LDAP Dspace 5.3
45 views
Skip to first unread message
Marcelo Silveira
Oct 10, 2017, 7:05:49 PM10/10/17
to DSpace Technical Support
This is my LDAP configuration file.
enable = true
autoregister = true
provider_url = ldap://satc.edu.br/
id_field = sAMAccountName
object_context = ou=Users,DC=satc,DC=edu,DC=br
search_context = OU=Users,DC=satc,DC=edu,DC=br
email_field = mail
surname_field = sn
givenname_field = givenName
phone_field = telephoneNumber
search_scope = 2
search.user = CN=Administrador,CN=Users,DC=satc,DC=edu,DC=br
search.password = Password
If I try to perform a search on the server where dspace is installed, using the command:
ldapsearch -h satc.edu.br -b "DC=satc,DC=edu,Dc=br" -D "CN=Administrador,CN=Users,DC=satc,DC=edu,DC=br" -w Password "(sAMAccountName=marcelo.silveira)"
It returns me the user data normally
But when I try to log in using LDAP, it informs that the user is invalid.
Any idea? I have already tried setting up using the \, without it, and all cause the same problem.
Anda
Nov 20, 2019, 2:50:20 AM11/20/19
to DSpace Technical Support
Dear Marcelo,
Did You resolve this problem?
We have the same issue. I don't know what to do.
Thanks You!We have the same issue. I don't know what to do.
Anda
Alan Orth
Nov 20, 2019, 4:24:54 AM11/20/19
to Anda, DSpace Technical Support
Hello,
I'm using Active Directory for DSpace authentication for years. A few comments and suggestions:
- comment out the object_context. I don't know what it does, but we have it commented out and ours works
- set the search context to the root of the directory, ie: DC=satc,DC=edu,Dc=br
You're using the subtree search scope (2) so it makes sense to start at the top of the tree and let it search down for the user.
Regards,
--
All messages to this mailing list should adhere to the DuraSpace Code of Conduct: https://duraspace.org/about/policies/code-of-conduct/
---
You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dspace-tech...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/dspace-tech/f9c1768e-2317-4c8d-96f4-c9e0d1ba2ad0%40googlegroups.com.
--
Alan Orth
alan...@gmail.com
https://picturingjordan.com
https://englishbulgaria.net
https://mjanja.ch
"In heaven all the interesting people are missing." ―Friedrich Nietzsche
alan...@gmail.com
https://picturingjordan.com
https://englishbulgaria.net
https://mjanja.ch
"In heaven all the interesting people are missing." ―Friedrich Nietzsche
Marcelo Silveira
Nov 20, 2019, 12:58:32 PM11/20/19
to DSpace Technical Support
My final file like this:
enable = false
id_field = mail
object_context = dc=satc\,dc=edu\,dc=br
search_context = dc=satc\,dc=edu\,dc=br
email_field = preferredMail
object_context = dc=satc\,dc=edu\,dc=br
search_context = dc=satc\,dc=edu\,dc=br
email_field = preferredMail
surname_field = sn
givenname_field = givenName
phone_field = telephoneNumber
##### LDAP users group #####
# If required, a group name can be given here, and all users who log in
# to LDAP will automatically become members of this group. This is useful
# if you want a group made up of all internal authenticated users.
login.specialgroup = submitters
search_scope = 2
search.user = CN=userwithpermission\,DC=satc\,DC=edu\,DC=br
search.password = password
# If required, a group name can be given here, and all users who log in
# to LDAP will automatically become members of this group. This is useful
# if you want a group made up of all internal authenticated users.
login.specialgroup = submitters
search_scope = 2
search.user = CN=userwithpermission\,DC=satc\,DC=edu\,DC=br
search.password = password
Reply all
Reply to author
Forward
0 new messages