DSpace and LDAP authentication

628 views
Skip to first unread message

Eugene Jose Espinoza

unread,
Jun 26, 2018, 9:52:48 AM6/26/18
to DSpace Technical Support
Hi all! I'm trying out LDAP with DSpace 6.2, I have the following configuration in authentication-ldap.cfg:
authentication-ldap.enable = true
authentication-ldap.autoregister = false
authentication-ldap.provider_url = ldap://urlofmyldapserver:389/
authentication-ldap.id_field = uid
authentication-ldap.object_context = ou=users\,dc=portal\,dc=ofmy\,dc=ldap\,dc=server
authentication-ldap.search_context = ou=users\,dc=portal\,dc=ofmy\,dc=ldap\,dc=server
authentication-ldap.email_field = mail
authentication-ldap.surname_field = sn
authentication-ldap.givenname_field = givenName
authentication-ldap.search_scope = 2
authentication-ldap.search.anonymous = true
authentication-ldap.search.user = cn=admin\,dc=portal\,dc=ofmy\,dc=ldap\,dc=server
authentication-ldap.search.password = password

When logging in Enter LDAP Netid and Password, entering in username box the uid and in password, the password, I'm getting Internal System Error, and in dspace.log the following:
2018-06-26 13:51:04,400 INFO  org.dspace.authenticate.LDAPAuthentication @ anonymous:session_id=E3F8788A081DE42AA52E799E25B23E1F:ip_addr=127.0.0.1:auth:attempting trivial auth of user=eaespinoza
2018-06-26 13:51:04,403 WARN  org.dspace.app.webui.servlet.DSpaceServlet @ anonymous:session_id=E3F8788A081DE42AA52E799E25B23E1F:ip_addr=127.0.0.1:general_jspui_error:java.lang.NullPointerException
java.lang.NullPointerException
        at org.dspace.authenticate.LDAPAuthentication$SpeakerToLDAP.getDNOfUser(LDAPAuthentication.java:437)
        at org.dspace.authenticate.LDAPAuthentication.authenticate(LDAPAuthentication.java:232)
        at org.dspace.authenticate.AuthenticationServiceImpl.authenticateInternal(AuthenticationServiceImpl.java:111)
        at org.dspace.authenticate.AuthenticationServiceImpl.authenticate(AuthenticationServiceImpl.java:81)
        at org.dspace.app.webui.servlet.LDAPServlet.doDSPost(LDAPServlet.java:78)
        at org.dspace.app.webui.servlet.DSpaceServlet.processRequest(DSpaceServlet.java:122)
        at org.dspace.app.webui.servlet.DSpaceServlet.doPost(DSpaceServlet.java:80)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:648)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:292)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
        at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
        at org.dspace.utils.servlet.DSpaceWebappServletFilter.doFilter(DSpaceWebappServletFilter.java:78)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:212)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106)
        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:141)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
        at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:616)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:528)
        at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1100)
        at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:687)
        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1520)
        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1476)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
        at java.lang.Thread.run(Thread.java:748)

What could be I'm missing? TIA!

helix84

unread,
Jun 26, 2018, 1:23:26 PM6/26/18
to Eugene Jose Espinoza, DSpace Technical Support
The error message could be better, but it seems your configuration for search_scope is not coming through. The code sees a null value instead of an integer:

https://github.com/DSpace/DSpace/blob/dspace-6.2/dspace-api/src/main/java/org/dspace/authenticate/LDAPAuthentication.java#L437

Is it possible that you're overlaying search_scope with an empty value in dspace.cfg or in local.cfg?

The configuration you pasted here seems otherwise fine.


Regards,
~~helix84

Compulsory reading: DSpace Mailing List Etiquette
https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette



--
You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dspace-tech+unsubscribe@googlegroups.com.
To post to this group, send email to dspac...@googlegroups.com.
Visit this group at https://groups.google.com/group/dspace-tech.
For more options, visit https://groups.google.com/d/optout.

Eugene Jose Espinoza

unread,
Jun 26, 2018, 10:16:16 PM6/26/18
to DSpace Technical Support
Hi! I don't see any search_scope settings/configuration in dspace.cfg. I didn't create a local.cfg. I have commented the search_scope in my authentication-ldap.cfg but still receiving the error message. What could be I'm missing? By the way, here's a copy of my authetication.cfg:

# IP-based authentication/authorization. See authentication-ip.cfg for default configuration.
#plugin.sequence.org.dspace.authenticate.AuthenticationMethod = org.dspace.authenticate.IPAuthentication

# LDAP authentication/authorization. See authentication-ldap.cfg for default configuration.
plugin.sequence.org.dspace.authenticate.AuthenticationMethod = org.dspace.authenticate.LDAPAuthentication

# Shibboleth authentication/authorization. See authentication-shibboleth.cfg for default configuration.
#plugin.sequence.org.dspace.authenticate.AuthenticationMethod = org.dspace.authenticate.ShibAuthentication

# X.509 certificate authentication. See authentication-x509.cfg for default configuration.
#plugin.sequence.org.dspace.authenticate.AuthenticationMethod = org.dspace.authenticate.X509Authentication

# Authentication by Password (encrypted in DSpace's database). See authentication-password.cfg for default configuration.
# Enabled by default (to disable, either comment out, or define a new list of AuthenticationMethod plugins in your local.cfg)
plugin.sequence.org.dspace.authenticate.AuthenticationMethod = org.dspace.authenticate.PasswordAuthentication
To unsubscribe from this group and stop receiving emails from it, send an email to dspace-tech...@googlegroups.com.

Eugene Jose Espinoza

unread,
Jun 26, 2018, 11:08:39 PM6/26/18
to DSpace Technical Support
Hi! So silly me, I restarted the tomcat and apache servers and voila! the user can now login through LDAP. Thanks, cheers and have a nice day!
Reply all
Reply to author
Forward
0 new messages