Hi Sean<div><br></div><div>Your setup looks good.</div><div>What do your DSpace logs say.</div><div><br></div><div>Cheers</div><div><br></div><div>hg<br><br><div class="gmail_quote">On 13 May 2010 11:53, Sean Carte <span dir="ltr"><<a href="mailto:sean.carte@gmail.com">sean.carte@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">I've got a simple ldap server configured primarily to allow<br>
authentication for EZProxy; now I'd like to be able to get DSpace to<br>
use it for authentication. But I can't get it to work.<br>
<br>
I followed the DSpace configuration steps outlined at<br>
<<a href="http://ir.sun.ac.za/wiki/index.php/User_Management" target="_blank">http://ir.sun.ac.za/wiki/index.php/User_Management</a>>, and have the<br>
following in my dspace.cfg:<br>
<br>
plugin.sequence.org.dspace.authenticate.AuthenticationMethod = \<br>
org.dspace.authenticate.LDAPAuthentication, \<br>
org.dspace.authenticate.PasswordAuthentication<br>
<br>
ldap.enable = true<br>
ldap.provider_url = ldap://localhost:389/<br>
ldap.id_field = uid<br>
ldap.object_context = ou=People,dc=esal,dc=ac,dc=za<br>
ldap.search_context = ou=People<br>
ldap.email_field = mail<br>
ldap.surname_field = sn<br>
ldap.givenname_field = givenName<br>
ldap.phone_field = telephoneNumber<br>
webui.ldap.autoregister = false<br>
<br>
DSpace and LDAP are running on the same server, and I can use<br>
ldapsearch to return information on a user:<br>
<br>
root@uzspace:~# ldapsearch -xLLL -b "dc=esal,dc=ac,dc=za" 'uid=UZP0899'<br>
dn: uid=UZP0899,ou=People,dc=esal,dc=ac,dc=za<br>
objectClass: inetOrgPerson<br>
cn: Carte,S R<br>
sn: Carte<br>
uid: UZP0899<br>
mail:<br>
<br>
But DSpace returns an invalid username/password message when I try to<br>
log in using its LDAP authentication. The following is what gets<br>
output when running slapd in debug:<br>
<br>
root@uzspace:~# slapd -d 2<br>
@(#) $OpenLDAP: slapd 2.4.9 (Mar 31 2009 07:12:16) $<br>
buildd@rothera:/build/buildd/openldap2.3-2.4.9/debian/build/servers/slapd<br>
/etc/ldap/slapd.conf: line 111: rootdn is always granted unlimited privileges.<br>
/etc/ldap/slapd.conf: line 129: rootdn is always granted unlimited privileges.<br>
slapd starting<br>
ldap_read: want=8, got=8<br>
0000: 30 39 02 01 01 60 34 02 09...`4.<br>
ldap_read: want=51, got=51<br>
0000: 01 03 04 29 75 69 64 3d 55 5a 50 30 38 39 39 2c ...)uid=UZP0899,<br>
0010: 6f 75 3d 50 65 6f 70 6c 65 2c 64 63 3d 65 73 61 ou=People,dc=esa<br>
0020: 6c 2c 64 63 3d 61 63 2c 64 63 3d 7a 61 80 04 37 l,dc=ac,dc=za..x<br>
0030: 33 32 36 xxx<br>
ldap_read: want=8 error=Resource temporarily unavailable<br>
0000: 30 0c 02 01 01 61 07 0a 01 00 04 00 04 00 0....a........<br>
ldap_write: want=14, written=14<br>
0000: 30 0c 02 01 01 61 07 0a 01 00 04 00 04 00 0....a........<br>
ldap_read: want=8, got=8<br>
0000: 30 76 02 01 02 63 54 04 0v...cT.<br>
ldap_read: want=112, got=112<br>
0000: 09 6f 75 3d 50 65 6f 70 6c 65 0a 01 01 0a 01 03 .ou=People......<br>
0010: 02 01 00 02 01 00 01 01 00 a0 10 a3 0e 04 03 75 ...............u<br>
0020: 69 64 04 07 55 5a 50 30 38 39 39 30 26 04 04 6d id..UZP08990&..m<br>
0030: 61 69 6c 04 09 67 69 76 65 6e 4e 61 6d 65 04 02 ail..givenName..<br>
0040: 73 6e 04 0f 74 65 6c 65 70 68 6f 6e 65 4e 75 6d sn..telephoneNum<br>
0050: 62 65 72 a0 1b 30 19 04 17 32 2e 31 36 2e 38 34 ber..0...2.16.84<br>
0060: 30 2e 31 2e 31 31 33 37 33 30 2e 33 2e 34 2e 32 0.1.113730.3.4.2<br>
ldap_read: want=8 error=Resource temporarily unavailable<br>
0000: 30 0c 02 01 02 65 07 0a 01 20 04 00 04 00 0....e... ....<br>
ldap_write: want=14, written=14<br>
0000: 30 0c 02 01 02 65 07 0a 01 20 04 00 04 00 0....e... ....<br>
ldap_read: want=8, got=8<br>
0000: 30 22 02 01 03 42 00 a0 0"...B..<br>
ldap_read: want=28, got=28<br>
0000: 1b 30 19 04 17 32 2e 31 36 2e 38 34 30 2e 31 2e .0...2.16.840.1.<br>
0010: 31 31 33 37 33 30 2e 33 2e 34 2e 32 113730.3.4.2<br>
ldap_read: want=8 error=Resource temporarily unavailable<br>
<br>
And here is the debug output when successfully authenticating using<br>
the OCLC EZProxy login:<br>
<br>
root@uzspace:~# slapd -d 2<br>
@(#) $OpenLDAP: slapd 2.4.9 (Mar 31 2009 07:12:16) $<br>
buildd@rothera:/build/buildd/openldap2.3-2.4.9/debian/build/servers/slapd<br>
/etc/ldap/slapd.conf: line 111: rootdn is always granted unlimited<br>
privileges.<br>
/etc/ldap/slapd.conf: line 129: rootdn is always granted unlimited<br>
privileges.<br>
slapd starting<br>
ldap_read: want=8, got=8<br>
0000: 30 0c 02 01 01 60 07 02 0....`..<br>
ldap_read: want=6, got=6<br>
0000: 01 03 04 00 80 00 ......<br>
ldap_read: want=8 error=Resource temporarily unavailable<br>
0000: 30 0c 02 01 01 61 07 0a 01 00 04 00 04 00<br>
0....a........<br>
ldap_write: want=14, written=14<br>
0000: 30 0c 02 01 01 61 07 0a 01 00 04 00 04 00<br>
0....a........<br>
ldap_read: want=8, got=8<br>
0000: 30 7a 02 01 02 63 75 04 0z...cu.<br>
ldap_read: want=116, got=116<br>
0000: 1d 6f 75 3d 50 65 6f 70 6c 65 2c 64 63 3d 65 73<br>
.ou=People,dc=es<br>
0010: 61 6c 2c 64 63 3d 61 63 2c 64 63 3d 7a 61 0a 01<br>
al,dc=ac,dc=za..<br>
0020: 02 0a 01 00 02 01 02 02 01 00 01 01 00 a0 27 a3<br>
..............'.<br>
0030: 15 04 0b 6f 62 6a 65 63 74 43 6c 61 73 73 04 06<br>
...objectClass..<br>
0040: 70 65 72 73 6f 6e a3 0e 04 03 75 69 64 04 07 55<br>
person....uid..U<br>
0050: 5a 50 30 38 39 39 30 1c 04 0b 6c 64 61 70 43 74<br>
ZP08990...ldapCt<br>
0060: 78 2d 3e 64 6e 04 0d 6c 6f 67 69 6e 44 69 73 61<br>
x->dn..loginDisa<br>
0070: 62 6c 65 64 bled<br>
ldap_read: want=8 error=Resource temporarily unavailable<br>
<= bdb_equality_candidates: (uid) not indexed<br>
0000: 30 32 02 01 02 64 2d 04 29 75 69 64 3d 55 5a 50<br>
02...d-.)uid=UZP<br>
0010: 30 38 39 39 2c 6f 75 3d 50 65 6f 70 6c 65 2c 64<br>
0899,ou=People,d<br>
0020: 63 3d 65 73 61 6c 2c 64 63 3d 61 63 2c 64 63 3d<br>
c=esal,dc=ac,dc=<br>
0030: 7a 61 30 00 za0.<br>
ldap_write: want=52, written=52<br>
0000: 30 32 02 01 02 64 2d 04 29 75 69 64 3d 55 5a 50<br>
02...d-.)uid=UZP<br>
0010: 30 38 39 39 2c 6f 75 3d 50 65 6f 70 6c 65 2c 64<br>
0899,ou=People,d<br>
0020: 63 3d 65 73 61 6c 2c 64 63 3d 61 63 2c 64 63 3d<br>
c=esal,dc=ac,dc=<br>
0030: 7a 61 30 00 za0.<br>
0000: 30 0c 02 01 02 65 07 0a 01 00 04 00 04 00<br>
0....e........<br>
ldap_write: want=14, written=14<br>
0000: 30 0c 02 01 02 65 07 0a 01 00 04 00 04 00<br>
0....e........<br>
ldap_read: want=8, got=8<br>
0000: 30 39 02 01 01 60 34 02 09...`4.<br>
ldap_read: want=51, got=51<br>
0000: 01 03 04 29 75 69 64 3d 55 5a 50 30 38 39 39 2c<br>
...)uid=UZP0899,<br>
0010: 6f 75 3d 50 65 6f 70 6c 65 2c 64 63 3d 65 73 61<br>
ou=People,dc=esa<br>
0020: 6c 2c 64 63 3d 61 63 2c 64 63 3d 7a 61 80 04 37<br>
l,dc=ac,dc=za..x<br>
0030: 33 32 36 xxx<br>
ldap_read: want=8 error=Resource temporarily unavailable<br>
0000: 30 0c 02 01 01 61 07 0a 01 00 04 00 04 00<br>
0....a........<br>
ldap_write: want=14, written=14<br>
0000: 30 0c 02 01 01 61 07 0a 01 00 04 00 04 00<br>
0....a........<br>
ldap_read: want=8, got=8<br>
0000: 30 81 8b 02 01 02 63 81 0.....c.<br>
ldap_read: want=134, got=134<br>
0000: 85 04 29 75 69 64 3d 55 5a 50 30 38 39 39 2c 6f<br>
..)uid=UZP0899,o<br>
0010: 75 3d 50 65 6f 70 6c 65 2c 64 63 3d 65 73 61 6c<br>
u=People,dc=esal<br>
0020: 2c 64 63 3d 61 63 2c 64 63 3d 7a 61 0a 01 00 0a<br>
,dc=ac,dc=za....<br>
0030: 01 00 02 01 00 02 01 00 01 01 00 87 0b 6f 62 6a<br>
.............obj<br>
0040: 65 63 74 63 6c 61 73 73 30 3c 04 16 70 61 73 73<br>
ectclass0<..pass<br>
0050: 77 6f 72 64 45 78 70 69 72 61 74 69 6f 6e 54 69<br>
wordExpirationTi<br>
0060: 6d 65 04 13 70 61 73 73 77 6f 72 64 41 6c 6c 6f<br>
me..passwordAllo<br>
0070: 77 43 68 61 6e 67 65 04 0d 6c 6f 67 69 6e 44 69<br>
wChange..loginDi<br>
0080: 73 61 62 6c 65 64 sabled<br>
ldap_read: want=8 error=Resource temporarily unavailable<br>
0000: 30 32 02 01 02 64 2d 04 29 75 69 64 3d 55 5a 50<br>
02...d-.)uid=UZP<br>
0010: 30 38 39 39 2c 6f 75 3d 50 65 6f 70 6c 65 2c 64<br>
0899,ou=People,d<br>
0020: 63 3d 65 73 61 6c 2c 64 63 3d 61 63 2c 64 63 3d<br>
c=esal,dc=ac,dc=<br>
0030: 7a 61 30 00 za0.<br>
ldap_write: want=52, written=52<br>
0000: 30 32 02 01 02 64 2d 04 29 75 69 64 3d 55 5a 50<br>
02...d-.)uid=UZP<br>
0010: 30 38 39 39 2c 6f 75 3d 50 65 6f 70 6c 65 2c 64<br>
0899,ou=People,d<br>
0020: 63 3d 65 73 61 6c 2c 64 63 3d 61 63 2c 64 63 3d<br>
c=esal,dc=ac,dc=<br>
0030: 7a 61 30 00 za0.<br>
0000: 30 0c 02 01 02 65 07 0a 01 00 04 00 04 00<br>
0....e........<br>
ldap_write: want=14, written=14<br>
0000: 30 0c 02 01 02 65 07 0a 01 00 04 00 04 00<br>
0....e........<br>
ldap_read: want=8, got=7<br>
0000: 30 05 02 01 03 42 00 0....B.<br>
ldap_read: want=8, got=0<br>
<br>
ldap_read: want=8, got=7<br>
0000: 30 05 02 01 03 42 00 0....B.<br>
ldap_read: want=8, got=0<br>
<br>
The EZProxy LDAP configuration seems to consist of the following:<br>
::LDAP<br>
URL ldap://localhost/ou=People,dc=esal,dc=ac,dc=za?uid?sub?(objectClass=person)<br>
IfUnauthenticated; Stop<br>
/LDAP<br>
<br>
I have tried an alternative ldap.search.context of<br>
'ou=People,dc=esal,dc=ac,dc=za' in dspace.cfg, but that didn't seem to<br>
make any difference.<br>
<br>
Any ideas as to where I've gone wrong?<br>
<br>
Sean<br>
--<br>
Sean Carte<br>
esAL Library Systems Manager<br>
+27 72 898 8775<br>
+27 31 373 2490<br>
fax: 0866741254<br>
<a href="http://esal.dut.ac.za/" target="_blank">http://esal.dut.ac.za/</a><br>
<br>
------------------------------------------------------------------------------<br>
<br>
_______________________________________________<br>
DSpace-tech mailing list<br>
<a href="mailto:DSpace-tech@lists.sourceforge.net">DSpace-tech@lists.sourceforge.net</a><br>
<a href="https://lists.sourceforge.net/lists/listinfo/dspace-tech" target="_blank">https://lists.sourceforge.net/lists/listinfo/dspace-tech</a><br>
</blockquote></div><br><br clear="all"><br>-- <br>Hilton Gibson<br>Systems Administrator<br>JSG Library Room 1025D<br>Stellenbosch University<br>Private Bag X5036<br>Stellenbosch<br>7599<br>South Africa<br><br>Cell: +27 846 464 758<br>
Email: <a href="http://hgibson__AT__sun.ac.za">hgibson__AT__sun.ac.za</a><br>
</div>