DSpace LDAP

[Anda]

Hello,

How do I configure LDAP authorization correctly?

We see the following window, but cannot login with LDAP. What is wrong?

[Anda]

Sorry, We use DSpace CRIS

[Alan Orth]

Dear Anda,

Which kind of LDAP are you using? Is it Active Directory? Make sure your connection strings in config/modules/authentication-ldap.cfg are correct. If it is Active Directory you will probably need at least the following:

ldap.provider_url = ldaps://ad.yourorganization.edu:636/

id_field = sAMAccountName

search_context = dc=yourorganization,dc=edu

search_scope = 2

search.user = ldap...@yourorganization.edu

search.password = yourpassword

If you have a Linux workstation you can try to verify your settings by performing a search with the ldapsearch utility from the ldap-utils package:

$ ldapsearch -x -H ldaps://ad.yourorganization.edu:636/ -b "dc=yourorganization,dc=edu" -D "ldap...@yourorganization.edu" -W "(sAMAccountName=ldap-user)"

Hope that helps,

--
All messages to this mailing list should adhere to the DuraSpace Code of Conduct: https://duraspace.org/about/policies/code-of-conduct/
---
You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dspace-tech...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/dspace-tech/9e148187-08d3-407a-a4f6-18ee7e2b0843%40googlegroups.com.

--

Alan Orth
alan...@gmail.com
https://picturingjordan.com
https://englishbulgaria.net
https://mjanja.ch
"In heaven all the interesting people are missing." ―Friedrich Nietzsche

[Anda]

Dear Alan,

Thanks for the good ideas!

Yes, we use Active Directory.

I think the configuration is right.

Maybe the problem is in LDAP

I try this:

$ ldapsearch -x -H ldaps://ad.yourorganization.edu:636/ -b "dc=yourorganization,dc=edu" -D "ldap...@yourorganization.edu" -W "(sAMAccountName=ldap-user)"

And this is error:

Enter LDAP Password:
ldap_bind: Invalid credentials (49)
        additional info: 80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580

Thank You!
Anda

otrdiena, 2019. gada 12. novembris 14:21:34 UTC+2, Alan Orth rakstīja:

Dear Anda,

Which kind of LDAP are you using? Is it Active Directory? Make sure your connection strings in config/modules/authentication-ldap.cfg are correct. If it is Active Directory you will probably need at least the following:

ldap.provider_url = ldaps://ad.yourorganization.edu:636/

id_field = sAMAccountName

search_context = dc=yourorganization,dc=edu

search_scope = 2

search.user = ldap...@yourorganization.edu

search.password = yourpassword

If you have a Linux workstation you can try to verify your settings by performing a search with the ldapsearch utility from the ldap-utils package:

$ ldapsearch -x -H ldaps://ad.yourorganization.edu:636/ -b "dc=yourorganization,dc=edu" -D "ldap...@yourorganization.edu" -W "(sAMAccountName=ldap-user)"

Hope that helps,

On Mon, Nov 11, 2019 at 4:34 PM Anda <anda...@gmail.com> wrote:

Sorry, We use DSpace CRIS

pirmdiena, 2019. gada 11. novembris 16:33:52 UTC+2, Anda rakstīja:

Hello,

How do I configure LDAP authorization correctly?

We see the following window, but cannot login with LDAP. What is wrong?

--
All messages to this mailing list should adhere to the DuraSpace Code of Conduct: https://duraspace.org/about/policies/code-of-conduct/
---
You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group.

To unsubscribe from this group and stop receiving emails from it, send an email to dspac...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/dspace-tech/9e148187-08d3-407a-a4f6-18ee7e2b0843%40googlegroups.com.

[Anda]

Try again this:

$ ldapsearch -x -H ldaps://ad.yourorganization.edu:636/ -b "dc=yourorganization,dc=edu" -D "ldap...@yourorganization.edu" -W "(sAMAccountName=ldap-user)"

And now I get:

ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)