ldap.login.groupmap.attribute

[Diego Spano]

Hi. I have my Dspace instance connected with my LDAP server (Active directory). I need to assign a dspace group based on LDAP group where the user belongs. I think this is possible with the feature "ldap.login.groupmap.attribute". In other words, I want that users taht belong to LDAP group named "students" be part of DSpace group named "GroupA". I created "GroupA" in DSpace, the user can login with no problem but the groups is not assigned!.

This is my authentication-ldap.cfg  configuration:

#---------------------------------------------------------------#

#------------LDAP AUTHENTICATION CONFIGURATIONS-----------------#

#---------------------------------------------------------------#

authentication-ldap.enable = true

authentication-ldap.autoregister = true

authentication-ldap.provider_url = ldap://prod.local:389/

authentication-ldap.id_field = sAMAccountName

authentication-ldap.object_context = OU=TEST\,DC=prod\,DC=local

authentication-ldap.search_context = OU=TEST\,DC=prod\,DC=local

authentication-ldap.email_field = mail

##### LDAP users group #####

#authentication-ldap.login.specialgroup = GrupoLDAP

authentication-ldap.search_scope = 2

authentication-ldap.search.anonymous = false

authentication-ldap.search.user = yy...@prod.local

authentication-ldap.search.password = xxxxxxx

authentication-ldap.netid_email_domain = @prod.org

# If this property is uncommented, it changes the meaning of the left part of

# the groupmap value (before the ":") as follows.

# The value of login.groupmap.attribute specifies the name of an LDAP attribute.

# If user has this attribute, look up the value of this attribute in the left

# part of the groupmap value (before the ":"). If it's found, assign user to

# the DSpace group specified by the right part of the groupmap value (after

# the ":").

authentication-ldap.login.groupmap.attribute = memberof

authentication-ldap.login.groupmap.1 = students:GroupA

I also tried with "authentication-ldap.login.groupmap.attribute = group" but the problem still remains. Any help!?

Thanks in advance.

Diego

[Diego Spano]

Any help?!?!?

[Fitchett, Deborah]

I don’t know enough to know if these are relevant, but differences between your config and ours are:

·         Our authentication-ldap.object_context and authentication-ldap.search_context don’t have the slashes, just commas, eg OU=TEST,DC=prod,DC=local

·         Our authentication-ldap.search.user is in the form cn=xxxxxx,cn=users,dc=prod,dc=local

 

I haven’t used the groupmap functionality, but I’d check:

·         Possibly the attribute is case sensitive, in which case try memberOf

·         And (at least in our Active Directory) the memberOf attributes contain a full path rather than just a group name, eg cn=AllStudents,ou=Student,dc=prod,dc=local – so I’d try putting all of that (exactly as it’s in your AD) to the left of the :

 

Deborah

--
You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dspace-tech...@googlegroups.com.
To post to this group, send email to dspac...@googlegroups.com.
Visit this group at https://groups.google.com/group/dspace-tech.
For more options, visit https://groups.google.com/d/optout.

---

P Please consider the environment before you print this email.
"The contents of this e-mail (including any attachments) may be confidential and/or subject to copyright. Any unauthorised use, distribution, or copying of the contents is expressly prohibited. If you have received this e-mail in error, please advise the sender by return e-mail or telephone and then delete this e-mail together with all attachments from your system."

[Diego Spano]

Thanks for your reply Deborah. I can´t make it work. I tried all possible configurations and nothing changed. Goupmap facility seems to be not easy to use!.

El miércoles, 9 de mayo de 2018, 12:51:56 (UTC-3), Diego Spano escribió: