Hello all:Finally we could connect succesfully to our Active Directory using dspace 3.2 Only 2 things were changed: search.user, now is defined using id instead of canonical name and autoregister now is set in true.
I would like to share the config we are using (authentication-ldap.cfg): enable = true autoregister = true provider_url = ldap://biblioteca-ad.bcn-ad.cl:389/ id_field = sAMAccountName object_context = OU=BCN,DC=bcn-ad,DC=cl search_context = OU=BCN,DC=bcn-ad,DC=cl search_scope = 2 search.anonymous = false [email protected] search.password=***password*** netid_email_domain = @bcn-ad.cl Regards, Alvaro El 20/01/14 13:03, Oscar Sanchez Gomez escribió:
Hi Alvaro, I am using ldap authentication with Active Directory and it Works ok. The hierarchical settings will be: search.user = cn=User Name,ou=Usuarios-Aplicaciones,ou=CentroComputo,ou=Area Administrativa,ou=Cartago,ou=Usuario,dc=itcr,dc=ac,dc=cr search.password = pasword The User Name will be name of the user not the user-id. Also you have to specify the complete traversal tree from the inner level to domain level where the User Name of the search_user is defined as you can see in the above example. Regards, Ing. Oscar Sánchez G., MAE Profesional en TI Biblioteca José Figueres Ferrer Instituto Tecnológico de Costa Rica I Tel: 2550-2135 Fax: 2591-4820 F Apdo Postal: 159-7050 -----Mensaje original----- De: "Sandoval, Álvaro" [mailto:[email protected]] Enviado el: domingo, 19 de enero de 2014 09:06 p.m. Para: Dspace Tech Asunto: [Dspace-tech] problems connecting with active directory Dear Dspace community: In our testing environment we have dspace 3.2 and we would like to authenticate using our Active Directory. But authentication fails using both xmlui and jspui. If we try ldapbind command, it works fine. This is our authentication-ldap.cfg file: enable = true autoregister = false provider_url = ldap://ad.mydomain.cl:389/ id_field = sAMAccountName object_context = DC=mydomain,DC=cl search_context = DC=mydomain,DC=cl email_field = mail surname_field = sn givenname_field = givenName phone_field = telephoneNumber search.anonymous = true search_scope = 2 search.user = CN=admin_user,CN=Users,DC=mydomain,DC=cl search.password = admin_passwd And this is part of LOG file: 2014-01-14 05:12:18,045 INFO org.dspace.authenticate.PasswordAuthentication @ anonymous:session_id=7D2495B4351B0D3D30EF4584F1FA0567:ip_addr=111.11.111.111:authenticate:attempting password auth of user=existing_user 2014-01-14 05:12:18,047 INFO org.dspace.authenticate.LDAPAuthentication @ anonymous:session_id=7D2495B4351B0D3D30EF4584F1FA0567:ip_addr=111.11.111.111:auth:attempting trivial auth of user=existing_user 2014-01-14 05:12:18,051 WARN org.dspace.authenticate.LDAPAuthentication @ anonymous:session_id=7D2495B4351B0D3D30EF4584F1FA0567:ip_addr=111.11.111.111:ldap_authentication:type=failed_auth javax.naming.AuthenticationException\colon; [LDAP\colon; error code 49 - 80090308\colon; LdapErr\colon; DSID-0C090334, comment\colon; AcceptSecurityContext error, data 525, vece] 2014-01-14 05:12:18,051 INFO org.dspace.authenticate.LDAPAuthentication @ anonymous:session_id=7D2495B4351B0D3D30EF4584F1FA0567:ip_addr=111.11.111.111:failed_login:no DN found for user existing_user 2014-01-14 05:12:18,051 INFO org.dspace.app.webui.servlet.LDAPServlet @ anonymous:session_id=7D2495B4351B0D3D30EF4584F1FA0567:ip_addr=111.11.111.111:failed_login:netid=existing_user, result=2 Any advice would be very appreciated. -- Álvaro Sandoval Pizarro BCN, Biblioteca del Congreso Nacional de Chile Jefe de Servicios y Sistemas de Información en Red Fono (5632) 226 3981 http://www.bcn.cl/ ------------------------------------------------------------------------------ CenturyLink Cloud: The Leader in Enterprise Cloud Services. Learn Why More Businesses Are Choosing CenturyLink Cloud For Critical Workloads, Development Environments & Everything In Between. Get a Quote or Start a Free Trial Today. http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk _______________________________________________ DSpace-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
-- Álvaro Sandoval Pizarro BCN, Biblioteca del Congreso Nacional de Chile Jefe de Servicios y Sistemas de Información en Red Fono (5632) 226 3981 http://www.bcn.cl/
------------------------------------------------------------------------------ Managing the Performance of Cloud-Based Applications Take advantage of what the Cloud has to offer - Avoid Common Pitfalls. Read the Whitepaper. http://pubads.g.doubleclick.net/gampad/clk?id=121054471&iu=/4140/ostg.clktrk
_______________________________________________ DSpace-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
