Hi guys, I'm having a huge problem trying to make work LDAP Authentication as many of you also did. I've tried also the solutions proposed here but nothing works for me. I'd really appreciate if you can give me some hints that could help me solving this problem:
my 'authentication-ldap.cfg' is as follows: authentication-ldap.enable = true authentication-ldap.autoregister = false authentication-ldap.provider_url = ldap://intranet.mpba.mp.br:389/ authentication-ldap.id_field = sAMAccountName #authentication-ldap.object_context = ou=Funcionarios authentication-ldap.search_context = OU=Funcionarios\,DC=intranet\,DC=mp\,DC=ba\,DC=gov\,DC=br authentication-ldap.email_field = mail authentication-ldap.surname_field = sn authentication-ldap.givenname_field = givenName authentication-ldap.phone_field = telephoneNumber #authentication-ldap.login.specialgroup = group-name authentication-ldap.search_scope = 2 #authentication-ldap.search.anonymous = false authentication-ldap.search.user = CN=sisd.dspace\,OU=Usuarios de sistema\,DC=intranet\,DC=mp\,DC=ba\,DC=gov\,DC=br authentication-ldap.search.password = password authentication-ldap.netid_email_domain = @mpba.mp.br #authentication-ldap.login.groupmap.1 = ou=ldap-dept1:dspace-group1 #authentication-ldap.login.groupmap.2 = ou=ldap-dept2:dspace-groupA #authentication-ldap.login.groupmap.3 = ou=ldap-dept3:dspace-groupA #authentication-ldap.login.groupmap.attribute = group #authentication-ldap.login.groupmap.1 = ldap-dept1:dspace-group1 #authentication-ldap.login.groupmap.2 = ldap-dept2:dspace-groupA #authentication-ldap.login.groupmap.3 = ldap-dept3:dspace-groupA # Enables support for StartTLS (default is false). If this flag is true be sure provider_url looks like: # ldap://ldap.myu.edu:389 #authentication-ldap.starttls=true I have two authentication methods on and my 'authentication.cfg' is as follows: plugin.sequence.org.dspace.authenticate.AuthenticationMethod = \ org.dspace.authenticate.PasswordAuthentication,\ org.dspace.authenticate.LDAPAuthentication My problem is.. Dspace is saying that my credentials are wrong as you can see here by the attached photo. I know it seems like I'm giving the wrong information (username and password) but I think something else is happening. Something really strange happens too: my 'authentication-ldap.provider_url' attribute inside 'authentication-ldap.cfg' seems to be partially commented (its blue colored). So I don't know if it's really being taking in consideration. (It's because of '//') Thanks in advance for helping me!!! Em quarta-feira, 12 de julho de 2017 17:55:43 UTC-3, Tim Cullings escreveu: > > I have been tasked with setting up DSpace in my environment and getting it > working with LDAP for user authentication. > > I've gone through every article on the site, tried every combination of > settings in the authentication-ldap.cfg file and can't seem to get it to > work. The only error I receive is: > > ldap_authentication:type=failed_auth > javax.naming.AuthenticationException\colon; [LDAP\colon; error code 49 - > 80090308\colon; LdapErr\colon; DSID-0C0903D9, comment\colon; > AcceptSecurityContext error, data 52e, v2580 ] > > Running DSPACE 5 on Windows Server 2012 R2 > > Here are my settings: > > authentication-ldap.enable = true > authentication-ldap.autoregister = true > authentication-ldap.provider_url = ldap://ldap.domain.com:389 > authentication-ldap.id_field = sAMAcoountName > authentication-ldap.object_context = dc=domain,dc=com > authentication-ldap.search_context = dc=domain,dc=com > authentication-ldap.email_field = mail > authentication-ldap.surname_field = sn > authentication-ldap.givenname_field = givenName > authentication-ldap.search_scope = 2 > #authentication-ldap.search.anonymous = false > authentication-ldap.search.user = cn=user,ou=someou,dc=domain,dc=com > authentication-ldap.search.password = password > > I used an LDAP browsing tool from the server with the service account I am > attempting to use for Dspace and was able to run queries with it against > our AD server. I also used ldapsearch on a UNIX box and the specified > credentials and that worked as well so I am fairly certain the issue is > with Dspace. Domain users reside in multiple OUs that are one level down > from the root for example, cn=user1,ou=Contractors,dc=domain,dc=com and so > on for FTEs, vendors and other types of employees. > -- All messages to this mailing list should adhere to the DuraSpace Code of Conduct: https://duraspace.org/about/policies/code-of-conduct/ --- You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group. To unsubscribe from this group and stop receiving emails from it, send an email to dspace-tech+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/dspace-tech/34529f48-6452-492d-9f13-65ae9719c9d1%40googlegroups.com.
