Hi, Max. I'm not exactly sure what ldap.object_context should be for your institution. I would probably test using ou=STAFF,o=CARTHAGE and then set ldap.search_context to o=CARTHAGE (as you could have folks in ou=FACULTY,o=CARTHAGE or ou=STUDENTS,o=CARTHAGE or ou=STAFF,o=CARTHAGE.
Then, you would need to probably set ldap.search_scope = 1 (or 2) in order to search one level below the ldap.search_context location. And, of course, back up your dspace.cfg file and make sure you are only using org.dspace.authenticate.LDAPHierarchicalAuthentication as your plugin.sequence.org.dspace.authenticate.AuthenticationMethod. I don't think you can use org.dspace.authenticate.LDAPAuthentication and org.dspace.authenticate.LDAPHierarchicalAuthentication at the same time, stackable. I think the idea with LDAPHierarchicalAuthentication (and, yes, the docs on this are thin) is that an ldap.search.user logs in an searches starting at the ldap.search_context for ldap.search_scope number of levels deep, trying to locate the username entered in the LDAP directory in the ldap.id_field of each object. When it finds that object (person) and where it is located in the LDAP directory, it then lets them authenticate using the now known context (location) for that person and the password they entered into DSpace. If someone knows how this works in more detail or can correct me, please do! The good news is that, once we got it working, LDAPHierarchicalAuthentication has been very stable (and useful) for our multi-container LDAP repository. -- Stacy Pennington Rhodes College [email protected] (901) 843-3968 -------------------------------- From: Max McGrath [mailto:[email protected]] Sent: Thursday, April 22, 2010 10:18 AM To: Pennington_Stacy Cc: [email protected] Subject: Re: [Dspace-tech] LDAP with DSpace Thank you Stacy. But I still seem to be having issues. As I mentioned before, we have three containers I need to search. Previously, setting ldap.object_context & ldap.search_context both to ou=STAFF,o=CARTHAGE allowed me to properly authenticate users from the STAFF container. However, looking at your examples below: ldap.object_context = cn=Users,dc=example,dc=com ldap.search_context = dc=example,dc=com trying to set ldap.object_context & ldap-search_context to something like ou=STAFF,ou=STUDENTS,ou=FACULTY,o=CARTHAGE doesn't seem to work. Am I approaching this correctly? Or should my syntax be different? Thanks! -- Max McGrath Asst. Network Admin/Systems Specialist Carthage College 262-552-5512 [email protected] ------------------------------------------------------------------------------ _______________________________________________ DSpace-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dspace-tech
