[Dspace-tech] HELP LDAPHierarchical Auth. problem
10 views
Skip to first unread message
Zaya Kh
Aug 25, 2015, 1:14:45 PM8/25/15
to dspace-tech
Hi, all
I congfiguring LDAPHierarchicalAuthentication, but I have an error.
My FIRST configuration into dspace.cfg:
#### Stackable Authentication Methods #####
# Stack of authentication methods
# (See org.dspace.authenticate.AuthenticationManager)
# Example:
# plugin.sequence.org.dspace.authenticate.AuthenticationMethod = \
# org.dspace.authenticate.ShibAuthentication, \
# org.dspace.authenticate.PasswordAuthentication
plugin.sequence.org.dspace.authenticate.AuthenticationMethod = \
org.dspace.authenticate.LDAPHierarchicalAuthentication
# (See org.dspace.authenticate.AuthenticationManager)
# Example:
# plugin.sequence.org.dspace.authenticate.AuthenticationMethod = \
# org.dspace.authenticate.ShibAuthentication, \
# org.dspace.authenticate.PasswordAuthentication
plugin.sequence.org.dspace.authenticate.AuthenticationMethod = \
org.dspace.authenticate.LDAPHierarchicalAuthentication
#### LDAP Authentication Configuration Settings ####
ldap.enable = true
ldap.provider_url = ldap://xx.xxx.xx:389/
ldap.id_field = cn
ldap.enable = true
ldap.provider_url = ldap://xx.xxx.xx:389/
ldap.id_field = cn
ldap.object_context = dc=xx,dc=xxx,dc=xx
ldap.search_context = dc=xx,dc=xxx,dc=xx
ldap.email_field = mail
ldap.surname_field = sn
ldap.givenname_field = givenName
ldap.search_context = dc=xx,dc=xxx,dc=xx
ldap.email_field = mail
ldap.surname_field = sn
ldap.givenname_field = givenName
ldap.phone_field = telephoneNumber
webui.ldap.autoregister = true
ldap.login.specialgroup = Authenticated
webui.ldap.autoregister = true
ldap.login.specialgroup = Authenticated
##### Hierarchical LDAP Settings #####
# If your users are spread out across a hierarchical tree on your
# LDAP server, you will need to use the following stackable authentication
# class:
plugin.sequence.org.dspace.authenticate.AuthenticationMethod = \
org.dspace.authenticate.LDAPHierarchicalAuthentication
ldap.search_scope = 2
ldap.search.user = cn=AAAAAAAAA,cn=Users,dc=xx,dc=xxx,dc=xx
ldap.search.password = YYYYYYY
ldap.netid_email_domain = @xx.xxx.xx
# LDAP server, you will need to use the following stackable authentication
# class:
plugin.sequence.org.dspace.authenticate.AuthenticationMethod = \
org.dspace.authenticate.LDAPHierarchicalAuthentication
ldap.search_scope = 2
ldap.search.user = cn=AAAAAAAAA,cn=Users,dc=xx,dc=xxx,dc=xx
ldap.search.password = YYYYYYY
ldap.netid_email_domain = @xx.xxx.xx
But my tomcat restart, in ldap-login page, before I was created my account cannot login this page,
I can show review this error page.
The e-mail address and password you supplied were not valid. Please try again, or have you forgotten your password?
Error in log file was:
2009-12-02 10:52:58,797 INFO org.dspace.authenticate.LDAPHierarchicalAuthentication @ anonymous:session_id=18209AB316BC4E29A5C87C4B807A47A5:ip_addr=10.0.5.196:auth:attempting trivial auth of user=sit...@xx.xxx.xx
2009-12-02 10:52:58,900 INFO org.dspace.authenticate.LDAPHierarchicalAuthentication @ anonymous:session_id=18209AB316BC4E29A5C87C4B807A47A5:ip_addr=10.0.5.196:failed_login:no DN found for user sit...@xx.xxx.xx
2009-12-02 10:52:58,901 INFO org.dspace.app.webui.servlet.LDAPServlet @ anonymous:session_id=18209AB316BC4E29A5C87C4B807A47A5:ip_addr=10.0.5.196:failed_login:netid=sit...@xx.xxx.xx, result=2
2009-12-02 10:52:58,900 INFO org.dspace.authenticate.LDAPHierarchicalAuthentication @ anonymous:session_id=18209AB316BC4E29A5C87C4B807A47A5:ip_addr=10.0.5.196:failed_login:no DN found for user sit...@xx.xxx.xx
2009-12-02 10:52:58,901 INFO org.dspace.app.webui.servlet.LDAPServlet @ anonymous:session_id=18209AB316BC4E29A5C87C4B807A47A5:ip_addr=10.0.5.196:failed_login:netid=sit...@xx.xxx.xx, result=2
Second one is into dspace.cfg:
I configure my dspace.cfg file, set this parameter, after url separate backslash /,
ldap.provider_url = ldap://xx.xxx.xx:389 /
But I cannot login, I show Internal Error Page
Error in Log file:
2009-12-02 10:42:24,154 WARN org.dspace.app.webui.servlet.InternalErrorServlet @ :session_id=18209AB316BC4E29A5C87C4B807A47A5:internal_error:-- URL Was: http://dspace.xxx/ldap-login
-- Method: POST
-- Parameters were:
-- login_password: *not logged*
-- login_submit: "Log In"
-- login_netid: "sit...@xx.xxx.xx"
-- Method: POST
-- Parameters were:
-- login_password: *not logged*
-- login_submit: "Log In"
-- login_netid: "sit...@xx.xxx.xx"
java.lang.NumberFormatException: For input string: "389 "
at java.lang.NumberFormatException.forInputString(NumberFormatException.java:48)
at java.lang.Integer.parseInt(Integer.java:456)
at java.lang.Integer.parseInt(Integer.java:497)
at com.sun.jndi.toolkit.url.Uri.parse(Uri.java:214)
at com.sun.jndi.toolkit.url.Uri.init(Uri.java:120)
at com.sun.jndi.ldap.LdapURL.<init>(LdapURL.java:67)
at com.sun.jndi.url.ldap.ldapURLContextFactory.getUsingURLIgnoreRootDN(ldapURLContextFactory.java:41)
at com.sun.jndi.url.ldap.ldapURLContext.getRootURLContext(ldapURLContext.java:44)
at com.sun.jndi.toolkit.url.GenericURLDirContext.search(GenericURLDirContext.java:367)
at com.sun.jndi.url.ldap.ldapURLContext.search(ldapURLContext.java:523)
at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267)
at org.dspace.authenticate.LDAPHierarchicalAuthentication$SpeakerToLDAP.getDNOfUser(LDAPHierarchicalAuthentication.java:429)
at org.dspace.authenticate.LDAPHierarchicalAuthentication.authenticate(LDAPHierarchicalAuthentication.java:214)
at org.dspace.authenticate.AuthenticationManager.authenticateInternal(AuthenticationManager.java:199)
at org.dspace.authenticate.AuthenticationManager.authenticate(AuthenticationManager.java:136)
at org.dspace.app.webui.servlet.LDAPServlet.doDSPost(LDAPServlet.java:110)
at org.dspace.app.webui.servlet.DSpaceServlet.processRequest(DSpaceServlet.java:147)
at org.dspace.app.webui.servlet.DSpaceServlet.doPost(DSpaceServlet.java:105)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Thread.java:619)
at java.lang.NumberFormatException.forInputString(NumberFormatException.java:48)
at java.lang.Integer.parseInt(Integer.java:456)
at java.lang.Integer.parseInt(Integer.java:497)
at com.sun.jndi.toolkit.url.Uri.parse(Uri.java:214)
at com.sun.jndi.toolkit.url.Uri.init(Uri.java:120)
at com.sun.jndi.ldap.LdapURL.<init>(LdapURL.java:67)
at com.sun.jndi.url.ldap.ldapURLContextFactory.getUsingURLIgnoreRootDN(ldapURLContextFactory.java:41)
at com.sun.jndi.url.ldap.ldapURLContext.getRootURLContext(ldapURLContext.java:44)
at com.sun.jndi.toolkit.url.GenericURLDirContext.search(GenericURLDirContext.java:367)
at com.sun.jndi.url.ldap.ldapURLContext.search(ldapURLContext.java:523)
at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267)
at org.dspace.authenticate.LDAPHierarchicalAuthentication$SpeakerToLDAP.getDNOfUser(LDAPHierarchicalAuthentication.java:429)
at org.dspace.authenticate.LDAPHierarchicalAuthentication.authenticate(LDAPHierarchicalAuthentication.java:214)
at org.dspace.authenticate.AuthenticationManager.authenticateInternal(AuthenticationManager.java:199)
at org.dspace.authenticate.AuthenticationManager.authenticate(AuthenticationManager.java:136)
at org.dspace.app.webui.servlet.LDAPServlet.doDSPost(LDAPServlet.java:110)
at org.dspace.app.webui.servlet.DSpaceServlet.processRequest(DSpaceServlet.java:147)
at org.dspace.app.webui.servlet.DSpaceServlet.doPost(DSpaceServlet.java:105)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Thread.java:619)
What Can I do?
Help!!!! please
Best Regards,Zoloo
Flavio Botelho
Aug 25, 2015, 1:14:52 PM8/25/15
to Zaya Kh, dspace-tech
You have Windows AD right?
You are trying the shortcut option of using who...@domain.com for the user, unfortunately this module doesn't have that option yet. (Actually it should be trivial to add, i guess it should to the plain LDAP module as that one has less options to configure).
The second try doesn't make any sense, never there should be a space there:Now, in the first try, the problem is this:
ldap.netid_email_domain = @xx.xxx.xx
Notice that the LDAP module actually sends this to try to authenticate:
netid=sit...@xx.xxx.xx,
It sends the user with a comma in the end (or else it would actually work!)
LDAPHierarchical is supposed to work with you setting up a lookup account, which will the bring the full user path within the LDAP.
something complicated like
attribute=username,dc=users1,....,dc=domain
and that will be used as the login to authenticate the user (not who...@domain.com).
kudos,
Flavio Botelho
You are trying the shortcut option of using who...@domain.com for the user, unfortunately this module doesn't have that option yet. (Actually it should be trivial to add, i guess it should to the plain LDAP module as that one has less options to configure).
The second try doesn't make any sense, never there should be a space there:Now, in the first try, the problem is this:
ldap.netid_email_domain = @xx.xxx.xx
Notice that the LDAP module actually sends this to try to authenticate:
netid=sit...@xx.xxx.xx,
It sends the user with a comma in the end (or else it would actually work!)
LDAPHierarchical is supposed to work with you setting up a lookup account, which will the bring the full user path within the LDAP.
something complicated like
attribute=username,dc=users1,....,dc=domain
and that will be used as the login to authenticate the user (not who...@domain.com).
kudos,
Flavio Botelho
------------------------------------------------------------------------------
Join us December 9, 2009 for the Red Hat Virtual Experience,
a free event focused on virtualization and cloud computing.
Attend in-depth sessions from your desk. Your couch. Anywhere.
http://p.sf.net/sfu/redhat-sfdev2dev
_______________________________________________
DSpace-tech mailing list
DSpac...@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
penni...@rhodes.edu
Aug 25, 2015, 1:14:54 PM8/25/15
to dspac...@lists.sourceforge.net
Zaya,
If you are using Windows AD with DSpace LDAP Hierarchical Auth, maybe this wiki article I wrote will help:
http://wiki.dspace.org/index.php/LDAP_Hierarchical_Authentication_with_Active_Directory
I had some trouble figuring it out as well, but when I got some help from this list, I consolidated my notes on this wiki page for others.
In short, I think you can set up an ldap.search_context to solve this problem in your dspace.cfg file, but you won't be able to use the us...@domain.com setting as the authenticator, or at least I wasn't able to get it to work.
--
Stacy Pennington
Rhodes College
penni...@rhodes.edu
------------------------------
Date: Wed, 2 Dec 2009 17:16:59 -0200
From: Flavio Botelho <fezse...@gmail.com>
Subject: Re: [Dspace-tech] HELP LDAPHierarchical Auth. problem
To: Zaya Kh <zaya...@gmail.com>
Cc: dspace-tech <dspac...@lists.sourceforge.net>
You have Windows AD right?
You are trying the shortcut option of using who...@domain.com for the user,
unfortunately this module doesn't have that option yet. (Actually it should
be trivial to add, i guess it should to the plain LDAP module as that one
has less options to configure).
The second try doesn't make any sense, never there should be a space there:
ldap.provider_url = ldap://xx.xxx.xx:389 /
Now, in the first try, the problem is this:
ldap.netid_email_domain = @xx.xxx.xx
Notice that the LDAP module actually sends this to try to authenticate:
netid=sit...@xx.xxx.xx,
It sends the user with a comma in the end (or else it would actually work!)
LDAPHierarchical is supposed to work with you setting up a lookup account,
which will the bring the full user path within the LDAP.
something complicated like
attribute=username,dc=users1,....,dc=domain
and that will be used as the login to authenticate the user (not
who...@domain.com).
kudos,
Flavio Botelho
On Wed, Dec 2, 2009 at 1:13 AM, Zaya Kh <zaya...@gmail.com> wrote:
> *Hi, all*
> **
> *I congfiguring LDAPHierarchicalAuthentication, but I have an error.*
>
If you are using Windows AD with DSpace LDAP Hierarchical Auth, maybe this wiki article I wrote will help:
http://wiki.dspace.org/index.php/LDAP_Hierarchical_Authentication_with_Active_Directory
I had some trouble figuring it out as well, but when I got some help from this list, I consolidated my notes on this wiki page for others.
In short, I think you can set up an ldap.search_context to solve this problem in your dspace.cfg file, but you won't be able to use the us...@domain.com setting as the authenticator, or at least I wasn't able to get it to work.
--
Stacy Pennington
Rhodes College
penni...@rhodes.edu
------------------------------
Date: Wed, 2 Dec 2009 17:16:59 -0200
From: Flavio Botelho <fezse...@gmail.com>
Subject: Re: [Dspace-tech] HELP LDAPHierarchical Auth. problem
To: Zaya Kh <zaya...@gmail.com>
Cc: dspace-tech <dspac...@lists.sourceforge.net>
You have Windows AD right?
You are trying the shortcut option of using who...@domain.com for the user,
unfortunately this module doesn't have that option yet. (Actually it should
be trivial to add, i guess it should to the plain LDAP module as that one
has less options to configure).
The second try doesn't make any sense, never there should be a space there:
ldap.provider_url = ldap://xx.xxx.xx:389 /
Now, in the first try, the problem is this:
ldap.netid_email_domain = @xx.xxx.xx
Notice that the LDAP module actually sends this to try to authenticate:
netid=sit...@xx.xxx.xx,
It sends the user with a comma in the end (or else it would actually work!)
LDAPHierarchical is supposed to work with you setting up a lookup account,
which will the bring the full user path within the LDAP.
something complicated like
attribute=username,dc=users1,....,dc=domain
and that will be used as the login to authenticate the user (not
who...@domain.com).
kudos,
Flavio Botelho
On Wed, Dec 2, 2009 at 1:13 AM, Zaya Kh <zaya...@gmail.com> wrote:
> **
> *I congfiguring LDAPHierarchicalAuthentication, but I have an error.*
>
Reply all
Reply to author
Forward
0 new messages