LDAP Authentication
32 views
Skip to first unread message
David Barrett
Sep 10, 2025, 1:16:01 PMSep 10
to Archivesspace_small_...@lyrasislists.org
Hi,
First time posting here and hoping someone has done this successfully before.
We are having some trouble getting our LDAP Authentication to filter including nested group members using the below configuration.
I've done this before on other systems with success, so not sure what I've got wrong in this instance.
LDAP bind is working and currently any user in 'OU=Users,DC=ad,DC=my,DC=org' is able to sign in and their ArchivesSpace user is created.
If I run an ldapsearch it will return the correct number of users in that group.
Now I am just trying to filter the allowed users by being a member of a group.
Thanks!
-- First time posting here and hoping someone has done this successfully before.
We are having some trouble getting our LDAP Authentication to filter including nested group members using the below configuration.
AppConfig[:authentication_sources] = [{
:model => 'LDAPAuth',
:hostname => 'ldap.my.org',
:port => 636,
:base_dn => 'OU=Users,DC=ad,DC=my,DC=org',
:username_attribute => 'sAMAccountName',
:attribute_map => { :cn => :name },
:bind_dn => 'CN=your_account,OU=Users,DC=ad,DC=my,DC=org',
:bind_password => 'my_password',
:encryption => :simple_tls,
:user_filter => '(&(objectCategory=person)(memberOf:1.2.840.113556.1.4.1941:=CN=Archives_Grp,OU=Groups,DC=ad,DC=my,DC=org))'
}]
LDAP bind is working and currently any user in 'OU=Users,DC=ad,DC=my,DC=org' is able to sign in and their ArchivesSpace user is created.
If I run an ldapsearch it will return the correct number of users in that group.
Now I am just trying to filter the allowed users by being a member of a group.
Thanks!
David Barrett SGT, USMC, (Ret)
Microsoft Systems Administrator,
Information Technology Services
EAVA Certified
(P): 910-362-7326
CFCC IT Helpdesk Information:
(O): 910-362-4357
E-mail: he...@cfcc.edu
More Info: https://cfcc.edu/helpdesk/
North Campus: NA-2nd Floor Lounge
Downtown: A Building Lobby
Downtown: A Building Lobby
E-mail correspondence to and from this address may be subject to the North Carolina Public Records Law and may be disclosed to third parties by an authorized state official. (NCGS.Ch.132)
Blake Carver
Sep 11, 2025, 10:48:20 AMSep 11
to Archivesspace_small_...@lyrasislists.org
I don't think the LDAP this used all that much, so I'm not even sure that filter can work. I would try running the logging on debug and see what it spits out. I think the LDAP stuff tends to be pretty chatty in the logs and you might be able to see something
useful.
From: 'David Barrett' via ArchivesSpace_Small_Archives_Users_Group <Archivesspace_small_...@lyrasislists.org>
Sent: Wednesday, September 10, 2025 1:15 PM
To: Archivesspace_small_...@lyrasislists.org <Archivesspace_small_...@lyrasislists.org>
Subject: [ArchivesSpace Small Archives] LDAP Authentication
Sent: Wednesday, September 10, 2025 1:15 PM
To: Archivesspace_small_...@lyrasislists.org <Archivesspace_small_...@lyrasislists.org>
Subject: [ArchivesSpace Small Archives] LDAP Authentication
--
You received this message because you are subscribed to the Google Groups "ArchivesSpace_Small_Archives_Users_Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to Archivesspace_small_archiv...@lyrasislists.org.
To view this discussion visit https://groups.google.com/a/lyrasislists.org/d/msgid/Archivesspace_small_archives_users_group/CAA8Z5k72GC3p3QphGQ7prgvj84P_sF_V9EykMpOzv2dijGexLQ%40mail.gmail.com.
You received this message because you are subscribed to the Google Groups "ArchivesSpace_Small_Archives_Users_Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to Archivesspace_small_archiv...@lyrasislists.org.
To view this discussion visit https://groups.google.com/a/lyrasislists.org/d/msgid/Archivesspace_small_archives_users_group/CAA8Z5k72GC3p3QphGQ7prgvj84P_sF_V9EykMpOzv2dijGexLQ%40mail.gmail.com.
Reply all
Reply to author
Forward
0 new messages