Hi Ben,
Thanks for your email. I could not get the authentication against active
directory to work. But the following jaas configuration for ldap server worked
fine.
fedora-auth
{
org.fcrepo.server.security.jaas.auth.module.LdapModule required
host.url="ldap://cleverdon.syr.edu";
auth.type="simple"
bind.mode="bind"
bind.filter="uid={0},OU=People,DC=cnlp,DC=org"
debug=true;
};
Although I could not get my jaas config work for active directory
authentication, I found something wrong in my previous jaas config. For direct
bind, the ldap module does not use search base configuration. Search base
configuration can be used only for bind-search-compare and bind-search-bind
modes. And in both bind-search-compare and bind-search-bind modes, the ldap
module performs direct bind first. So, I tried the following configuration for
active directory.
fedora-auth
{
org.fcrepo.server.security.jaas.auth.module.LdapModule required
host.url="ldap://ad.syr.edu";
auth.type="simple"
bind.mode="bind"
bind.filter="{0},DC=ad,DC=syr,DC=edu";
};
This failed too. So, I am still not sure how could I get authentication against
active directory work.
Thanks,
Yatish
________________________________________
From: Benjamin Ryan [b.r...@leeds.ac.uk]
Sent: Friday, September 30, 2011 3:32 PM
To: fedora-commons-users@lists.sourceforge.net
Subject: Re: [fcrepo-user] Fedora-commons-users Digest, Vol 55, Issue 19
Yatish,
I use the following:
fedora-auth
{
org.fcrepo.server.security.jaas.auth.module.LdapModule sufficient
host.url="ldap://127.0.0.1:666";
auth.type="simple"
bind.mode="bind"
bind.filter="cn={0},ou=users,dc=example,dc=com"
debug=true
attrs.fetch="cn,sn,role,fedoraRole,memberOf";
org.fcrepo.server.security.jaas.auth.module.XmlUsersFileModule sufficient;
};
I had problems using a search base even though this worked fine directly.
Regards,
Ben
---------------------------------------------------------------------
Dr Ben Ryan
Timescapes Archive Technical Officer
School of Sociology and Social Policy
Faculty of Education, Social Sciences and Law
Social Science Building
The University of Leeds
Leeds LS2 9JT
Email: b.r...@leeds.ac.uk
Tel: 0113 343 7319
Website: http://www.timescapes.leeds.ac.uk
---------------------------------------------------------------------
________________________________________
From: fedora-commons-users-requ...@lists.sourceforge.net
[fedora-commons-users-requ...@lists.sourceforge.net]
Sent: 30 September 2011 18:41
To: fedora-commons-users@lists.sourceforge.net
Subject: Fedora-commons-users Digest, Vol 55, Issue 19
Send Fedora-commons-users mailing list submissions to
fedora-commons-users@lists.sourceforge.net
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.sourceforge.net/lists/listinfo/fedora-commons-users
or, via email, send a message with subject or body 'help' to
fedora-commons-users-requ...@lists.sourceforge.net
You can reach the person managing the list at
fedora-commons-users-ow...@lists.sourceforge.net
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Fedora-commons-users digest..."
Today's Topics:
1. Fedora 3.5 ldap jaas configuration (Yatish Hegde)
2. DC-MD-VA Fedora Users Meeting Oct 14, 2011 (Staples, Thornton)
3. Spaces still available at HydraCamp 2011 (Oct 17, 2011 - Oct
21, 2011) (Matt Zumwalt)
----------------------------------------------------------------------
Message: 1
Date: Thu, 29 Sep 2011 23:03:41 +0000
From: Yatish Hegde <yhe...@syr.edu>
Subject: [fcrepo-user] Fedora 3.5 ldap jaas configuration
To: "fedora-commons-users@lists.sourceforge.net"
<fedora-commons-users@lists.sourceforge.net>
Message-ID:
<c64008a120722941a7c94d5e6032fac812b72...@sn2prd0102mb117.prod.exchangelabs.com>
Content-Type: text/plain; charset="windows-1252"
Hi,
I am trying to configure the jaas.conf file so that fedora can authenticate
users against our organization active directory. I am running fedora 3.5. My
jaas.conf file looks like:
fedora-auth
{
org.fcrepo.server.security.jaas.auth.module.LdapModule required
host.url="ldap://ad.syr.edu";
auth.type="simple"
bind.mode="bind"
search.base="DC=ad,DC=syr,DC=edu"
bind.filter="{0}";
};
Authentication fails and I see the following error message in fedora log file.
ERROR 2011-09-29 16:54:12.335 [1620450815@qtp-458505352-6] (LdapModule)
m...@syr.edu: [LDAP: error code 34 - 0000208F: NameErr: DSID-031001F7, problem
2006 (BAD_NAME), data 8350, best match of: 'm...@syr.edu' ]
ERROR 2011-09-29 16:54:12.335 [1620450815@qtp-458505352-6] (AuthFilterJAAS)
Login Failure: all modules ignored
ldap search with above credentials worked perfectly fine when tried with
ldapsearch command line utility. So I really don?t understand how to resolve
this authentication error. It would be really great if someone could guide me
resolve this error.
Thanks,
Yatish
-------------- next part --------------
An HTML attachment was scrubbed...
------------------------------
Message: 2
Date: Fri, 30 Sep 2011 09:02:40 -0400
From: "Staples, Thornton" <stapl...@si.edu>
Subject: [fcrepo-user] DC-MD-VA Fedora Users Meeting Oct 14, 2011
To: Code for Libraries <code4...@listserv.nd.edu>,
"dc-fedora-us...@googlegroups.com" <dc-fedora-us...@googlegroups.com>,
"mlegg...@discoverygarden.ca" <mlegg...@discoverygarden.ca>, Valorie
Hollister <vhollis...@duraspace.org>,
"fedora-commons-users@lists.sourceforge.net"
<fedora-commons-users@lists.sourceforge.net>, "Stern, Beth"
<ste...@si.edu>
Message-ID: <caab3098.2014%stapl...@si.edu>
Content-Type: text/plain; charset="us-ascii"
Sorry for the cross posting but I wanted to make sure that this event, and
the existence of a Fedora users group for the DC, Maryland and Virginia
region, was know to a wider audience. Hereafter, I will post info about
the meeting to the google group mailing list. Anyone can join at
http://groups.google.com/group/dc-fedora-users/.
We will have the next Fedora users meeting for the DC region on October
14th from 9:00 am to 4:00 pm at:
Room 207
Gelman Library
George Washington University
2130 H St. NW
Washington, DC 20052
Note that our hosts at GW would like for you to let them know if you are
planning to attend by sending email to Karim Boughida at
kbough...@gamil.com.
The program is shaping up nicely, but I encourage everyone who is using
Fedora to interesting things to present either a 15-20 minute session or a
5 minute lightning update about what you are doing or thinking about
doing. This group is all about having all of us know who is doing what and
looking for ways to make collaboration and sharing happen.
Folks from both the Islandora and Hydra projects will present on the
history and current state of those projects. They are both applications
that are built on top of Fedora and provide ways to easily develop
use-case specific systems. Both are open-source and have vendors who do
development with them. Val Hollister will also give an update from
DuraSpace.
These institutions will be doing 15-20 minute presentations:
Goddard Spaceflight Center
National Technical Information Service
Smithsonian Institution
University of Virginia
US Geological Survey
So far we have one lightning update from the National Agricultural Library.
I will send out a more formal program with presentation titles next week
so please let me know if you would like to present.
--
Thornton Staples
Director of Research and Scientific Data Management
Office of the CIO, Smithsonian Institution
202-679-7682
On 9/23/11 4:12 PM, "karim boughida" <kbough...@gmail.com> wrote:
>Hi All,
>
>Thornton Staples, Director of Research and Scientific Data Management,
>Office of the CIO,
>Smithsonian Institution, has announced that the GWU (George Washington
>University) will
>host the next Fedora Users Meeting for the metro Washington DC region.
>
>The event is open to anyone who can make it. Registration is required
>
>Please rsvp kbough...@gmail.com
>
>Detailed program will be announced by Thornton Staples in the upcoming
>days.
>
>Venue:
>
>George Washington University
>Gelman Library
>2130 H St. NW
>Washington, DC 20052
>
>Date: Oct 14 2011
>9-4pm
>Room 207
>
>Metro: Foggy Bottom stop
>
>--
>Karim Boughida
>kbough...@gmail.com
>kbough...@library.gwu.edu
------------------------------
Message: 3
Date: Fri, 30 Sep 2011 12:11:01 -0500
From: Matt Zumwalt <collabor...@yourmediashelf.com>
Subject: [fcrepo-user] Spaces still available at HydraCamp 2011 (Oct
17, 2011 - Oct 21, 2011)
To: fedora-commons-users <fedora-commons-users@lists.sourceforge.net>
Message-ID: <d6d14db4-afe0-4bd3-a8e6-ba96fac34...@yourmediashelf.com>
Content-Type: text/plain; charset="us-ascii"
Hello Fedora Users!
There are still spaces available at
HydraCamp 2011
EVENT TO BE HELD AT THE FOLLOWING TIME, DATE, AND LOCATION:
Oct 17, 2011 at 9:00 PM to
Oct 21, 2011 at 4:00 PM (CT)
CoCo Minneapolis
400 S. 4th St
4th Floor
Minneapolis, MN 55415
View Map
Learn Rails3 and Data Curation at HydraCamp 2011 Learn habits of effective
Rails developers, then use the Hydra framework to build interfaces for curating
and searching through complex, interconnected content. All sessions will be
held in at the...
Read More
Share this event on Facebook and Twitter
We hope you can make it!
Cheers,
MediaShelf
This email was sent by Eventbrite. Anyone can use Eventbrite to spread the
word, collect money, and track RSVPs for an event. you can too
Click here to unsubscribe from events by "MediaShelf."
-------------- next part --------------
An HTML attachment was scrubbed...
------------------------------
------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security
threats, fraudulent activity, and more. Splunk takes this data and makes
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2dcopy2
------------------------------
_______________________________________________
Fedora-commons-users mailing list
Fedora-commons-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fedora-commons-users
End of Fedora-commons-users Digest, Vol 55, Issue 19
****************************************************
------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security
threats, fraudulent activity, and more. Splunk takes this data and makes
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2dcopy2
_______________________________________________
Fedora-commons-users mailing list
Fedora-commons-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fedora-commons-users
------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security
threats, fraudulent activity, and more. Splunk takes this data and makes
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2dcopy2
_______________________________________________
Fedora-commons-users mailing list
Fedora-commons-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fedora-commons-users
