Hello all,
I have problem, i'm using dspace 1.7.1, jspui, on Linux (Debian) So I
think using Active Directory.
I just browsed our LDap server (Ms windows) as follow on
ldapsearch -x -H ldap://172.26.0.218:389 -b "dc=ilri,dc=cgiarad,dc=org"
-D "[email protected]" -W "(sAMAccountName=swebshet)"
I did some configuration options in dspace.cfg as follow. Should some
other java files be configured. May be files like
(LDAPservelet.java,registerservelet.java,LDAPAuthenticate.java,passworda
utheticat.java)
#### Stackable Authentication Methods #####
# Stack of authentication methods
# (See org.dspace.authenticate.AuthenticationManager)
# Example:
# plugin.sequence.org.dspace.authenticate.AuthenticationMethod = \
# org.dspace.authenticate.ShibAuthentication, \
# org.dspace.authenticate.PasswordAuthentication
plugin.sequence.org.dspace.authenticate.AuthenticationMethod = \
org.dspace.authenticate.LDAPHierarchicalAuthentication
#### LDAP Authentication Configuration Settings ####
#
# If LDAP is enabled, then new users will be able to register
# by entering their username and password without being sent the
# registration token. If users do not have a username and password,
# then they can still register and login with just their email address
# the same way they do now.
#
# For providing any special privileges to LDAP users,
# you will still need to extend the SiteAuthenticator class to
# automatically put people who have a netid into a special
# group. You might also want to give certain email addresses
# special privileges. Refer to the DSpace documentation for more
# information about how to do this.
#
# It may be necessary to obtain the values of these settings from the
# LDAP server administrators as LDAP configuration will vary from server
# to server.
# This setting will enable or disable LDAP authentication in DSpace.
# With the setting off, users will be required to register and login
with
# their email address. With this setting on, users will be able to
login
# and register with their LDAP user ids and passwords.
# This setting is only used by the JSPUI.
ldap.enable = true
# This is the url to the institution's ldap server. The /o=myu.edu
# may or may not be required depending on the LDAP server setup.
# A server may also require the ldaps:// protocol.
ldap.provider_url = ldap://ldap.myu.edu/o=myu.edu
ldap.provider_url = ldap://192.168.249.99:389/
# This is the unique identifier field in the LDAP directory
# where the username is stored.
ldap.id_field = sAMAccountName
# This is the object context used when authenticating the
# user. It is appended to the ldap.id_field and username.
# For example uid=username,ou=people,o=myu.edu. This must match
# the LDAP server configuration.
#ldap.object_context = ou=people,o=myu.edu
ldap.object_context = OU=ILRI Ethiopia Employees,OU=ILRI
Ethiopia,DC=ILRI,DC=CGIARAD,DC=ORG
# This is the search context used when looking up a user's
# LDAP object to retrieve their data for autoregistering.
# With ldap.autoregister turned on, when a user authenticates
# without an EPerson object, a search on the LDAP directory to
# get their name and email address is initiated so that DSpace
# can create a EPerson object for them. So after we have authenticated
against
# uid=username,ou=people,o=byu.edu we now search in ou=people
# for filtering on [uid=username]. Often the
# ldap.search_context is the same as the ldap.object_context
# parameter. But again this depends on each individual LDAP server
# configuration.
ldap.search_context = OU=ILRI Ethiopia Employees,OU=ILRI
Ethiopia,DC=ILRI,DC=CGIARAD,DC=ORG
# This is the LDAP object field where the user's email address
# is stored. "mail" is the default and the most common for
# LDAP servers. If the mail field is not found the username
# will be used as the email address when creating the eperson
# object.
ldap.email_field = mail
# This is the LDAP object field where the user's last name is
# stored. "sn" is the default and is the most common for LDAP
# servers. If the field is not found the field will be left
# blank in the new eperson object.
#ldap.surname_field = sn
# This is the LDAP object field where the user's given names
# are stored. This may not be used or set in all LDAP instances.
# If the field is not found the field will be left blank in the
# new eperson object.
#ldap.givenname_field = givenName
# This is the field where the user's phone number is stored in
# the LDAP directory. If the field is not found the field
# will be left blank in the new eperson object.
#ldap.phone_field = telephoneNumber
##### LDAP AutoRegister Settings #####
# This will turn LDAP autoregistration on or off. With this
# on, a new EPerson object will be created for any user who
# successfully authenticates against the LDAP server when they
# first login. With this setting off, the user
# must first register to get an EPerson object by
# entering their ldap username and password and filling out
# the forms.
webui.ldap.autoregister = true
##### LDAP users group #####
# If required, a group name can be given here, and all users who log in
# to LDAP will automatically become members of this group. This is
useful
# if you want a group made up of all internal authenticated users.
#ldap.login.specialgroup = group-name
##### Hierarchical LDAP Settings #####
# If your users are spread out across a hierarchical tree on your
# LDAP server, you will need to use the following stackable
authentication
# class:
plugin.sequence.org.dspace.authenticate.AuthenticationMethod = \
org.dspace.authenticate.LDAPHierarchicalAuthentication
# You can optionally specify the search scope. If anonymous access is
not
# enabled on your LDAP server, you will need to specify the full DN and
# password of a user that is allowed to bind in order to search for the
# users.
# This is the search scope value for the LDAP search during
# autoregistering. This will depend on your LDAP server setup.
# This value must be one of the following integers corresponding
# to the following values:
# object scope : 0
# one level scope : 1
# subtree scope : 2
ldap.search_scope = 2
# The full DN and password of a user allowed to connect to the LDAP
server
# and search for the DN of the user trying to log in. If these are not
specified,
# the initial bind will be performed anonymously.
#ldap.search.user = cn=admin,ou=people,o=myu.edu
ldap.search.user = CN=Webshet\, Sisay (ILRI),OU=ILRI Ethiopia
Employees,OU=ILRI Ethiopia,DC=ILRI,DC=CGIARAD,DC=ORG
ldap.search.password = xxxxxxxxxxx
# If your LDAP server does not hold an email address for a user, you can
use
# the following field to specify your email domain. This value is
appended
# to the netid in order to make an email address. E.g. a netid of 'user'
and
# ldap.netid_email_domain as '@example.com' would set the email of the
user
# to be '[email protected]
#ldap.netid_email_domain = @example.com
the log file shows me as follow. can any body asssit me
org.dspace.authenticate.LDAPHierarchicalAuthentication @
anonymous:session_id=F11C4BFF6647976278B2B56BDFD04544:ip_addr=172.27.1.1
:ldap_authentication:type=failed_auth
javax.naming.AuthenticationException\colon; [LDAP\colon; error code 49 -
80090308\colon; LdapErr\colon; DSID-0C0903A9, comment\colon;
AcceptSecurityContext error, data 52e,
v1db0FD04544:ip_addr=172.27.1.1:failed_login:netid=swebshet, result=2
Thanks
sisay
------------------------------------------------------------------------------
EditLive Enterprise is the world's most technically advanced content
authoring tool. Experience the power of Track Changes, Inline Image
Editing and ensure content is compliant with Accessibility Checking.
http://p.sf.net/sfu/ephox-dev2dev
_______________________________________________
DSpace-tech mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dspace-tech
