Hi! Christophe,Alvin and Stuart,
Here we are trying to authenticate LDAP against AD services. I have modified
the config files and LDAPServlet.java file by giving
env.put(javax.naming.Context.PROVIDER_URL, "ldap://X.Y.ntu.edu.sg";);
env.put(javax.naming.Context.SECURITY_AUTHENTICATION, "simple");
env.put(javax.naming.Context.SECURITY_PRINCIPAL, "[EMAIL PROTECTED]");
env.put(javax.naming.Context.SECURITY_CREDENTIALS, "************");
I get the error,
anonymous:session_id=B1A07F347A116C3EBD5CFC06C0878B6B:ip_addr=155.69.24.193:ldap_attribute_lookup:type=failed_search
javax.naming.PartialResultException: [LDAP: error code 10 - 0000202B: RefErr:
DSID-031006E0, data 0, 1 access points
ref 1: 'staff.main.ntu.edu.sg'
]; remaining name 'cn=users,dc=X.Y.ntu.edu.sg'
Could you please help.
(1) By "java modification" in your previous mail, you mean no to touch
src\org\dspace\app\webui\servlet\RegisterServlet.java
(2) For AD services, I need to modify, RegisterServlet.java or
LDAPServlet.java file.
Please suggest.
Thanks,
Jayan
________________________________
From: Dupriez Christophe [mailto:[EMAIL PROTECTED]
Sent: Saturday, February 10, 2007 1:32 AM
To: Jayan Chirayath Kurian
Subject: Re : Re : [Dspace-tech] LDAP for DSpace 1.4.1
Hi Jayan!
I finally tested with the parameters I gave you + the suggestion of Stuart
Lewis and WITHOUT any java modification:
it works. The only thing: do not try to register with an e-mail not in the LDAP
directory: it is accepted but you have no opportunity to specify a password and
the account is therefore not usable. I suppose some people have submitted
corrections on this (to be checked).
Have a nice week-end!
Christophe
----- Message d'origine ----
De : Jayan Chirayath Kurian <[EMAIL PROTECTED]>
À : Dupriez Christophe <[EMAIL PROTECTED]>
Envoyé le : Vendredi, 9 Février 2007, 18h19mn 13s
Objet : RE: Re : [Dspace-tech] LDAP for DSpace 1.4.1
Hi! Dupriez Christophe,
Thank you very much. Let me try again and will definitely write to you.
Regards,
Jayan
________________________________
From: Dupriez Christophe [mailto:[EMAIL PROTECTED]
Sent: Fri 2/9/2007 5:13 PM
To: Jayan Chirayath Kurian
Subject: Re : [Dspace-tech] LDAP for DSpace 1.4.1
Hi Jayan!
I had to mess nearly two days to make it work here at Belgium Poison Centre.
Our internal LDAP is accessed thru our LAN. DSpace parameters are:
webui.ldap.autoregister = true
ldap.enable = true
ldap.provider_url = ldap://ad.poison.in:389
ldap.id_field = CN
ldap.object_context = OU=All Users Group,DC=poison,DC=in
ldap.search_context = OU=All Users Group,DC=poison,DC=in
ldap.email_field = mail
ldap.surname_field = sn
ldap.givenname_field = givenName
ldap.phone_field = telephoneNumber
I also made changes in src\org\dspace\app\webui\servlet\RegisterServlet.java
(marked by ???), CHANGES THAT I HAVE TO RETEST / REVALIDATE (so please try with
the above parameters (adjusted for your Active Directory) and then try some of
the changes below (if you test on your side, please let me know the result or
publish a patch ! ) GOOD LUCK! Christophe Dupriez
//--------- START LDAP AUTH SECTION -------------
if (password!=null && !password.equals(""))
{
String ldap_provider_url =
ConfigurationManager.getProperty("ldap.provider_url");
String ldap_id_field =
ConfigurationManager.getProperty("ldap.id_field");
String ldap_search_context =
ConfigurationManager.getProperty("ldap.search_context");
// Set up environment for creating initial
context
Hashtable env = new Hashtable(11);
env.put(javax.naming.Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
//connect to my domain controller ??? ChristopheDD thinks it is
necessary to move this line to a lower place
env.put(javax.naming.Context.PROVIDER_URL,
ldap_provider_url);
// Authenticate
env.put(javax.naming.Context.SECURITY_AUTHENTICATION, "simple");
// Authenticate
env.put(javax.naming.Context.SECURITY_PRINCIPAL,
ldap_id_field+"="+netid+","+ldap_search_context);
env.put(javax.naming.Context.SECURITY_CREDENTIALS, password);
//connect to my domain controller ??? ChristopheDD thinks it is
necessary to move this line HERE
//env.put(javax.naming.Context.PROVIDER_URL,
ldap_provider_url);
try {
// Create initial context
DirContext ctx = new InitialDirContext(env);
//??? ChristopheDD thinks it is necessary to replace the
above line by the one below (WHY? TO BE DOCUMENTED):
//DirContext ctx = new
InitialLdapContext(env,null);
// Close the context when we're done
ctx.close();
}
catch (NamingException e)
{
// If we reach here, supplied
email/password was duff.
log.info(LogManager.getHeader(context,
"failed_login",
"netid=" + netid + ", " + e));
JSPManager.showJSP(request, response,
"/login/ldap-incorrect.jsp");
return;
}
}
//--------- END LDAP AUTH SECTION -------------
----- Message d'origine ----
De : Jayan Chirayath Kurian <[EMAIL PROTECTED]>
À : [email protected]
Envoyé le : Vendredi, 9 Février 2007, 9h03mn 01s
Objet : [Dspace-tech] LDAP for DSpace 1.4.1
I have installed Dspace 1.4.1 on windows 2003 server. We are trying to use
Windows Active directory ldap authentication for logging to Dspace using domain
supplied user ID/Password from within and outside the campus.
The Dspace LDAP Authentication Configuration Settings are:
ldap.enable = true
ldap.provider_url = ldap://X.Y.ntu.edu.sg/o=ntu.edu.sg
ldap.id_field = uid
ldap.object_context = ou= X.Y,o=ntu.edu.sg
ldap.search_context = ou= X.Y
ldap.email_field = mail
ldap.surname_field = sn
ldap.givenname_field = givenName
ldap.phone_field = telephoneNumber
When a valid user log in to Dspace through the "myDspace" option, the following
error message is received from the log file.
2007-02-09 13:09:01,655 INFO org.dspace.eperson.PasswordAuthentication @
anonymous:session_id=3557F0C69F8F0BEA409C2835BBA20BDC:ip_addr=155.69.24.193:authenticate:attempting
password auth of [EMAIL PROTECTED]
2007-02-09 13:09:01,655 INFO org.dspace.app.webui.servlet.PasswordServlet @
anonymous:session_id=3557F0C69F8F0BEA409C2835BBA20BDC:ip_addr=155.69.24.193:failed_login:email=
[EMAIL PROTECTED], result=4
The LDAPServlet.java file was modified to include
env.put(javax.naming.Context.PROVIDER_URL, "ldap://X.Y.ntu.edu.sg";);
env.put(javax.naming.Context.SECURITY_AUTHENTICATION, "simple");
env.put(javax.naming.Context.SECURITY_PRINCIPAL, "[EMAIL PROTECTED]");
env.put(javax.naming.Context.SECURITY_CREDENTIALS, "************");
Still it gives the same error mentioned above. I just tried logging directly
using
"http://dspacedev1:8080/dspace/ldap-login"; and gave a user name and password
registered with the domain. It created the user with no submission privileges.
But this user cannot login from the main "myDspace" option. From the log file,
it seems the user is automatically registered and ldap has failed.
2007-02-09 15:48:01,797 WARN org.dspace.app.webui.servlet.LDAPServlet @
anonymous:session_id=C5DBB32D95BF99F2B0C8908D0F202FF6:ip_addr=155.69.104.75:ldap_attribute_lookup:type=failed_search
javax.naming.NamingException: [LDAP: error code 1 - 000020D6: SvcErr:
DSID-031006CC, problem 5012 (DIR_ERROR), data 0
]; remaining name 'ou=X,ou=Y'
2007-02-09 15:48:01,797 INFO org.dspace.app.webui.servlet.LDAPServlet @
anonymous:session_id=C5DBB32D95BF99F2B0C8908D0F202FF6:ip_addr=155.69.104.75:autoregister:[EMAIL
PROTECTED]
2007-02-09 15:48:01,813 INFO org.dspace.eperson.EPerson @
anonymous:session_id=C5DBB32D95BF99F2B0C8908D0F202FF6:ip_addr=155.69.104.75:create_eperson:eperson_id=44
2007-02-09 15:48:01,844 INFO org.dspace.eperson.EPerson @
anonymous:session_id=C5DBB32D95BF99F2B0C8908D0F202FF6:ip_addr=155.69.104.75:update_eperson:eperson_id=44
2007-02-09 15:48:01,906 INFO org.dspace.app.webui.servlet.LDAPServlet @ [EMAIL
PROTECTED]:session_id=C5DBB32D95BF99F2B0C8908D0F202FF6:ip_addr=155.69.104.75:login:type=ldap-login
2007-02-09 15:48:01,906 INFO org.dspace.app.webui.servlet.MyDSpaceServlet @
[EMAIL
PROTECTED]:session_id=C5DBB32D95BF99F2B0C8908D0F202FF6:ip_addr=155.69.104.75:view_mydspace:
Could any one please help regarding this. Is there any other file that needs to
be modified to make LDAP work and access Dspace from the "myDSpace" option.
Thanks,
Jayan
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier.
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
DSpace-tech mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dspace-tech
________________________________
Découvrez une nouvelle façon d'obtenir des réponses à toutes vos questions !
Profitez des connaissances, des opinions et des expériences des internautes sur
Yahoo! Questions/Réponses
<http://fr.rd.yahoo.com/evt=42054/*http:/fr.answers.yahoo.com> .
________________________________
Découvrez une nouvelle façon d'obtenir des réponses à toutes vos questions !
Profitez des connaissances, des opinions et des expériences des internautes sur
Yahoo! Questions/Réponses
<http://fr.rd.yahoo.com/evt=42054/*http:/fr.answers.yahoo.com> .
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier.
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
DSpace-tech mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dspace-tech
