Hi Stuart, Thanks again for your help and advice. It still returns that NO DN for the logging in user. What might be the reason? Is there anything wrong in the way I define the OU path?
Also, locally created users are no longer able to login. LDAP Settings: ldap.enable = true ldap.provider_url = ldap://win2k.aub.edu.lb ldap.id_field = uid ldap.object_context = ou=ACADEMIC COMPUTING,ou=AUB,ou=NON- Students,ou=AllUsers,o=win2k.aub.edu.lb ldap.search_context = ou=ACADEMIC COMPUTING,ou=AUB,ou=NON- Students,ou=AllUsers,o=win2k.aub.edu.lb ldap.email_field = mail ldap.surname_field = sn ldap.givenname_field = givenName ldap.phone_field = telephoneNumber webui.ldap.autoregister = true ##### Hierarchical LDAP Settings ##### plugin.sequence.org.dspace.authenticate.AuthenticationMethod = \ org.dspace.authenticate.LDAPHierarchicalAuthentication ldap.search_scope = 2 ldap.search.user = cn=moodle1,ou=Special Users,ou=AllUsers,o=win2k.aub.edu.lb ldap.search.password = x...@#$%^ LOGS: 2010-03-15 16:01:48,326 DEBUG org.dspace.storage.rdbms.DatabaseManager @ Running query "SELECT * FROM community WHERE NOT community_id IN (SELECT child_comm_id FROM community2community) ORDER BY name" with parameters: 2010-03-15 16:01:48,327 DEBUG org.dspace.storage.rdbms.DatabaseManager @ Running query "SELECT handle FROM Handle WHERE resource_type_id = ? AND resource_id = ?" with parameters: 4,1 2010-03-15 16:01:48,328 DEBUG org.dspace.storage.rdbms.DatabaseManager @ Running query "SELECT handle FROM Handle WHERE resource_type_id = ? AND resource_id = ?" with parameters: 4,3 2010-03-15 16:01:48,329 DEBUG org.dspace.storage.rdbms.DatabaseManager @ Running query "SELECT handle FROM Handle WHERE resource_type_id = ? AND resource_id = ?" with parameters: 4,2 2010-03-15 16:01:48,330 DEBUG org.dspace.app.webui.util.JSPManager @ anonymous:session_id=06BC1DC7A0830739072FEB4384933E88:ip_addr=192.168.12.21: view_jsp:/home.jsp 2010-03-15 16:01:52,452 DEBUG org.dspace.app.webui.servlet.DSpaceServlet @ anonymous:session_id=06BC1DC7A0830739072FEB4384933E88:ip_addr=192.168.12.21: http_request:-- URL Was\colon; http\colon;//accdr.aub.edu.lb\colon;8080/jspui/ldap-login -- Method\colon; GET -- Parameters were\colon; 2010-03-15 16:01:52,455 DEBUG org.dspace.app.webui.util.JSPManager @ anonymous:session_id=06BC1DC7A0830739072FEB4384933E88:ip_addr=192.168.12.21: view_jsp:/login/ldap.jsp 2010-03-15 16:01:59,454 DEBUG org.dspace.app.webui.servlet.DSpaceServlet @ anonymous:session_id=06BC1DC7A0830739072FEB4384933E88:ip_addr=192.168.12.21: http_request:-- URL Was\colon; http\colon;//accdr.aub.edu.lb\colon;8080/jspui/ldap-login -- Method\colon; POST -- Parameters were\colon; -- login_password\colon; *not logged* -- login_submit\colon; "Log In" -- login_netid\colon; "amerh" 2010-03-15 16:01:59,454 INFO org.dspace.authenticate.LDAPHierarchicalAuthentication @ anonymous:session_id=06BC1DC7A0830739072FEB4384933E88:ip_addr=192.168.12.21: auth:attempting trivial auth of user=amerh 2010-03-15 16:01:59,454 DEBUG org.dspace.storage.rdbms.DatabaseManager @ Running query "select * from eperson where netid = ? " with parameters: amerh 2010-03-15 16:01:59,465 WARN org.dspace.authenticate.LDAPHierarchicalAuthentication @ anonymous:session_id=06BC1DC7A0830739072FEB4384933E88:ip_addr=192.168.12.21: ldap_authentication:type=failed_auth javax.naming.AuthenticationException\colon; [LDAP\colon; error code 49 - 80090308\colon; LdapErr\colon; DSID-0C090334, comment\colon; AcceptSecurityContext error, data 525, vece] 2010-03-15 16:01:59,465 INFO org.dspace.authenticate.LDAPHierarchicalAuthentication @ anonymous:session_id=06BC1DC7A0830739072FEB4384933E88:ip_addr=192.168.12.21: failed_login:no DN found for user amerh 2010-03-15 16:01:59,465 INFO org.dspace.app.webui.servlet.LDAPServlet @ anonymous:session_id=06BC1DC7A0830739072FEB4384933E88:ip_addr=192.168.12.21: failed_login:netid=amerh, result=2 2010-03-15 16:01:59,466 DEBUG org.dspace.app.webui.util.JSPManager @ anonymous:session_id=06BC1DC7A0830739072FEB4384933E88:ip_addr=192.168.12.21: view_jsp:/login/incorrect.jsp -----Original Message----- From: Stuart Lewis [mailto:[email protected]] Sent: Wednesday, March 10, 2010 2:28 AM To: Hossein Hamam Cc: [email protected] Subject: Re: [Dspace-tech] LDAP testing Hi Hossein, > Inside the ou=AllUsers, we have many sub OUs in which different users > reside. > Does this require turning on Hierarchical LDAP? Yes. > Could the problem be due to the password used by the user to search the > active directory having special characters? I don't think so - see below. > 2010-03-09 12:38:18,878 INFO > org.dspace.authenticate.LDAPHierarchicalAuthentication @ > anonymous:session_id=27C51B3169D422438A3CB10F585196C0:ip_addr=192.168.12.21: > failed_login:no > DN found for user amerh That looks good - as it means it has used your admin username and password, connected to the server and retrieved the DN for the user. Next, it should try to re-bind to the server using that DN, and the user's password... > 2010-03-09 12:38:18,878 INFO org.dspace.app.xmlui.utils.AuthenticationUtil > @ > anonymous:session_id=27C51B3169D422438A3CB10F585196C0:ip_addr=192.168.12.21: > failed_login:email=amerh, > realm=null, result=2 > 2010-03-09 12:38:54,479 INFO > org.dspace.authenticate.LDAPHierarchicalAuthentication @ > anonymous:session_id=27C51B3169D422438A3CB10F585196C0:ip_addr=192.168.12.21: > auth:attempting > trivial auth of [email protected] > 2010-03-09 12:38:54,492 WARN > org.dspace.authenticate.LDAPHierarchicalAuthentication @ > anonymous:session_id=27C51B3169D422438A3CB10F585196C0:ip_addr=192.168.12.21: > ldap_authentication:type=failed_auth > javax.naming.AuthenticationException\colon; [LDAP\colon; error code 49 - > 80090308\colon; LdapErr\colon; DSID-0C090334, comment\colon; > AcceptSecurityContext error, data 525, vece] ...which looks like it is failing. We need to know what DN it is retrieving for the user. It should be possible to see this if you enable DEBUG level logging: - See http://wiki.dspace.org/index.php/TechnicalFaq#Setting_logging_level_up_to_DE BUG because there is a line in the code that says: log.debug(LogManager.getHeader(context, "got DN", resultDN)); Seeing the DN, and checking it is correct, will be the next step. Thanks, Stuart Lewis IT Innovations Analyst and Developer Te Tumu Herenga The University of Auckland Library Auckland Mail Centre, Private Bag 92019, Auckland 1142, New Zealand Ph: 64 9 373-7599 x81928 http://www.library.auckland.ac.nz/ ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ DSpace-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dspace-tech
