Thank you both for the feedback, and helix84 for posting an issue on it - much obliged.
As it stands now TLS is rigid requirement for LDAP, so LDAPS doesn't appear to be an option. The repository runs behind a firewall but other LDAP clients do not. In any case there are alternatives, and if I do sort out something with TLS I'll be sure to post back. Best- Walker On 03/13/2013 10:17 AM, Hilton Gibson wrote: > "Hilton's response is in this case inaccurate, because he's talking > only about securing the connection of DSpace with the client" > > I did not look at port 636 because I was not sure what to do with the > cert on the server side. > Anyway our LDAP connection is behind our campus firewall but if yours is > outside, then you have a problem. > > > On 13 March 2013 17:02, helix84 <[email protected] > <mailto:[email protected]>> wrote: > > On Wed, Mar 13, 2013 at 3:17 PM, Walker Sampson > <[email protected] <mailto:[email protected]>> wrote: > > I'm running DSpace 3.1 and would like to set up LDAP. I > understand from > > our own IT that their LDAP requires authenticated bind lookup and TLS > > encryption. > > > > From reading the authentication-ldap.cfg file it appears DSpace does > > support authenticated bind lookups, but I'm unsure as to whether it > > supports TLS encryption, which I suppose would be in the form of > StartTLS. > > > > Does anyone have experience with this? > > Hi Walker, > > you're right, the DSpace LDAPAuthentication module doesn't support > StartTLS. I agree that it's a serious omission and should be > corrected. I filed a new Jira issue to keep track of this task: > https://jira.duraspace.org/browse/DS-1518 > > I also explained some details there and gave some pointers, so you may > try to di it yourself. If you are successfull, please contribute your > code so that we can test it and include it into future DSpace > versions. > > Hilton's response is in this case inaccurate, because he's talking > only about securing the connection of DSpace with the client, while > you're asking about connection of DSpace with the LDAP server. Of > course, both connections should be secured. > > > Regards, > ~~helix84 > > Compulsory reading: DSpace Mailing List Etiquette > https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette > > > ------------------------------------------------------------------------------ > Everyone hates slow websites. So do we. > Make your web apps faster with AppDynamics > Download AppDynamics Lite for free today: > http://p.sf.net/sfu/appdyn_d2d_mar > _______________________________________________ > DSpace-tech mailing list > [email protected] > <mailto:[email protected]> > https://lists.sourceforge.net/lists/listinfo/dspace-tech > List Etiquette: > https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette > > > > > -- > *Hilton Gibson* > Systems Administrator > JS Gericke Library > Room 1025D > Stellenbosch University > Private Bag X5036 > Stellenbosch > 7599 > South Africa > > Tel: +27 21 808 4100 | Cell: +27 84 646 4758 > http://library.sun.ac.za > http://scholar.sun.ac.za > http://ar1.sun.ac.za > http://aj1.sun.ac.za -- Walker Sampson Electronic Records Analyst, Government Records Mississippi Department of Archives & History 601-576-6929 [email protected] ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_mar _______________________________________________ DSpace-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
