Re: [Dspace-tech] LDAP-Authorisation fails
Thanks for the hints. Stuart Lewis schrieb: > Hi Robert, > >> Thanks for the reply and the link to the LDAP-browser. >> The problem is that our LDAP-Server needs an admin-login to retrieve the >> uid... With the public access one can get other data about users - but >> not the uid... >> Is it possible to modify DSpace to login to a LDAP-server? > > How good is your Java? I would say: poor Java (reading is OK) but good general programming. > The class to look at would be org.dspace.authentication.LDAPAuthentication > (assuming you're using version 1.5). Yes, it is 1.5. > You might find some useful LDAP code snippets in the patch at: > > http://sourceforge.net/tracker/index.php?func=detail=1597831_id=19 > 984&atid=319984 I will have a look at it and tell the list about my solutions and problems. Greetings Robert - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech
Re: [Dspace-tech] LDAP-Authorisation fails
Hi Robert, > Thanks for the reply and the link to the LDAP-browser. > The problem is that our LDAP-Server needs an admin-login to retrieve the > uid... With the public access one can get other data about users - but > not the uid... > Is it possible to modify DSpace to login to a LDAP-server? How good is your Java? The class to look at would be org.dspace.authentication.LDAPAuthentication (assuming you're using version 1.5). You might find some useful LDAP code snippets in the patch at: http://sourceforge.net/tracker/index.php?func=detail=1597831_id=19 984&atid=319984 Cheers, Stuart _ Gwasanaethau Gwybodaeth Information Services Prifysgol Aberystwyth Aberystwyth University E-bost / E-mail: [EMAIL PROTECTED] Ffon / Tel: (01970) 622860 _ - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech
Re: [Dspace-tech] LDAP-Authorisation fails
Thanks for the reply and the link to the LDAP-browser. The problem is that our LDAP-Server needs an admin-login to retrieve the uid... With the public access one can get other data about users - but not the uid... Is it possible to modify DSpace to login to a LDAP-server? Best regards Robert Stuart Lewis schrieb: > Hi Robert, > >> Here are my LDAP-settings in dspace.cfg: >> >> ldap.enable = true >> ldap.provider_url = ldap://our.ldap.uni-osnabrueck.de >> ldap.id_field = uid >> ldap.object_context = cn=people,dc=Uni-Osnabrueck,dc=de >> ldap.search_context = ou=people >> ldap.email_field = mail >> ldap.surname_field = sn >> ldap.givenname_field = givenName >> ldap.phone_field = telephoneNumber >> webui.ldap.autoregister = true >> plugin.sequence.org.dspace.authenticate.AuthenticationMethod = \ >> org.dspace.authenticate.LDAPAuthentication, \ >> org.dspace.authenticate.PasswordAuthentication > > Try setting ldap.search.context to be the same value as ldap.object.context. > >> I see two possibilities where things can go wrong, but I have no idea >> how to make them right: >> >> 1. The DSpace documentation notes about 'ldap.object_context' that it is >> "appended to the ldap.id_field and username". This looks to my that >> DSpace builds the DN using id_field and object_context. Our LDAP >> administrator says that in this caste the id_field would be 'cn' and the >> users must login using their "Common Name" and not their uid. But even >> when I try the 'cn'-value as login name, I get the same error (with the >> 'cn'-value as 'netid'). > > If that is the case, use cn rather than uid. > >> 2. As far as I know it is necessary to query the LDAP-server an >> access-login and -password is needed. But I could not find any place to >> set these in DSpace. > > What happens is that the user who is logging in to DSpace provides their > username and password. DSpace uses these to login (bind) to the LDAP > service, and to extract their details to create the account. So you do not > need to provide a separate username and password. > > (Some LDAP setups do require this if users are scattered across different > branches of a tree. A username and password is required to find where the > user is, and then the user's username and password are used to login as per > normal). > > Try using an LDAP browser (e.g. > http://www-unix.mcs.anl.gov/~gawor/ldap/download.html). Test your settings > in this, and once they work, enter them into the DSpace configuration. The > LDAP browser is a lot easier to use and diagnose connection problems with, > than directly in DSpace. > > Good luck, > > > Stuart > _ > > Gwasanaethau Gwybodaeth Information Services > Prifysgol Aberystwyth Aberystwyth University > > E-bost / E-mail: [EMAIL PROTECTED] > Ffon / Tel: (01970) 622860 > _ > - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech
Re: [Dspace-tech] LDAP-Authorisation fails
Hi Robert, > Here are my LDAP-settings in dspace.cfg: > > ldap.enable = true > ldap.provider_url = ldap://our.ldap.uni-osnabrueck.de > ldap.id_field = uid > ldap.object_context = cn=people,dc=Uni-Osnabrueck,dc=de > ldap.search_context = ou=people > ldap.email_field = mail > ldap.surname_field = sn > ldap.givenname_field = givenName > ldap.phone_field = telephoneNumber > webui.ldap.autoregister = true > plugin.sequence.org.dspace.authenticate.AuthenticationMethod = \ > org.dspace.authenticate.LDAPAuthentication, \ > org.dspace.authenticate.PasswordAuthentication Try setting ldap.search.context to be the same value as ldap.object.context. > I see two possibilities where things can go wrong, but I have no idea > how to make them right: > > 1. The DSpace documentation notes about 'ldap.object_context' that it is > "appended to the ldap.id_field and username". This looks to my that > DSpace builds the DN using id_field and object_context. Our LDAP > administrator says that in this caste the id_field would be 'cn' and the > users must login using their "Common Name" and not their uid. But even > when I try the 'cn'-value as login name, I get the same error (with the > 'cn'-value as 'netid'). If that is the case, use cn rather than uid. > 2. As far as I know it is necessary to query the LDAP-server an > access-login and -password is needed. But I could not find any place to > set these in DSpace. What happens is that the user who is logging in to DSpace provides their username and password. DSpace uses these to login (bind) to the LDAP service, and to extract their details to create the account. So you do not need to provide a separate username and password. (Some LDAP setups do require this if users are scattered across different branches of a tree. A username and password is required to find where the user is, and then the user's username and password are used to login as per normal). Try using an LDAP browser (e.g. http://www-unix.mcs.anl.gov/~gawor/ldap/download.html). Test your settings in this, and once they work, enter them into the DSpace configuration. The LDAP browser is a lot easier to use and diagnose connection problems with, than directly in DSpace. Good luck, Stuart _ Gwasanaethau Gwybodaeth Information Services Prifysgol Aberystwyth Aberystwyth University E-bost / E-mail: [EMAIL PROTECTED] Ffon / Tel: (01970) 622860 _ - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech
[Dspace-tech] LDAP-Authorisation fails
Hi, I'd like to enable LDAP authorisation in addition to the "traditional" email registration for DSpace 1.5. But when I try to login I get the following messages in dspace.log: 2008-05-22 09:20:14,951 WARN org.dspace.app.webui.servlet.LDAPServlet @ anonymous:session_id=DF5155BCA2D28A286BDEC1D5A1D379DA:ip_addr=131.173.148.100:ldap_authentication:type=failed_auth javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials] 2008-05-22 09:20:15,015 INFO org.dspace.app.webui.servlet.LDAPServlet @ anonymous:session_id=DF5155BCA2D28A286BDEC1D5A1D379DA:ip_addr=131.173.148.100:failed_login:netid=myaccount The LDAP-error 49 means either "The client passed either an incorrect DN or password" or "The password is incorrect because it has expired, intruder detection has locked the account, or some other similar reason". It can only be the second reason, because working with other applications the used LDAP-account is valid. Here are my LDAP-settings in dspace.cfg: ldap.enable = true ldap.provider_url = ldap://our.ldap.uni-osnabrueck.de ldap.id_field = uid ldap.object_context = cn=people,dc=Uni-Osnabrueck,dc=de ldap.search_context = ou=people ldap.email_field = mail ldap.surname_field = sn ldap.givenname_field = givenName ldap.phone_field = telephoneNumber webui.ldap.autoregister = true plugin.sequence.org.dspace.authenticate.AuthenticationMethod = \ org.dspace.authenticate.LDAPAuthentication, \ org.dspace.authenticate.PasswordAuthentication I see two possibilities where things can go wrong, but I have no idea how to make them right: 1. The DSpace documentation notes about 'ldap.object_context' that it is "appended to the ldap.id_field and username". This looks to my that DSpace builds the DN using id_field and object_context. Our LDAP administrator says that in this caste the id_field would be 'cn' and the users must login using their "Common Name" and not their uid. But even when I try the 'cn'-value as login name, I get the same error (with the 'cn'-value as 'netid'). 2. As far as I know it is necessary to query the LDAP-server an access-login and -password is needed. But I could not find any place to set these in DSpace. What could I do? Best regards Robert -- === Robert Roggenbuck Universitaetsbibliothek Osnabrueck Germany === - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech