The attached file is a new pluggable authentication method to provide
flexible support for hierarchical LDAP trees (where users are not all in
the same subtree).
This patch builds upon two other patches:
-  Refactor LDAPServlet to use Stackable Authentication (this
patch only supports LDAP servers to which you can anonymously bind)
-  Patch for Hierarchical LDAP plus Stackable fixes (this does
not work with LDAP servers which cannot return the DN of a user as one of
An additional feature is the ability to set a special group, of which all
LDAP authenticated users are a member of. This is useful for automatically
creating a group of all internal users, if you need to restrict items
internally where you can't rely on IP authentication.
It requires the following additions to dspace.cfg:
- Hierarchical LDAP Settings #####
- If your users are spread out across a hierarchical tree on your
- LDAP server, you will need to use the following stackable authentication
- plugin.sequence.org.dspace.authenticate.AuthenticationMethod = \
- You can optionally specify the search scope. If anonymous access is not
- enabled on your LDAP server, you will need to specify the full DN and
- password of a user that is allowed to bind in order to search for the
- This is the search scope value for the LDAP search during
- autoregistering. This will depend on your LDAP server setup.
- This value must be one of the following integers corresponding
- to the following values:
- object scope : 0
- one level scope : 1
- subtree scope : 2
#ldap.search_scope = 2
- The full DN and password of a user allowed to connect to the LDAP server
- and search for the DN of the user trying to log in.
#ldap.search.user = cn=admin,ou=people,o=myu.edut
#ldap.search.password = password
- LDAP users group #####
- If required, a group name can be given here, and all users who log in
- to LDAP will automatically become members of this group. This is useful
- if you want a group made up of all internal authenticated users.
#ldap.login.specialgroup = group-name