[
https://jira.duraspace.org/browse/DS-616?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Bram Luyten (@mire) updated DS-616:
-----------------------------------
Status: Volunteer Needed (was: Received)
> Make it possible to guarantee config file values are filled thru the
> ConfigurationManager API
> ---------------------------------------------------------------------------------------------
>
> Key: DS-616
> URL: https://jira.duraspace.org/browse/DS-616
> Project: DSpace
> Issue Type: Improvement
> Components: DSpace API
> Affects Versions: 1.6.0, 1.6.1, 1.6.2
> Reporter: Flávio Botelho
>
> Sometimes users leave certain necessary config values commented and instead
> of getting nice error messages back telling that a certain value needs to be
> filled, a random exception (most of the time it will probably be NullPointer)
> comes back.
> It is as easy as adding a boolean flag to getProperty in ConfigurationManager
> so that if the flag is true, it should make sure it wont return null, if the
> value is null it should log and error message and simply 404.
> The hard part would be go after the places in code that should call
> getProperty with the flag true, but i guess that can be done over time...
> Example of emails on dspace-tech showing that happening:
> Aha! I now realize what it is. The ldap.search_scope value is
> commented out by default in the config file. I mistakenly believed that
> this implied a default value of 2. If you leave the value commented out
> and enable Hierarchical LDAP authentication, you generate a
> NullPointerException.
> All appears to be well. Thanks everyone.
> Jason
> - Hide quoted text -
> On 6/25/10 4:24 PM, Stuart Lewis wrote:
> > Hi Jason,
> >
> > DSpace ships with two LDAP options - LDAPAuthentication and
> > LDAPHeirarchicalAuthentication.
> >
> > If all your users are in one branch of an ldap tree (e.g. they all exist in
> > ou=users,dc=unb,dc=ca) then you can use the former. This does not perform
> > an initial bind, it just binds to the user's DN using their credentials. If
> > the bind is successful then it allows the user to log in to DSpace.
> >
> > If your users are scattered across many different branches, then you'll
> > need to use the LDAPHeirarchicalAuthentication option. This has extra
> > settings in dspace.cfg to set the DN and password of a user who has search
> > rights across the LDAP directory. DSpace will bind as that user and then
> > perform a search to find the DN of the user who is trying to log in. Once
> > it finds that, it then binds a second time to that DN, using the user's
> > password.
> >
> > Hopefully the comments in dspace.cfg will guide you through the different
> > settings. This blog post has some examples settings in that might help
> > demonstrate what you need to put in where:
> >
> > -
> > http://blog.stuartlewis.com/2008/08/18/test-ldap-service-upgraded-now-with-branches/
> >
> > Thanks,
> >
> >
> > Stuart Lewis
> > IT Innovations Analyst and Developer
> > Te Tumu Herenga The University of Auckland Library
> > Auckland Mail Centre, Private Bag 92019, Auckland 1142, New Zealand
> > Ph: +64 (0)9 373 7599 x81928
> >
> >
> > On 26/06/2010, at 2:51 AM, Jason Nugent wrote:
> >
> >> Hi folks,
> >>
> >> Just to confirm, does DSpace perform a two step check and then bind for
> >> authentication? I ask, because I've been talking to the fellow who has
> >> access to our LDAP server logs and he has informed me that it appears as
> >> though DSpace is attempting to bind with uid=jnugent,dc=unb,dc=ca, which
> >> is obviously incorrect. What it *should* be doing is an initial search
> >> with (uid=jnugent) as a filter, using the
> >> ldap.search_user/search_password, and then retrieving the DN for my
> >> record and binding with that, and the supplied password. In my case, my
> >> full DN is unbCaId=XXXXXXX,ou=people,dc=unb,dc=ca where XXXXXX is a
> >> unique string. Our users would never know what that string was.
> >>
> >> It sounds as though the setting for ldap.object_context is involved in
> >> this, since it is appended to the ldap.id_field and username, but in my
> >> case, I'd want it appended to unbCaID=XXXXXX, not my uid=jnugent string.
> >>
> >> Regards,
> >>
> >> Jason
> >> --
> >> Jason Nugent
> >> Systems Programmer/Database Developer
> >> Electronic Text Centre
> >> University of New Brunswick
> >> [email protected]
> >> (506) 447 3177
> >>
> >> ------------------------------------------------------------------------------
> >> ThinkGeek and WIRED's GeekDad team up for the Ultimate
> >> GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the
> >> lucky parental unit. See the prize list and enter to win:
> >> http://p.sf.net/sfu/thinkgeek-promo
> >> _______________________________________________
> >> DSpace-tech mailing list
> >> [email protected]
> >> https://lists.sourceforge.net/lists/listinfo/dspace-tech
> >
> >
> >
> >
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
------------------------------------------------------------------------------
AlienVault Unified Security Management (USM) platform delivers complete
security visibility with the essential security capabilities. Easily and
efficiently configure, manage, and operate all of your security controls
from a single console and one unified framework. Download a free trial.
http://p.sf.net/sfu/alienvault_d2d
_______________________________________________
Dspace-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dspace-devel
