We are seeing a similar problem. Some of our AD accounts do not have an
email specified. We have the appropriate entries in the cfg file. Going to
try the approach suggested:
Change:
if ((ldap.ldapEmail!=null)&&(!ldap.ldapEmail.equals("")))
to
if (ldap.ldapEmail == null) ldap.ldapEmail = "";
if (true)
Anthony Avarca
aava...@anl.gov
630.252.4940
On Mon, Apr 26, 2010 at 7:44 PM, Max McGrath <mmcgr...@carthage.edu> wrote:
> Hi Stuart -
>
> Thanks for clarifying the rebuild and redeploy.
>
> Unfortunately, still no luck.
>
> I think I'll just start working on populating the e-mail field in LDAP.
>
> Thanks for all your help! I really appreciate it!
>
> Max
>
> --
> Max McGrath
> Asst. Network Admin/Systems Specialist
> Carthage College
> 262-552-5512
> mmcgr...@carthage.edu
>
>
> On Mon, Apr 26, 2010 at 4:02 PM, Stuart Lewis <s.le...@auckland.ac.nz>wrote:
>
>> Hi Max,
>>
>> After making the change you need to re-build tomcat, and redeploy it. You
>> can do this by following steps 7, 8, and 9 in the installation guide:
>>
>> - http://www.dspace.org/1_6_0Documentation/ch03.html#N108B6
>>
>> But at step 8, as this is not a new installation, you need to run 'ant
>> update' instead of 'ant fresh_install'.
>>
>> Thanks,
>>
>>
>> Stuart Lewis
>> IT Innovations Analyst and Developer
>> Te Tumu Herenga The University of Auckland Library
>> Auckland Mail Centre, Private Bag 92019, Auckland 1142, New Zealand
>> Ph: +64 (0)9 373 7599 x81928
>>
>>
>> On 27/04/2010, at 8:57 AM, Max McGrath wrote:
>>
>> > Stuart -
>> >
>> > I made the change and then restarted Tomcat and it still is not working
>> for people that do not have their e-mail address in LDAP.
>> >
>> > Should I have done more than just restarting Tomcat?
>> >
>> > Thanks for all the help!
>> > --
>> > Max McGrath
>> > Asst. Network Admin/Systems Specialist
>> > Carthage College
>> > 262-552-5512
>> > mmcgr...@carthage.edu
>> >
>> >
>> > On Mon, Apr 26, 2010 at 3:46 PM, Stuart Lewis <s.le...@auckland.ac.nz>
>> wrote:
>> > Hi Max,
>> >
>> > Yes - that's right.
>> >
>> > Change:
>> >
>> > if ((ldap.ldapEmail!=null)&&(!ldap.ldapEmail.equals("")))
>> >
>> >
>> > to
>> >
>> >
>> > if (ldap.ldapEmail == null) ldap.ldapEmail = "";
>> > if (true)
>> >
>> >
>> > (I've added an extra line there to hopefully catch another error that
>> could occur.)
>> >
>> > Thanks,
>> >
>> >
>> > Stuart Lewis
>> > IT Innovations Analyst and Developer
>> > Te Tumu Herenga The University of Auckland Library
>> > Auckland Mail Centre, Private Bag 92019, Auckland 1142, New Zealand
>> > Ph: +64 (0)9 373 7599 x81928
>> >
>> >
>> >
>> > On 27/04/2010, at 4:15 AM, Max McGrath wrote:
>> >
>> > > Hi Stuart -
>> > >
>> > > Here is the code I am looking at:
>> > >
>> > > if ((ldap.ldapEmail!=null)&&(!ldap.ldapEmail.equals(""))) You want me
>> to change this to if (true) and then leave everything else the same???
>> > > {
>> > > try
>> > > {
>> > > eperson =
>> EPerson.findByEmail(context, ldap.ldapEmail);
>> > > if (eperson!=null)
>> > > {
>> > > log.info
>> (LogManager.getHeader(context,
>> > >
>> "type=ldap-login", "type=ldap_but_already_email"));
>> > >
>> context.setIgnoreAuthorization(true);
>> > >
>> eperson.setNetid(netid.toLowerCase());
>> > >
>> eperson.update();
>> > >
>> context.commit();
>> > >
>> context.setIgnoreAuthorization(false);
>> > >
>> context.setCurrentUser(eperson);
>> > > return SUCCESS;
>> > > }
>> > > else
>> > > {
>> > > if
>> (canSelfRegister(context, request, netid))
>> > > {
>> > > //
>> TEMPORARILY turn off authorisation
>> > > try
>> > > {
>> > >
>> context.setIgnoreAuthorization(true);
>> > >
>> eperson = EPerson.create(context);
>> > >
>> if ((ldap.ldapEmail != null) && (!ldap.ldapEmail.equals("")))
>> > >
>> {
>> > >
>> eperson.setEmail(ldap.ldapEmail);
>> > >
>> }
>> > >
>> else
>> > >
>> {
>> > >
>> eperson.setEmail(netid +
>> ConfigurationManager.getProperty("ldap.netid_email_domain"));
>> > >
>> }
>> > >
>> if ((ldap.ldapGivenName!=null) && (!ldap.ldapGivenName.equals("")))
>> > >
>> {
>> > >
>> eperson.setFirstName(ldap.ldapGivenName);
>> > >
>> }
>> > >
>> if ((ldap.ldapSurname!=null) && (!ldap.ldapSurname.equals("")))
>> > >
>> {
>> > >
>> eperson.setLastName(ldap.ldapSurname);
>> > >
>> }
>> > >
>> if ((ldap.ldapPhone!=null)&&(!ldap.ldapPhone.equals("")))
>> > >
>> {
>> > >
>> eperson.setMetadata("phone", ldap.ldapPhone);
>> > >
>> }
>> > >
>> eperson.setNetid(netid.toLowerCase());
>> > >
>> eperson.setCanLogIn(true);
>> > >
>> AuthenticationManager.initEPerson(context, request, eperson);
>> > >
>> eperson.update();
>> > >
>> context.commit();
>> > >
>> context.setCurrentUser(eperson);
>> > > }
>> > > catch
>> (AuthorizeException e)
>> > > {
>> > >
>> return NO_SUCH_USER;
>> > > }
>> > > finally
>> > > {
>> > >
>> context.setIgnoreAuthorization(false);
>> > > }
>> > >
>> > >
>> log.info(LogManager.getHeader(context, "authenticate",
>> > >
>> "type=ldap-login, created ePerson"));
>> > > return
>> SUCCESS;
>> > > }
>> > > else
>> > > {
>> > > // No
>> auto-registration for valid certs
>> > >
>> log.info(LogManager.getHeader(context,
>> > >
>> "failed_login", "type=ldap_but_no_record"));
>> > > return
>> NO_SUCH_USER;
>> > > }
>> > > }
>> > > }
>> > >
>> > > --
>> > > Max McGrath
>> > > Asst. Network Admin/Systems Specialist
>> > > Carthage College
>> > > 262-552-5512
>> > > mmcgr...@carthage.edu
>> > >
>> > >
>> > > On Thu, Apr 22, 2010 at 9:28 PM, Stuart Lewis <s.le...@auckland.ac.nz>
>> wrote:
>> > > Hi Max,
>> > >
>> > > Yes - looks like there's a bit of a logic flow problem going on there
>> - the check for an empty email is being performed twice, and the first is
>> not needed. Try looking at
>> [dsapce-src]/dspace-api/src/main/java/org/dspace/authenticate/LDAPHierarchicalAuthentication.java
>> and find the line:
>> > >
>> > > if ((ldap.ldapEmail!=null)&&(!ldap.ldapEmail.equals("")))
>> > >
>> > > (about line 254) and change it to:
>> > >
>> > > if (true)
>> > >
>> > > Rebuild, redeploy etc. If may throw a null pointer exception, if so,
>> add just before the if statement:
>> > >
>> > > if (ldap.ldapEmail == null) ldap.ldapEmail = "";
>> > >
>> > > If this fixes the problem, we'll look at getting it corrected in the
>> next release.
>> > >
>> > > Thanks,
>> > >
>> > >
>> > > Stuart Lewis
>> > > IT Innovations Analyst and Developer
>> > > Te Tumu Herenga The University of Auckland Library
>> > > Auckland Mail Centre, Private Bag 92019, Auckland 1142, New Zealand
>> > > Ph: +64 (0)9 373 7599 x81928
>> > >
>> > >
>> > >
>> > > On 23/04/2010, at 2:19 PM, Max McGrath wrote:
>> > >
>> > > > That could very well be the case as we do not have the e-mail
>> address field populated in LDAP. But I thought the following code would
>> take care of that:
>> > > >
>> > > > # If your LDAP server does not hold an email address for a user, you
>> can use
>> > > > # the following field to specify your email domain. This value is
>> appended
>> > > > # to the netid in order to make an email address. E.g. a netid of
>> 'user' and
>> > > > # ldap.netid_email_domain as '@example.com' would set the email of
>> the user
>> > > > # to be 'u...@example.com
>> > > > ldap.netid_email_domain = @carthage.edu
>> > > > --
>> > > > Max McGrath
>> > > > Asst. Network Admin/Systems Specialist
>> > > > Carthage College
>> > > > 262-552-5512
>> > > > mmcgr...@carthage.edu
>> > > >
>> > > >
>> > > > On Thu, Apr 22, 2010 at 9:12 PM, Stuart Lewis <
>> s.le...@auckland.ac.nz> wrote:
>> > > > Hi Max,
>> > > >
>> > > > This code has been stable for a while and is working in a lot of
>> installations, so hopefully there is no bug. One possible cause is that the
>> email address is not being returned from the LDAP query. If there is no
>> email address then an eperson record cannot be created.
>> > > >
>> > > > Check that the following setting is correctly configured in
>> dspace.cfg:
>> > > >
>> > > > ldap.email_field = mail
>> > > >
>> > > > Thanks,
>> > > >
>> > > >
>> > > > Stuart Lewis
>> > > > IT Innovations Analyst and Developer
>> > > > Te Tumu Herenga The University of Auckland Library
>> > > > Auckland Mail Centre, Private Bag 92019, Auckland 1142, New Zealand
>> > > > Ph: +64 (0)9 373 7599 x81928
>> > > >
>> > > >
>> > > > On 23/04/2010, at 1:48 PM, Max McGrath wrote:
>> > > >
>> > > > > Yes, I do have that set to true and the ePersons are still not
>> being created.
>> > > > > --
>> > > > > Max McGrath
>> > > > > Asst. Network Admin/Systems Specialist
>> > > > > Carthage College
>> > > > > 262-552-5512
>> > > > > mmcgr...@carthage.edu
>> > > > >
>> > > > >
>> > > > > On Thu, Apr 22, 2010 at 1:33 PM, <penning...@rhodes.edu> wrote:
>> > > > > Hi, Max. I'm glad you have LDAP auth working now.
>> > > > >
>> > > > > Do you have webui.ldap.autoregister = true in your dspace.cfg?
>> > > > >
>> > > > > We don't have webui.ldap.autoregister set to true, currently, and
>> we do create all e-person accounts manually for those faculty and staff that
>> need to access DSpace to add or edit objects. We were hoping to turn on
>> webui.ldap.autoregister this summer.
>> > > > >
>> > > > > --
>> > > > > Stacy Pennington
>> > > > > Rhodes College
>> > > > > penning...@rhodes.edu
>> > > > > (901) 843-3968
>> > > > >
>> > > > >
>> > > > > ---------------------------
>> > > > > From: Max McGrath [mailto:mmcgr...@carthage.edu]
>> > > > > Sent: Thursday, April 22, 2010 11:57 AM
>> > > > > To: Pennington_Stacy
>> > > > > Cc: dspace-tech@lists.sourceforge.net
>> > > > > Subject: Re: [Dspace-tech] LDAP with DSpace
>> > > > >
>> > > > > Thanks again Stacy!
>> > > > >
>> > > > > You, however, have been unsuccessful at getting this to
>> automatically create a new ePerson, correct?
>> > > > >
>> > > > > I don't have access to my logs right now, but I can see that LDAP
>> authentication is working, but creating a new ePerson is failing and
>> therefore, not letting me login!
>> > > > >
>> > > > > Is my only option to manually create an ePerson for every person
>> who could potentially login?
>> > > > > --
>> > > > > Max McGrath
>> > > > > Asst. Network Admin/Systems Specialist
>> > > > > Carthage College
>> > > > > 262-552-5512
>> > > > > mmcgr...@carthage.edu
>> > > > >
>> > > > >
>> > > > > <ATT00001..txt><ATT00002..txt>
>> > > >
>> > > >
>> > > >
>> > > >
>> > >
>> > >
>> > >
>> >
>> >
>> >
>> >
>>
>>
>>
>>
>
>
> ------------------------------------------------------------------------------
>
> _______________________________________________
> DSpace-tech mailing list
> DSpace-tech@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/dspace-tech
>
>
------------------------------------------------------------------------------
_______________________________________________
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
