Uploaded image for project: 'DSpace'
  1. DSpace
  2. DS-1180

LDAP: if no adminUser is set, build the DN using the object_context

    Details

    • Type: Improvement
    • Status: Closed (View Workflow)
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 3.0
    • Component/s: DSpace API
    • Labels:
      None
    • Attachments:
      0
    • Comments:
      5

      Description

      Before attempting a user authentication, LDAPHierarchicalAuthentication attempts to lookup the user's DN using an adminUser and adminPassword. This is unnecessary if all users from an institution are in the same LDAP container, e.g.,:

      uid=sam,ou=Users,dc=example,dc=edu

      The necessary variables for building the DN manually are already in authentication-ldap.cfg. This patch attempts to build the DN manually if the adminUser is empty.

        Attachments

          Activity

          Hide
          stuartlewis Stuart Lewis added a comment -

          Is the intention of this patch to remove the need for the normal LDAP authentication class, as this new behaviour (not searching the tree) is how that already works.

          If so, this might be a sensible move to remove the duplication and having two LDAP authentication classes.

          Show
          stuartlewis Stuart Lewis added a comment - Is the intention of this patch to remove the need for the normal LDAP authentication class, as this new behaviour (not searching the tree) is how that already works. If so, this might be a sensible move to remove the duplication and having two LDAP authentication classes.
          Hide
          ottenhoffs Samuel Ottenhoff added a comment -

          I don't know the history of these files... I thought LDAPHierarchicalAuthentication was the preferred path forward.....

          Show
          ottenhoffs Samuel Ottenhoff added a comment - I don't know the history of these files... I thought LDAPHierarchicalAuthentication was the preferred path forward.....
          Hide
          stuartlewis Stuart Lewis added a comment -

          It could be, and perhaps should be, now that you've added this patch to make the one class perform both functions. We just need to make this decision and go with it if we want to, then remember to remove the other LDAP authenticator class, and all associated documentation. I'd be happy for this to be done.

          Show
          stuartlewis Stuart Lewis added a comment - It could be, and perhaps should be, now that you've added this patch to make the one class perform both functions. We just need to make this decision and go with it if we want to, then remember to remove the other LDAP authenticator class, and all associated documentation. I'd be happy for this to be done.
          Hide
          helix84 Ivan Masár added a comment -

          Yes Stuart, that was my intention, too.

          Show
          helix84 Ivan Masár added a comment - Yes Stuart, that was my intention, too.
          Show
          helix84 Ivan Masár added a comment - https://github.com/DSpace/DSpace/pull/19

            People

            • Assignee:
              helix84 Ivan Masár
              Reporter:
              ottenhoffs Samuel Ottenhoff
            • Votes:
              1 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: