Hi Max,
Yes - that's right.
Change:
if ((ldap.ldapEmail!=null)&&(!ldap.ldapEmail.equals("")))
to
if (ldap.ldapEmail == null) ldap.ldapEmail = "";
if (true)
(I've added an extra line there to hopefully catch another error that could
occur.)
Thanks,
Stuart Lewis
IT Innovations Analyst and Developer
Te Tumu Herenga The University of Auckland Library
Auckland Mail Centre, Private Bag 92019, Auckland 1142, New Zealand
Ph: +64 (0)9 373 7599 x81928
On 27/04/2010, at 4:15 AM, Max McGrath wrote:
> Hi Stuart -
>
> Here is the code I am looking at:
>
> if ((ldap.ldapEmail!=null)&&(!ldap.ldapEmail.equals(""))) You want me to
> change this to if (true) and then leave everything else the same???
> {
> try
> {
> eperson =
> EPerson.findByEmail(context, ldap.ldapEmail);
> if (eperson!=null)
> {
>
> log.info(LogManager.getHeader(context,
>
> "type=ldap-login", "type=ldap_but_already_email"));
>
> context.setIgnoreAuthorization(true);
>
> eperson.setNetid(netid.toLowerCase());
> eperson.update();
> context.commit();
>
> context.setIgnoreAuthorization(false);
>
> context.setCurrentUser(eperson);
> return SUCCESS;
> }
> else
> {
> if
> (canSelfRegister(context, request, netid))
> {
> // TEMPORARILY
> turn off authorisation
> try
> {
>
> context.setIgnoreAuthorization(true);
> eperson
> = EPerson.create(context);
> if
> ((ldap.ldapEmail != null) && (!ldap.ldapEmail.equals("")))
> {
>
> eperson.setEmail(ldap.ldapEmail);
> }
> else
> {
>
> eperson.setEmail(netid +
> ConfigurationManager.getProperty("ldap.netid_email_domain"));
> }
> if
> ((ldap.ldapGivenName!=null) && (!ldap.ldapGivenName.equals("")))
> {
>
> eperson.setFirstName(ldap.ldapGivenName);
> }
> if
> ((ldap.ldapSurname!=null) && (!ldap.ldapSurname.equals("")))
> {
>
> eperson.setLastName(ldap.ldapSurname);
> }
> if
> ((ldap.ldapPhone!=null)&&(!ldap.ldapPhone.equals("")))
> {
>
> eperson.setMetadata("phone", ldap.ldapPhone);
> }
>
> eperson.setNetid(netid.toLowerCase());
>
> eperson.setCanLogIn(true);
>
> AuthenticationManager.initEPerson(context, request, eperson);
>
> eperson.update();
>
> context.commit();
>
> context.setCurrentUser(eperson);
> }
> catch
> (AuthorizeException e)
> {
> return
> NO_SUCH_USER;
> }
> finally
> {
>
> context.setIgnoreAuthorization(false);
> }
>
>
> log.info(LogManager.getHeader(context, "authenticate",
>
> "type=ldap-login, created ePerson"));
> return SUCCESS;
> }
> else
> {
> // No
> auto-registration for valid certs
>
> log.info(LogManager.getHeader(context,
>
> "failed_login", "type=ldap_but_no_record"));
> return
> NO_SUCH_USER;
> }
> }
> }
>
> --
> Max McGrath
> Asst. Network Admin/Systems Specialist
> Carthage College
> 262-552-5512
> mmcgr...@carthage.edu
>
>
> On Thu, Apr 22, 2010 at 9:28 PM, Stuart Lewis <s.le...@auckland.ac.nz> wrote:
> Hi Max,
>
> Yes - looks like there's a bit of a logic flow problem going on there - the
> check for an empty email is being performed twice, and the first is not
> needed. Try looking at
> [dsapce-src]/dspace-api/src/main/java/org/dspace/authenticate/LDAPHierarchicalAuthentication.java
> and find the line:
>
> if ((ldap.ldapEmail!=null)&&(!ldap.ldapEmail.equals("")))
>
> (about line 254) and change it to:
>
> if (true)
>
> Rebuild, redeploy etc. If may throw a null pointer exception, if so, add just
> before the if statement:
>
> if (ldap.ldapEmail == null) ldap.ldapEmail = "";
>
> If this fixes the problem, we'll look at getting it corrected in the next
> release.
>
> Thanks,
>
>
> Stuart Lewis
> IT Innovations Analyst and Developer
> Te Tumu Herenga The University of Auckland Library
> Auckland Mail Centre, Private Bag 92019, Auckland 1142, New Zealand
> Ph: +64 (0)9 373 7599 x81928
>
>
>
> On 23/04/2010, at 2:19 PM, Max McGrath wrote:
>
> > That could very well be the case as we do not have the e-mail address field
> > populated in LDAP. But I thought the following code would take care of
> > that:
> >
> > # If your LDAP server does not hold an email address for a user, you can use
> > # the following field to specify your email domain. This value is appended
> > # to the netid in order to make an email address. E.g. a netid of 'user' and
> > # ldap.netid_email_domain as '@example.com' would set the email of the user
> > # to be 'u...@example.com
> > ldap.netid_email_domain = @carthage.edu
> > --
> > Max McGrath
> > Asst. Network Admin/Systems Specialist
> > Carthage College
> > 262-552-5512
> > mmcgr...@carthage.edu
> >
> >
> > On Thu, Apr 22, 2010 at 9:12 PM, Stuart Lewis <s.le...@auckland.ac.nz>
> > wrote:
> > Hi Max,
> >
> > This code has been stable for a while and is working in a lot of
> > installations, so hopefully there is no bug. One possible cause is that the
> > email address is not being returned from the LDAP query. If there is no
> > email address then an eperson record cannot be created.
> >
> > Check that the following setting is correctly configured in dspace.cfg:
> >
> > ldap.email_field = mail
> >
> > Thanks,
> >
> >
> > Stuart Lewis
> > IT Innovations Analyst and Developer
> > Te Tumu Herenga The University of Auckland Library
> > Auckland Mail Centre, Private Bag 92019, Auckland 1142, New Zealand
> > Ph: +64 (0)9 373 7599 x81928
> >
> >
> > On 23/04/2010, at 1:48 PM, Max McGrath wrote:
> >
> > > Yes, I do have that set to true and the ePersons are still not being
> > > created.
> > > --
> > > Max McGrath
> > > Asst. Network Admin/Systems Specialist
> > > Carthage College
> > > 262-552-5512
> > > mmcgr...@carthage.edu
> > >
> > >
> > > On Thu, Apr 22, 2010 at 1:33 PM, <penning...@rhodes.edu> wrote:
> > > Hi, Max. I'm glad you have LDAP auth working now.
> > >
> > > Do you have webui.ldap.autoregister = true in your dspace.cfg?
> > >
> > > We don't have webui.ldap.autoregister set to true, currently, and we do
> > > create all e-person accounts manually for those faculty and staff that
> > > need to access DSpace to add or edit objects. We were hoping to turn on
> > > webui.ldap.autoregister this summer.
> > >
> > > --
> > > Stacy Pennington
> > > Rhodes College
> > > penning...@rhodes.edu
> > > (901) 843-3968
> > >
> > >
> > > ---------------------------
> > > From: Max McGrath [mailto:mmcgr...@carthage.edu]
> > > Sent: Thursday, April 22, 2010 11:57 AM
> > > To: Pennington_Stacy
> > > Cc: dspace-tech@lists.sourceforge.net
> > > Subject: Re: [Dspace-tech] LDAP with DSpace
> > >
> > > Thanks again Stacy!
> > >
> > > You, however, have been unsuccessful at getting this to automatically
> > > create a new ePerson, correct?
> > >
> > > I don't have access to my logs right now, but I can see that LDAP
> > > authentication is working, but creating a new ePerson is failing and
> > > therefore, not letting me login!
> > >
> > > Is my only option to manually create an ePerson for every person who
> > > could potentially login?
> > > --
> > > Max McGrath
> > > Asst. Network Admin/Systems Specialist
> > > Carthage College
> > > 262-552-5512
> > > mmcgr...@carthage.edu
> > >
> > >
> > > <ATT00001..txt><ATT00002..txt>
> >
> >
> >
> >
>
>
>
------------------------------------------------------------------------------
_______________________________________________
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
