Test LDAP service upgraded – now with branches
A few weeks ago I made a test LDAP service available (read the blog post) in order to allow people without an LDAP service to test their LDAP-related DSpace patches, or to help people configuring their DSpace LDAP settings by showing them an example with the correct configuration settings.
I’ve been working recently to upgrade the LDAP support in DSpace to allow it to support sub-tree searching. At present it can only authenticate users within a single OU, but many institutions separate their users across a large tree of OUs.
So, I have now released a patch that does this, which will either be included in the upcoming DSpace 1.5.1, or will have to wait for 1.5.2 or 1.6 etc.
In order for me to test this I have had to include more users in my test LDAP service which you are welcome to use too! The patch allows you to specify the DN and password of a user who has full read and search rights overs the LDAP tree in order to identify the DN of the user who is trying to log-in. If you have anonymous access enabled on your server you could comment out the user’s details. The patch then uses that DN and the password provided by the user to re-bind to the LDAP server to make sure their credentials are correct. If you want to make use of this service, here are the settings you’ll need:
- ldap.provider_url = ldap://ldap.testathon.net:389/
- ldap.id_field = cn
- ldap.object_context = OU=users,DC=testathon,DC=net
- ldap.search_context = OU=users,DC=testathon,DC=net
- ldap.email_field = mail
- ldap.surname_field = sn
- ldap.givenname_field = givenName
- ldap.phone_field = telephoneNumber
- ldap.search_scope = 2
- ldap.search.user = CN=stuart,OU=users,DC=testathon,DC=net
- ldap.search.password = stuart
There are now nine users, structured as shown below:
As before, all passwords are the same as usernames.
I hope this is a useful service. Comments welcome!
In: Uncategorized · Tagged with: dspace, ldap, repositories
on September 5, 2008 at 5:49 pm
Permalink
Hi Stuart,
Thanks for the great work on the d-space LDAP code.
I just put together a patch myself to org.dspace.authentication.LDAP…
which modifies the LDAP authentication to work with Active Directory
here at Auburn – including subtree search.
I think the patch is generic enough that it would
be of general use, so I sent a message to the dspace-tech e-mail list
asking about checking the patch into the dspace svn repository, but have received no response so far:
http://sourceforge.net/mailarchive/forum.php?thread_name=48B67A96.724F.0085.0@auburn.edu&forum_name=dspace-tech
Is there some other path I should be taking to submit the patch for consideration by the d-space maintainers ?
Thanks!
Reuben
on September 6, 2008 at 1:53 pm
Permalink
Hi Reuben,
Thanks for getting in touch. I’ve got that email sitting in my inbox waiting for me to get around to replying to it – sorry it has taken a little while.
What changes have you made to make it work with Active Directory?
It would be great if you could formally submit your patch to the DSpace patch queue (http://sourceforge.net/tracker/?atid=319984&group_id=19984&func=browse). There are a few of us working on a generic LDAP authenticator which will hopefully work with any AD / LDAP system, so it would be good to see what changes you’ve made to see if we can incorporate them too.
Thanks,
Stuart
on October 24, 2008 at 8:10 am
Permalink
[...] is for web hosting, but by having a slice I can run other services. The main example of this is the test LDAP service that I run to allow people to test their DSpace repository LDAP settings, although it could be used [...]
on February 9, 2009 at 1:12 pm
Permalink
Hi Stuart,
I just added to tracker a small modification in order to support anonymous bind to LDAP.
Take a look.
Regards,
Paulo Matos
on February 10, 2009 at 9:50 am
Permalink
Hi Paulo,
Thanks for the modification. I have now applied it to SVN ready for DSpace 1.5.2
Thanks,
Stuart
on February 10, 2009 at 12:21 pm
Permalink
Hi Stuart,
Will you be updating The DSpace Course – ldap config to utilise this patch ?
Regards
on February 12, 2009 at 6:30 am
Permalink
Hi,
If I get an hour sometime I will. If not, hopefully the comments in the dspace.cfg configuration file around the hierarchical LDAP section are sufficient.
Thnaks,
Stuart
on April 15, 2009 at 7:38 am
Permalink
[...] for Hierarchical LDAP servers has been added (where users are spread across branches of an LDAP tree, rather than [...]
on February 12, 2010 at 8:39 pm
Permalink
Hi Stuart
I want to test LDAP . I have configured dspace.cfg as per above article . Now What Next ?
Means how to get loggd in ?
on February 14, 2010 at 8:02 am
Permalink
Go to the DSpace login screen, pick the user that you wish to log in as (e.g. alice, bob etc), then enter their username ‘alice’ and their password which is the same as their name ‘alice’.
on June 30, 2010 at 9:44 am
Permalink
stuart,
i have a windows app that i want to test against your ldap server: here is what the app prompts:
ldap server: ldap.testathon.net
port: 389
base: cn
username: stuart
pswd: stuart
i get an error,’invalid dn syntax’ can you please suggest what i may be doing wrong. thank you!!