[Dspace-tech] LDAPAuthentication StartTLS?

Sean Hennessee Tue, 26 Jan 2010 08:33:57 -0800

I'm trying to configure LDAP authentication on DSpace 1.5.2 installed on 
RHEL5 with StartTLS over port 389. Using tcpdump and wireshark I can see 
that when I do an ldapsearch at the linux command prompt:


ldapsearch -x -h ldap.example.com -D "uid=testID,ou=University of 
California Irvine, o=University of California, c=US" -ZZ -W uid=*

there is a LDAP_START_TLS, extended request and the command succeeds 
after entering a correct uid and password. When attempting to login to 
DSpace, on the DSpace XMLUI ldap login page, there is never a StartTLS 
request sent and the login never succeeds. The error in 
tcpdump/wireshark is:

LDAPMessage bindResponse(1) confidentialityRequired

How can I configure DSpace to use StartTLS? Also, this will need to work 
with a self signed certificate. Is that supported? If not, are there 
other LDAP libraries that do support it that might be integrated into 
DSpace?

These are my ldap settings in dspace.cfg:
===================================
plugin.sequence.org.dspace.authenticate.AuthenticationMethod = \
         org.dspace.authenticate.PasswordAuthentication, \
         org.dspace.authenticate.LDAPAuthentication
ldap.enable = true
ldap.provider_url = ldap://ldap.example.com/
ldap.id_field = uid
ldap.object_context = ou=University of California Irvine,o=University of 
California,c=US
ldap.search_context = ou=University of California Irvine,o=University of 
California,c=US
ldap.email_field = mail
ldap.surname_field = sn
ldap.givenname_field = givenName
ldap.phone_field = telephoneNumber
webui.ldap.autoregister = true
ldap.netid_email_domain = @uci.edu
====================================

Peace,
Sean
-- 

Sean Hennessee
Central Computing Support
Office of Information Technology
UC Irvine


... . .- -. /  .... . -. -. . ... ... . .

------------------------------------------------------------------------------
The Planet: dedicated and managed hosting, cloud storage, colocation
Stay online with enterprise data centers and the best network in the business
Choose flexible plans and management services without long-term contracts
Personal 24x7 support from experience hosting pros just a phone call away.
http://p.sf.net/sfu/theplanet-com
_______________________________________________
DSpace-tech mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dspace-tech

[Dspace-tech] LDAPAuthentication StartTLS?

Reply via email to