Thanks again Stacy! You, however, have been unsuccessful at getting this to automatically create a new ePerson, correct?
I don't have access to my logs right now, but I can see that LDAP authentication is working, but creating a new ePerson is failing and therefore, not letting me login! Is my only option to manually create an ePerson for every person who could potentially login? -- Max McGrath Asst. Network Admin/Systems Specialist Carthage College 262-552-5512 [email protected] On Thu, Apr 22, 2010 at 10:38 AM, <[email protected]> wrote: > Hi, Max. > > I'm not exactly sure what ldap.object_context should be for your > institution. I would probably test using ou=STAFF,o=CARTHAGE and then set > ldap.search_context to o=CARTHAGE (as you could have folks in > ou=FACULTY,o=CARTHAGE or ou=STUDENTS,o=CARTHAGE or ou=STAFF,o=CARTHAGE. > > Then, you would need to probably set ldap.search_scope = 1 (or 2) in order > to search one level below the ldap.search_context location. > > And, of course, back up your dspace.cfg file and make sure you are only > using org.dspace.authenticate.LDAPHierarchicalAuthentication as your > plugin.sequence.org.dspace.authenticate.AuthenticationMethod. I don't think > you can use org.dspace.authenticate.LDAPAuthentication and > org.dspace.authenticate.LDAPHierarchicalAuthentication at the same time, > stackable. > > I think the idea with LDAPHierarchicalAuthentication (and, yes, the docs on > this are thin) is that an ldap.search.user logs in an searches starting at > the ldap.search_context for ldap.search_scope number of levels deep, trying > to locate the username entered in the LDAP directory in the ldap.id_field of > each object. When it finds that object (person) and where it is located in > the LDAP directory, it then lets them authenticate using the now known > context (location) for that person and the password they entered into > DSpace. > > If someone knows how this works in more detail or can correct me, please > do! > > The good news is that, once we got it working, > LDAPHierarchicalAuthentication has been very stable (and useful) for our > multi-container LDAP repository. > > -- > Stacy Pennington > Rhodes College > [email protected] > (901) 843-3968 > > > -------------------------------- > From: Max McGrath [mailto:[email protected]] > Sent: Thursday, April 22, 2010 10:18 AM > To: Pennington_Stacy > Cc: [email protected] > Subject: Re: [Dspace-tech] LDAP with DSpace > > Thank you Stacy. But I still seem to be having issues. > > As I mentioned before, we have three containers I need to search. > Previously, setting ldap.object_context & ldap.search_context both to > ou=STAFF,o=CARTHAGE allowed me to properly authenticate users from the STAFF > container. > > However, looking at your examples below: > > ldap.object_context = cn=Users,dc=example,dc=com > > ldap.search_context = dc=example,dc=com > > trying to set ldap.object_context & ldap-search_context to something like > ou=STAFF,ou=STUDENTS,ou=FACULTY,o=CARTHAGE doesn't seem to work. > > Am I approaching this correctly? Or should my syntax be different? > > Thanks! > > -- > Max McGrath > Asst. Network Admin/Systems Specialist > Carthage College > 262-552-5512 > [email protected] > >
------------------------------------------------------------------------------
_______________________________________________ DSpace-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dspace-tech
