Thanks Stuart. I have tried that in many different ways without success, even as ldaps://example.com:389/, but our ldap service requires StartTLS over port 389. Unfortunately the guys running it are hesitant to make any changes to it at all. I may be looking at using Shibboleth instead of LDAP.
Peace, Sean Stuart Lewis wrote: > Hi Sean, > > Have you tried changing your ldap.provider_url to use ldaps:// (instead of > ldap://). My understanding is that this is slightly different to using > StartTLS, but I think some LDAP servers will fall back to that instead. > > For the self-signed certificate, you'll probably have to install a copy of > the certificate in a local keystore: > http://www.mail-archive.com/[email protected]/msg08179.html > > Hope that helps, > > > Stuart > > ________________________________________ > From: Sean Hennessee [[email protected]] > Sent: Wednesday, 27 January 2010 5:33 a.m. > To: [email protected] > Subject: [Dspace-tech] LDAPAuthentication StartTLS? > > I'm trying to configure LDAP authentication on DSpace 1.5.2 installed on > RHEL5 with StartTLS over port 389. Using tcpdump and wireshark I can see > that when I do an ldapsearch at the linux command prompt: > > ldapsearch -x -h ldap.example.com -D "uid=testID,ou=University of > California Irvine, o=University of California, c=US" -ZZ -W uid=* > > there is a LDAP_START_TLS, extended request and the command succeeds > after entering a correct uid and password. When attempting to login to > DSpace, on the DSpace XMLUI ldap login page, there is never a StartTLS > request sent and the login never succeeds. The error in > tcpdump/wireshark is: > > LDAPMessage bindResponse(1) confidentialityRequired > > How can I configure DSpace to use StartTLS? Also, this will need to work > with a self signed certificate. Is that supported? If not, are there > other LDAP libraries that do support it that might be integrated into > DSpace? > > These are my ldap settings in dspace.cfg: > =================================== > plugin.sequence.org.dspace.authenticate.AuthenticationMethod = \ > org.dspace.authenticate.PasswordAuthentication, \ > org.dspace.authenticate.LDAPAuthentication > ldap.enable = true > ldap.provider_url = ldap://ldap.example.com/ > ldap.id_field = uid > ldap.object_context = ou=University of California Irvine,o=University of > California,c=US > ldap.search_context = ou=University of California Irvine,o=University of > California,c=US > ldap.email_field = mail > ldap.surname_field = sn > ldap.givenname_field = givenName > ldap.phone_field = telephoneNumber > webui.ldap.autoregister = true > ldap.netid_email_domain = @uci.edu > ==================================== > > Peace, > Sean > -- > > Sean Hennessee > Central Computing Support > Office of Information Technology > UC Irvine > > > ... . .- -. / .... . -. -. . ... ... . . > > ------------------------------------------------------------------------------ > The Planet: dedicated and managed hosting, cloud storage, colocation > Stay online with enterprise data centers and the best network in the business > Choose flexible plans and management services without long-term contracts > Personal 24x7 support from experience hosting pros just a phone call away. > http://p.sf.net/sfu/theplanet-com > _______________________________________________ > DSpace-tech mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/dspace-tech > -- Sean Hennessee mailto:[email protected] http://www.nacs.uci.edu/~sean Central Computing Support Office of Information Technology UC Irvine (949)824-8225 Office (949)293-5224 Cell ... . .- -. / .... . -. -. . ... ... . . ------------------------------------------------------------------------------ The Planet: dedicated and managed hosting, cloud storage, colocation Stay online with enterprise data centers and the best network in the business Choose flexible plans and management services without long-term contracts Personal 24x7 support from experience hosting pros just a phone call away. http://p.sf.net/sfu/theplanet-com _______________________________________________ DSpace-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dspace-tech
