Hi Eric,
I submitted the following patch that works with A.D.:
https://sourceforge.net/tracker/?func=detail&atid=319984&aid=2100378&group_id=19984
The patched files are also available here:
http://erwg.lib.auburn.edu/dspace-ldap_20080828.zip
. The patch modifies a few files in the org.dspace.authentication
package of the dspace-api jar module, so you can do something like
this:
o. svn checkout the dspace code base
o. lay over the patched files
o. build a new dspace-api.jar file
o. install the new dspace-api.jar file under
WEB-INF/lib
of whichever webapp (xmlui or jspui) you're running
In our A.D. setup - it is not necessary to specify a
traditional LDAP distinguished name at bind-time -
rather we can just specify the
windows-domain\username
or
[EMAIL PROTECTED]
, so you can do something like this
(using the SLAPD ldapsearch command-line tool):
$ ldapsearch -x -H ldap://ldap.whatever.edu -D AUBURN\\rdp0004 -b
dc=auburn,dc=edu -W cn=rdp0004
rather than having to specify:
-D
cn=RDP0004,ou=Library,ou=User_IDs,ou=Employees,ou=People,ou=AuMain,dc=auburn,dc=edu
I suspect most AD setups are like this.
The patch just modifies the code to take advantage of this A.D. quirk,
so it's not necessary to bind as a well-known user, then search for
the user you're trying to authenticate - just bind with
DOMAIN\\USERNAME.
I hope the dspace team will take a look at the patch eventually.
Good luck!
Reuben
>>> "Eric Luhrs" <[EMAIL PROTECTED]> 9/17/2008 7:24 AM >>>
Stuart,
Thanks for this message. I think it may explain why I haven't been
able to
get LDAP to work even after installing
LDAPHierarchicalAuthentication.java.
If I read your email correctly, it means I will also have to install
patch
2057231 before hierarchical LDAP authentication will work. Is this
correct? If so, can you say a little about how to install a .patch
file?
I should also confirm that I installed
LDAPHierarchicalAuthentication.java
correctly. I placed it in the same directory with the rest of the
authentication modules (password, ip, LDAP, etc), re-built the war
files,
and then added the new lines to the conf file. Does that sound about
right?
Eric Luhrs
Lafayette College
On Wed, Sep 17, 2008 at 2:00 AM, Stuart Lewis <[EMAIL PROTECTED]> wrote:
> Hi Bin,
>
> > I have just installed DSpace 1.5.1 on a Ubuntu server. I would
like to
> enable
> > authentication against LDAP server (AD). From the documentation,
it
> seems
> > that LDAP authentication only work with JSPUI, not XMLUI. Is this
true?
> What
> > will it take to make it work with XMLUI?
>
> It should work fine. It was broken in 1.5, but is fixed in 1.5.1.
>
> Where did you read this? We need to update that part of the
documentation.
>
> > I have not actually tried with JSPUI, but I could not find where
in
> dspace.cfg
> > I could specify a binding ID and password.
>
> How is your LDAP tree structured? If all users are within one OU,
then you
> do not need to provide a username and password. DSpace binds to the
LDAP
> tree using the user's credentials. If it can bind then the username
and
> password they provided are OK.
>
> If your LDAP tree is structured in a hierarchical manner such that
users
> are
> spread out across different OUs (e.g. An OU for faculty and an OU
for
> students) then you will need to provide a username and password of a
user
> who has read access across the whole tree. This user binds and does
a
> search
> for the correct DN of the user who is trying to login. Once the DN
is
> found,
> a second bind is attempted directly to that DN using the user's
password.
>
> Hierarchical LDAP support is not included in DSpace 1.5.1 however I
am
> working on a generic hierarchical LDAP authentication method with a
few
> other DSpace developers (that reminds me - I really must get on with
that!)
> and we can get it included in the next release of DSpace. If you need
to
> use
> it now, install the following patches:
>
>
>
http://sourceforge.net/tracker/index.php?func=detail&aid=2057231&group_id=19
>
984&atid=319984<http://sourceforge.net/tracker/index.php?func=detail&aid=2057231&group_id=19984&atid=319984>
>
>
>
http://sourceforge.net/tracker/index.php?func=detail&aid=2057378&group_id=19
>
984&atid=319984<http://sourceforge.net/tracker/index.php?func=detail&aid=2057378&group_id=19984&atid=319984>
>
> The patches have full instructions, except for an omission to say
that you
> need to change your authentication plugin line in dspace.cfg to:
>
> plugin.sequence.org.dspace.authenticate.AuthenticationMethod = \
> org.dspace.authenticate.LDAPHierarchicalAuthentication
>
> Thanks,
>
>
> Stuart
> _________________________________________________________________
>
> Gwasanaethau Gwybodaeth Information Services
> Prifysgol Aberystwyth Aberystwyth University
>
> E-bost / E-mail: [EMAIL PROTECTED]
> Ffon / Tel: (01970) 622860
> _________________________________________________________________
>
>
>
-------------------------------------------------------------------------
> This SF.Net email is sponsored by the Moblin Your Move Developer's
> challenge
> Build the coolest Linux based applications with Moblin SDK & win
great
> prizes
> Grand prize is a trip for two to an Open Source event anywhere in the
world
> http://moblin-contest.org/redirect.php?banner_id=100&url=/
> _______________________________________________
> DSpace-tech mailing list
> DSpace-tech@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/dspace-tech
>
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
