See below. I have tried the search_scope as 0,1, and 2 with the same results.
Thanks. #---------------------------------------------------------------# #------------LDAP AUTHENTICATION CONFIGURATIONS-----------------# #---------------------------------------------------------------# # Configuration properties used by the LDAP Authentication # # plugin, when it is enabled. # #---------------------------------------------------------------# # # In order to enable LDAP Authentication, you must first ensure the # 'org.dspace.authenticate.LDAPAuthentication' # class is added to the list of enabled AuthenticationMethods in 'authenticate.cfg'. # See 'authenticate.cfg' for more info. # # If LDAP is enabled, then new users will be able to register # by entering their username and password without being sent the # registration token. If users do not have a username and password, # then they can still register and login with just their email address # the same way they do now. # # For providing any special privileges to LDAP users, # you will still need to extend the SiteAuthenticator class to # automatically put people who have a netid into a special # group. You might also want to give certain email addresses # special privileges. Refer to the DSpace documentation for more # information about how to do this. # # It may be necessary to obtain the values of these settings from the # LDAP server administrators as LDAP configuration will vary from server # to server. # This setting will enable or disable LDAP authentication in DSpace. # With the setting off, users will be required to register and login with # their email address. With this setting on, users will be able to login # and register with their LDAP user ids and passwords. # This setting is only used by the JSPUI. enable = true ##### LDAP AutoRegister Settings ##### # This will turn LDAP autoregistration on or off. With this # on, a new EPerson object will be created for any user who # successfully authenticates against the LDAP server when they # first login. With this setting off, the user # must first register to get an EPerson object by # entering their ldap username and password and filling out # the forms. autoregister = true # This is the url to the institution's ldap server. The /o=myu.edu # may or may not be required depending on the LDAP server setup. # A server may also require the ldaps:// protocol. #provider_url = ldap://ldap.myu.edu/o=myu.edu provider_url = ldaps://xxxxxxxxxxxxxxxxxxx # This is the unique identifier field in the LDAP directory # where the username is stored. id_field = uid # This is the object context used when authenticating the # user. It is appended to the id_field and username. # For example uid=username,ou=people,o=myu.edu. This must match # the LDAP server configuration. #object_context = ou=people,o=myu.edu object_context = ou=people,dc=van,dc=edu # This is the search context used when looking up a user's # LDAP object to retrieve their data for autoregistering. # With autoregister turned on, when a user authenticates # without an EPerson object, a search on the LDAP directory to # get their name and email address is initiated so that DSpace # can create a EPerson object for them. So after we have authenticated against # uid=username,ou=people,o=byu.edu we now search in ou=people # for filtering on [uid=username]. Often the # search_context is the same as the object_context # parameter. But again this depends on each individual LDAP server # configuration. #search_context = ou=people search_context = ou=people,dc=van,dc=edu # This is the LDAP object field where the user's email address # is stored. "mail" is the default and the most common for # LDAP servers. If the mail field is not found the username # will be used as the email address when creating the eperson # object. ldap.email_field = mail email_field = mail # This is the LDAP object field where the user's last name is # stored. "sn" is the default and is the most common for LDAP # servers. If the field is not found the field will be left # blank in the new eperson object. surname_field = sn # This is the LDAP object field where the user's given names # are stored. This may not be used or set in all LDAP instances. # If the field is not found the field will be left blank in the # new eperson object. givenname_field = givenName # This is the field where the user's phone number is stored in # the LDAP directory. If the field is not found the field # will be left blank in the new eperson object. phone_field = telephoneNumber ##### LDAP users group ##### # If required, a group name can be given here, and all users who log in # to LDAP will automatically become members of this group. This is useful # if you want a group made up of all internal authenticated users. #login.specialgroup = group-name ##### Hierarchical LDAP Settings ##### # If your users are spread out across a hierarchical tree on your # LDAP server, you will need to search the tree to find the full DN of # the user who is logging in. # # * If anonymous search is allowed on your LDAP server, you will need to set # search.anonymous = true # * If not, you will need to specify the full DN and password of a # user that is allowed to bind in order to search for the users. # * If neither search.anonymous is true, nor search.user is specified, # LDAP will not do the hierarchical search for a DN and will assume # a flat directory structure. # This is the optional search scope value for the LDAP search during # autoregistering. This will depend on your LDAP server setup. # This value must be one of the following integers corresponding # to the following values: # object scope : 0 # one level scope : 1 # subtree scope : 2 search_scope = 2 # If true, the initial bind will be performed anonymously. search.anonymous = false # The full DN and password of a user allowed to connect to the LDAP server # and search for the DN of the user trying to log in. #search.user = cn=admin,ou=people,o=myu.edu #search.password = password # If your LDAP server does not hold an email address for a user, you can use # the following field to specify your email domain. This value is appended # to the netid in order to make an email address. E.g. a netid of 'user' and # netid_email_domain as '@example.com' would set the email of the user # to be 'u...@example.com #netid_email_domain = @example.com -----Original Message----- From: ivan.ma...@gmail.com [mailto:ivan.ma...@gmail.com] On Behalf Of helix84 Sent: Wednesday, February 06, 2013 2:51 PM To: Poulter, Dale Cc: Dspace-tech@lists.sourceforge.net Subject: Re: [Dspace-tech] LDAP authentication in v3 Do you need and have search_scope = 2? It would be easier if you pasted your authentication-ldap.cfg here. Regards, ~~helix84 Compulsory reading: DSpace Mailing List Etiquette https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette ------------------------------------------------------------------------------ Free Next-Gen Firewall Hardware Offer Buy your Sophos next-gen firewall before the end March 2013 and get the hardware for free! Learn more. http://p.sf.net/sfu/sophos-d2d-feb _______________________________________________ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette