Hi, I set the email_field = sAMAccountName but there is no change. Also I note that if I use "Password Authentication" to login and the user name and password are valid in LDAP, Dspace accept the user as valid and creates the ePerson, when the correct action is to reject the login with the message of invalid email account. But if the user is not valid in LDAP Dspace verify that the username is a valid email account ([email protected]).
Our Active Directory has a field called mail and the content is the sAMAccountName+netid_email_domain. For example: sAMAccountName = biblioteca, netid_email_domain = @itcr.ac.cr, then mail = [email protected] Comparing the source code of " LDAPAuthentication.java" I found different code when try to register a new user. It is possible that the routine in Dspace 4.0 lost or doesn't capture the email info from the LDAP server that is related with " DS-586 LDAP users with no mail field can't autoregister" (https://jira.duraspace.org/browse/DS-586) Dspace 3.2 (dspace-3.2-src-release/dspace-api/src/main/java/org/dspace/authenticate/ LDAPAuthentication.java) if (ldap.ldapAuthenticate(dn, password, context)) { // Register the new user automatically log.info(LogManager.getHeader(context, "autoregister", "netid=" + netid)); // If there is no email and the email domain is set, add it to the netid String email = ldap.ldapEmail; if (((email == null) || ("".equals(email))) && (!"".equals(ConfigurationManager.getProperty("authentication-ldap", "netid_email_domain")))) { email = netid + ConfigurationManager.getProperty("authentication-ldap", "netid_email_domain"); } if ((email != null) && (!"".equals(email))) { try { eperson = EPerson.findByEmail(context, email); if (eperson!=null) { log.info(LogManager.getHeader(context, "type=ldap-login", "type=ldap_but_already_email")); context.setIgnoreAuthorization(true); eperson.setNetid(netid.toLowerCase()); eperson.update(); context.commit(); context.setIgnoreAuthorization(false); context.setCurrentUser(eperson); // assign user to groups based on ldap dn assignGroupsBasedOnLdapDn(dn, context); return SUCCESS; } Dspace 4.0 (dspace-4.0-src-release/dspace-api/src/main/java/org/dspace/authenticate/LDAPAuthentication.java) if (ldap.ldapAuthenticate(dn, password, context)) { // Register the new user automatically log.info(LogManager.getHeader(context, "autoregister", "netid=" + netid)); // If there is no email and the email domain is set, add it to the netid String email = ldap.ldapEmail; if ((StringUtils.isEmpty(email)) && (StringUtils.isNotEmpty(ConfigurationManager.getProperty("authentication-ldap", "netid_email_domain")))) { email = netid + ConfigurationManager.getProperty("authentication-ldap", "netid_email_domain"); } else { email = netid; } if (StringUtils.isNotEmpty(email)) { try { eperson = EPerson.findByEmail(context, email); if (eperson!=null) { log.info(LogManager.getHeader(context, "type=ldap-login", "type=ldap_but_already_email")); context.setIgnoreAuthorization(true); eperson.setNetid(netid.toLowerCase()); eperson.update(); context.commit(); context.setIgnoreAuthorization(false); context.setCurrentUser(eperson); // assign user to groups based on ldap dn assignGroups(dn, ldap.ldapGroup, context); return SUCCESS; } Ing. Oscar Sánchez G., MAE Profesional en TI Biblioteca José Figueres Ferrer Instituto Tecnológico de Costa Rica I Tel: 2550-2135 Fax: 2591-4820 F Apdo Postal: 159-7050 -----Mensaje original----- De: [email protected] [mailto:[email protected]] En nombre de helix84 Enviado el: martes, 25 de febrero de 2014 09:03 a.m. Para: Oscar Sanchez Gomez CC: [email protected] Asunto: Re: [Dspace-tech] Using LDAP in Dspace 4.0 I think you need to set email_field = sAMAccountName. This is a limitation of DSpace (as described in [1] and possibly others) in that it assumes you use the email address to log in to DSpace (it doesn't have to be in email format, though). Then you may try to keep netid_email_domain = @itcr.ac.cr to see if an email address is properly formed. If not, it's possible that DSpace won't be able to send email to your users, depending on your format of sAMAccountName. [1] https://jira.duraspace.org/browse/DS-937 Regards, ~~helix84 Compulsory reading: DSpace Mailing List Etiquette https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette ------------------------------------------------------------------------------ Flow-based real-time traffic analytics software. Cisco certified tool. Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer Customize your own dashboards, set traffic alerts and generate reports. Network behavioral analysis & security monitoring. All-in-one tool. http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk _______________________________________________ DSpace-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
