[Duraspace] LDAP Authentication
Klapwijk, WOUTER <wklap@sun.ac.za>
Wklap at sun.ac.za
Tue May 11 17:31:00 SAST 2010
Hi Sean,
So you have Ezproxy installed on the same server as DSpace and LDPA? If not, then URL ldap://localhost/ou=People... will not work.
As for DSpace I suspect your slapd server might not want to receive your credentials (i.e. password) in clear text. If so, try the secure LDAP port instead.
ldaps://localhost:636 in place of
ldap://localhost:389.
Regards,
Wouter
________________________________________________________
Wouter Klapwijk
Senior software specialist
Library and Information Service, Stellenbosch University
Tel: +27 21 808-4378, Fax: +27 21 808-3723, Mobile: 083 3888 270
http://library.sun.ac.za
-----Original Message-----
From: duraspace-bounces at lists.lib.sun.ac.za [mailto:duraspace-bounces at lists.lib.sun.ac.za] On Behalf Of Sean Carte
Sent: 11 May 2010 10:12
To: duraspace
Subject: [Duraspace] LDAP Authentication
I've got a simple ldap server configured primarily to allow
authentication for EZProxy; now I'd like to be able to get DSpace to
use it for authentication. But I can't get it to work.
I followed the DSpace configuration steps outlined at
<http://ir.sun.ac.za/wiki/index.php/User_Management>, and have the
following in my dspace.cfg:
plugin.sequence.org.dspace.authenticate.AuthenticationMethod = \
org.dspace.authenticate.LDAPAuthentication, \
org.dspace.authenticate.PasswordAuthentication
ldap.enable = true
ldap.provider_url = ldap://localhost:389/
ldap.id_field = uid
ldap.object_context = ou=People,dc=esal,dc=ac,dc=za
ldap.search_context = ou=People
ldap.email_field = mail
ldap.surname_field = sn
ldap.givenname_field = givenName
ldap.phone_field = telephoneNumber
webui.ldap.autoregister = false
DSpace and LDPA are running on the same server, and I can use
ldapsearch to return information on a user:
root at uzspace:~# ldapsearch -xLLL -b "dc=esal,dc=ac,dc=za" 'uid=UZP0899'
dn: uid=UZP0899,ou=People,dc=esal,dc=ac,dc=za
objectClass: inetOrgPerson
cn: Carte,S R
sn: Carte
uid: UZP0899
mail:
But DSpace returns an invalid username/password message when I try to
log in using its LDAP authentication. The following is what gets
output when running slapd in debug:
root at uzspace:~# slapd -d 2
@(#) $OpenLDAP: slapd 2.4.9 (Mar 31 2009 07:12:16) $
buildd at rothera:/build/buildd/openldap2.3-2.4.9/debian/build/servers/slapd
/etc/ldap/slapd.conf: line 111: rootdn is always granted unlimited privileges.
/etc/ldap/slapd.conf: line 129: rootdn is always granted unlimited privileges.
slapd starting
ldap_read: want=8, got=8
0000: 30 39 02 01 01 60 34 02 09...`4.
ldap_read: want=51, got=51
0000: 01 03 04 29 75 69 64 3d 55 5a 50 30 38 39 39 2c ...)uid=UZP0899,
0010: 6f 75 3d 50 65 6f 70 6c 65 2c 64 63 3d 65 73 61 ou=People,dc=esa
0020: 6c 2c 64 63 3d 61 63 2c 64 63 3d 7a 61 80 04 37 l,dc=ac,dc=za..x
0030: 33 32 36 xxx
ldap_read: want=8 error=Resource temporarily unavailable
0000: 30 0c 02 01 01 61 07 0a 01 00 04 00 04 00 0....a........
ldap_write: want=14, written=14
0000: 30 0c 02 01 01 61 07 0a 01 00 04 00 04 00 0....a........
ldap_read: want=8, got=8
0000: 30 76 02 01 02 63 54 04 0v...cT.
ldap_read: want=112, got=112
0000: 09 6f 75 3d 50 65 6f 70 6c 65 0a 01 01 0a 01 03 .ou=People......
0010: 02 01 00 02 01 00 01 01 00 a0 10 a3 0e 04 03 75 ...............u
0020: 69 64 04 07 55 5a 50 30 38 39 39 30 26 04 04 6d id..UZP08990&..m
0030: 61 69 6c 04 09 67 69 76 65 6e 4e 61 6d 65 04 02 ail..givenName..
0040: 73 6e 04 0f 74 65 6c 65 70 68 6f 6e 65 4e 75 6d sn..telephoneNum
0050: 62 65 72 a0 1b 30 19 04 17 32 2e 31 36 2e 38 34 ber..0...2.16.84
0060: 30 2e 31 2e 31 31 33 37 33 30 2e 33 2e 34 2e 32 0.1.113730.3.4.2
ldap_read: want=8 error=Resource temporarily unavailable
0000: 30 0c 02 01 02 65 07 0a 01 20 04 00 04 00 0....e... ....
ldap_write: want=14, written=14
0000: 30 0c 02 01 02 65 07 0a 01 20 04 00 04 00 0....e... ....
ldap_read: want=8, got=8
0000: 30 22 02 01 03 42 00 a0 0"...B..
ldap_read: want=28, got=28
0000: 1b 30 19 04 17 32 2e 31 36 2e 38 34 30 2e 31 2e .0...2.16.840.1.
0010: 31 31 33 37 33 30 2e 33 2e 34 2e 32 113730.3.4.2
ldap_read: want=8 error=Resource temporarily unavailable
And here is the debug output when authenticating using the OCLC EZProxy login:
root at uzspace:~# slapd -d 2
@(#) $OpenLDAP: slapd 2.4.9 (Mar 31 2009 07:12:16) $
buildd at rothera:/build/buildd/openldap2.3-2.4.9/debian/build/servers/slapd
/etc/ldap/slapd.conf: line 111: rootdn is always granted unlimited
privileges.
/etc/ldap/slapd.conf: line 129: rootdn is always granted unlimited
privileges.
slapd starting
ldap_read: want=8, got=8
0000: 30 0c 02 01 01 60 07 02 0....`..
ldap_read: want=6, got=6
0000: 01 03 04 00 80 00 ......
ldap_read: want=8 error=Resource temporarily unavailable
0000: 30 0c 02 01 01 61 07 0a 01 00 04 00 04 00
0....a........
ldap_write: want=14, written=14
0000: 30 0c 02 01 01 61 07 0a 01 00 04 00 04 00
0....a........
ldap_read: want=8, got=8
0000: 30 7a 02 01 02 63 75 04 0z...cu.
ldap_read: want=116, got=116
0000: 1d 6f 75 3d 50 65 6f 70 6c 65 2c 64 63 3d 65 73
.ou=People,dc=es
0010: 61 6c 2c 64 63 3d 61 63 2c 64 63 3d 7a 61 0a 01
al,dc=ac,dc=za..
0020: 02 0a 01 00 02 01 02 02 01 00 01 01 00 a0 27 a3
..............'.
0030: 15 04 0b 6f 62 6a 65 63 74 43 6c 61 73 73 04 06
...objectClass..
0040: 70 65 72 73 6f 6e a3 0e 04 03 75 69 64 04 07 55
person....uid..U
0050: 5a 50 30 38 39 39 30 1c 04 0b 6c 64 61 70 43 74
ZP08990...ldapCt
0060: 78 2d 3e 64 6e 04 0d 6c 6f 67 69 6e 44 69 73 61
x->dn..loginDisa
0070: 62 6c 65 64 bled
ldap_read: want=8 error=Resource temporarily unavailable
<= bdb_equality_candidates: (uid) not indexed
0000: 30 32 02 01 02 64 2d 04 29 75 69 64 3d 55 5a 50
02...d-.)uid=UZP
0010: 30 38 39 39 2c 6f 75 3d 50 65 6f 70 6c 65 2c 64
0899,ou=People,d
0020: 63 3d 65 73 61 6c 2c 64 63 3d 61 63 2c 64 63 3d
c=esal,dc=ac,dc=
0030: 7a 61 30 00 za0.
ldap_write: want=52, written=52
0000: 30 32 02 01 02 64 2d 04 29 75 69 64 3d 55 5a 50
02...d-.)uid=UZP
0010: 30 38 39 39 2c 6f 75 3d 50 65 6f 70 6c 65 2c 64
0899,ou=People,d
0020: 63 3d 65 73 61 6c 2c 64 63 3d 61 63 2c 64 63 3d
c=esal,dc=ac,dc=
0030: 7a 61 30 00 za0.
0000: 30 0c 02 01 02 65 07 0a 01 00 04 00 04 00
0....e........
ldap_write: want=14, written=14
0000: 30 0c 02 01 02 65 07 0a 01 00 04 00 04 00
0....e........
ldap_read: want=8, got=8
0000: 30 39 02 01 01 60 34 02 09...`4.
ldap_read: want=51, got=51
0000: 01 03 04 29 75 69 64 3d 55 5a 50 30 38 39 39 2c
...)uid=UZP0899,
0010: 6f 75 3d 50 65 6f 70 6c 65 2c 64 63 3d 65 73 61
ou=People,dc=esa
0020: 6c 2c 64 63 3d 61 63 2c 64 63 3d 7a 61 80 04 37
l,dc=ac,dc=za..x
0030: 33 32 36 xxx
ldap_read: want=8 error=Resource temporarily unavailable
0000: 30 0c 02 01 01 61 07 0a 01 00 04 00 04 00
0....a........
ldap_write: want=14, written=14
0000: 30 0c 02 01 01 61 07 0a 01 00 04 00 04 00
0....a........
ldap_read: want=8, got=8
0000: 30 81 8b 02 01 02 63 81 0.....c.
ldap_read: want=134, got=134
0000: 85 04 29 75 69 64 3d 55 5a 50 30 38 39 39 2c 6f
..)uid=UZP0899,o
0010: 75 3d 50 65 6f 70 6c 65 2c 64 63 3d 65 73 61 6c
u=People,dc=esal
0020: 2c 64 63 3d 61 63 2c 64 63 3d 7a 61 0a 01 00 0a
,dc=ac,dc=za....
0030: 01 00 02 01 00 02 01 00 01 01 00 87 0b 6f 62 6a
.............obj
0040: 65 63 74 63 6c 61 73 73 30 3c 04 16 70 61 73 73
ectclass0<..pass
0050: 77 6f 72 64 45 78 70 69 72 61 74 69 6f 6e 54 69
wordExpirationTi
0060: 6d 65 04 13 70 61 73 73 77 6f 72 64 41 6c 6c 6f
me..passwordAllo
0070: 77 43 68 61 6e 67 65 04 0d 6c 6f 67 69 6e 44 69
wChange..loginDi
0080: 73 61 62 6c 65 64 sabled
ldap_read: want=8 error=Resource temporarily unavailable
0000: 30 32 02 01 02 64 2d 04 29 75 69 64 3d 55 5a 50
02...d-.)uid=UZP
0010: 30 38 39 39 2c 6f 75 3d 50 65 6f 70 6c 65 2c 64
0899,ou=People,d
0020: 63 3d 65 73 61 6c 2c 64 63 3d 61 63 2c 64 63 3d
c=esal,dc=ac,dc=
0030: 7a 61 30 00 za0.
ldap_write: want=52, written=52
0000: 30 32 02 01 02 64 2d 04 29 75 69 64 3d 55 5a 50
02...d-.)uid=UZP
0010: 30 38 39 39 2c 6f 75 3d 50 65 6f 70 6c 65 2c 64
0899,ou=People,d
0020: 63 3d 65 73 61 6c 2c 64 63 3d 61 63 2c 64 63 3d
c=esal,dc=ac,dc=
0030: 7a 61 30 00 za0.
0000: 30 0c 02 01 02 65 07 0a 01 00 04 00 04 00
0....e........
ldap_write: want=14, written=14
0000: 30 0c 02 01 02 65 07 0a 01 00 04 00 04 00
0....e........
ldap_read: want=8, got=7
0000: 30 05 02 01 03 42 00 0....B.
ldap_read: want=8, got=0
ldap_read: want=8, got=7
0000: 30 05 02 01 03 42 00 0....B.
ldap_read: want=8, got=0
The EZProxy LDAP configuration seems to consist of the following:
::LDAP
URL ldap://localhost/ou=People,dc=esal,dc=ac,dc=za?uid?sub?(objectClass=person)
IfUnauthenticated; Stop
/LDAP
I have tried an alternative ldap.search.context of
'ou=People,dc=esal,dc=ac,dc=za' in dspace.cfg, but that didn't seem to
make any difference.
Any ideas as to where I've gone wrong?
Sean
--
Sean Carte
esAL Library Systems Manager
+27 72 898 8775
+27 31 373 2490
fax: 0866741254
http://esal.dut.ac.za/
_______________________________________________
Duraspace mailing list
Duraspace at lists.lib.sun.ac.za
http://lists.lib.sun.ac.za/mailman/listinfo/duraspace
More information about the Duraspace
mailing list