Make it possible to guarantee config file values are filled thru the
ConfigurationManager API
---------------------------------------------------------------------------------------------
Key: DS-616
URL: http://jira.dspace.org/jira/browse/DS-616
Project: DSpace 1.x
Issue Type: Improvement
Reporter: Flávio Botelho
Sometimes users leave certain necessary config values commented and instead of
getting nice error messages back telling that a certain value needs to be
filled, a random exception (most of the time it will probably be NullPointer)
comes back.
It is as easy as adding a boolean flag to getProperty in ConfigurationManager
so that if the flag is true, it should make sure it wont return null, if the
value is null it should log and error message and simply 404.
The hard part would be go after the places in code that should call getProperty
with the flag true, but i guess that can be done over time...
Example of emails on dspace-tech showing that happening:
Aha! I now realize what it is. The ldap.search_scope value is
commented out by default in the config file. I mistakenly believed that
this implied a default value of 2. If you leave the value commented out
and enable Hierarchical LDAP authentication, you generate a
NullPointerException.
All appears to be well. Thanks everyone.
Jason
- Hide quoted text -
On 6/25/10 4:24 PM, Stuart Lewis wrote:
> Hi Jason,
>
> DSpace ships with two LDAP options - LDAPAuthentication and
> LDAPHeirarchicalAuthentication.
>
> If all your users are in one branch of an ldap tree (e.g. they all exist in
> ou=users,dc=unb,dc=ca) then you can use the former. This does not perform an
> initial bind, it just binds to the user's DN using their credentials. If the
> bind is successful then it allows the user to log in to DSpace.
>
> If your users are scattered across many different branches, then you'll need
> to use the LDAPHeirarchicalAuthentication option. This has extra settings in
> dspace.cfg to set the DN and password of a user who has search rights across
> the LDAP directory. DSpace will bind as that user and then perform a search
> to find the DN of the user who is trying to log in. Once it finds that, it
> then binds a second time to that DN, using the user's password.
>
> Hopefully the comments in dspace.cfg will guide you through the different
> settings. This blog post has some examples settings in that might help
> demonstrate what you need to put in where:
>
> -
> http://blog.stuartlewis.com/2008/08/18/test-ldap-service-upgraded-now-with-branches/
>
> Thanks,
>
>
> Stuart Lewis
> IT Innovations Analyst and Developer
> Te Tumu Herenga The University of Auckland Library
> Auckland Mail Centre, Private Bag 92019, Auckland 1142, New Zealand
> Ph: +64 (0)9 373 7599 x81928
>
>
> On 26/06/2010, at 2:51 AM, Jason Nugent wrote:
>
>> Hi folks,
>>
>> Just to confirm, does DSpace perform a two step check and then bind for
>> authentication? I ask, because I've been talking to the fellow who has
>> access to our LDAP server logs and he has informed me that it appears as
>> though DSpace is attempting to bind with uid=jnugent,dc=unb,dc=ca, which
>> is obviously incorrect. What it *should* be doing is an initial search
>> with (uid=jnugent) as a filter, using the
>> ldap.search_user/search_password, and then retrieving the DN for my
>> record and binding with that, and the supplied password. In my case, my
>> full DN is unbCaId=XXXXXXX,ou=people,dc=unb,dc=ca where XXXXXX is a
>> unique string. Our users would never know what that string was.
>>
>> It sounds as though the setting for ldap.object_context is involved in
>> this, since it is appended to the ldap.id_field and username, but in my
>> case, I'd want it appended to unbCaID=XXXXXX, not my uid=jnugent string.
>>
>> Regards,
>>
>> Jason
>> --
>> Jason Nugent
>> Systems Programmer/Database Developer
>> Electronic Text Centre
>> University of New Brunswick
>> jnug...@unb.ca
>> (506) 447 3177
>>
>> ------------------------------------------------------------------------------
>> ThinkGeek and WIRED's GeekDad team up for the Ultimate
>> GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the
>> lucky parental unit. See the prize list and enter to win:
>> http://p.sf.net/sfu/thinkgeek-promo
>> _______________________________________________
>> DSpace-tech mailing list
>> dspace-t...@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/dspace-tech
>
>
>
>
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.dspace.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
------------------------------------------------------------------------------
This SF.net email is sponsored by Sprint
What will you do first with EVO, the first 4G phone?
Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
_______________________________________________
Dspace-devel mailing list
Dspace-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-devel
