Hi everyone
I'm not a programmer as I said before but have just been scanning over the
source code in LDAPAuthentication.java
My concern is with the following lines
Before we go into the while loop
int i = 1;
String groupMap = ConfigurationManager.getProperty("authentication-ldap",
"login.groupmap." + i);
By my understanding this should read the first line login.groupmap.1
Before the end of the while loop to move onto any login.groupmap.2 and
login.groupmap.3 etc
groupMap = ConfigurationManager.getProperty("ldap.login.groupmap." + ++i);
It looks to me as if the last line should read
groupMap = ConfigurationManager.getProperty("login.groupmap." + ++i);
Have I found a bug or is this just down to the fact I don't understand the
code??
Any thoughts most welcome
Clive
The complete excerpt from
/home/dspace/dspace-3.0-src-release/dspace-api/src/main/java/org/dspace/authenticate/LDAPAuthentication.java
is shown below:
System.out.println("dn:" + dn);
int i = 1;
String groupMap =
ConfigurationManager.getProperty("authentication-ldap", "login.groupmap." +
i);
while (groupMap != null)
{
String t[] = groupMap.split(":");
String ldapSearchString = t[0];
String dspaceGroupName = t[1];
if (StringUtils.containsIgnoreCase(dn, ldapSearchString))
{
// assign user to this group
try
{
Group ldapGroup = Group.findByName(context,
dspaceGroupName);
if (ldapGroup != null)
{
ldapGroup.addMember(context.getCurrentUser());
ldapGroup.update();
context.commit();
}
else
{
// The group does not exist
log.warn(LogManager.getHeader(context,
"ldap_assignGroupsBasedOnLdapDn",
"Group defined in ldap.login.groupmap."
+ i + " does not exist :: " + dspaceGroupName));
}
}
catch (AuthorizeException ae)
{
log.debug(LogManager.getHeader(context,
"assignGroupsBasedOnLdapDn could not authorize addition to group",
dspaceGroupName));
}
catch (SQLException e)
{
log.debug(LogManager.getHeader(context,
"assignGroupsBasedOnLdapDn could not find group", dspaceGroupName));
}
}
groupMap =
ConfigurationManager.getProperty("ldap.login.groupmap." + ++i);
}
On Wed, Aug 7, 2013 at 10:35 AM, Clive Gould <[email protected]> wrote:
> Hi everyone
>
> I'm beginning to suspect the LDAP Special Groups code in DSpace 3.0 is
> broken
>
> Please see the scenarios below, which are excerpts from
> /home/dspace/config/modules/authentication-ldap.cfg
>
> Scenario 1
>
>
> login.groupmap.1 = OU=StaffUsers:all-staff
> login.groupmap.2 = OU=StudentUsers:all-students
>
> In practice newly authenticated new staff are added to the all-staff,
> all-authenticated and anonymous groups. Newly authenticated students only
> belong to the anonymous group
>
> Scenario 2
>
>
> ##### Added By Clive Gould on 31/07/13 to allow for special groups
>
> # login.groupmap.1 = OU=StaffUsers:all-staff
> # login.groupmap.2 = OU=StudentUsers:all-students
> login.groupmap.1 = OU=StudentUsers:all-students
>
> In practice newly authenticated students are added to the all-students,
> all-authenticated and anonymous groups. Newly authenticated staff only
> belong to the anonymous group
>
> Scenario 3
>
> # login.groupmap.1 = OU=StaffUsers:all-staff
> # login.groupmap.2 = OU=StudentUsers:all-students
> login.groupmap.1 = OU=StudentUsers:all-students
> login.groupmap.2 = OU=StaffUsers:all-staff
>
> Newly authenticated students are added to the all-students,
> all-authenticated and anonymous groups. Newly authenticated staff only
> belong to the anonymous group
>
> Conclusion
>
> It looks horribly as if only the first line login.groupmap.1 is being
> processed. login.groupmap.2 seems to be ignored
>
> Note: If a member of staff or student has logged in and registered once
> their membership of the special groups appears to be persistent through
> multiple logins
>
> I'm not a Java programmer and haven't time try to understand and debug the
> code myself. Has anyone actually got this special groups code to work
> properly or is this a bug that needs fixing?
>
> Any ideas anyone?
>
> Clive
>
>
> On Tue, Aug 6, 2013 at 10:11 AM, helix84 <[email protected]> wrote:
>
>> Neither login.specialgroup nor login.groupmap are applied to student,
>> but it is to staff? I'm as baffled as you are.
>>
>> Are you modifying the right config file, i.e.
>> [dspace]/config/modules/authentication-ldap.cfg (maybe you
>> accidentally edited the one in [dspace-source])?
>>
>> Other than that, try sprinkling more log.debug calls around to see
>> which branches of code are executed. Basically you want to check the
>> values that drive the decisions in any relevant "if" statements.
>>
>>
>> Regards,
>> ~~helix84
>>
>> Compulsory reading: DSpace Mailing List Etiquette
>> https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
>>
>
>
------------------------------------------------------------------------------
Get 100% visibility into Java/.NET code with AppDynamics Lite!
It's a free troubleshooting tool designed for production.
Get down to code-level detail for bottlenecks, with <2% overhead.
Download for free and get started troubleshooting in minutes.
http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
_______________________________________________
DSpace-tech mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dspace-tech
List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
