We are seeing a similar problem. Some of our AD accounts do not have an email specified. We have the appropriate entries in the cfg file. Going to try the approach suggested:
Change: if ((ldap.ldapEmail!=null)&&(!ldap.ldapEmail.equals(""))) to if (ldap.ldapEmail == null) ldap.ldapEmail = ""; if (true) Anthony Avarca aava...@anl.gov 630.252.4940 On Mon, Apr 26, 2010 at 7:44 PM, Max McGrath <mmcgr...@carthage.edu> wrote: > Hi Stuart - > > Thanks for clarifying the rebuild and redeploy. > > Unfortunately, still no luck. > > I think I'll just start working on populating the e-mail field in LDAP. > > Thanks for all your help! I really appreciate it! > > Max > > -- > Max McGrath > Asst. Network Admin/Systems Specialist > Carthage College > 262-552-5512 > mmcgr...@carthage.edu > > > On Mon, Apr 26, 2010 at 4:02 PM, Stuart Lewis <s.le...@auckland.ac.nz>wrote: > >> Hi Max, >> >> After making the change you need to re-build tomcat, and redeploy it. You >> can do this by following steps 7, 8, and 9 in the installation guide: >> >> - http://www.dspace.org/1_6_0Documentation/ch03.html#N108B6 >> >> But at step 8, as this is not a new installation, you need to run 'ant >> update' instead of 'ant fresh_install'. >> >> Thanks, >> >> >> Stuart Lewis >> IT Innovations Analyst and Developer >> Te Tumu Herenga The University of Auckland Library >> Auckland Mail Centre, Private Bag 92019, Auckland 1142, New Zealand >> Ph: +64 (0)9 373 7599 x81928 >> >> >> On 27/04/2010, at 8:57 AM, Max McGrath wrote: >> >> > Stuart - >> > >> > I made the change and then restarted Tomcat and it still is not working >> for people that do not have their e-mail address in LDAP. >> > >> > Should I have done more than just restarting Tomcat? >> > >> > Thanks for all the help! >> > -- >> > Max McGrath >> > Asst. Network Admin/Systems Specialist >> > Carthage College >> > 262-552-5512 >> > mmcgr...@carthage.edu >> > >> > >> > On Mon, Apr 26, 2010 at 3:46 PM, Stuart Lewis <s.le...@auckland.ac.nz> >> wrote: >> > Hi Max, >> > >> > Yes - that's right. >> > >> > Change: >> > >> > if ((ldap.ldapEmail!=null)&&(!ldap.ldapEmail.equals(""))) >> > >> > >> > to >> > >> > >> > if (ldap.ldapEmail == null) ldap.ldapEmail = ""; >> > if (true) >> > >> > >> > (I've added an extra line there to hopefully catch another error that >> could occur.) >> > >> > Thanks, >> > >> > >> > Stuart Lewis >> > IT Innovations Analyst and Developer >> > Te Tumu Herenga The University of Auckland Library >> > Auckland Mail Centre, Private Bag 92019, Auckland 1142, New Zealand >> > Ph: +64 (0)9 373 7599 x81928 >> > >> > >> > >> > On 27/04/2010, at 4:15 AM, Max McGrath wrote: >> > >> > > Hi Stuart - >> > > >> > > Here is the code I am looking at: >> > > >> > > if ((ldap.ldapEmail!=null)&&(!ldap.ldapEmail.equals(""))) You want me >> to change this to if (true) and then leave everything else the same??? >> > > { >> > > try >> > > { >> > > eperson = >> EPerson.findByEmail(context, ldap.ldapEmail); >> > > if (eperson!=null) >> > > { >> > > log.info >> (LogManager.getHeader(context, >> > > >> "type=ldap-login", "type=ldap_but_already_email")); >> > > >> context.setIgnoreAuthorization(true); >> > > >> eperson.setNetid(netid.toLowerCase()); >> > > >> eperson.update(); >> > > >> context.commit(); >> > > >> context.setIgnoreAuthorization(false); >> > > >> context.setCurrentUser(eperson); >> > > return SUCCESS; >> > > } >> > > else >> > > { >> > > if >> (canSelfRegister(context, request, netid)) >> > > { >> > > // >> TEMPORARILY turn off authorisation >> > > try >> > > { >> > > >> context.setIgnoreAuthorization(true); >> > > >> eperson = EPerson.create(context); >> > > >> if ((ldap.ldapEmail != null) && (!ldap.ldapEmail.equals(""))) >> > > >> { >> > > >> eperson.setEmail(ldap.ldapEmail); >> > > >> } >> > > >> else >> > > >> { >> > > >> eperson.setEmail(netid + >> ConfigurationManager.getProperty("ldap.netid_email_domain")); >> > > >> } >> > > >> if ((ldap.ldapGivenName!=null) && (!ldap.ldapGivenName.equals(""))) >> > > >> { >> > > >> eperson.setFirstName(ldap.ldapGivenName); >> > > >> } >> > > >> if ((ldap.ldapSurname!=null) && (!ldap.ldapSurname.equals(""))) >> > > >> { >> > > >> eperson.setLastName(ldap.ldapSurname); >> > > >> } >> > > >> if ((ldap.ldapPhone!=null)&&(!ldap.ldapPhone.equals(""))) >> > > >> { >> > > >> eperson.setMetadata("phone", ldap.ldapPhone); >> > > >> } >> > > >> eperson.setNetid(netid.toLowerCase()); >> > > >> eperson.setCanLogIn(true); >> > > >> AuthenticationManager.initEPerson(context, request, eperson); >> > > >> eperson.update(); >> > > >> context.commit(); >> > > >> context.setCurrentUser(eperson); >> > > } >> > > catch >> (AuthorizeException e) >> > > { >> > > >> return NO_SUCH_USER; >> > > } >> > > finally >> > > { >> > > >> context.setIgnoreAuthorization(false); >> > > } >> > > >> > > >> log.info(LogManager.getHeader(context, "authenticate", >> > > >> "type=ldap-login, created ePerson")); >> > > return >> SUCCESS; >> > > } >> > > else >> > > { >> > > // No >> auto-registration for valid certs >> > > >> log.info(LogManager.getHeader(context, >> > > >> "failed_login", "type=ldap_but_no_record")); >> > > return >> NO_SUCH_USER; >> > > } >> > > } >> > > } >> > > >> > > -- >> > > Max McGrath >> > > Asst. Network Admin/Systems Specialist >> > > Carthage College >> > > 262-552-5512 >> > > mmcgr...@carthage.edu >> > > >> > > >> > > On Thu, Apr 22, 2010 at 9:28 PM, Stuart Lewis <s.le...@auckland.ac.nz> >> wrote: >> > > Hi Max, >> > > >> > > Yes - looks like there's a bit of a logic flow problem going on there >> - the check for an empty email is being performed twice, and the first is >> not needed. Try looking at >> [dsapce-src]/dspace-api/src/main/java/org/dspace/authenticate/LDAPHierarchicalAuthentication.java >> and find the line: >> > > >> > > if ((ldap.ldapEmail!=null)&&(!ldap.ldapEmail.equals(""))) >> > > >> > > (about line 254) and change it to: >> > > >> > > if (true) >> > > >> > > Rebuild, redeploy etc. If may throw a null pointer exception, if so, >> add just before the if statement: >> > > >> > > if (ldap.ldapEmail == null) ldap.ldapEmail = ""; >> > > >> > > If this fixes the problem, we'll look at getting it corrected in the >> next release. >> > > >> > > Thanks, >> > > >> > > >> > > Stuart Lewis >> > > IT Innovations Analyst and Developer >> > > Te Tumu Herenga The University of Auckland Library >> > > Auckland Mail Centre, Private Bag 92019, Auckland 1142, New Zealand >> > > Ph: +64 (0)9 373 7599 x81928 >> > > >> > > >> > > >> > > On 23/04/2010, at 2:19 PM, Max McGrath wrote: >> > > >> > > > That could very well be the case as we do not have the e-mail >> address field populated in LDAP. But I thought the following code would >> take care of that: >> > > > >> > > > # If your LDAP server does not hold an email address for a user, you >> can use >> > > > # the following field to specify your email domain. This value is >> appended >> > > > # to the netid in order to make an email address. E.g. a netid of >> 'user' and >> > > > # ldap.netid_email_domain as '@example.com' would set the email of >> the user >> > > > # to be 'u...@example.com >> > > > ldap.netid_email_domain = @carthage.edu >> > > > -- >> > > > Max McGrath >> > > > Asst. Network Admin/Systems Specialist >> > > > Carthage College >> > > > 262-552-5512 >> > > > mmcgr...@carthage.edu >> > > > >> > > > >> > > > On Thu, Apr 22, 2010 at 9:12 PM, Stuart Lewis < >> s.le...@auckland.ac.nz> wrote: >> > > > Hi Max, >> > > > >> > > > This code has been stable for a while and is working in a lot of >> installations, so hopefully there is no bug. One possible cause is that the >> email address is not being returned from the LDAP query. If there is no >> email address then an eperson record cannot be created. >> > > > >> > > > Check that the following setting is correctly configured in >> dspace.cfg: >> > > > >> > > > ldap.email_field = mail >> > > > >> > > > Thanks, >> > > > >> > > > >> > > > Stuart Lewis >> > > > IT Innovations Analyst and Developer >> > > > Te Tumu Herenga The University of Auckland Library >> > > > Auckland Mail Centre, Private Bag 92019, Auckland 1142, New Zealand >> > > > Ph: +64 (0)9 373 7599 x81928 >> > > > >> > > > >> > > > On 23/04/2010, at 1:48 PM, Max McGrath wrote: >> > > > >> > > > > Yes, I do have that set to true and the ePersons are still not >> being created. >> > > > > -- >> > > > > Max McGrath >> > > > > Asst. Network Admin/Systems Specialist >> > > > > Carthage College >> > > > > 262-552-5512 >> > > > > mmcgr...@carthage.edu >> > > > > >> > > > > >> > > > > On Thu, Apr 22, 2010 at 1:33 PM, <penning...@rhodes.edu> wrote: >> > > > > Hi, Max. I'm glad you have LDAP auth working now. >> > > > > >> > > > > Do you have webui.ldap.autoregister = true in your dspace.cfg? >> > > > > >> > > > > We don't have webui.ldap.autoregister set to true, currently, and >> we do create all e-person accounts manually for those faculty and staff that >> need to access DSpace to add or edit objects. We were hoping to turn on >> webui.ldap.autoregister this summer. >> > > > > >> > > > > -- >> > > > > Stacy Pennington >> > > > > Rhodes College >> > > > > penning...@rhodes.edu >> > > > > (901) 843-3968 >> > > > > >> > > > > >> > > > > --------------------------- >> > > > > From: Max McGrath [mailto:mmcgr...@carthage.edu] >> > > > > Sent: Thursday, April 22, 2010 11:57 AM >> > > > > To: Pennington_Stacy >> > > > > Cc: dspace-tech@lists.sourceforge.net >> > > > > Subject: Re: [Dspace-tech] LDAP with DSpace >> > > > > >> > > > > Thanks again Stacy! >> > > > > >> > > > > You, however, have been unsuccessful at getting this to >> automatically create a new ePerson, correct? >> > > > > >> > > > > I don't have access to my logs right now, but I can see that LDAP >> authentication is working, but creating a new ePerson is failing and >> therefore, not letting me login! >> > > > > >> > > > > Is my only option to manually create an ePerson for every person >> who could potentially login? >> > > > > -- >> > > > > Max McGrath >> > > > > Asst. Network Admin/Systems Specialist >> > > > > Carthage College >> > > > > 262-552-5512 >> > > > > mmcgr...@carthage.edu >> > > > > >> > > > > >> > > > > <ATT00001..txt><ATT00002..txt> >> > > > >> > > > >> > > > >> > > > >> > > >> > > >> > > >> > >> > >> > >> > >> >> >> >> > > > ------------------------------------------------------------------------------ > > _______________________________________________ > DSpace-tech mailing list > DSpace-tech@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/dspace-tech > >
------------------------------------------------------------------------------
_______________________________________________ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech