Ended up with a solution with the following config: provider_url = ldap://domain.com/ #object_context = ou=someOU\, dc=domain\,dc=com search_context = dc=domain\,dc=com # No OU required here for my ldap search_scope = 2 search.user = CN=ldapsync\,CN=ldapsync_group\,dc=domain\,dc=com search.password = password
On Thursday, 3 August 2017 16:20:56 UTC+2, Vusani Mutshinya wrote: > > My top level OU is the same name with my domain name, only that the OU's > first letter capitalized. > > On Thursday, 3 August 2017 16:12:50 UTC+2, Shannon Meisenheimer wrote: >> >> I think you need something other than domain for your OU: >> authentication-ldap.object_context = ou=domain\,dc=domain\,dc=gov\,dc=za >> authentication-ldap.search_context = ou=domain\,ou=domain\,ou=gov\,ou=za >> >> The error seems to indicate a problem with your base DN. >> >> Talk to your LDAP/Directory admin and find out what your top level OU's >> are. >> >> Shannon >> -- >> Mr. Shannon Meisenheimer >> Office of Technology >> University of Central Missouri >> WDE0608 >> [email protected] >> Work Phone: (660) 543-8483 >> >> On Thu, Aug 3, 2017 at 8:11 AM, Vusani Mutshinya <[email protected]> >> wrote: >> >>> Here: >>> >>> authentication-ldap.enable = true >>> authentication-ldap.autoregister = true >>> authentication-ldap.provider_url = ldap://domain.gov.za/ >>> authentication-ldap.id_field = sAMAccountName >>> authentication-ldap.object_context = ou=domain\,dc=domain\,dc=gov\,dc=za >>> authentication-ldap.search_context = ou=domain\,ou=domain\,ou=gov\,ou=za >>> authentication-ldap.email_field = mail >>> authentication-ldap.surname_field = sn >>> authentication-ldap.givenname_field = givenName >>> authentication-ldap.search_scope = 2 >>> authentication-ldap.search.anonymous = false >>> authentication-ldap.search.user = >>> cn=user\,ou=domain\,dc=domain\,dc=gov\,dc=za >>> authentication-ldap.search.password = passwd >>> >>> On Thursday, 3 August 2017 15:08:25 UTC+2, Shannon Meisenheimer wrote: >>>> >>>> Can you post your ldap configuration settings? >>>> >>>> Shannon >>>> -- >>>> Mr. Shannon Meisenheimer >>>> Office of Technology >>>> University of Central Missouri >>>> WDE0608 >>>> [email protected] >>>> Work Phone: (660) 543-8483 >>>> >>>> On Thu, Aug 3, 2017 at 8:00 AM, Vusani Mutshinya <[email protected]> >>>> wrote: >>>> >>>>> Hi, >>>>> >>>>> I am facing the same issue, I was so happy you had found a solution >>>>> only to find it not working for me. >>>>> I have configured everything as you have and still no joy. I have >>>>> ldapsearch which I am able to connect with but DSpace still does not. >>>>> >>>>> The error is a no DN found for user. >>>>> >>>>> Any help will be greatly appreciated. >>>>> >>>>> On Thursday, 3 August 2017 01:50:28 UTC+2, Tim Cullings wrote: >>>>>> >>>>>> Finally solved this through a combination of Wiresark and dspace logs >>>>>> I was able to figure out that it wasn't binding to LDAP at all. Fixed >>>>>> that >>>>>> by adding \'s to my authentication-ldap.search.user. >>>>>> >>>>>> So it is now cn=username\,ou=someou\,dc=domain\,dc=com >>>>>> >>>>>> I then had to add a slash to the end of my ldap server name: ldap:// >>>>>> ldap.domain.com/ >>>>>> >>>>>> Had to add a backslash to the search context: ou=domain\,ou=com >>>>>> >>>>>> I commented out the object context line as well. >>>>>> >>>>>> After that it started working. >>>>>> >>>>>> On Thu, Jul 13, 2017 at 5:00 PM, Shannon Meisenheimer < >>>>>> [email protected]> wrote: >>>>>> >>>>>>> Weird. That's an auth credential error, but like you said you've >>>>>>> tested that user elsewhere. I'm no LDAP wizard, I had troubleshoot our >>>>>>> DSpace/LDAP setup with our team that supports active directory. >>>>>>> >>>>>>> Shannon >>>>>>> >>>>>>> Sent from my iPhone >>>>>>> >>>>>>> On Jul 13, 2017, at 6:18 PM, Tim Cullings <[email protected]> >>>>>>> wrote: >>>>>>> >>>>>>> Yes, I verified that they are the same. >>>>>>> >>>>>>> On Wed, Jul 12, 2017 at 7:22 PM, Shannon Meisenheimer < >>>>>>> [email protected]> wrote: >>>>>>> >>>>>>>> Are you sure the cn and samAccountName match for that user? >>>>>>>> >>>>>>>> Shannon >>>>>>>> >>>>>>>> Sent from my iPhone >>>>>>>> >>>>>>>> On Jul 12, 2017, at 3:55 PM, Tim Cullings <[email protected]> >>>>>>>> wrote: >>>>>>>> >>>>>>>> I have been tasked with setting up DSpace in my environment and >>>>>>>> getting it working with LDAP for user authentication. >>>>>>>> >>>>>>>> I've gone through every article on the site, tried every >>>>>>>> combination of settings in the authentication-ldap.cfg file and can't >>>>>>>> seem >>>>>>>> to get it to work. The only error I receive is: >>>>>>>> >>>>>>>> ldap_authentication:type=failed_auth >>>>>>>> javax.naming.AuthenticationException\colon; [LDAP\colon; error code 49 >>>>>>>> - >>>>>>>> 80090308\colon; LdapErr\colon; DSID-0C0903D9, comment\colon; >>>>>>>> AcceptSecurityContext error, data 52e, v2580 ] >>>>>>>> >>>>>>>> Running DSPACE 5 on Windows Server 2012 R2 >>>>>>>> >>>>>>>> Here are my settings: >>>>>>>> >>>>>>>> authentication-ldap.enable = true >>>>>>>> authentication-ldap.autoregister = true >>>>>>>> authentication-ldap.provider_url = ldap://ldap.domain.com:389 >>>>>>>> authentication-ldap.id_field = sAMAcoountName >>>>>>>> authentication-ldap.object_context = dc=domain,dc=com >>>>>>>> authentication-ldap.search_context = dc=domain,dc=com >>>>>>>> authentication-ldap.email_field = mail >>>>>>>> authentication-ldap.surname_field = sn >>>>>>>> authentication-ldap.givenname_field = givenName >>>>>>>> authentication-ldap.search_scope = 2 >>>>>>>> #authentication-ldap.search.anonymous = false >>>>>>>> authentication-ldap.search.user = cn=user,ou=someou,dc=domain,dc=com >>>>>>>> authentication-ldap.search.password = password >>>>>>>> >>>>>>>> I used an LDAP browsing tool from the server with the service >>>>>>>> account I am attempting to use for Dspace and was able to run queries >>>>>>>> with >>>>>>>> it against our AD server. I also used ldapsearch on a UNIX box and >>>>>>>> the >>>>>>>> specified credentials and that worked as well so I am fairly certain >>>>>>>> the >>>>>>>> issue is with Dspace. Domain users reside in multiple OUs that are >>>>>>>> one >>>>>>>> level down from the root for example, >>>>>>>> cn=user1,ou=Contractors,dc=domain,dc=com and so on for FTEs, vendors >>>>>>>> and >>>>>>>> other types of employees. >>>>>>>> >>>>>>>> -- >>>>>>>> You received this message because you are subscribed to the Google >>>>>>>> Groups "DSpace Technical Support" group. >>>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>>> send an email to [email protected]. >>>>>>>> To post to this group, send email to [email protected]. >>>>>>>> Visit this group at https://groups.google.com/group/dspace-tech. >>>>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>>>> >>>>>>>> >>>>>>> >>>>>> >>>> -- >>> You received this message because you are subscribed to the Google >>> Groups "DSpace Technical Support" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To post to this group, send email to [email protected]. >>> >>> Visit this group at https://groups.google.com/group/dspace-tech. >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> -- You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/dspace-tech. For more options, visit https://groups.google.com/d/optout.
