Test LDAP service upgraded – now with branches

A few weeks ago I made a test LDAP service available (read the blog post) in order to allow people without an LDAP service to test their LDAP-related DSpace patches, or to help people configuring their DSpace LDAP settings by showing them an example with the correct configuration settings.

I’ve been working recently to upgrade the LDAP support in DSpace to allow it to support sub-tree searching. At present it can only authenticate users within a single OU, but many institutions separate their users across a large tree of OUs.

So, I have now released a patch that does this, which will either be included in the upcoming DSpace 1.5.1, or will have to wait for 1.5.2 or 1.6 etc.

In order for me to test this I have had to include more users in my test LDAP service which you are welcome to use too! The patch allows you to specify the DN and password of a user who has full read and search rights overs the LDAP tree in order to identify the DN of the user who is trying to log-in. If you have anonymous access enabled on your server you could comment out the user’s details. The patch then uses that DN and the password provided by the user to re-bind to the LDAP server to make sure their credentials are correct. If you want to make use of this service, here are the settings you’ll need:

There are now nine users, structured as shown below:

As before, all passwords are the same as usernames. 

I hope this is a useful service. Comments welcome!

Bookmark and Share
Posted on August 18, 2008 at 4:59 pm by Stuart · Permalink
In: Uncategorized · Tagged with: , ,

11 Responses

Subscribe to comments via RSS

  1. Written by Reuben Pasquini
    on September 5, 2008 at 5:49 pm
    Permalink

    Hi Stuart,

    Thanks for the great work on the d-space LDAP code.
    I just put together a patch myself to org.dspace.authentication.LDAP…
    which modifies the LDAP authentication to work with Active Directory
    here at Auburn – including subtree search.

    I think the patch is generic enough that it would
    be of general use, so I sent a message to the dspace-tech e-mail list
    asking about checking the patch into the dspace svn repository, but have received no response so far:
    http://sourceforge.net/mailarchive/forum.php?thread_name=48B67A96.724F.0085.0@auburn.edu&forum_name=dspace-tech

    Is there some other path I should be taking to submit the patch for consideration by the d-space maintainers ?

    Thanks!
    Reuben

  2. Written by stuart
    on September 6, 2008 at 1:53 pm
    Permalink

    Hi Reuben,

    Thanks for getting in touch. I’ve got that email sitting in my inbox waiting for me to get around to replying to it – sorry it has taken a little while.

    What changes have you made to make it work with Active Directory?

    It would be great if you could formally submit your patch to the DSpace patch queue (http://sourceforge.net/tracker/?atid=319984&group_id=19984&func=browse). There are a few of us working on a generic LDAP authenticator which will hopefully work with any AD / LDAP system, so it would be good to see what changes you’ve made to see if we can incorporate them too.

    Thanks,

    Stuart

  3. [...] is for web hosting, but by having a slice I can run other services. The main example of this is the test LDAP service that I run to allow people to test their DSpace repository LDAP settings, although it could be used [...]

  4. Written by Paulo Matos
    on February 9, 2009 at 1:12 pm
    Permalink

    Hi Stuart,

    I just added to tracker a small modification in order to support anonymous bind to LDAP.

    Take a look.

    Regards,

    Paulo Matos

  5. Written by stuart
    on February 10, 2009 at 9:50 am
    Permalink

    Hi Paulo,

    Thanks for the modification. I have now applied it to SVN ready for DSpace 1.5.2

    Thanks,

    Stuart

  6. Written by Aaron Hossain
    on February 10, 2009 at 12:21 pm
    Permalink

    Hi Stuart,

    Will you be updating The DSpace Course – ldap config to utilise this patch ?

    Regards

  7. Written by stuart
    on February 12, 2009 at 6:30 am
    Permalink

    Hi,

    If I get an hour sometime I will. If not, hopefully the comments in the dspace.cfg configuration file around the hierarchical LDAP section are sufficient.

    Thnaks,

    Stuart

  8. [...] for Hierarchical LDAP servers has been added (where users are spread across branches of an LDAP tree, rather than [...]

  9. Written by Hardik
    on February 12, 2010 at 8:39 pm
    Permalink

    Hi Stuart
    I want to test LDAP . I have configured dspace.cfg as per above article . Now What Next ?
    Means how to get loggd in ?

  10. Written by Stuart
    on February 14, 2010 at 8:02 am
    Permalink

    Go to the DSpace login screen, pick the user that you wish to log in as (e.g. alice, bob etc), then enter their username ‘alice’ and their password which is the same as their name ‘alice’.

  11. Written by mike
    on June 30, 2010 at 9:44 am
    Permalink

    stuart,
    i have a windows app that i want to test against your ldap server: here is what the app prompts:
    ldap server: ldap.testathon.net
    port: 389
    base: cn
    username: stuart
    pswd: stuart
    i get an error,’invalid dn syntax’ can you please suggest what i may be doing wrong. thank you!!

Subscribe to comments via RSS

Leave a Reply