I've got a simple ldap server configured primarily to allow authentication for EZProxy; now I'd like to be able to get DSpace to use it for authentication. But I can't get it to work.
I followed the DSpace configuration steps outlined at <http://ir.sun.ac.za/wiki/index.php/User_Management>, and have the following in my dspace.cfg: plugin.sequence.org.dspace.authenticate.AuthenticationMethod = \ org.dspace.authenticate.LDAPAuthentication, \ org.dspace.authenticate.PasswordAuthentication ldap.enable = true ldap.provider_url = ldap://localhost:389/ ldap.id_field = uid ldap.object_context = ou=People,dc=esal,dc=ac,dc=za ldap.search_context = ou=People ldap.email_field = mail ldap.surname_field = sn ldap.givenname_field = givenName ldap.phone_field = telephoneNumber webui.ldap.autoregister = false DSpace and LDAP are running on the same server, and I can use ldapsearch to return information on a user: r...@uzspace:~# ldapsearch -xLLL -b "dc=esal,dc=ac,dc=za" 'uid=UZP0899' dn: uid=UZP0899,ou=People,dc=esal,dc=ac,dc=za objectClass: inetOrgPerson cn: Carte,S R sn: Carte uid: UZP0899 mail: But DSpace returns an invalid username/password message when I try to log in using its LDAP authentication. The following is what gets output when running slapd in debug: r...@uzspace:~# slapd -d 2 @(#) $OpenLDAP: slapd 2.4.9 (Mar 31 2009 07:12:16) $ bui...@rothera:/build/buildd/openldap2.3-2.4.9/debian/build/servers/slapd /etc/ldap/slapd.conf: line 111: rootdn is always granted unlimited privileges. /etc/ldap/slapd.conf: line 129: rootdn is always granted unlimited privileges. slapd starting ldap_read: want=8, got=8 0000: 30 39 02 01 01 60 34 02 09...`4. ldap_read: want=51, got=51 0000: 01 03 04 29 75 69 64 3d 55 5a 50 30 38 39 39 2c ...)uid=UZP0899, 0010: 6f 75 3d 50 65 6f 70 6c 65 2c 64 63 3d 65 73 61 ou=People,dc=esa 0020: 6c 2c 64 63 3d 61 63 2c 64 63 3d 7a 61 80 04 37 l,dc=ac,dc=za..x 0030: 33 32 36 xxx ldap_read: want=8 error=Resource temporarily unavailable 0000: 30 0c 02 01 01 61 07 0a 01 00 04 00 04 00 0....a........ ldap_write: want=14, written=14 0000: 30 0c 02 01 01 61 07 0a 01 00 04 00 04 00 0....a........ ldap_read: want=8, got=8 0000: 30 76 02 01 02 63 54 04 0v...cT. ldap_read: want=112, got=112 0000: 09 6f 75 3d 50 65 6f 70 6c 65 0a 01 01 0a 01 03 .ou=People...... 0010: 02 01 00 02 01 00 01 01 00 a0 10 a3 0e 04 03 75 ...............u 0020: 69 64 04 07 55 5a 50 30 38 39 39 30 26 04 04 6d id..UZP08990&..m 0030: 61 69 6c 04 09 67 69 76 65 6e 4e 61 6d 65 04 02 ail..givenName.. 0040: 73 6e 04 0f 74 65 6c 65 70 68 6f 6e 65 4e 75 6d sn..telephoneNum 0050: 62 65 72 a0 1b 30 19 04 17 32 2e 31 36 2e 38 34 ber..0...2.16.84 0060: 30 2e 31 2e 31 31 33 37 33 30 2e 33 2e 34 2e 32 0.1.113730.3.4.2 ldap_read: want=8 error=Resource temporarily unavailable 0000: 30 0c 02 01 02 65 07 0a 01 20 04 00 04 00 0....e... .... ldap_write: want=14, written=14 0000: 30 0c 02 01 02 65 07 0a 01 20 04 00 04 00 0....e... .... ldap_read: want=8, got=8 0000: 30 22 02 01 03 42 00 a0 0"...B.. ldap_read: want=28, got=28 0000: 1b 30 19 04 17 32 2e 31 36 2e 38 34 30 2e 31 2e .0...2.16.840.1. 0010: 31 31 33 37 33 30 2e 33 2e 34 2e 32 113730.3.4.2 ldap_read: want=8 error=Resource temporarily unavailable And here is the debug output when successfully authenticating using the OCLC EZProxy login: r...@uzspace:~# slapd -d 2 @(#) $OpenLDAP: slapd 2.4.9 (Mar 31 2009 07:12:16) $ bui...@rothera:/build/buildd/openldap2.3-2.4.9/debian/build/servers/slapd /etc/ldap/slapd.conf: line 111: rootdn is always granted unlimited privileges. /etc/ldap/slapd.conf: line 129: rootdn is always granted unlimited privileges. slapd starting ldap_read: want=8, got=8 0000: 30 0c 02 01 01 60 07 02 0....`.. ldap_read: want=6, got=6 0000: 01 03 04 00 80 00 ...... ldap_read: want=8 error=Resource temporarily unavailable 0000: 30 0c 02 01 01 61 07 0a 01 00 04 00 04 00 0....a........ ldap_write: want=14, written=14 0000: 30 0c 02 01 01 61 07 0a 01 00 04 00 04 00 0....a........ ldap_read: want=8, got=8 0000: 30 7a 02 01 02 63 75 04 0z...cu. ldap_read: want=116, got=116 0000: 1d 6f 75 3d 50 65 6f 70 6c 65 2c 64 63 3d 65 73 .ou=People,dc=es 0010: 61 6c 2c 64 63 3d 61 63 2c 64 63 3d 7a 61 0a 01 al,dc=ac,dc=za.. 0020: 02 0a 01 00 02 01 02 02 01 00 01 01 00 a0 27 a3 ..............'. 0030: 15 04 0b 6f 62 6a 65 63 74 43 6c 61 73 73 04 06 ...objectClass.. 0040: 70 65 72 73 6f 6e a3 0e 04 03 75 69 64 04 07 55 person....uid..U 0050: 5a 50 30 38 39 39 30 1c 04 0b 6c 64 61 70 43 74 ZP08990...ldapCt 0060: 78 2d 3e 64 6e 04 0d 6c 6f 67 69 6e 44 69 73 61 x->dn..loginDisa 0070: 62 6c 65 64 bled ldap_read: want=8 error=Resource temporarily unavailable <= bdb_equality_candidates: (uid) not indexed 0000: 30 32 02 01 02 64 2d 04 29 75 69 64 3d 55 5a 50 02...d-.)uid=UZP 0010: 30 38 39 39 2c 6f 75 3d 50 65 6f 70 6c 65 2c 64 0899,ou=People,d 0020: 63 3d 65 73 61 6c 2c 64 63 3d 61 63 2c 64 63 3d c=esal,dc=ac,dc= 0030: 7a 61 30 00 za0. ldap_write: want=52, written=52 0000: 30 32 02 01 02 64 2d 04 29 75 69 64 3d 55 5a 50 02...d-.)uid=UZP 0010: 30 38 39 39 2c 6f 75 3d 50 65 6f 70 6c 65 2c 64 0899,ou=People,d 0020: 63 3d 65 73 61 6c 2c 64 63 3d 61 63 2c 64 63 3d c=esal,dc=ac,dc= 0030: 7a 61 30 00 za0. 0000: 30 0c 02 01 02 65 07 0a 01 00 04 00 04 00 0....e........ ldap_write: want=14, written=14 0000: 30 0c 02 01 02 65 07 0a 01 00 04 00 04 00 0....e........ ldap_read: want=8, got=8 0000: 30 39 02 01 01 60 34 02 09...`4. ldap_read: want=51, got=51 0000: 01 03 04 29 75 69 64 3d 55 5a 50 30 38 39 39 2c ...)uid=UZP0899, 0010: 6f 75 3d 50 65 6f 70 6c 65 2c 64 63 3d 65 73 61 ou=People,dc=esa 0020: 6c 2c 64 63 3d 61 63 2c 64 63 3d 7a 61 80 04 37 l,dc=ac,dc=za..x 0030: 33 32 36 xxx ldap_read: want=8 error=Resource temporarily unavailable 0000: 30 0c 02 01 01 61 07 0a 01 00 04 00 04 00 0....a........ ldap_write: want=14, written=14 0000: 30 0c 02 01 01 61 07 0a 01 00 04 00 04 00 0....a........ ldap_read: want=8, got=8 0000: 30 81 8b 02 01 02 63 81 0.....c. ldap_read: want=134, got=134 0000: 85 04 29 75 69 64 3d 55 5a 50 30 38 39 39 2c 6f ..)uid=UZP0899,o 0010: 75 3d 50 65 6f 70 6c 65 2c 64 63 3d 65 73 61 6c u=People,dc=esal 0020: 2c 64 63 3d 61 63 2c 64 63 3d 7a 61 0a 01 00 0a ,dc=ac,dc=za.... 0030: 01 00 02 01 00 02 01 00 01 01 00 87 0b 6f 62 6a .............obj 0040: 65 63 74 63 6c 61 73 73 30 3c 04 16 70 61 73 73 ectclass0<..pass 0050: 77 6f 72 64 45 78 70 69 72 61 74 69 6f 6e 54 69 wordExpirationTi 0060: 6d 65 04 13 70 61 73 73 77 6f 72 64 41 6c 6c 6f me..passwordAllo 0070: 77 43 68 61 6e 67 65 04 0d 6c 6f 67 69 6e 44 69 wChange..loginDi 0080: 73 61 62 6c 65 64 sabled ldap_read: want=8 error=Resource temporarily unavailable 0000: 30 32 02 01 02 64 2d 04 29 75 69 64 3d 55 5a 50 02...d-.)uid=UZP 0010: 30 38 39 39 2c 6f 75 3d 50 65 6f 70 6c 65 2c 64 0899,ou=People,d 0020: 63 3d 65 73 61 6c 2c 64 63 3d 61 63 2c 64 63 3d c=esal,dc=ac,dc= 0030: 7a 61 30 00 za0. ldap_write: want=52, written=52 0000: 30 32 02 01 02 64 2d 04 29 75 69 64 3d 55 5a 50 02...d-.)uid=UZP 0010: 30 38 39 39 2c 6f 75 3d 50 65 6f 70 6c 65 2c 64 0899,ou=People,d 0020: 63 3d 65 73 61 6c 2c 64 63 3d 61 63 2c 64 63 3d c=esal,dc=ac,dc= 0030: 7a 61 30 00 za0. 0000: 30 0c 02 01 02 65 07 0a 01 00 04 00 04 00 0....e........ ldap_write: want=14, written=14 0000: 30 0c 02 01 02 65 07 0a 01 00 04 00 04 00 0....e........ ldap_read: want=8, got=7 0000: 30 05 02 01 03 42 00 0....B. ldap_read: want=8, got=0 ldap_read: want=8, got=7 0000: 30 05 02 01 03 42 00 0....B. ldap_read: want=8, got=0 The EZProxy LDAP configuration seems to consist of the following: ::LDAP URL ldap://localhost/ou=People,dc=esal,dc=ac,dc=za?uid?sub?(objectClass=person) IfUnauthenticated; Stop /LDAP I have tried an alternative ldap.search.context of 'ou=People,dc=esal,dc=ac,dc=za' in dspace.cfg, but that didn't seem to make any difference. Any ideas as to where I've gone wrong? Sean -- Sean Carte esAL Library Systems Manager +27 72 898 8775 +27 31 373 2490 fax: 0866741254 http://esal.dut.ac.za/ ------------------------------------------------------------------------------ _______________________________________________ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech