We use LDAP/Active Directory for user information but not for user
authentication.
With ArchivesSpace LDAP Authentication configured, the initial (anonymous) bind
to get user information works, but it fails on the 2nd authentication binding.
The first request is either doing anonymous binding, or else username+password
need to be in the AppConfig[:authentication_sources] in your config file. But
after getting user info from LDAP on the first request, it will attempt to bind
to that user (with supplied user password) and connect again.
I don’t know if you have a similar set up at your site, but, as well as my
memory works, that looks like a familiar error message. And perhaps the other
applications that work are not trying to do the 2nd binding. (?)
I have pulled some of the LDAP code from ArchivesSpace into a script to get
user info and write it out the JSONModel, so that I can batch create users from
LDAP info using backend API. Users have to authenticate separately thru
Shibboleth or pub-cookie to get to the ArchivesSpace server, and then
authenticate again to ArchivesSpace. I’ld like to figure out how to skip that
2nd authentication, but backend and frontend servers need to exchange and agree
on user credentials.
— Steve Majewski / UVA Alderman Library
> On Sep 2, 2016, at 11:38 AM, Kathleen Krause-Thompson
> <kkthomp...@tsl.texas.gov> wrote:
>
> <image001.gif>
> Hello -- I’m attempting to configure an LDAP/Active Directory auth source and
> am getting the error messages below (details removed), from the main log. Is
> there an alternate log where I might look for more details? Any other ideas
> about next steps? Credentials and connectivity should be fine as other
> applications on the same server are making the link.
>
> Parameters: {"utf8"=>"✓",
> "authenticity_token"=>"02knGWUiVGv0C+pe06yYOyO9bWB4ZnfG8dnd+tJF+HY=",
> "username"=>"k", "password"=>"[FILTERED]", "commit"=>"Sign In"}
> D, [2016-09-01T15:24:58.330000 #26461] DEBUG -- : Thread-4210: POST
> /users/k/login [session: nil]
> D, [2016-09-01T15:24:58.335000 #26461] DEBUG -- : Thread-4210: Post-processed
> params: {:username=>"k", :password=>"[FILTERED]", :expiring=>true}
> E, [2016-09-01T15:24:58.401000 #26461] ERROR -- : Thread-4210: Error
> communicating with authentication source #<LDAPAuth:0x76063956
> @encryption=nil, @extra_filter=nil, @attribute_map={:cn=>:name},
> @bind_password="FILTERED", @port="389", @bind_dn="uid=removed,ou=",
> @username_attribute="uid", @hostname="tsl.state.tx.us",
> @base_dn="dc=tsl,dc=state,dc=tx,dc=us">: Failed when binding to LDAP
> directory: #<LDAPAuth:0x76063956 @encryption=nil, @extra_filter=nil,
> @attribute_map={:cn=>:name> Error: Invalid Credentials (code = 49)
>
>
>
> Kathleen Krause-Thompson
> Texas State Library and Archives
> Lead Developer Analyst
>
> <image002.png>
>
> _______________________________________________
> Archivesspace_Users_Group mailing list
> Archivesspace_Users_Group@lyralists.lyrasis.org
> http://lyralists.lyrasis.org/mailman/listinfo/archivesspace_users_group
_______________________________________________
Archivesspace_Users_Group mailing list
Archivesspace_Users_Group@lyralists.lyrasis.org
http://lyralists.lyrasis.org/mailman/listinfo/archivesspace_users_group
