DSpace
  1. DSpace
  2. DS-1180

LDAP: if no adminUser is set, build the DN using the object_context

    Details

    • Type: Improvement Improvement
    • Status: Closed Closed (View Workflow)
    • Priority: Minor Minor
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 3.0
    • Component/s: DSpace API
    • Labels:
      None
    • Attachments:
      0
    • Comments:
      5

      Description

      Before attempting a user authentication, LDAPHierarchicalAuthentication attempts to lookup the user's DN using an adminUser and adminPassword. This is unnecessary if all users from an institution are in the same LDAP container, e.g.,:

        uid=sam,ou=Users,dc=example,dc=edu

      The necessary variables for building the DN manually are already in authentication-ldap.cfg. This patch attempts to build the DN manually *if* the adminUser is empty.

        Activity

        Hide
        Stuart Lewis added a comment -
        Is the intention of this patch to remove the need for the normal LDAP authentication class, as this new behaviour (not searching the tree) is how that already works.

        If so, this might be a sensible move to remove the duplication and having two LDAP authentication classes.
        Show
        Stuart Lewis added a comment - Is the intention of this patch to remove the need for the normal LDAP authentication class, as this new behaviour (not searching the tree) is how that already works. If so, this might be a sensible move to remove the duplication and having two LDAP authentication classes.
        Hide
        Samuel Ottenhoff added a comment -
        I don't know the history of these files... I thought LDAPHierarchicalAuthentication was the preferred path forward.....
        Show
        Samuel Ottenhoff added a comment - I don't know the history of these files... I thought LDAPHierarchicalAuthentication was the preferred path forward.....
        Hide
        Stuart Lewis added a comment -
        It could be, and perhaps should be, now that you've added this patch to make the one class perform both functions. We just need to make this decision and go with it if we want to, then remember to remove the other LDAP authenticator class, and all associated documentation. I'd be happy for this to be done.
        Show
        Stuart Lewis added a comment - It could be, and perhaps should be, now that you've added this patch to make the one class perform both functions. We just need to make this decision and go with it if we want to, then remember to remove the other LDAP authenticator class, and all associated documentation. I'd be happy for this to be done.
        Hide
        Ivan Masár added a comment -
        Yes Stuart, that was my intention, too.
        Show
        Ivan Masár added a comment - Yes Stuart, that was my intention, too.
        Show
        Ivan Masár added a comment - https://github.com/DSpace/DSpace/pull/19

          People

          • Assignee:
            Ivan Masár
            Reporter:
            Samuel Ottenhoff
          • Votes:
            1 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: