Hi Sean, Have you tried changing your ldap.provider_url to use ldaps:// (instead of ldap://). My understanding is that this is slightly different to using StartTLS, but I think some LDAP servers will fall back to that instead.
For the self-signed certificate, you'll probably have to install a copy of the certificate in a local keystore: http://www.mail-archive.com/[email protected]/msg08179.html Hope that helps, Stuart ________________________________________ From: Sean Hennessee [[email protected]] Sent: Wednesday, 27 January 2010 5:33 a.m. To: [email protected] Subject: [Dspace-tech] LDAPAuthentication StartTLS? I'm trying to configure LDAP authentication on DSpace 1.5.2 installed on RHEL5 with StartTLS over port 389. Using tcpdump and wireshark I can see that when I do an ldapsearch at the linux command prompt: ldapsearch -x -h ldap.example.com -D "uid=testID,ou=University of California Irvine, o=University of California, c=US" -ZZ -W uid=* there is a LDAP_START_TLS, extended request and the command succeeds after entering a correct uid and password. When attempting to login to DSpace, on the DSpace XMLUI ldap login page, there is never a StartTLS request sent and the login never succeeds. The error in tcpdump/wireshark is: LDAPMessage bindResponse(1) confidentialityRequired How can I configure DSpace to use StartTLS? Also, this will need to work with a self signed certificate. Is that supported? If not, are there other LDAP libraries that do support it that might be integrated into DSpace? These are my ldap settings in dspace.cfg: =================================== plugin.sequence.org.dspace.authenticate.AuthenticationMethod = \ org.dspace.authenticate.PasswordAuthentication, \ org.dspace.authenticate.LDAPAuthentication ldap.enable = true ldap.provider_url = ldap://ldap.example.com/ ldap.id_field = uid ldap.object_context = ou=University of California Irvine,o=University of California,c=US ldap.search_context = ou=University of California Irvine,o=University of California,c=US ldap.email_field = mail ldap.surname_field = sn ldap.givenname_field = givenName ldap.phone_field = telephoneNumber webui.ldap.autoregister = true ldap.netid_email_domain = @uci.edu ==================================== Peace, Sean -- Sean Hennessee Central Computing Support Office of Information Technology UC Irvine ... . .- -. / .... . -. -. . ... ... . . ------------------------------------------------------------------------------ The Planet: dedicated and managed hosting, cloud storage, colocation Stay online with enterprise data centers and the best network in the business Choose flexible plans and management services without long-term contracts Personal 24x7 support from experience hosting pros just a phone call away. http://p.sf.net/sfu/theplanet-com _______________________________________________ DSpace-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dspace-tech ------------------------------------------------------------------------------ The Planet: dedicated and managed hosting, cloud storage, colocation Stay online with enterprise data centers and the best network in the business Choose flexible plans and management services without long-term contracts Personal 24x7 support from experience hosting pros just a phone call away. http://p.sf.net/sfu/theplanet-com _______________________________________________ DSpace-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dspace-tech
