Hello Everyone,
I have made a default installation of Dspace over a test server, and now i
am trying to integrate Dspace with LDAP server.
The LDAP server allows anonymous access. I would want Dspace to just look
up the user in LDAP and if the person exists, i should be able to login to
dspace. I do not want any user password matching/authentication with LDAP
server.
I have followed the steps given in Dspace manual about LDAP integration.
1. Added the LDAP configuration settings in dspace.cfg
2. Also, Changed the authentication to just LDAPHierarchicalAuthentication
in authentication.cfg ( i did not stack any other authentications )
3. Also, i added same LDAP configuration settings in authentication-lap.cfg
However, since i do not want any password-matching/authentication with the
LDAP server, i tried modifying the LDAPHierarchicalAuthentication.java
source file at
"dspace-1.8.2/dspace-api/src/main/java/org/dspace/authenticate/" location.
I commented all the code that tries to authenticate with LDAP, and modified
it to just access LDAP and check for DN of the user.
if DN can be looked up, it should return the authentication as success.
In short LDAPHierarchicalAuthentication.java makes 2 binds with LDAP
server. I just need the first bind, and i do not need the second bind (
which tries to authenticate).
I have tested the same logic in an isolated java module, and i am able to
successfully retrieve details from LDAP server.
However, when i modify the same in LDAPHierarchicalAuthentication class, i
receive the following errors:
When i try to login from xmlui, without any password. i get the following
in log file.
"2012-08-29 09:35:34,175 INFO
org.dspace.authenticate.LDAPHierarchicalAuthentication @
anonymous:session_id=C370B01B65343E7705E6F2D0385F63C6:ip_addr=0:0:0:0:0:0:0:1%0:auth:attempting
trivial auth of user=lohit.valleru
2012-08-29 09:35:34,545 INFO org.dspace.app.xmlui.utils.AuthenticationUtil
@
anonymous:session_id=C370B01B65343E7705E6F2D0385F63C6:ip_addr=0:0:0:0:0:0:0:1%0:failed_login:email=lohit.valleru,
realm=null, result=5"
I get the above error, though i have modified
the LDAPHierarchicalAuthentication class to fully ignore the part ( where
user/password is null ), and go forward even if the password is null.
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
However, if i enter some values in password field, i get the following
error in log file.
2012-08-29 09:36:30,980 INFO
org.dspace.authenticate.LDAPHierarchicalAuthentication @
anonymous:session_id=C370B01B65343E7705E6F2D0385F63C6:ip_addr=0:0:0:0:0:0:0:1%0:auth:attempting
trivial auth of user=lohit.valleru
2012-08-29 09:36:31,997 WARN
org.dspace.authenticate.LDAPHierarchicalAuthentication @
anonymous:session_id=C370B01B65343E7705E6F2D0385F63C6:ip_addr=0:0:0:0:0:0:0:1%0:ldap_authentication:type=failed_auth
javax.naming.AuthenticationNotSupportedException\colon; [LDAP\colon; error
code 48 - Inappropriate Authentication]
Why is the code, still behaving differently for : password given and
password not given, when i have clearly modified
the LDAPHierarchicalAuthentication class to behave the same way in both
situations, and ignore if password exists or doesnt exist. ( also, i have
commented the 'ldapAuthenticate' method to ignore authentication)
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
When i try to give some randow user, not existing in LDAP server, i get the
below error
2012-08-29 08:50:11,229 INFO
org.dspace.authenticate.LDAPHierarchicalAuthentication @
anonymous:session_id=0345E7F641788D8B58FD6358F36D2212:ip_addr=0:0:0:0:0:0:0:1%0:auth:attempting
trivial auth of user=dfasdfasdf
2012-08-29 08:50:12,242 INFO
org.dspace.authenticate.LDAPHierarchicalAuthentication @
anonymous:session_id=0345E7F641788D8B58FD6358F36D2212:ip_addr=0:0:0:0:0:0:0:1%0:failed_login:no
DN found for user dfasdfasdf
2012-08-29 08:50:12,242 INFO org.dspace.app.xmlui.utils.AuthenticationUtil
@
anonymous:session_id=0345E7F641788D8B58FD6358F36D2212:ip_addr=0:0:0:0:0:0:0:1%0:failed_login:email=dfasdfasdf,
realm=null, result=2
which is as expected. This also supports the above, where i give a verified
ldap user - and i do not receive this error - that no DN was found. This
tells me , that the code is able to access LDAP server and receive the DN
when i give a verified LDAP user. However it gives other errors - which are
related to second bind, though i modified the code not to make a second
bind/or authenticate.
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Also, i added many log commands to LDAPHierarchicalAuthentication : in
order to debug better with the help of log file, however none of my log
commands reflect in the log file.
Also, i sometimes doubt, if the changes that i am making in the source file
reflect in the build/installation. I follow the following process after
modifying the source files.
1.I run mvn clean command
2.I run ant - update
I also tried ant - fresh install as a separate new installation. However i
still see the same errors in log file, and i do not see any extra
customized logs for me to debug.
Also, i have tried integrating dspace,eclipse,maven and tomcat as given in
wiki, but it never worked, so it is getting difficult to exactly pin point
the cause of the above problem.
Can someone please suggest a solution, or help me with where is the problem
occuring . Please do let me know, if i have to attach my modified code, as
i am not sure of the dspace-devel rules.
Thank you
Lohit
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Dspace-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dspace-devel
