[Dspace-devel] [DuraSpace JIRA] (DS-1267) Is Active Directory supported by the LDAPAuthentication method in DSpace 1.8.2

Tue, 18 Sep 2012 17:02:34 -0700 

    [ 
https://jira.duraspace.org/browse/DS-1267?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=26270#comment-26270
 ] 

kgunn commented on DS-1267:
---------------------------

Hi Ivan,

Sorry for starting this in JIRA, I'll use the forum from now on.

I can't use "objectClass=user)(ldap_id_field" as the current filter substitutes 
two values.

NamingEnumeration<SearchResult> answer = ctx.search(
                ldap_provider_url + ldap_search_context,
                "(&({0}={1}))", new Object[] { ldap_id_field,
                netid }, ctrls); 

As the code is this is the exception I get.

org.apache.cocoon.ProcessingException: Sitemap: error invoking action
        at <map:act type="LDAPAuthenticateAction"> - 
resource://aspects/EPerson/sitemap.xmap:179:44
        at <map:match> - resource://aspects/EPerson/sitemap.xmap:178:36
        at <map:mount> - jndi:/localhost/xmlui/aspects/aspects.xmap:89:72
        at <map:select type="parameter"> - 
jndi:/localhost/xmlui/aspects/aspects.xmap:79:34
        at <map:match type="AspectMatcher"> - 
jndi:/localhost/xmlui/aspects/aspects.xmap:78:36
        at <map:mount> - jndi:/localhost/xmlui/sitemap.xmap:427:100
        at <map:match> - jndi:/localhost/xmlui/sitemap.xmap:426:49
        at <map:serialize> - resource://aspects/Submission/sitemap.xmap:270:27
        at <map:generate> - resource://aspects/Submission/sitemap.xmap:250:26
        at <map:serialize type="xml"> - 
resource://aspects/Statistics/sitemap.xmap:77:31
        at <map:generate> - resource://aspects/Statistics/sitemap.xmap:30:19
        at <map:serialize> - resource://aspects/Workflow/sitemap.xmap:161:27
        at <map:generate> - resource://aspects/Workflow/sitemap.xmap:145:26
        at <map:serialize type="xml"> - 
jndi:/localhost/xmlui/aspects/aspects.xmap:85:34
        at <map:transform type="PageNotFound"> - 
jndi:/localhost/xmlui/aspects/aspects.xmap:84:43
        at <map:generate> - jndi:/localhost/xmlui/aspects/aspects.xmap:83:22
        at <map:serialize type="xhtml"> - 
jndi:/localhost/xmlui/themes/aims_intranet/sitemap.xmap:137:34
        at <map:transform type="i18n"> - 
jndi:/localhost/xmlui/themes/aims_intranet/sitemap.xmap:131:33
        at <map:transform> - 
jndi:/localhost/xmlui/themes/aims_intranet/sitemap.xmap:126:40
        at <map:transform type="IncludePageMeta"> - 
jndi:/localhost/xmlui/themes/aims_intranet/sitemap.xmap:110:45
        at <map:generate type="file"> - 
jndi:/localhost/xmlui/themes/aims_intranet/sitemap.xmap:95:55
        at <map:match> - 
jndi:/localhost/xmlui/themes/aims_intranet/sitemap.xmap:92:28
        at <map:mount> - jndi:/localhost/xmlui/themes/themes.xmap:33:45
        at <map:match type="ThemeMatcher"> - 
jndi:/localhost/xmlui/themes/themes.xmap:32:35
        at <map:mount> - jndi:/localhost/xmlui/sitemap.xmap:590:94
...
Caused by: java.lang.NumberFormatException: For input string: 
"389cn=Users,DC=aims,DC=gov,DC=au"
        at 
java.lang.NumberFormatException.forInputString(NumberFormatException.java:48)
        at java.lang.Integer.parseInt(Integer.java:458)
        at java.lang.Integer.parseInt(Integer.java:499)
        at com.sun.jndi.toolkit.url.Uri.parse(Uri.java:214)
        at com.sun.jndi.toolkit.url.Uri.init(Uri.java:120)
        at com.sun.jndi.ldap.LdapURL.<init>(LdapURL.java:67)
        at 
com.sun.jndi.url.ldap.ldapURLContextFactory.getUsingURLIgnoreRootDN(ldapURLContextFactory.java:41)
        at 
com.sun.jndi.url.ldap.ldapURLContext.getRootURLContext(ldapURLContext.java:44)
        at 
com.sun.jndi.toolkit.url.GenericURLDirContext.search(GenericURLDirContext.java:367)
        at com.sun.jndi.url.ldap.ldapURLContext.search(ldapURLContext.java:523)
        at 
javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267)
        at 
org.dspace.authenticate.LDAPHierarchicalAuthentication$SpeakerToLDAP.getDNOfUser(LDAPHierarchicalAuthentication.java:408)
        at 
org.dspace.authenticate.LDAPHierarchicalAuthentication.authenticate(LDAPHierarchicalAuthentication.java:185)
        at 
org.dspace.authenticate.AuthenticationManager.authenticateInternal(AuthenticationManager.java:155)
        at 
org.dspace.authenticate.AuthenticationManager.authenticate(AuthenticationManager.java:92)
        at 
org.dspace.app.xmlui.utils.AuthenticationUtil.authenticate(AuthenticationUtil.java:107)
        at 
org.dspace.app.xmlui.aspect.eperson.LDAPAuthenticateAction.act(LDAPAuthenticateAction.java:70)
        at 
org.apache.cocoon.sitemap.impl.DefaultExecutor.invokeAction(DefaultExecutor.java:55)
        at 
org.apache.cocoon.components.treeprocessor.sitemap.ActTypeNode.invoke(ActTypeNode.java:105)
        ... 204 more

1. is the class used by the directory context constructor. Mostly I see the 
value "com.sun.jndi.ldap.LdapCtxFactory" used but there are other factories for 
the various LDAP vendors.
2. is the security method, some organisations/firms prefer the passwords aren't 
sent in plain text, especially for AD where it seems you have to authenticate 
with a more privileged user before you can check the actual user you want to 
authenticate with. This is the same for the TOMCAT realm, but with the realm 
you can configure SSL over the connection to AD.
4. Would just give DSpace a way of knowing that it's for AD and if different 
code paths are required as compared to LDAP. Perhaps it's not required if the 
search filter is configurable.

Again sorry for using JIRA, just want to pass on what I found as we're just 
taking up DSpace at my organisation. I will stick to forums as long as I get 
responses.

Cheers
Gunna
                
> Is Active Directory supported by the LDAPAuthentication method in DSpace 1.8.2
> ------------------------------------------------------------------------------
>
>                 Key: DS-1267
>                 URL: https://jira.duraspace.org/browse/DS-1267
>             Project: DSpace
>          Issue Type: Documentation
>          Components: DSpace API
>    Affects Versions: 1.8.2
>         Environment: Active Directory, DSPace
>            Reporter: kgunn
>
> I read DS-50 but was unable to get at the patch. As this issue was raised 
> sometime ago, does DSpace 1.8.2 support authentication against Active 
> Directory using the LDAP Authentication method?
> If so what are the configuration parameters set to as an example?
> Other software like tomcat realms now support AD but allow uuid to be a 
> search filter like (sAMAccountName={0}). I can't get it to work by just 
> setting id_field to sAMAccountName AD attribute.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Dspace-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dspace-devel

Reply via email to