Just username for the cn value: search.user = cn=someUser,ou=someOU,ou=anotherOU,dc=ucmo,dc=local
I wouldn't think you would need the domain defined with in CN if you are providing the domain component attribute. The rest of your key values are pretty similar to mine with a couple of exceptions. object_context = ou=accounts,dc=ucmo,dc=local search_context = ou=accounts,dc=ucmo,dc=local ... and the earlier mentioned id_field value. I'm also using ldaps instead of ldap in the provider_URL. Shannon Mr. Shannon Meisenheimer Office of Technology University of Central Missouri WDE0608 [email protected] Work Phone: (660) 543-8483 On Wed, Jul 12, 2017 at 4:38 PM, Tim Cullings <[email protected]> wrote: > I think I just mistyped that id_field, I had tried cn and that didn't work > either. > > My authentication.cfg file only has LDAP turned on atm so I can test it. > In the username field are you adding any @domainname.com or > domain\username? > > Through google searches it is telling me that the error indicates that my > LDAP service account and/or password might be incorrect but I have > succesfully connected to and searched LDAP using those credentials. > > On Wednesday, July 12, 2017 at 2:24:07 PM UTC-7, Shannon Meisenheimer > wrote: >> >> What does your authentication.cfg file look like, do you have LDAPAuth >> added there? >> >> Mine contains: >> >>> plugin.sequence.org.dspace.authenticate.AuthenticationMethod = \ >>> org.dspace.authenticate.LDAPAuthentication, \ >>> org.dspace.authenticate.PasswordAuthentication >> >> >> >> Also the value for your authentication-ldap.id_field key is "sAMAcoountName" >> and should probably be "sAMAccountName". I'm using 'cn' for that key. >> >> Shannon >> -- >> Mr. Shannon Meisenheimer >> Office of Technology >> University of Central Missouri >> WDE0608 >> [email protected] >> Work Phone: (660) 543-8483 >> >> On Wed, Jul 12, 2017 at 3:55 PM, Tim Cullings <[email protected]> >> wrote: >> >>> I have been tasked with setting up DSpace in my environment and getting >>> it working with LDAP for user authentication. >>> >>> I've gone through every article on the site, tried every combination of >>> settings in the authentication-ldap.cfg file and can't seem to get it to >>> work. The only error I receive is: >>> >>> ldap_authentication:type=failed_auth >>> javax.naming.AuthenticationException\colon; >>> [LDAP\colon; error code 49 - 80090308\colon; LdapErr\colon; DSID-0C0903D9, >>> comment\colon; AcceptSecurityContext error, data 52e, v2580 ] >>> >>> Running DSPACE 5 on Windows Server 2012 R2 >>> >>> Here are my settings: >>> >>> authentication-ldap.enable = true >>> authentication-ldap.autoregister = true >>> authentication-ldap.provider_url = ldap://ldap.domain.com:389 >>> authentication-ldap.id_field = sAMAcoountName >>> authentication-ldap.object_context = dc=domain,dc=com >>> authentication-ldap.search_context = dc=domain,dc=com >>> authentication-ldap.email_field = mail >>> authentication-ldap.surname_field = sn >>> authentication-ldap.givenname_field = givenName >>> authentication-ldap.search_scope = 2 >>> #authentication-ldap.search.anonymous = false >>> authentication-ldap.search.user = cn=user,ou=someou,dc=domain,dc=com >>> authentication-ldap.search.password = password >>> >>> I used an LDAP browsing tool from the server with the service account I >>> am attempting to use for Dspace and was able to run queries with it against >>> our AD server. I also used ldapsearch on a UNIX box and the specified >>> credentials and that worked as well so I am fairly certain the issue is >>> with Dspace. Domain users reside in multiple OUs that are one level down >>> from the root for example, cn=user1,ou=Contractors,dc=domain,dc=com >>> and so on for FTEs, vendors and other types of employees. >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "DSpace Technical Support" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To post to this group, send email to [email protected]. >>> Visit this group at https://groups.google.com/group/dspace-tech. >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> -- > You received this message because you are subscribed to the Google Groups > "DSpace Technical Support" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at https://groups.google.com/group/dspace-tech. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/dspace-tech. For more options, visit https://groups.google.com/d/optout.
