Hi again all -- I am having some difficulties with auto-registration of LDAP authenticated users.
When I first sign in as a user who exists only in LDAP, most of the profile entries are wrong, and I can't figure out why. I thought it was probably permissions, but I have gotten to the point where everything in the LDAP is at least readable by everyone, and it's still failing. One issue is, I can't seem to find any error messages -- I'm new to tomcat and Java generally, so pointers to docs on more verbose logging would be welcome. What I have done is, first set up a DSpace admin user via the regular password mechanism. The plan was then to create a new LDAP user, add it to the admin group, and then turn off password authentication. That actually all works fine, that's independent of the profile issue. Here is an example -- this is all on a VM with local mail transport, it's DSpace 3.2, and CentOS 6.4, and I am using the xmlui interface via mod_jk from Apache 2.2, with a local LDAP service, over https. In LDAP, I have an "accounts" OU, and there's a user whose LDIF looks like this: > dn: uid=dadmin,ou=accounts,dc=<rest-of-domain> > objectClass: inetOrgPerson > cn: New Guy > sn: Guy > givenName: New > uid: dadmin > userPassword:: e1NTSEF9OUxqZ2ozUU9VNjZtaU9JTkJoSTlqZjlzVHVYM2hJTjg= > mail: dadmin@localhost > description: Dspace experiment Initially, this user is not present as a DSpace "E-Person", until I log in via the LDAP. I successfully authenticate as "dadmin", and then the original admin user gets this e-mail: > A new user has registered on Example DSpace at <URL>: > > Name: null null > Email: dadminnull > Date: 9/13/13 2:15 PM So, apparently autoregistration is happening, but it's not seeing the right info. The authentication-ldap.cfg file's non-comment entries are these: > enable = true > autoregister = true > provider_url = ldap://localhost/ > id_field = uid > object_context = ou=accounts,dc=<rest-of-domain> > search_context = ou=accounts,dc=<rest-of-domain> > email_field = mail > surname_field = sn > givenname_field = givenName The fact that the authentication succeeds makes me think I'm not too far off. I don't think I've typo'd any of the field names on either side. Is there some subtlety in the permissions that I'm missing? Does this work for other people? I'm not doing heirarchical authentication, should I be? I have set xmlui.user.registration=false and xmlui.user.editmetadata=false in dspace.cfg, but these do not appear to affect the auto-registration, only later edits. Any extra clues would be appreciated. -- A. -- Dr. Andrew C. E. Reid Physical Scientist, Computer Operations Administrator Center for Theoretical and Computational Materials Science National Institute of Standards and Technology, Mail Stop 8555 Gaithersburg MD 20899 USA [email protected] ------------------------------------------------------------------------------ How ServiceNow helps IT people transform IT departments: 1. Consolidate legacy IT systems to a single system of record for IT 2. Standardize and globalize service processes across IT 3. Implement zero-touch automation to replace manual, redundant tasks http://pubads.g.doubleclick.net/gampad/clk?id=51271111&iu=/4140/ostg.clktrk _______________________________________________ DSpace-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
