Hi!
I gave the following LDAP-Active Directory parameters in Dspace config file for
LDAP login.
ldap.enable = true
ldap.provider_url = ldap://staff.main.ntu.edu.sg:389
ldap.id_field = sAMAccountName
ldap.object_context = OU=Users,OU=SCI,DC=staff,DC=main,DC=ntu,DC=edu,DC=sg
ldap.search_context = OU=Users,OU=SCI,DC=staff,DC=main,DC=ntu,DC=edu,DC=sg
ldap.email_field = mail
ldap.surname_field = sn
ldap.givenname_field = givenName
ldap.phone_field = telephoneNumber
These arguments were tested with LDAP Browser except the "ldap.id_field =
sAMAccountName" field and connection was okay. My user DN from the LDAP browser
is CN=Jayan Chirayath
Kurian,OU=Users,OU=SCI,DC=staff,DC=main,DC=ntu,DC=edu,DC=sg. In my AD
attributes list sAMAccountName corresponds to my campus userid (i.e jayan) and
cn corresponds to my full name (i.e Jayan Chirayath Kurian). In the Dspace LDAP
login interface I gave my userid (i.e jayan) and password. The connection is
refused displaying the following error.
anonymous:session_id=059CF24E14CC27170FE4B0AF62FFEFB3:ip_addr=155.69.104.75:ldap_authentication:type=failed_auth
javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308:
LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece ]
Since this was not working, LDAPServlet.java file was modified and added in the
following modifications
env.put(javax.naming.Context.PROVIDER_URL,
"ldap://staff.main.ntu.edu.sg:389";);
env.put(javax.naming.Context.SECURITY_AUTHENTICATION, "simple");
env.put(javax.naming.Context.SECURITY_PRINCIPAL, "CN=Jayan Chirayath
Kurian,OU=Users,OU=SCI,DC=staff,DC=main,DC=ntu,DC=edu,DC=sg");
env.put(javax.naming.Context.SECURITY_CREDENTIALS, "password");
This started working when I gave my Campus userid (jayan) and when examined the
E-people list, it showed my AD details including my email address and phone no.
I believe LDAP-AD server has authenticated my userid and retrieved the AD
attributes. But for the next login it accepts any password and is not
consistent with the original password. I have enabled and disabled
webui.ldap.autoregister value, but still the password inconsistency remains the
same.
(1) Could you please suggest is there a way to rectify the password
problem. Is it always taking the default password from LDAPServlet.java file.
(2) Is there any other field that I need to try with ldap.id_field (e.g
legacyExchangeDN or distinguishedName from AD Attributes list) since my DN is
CN=Jayan Chirayath Kurian,OU=Users,OU=SCI,DC=staff,DC=main,DC=ntu,DC=edu,DC=sg.
Could any one please suggest regarding what AD attribute to give for the
ldap.id_field in Dspace config file.
(3) Is there a possibility that firewall is denying access through Dspace
to ldap://staff.main.ntu.edu.sg:389 server even though browser access is fine.
Thanks,
Jayan
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
DSpace-tech mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dspace-tech
