Re: [Dspace-tech] LDAP and Special Groups Code

Clive Gould Wed, 07 Aug 2013 04:21:56 -0700

Hi everyone

It looks as if this was fixed in DSpace 3.2


[dspace@standbyvle ~]$ diff
/home/dspace/dspace-3.2-src-release/dspace-api/src/main/java/org/dspace/authenticate/LDAPAuthentication.java
/home/dspace/dspace-3.0-src-release/dspace-api/src/main/java/org/dspace/authenticate/LDAPAuthentication.java
615c615
<      * the authentication-ldap.login.groupmap.* key.
---
>      * the ldap.login.groupmap.* key.
647c647
<                                     "Group defined in
authentication-ldap.login.groupmap." + i + " does not exist :: " +
dspaceGroupName));
---
>                                     "Group defined in
ldap.login.groupmap." + i + " does not exist :: " + dspaceGroupName));
660c660
<                 groupMap =
ConfigurationManager.getProperty("authentication-ldap", "login.groupmap." +
++i);
---
>                 groupMap =
ConfigurationManager.getProperty("ldap.login.groupmap." + ++i);

Thanks

Clive



On Wed, Aug 7, 2013 at 11:10 AM, Clive Gould <cli...@gmail.com> wrote:

> Hi everyone
>
> I'm not a programmer as I said before but have just been scanning over the
> source code in LDAPAuthentication.java
>
> My  concern is with the following lines
>
> Before we go into the while loop
>
> int i = 1;
> String groupMap = ConfigurationManager.getProperty("authentication-ldap",
> "login.groupmap." + i);
>
> By my understanding this should read the first line login.groupmap.1
>
> Before the end of the while loop to move onto any  login.groupmap.2 and
> login.groupmap.3 etc
>
> groupMap = ConfigurationManager.getProperty("ldap.login.groupmap." + ++i);
>
> It looks to me as if the last line should read
>
> groupMap = ConfigurationManager.getProperty("login.groupmap." + ++i);
>
> Have I found a bug or is this just down to the fact I don't understand the
> code??
>
> Any thoughts most welcome
>
> Clive
>
>
> The complete excerpt from
> /home/dspace/dspace-3.0-src-release/dspace-api/src/main/java/org/dspace/authenticate/LDAPAuthentication.java
> is shown below:
>
>
>            System.out.println("dn:" + dn);
>             int i = 1;
>             String groupMap =
> ConfigurationManager.getProperty("authentication-ldap", "login.groupmap." +
> i);
>             while (groupMap != null)
>             {
>                 String t[] = groupMap.split(":");
>                 String ldapSearchString = t[0];
>                 String dspaceGroupName = t[1];
>
>                 if (StringUtils.containsIgnoreCase(dn, ldapSearchString))
>                 {
>                     // assign user to this group
>                     try
>                     {
>                         Group ldapGroup = Group.findByName(context,
> dspaceGroupName);
>                         if (ldapGroup != null)
>                         {
>                             ldapGroup.addMember(context.getCurrentUser());
>                             ldapGroup.update();
>                             context.commit();
>                         }
>                         else
>                         {
>                             // The group does not exist
>                             log.warn(LogManager.getHeader(context,
>                                     "ldap_assignGroupsBasedOnLdapDn",
>                                     "Group defined in
> ldap.login.groupmap." + i + " does not exist :: " + dspaceGroupName));
>                         }
>                     }
>                     catch (AuthorizeException ae)
>                     {
>                         log.debug(LogManager.getHeader(context,
> "assignGroupsBasedOnLdapDn could not authorize addition to group",
> dspaceGroupName));
>                     }
>                     catch (SQLException e)
>                     {
>                         log.debug(LogManager.getHeader(context,
> "assignGroupsBasedOnLdapDn could not find group", dspaceGroupName));
>                     }
>                 }
>
>                 groupMap =
> ConfigurationManager.getProperty("ldap.login.groupmap." + ++i);
>             }
>
>
>
> On Wed, Aug 7, 2013 at 10:35 AM, Clive Gould <cli...@gmail.com> wrote:
>
>> Hi everyone
>>
>> I'm beginning to suspect the LDAP Special Groups code in DSpace 3.0 is
>> broken
>>
>> Please see the scenarios below, which are excerpts from
>> /home/dspace/config/modules/authentication-ldap.cfg
>>
>> Scenario 1
>>
>>
>> login.groupmap.1 = OU=StaffUsers:all-staff
>> login.groupmap.2 = OU=StudentUsers:all-students
>>
>> In practice newly authenticated new staff are added to the all-staff,
>> all-authenticated and anonymous groups. Newly authenticated students only
>> belong to the anonymous group
>>
>> Scenario 2
>>
>>
>> ##### Added By Clive Gould on 31/07/13 to allow for special groups
>>
>> # login.groupmap.1 = OU=StaffUsers:all-staff
>> # login.groupmap.2 = OU=StudentUsers:all-students
>> login.groupmap.1 = OU=StudentUsers:all-students
>>
>> In practice newly authenticated students are added to the all-students,
>> all-authenticated and anonymous groups. Newly authenticated staff only
>> belong to the anonymous group
>>
>> Scenario 3
>>
>> # login.groupmap.1 = OU=StaffUsers:all-staff
>> # login.groupmap.2 = OU=StudentUsers:all-students
>> login.groupmap.1 = OU=StudentUsers:all-students
>> login.groupmap.2 = OU=StaffUsers:all-staff
>>
>> Newly authenticated students are added to the all-students,
>> all-authenticated and anonymous groups. Newly authenticated staff only
>> belong to the anonymous group
>>
>> Conclusion
>>
>> It looks horribly as if only the first line login.groupmap.1 is being
>> processed. login.groupmap.2 seems to be ignored
>>
>> Note: If a member of staff or student has logged in and registered once
>> their membership of the special groups appears to be persistent through
>> multiple logins
>>
>> I'm not a Java programmer and haven't time try to understand and debug
>> the code myself. Has anyone actually got this special groups code to work
>> properly or is this a bug that needs fixing?
>>
>> Any ideas anyone?
>>
>> Clive
>>
>>
>> On Tue, Aug 6, 2013 at 10:11 AM, helix84 <heli...@centrum.sk> wrote:
>>
>>> Neither login.specialgroup nor login.groupmap are applied to student,
>>> but it is to staff? I'm as baffled as you are.
>>>
>>> Are you modifying the right config file, i.e.
>>> [dspace]/config/modules/authentication-ldap.cfg (maybe you
>>> accidentally edited the one in [dspace-source])?
>>>
>>> Other than that, try sprinkling more log.debug calls around to see
>>> which branches of code are executed. Basically you want to check the
>>> values that drive the decisions in any relevant "if" statements.
>>>
>>>
>>> Regards,
>>> ~~helix84
>>>
>>> Compulsory reading: DSpace Mailing List Etiquette
>>> https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
>>>
>>
>>
>

------------------------------------------------------------------------------
Get 100% visibility into Java/.NET code with AppDynamics Lite!
It's a free troubleshooting tool designed for production.
Get down to code-level detail for bottlenecks, with <2% overhead. 
Download for free and get started troubleshooting in minutes. 
http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk

_______________________________________________
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

Re: [Dspace-tech] LDAP and Special Groups Code

Reply via email to