Stuart -
I made the change and then restarted Tomcat and it still is not working for
people that do not have their e-mail address in LDAP.
Should I have done more than just restarting Tomcat?
Thanks for all the help!
--
Max McGrath
Asst. Network Admin/Systems Specialist
Carthage College
262-552-5512
mmcgr...@carthage.edu
On Mon, Apr 26, 2010 at 3:46 PM, Stuart Lewis <s.le...@auckland.ac.nz>wrote:
> Hi Max,
>
> Yes - that's right.
>
> Change:
>
> if ((ldap.ldapEmail!=null)&&(!ldap.ldapEmail.equals("")))
>
>
> to
>
>
> if (ldap.ldapEmail == null) ldap.ldapEmail = "";
> if (true)
>
>
> (I've added an extra line there to hopefully catch another error that could
> occur.)
>
> Thanks,
>
>
> Stuart Lewis
> IT Innovations Analyst and Developer
> Te Tumu Herenga The University of Auckland Library
> Auckland Mail Centre, Private Bag 92019, Auckland 1142, New Zealand
> Ph: +64 (0)9 373 7599 x81928
>
>
>
> On 27/04/2010, at 4:15 AM, Max McGrath wrote:
>
> > Hi Stuart -
> >
> > Here is the code I am looking at:
> >
> > if ((ldap.ldapEmail!=null)&&(!ldap.ldapEmail.equals(""))) You want me to
> change this to if (true) and then leave everything else the same???
> > {
> > try
> > {
> > eperson =
> EPerson.findByEmail(context, ldap.ldapEmail);
> > if (eperson!=null)
> > {
> > log.info
> (LogManager.getHeader(context,
> >
> "type=ldap-login", "type=ldap_but_already_email"));
> >
> context.setIgnoreAuthorization(true);
> >
> eperson.setNetid(netid.toLowerCase());
> > eperson.update();
> > context.commit();
> >
> context.setIgnoreAuthorization(false);
> >
> context.setCurrentUser(eperson);
> > return SUCCESS;
> > }
> > else
> > {
> > if
> (canSelfRegister(context, request, netid))
> > {
> > //
> TEMPORARILY turn off authorisation
> > try
> > {
> >
> context.setIgnoreAuthorization(true);
> >
> eperson = EPerson.create(context);
> > if
> ((ldap.ldapEmail != null) && (!ldap.ldapEmail.equals("")))
> > {
> >
> eperson.setEmail(ldap.ldapEmail);
> > }
> >
> else
> > {
> >
> eperson.setEmail(netid +
> ConfigurationManager.getProperty("ldap.netid_email_domain"));
> > }
> > if
> ((ldap.ldapGivenName!=null) && (!ldap.ldapGivenName.equals("")))
> > {
> >
> eperson.setFirstName(ldap.ldapGivenName);
> > }
> > if
> ((ldap.ldapSurname!=null) && (!ldap.ldapSurname.equals("")))
> > {
> >
> eperson.setLastName(ldap.ldapSurname);
> > }
> > if
> ((ldap.ldapPhone!=null)&&(!ldap.ldapPhone.equals("")))
> > {
> >
> eperson.setMetadata("phone", ldap.ldapPhone);
> > }
> >
> eperson.setNetid(netid.toLowerCase());
> >
> eperson.setCanLogIn(true);
> >
> AuthenticationManager.initEPerson(context, request, eperson);
> >
> eperson.update();
> >
> context.commit();
> >
> context.setCurrentUser(eperson);
> > }
> > catch
> (AuthorizeException e)
> > {
> >
> return NO_SUCH_USER;
> > }
> > finally
> > {
> >
> context.setIgnoreAuthorization(false);
> > }
> >
> >
> > log.info(LogManager.getHeader(context,
> "authenticate",
> >
> "type=ldap-login, created ePerson"));
> > return
> SUCCESS;
> > }
> > else
> > {
> > // No
> auto-registration for valid certs
> > log.info
> (LogManager.getHeader(context,
> >
> "failed_login", "type=ldap_but_no_record"));
> > return
> NO_SUCH_USER;
> > }
> > }
> > }
> >
> > --
> > Max McGrath
> > Asst. Network Admin/Systems Specialist
> > Carthage College
> > 262-552-5512
> > mmcgr...@carthage.edu
> >
> >
> > On Thu, Apr 22, 2010 at 9:28 PM, Stuart Lewis <s.le...@auckland.ac.nz>
> wrote:
> > Hi Max,
> >
> > Yes - looks like there's a bit of a logic flow problem going on there -
> the check for an empty email is being performed twice, and the first is not
> needed. Try looking at
> [dsapce-src]/dspace-api/src/main/java/org/dspace/authenticate/LDAPHierarchicalAuthentication.java
> and find the line:
> >
> > if ((ldap.ldapEmail!=null)&&(!ldap.ldapEmail.equals("")))
> >
> > (about line 254) and change it to:
> >
> > if (true)
> >
> > Rebuild, redeploy etc. If may throw a null pointer exception, if so, add
> just before the if statement:
> >
> > if (ldap.ldapEmail == null) ldap.ldapEmail = "";
> >
> > If this fixes the problem, we'll look at getting it corrected in the next
> release.
> >
> > Thanks,
> >
> >
> > Stuart Lewis
> > IT Innovations Analyst and Developer
> > Te Tumu Herenga The University of Auckland Library
> > Auckland Mail Centre, Private Bag 92019, Auckland 1142, New Zealand
> > Ph: +64 (0)9 373 7599 x81928
> >
> >
> >
> > On 23/04/2010, at 2:19 PM, Max McGrath wrote:
> >
> > > That could very well be the case as we do not have the e-mail address
> field populated in LDAP. But I thought the following code would take care
> of that:
> > >
> > > # If your LDAP server does not hold an email address for a user, you
> can use
> > > # the following field to specify your email domain. This value is
> appended
> > > # to the netid in order to make an email address. E.g. a netid of
> 'user' and
> > > # ldap.netid_email_domain as '@example.com' would set the email of the
> user
> > > # to be 'u...@example.com
> > > ldap.netid_email_domain = @carthage.edu
> > > --
> > > Max McGrath
> > > Asst. Network Admin/Systems Specialist
> > > Carthage College
> > > 262-552-5512
> > > mmcgr...@carthage.edu
> > >
> > >
> > > On Thu, Apr 22, 2010 at 9:12 PM, Stuart Lewis <s.le...@auckland.ac.nz>
> wrote:
> > > Hi Max,
> > >
> > > This code has been stable for a while and is working in a lot of
> installations, so hopefully there is no bug. One possible cause is that the
> email address is not being returned from the LDAP query. If there is no
> email address then an eperson record cannot be created.
> > >
> > > Check that the following setting is correctly configured in dspace.cfg:
> > >
> > > ldap.email_field = mail
> > >
> > > Thanks,
> > >
> > >
> > > Stuart Lewis
> > > IT Innovations Analyst and Developer
> > > Te Tumu Herenga The University of Auckland Library
> > > Auckland Mail Centre, Private Bag 92019, Auckland 1142, New Zealand
> > > Ph: +64 (0)9 373 7599 x81928
> > >
> > >
> > > On 23/04/2010, at 1:48 PM, Max McGrath wrote:
> > >
> > > > Yes, I do have that set to true and the ePersons are still not being
> created.
> > > > --
> > > > Max McGrath
> > > > Asst. Network Admin/Systems Specialist
> > > > Carthage College
> > > > 262-552-5512
> > > > mmcgr...@carthage.edu
> > > >
> > > >
> > > > On Thu, Apr 22, 2010 at 1:33 PM, <penning...@rhodes.edu> wrote:
> > > > Hi, Max. I'm glad you have LDAP auth working now.
> > > >
> > > > Do you have webui.ldap.autoregister = true in your dspace.cfg?
> > > >
> > > > We don't have webui.ldap.autoregister set to true, currently, and we
> do create all e-person accounts manually for those faculty and staff that
> need to access DSpace to add or edit objects. We were hoping to turn on
> webui.ldap.autoregister this summer.
> > > >
> > > > --
> > > > Stacy Pennington
> > > > Rhodes College
> > > > penning...@rhodes.edu
> > > > (901) 843-3968
> > > >
> > > >
> > > > ---------------------------
> > > > From: Max McGrath [mailto:mmcgr...@carthage.edu]
> > > > Sent: Thursday, April 22, 2010 11:57 AM
> > > > To: Pennington_Stacy
> > > > Cc: dspace-tech@lists.sourceforge.net
> > > > Subject: Re: [Dspace-tech] LDAP with DSpace
> > > >
> > > > Thanks again Stacy!
> > > >
> > > > You, however, have been unsuccessful at getting this to automatically
> create a new ePerson, correct?
> > > >
> > > > I don't have access to my logs right now, but I can see that LDAP
> authentication is working, but creating a new ePerson is failing and
> therefore, not letting me login!
> > > >
> > > > Is my only option to manually create an ePerson for every person who
> could potentially login?
> > > > --
> > > > Max McGrath
> > > > Asst. Network Admin/Systems Specialist
> > > > Carthage College
> > > > 262-552-5512
> > > > mmcgr...@carthage.edu
> > > >
> > > >
> > > > <ATT00001..txt><ATT00002..txt>
> > >
> > >
> > >
> > >
> >
> >
> >
>
>
>
>
------------------------------------------------------------------------------
_______________________________________________
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
