An update on this issue, we had the suggested modification and it resolved the issue. Users without an email specified in AD can auto login/register.
Anthony Avarca [email protected] 630.252.4940 On Fri, May 7, 2010 at 1:09 PM, Avarca, Anthony <[email protected]> wrote: > We are seeing a similar problem. Some of our AD accounts do not have an > email specified. We have the appropriate entries in the cfg file. Going to > try the approach suggested: > > Change: > > if ((ldap.ldapEmail!=null)&&(!ldap.ldapEmail.equals(""))) > > > to > > > if (ldap.ldapEmail == null) ldap.ldapEmail = ""; > if (true) > > > Anthony Avarca > [email protected] > 630.252.4940 > > > > On Mon, Apr 26, 2010 at 7:44 PM, Max McGrath <[email protected]>wrote: > >> Hi Stuart - >> >> Thanks for clarifying the rebuild and redeploy. >> >> Unfortunately, still no luck. >> >> I think I'll just start working on populating the e-mail field in LDAP. >> >> Thanks for all your help! I really appreciate it! >> >> Max >> >> -- >> Max McGrath >> Asst. Network Admin/Systems Specialist >> Carthage College >> 262-552-5512 >> [email protected] >> >> >> On Mon, Apr 26, 2010 at 4:02 PM, Stuart Lewis <[email protected]>wrote: >> >>> Hi Max, >>> >>> After making the change you need to re-build tomcat, and redeploy it. You >>> can do this by following steps 7, 8, and 9 in the installation guide: >>> >>> - http://www.dspace.org/1_6_0Documentation/ch03.html#N108B6 >>> >>> But at step 8, as this is not a new installation, you need to run 'ant >>> update' instead of 'ant fresh_install'. >>> >>> Thanks, >>> >>> >>> Stuart Lewis >>> IT Innovations Analyst and Developer >>> Te Tumu Herenga The University of Auckland Library >>> Auckland Mail Centre, Private Bag 92019, Auckland 1142, New Zealand >>> Ph: +64 (0)9 373 7599 x81928 >>> >>> >>> On 27/04/2010, at 8:57 AM, Max McGrath wrote: >>> >>> > Stuart - >>> > >>> > I made the change and then restarted Tomcat and it still is not working >>> for people that do not have their e-mail address in LDAP. >>> > >>> > Should I have done more than just restarting Tomcat? >>> > >>> > Thanks for all the help! >>> > -- >>> > Max McGrath >>> > Asst. Network Admin/Systems Specialist >>> > Carthage College >>> > 262-552-5512 >>> > [email protected] >>> > >>> > >>> > On Mon, Apr 26, 2010 at 3:46 PM, Stuart Lewis <[email protected]> >>> wrote: >>> > Hi Max, >>> > >>> > Yes - that's right. >>> > >>> > Change: >>> > >>> > if ((ldap.ldapEmail!=null)&&(!ldap.ldapEmail.equals(""))) >>> > >>> > >>> > to >>> > >>> > >>> > if (ldap.ldapEmail == null) ldap.ldapEmail = ""; >>> > if (true) >>> > >>> > >>> > (I've added an extra line there to hopefully catch another error that >>> could occur.) >>> > >>> > Thanks, >>> > >>> > >>> > Stuart Lewis >>> > IT Innovations Analyst and Developer >>> > Te Tumu Herenga The University of Auckland Library >>> > Auckland Mail Centre, Private Bag 92019, Auckland 1142, New Zealand >>> > Ph: +64 (0)9 373 7599 x81928 >>> > >>> > >>> > >>> > On 27/04/2010, at 4:15 AM, Max McGrath wrote: >>> > >>> > > Hi Stuart - >>> > > >>> > > Here is the code I am looking at: >>> > > >>> > > if ((ldap.ldapEmail!=null)&&(!ldap.ldapEmail.equals(""))) You want me >>> to change this to if (true) and then leave everything else the same??? >>> > > { >>> > > try >>> > > { >>> > > eperson = >>> EPerson.findByEmail(context, ldap.ldapEmail); >>> > > if (eperson!=null) >>> > > { >>> > > log.info >>> (LogManager.getHeader(context, >>> > > >>> "type=ldap-login", "type=ldap_but_already_email")); >>> > > >>> context.setIgnoreAuthorization(true); >>> > > >>> eperson.setNetid(netid.toLowerCase()); >>> > > >>> eperson.update(); >>> > > >>> context.commit(); >>> > > >>> context.setIgnoreAuthorization(false); >>> > > >>> context.setCurrentUser(eperson); >>> > > return SUCCESS; >>> > > } >>> > > else >>> > > { >>> > > if >>> (canSelfRegister(context, request, netid)) >>> > > { >>> > > // >>> TEMPORARILY turn off authorisation >>> > > try >>> > > { >>> > > >>> context.setIgnoreAuthorization(true); >>> > > >>> eperson = EPerson.create(context); >>> > > >>> if ((ldap.ldapEmail != null) && (!ldap.ldapEmail.equals(""))) >>> > > >>> { >>> > > >>> eperson.setEmail(ldap.ldapEmail); >>> > > >>> } >>> > > >>> else >>> > > >>> { >>> > > >>> eperson.setEmail(netid + >>> ConfigurationManager.getProperty("ldap.netid_email_domain")); >>> > > >>> } >>> > > >>> if ((ldap.ldapGivenName!=null) && (!ldap.ldapGivenName.equals(""))) >>> > > >>> { >>> > > >>> eperson.setFirstName(ldap.ldapGivenName); >>> > > >>> } >>> > > >>> if ((ldap.ldapSurname!=null) && (!ldap.ldapSurname.equals(""))) >>> > > >>> { >>> > > >>> eperson.setLastName(ldap.ldapSurname); >>> > > >>> } >>> > > >>> if ((ldap.ldapPhone!=null)&&(!ldap.ldapPhone.equals(""))) >>> > > >>> { >>> > > >>> eperson.setMetadata("phone", ldap.ldapPhone); >>> > > >>> } >>> > > >>> eperson.setNetid(netid.toLowerCase()); >>> > > >>> eperson.setCanLogIn(true); >>> > > >>> AuthenticationManager.initEPerson(context, request, eperson); >>> > > >>> eperson.update(); >>> > > >>> context.commit(); >>> > > >>> context.setCurrentUser(eperson); >>> > > } >>> > > catch >>> (AuthorizeException e) >>> > > { >>> > > >>> return NO_SUCH_USER; >>> > > } >>> > > finally >>> > > { >>> > > >>> context.setIgnoreAuthorization(false); >>> > > } >>> > > >>> > > >>> log.info(LogManager.getHeader(context, "authenticate", >>> > > >>> "type=ldap-login, created ePerson")); >>> > > return >>> SUCCESS; >>> > > } >>> > > else >>> > > { >>> > > // No >>> auto-registration for valid certs >>> > > >>> log.info(LogManager.getHeader(context, >>> > > >>> "failed_login", "type=ldap_but_no_record")); >>> > > return >>> NO_SUCH_USER; >>> > > } >>> > > } >>> > > } >>> > > >>> > > -- >>> > > Max McGrath >>> > > Asst. Network Admin/Systems Specialist >>> > > Carthage College >>> > > 262-552-5512 >>> > > [email protected] >>> > > >>> > > >>> > > On Thu, Apr 22, 2010 at 9:28 PM, Stuart Lewis < >>> [email protected]> wrote: >>> > > Hi Max, >>> > > >>> > > Yes - looks like there's a bit of a logic flow problem going on there >>> - the check for an empty email is being performed twice, and the first is >>> not needed. Try looking at >>> [dsapce-src]/dspace-api/src/main/java/org/dspace/authenticate/LDAPHierarchicalAuthentication.java >>> and find the line: >>> > > >>> > > if ((ldap.ldapEmail!=null)&&(!ldap.ldapEmail.equals(""))) >>> > > >>> > > (about line 254) and change it to: >>> > > >>> > > if (true) >>> > > >>> > > Rebuild, redeploy etc. If may throw a null pointer exception, if so, >>> add just before the if statement: >>> > > >>> > > if (ldap.ldapEmail == null) ldap.ldapEmail = ""; >>> > > >>> > > If this fixes the problem, we'll look at getting it corrected in the >>> next release. >>> > > >>> > > Thanks, >>> > > >>> > > >>> > > Stuart Lewis >>> > > IT Innovations Analyst and Developer >>> > > Te Tumu Herenga The University of Auckland Library >>> > > Auckland Mail Centre, Private Bag 92019, Auckland 1142, New Zealand >>> > > Ph: +64 (0)9 373 7599 x81928 >>> > > >>> > > >>> > > >>> > > On 23/04/2010, at 2:19 PM, Max McGrath wrote: >>> > > >>> > > > That could very well be the case as we do not have the e-mail >>> address field populated in LDAP. But I thought the following code would >>> take care of that: >>> > > > >>> > > > # If your LDAP server does not hold an email address for a user, >>> you can use >>> > > > # the following field to specify your email domain. This value is >>> appended >>> > > > # to the netid in order to make an email address. E.g. a netid of >>> 'user' and >>> > > > # ldap.netid_email_domain as '@example.com' would set the email of >>> the user >>> > > > # to be '[email protected] >>> > > > ldap.netid_email_domain = @carthage.edu >>> > > > -- >>> > > > Max McGrath >>> > > > Asst. Network Admin/Systems Specialist >>> > > > Carthage College >>> > > > 262-552-5512 >>> > > > [email protected] >>> > > > >>> > > > >>> > > > On Thu, Apr 22, 2010 at 9:12 PM, Stuart Lewis < >>> [email protected]> wrote: >>> > > > Hi Max, >>> > > > >>> > > > This code has been stable for a while and is working in a lot of >>> installations, so hopefully there is no bug. One possible cause is that the >>> email address is not being returned from the LDAP query. If there is no >>> email address then an eperson record cannot be created. >>> > > > >>> > > > Check that the following setting is correctly configured in >>> dspace.cfg: >>> > > > >>> > > > ldap.email_field = mail >>> > > > >>> > > > Thanks, >>> > > > >>> > > > >>> > > > Stuart Lewis >>> > > > IT Innovations Analyst and Developer >>> > > > Te Tumu Herenga The University of Auckland Library >>> > > > Auckland Mail Centre, Private Bag 92019, Auckland 1142, New Zealand >>> > > > Ph: +64 (0)9 373 7599 x81928 >>> > > > >>> > > > >>> > > > On 23/04/2010, at 1:48 PM, Max McGrath wrote: >>> > > > >>> > > > > Yes, I do have that set to true and the ePersons are still not >>> being created. >>> > > > > -- >>> > > > > Max McGrath >>> > > > > Asst. Network Admin/Systems Specialist >>> > > > > Carthage College >>> > > > > 262-552-5512 >>> > > > > [email protected] >>> > > > > >>> > > > > >>> > > > > On Thu, Apr 22, 2010 at 1:33 PM, <[email protected]> wrote: >>> > > > > Hi, Max. I'm glad you have LDAP auth working now. >>> > > > > >>> > > > > Do you have webui.ldap.autoregister = true in your dspace.cfg? >>> > > > > >>> > > > > We don't have webui.ldap.autoregister set to true, currently, and >>> we do create all e-person accounts manually for those faculty and staff that >>> need to access DSpace to add or edit objects. We were hoping to turn on >>> webui.ldap.autoregister this summer. >>> > > > > >>> > > > > -- >>> > > > > Stacy Pennington >>> > > > > Rhodes College >>> > > > > [email protected] >>> > > > > (901) 843-3968 >>> > > > > >>> > > > > >>> > > > > --------------------------- >>> > > > > From: Max McGrath [mailto:[email protected]] >>> > > > > Sent: Thursday, April 22, 2010 11:57 AM >>> > > > > To: Pennington_Stacy >>> > > > > Cc: [email protected] >>> > > > > Subject: Re: [Dspace-tech] LDAP with DSpace >>> > > > > >>> > > > > Thanks again Stacy! >>> > > > > >>> > > > > You, however, have been unsuccessful at getting this to >>> automatically create a new ePerson, correct? >>> > > > > >>> > > > > I don't have access to my logs right now, but I can see that LDAP >>> authentication is working, but creating a new ePerson is failing and >>> therefore, not letting me login! >>> > > > > >>> > > > > Is my only option to manually create an ePerson for every person >>> who could potentially login? >>> > > > > -- >>> > > > > Max McGrath >>> > > > > Asst. Network Admin/Systems Specialist >>> > > > > Carthage College >>> > > > > 262-552-5512 >>> > > > > [email protected] >>> > > > > >>> > > > > >>> > > > > <ATT00001..txt><ATT00002..txt> >>> > > > >>> > > > >>> > > > >>> > > > >>> > > >>> > > >>> > > >>> > >>> > >>> > >>> > >>> >>> >>> >>> >> >> >> ------------------------------------------------------------------------------ >> >> _______________________________________________ >> DSpace-tech mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/dspace-tech >> >> >
------------------------------------------------------------------------------
_______________________________________________ DSpace-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dspace-tech
