[
https://jira.duraspace.org/browse/DS-1267?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=26256#comment-26256
]
kgunn commented on DS-1267:
---------------------------
For me, it's not supported out of the box. I needed to modify
LDAPHierarchicalAuthentication to get it to work. Wasn't a big change, but I'm
sure my changes won't work against an LDAP, as the search filter would need to
be different. Here's what I changed to get it to work.
...
Attributes matchAttrs = new
BasicAttributes(true);
matchAttrs.put(new
BasicAttribute(ldap_id_field, netid));
// look up attributes
try
{
SearchControls ctrls = new
SearchControls();
ctrls.setSearchScope(ldap_search_scope_value);
NamingEnumeration<SearchResult> answer
= ctx.search(
ldap_provider_url +
ldap_search_context,
"(&({0}={1}))", new
Object[] { ldap_id_field,
netid
}, ctrls);
...
changed to
...
/* ?? Not used
Attributes matchAttrs = new BasicAttributes(true);
matchAttrs.put(new BasicAttribute(ldap_id_field, netid));
*/
// look up attributes
try {
SearchControls ctrls = new SearchControls();
ctrls.setSearchScope(ldap_search_scope_value);
String searchFilter = "(&(objectClass=user)(" +
ldap_id_field + "=" + netid + "))";
NamingEnumeration<SearchResult> answer = ctx.search(
ldap_search_context.trim(), searchFilter, ctrls);
...
To get this to suit all LDAPs and ActiveDirectory might need more items
configurable such as
1. javax.naming.Context.INITIAL_CONTEXT_FACTORY
2. javax.naming.Context.SECURITY_AUTHENTICATION
3. the search filter
4. LDAP or Active Directory config would be good to code alternative options
Would be really cool if this had the same configuration options as the apache
tomcat LDAP realm, including group/role access.
> Is Active Directory supported by the LDAPAuthentication method in DSpace 1.8.2
> ------------------------------------------------------------------------------
>
> Key: DS-1267
> URL: https://jira.duraspace.org/browse/DS-1267
> Project: DSpace
> Issue Type: Documentation
> Components: DSpace API
> Affects Versions: 1.8.2
> Environment: Active Directory, DSPace
> Reporter: kgunn
>
> I read DS-50 but was unable to get at the patch. As this issue was raised
> sometime ago, does DSpace 1.8.2 support authentication against Active
> Directory using the LDAP Authentication method?
> If so what are the configuration parameters set to as an example?
> Other software like tomcat realms now support AD but allow uuid to be a
> search filter like (sAMAccountName={0}). I can't get it to work by just
> setting id_field to sAMAccountName AD attribute.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Dspace-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dspace-devel
