(@example.com)?


Regards,
~~helix84

Compulsory reading: DSpace Mailing List Etiquette
https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

--
Android apps run on BlackBerry 10
Introducing the new BlackBerry 10.2.1 Runtime for Android apps.
Now with support for Jelly Bean, Bluetooth, Mapview and more.
Get your Android app in front of a whole new audience.  Start now.
http://pubads.g.doubleclick.net/gampad/clk?id=124407151&iu=/4140/ostg.clktrk
___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

Re: [Dspace-tech] ldap authentication for dspace requiringnon-anonymous DN bind

[Stuart Lewis]

Hi Jeffrey,

> I¹ve set up dspace on a Windows server and am trying to set up the ldap
> authentication. I followed all the instructions, but it doesn¹t work. Our ldap
> server requires non-anonymous DN for searching, but in the dspace.cfg, there¹s
> no such an entry. How can I add this DN login and the password entries?

This patch should do what you want:

https://sourceforge.net/tracker/index.php?func=detail&aid=1597831&group_id=1
9984&atid=319984

Thanks,


Stuart
_

Gwasanaethau Gwybodaeth  Information Services
Prifysgol Aberystwyth  Aberystwyth University

E-bost / E-mail: [EMAIL PROTECTED]
 Ffon / Tel: (01970) 622860
_


-
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference 
Don't miss this year's exciting event. There's still time to save $100. 
Use priority code J8TL2D2. 
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech

Re: [Dspace-tech] LDAP Authentication (Hierarchical) - Dspace 3.0 (No DN found for user)

[helix84]

The first strange thing from the get-go is that
LDAPHierarchicalAuthentication which you're using is no longer in
DSpace 3.0, its functionality has been integrated into
LDAPAuthentication. So you probably used the old class with the new
code. This should work, assuming you compiled it
(LDAPHierarchicalAuthentication.java) in the new codebase. If you
decide to go use the new LDAPAuthentication class, you should set
search.anonymous = false (I'm not sure what the default is if it's not
set).

About "no DN found for user" - this is printed when the admin user's
DN cannot be found in the LDAP directory. This means that either
search.user/search.password is wrong or connection to LDAP couldn't be
established (provider_url et al).

Try the new LDAPAuthentication class first. Details are in the upgrading notes.


Regards,
~~helix84

Compulsory reading: DSpace Mailing List Etiquette
https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

--
Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
MVPs and experts. ON SALE this month only -- learn more at:
http://p.sf.net/sfu/learnmore_122712
___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

Re: [Dspace-tech] LDAP Authentication (Hierarchical) - Dspace 3.0 (No DN found for user)

[mErRYo]

Thanks Helix as this resolved my query. 

--- On Thu, 1/17/13, helix84  wrote:

> From: helix84 
> Subject: Re: [Dspace-tech] LDAP Authentication (Hierarchical) - Dspace 3.0 
> (No DN found for user)
> To: "mErRYo" 
> Cc: dspace-tech@lists.sourceforge.net
> Date: Thursday, January 17, 2013, 5:57 PM
> The first strange thing from the
> get-go is that
> LDAPHierarchicalAuthentication which you're using is no
> longer in
> DSpace 3.0, its functionality has been integrated into
> LDAPAuthentication. So you probably used the old class with
> the new
> code. This should work, assuming you compiled it
> (LDAPHierarchicalAuthentication.java) in the new codebase.
> If you
> decide to go use the new LDAPAuthentication class, you
> should set
> search.anonymous = false (I'm not sure what the default is
> if it's not
> set).
> 
> About "no DN found for user" - this is printed when the
> admin user's
> DN cannot be found in the LDAP directory. This means that
> either
> search.user/search.password is wrong or connection to LDAP
> couldn't be
> established (provider_url et al).
> 
> Try the new LDAPAuthentication class first. Details are in
> the upgrading notes.
> 
> 
> Regards,
> ~~helix84
> 
> Compulsory reading: DSpace Mailing List Etiquette
> https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
> 

--
Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
MVPs and experts. SALE $99.99 this month only -- learn more at:
http://p.sf.net/sfu/learnmore_122412
___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

Re: [Dspace-tech] LDAP authentication failing with: [LDAP\colon; error code 49 - Invalid Credentials]

[helix84]

Hi Darren,

I don't think this can be DSpace's fault. Although DSpace can create
an eperson on the first login via LDAP (if autoregister is set to
true), it only means that a row in the eperson table is created. The
password is not stored in DSpace and the user is always authenticated
by trying to bind to LDAP with the specified username/password.

If I were you, I'd take a look at your LDAP infrastructure. If you
have some kind of replication set up or if you're using custom code to
change the password in multiple systems (LDAP being just one of them),
the changed password may not yet have propagated to the LDAP server
DSpace uses. So try to bind the user using e.g. the ldapsearch utility
or any other LDAP client. My bet is that the LDAP server still has the
old password.


Regards,
~~helix84

Compulsory reading: DSpace Mailing List Etiquette
https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

--
Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
MVPs and experts. ON SALE this month only -- learn more at:
http://p.sf.net/sfu/learnnow-d2d
___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

Re: [Dspace-tech] LDAP authentication failing with: [LDAP\colon; error code 49 - Invalid Credentials]

[Darren Arsenault]

Hi Helix,

Weirder and weirder. I just changed my credentials so that I could recreate the 
error without the assistance of the affected user, and I cannot recreate the 
error. The new credentials work fine for me, and my old credentials do not. 
This user still has the issue in DSpace, yet they can access other systems 
without error. I have not written any code for storing, saving, or manipulating 
passwords in DSpace, and the only place in the database that I am aware stores 
a password is the eperson table, which I have ensured is blank. 

I have checked with the IT guys, and there is no replication or duplication 
happening, only one LDAPserver.

Any other ideas?

Darren Arsenault
Programmer
Algonquin College
1385 Woodroffe Avenue
Ottawa, ON, K2G 1V8

From: ivan.ma...@gmail.com [ivan.ma...@gmail.com] On Behalf Of helix84 
[heli...@centrum.sk]
Sent: January-28-13 10:56 AM
To: Darren Arsenault
Cc: dspace-tech@lists.sourceforge.net
Subject: Re: [Dspace-tech] LDAP authentication failing with: [LDAP\colon; error 
code 49 - Invalid Credentials]

Hi Darren,

I don't think this can be DSpace's fault. Although DSpace can create
an eperson on the first login via LDAP (if autoregister is set to
true), it only means that a row in the eperson table is created. The
password is not stored in DSpace and the user is always authenticated
by trying to bind to LDAP with the specified username/password.

If I were you, I'd take a look at your LDAP infrastructure. If you
have some kind of replication set up or if you're using custom code to
change the password in multiple systems (LDAP being just one of them),
the changed password may not yet have propagated to the LDAP server
DSpace uses. So try to bind the user using e.g. the ldapsearch utility
or any other LDAP client. My bet is that the LDAP server still has the
old password.


Regards,
~~helix84

Compulsory reading: DSpace Mailing List Etiquette
https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
--
Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
MVPs and experts. ON SALE this month only -- learn more at:
http://p.sf.net/sfu/learnnow-d2d
___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

Re: [Dspace-tech] LDAP authentication failing with: [LDAP\colon; error code 49 - Invalid Credentials]

[helix84]

We can always blame it on the user :)

No, really, have him change his password under your supervision, I
think it will magically work.


Regards,
~~helix84

Compulsory reading: DSpace Mailing List Etiquette
https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

--
Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
MVPs and experts. ON SALE this month only -- learn more at:
http://p.sf.net/sfu/learnnow-d2d
___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette