<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";
color:black;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;
color:black;}
span.shorttext
{mso-style-name:short_text;}
span.hps
{mso-style-name:hps;}
span.im
{mso-style-name:im;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;
color:black;}
span.EmailStyle22
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:2082368799;
mso-list-type:hybrid;
mso-list-template-ids:1347613732 67698703 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l0:level1
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level2
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level3
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l0:level4
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level5
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level6
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l0:level7
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level8
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level9
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body bgcolor="white" lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Our logic flow for LDAP and local logins is as follows and we had to pretty much write (re-write) our eprints_login.pl from scratch, but we had to do that for
other reasons here as well due to the LDAP connection we needed to use to our central authentication system. Our flow assumes that everyone logging in has a LDAP account first then tries the local DB if LDAP logon fails.<o:p></o:p></span></p>
<p class="MsoNormal"><img width="659" height="518" id="Picture_x0020_1" src="cid:image001.png@01D12DB8.B2C173F0"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Hope this helps.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">-Brian.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><a name="_MailEndCompose"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></a></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext"> eprints-tech-bounces@ecs.soton.ac.uk [mailto:eprints-tech-bounces@ecs.soton.ac.uk]
<b>On Behalf Of </b>Enio Carboni<br>
<b>Sent:</b> Thursday, December 03, 2015 5:23 AM<br>
<b>To:</b> eprints-tech@ecs.soton.ac.uk<br>
<b>Subject:</b> [EP-tech] Re: With LDAP user_login.pl script local users can’t login<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal"><span class="hps"><span lang="EN">If</span></span><span class="shorttext"><span lang="EN">
</span></span><span class="hps"><span lang="EN">you do not have</span></span><span class="shorttext"><span lang="EN">
</span></span><span class="hps"><span lang="EN">the proxy account "someProxyAccount" (in the script see my $dn = "cn=someProxyAccount,ou=accounts,$base") it fail and "return 0" when try to bind on ldaps.</span></span><span lang="EN"><br>
</span><br>
<span class="hps"><span lang="EN">Did you put</span></span><span lang="EN"> <span class="hps">
the password for the</span> <span class="hps">proxy</span> <span class="hps">account at cfg/ldap.passwd?</span><br>
<br>
<span class="hps"> Enio</span><br>
</span>Il 03/12/2015 10:42, pgasinos pgs ha scritto:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoNormal">No, I don’t have an account for the LDAP server (I am on the process of asking for one), but I thought local admins don't have problem to authenticate. The script I am using is from wiki:
<br>
<a href="http://wiki.eprints.org/w/LDAP">http://wiki.eprints.org/w/LDAP</a> and it is the
<span class="im">"LDAP Authentication with On-Demand Creation of Users".</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">2015-12-03 11:32 GMT+02:00 Field A.N. <<a href="mailto:af05v@ecs.soton.ac.uk" target="_blank">af05v@ecs.soton.ac.uk</a>>:<o:p></o:p></p>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in">
<p class="MsoNormal">Can LDAP authenticated accounts log in? Can you paste the code in your
<a href="http://user_login.pl" target="_blank">user_login.pl</a> file here?<br>
<br>
<br>
<br>
--<br>
Adam Field<br>
Business Relationship Manager and Community Lead<br>
EPrints Services<br>
<a href="tel:%2B44%20%280%2923%208059%208814">+44 (0)23 8059 8814</a><br>
<br>
<br>
<br>
<br>
<br>
On 3 Dec 2015, at 09:28, pgasinos pgs wrote:<br>
<br>
> I have tried to use the wiki's tutorial about LDAP. I have changed user_roles according to the instructions. The script I have used is "LDAP Authentication with On-Demand Creation of Users" but I couldn't login as administrator. Eprints failed to authenticate
with my local admin account.<br>
> *** Options: <a href="http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech" target="_blank">
http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech</a><br>
> *** Archive: <a href="http://www.eprints.org/tech.php/" target="_blank">http://www.eprints.org/tech.php/</a><br>
> *** EPrints community wiki: <a href="http://wiki.eprints.org/" target="_blank">
http://wiki.eprints.org/</a><br>
> *** EPrints developers Forum: <a href="http://forum.eprints.org/">http://forum.eprints.org/</a><br>
<br>
<br>
*** Options: <a href="http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech" target="_blank">
http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech</a><br>
*** Archive: <a href="http://www.eprints.org/tech.php/" target="_blank">http://www.eprints.org/tech.php/</a><br>
*** EPrints community wiki: <a href="http://wiki.eprints.org/" target="_blank">http://wiki.eprints.org/</a><br>
*** EPrints developers Forum: <a href="http://forum.eprints.org/" target="_blank">
http://forum.eprints.org/</a><o:p></o:p></p>
</blockquote>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<p class="MsoNormal"><br>
<br>
<br>
<o:p></o:p></p>
<pre>*** Options: <a href="http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech">http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech</a><o:p></o:p></pre>
<pre>*** Archive: <a href="http://www.eprints.org/tech.php/">http://www.eprints.org/tech.php/</a><o:p></o:p></pre>
<pre>*** EPrints community wiki: <a href="http://wiki.eprints.org/">http://wiki.eprints.org/</a><o:p></o:p></pre>
<pre>*** EPrints developers Forum: <a href="http://forum.eprints.org/">http://forum.eprints.org/</a><o:p></o:p></pre>
</blockquote>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>