Tag Archives: ldap

Test LDAP service upgraded – now with branches

A few weeks ago I made a test LDAP service available (read the blog post) in order to allow people without an LDAP service to test their LDAP-related DSpace patches, or to help people configuring their DSpace LDAP settings by showing them an example with the correct configuration settings.

I’ve been working recently to upgrade the LDAP support in DSpace to allow it to support sub-tree searching. At present it can only authenticate users within a single OU, but many institutions separate their users across a large tree of OUs.

So, I have now released a patch that does this, which will either be included in the upcoming DSpace 1.5.1, or will have to wait for 1.5.2 or 1.6 etc.

In order for me to test this I have had to include more users in my test LDAP service which you are welcome to use too! The patch allows you to specify the DN and password of a user who has full read and search rights overs the LDAP tree in order to identify the DN of the user who is trying to log-in. If you have anonymous access enabled on your server you could comment out the user’s details. The patch then uses that DN and the password provided by the user to re-bind to the LDAP server to make sure their credentials are correct. If you want to make use of this service, here are the settings you’ll need:

  • ldap.provider_url = ldap://ldap.testathon.net:389/
  • ldap.id_field = cn
  • ldap.object_context = OU=users,DC=testathon,DC=net
  • ldap.search_context = OU=users,DC=testathon,DC=net
  • ldap.email_field = mail
  • ldap.surname_field = sn
  • ldap.givenname_field = givenName
  • ldap.phone_field = telephoneNumber
  • ldap.search_scope = 2
  • ldap.search.user = CN=stuart,OU=users,DC=testathon,DC=net
  • ldap.search.password = stuart

There are now nine users, structured as shown below:

As before, all passwords are the same as usernames. 

I hope this is a useful service. Comments welcome! This entry was posted in Uncategorized and tagged , , on by .

Test LDAP service

One of the first integration tasks undertaken on a new repository installation is to plug it in to the local authentication system. More often than not this is LDAP. It allows users to use their usual local username and password in the repository rather than having to remember another password. LDAP services can be provided by a Microsoft Active Directory (run by most institutions who have Microsoft desktop systems) or dedicated LDAP (e.g. OpenLDAP) service.

One thing I’ve noticed with the DSpace testathons is that often LDAP does not get tested because many of the developers do not have access to an LDAP system – for example in DSpace 1.5 LDAP authentication does not work with Manakin or SWORD. (I have fixed both in the upcoming 1.5.1 though 🙂 ). With this in mind, and because I have to teach a DSpace technical course in 4 days time where we’ll be covering LDAP configuration, I’ve created an open LDAP server which can be used for testing and training.

Details:

  • ldap.provider_url = ldap://ldap.testathon.net:389/
  • ldap.id_field = cn
  • ldap.object_context = OU=users,DC=testathon,DC=net
  • ldap.search_context = OU=users,DC=testathon,DC=net
  • ldap.email_field = mail
  • ldap.surname_field = sn
  • ldap.givenname_field = givenName
  • ldap.phone_field = telephoneNumber

Users and their passwords are:

  • stuart / stuart
  • john / john
  • carol / carol

Each user has a full name (Stuart Lewis / John Smith / Carol Jones), a telephone number and email address so should be fully functional.

If you make use of this server, please drop me a line or leave a comment so I know. Otherwise it might get turned off…!mobi game