I don’t know enough to know if these are relevant, but differences between your config and ours are:
· Our authentication-ldap.object_context and authentication-ldap.search_context don’t have the slashes, just commas, eg OU=TEST,DC=prod,DC=local · Our authentication-ldap.search.user is in the form cn=xxxxxx,cn=users,dc=prod,dc=local I haven’t used the groupmap functionality, but I’d check: · Possibly the attribute is case sensitive, in which case try memberOf · And (at least in our Active Directory) the memberOf attributes contain a full path rather than just a group name, eg cn=AllStudents,ou=Student,dc=prod,dc=local – so I’d try putting all of that (exactly as it’s in your AD) to the left of the : Deborah From: dspace-tech@googlegroups.com <dspace-tech@googlegroups.com> On Behalf Of Diego Spano Sent: Wednesday, 16 May 2018 8:39 AM To: DSpace Technical Support <dspace-tech@googlegroups.com> Subject: [dspace-tech] Re: ldap.login.groupmap.attribute Any help?!?!? El miércoles, 9 de mayo de 2018, 12:51:56 (UTC-3), Diego Spano escribió: Hi. I have my Dspace instance connected with my LDAP server (Active directory). I need to assign a dspace group based on LDAP group where the user belongs. I think this is possible with the feature "ldap.login.groupmap.attribute". In other words, I want that users taht belong to LDAP group named "students" be part of DSpace group named "GroupA". I created "GroupA" in DSpace, the user can login with no problem but the groups is not assigned!. This is my authentication-ldap.cfg configuration: #---------------------------------------------------------------# #------------LDAP AUTHENTICATION CONFIGURATIONS-----------------# #---------------------------------------------------------------# authentication-ldap.enable = true authentication-ldap.autoregister = true authentication-ldap.provider_url = ldap://prod.local:389/ authentication-ldap.id_field = sAMAccountName authentication-ldap.object_context = OU=TEST\,DC=prod\,DC=local authentication-ldap.search_context = OU=TEST\,DC=prod\,DC=local authentication-ldap.email_field = mail ##### LDAP users group ##### #authentication-ldap.login.specialgroup = GrupoLDAP authentication-ldap.search_scope = 2 authentication-ldap.search.anonymous = false authentication-ldap.search.user = yyyyy@prod.local<mailto:yyyyy@prod.local> authentication-ldap.search.password = xxxxxxx authentication-ldap.netid_email_domain = @prod.org<http://prod.org> # If this property is uncommented, it changes the meaning of the left part of # the groupmap value (before the ":") as follows. # The value of login.groupmap.attribute specifies the name of an LDAP attribute. # If user has this attribute, look up the value of this attribute in the left # part of the groupmap value (before the ":"). If it's found, assign user to # the DSpace group specified by the right part of the groupmap value (after # the ":"). authentication-ldap.login.groupmap.attribute = memberof authentication-ldap.login.groupmap.1 = students:GroupA I also tried with "authentication-ldap.login.groupmap.attribute = group" but the problem still remains. Any help!? Thanks in advance. Diego -- You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group. To unsubscribe from this group and stop receiving emails from it, send an email to dspace-tech+unsubscr...@googlegroups.com<mailto:dspace-tech+unsubscr...@googlegroups.com>. To post to this group, send email to dspace-tech@googlegroups.com<mailto:dspace-tech@googlegroups.com>. Visit this group at https://groups.google.com/group/dspace-tech. For more options, visit https://groups.google.com/d/optout. ________________________________ P Please consider the environment before you print this email. "The contents of this e-mail (including any attachments) may be confidential and/or subject to copyright. Any unauthorised use, distribution, or copying of the contents is expressly prohibited. If you have received this e-mail in error, please advise the sender by return e-mail or telephone and then delete this e-mail together with all attachments from your system." -- You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group. To unsubscribe from this group and stop receiving emails from it, send an email to dspace-tech+unsubscr...@googlegroups.com. To post to this group, send email to dspace-tech@googlegroups.com. Visit this group at https://groups.google.com/group/dspace-tech. For more options, visit https://groups.google.com/d/optout.
