A few weeks ago I made a test LDAP service available (read the blog post) in order to allow people without an LDAP service to test their LDAP-related DSpace patches, or to help people configuring their DSpace LDAP settings by showing them an example with the correct configuration settings.
I’ve been working recently to upgrade the LDAP support in DSpace to allow it to support sub-tree searching. At present it can only authenticate users within a single OU, but many institutions separate their users across a large tree of OUs.
So, I have now released a patch that does this, which will either be included in the upcoming DSpace 1.5.1, or will have to wait for 1.5.2 or 1.6 etc.
In order for me to test this I have had to include more users in my test LDAP service which you are welcome to use too! The patch allows you to specify the DN and password of a user who has full read and search rights overs the LDAP tree in order to identify the DN of the user who is trying to log-in. If you have anonymous access enabled on your server you could comment out the user’s details. The patch then uses that DN and the password provided by the user to re-bind to the LDAP server to make sure their credentials are correct. If you want to make use of this service, here are the settings you’ll need:
- ldap.provider_url = ldap://ldap.testathon.net:389/
- ldap.id_field = cn
- ldap.object_context = OU=users,DC=testathon,DC=net
- ldap.search_context = OU=users,DC=testathon,DC=net
- ldap.email_field = mail
- ldap.surname_field = sn
- ldap.givenname_field = givenName
- ldap.phone_field = telephoneNumber
- ldap.search_scope = 2
- ldap.search.user = CN=stuart,OU=users,DC=testathon,DC=net
- ldap.search.password = stuart
There are now nine users, structured as shown below:
As before, all passwords are the same as usernames.