Hi Michael, Thanks for your response. Unfortunately, I do not control the ldap server here, so I cannot use the bind-search-bind mode (I do not have bind user and bind password). I was just trying the direct bind.
Thanks, Yatish -----Original Message----- From: Michael Della Bitta [mailto:michaeldellabi...@nypl.org] Sent: Monday, October 03, 2011 11:08 AM To: Support and info exchange list for Fedora users. Subject: Re: [fcrepo-user] Fedora-commons-users Digest, Vol 55, Issue 19 Hi Yatish, It seems like you're trying to get bind to work instead of bind-search-bind, but I thought I'd forward our config file anyway, since it does work against AD. I was unable to get a simple bind to work. In this example, I sanitized some information by replacing it with all-caps descriptions of the parameters. fedora-auth { org.fcrepo.server.security.jaas.auth.module.LdapModule sufficient host.url="ldap://LDAPSERVER"; auth.type="simple" bind.mode="bind-search-bind" bind.user="CN=FEDORA-LDAP-ACCOUNT,OU=FEDORA-LDAP-GROUP,DC=NYPL,DC=ORG" bind.pass="PASSWORD" search.base="ou=NYPL-EMPLOYEES,dc=NYPL,dc=ORG" search.filter="sAMAccountName={0}" attrs.fetch="cn,sn,memberOf,sAMAccountName" debug=true; org.fcrepo.server.security.jaas.auth.module.XmlUsersFileModule sufficient }; Michael Della Bitta Senior Applications Developer Information Technology Group The New York Public Library 188 Madison Avenue, 4th Floor New York, NY 10016 (212) 592-7178 On Sun, Oct 2, 2011 at 6:46 PM, Yatish Hegde <yhe...@syr.edu> wrote: > Hi Ben, > > Thanks for your email. I could not get the authentication against active > directory to work. But the following jaas configuration for ldap server > worked fine. > > fedora-auth > { > org.fcrepo.server.security.jaas.auth.module.LdapModule required > host.url="ldap://cleverdon.syr.edu"; > auth.type="simple" > bind.mode="bind" > bind.filter="uid={0},OU=People,DC=cnlp,DC=org" > debug=true; > }; > > Although I could not get my jaas config work for active directory > authentication, I found something wrong in my previous jaas config. For > direct bind, the ldap module does not use search base configuration. Search > base configuration can be used only for bind-search-compare and > bind-search-bind modes. And in both bind-search-compare and bind-search-bind > modes, the ldap module performs direct bind first. So, I tried the following > configuration for active directory. > > fedora-auth > { > org.fcrepo.server.security.jaas.auth.module.LdapModule required > host.url="ldap://ad.syr.edu"; > auth.type="simple" > bind.mode="bind" > bind.filter="{0},DC=ad,DC=syr,DC=edu"; > }; > > This failed too. So, I am still not sure how could I get authentication > against active directory work. > > > Thanks, > Yatish > ________________________________________ > From: Benjamin Ryan [b.r...@leeds.ac.uk] > Sent: Friday, September 30, 2011 3:32 PM > To: fedora-commons-users@lists.sourceforge.net > Subject: Re: [fcrepo-user] Fedora-commons-users Digest, Vol 55, Issue 19 > > Yatish, > I use the following: > > fedora-auth > { > org.fcrepo.server.security.jaas.auth.module.LdapModule sufficient > host.url="ldap://127.0.0.1:666"; > auth.type="simple" > bind.mode="bind" > bind.filter="cn={0},ou=users,dc=example,dc=com" > debug=true > attrs.fetch="cn,sn,role,fedoraRole,memberOf"; > org.fcrepo.server.security.jaas.auth.module.XmlUsersFileModule sufficient; > }; > > I had problems using a search base even though this worked fine directly. > > Regards, > Ben > --------------------------------------------------------------------- > Dr Ben Ryan > Timescapes Archive Technical Officer > School of Sociology and Social Policy > Faculty of Education, Social Sciences and Law > Social Science Building > The University of Leeds > Leeds LS2 9JT > Email: b.r...@leeds.ac.uk > Tel: 0113 343 7319 > Website: http://www.timescapes.leeds.ac.uk > --------------------------------------------------------------------- > ________________________________________ > From: fedora-commons-users-requ...@lists.sourceforge.net > [fedora-commons-users-requ...@lists.sourceforge.net] > Sent: 30 September 2011 18:41 > To: fedora-commons-users@lists.sourceforge.net > Subject: Fedora-commons-users Digest, Vol 55, Issue 19 > > Send Fedora-commons-users mailing list submissions to > fedora-commons-users@lists.sourceforge.net > > To subscribe or unsubscribe via the World Wide Web, visit > https://lists.sourceforge.net/lists/listinfo/fedora-commons-users > or, via email, send a message with subject or body 'help' to > fedora-commons-users-requ...@lists.sourceforge.net > > You can reach the person managing the list at > fedora-commons-users-ow...@lists.sourceforge.net > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Fedora-commons-users digest..." > > > Today's Topics: > > 1. Fedora 3.5 ldap jaas configuration (Yatish Hegde) > 2. DC-MD-VA Fedora Users Meeting Oct 14, 2011 (Staples, Thornton) > 3. Spaces still available at HydraCamp 2011 (Oct 17, 2011 - Oct > 21, 2011) (Matt Zumwalt) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Thu, 29 Sep 2011 23:03:41 +0000 > From: Yatish Hegde <yhe...@syr.edu> > Subject: [fcrepo-user] Fedora 3.5 ldap jaas configuration > To: "fedora-commons-users@lists.sourceforge.net" > <fedora-commons-users@lists.sourceforge.net> > Message-ID: > > <c64008a120722941a7c94d5e6032fac812b72...@sn2prd0102mb117.prod.exchangelabs.com> > > Content-Type: text/plain; charset="windows-1252" > > Hi, > > I am trying to configure the jaas.conf file so that fedora can authenticate > users against our organization active directory. I am running fedora 3.5. My > jaas.conf file looks like: > > fedora-auth > { > org.fcrepo.server.security.jaas.auth.module.LdapModule required > host.url="ldap://ad.syr.edu"; > auth.type="simple" > bind.mode="bind" > search.base="DC=ad,DC=syr,DC=edu" > bind.filter="{0}"; > }; > > Authentication fails and I see the following error message in fedora log file. > > ERROR 2011-09-29 16:54:12.335 [1620450815@qtp-458505352-6] (LdapModule) > m...@syr.edu: [LDAP: error code 34 - 0000208F: NameErr: DSID-031001F7, > problem 2006 (BAD_NAME), data 8350, best match of: 'm...@syr.edu' ] > ERROR 2011-09-29 16:54:12.335 [1620450815@qtp-458505352-6] (AuthFilterJAAS) > Login Failure: all modules ignored > > ldap search with above credentials worked perfectly fine when tried with > ldapsearch command line utility. So I really don?t understand how to resolve > this authentication error. It would be really great if someone could guide me > resolve this error. > > Thanks, > Yatish > -------------- next part -------------- > An HTML attachment was scrubbed... > > ------------------------------ > > Message: 2 > Date: Fri, 30 Sep 2011 09:02:40 -0400 > From: "Staples, Thornton" <stapl...@si.edu> > Subject: [fcrepo-user] DC-MD-VA Fedora Users Meeting Oct 14, 2011 > To: Code for Libraries <code4...@listserv.nd.edu>, > "dc-fedora-us...@googlegroups.com" <dc-fedora-us...@googlegroups.com>, > "mlegg...@discoverygarden.ca" <mlegg...@discoverygarden.ca>, Valorie > Hollister <vhollis...@duraspace.org>, > "fedora-commons-users@lists.sourceforge.net" > <fedora-commons-users@lists.sourceforge.net>, "Stern, Beth" > <ste...@si.edu> > Message-ID: <caab3098.2014%stapl...@si.edu> > Content-Type: text/plain; charset="us-ascii" > > Sorry for the cross posting but I wanted to make sure that this event, and > the existence of a Fedora users group for the DC, Maryland and Virginia > region, was know to a wider audience. Hereafter, I will post info about > the meeting to the google group mailing list. Anyone can join at > http://groups.google.com/group/dc-fedora-users/. > > We will have the next Fedora users meeting for the DC region on October > 14th from 9:00 am to 4:00 pm at: > > Room 207 > Gelman Library > George Washington University > 2130 H St. NW > Washington, DC 20052 > > Note that our hosts at GW would like for you to let them know if you are > planning to attend by sending email to Karim Boughida at > kbough...@gamil.com. > > > The program is shaping up nicely, but I encourage everyone who is using > Fedora to interesting things to present either a 15-20 minute session or a > 5 minute lightning update about what you are doing or thinking about > doing. This group is all about having all of us know who is doing what and > looking for ways to make collaboration and sharing happen. > > Folks from both the Islandora and Hydra projects will present on the > history and current state of those projects. They are both applications > that are built on top of Fedora and provide ways to easily develop > use-case specific systems. Both are open-source and have vendors who do > development with them. Val Hollister will also give an update from > DuraSpace. > > These institutions will be doing 15-20 minute presentations: > > Goddard Spaceflight Center > National Technical Information Service > Smithsonian Institution > University of Virginia > US Geological Survey > > So far we have one lightning update from the National Agricultural Library. > > I will send out a more formal program with presentation titles next week > so please let me know if you would like to present. > > > -- > Thornton Staples > > Director of Research and Scientific Data Management > Office of the CIO, Smithsonian Institution > 202-679-7682 > > > > > On 9/23/11 4:12 PM, "karim boughida" <kbough...@gmail.com> wrote: > >>Hi All, >> >>Thornton Staples, Director of Research and Scientific Data Management, >>Office of the CIO, >>Smithsonian Institution, has announced that the GWU (George Washington >>University) will >>host the next Fedora Users Meeting for the metro Washington DC region. >> >>The event is open to anyone who can make it. Registration is required >> >>Please rsvp kbough...@gmail.com >> >>Detailed program will be announced by Thornton Staples in the upcoming >>days. >> >>Venue: >> >>George Washington University >>Gelman Library >>2130 H St. NW >>Washington, DC 20052 >> >>Date: Oct 14 2011 >>9-4pm >>Room 207 >> >>Metro: Foggy Bottom stop >> >>-- >>Karim Boughida >>kbough...@gmail.com >>kbough...@library.gwu.edu > > > > > ------------------------------ > > Message: 3 > Date: Fri, 30 Sep 2011 12:11:01 -0500 > From: Matt Zumwalt <collabor...@yourmediashelf.com> > Subject: [fcrepo-user] Spaces still available at HydraCamp 2011 (Oct > 17, 2011 - Oct 21, 2011) > To: fedora-commons-users <fedora-commons-users@lists.sourceforge.net> > Message-ID: <d6d14db4-afe0-4bd3-a8e6-ba96fac34...@yourmediashelf.com> > Content-Type: text/plain; charset="us-ascii" > > > Hello Fedora Users! > There are still spaces available at > > HydraCamp 2011 > > EVENT TO BE HELD AT THE FOLLOWING TIME, DATE, AND LOCATION: > > > Oct 17, 2011 at 9:00 PM to > Oct 21, 2011 at 4:00 PM (CT) > > CoCo Minneapolis > 400 S. 4th St > 4th Floor > Minneapolis, MN 55415 > > View Map > > Learn Rails3 and Data Curation at HydraCamp 2011 Learn habits of effective > Rails developers, then use the Hydra framework to build interfaces for > curating and searching through complex, interconnected content. All sessions > will be held in at the... > Read More > > Share this event on Facebook and Twitter > > We hope you can make it! > > Cheers, > MediaShelf > > > > > This email was sent by Eventbrite. Anyone can use Eventbrite to spread the > word, collect money, and track RSVPs for an event. you can too > Click here to unsubscribe from events by "MediaShelf." > > -------------- next part -------------- > An HTML attachment was scrubbed... > > ------------------------------ > > ------------------------------------------------------------------------------ > All of the data generated in your IT infrastructure is seriously valuable. > Why? It contains a definitive record of application performance, security > threats, fraudulent activity, and more. Splunk takes this data and makes > sense of it. IT sense. And common sense. > http://p.sf.net/sfu/splunk-d2dcopy2 > > ------------------------------ > > _______________________________________________ > Fedora-commons-users mailing list > Fedora-commons-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/fedora-commons-users > > > End of Fedora-commons-users Digest, Vol 55, Issue 19 > **************************************************** > ------------------------------------------------------------------------------ > All of the data generated in your IT infrastructure is seriously valuable. > Why? It contains a definitive record of application performance, security > threats, fraudulent activity, and more. Splunk takes this data and makes > sense of it. IT sense. And common sense. > http://p.sf.net/sfu/splunk-d2dcopy2 > _______________________________________________ > Fedora-commons-users mailing list > Fedora-commons-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/fedora-commons-users > > > > ------------------------------------------------------------------------------ > All of the data generated in your IT infrastructure is seriously valuable. > Why? It contains a definitive record of application performance, security > threats, fraudulent activity, and more. Splunk takes this data and makes > sense of it. IT sense. And common sense. > http://p.sf.net/sfu/splunk-d2dcopy2 > _______________________________________________ > Fedora-commons-users mailing list > Fedora-commons-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/fedora-commons-users > ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2dcopy1 _______________________________________________ Fedora-commons-users mailing list Fedora-commons-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fedora-commons-users ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2dcopy1 _______________________________________________ Fedora-commons-users mailing list Fedora-commons-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fedora-commons-users
