Hi Stuart -
Here is the code I am looking at:
if ((ldap.ldapEmail!=null)&&(!ldap.ldapEmail.equals(""))) *You want me to
change this to if (true) and then leave everything else the same**???*
{
try
{
eperson = EPerson.findByEmail(context, ldap.ldapEmail);
if (eperson!=null)
{
log.info(LogManager.getHeader(context,
"type=ldap-login", "type=ldap_but_already_email"));
context.setIgnoreAuthorization(true);
eperson.setNetid(netid.toLowerCase());
eperson.update();
context.commit();
context.setIgnoreAuthorization(false);
context.setCurrentUser(eperson);
return SUCCESS;
}
else
{
if (canSelfRegister(context, request, netid))
{
// TEMPORARILY turn off authorisation
try
{
context.setIgnoreAuthorization(true);
eperson = EPerson.create(context);
if ((ldap.ldapEmail != null) && (!ldap.ldapEmail.equals("")))
{
eperson.setEmail(ldap.ldapEmail);
}
else
{
eperson.setEmail(netid +
ConfigurationManager.getProperty("ldap.netid_email_domain"));
}
if ((ldap.ldapGivenName!=null) && (!ldap.ldapGivenName.equals("")))
{
eperson.setFirstName(ldap.ldapGivenName);
}
if ((ldap.ldapSurname!=null) && (!ldap.ldapSurname.equals("")))
{
eperson.setLastName(ldap.ldapSurname);
}
if ((ldap.ldapPhone!=null)&&(!ldap.ldapPhone.equals("")))
{
eperson.setMetadata("phone", ldap.ldapPhone);
}
eperson.setNetid(netid.toLowerCase());
eperson.setCanLogIn(true);
AuthenticationManager.initEPerson(context, request, eperson);
eperson.update();
context.commit();
context.setCurrentUser(eperson);
}
catch (AuthorizeException e)
{
return NO_SUCH_USER;
}
finally
{
context.setIgnoreAuthorization(false);
}
log.info(LogManager.getHeader(context, "authenticate",
"type=ldap-login, created ePerson"));
return SUCCESS;
}
else
{
// No auto-registration for valid certs
log.info(LogManager.getHeader(context,
"failed_login", "type=ldap_but_no_record"));
return NO_SUCH_USER;
}
}
}
--
Max McGrath
Asst. Network Admin/Systems Specialist
Carthage College
262-552-5512
[email protected]
On Thu, Apr 22, 2010 at 9:28 PM, Stuart Lewis <[email protected]>wrote:
> Hi Max,
>
> Yes - looks like there's a bit of a logic flow problem going on there - the
> check for an empty email is being performed twice, and the first is not
> needed. Try looking at
> [dsapce-src]/dspace-api/src/main/java/org/dspace/authenticate/LDAPHierarchicalAuthentication.java
> and find the line:
>
> if ((ldap.ldapEmail!=null)&&(!ldap.ldapEmail.equals("")))
>
> (about line 254) and change it to:
>
> if (true)
>
> Rebuild, redeploy etc. If may throw a null pointer exception, if so, add
> just before the if statement:
>
> if (ldap.ldapEmail == null) ldap.ldapEmail = "";
>
> If this fixes the problem, we'll look at getting it corrected in the next
> release.
>
> Thanks,
>
>
> Stuart Lewis
> IT Innovations Analyst and Developer
> Te Tumu Herenga The University of Auckland Library
> Auckland Mail Centre, Private Bag 92019, Auckland 1142, New Zealand
> Ph: +64 (0)9 373 7599 x81928
>
>
>
> On 23/04/2010, at 2:19 PM, Max McGrath wrote:
>
> > That could very well be the case as we do not have the e-mail address
> field populated in LDAP. But I thought the following code would take care
> of that:
> >
> > # If your LDAP server does not hold an email address for a user, you can
> use
> > # the following field to specify your email domain. This value is
> appended
> > # to the netid in order to make an email address. E.g. a netid of 'user'
> and
> > # ldap.netid_email_domain as '@example.com' would set the email of the
> user
> > # to be '[email protected]
> > ldap.netid_email_domain = @carthage.edu
> > --
> > Max McGrath
> > Asst. Network Admin/Systems Specialist
> > Carthage College
> > 262-552-5512
> > [email protected]
> >
> >
> > On Thu, Apr 22, 2010 at 9:12 PM, Stuart Lewis <[email protected]>
> wrote:
> > Hi Max,
> >
> > This code has been stable for a while and is working in a lot of
> installations, so hopefully there is no bug. One possible cause is that the
> email address is not being returned from the LDAP query. If there is no
> email address then an eperson record cannot be created.
> >
> > Check that the following setting is correctly configured in dspace.cfg:
> >
> > ldap.email_field = mail
> >
> > Thanks,
> >
> >
> > Stuart Lewis
> > IT Innovations Analyst and Developer
> > Te Tumu Herenga The University of Auckland Library
> > Auckland Mail Centre, Private Bag 92019, Auckland 1142, New Zealand
> > Ph: +64 (0)9 373 7599 x81928
> >
> >
> > On 23/04/2010, at 1:48 PM, Max McGrath wrote:
> >
> > > Yes, I do have that set to true and the ePersons are still not being
> created.
> > > --
> > > Max McGrath
> > > Asst. Network Admin/Systems Specialist
> > > Carthage College
> > > 262-552-5512
> > > [email protected]
> > >
> > >
> > > On Thu, Apr 22, 2010 at 1:33 PM, <[email protected]> wrote:
> > > Hi, Max. I'm glad you have LDAP auth working now.
> > >
> > > Do you have webui.ldap.autoregister = true in your dspace.cfg?
> > >
> > > We don't have webui.ldap.autoregister set to true, currently, and we do
> create all e-person accounts manually for those faculty and staff that need
> to access DSpace to add or edit objects. We were hoping to turn on
> webui.ldap.autoregister this summer.
> > >
> > > --
> > > Stacy Pennington
> > > Rhodes College
> > > [email protected]
> > > (901) 843-3968
> > >
> > >
> > > ---------------------------
> > > From: Max McGrath [mailto:[email protected]]
> > > Sent: Thursday, April 22, 2010 11:57 AM
> > > To: Pennington_Stacy
> > > Cc: [email protected]
> > > Subject: Re: [Dspace-tech] LDAP with DSpace
> > >
> > > Thanks again Stacy!
> > >
> > > You, however, have been unsuccessful at getting this to automatically
> create a new ePerson, correct?
> > >
> > > I don't have access to my logs right now, but I can see that LDAP
> authentication is working, but creating a new ePerson is failing and
> therefore, not letting me login!
> > >
> > > Is my only option to manually create an ePerson for every person who
> could potentially login?
> > > --
> > > Max McGrath
> > > Asst. Network Admin/Systems Specialist
> > > Carthage College
> > > 262-552-5512
> > > [email protected]
> > >
> > >
> > > <ATT00001..txt><ATT00002..txt>
> >
> >
> >
> >
>
>
>
------------------------------------------------------------------------------
_______________________________________________
DSpace-tech mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dspace-tech
