diff --git a/dspace-api/src/main/java/org/dspace/authenticate/LDAPAuthentication.java b/dspace-api/src/main/java/org/dspace/authenticate/LDAPAuthentication.java index 54982cbe54..fb82192958 100755 --- a/dspace-api/src/main/java/org/dspace/authenticate/LDAPAuthentication.java +++ b/dspace-api/src/main/java/org/dspace/authenticate/LDAPAuthentication.java @@ -53,7 +53,7 @@ public class LDAPAuthentication { // XXX might also want to check that username exists in LDAP. - return ConfigurationManager.getBooleanProperty("webui.ldap.autoregister"); + return ConfigurationManager.getBooleanProperty("authentication-ldap", "autoregister"); } /** @@ -99,7 +99,7 @@ public class LDAPAuthentication { if (!context.getCurrentUser().getNetid().equals("")) { - String groupName = ConfigurationManager.getProperty("ldap.login.specialgroup"); + String groupName = ConfigurationManager.getProperty("authentication-ldap", "login.specialgroup"); if ((groupName != null) && (!groupName.trim().equals(""))) { Group ldapGroup = Group.findByName(context, groupName); @@ -108,7 +108,7 @@ public class LDAPAuthentication // Oops - the group isn't there. log.warn(LogManager.getHeader(context, "ldap_specialgroup", - "Group defined in ldap.login.specialgroup does not exist")); + "Group defined in login.specialgroup does not exist")); return new int[0]; } else { @@ -194,9 +194,9 @@ public class LDAPAuthentication // If there is no email and the email domain is set, add it to the netid String email = ldap.ldapEmail; if (((email == null) || ("".equals(email))) && - (!"".equals(ConfigurationManager.getProperty("ldap.netid_email_domain")))) + (!"".equals(ConfigurationManager.getProperty("authentication-ldap", "netid_email_domain")))) { - email = netid + ConfigurationManager.getProperty("ldap.netid_email_domain"); + email = netid + ConfigurationManager.getProperty("authentication-ldap", "netid_email_domain"); } if ((email != null) && (!"".equals(email))) @@ -312,10 +312,10 @@ public class LDAPAuthentication { if (!password.equals("")) { - String ldap_provider_url = ConfigurationManager.getProperty("ldap.provider_url"); - String ldap_id_field = ConfigurationManager.getProperty("ldap.id_field"); - String ldap_search_context = ConfigurationManager.getProperty("ldap.search_context"); - String ldap_object_context = ConfigurationManager.getProperty("ldap.object_context"); + String ldap_provider_url = ConfigurationManager.getProperty("authentication-ldap", "provider_url"); + String ldap_id_field = ConfigurationManager.getProperty("authentication-ldap", "id_field"); + String ldap_search_context = ConfigurationManager.getProperty("authentication-ldap", "search_context"); + String ldap_object_context = ConfigurationManager.getProperty("authentication-ldap", "object_context"); // Set up environment for creating initial context Hashtable env = new Hashtable(11); @@ -333,10 +333,10 @@ public class LDAPAuthentication // Create initial context ctx = new InitialDirContext(env); - String ldap_email_field = ConfigurationManager.getProperty("ldap.email_field"); - String ldap_givenname_field = ConfigurationManager.getProperty("ldap.givenname_field"); - String ldap_surname_field = ConfigurationManager.getProperty("ldap.surname_field"); - String ldap_phone_field = ConfigurationManager.getProperty("ldap.phone_field"); + String ldap_email_field = ConfigurationManager.getProperty("authentication-ldap", "email_field"); + String ldap_givenname_field = ConfigurationManager.getProperty("authentication-ldap", "givenname_field"); + String ldap_surname_field = ConfigurationManager.getProperty("authentication-ldap", "surname_field"); + String ldap_phone_field = ConfigurationManager.getProperty("authentication-ldap", "phone_field"); Attributes matchAttrs = new BasicAttributes(true); matchAttrs.put(new BasicAttribute(ldap_id_field, netid)); @@ -426,8 +426,6 @@ public class LDAPAuthentication return true; } - - } /* diff --git a/dspace-api/src/main/java/org/dspace/authenticate/LDAPHierarchicalAuthentication.java b/dspace-api/src/main/java/org/dspace/authenticate/LDAPHierarchicalAuthentication.java index 41c4b1b2e8..86b2cfb9cd 100755 --- a/dspace-api/src/main/java/org/dspace/authenticate/LDAPHierarchicalAuthentication.java +++ b/dspace-api/src/main/java/org/dspace/authenticate/LDAPHierarchicalAuthentication.java @@ -49,8 +49,8 @@ public class LDAPHierarchicalAuthentication String username) throws SQLException { - // Looks to see if webui.ldap.autoregister is set or not - return ConfigurationManager.getBooleanProperty("webui.ldap.autoregister"); + // Looks to see if autoregister is set or not + return ConfigurationManager.getBooleanProperty("authentication-ldap", "autoregister"); } /** @@ -86,7 +86,7 @@ public class LDAPHierarchicalAuthentication /* * Add authenticated users to the group defined in dspace.cfg by - * the ldap.login.specialgroup key. + * the login.specialgroup key. */ public int[] getSpecialGroups(Context context, HttpServletRequest request) { @@ -96,7 +96,7 @@ public class LDAPHierarchicalAuthentication { if (!context.getCurrentUser().getNetid().equals("")) { - String groupName = ConfigurationManager.getProperty("ldap.login.specialgroup"); + String groupName = ConfigurationManager.getProperty("authentication-ldap", "login.specialgroup"); if ((groupName != null) && (!groupName.trim().equals(""))) { Group ldapGroup = Group.findByName(context, groupName); @@ -105,7 +105,7 @@ public class LDAPHierarchicalAuthentication // Oops - the group isn't there. log.warn(LogManager.getHeader(context, "ldap_specialgroup", - "Group defined in ldap.login.specialgroup does not exist")); + "Group defined in login.specialgroup does not exist")); return new int[0]; } else { @@ -180,8 +180,8 @@ public class LDAPHierarchicalAuthentication SpeakerToLDAP ldap = new SpeakerToLDAP(log); // Get the DN of the user - String adminUser = ConfigurationManager.getProperty("ldap.search.user"); - String adminPassword = ConfigurationManager.getProperty("ldap.search.password"); + String adminUser = ConfigurationManager.getProperty("authentication-ldap", "search.user"); + String adminPassword = ConfigurationManager.getProperty("authentication-ldap", "search.password"); String dn = ldap.getDNOfUser(adminUser, adminPassword, context, netid); // Check a DN was found @@ -231,9 +231,9 @@ public class LDAPHierarchicalAuthentication // If there is no email and the email domain is set, add it to the netid String email = ldap.ldapEmail; if (((email == null) || ("".equals(email))) && - (!"".equals(ConfigurationManager.getProperty("ldap.netid_email_domain")))) + (!"".equals(ConfigurationManager.getProperty("authentication-ldap", "netid_email_domain")))) { - email = netid + ConfigurationManager.getProperty("ldap.netid_email_domain"); + email = netid + ConfigurationManager.getProperty("authentication-ldap", "netid_email_domain"); } if ((email != null) && (!"".equals(email))) @@ -335,16 +335,15 @@ public class LDAPHierarchicalAuthentication protected String ldapPhone = null; /** LDAP settings */ - String ldap_provider_url = ConfigurationManager.getProperty("ldap.provider_url"); - String ldap_id_field = ConfigurationManager.getProperty("ldap.id_field"); - String ldap_search_context = ConfigurationManager.getProperty("ldap.search_context"); - String ldap_object_context = ConfigurationManager.getProperty("ldap.object_context"); - String ldap_search_scope = ConfigurationManager.getProperty("ldap.search_scope"); + String ldap_provider_url = ConfigurationManager.getProperty("authentication-ldap", "provider_url"); + String ldap_id_field = ConfigurationManager.getProperty("authentication-ldap", "id_field"); + String ldap_search_context = ConfigurationManager.getProperty("authentication-ldap", "search_context"); + String ldap_search_scope = ConfigurationManager.getProperty("authentication-ldap", "search_scope"); - String ldap_email_field = ConfigurationManager.getProperty("ldap.email_field"); - String ldap_givenname_field = ConfigurationManager.getProperty("ldap.givenname_field"); - String ldap_surname_field = ConfigurationManager.getProperty("ldap.surname_field"); - String ldap_phone_field = ConfigurationManager.getProperty("ldap.phone_field"); + String ldap_email_field = ConfigurationManager.getProperty("authentication-ldap", "email_field"); + String ldap_givenname_field = ConfigurationManager.getProperty("authentication-ldap", "givenname_field"); + String ldap_surname_field = ConfigurationManager.getProperty("authentication-ldap", "surname_field"); + String ldap_phone_field = ConfigurationManager.getProperty("authentication-ldap", "phone_field"); SpeakerToLDAP(Logger thelog) { diff --git a/dspace-api/src/test/resources/dspace-test.cfg b/dspace-api/src/test/resources/dspace-test.cfg index cb4a2869ab..f357bba26b 100644 --- a/dspace-api/src/test/resources/dspace-test.cfg +++ b/dspace-api/src/test/resources/dspace-test.cfg @@ -400,140 +400,6 @@ handle.dir = ${dspace.dir}/handle-server # 12.7.8.9/255.255.128.0 -#### LDAP Authentication Configuration Settings #### -# -# If LDAP is enabled, then new users will be able to register -# by entering their username and password without being sent the -# registration token. If users do not have a username and password, -# then they can still register and login with just their email address -# the same way they do now. -# -# For providing any special privileges to LDAP users, -# you will still need to extend the SiteAuthenticator class to -# automatically put people who have a netid into a special -# group. You might also want to give certain email addresses -# special privileges. Refer to the DSpace documentation for more -# information about how to do this. -# -# It may be necessary to obtain the values of these settings from the -# LDAP server administrators as LDAP configuration will vary from server -# to server. - -# This setting will enable or disable LDAP authentication in DSpace. -# With the setting off, users will be required to register and login with -# their email address. With this setting on, users will be able to login -# and register with their LDAP user ids and passwords. -# This setting is only used by the JSPUI. -ldap.enable = false - -# This is the url to the institution's ldap server. The /o=myu.edu -# may or may not be required depending on the LDAP server setup. -# A server may also require the ldaps:// protocol. -#ldap.provider_url = ldap://ldap.myu.edu/o=myu.edu - -# This is the unique identifier field in the LDAP directory -# where the username is stored. -#ldap.id_field = uid - -# This is the object context used when authenticating the -# user. It is appended to the ldap.id_field and username. -# For example uid=username,ou=people,o=myu.edu. This must match -# the LDAP server configuration. -#ldap.object_context = ou=people,o=myu.edu - -# This is the search context used when looking up a user's -# LDAP object to retrieve their data for autoregistering. -# With ldap.autoregister turned on, when a user authenticates -# without an EPerson object, a search on the LDAP directory to -# get their name and email address is initiated so that DSpace -# can create a EPerson object for them. So after we have authenticated against -# uid=username,ou=people,o=byu.edu we now search in ou=people -# for filtering on [uid=username]. Often the -# ldap.search_context is the same as the ldap.object_context -# parameter. But again this depends on each individual LDAP server -# configuration. -#ldap.search_context = ou=people - -# This is the LDAP object field where the user's email address -# is stored. "mail" is the default and the most common for -# LDAP servers. If the mail field is not found the username -# will be used as the email address when creating the eperson -# object. -#ldap.email_field = mail - -# This is the LDAP object field where the user's last name is -# stored. "sn" is the default and is the most common for LDAP -# servers. If the field is not found the field will be left -# blank in the new eperson object. -#ldap.surname_field = sn - -# This is the LDAP object field where the user's given names -# are stored. This may not be used or set in all LDAP instances. -# If the field is not found the field will be left blank in the -# new eperson object. -#ldap.givenname_field = givenName - -# This is the field where the user's phone number is stored in -# the LDAP directory. If the field is not found the field -# will be left blank in the new eperson object. -#ldap.phone_field = telephoneNumber - -##### LDAP AutoRegister Settings ##### - -# This will turn LDAP autoregistration on or off. With this -# on, a new EPerson object will be created for any user who -# successfully authenticates against the LDAP server when they -# first login. With this setting off, the user -# must first register to get an EPerson object by -# entering their ldap username and password and filling out -# the forms. -webui.ldap.autoregister = true - - -##### LDAP users group ##### - -# If required, a group name can be given here, and all users who log in -# to LDAP will automatically become members of this group. This is useful -# if you want a group made up of all internal authenticated users. -#ldap.login.specialgroup = group-name - - -##### Hierarchical LDAP Settings ##### - -# If your users are spread out across a hierarchical tree on your -# LDAP server, you will need to use the following stackable authentication -# class: -# plugin.sequence.org.dspace.authenticate.AuthenticationMethod = \ -# org.dspace.authenticate.LDAPHierarchicalAuthentication -# -# You can optionally specify the search scope. If anonymous access is not -# enabled on your LDAP server, you will need to specify the full DN and -# password of a user that is allowed to bind in order to search for the -# users. - -# This is the search scope value for the LDAP search during -# autoregistering. This will depend on your LDAP server setup. -# This value must be one of the following integers corresponding -# to the following values: -# object scope : 0 -# one level scope : 1 -# subtree scope : 2 -#ldap.search_scope = 2 - -# The full DN and password of a user allowed to connect to the LDAP server -# and search for the DN of the user trying to log in. If these are not specified, -# the initial bind will be performed anonymously. -#ldap.search.user = cn=admin,ou=people,o=myu.edu -#ldap.search.password = password - -# If your LDAP server does not hold an email address for a user, you can use -# the following field to specify your email domain. This value is appended -# to the netid in order to make an email address. E.g. a netid of 'user' and -# ldap.netid_email_domain as '@example.com' would set the email of the user -# to be 'user@example.com -#ldap.netid_email_domain = @example.com - - #### Restricted item visibilty settings ### # By default RSS feeds, OAI-PMH and subscription emails will include ALL items # regardless of permissions set on them. diff --git a/dspace-api/src/test/resources/dspaceFolder/config/dspace.cfg b/dspace-api/src/test/resources/dspaceFolder/config/dspace.cfg index 70ac9dfc36..c38cd4006d 100644 --- a/dspace-api/src/test/resources/dspaceFolder/config/dspace.cfg +++ b/dspace-api/src/test/resources/dspaceFolder/config/dspace.cfg @@ -404,140 +404,6 @@ handle.dir = ${dspace.dir}/handle-server # 12.7.8.9/255.255.128.0 -#### LDAP Authentication Configuration Settings #### -# -# If LDAP is enabled, then new users will be able to register -# by entering their username and password without being sent the -# registration token. If users do not have a username and password, -# then they can still register and login with just their email address -# the same way they do now. -# -# For providing any special privileges to LDAP users, -# you will still need to extend the SiteAuthenticator class to -# automatically put people who have a netid into a special -# group. You might also want to give certain email addresses -# special privileges. Refer to the DSpace documentation for more -# information about how to do this. -# -# It may be necessary to obtain the values of these settings from the -# LDAP server administrators as LDAP configuration will vary from server -# to server. - -# This setting will enable or disable LDAP authentication in DSpace. -# With the setting off, users will be required to register and login with -# their email address. With this setting on, users will be able to login -# and register with their LDAP user ids and passwords. -# This setting is only used by the JSPUI. -ldap.enable = false - -# This is the url to the institution's ldap server. The /o=myu.edu -# may or may not be required depending on the LDAP server setup. -# A server may also require the ldaps:// protocol. -#ldap.provider_url = ldap://ldap.myu.edu/o=myu.edu - -# This is the unique identifier field in the LDAP directory -# where the username is stored. -#ldap.id_field = uid - -# This is the object context used when authenticating the -# user. It is appended to the ldap.id_field and username. -# For example uid=username,ou=people,o=myu.edu. This must match -# the LDAP server configuration. -#ldap.object_context = ou=people,o=myu.edu - -# This is the search context used when looking up a user's -# LDAP object to retrieve their data for autoregistering. -# With ldap.autoregister turned on, when a user authenticates -# without an EPerson object, a search on the LDAP directory to -# get their name and email address is initiated so that DSpace -# can create a EPerson object for them. So after we have authenticated against -# uid=username,ou=people,o=byu.edu we now search in ou=people -# for filtering on [uid=username]. Often the -# ldap.search_context is the same as the ldap.object_context -# parameter. But again this depends on each individual LDAP server -# configuration. -#ldap.search_context = ou=people - -# This is the LDAP object field where the user's email address -# is stored. "mail" is the default and the most common for -# LDAP servers. If the mail field is not found the username -# will be used as the email address when creating the eperson -# object. -#ldap.email_field = mail - -# This is the LDAP object field where the user's last name is -# stored. "sn" is the default and is the most common for LDAP -# servers. If the field is not found the field will be left -# blank in the new eperson object. -#ldap.surname_field = sn - -# This is the LDAP object field where the user's given names -# are stored. This may not be used or set in all LDAP instances. -# If the field is not found the field will be left blank in the -# new eperson object. -#ldap.givenname_field = givenName - -# This is the field where the user's phone number is stored in -# the LDAP directory. If the field is not found the field -# will be left blank in the new eperson object. -#ldap.phone_field = telephoneNumber - -##### LDAP AutoRegister Settings ##### - -# This will turn LDAP autoregistration on or off. With this -# on, a new EPerson object will be created for any user who -# successfully authenticates against the LDAP server when they -# first login. With this setting off, the user -# must first register to get an EPerson object by -# entering their ldap username and password and filling out -# the forms. -webui.ldap.autoregister = true - - -##### LDAP users group ##### - -# If required, a group name can be given here, and all users who log in -# to LDAP will automatically become members of this group. This is useful -# if you want a group made up of all internal authenticated users. -#ldap.login.specialgroup = group-name - - -##### Hierarchical LDAP Settings ##### - -# If your users are spread out across a hierarchical tree on your -# LDAP server, you will need to use the following stackable authentication -# class: -# plugin.sequence.org.dspace.authenticate.AuthenticationMethod = \ -# org.dspace.authenticate.LDAPHierarchicalAuthentication -# -# You can optionally specify the search scope. If anonymous access is not -# enabled on your LDAP server, you will need to specify the full DN and -# password of a user that is allowed to bind in order to search for the -# users. - -# This is the search scope value for the LDAP search during -# autoregistering. This will depend on your LDAP server setup. -# This value must be one of the following integers corresponding -# to the following values: -# object scope : 0 -# one level scope : 1 -# subtree scope : 2 -#ldap.search_scope = 2 - -# The full DN and password of a user allowed to connect to the LDAP server -# and search for the DN of the user trying to log in. If these are not specified, -# the initial bind will be performed anonymously. -#ldap.search.user = cn=admin,ou=people,o=myu.edu -#ldap.search.password = password - -# If your LDAP server does not hold an email address for a user, you can use -# the following field to specify your email domain. This value is appended -# to the netid in order to make an email address. E.g. a netid of 'user' and -# ldap.netid_email_domain as '@example.com' would set the email of the user -# to be 'user@example.com -#ldap.netid_email_domain = @example.com - - #### Restricted item visibilty settings ### # By default RSS feeds, OAI-PMH and subscription emails will include ALL items # regardless of permissions set on them. diff --git a/dspace-api/src/test/resources/dspaceFolder/config/modules/authentication-ldap.cfg b/dspace-api/src/test/resources/dspaceFolder/config/modules/authentication-ldap.cfg new file mode 100644 index 0000000000..6f16a64bca --- /dev/null +++ b/dspace-api/src/test/resources/dspaceFolder/config/modules/authentication-ldap.cfg @@ -0,0 +1,134 @@ +#### LDAP Authentication Configuration Settings #### +# +# If LDAP is enabled, then new users will be able to register +# by entering their username and password without being sent the +# registration token. If users do not have a username and password, +# then they can still register and login with just their email address +# the same way they do now. +# +# For providing any special privileges to LDAP users, +# you will still need to extend the SiteAuthenticator class to +# automatically put people who have a netid into a special +# group. You might also want to give certain email addresses +# special privileges. Refer to the DSpace documentation for more +# information about how to do this. +# +# It may be necessary to obtain the values of these settings from the +# LDAP server administrators as LDAP configuration will vary from server +# to server. + +# This setting will enable or disable LDAP authentication in DSpace. +# With the setting off, users will be required to register and login with +# their email address. With this setting on, users will be able to login +# and register with their LDAP user ids and passwords. +# This setting is only used by the JSPUI. +enable = false + + +##### LDAP AutoRegister Settings ##### + +# This will turn LDAP autoregistration on or off. With this +# on, a new EPerson object will be created for any user who +# successfully authenticates against the LDAP server when they +# first login. With this setting off, the user +# must first register to get an EPerson object by +# entering their ldap username and password and filling out +# the forms. +autoregister = true + + +# This is the url to the institution's ldap server. The /o=myu.edu +# may or may not be required depending on the LDAP server setup. +# A server may also require the ldaps:// protocol. +#provider_url = ldap://ldap.myu.edu/o=myu.edu + +# This is the unique identifier field in the LDAP directory +# where the username is stored. +#id_field = uid + +# This is the object context used when authenticating the +# user. It is appended to the id_field and username. +# For example uid=username,ou=people,o=myu.edu. This must match +# the LDAP server configuration. +#object_context = ou=people,o=myu.edu + +# This is the search context used when looking up a user's +# LDAP object to retrieve their data for autoregistering. +# With autoregister turned on, when a user authenticates +# without an EPerson object, a search on the LDAP directory to +# get their name and email address is initiated so that DSpace +# can create a EPerson object for them. So after we have authenticated against +# uid=username,ou=people,o=byu.edu we now search in ou=people +# for filtering on [uid=username]. Often the +# search_context is the same as the object_context +# parameter. But again this depends on each individual LDAP server +# configuration. +#search_context = ou=people + +# This is the LDAP object field where the user's email address +# is stored. "mail" is the default and the most common for +# LDAP servers. If the mail field is not found the username +# will be used as the email address when creating the eperson +# object. +#email_field = mail + +# This is the LDAP object field where the user's last name is +# stored. "sn" is the default and is the most common for LDAP +# servers. If the field is not found the field will be left +# blank in the new eperson object. +#surname_field = sn + +# This is the LDAP object field where the user's given names +# are stored. This may not be used or set in all LDAP instances. +# If the field is not found the field will be left blank in the +# new eperson object. +#givenname_field = givenName + +# This is the field where the user's phone number is stored in +# the LDAP directory. If the field is not found the field +# will be left blank in the new eperson object. +#phone_field = telephoneNumber + + +##### LDAP users group ##### + +# If required, a group name can be given here, and all users who log in +# to LDAP will automatically become members of this group. This is useful +# if you want a group made up of all internal authenticated users. +#login.specialgroup = group-name + + +##### Hierarchical LDAP Settings ##### + +# If your users are spread out across a hierarchical tree on your +# LDAP server, you will need to use the following stackable authentication +# class: +# plugin.sequence.org.dspace.authenticate.AuthenticationMethod = \ +# org.dspace.authenticate.LDAPHierarchicalAuthentication +# +# You can optionally specify the search scope. If anonymous access is not +# enabled on your LDAP server, you will need to specify the full DN and +# password of a user that is allowed to bind in order to search for the +# users. + +# This is the search scope value for the LDAP search during +# autoregistering. This will depend on your LDAP server setup. +# This value must be one of the following integers corresponding +# to the following values: +# object scope : 0 +# one level scope : 1 +# subtree scope : 2 +#search_scope = 2 + +# The full DN and password of a user allowed to connect to the LDAP server +# and search for the DN of the user trying to log in. If these are not specified, +# the initial bind will be performed anonymously. +#search.user = cn=admin,ou=people,o=myu.edu +#search.password = password + +# If your LDAP server does not hold an email address for a user, you can use +# the following field to specify your email domain. This value is appended +# to the netid in order to make an email address. E.g. a netid of 'user' and +# netid_email_domain as '@example.com' would set the email of the user +# to be 'user@example.com +#netid_email_domain = @example.com \ No newline at end of file diff --git a/dspace-jspui/dspace-jspui-api/src/main/java/org/dspace/app/webui/servlet/RegisterServlet.java b/dspace-jspui/dspace-jspui-api/src/main/java/org/dspace/app/webui/servlet/RegisterServlet.java index 5831d1b93c..31b8adb44f 100644 --- a/dspace-jspui/dspace-jspui-api/src/main/java/org/dspace/app/webui/servlet/RegisterServlet.java +++ b/dspace-jspui/dspace-jspui-api/src/main/java/org/dspace/app/webui/servlet/RegisterServlet.java @@ -71,7 +71,7 @@ public class RegisterServlet extends DSpaceServlet public void init() { registering = getInitParameter("register").equalsIgnoreCase("true"); - ldap_enabled = ConfigurationManager.getBooleanProperty("ldap.enable"); + ldap_enabled = ConfigurationManager.getBooleanProperty("authentication-ldap", "enable"); } protected void doDSGet(Context context, HttpServletRequest request, diff --git a/dspace-jspui/dspace-jspui-webapp/src/main/webapp/dspace-admin/eperson-edit.jsp b/dspace-jspui/dspace-jspui-webapp/src/main/webapp/dspace-admin/eperson-edit.jsp index f3e0294055..ab321bc364 100644 --- a/dspace-jspui/dspace-jspui-webapp/src/main/webapp/dspace-admin/eperson-edit.jsp +++ b/dspace-jspui/dspace-jspui-webapp/src/main/webapp/dspace-admin/eperson-edit.jsp @@ -65,7 +65,7 @@ String language = eperson.getMetadata("language"); boolean emailExists = (request.getAttribute("email_exists") != null); - boolean ldap_enabled = ConfigurationManager.getBooleanProperty("ldap.enable"); + boolean ldap_enabled = ConfigurationManager.getBooleanProperty("authentication-ldap", "enable"); %> diff --git a/dspace/config/dspace.cfg b/dspace/config/dspace.cfg index 1c2a45179d..00597b5f66 100644 --- a/dspace/config/dspace.cfg +++ b/dspace/config/dspace.cfg @@ -402,140 +402,6 @@ handle.dir = ${dspace.dir}/handle-server # 12.7.8.9/255.255.128.0 -#### LDAP Authentication Configuration Settings #### -# -# If LDAP is enabled, then new users will be able to register -# by entering their username and password without being sent the -# registration token. If users do not have a username and password, -# then they can still register and login with just their email address -# the same way they do now. -# -# For providing any special privileges to LDAP users, -# you will still need to extend the SiteAuthenticator class to -# automatically put people who have a netid into a special -# group. You might also want to give certain email addresses -# special privileges. Refer to the DSpace documentation for more -# information about how to do this. -# -# It may be necessary to obtain the values of these settings from the -# LDAP server administrators as LDAP configuration will vary from server -# to server. - -# This setting will enable or disable LDAP authentication in DSpace. -# With the setting off, users will be required to register and login with -# their email address. With this setting on, users will be able to login -# and register with their LDAP user ids and passwords. -# This setting is only used by the JSPUI. -ldap.enable = false - -# This is the url to the institution's ldap server. The /o=myu.edu -# may or may not be required depending on the LDAP server setup. -# A server may also require the ldaps:// protocol. -#ldap.provider_url = ldap://ldap.myu.edu/o=myu.edu - -# This is the unique identifier field in the LDAP directory -# where the username is stored. -#ldap.id_field = uid - -# This is the object context used when authenticating the -# user. It is appended to the ldap.id_field and username. -# For example uid=username,ou=people,o=myu.edu. This must match -# the LDAP server configuration. -#ldap.object_context = ou=people,o=myu.edu - -# This is the search context used when looking up a user's -# LDAP object to retrieve their data for autoregistering. -# With ldap.autoregister turned on, when a user authenticates -# without an EPerson object, a search on the LDAP directory to -# get their name and email address is initiated so that DSpace -# can create a EPerson object for them. So after we have authenticated against -# uid=username,ou=people,o=byu.edu we now search in ou=people -# for filtering on [uid=username]. Often the -# ldap.search_context is the same as the ldap.object_context -# parameter. But again this depends on each individual LDAP server -# configuration. -#ldap.search_context = ou=people - -# This is the LDAP object field where the user's email address -# is stored. "mail" is the default and the most common for -# LDAP servers. If the mail field is not found the username -# will be used as the email address when creating the eperson -# object. -#ldap.email_field = mail - -# This is the LDAP object field where the user's last name is -# stored. "sn" is the default and is the most common for LDAP -# servers. If the field is not found the field will be left -# blank in the new eperson object. -#ldap.surname_field = sn - -# This is the LDAP object field where the user's given names -# are stored. This may not be used or set in all LDAP instances. -# If the field is not found the field will be left blank in the -# new eperson object. -#ldap.givenname_field = givenName - -# This is the field where the user's phone number is stored in -# the LDAP directory. If the field is not found the field -# will be left blank in the new eperson object. -#ldap.phone_field = telephoneNumber - -##### LDAP AutoRegister Settings ##### - -# This will turn LDAP autoregistration on or off. With this -# on, a new EPerson object will be created for any user who -# successfully authenticates against the LDAP server when they -# first login. With this setting off, the user -# must first register to get an EPerson object by -# entering their ldap username and password and filling out -# the forms. -webui.ldap.autoregister = true - - -##### LDAP users group ##### - -# If required, a group name can be given here, and all users who log in -# to LDAP will automatically become members of this group. This is useful -# if you want a group made up of all internal authenticated users. -#ldap.login.specialgroup = group-name - - -##### Hierarchical LDAP Settings ##### - -# If your users are spread out across a hierarchical tree on your -# LDAP server, you will need to use the following stackable authentication -# class: -# plugin.sequence.org.dspace.authenticate.AuthenticationMethod = \ -# org.dspace.authenticate.LDAPHierarchicalAuthentication -# -# You can optionally specify the search scope. If anonymous access is not -# enabled on your LDAP server, you will need to specify the full DN and -# password of a user that is allowed to bind in order to search for the -# users. - -# This is the search scope value for the LDAP search during -# autoregistering. This will depend on your LDAP server setup. -# This value must be one of the following integers corresponding -# to the following values: -# object scope : 0 -# one level scope : 1 -# subtree scope : 2 -#ldap.search_scope = 2 - -# The full DN and password of a user allowed to connect to the LDAP server -# and search for the DN of the user trying to log in. If these are not specified, -# the initial bind will be performed anonymously. -#ldap.search.user = cn=admin,ou=people,o=myu.edu -#ldap.search.password = password - -# If your LDAP server does not hold an email address for a user, you can use -# the following field to specify your email domain. This value is appended -# to the netid in order to make an email address. E.g. a netid of 'user' and -# ldap.netid_email_domain as '@example.com' would set the email of the user -# to be 'user@example.com -#ldap.netid_email_domain = @example.com - - #### Restricted item visibilty settings ### # By default RSS feeds, OAI-PMH and subscription emails will include ALL items # regardless of permissions set on them. diff --git a/dspace/config/modules/authentication-ldap.cfg b/dspace/config/modules/authentication-ldap.cfg new file mode 100644 index 0000000000..6f16a64bca --- /dev/null +++ b/dspace/config/modules/authentication-ldap.cfg @@ -0,0 +1,134 @@ +#### LDAP Authentication Configuration Settings #### +# +# If LDAP is enabled, then new users will be able to register +# by entering their username and password without being sent the +# registration token. If users do not have a username and password, +# then they can still register and login with just their email address +# the same way they do now. +# +# For providing any special privileges to LDAP users, +# you will still need to extend the SiteAuthenticator class to +# automatically put people who have a netid into a special +# group. You might also want to give certain email addresses +# special privileges. Refer to the DSpace documentation for more +# information about how to do this. +# +# It may be necessary to obtain the values of these settings from the +# LDAP server administrators as LDAP configuration will vary from server +# to server. + +# This setting will enable or disable LDAP authentication in DSpace. +# With the setting off, users will be required to register and login with +# their email address. With this setting on, users will be able to login +# and register with their LDAP user ids and passwords. +# This setting is only used by the JSPUI. +enable = false + + +##### LDAP AutoRegister Settings ##### + +# This will turn LDAP autoregistration on or off. With this +# on, a new EPerson object will be created for any user who +# successfully authenticates against the LDAP server when they +# first login. With this setting off, the user +# must first register to get an EPerson object by +# entering their ldap username and password and filling out +# the forms. +autoregister = true + + +# This is the url to the institution's ldap server. The /o=myu.edu +# may or may not be required depending on the LDAP server setup. +# A server may also require the ldaps:// protocol. +#provider_url = ldap://ldap.myu.edu/o=myu.edu + +# This is the unique identifier field in the LDAP directory +# where the username is stored. +#id_field = uid + +# This is the object context used when authenticating the +# user. It is appended to the id_field and username. +# For example uid=username,ou=people,o=myu.edu. This must match +# the LDAP server configuration. +#object_context = ou=people,o=myu.edu + +# This is the search context used when looking up a user's +# LDAP object to retrieve their data for autoregistering. +# With autoregister turned on, when a user authenticates +# without an EPerson object, a search on the LDAP directory to +# get their name and email address is initiated so that DSpace +# can create a EPerson object for them. So after we have authenticated against +# uid=username,ou=people,o=byu.edu we now search in ou=people +# for filtering on [uid=username]. Often the +# search_context is the same as the object_context +# parameter. But again this depends on each individual LDAP server +# configuration. +#search_context = ou=people + +# This is the LDAP object field where the user's email address +# is stored. "mail" is the default and the most common for +# LDAP servers. If the mail field is not found the username +# will be used as the email address when creating the eperson +# object. +#email_field = mail + +# This is the LDAP object field where the user's last name is +# stored. "sn" is the default and is the most common for LDAP +# servers. If the field is not found the field will be left +# blank in the new eperson object. +#surname_field = sn + +# This is the LDAP object field where the user's given names +# are stored. This may not be used or set in all LDAP instances. +# If the field is not found the field will be left blank in the +# new eperson object. +#givenname_field = givenName + +# This is the field where the user's phone number is stored in +# the LDAP directory. If the field is not found the field +# will be left blank in the new eperson object. +#phone_field = telephoneNumber + + +##### LDAP users group ##### + +# If required, a group name can be given here, and all users who log in +# to LDAP will automatically become members of this group. This is useful +# if you want a group made up of all internal authenticated users. +#login.specialgroup = group-name + + +##### Hierarchical LDAP Settings ##### + +# If your users are spread out across a hierarchical tree on your +# LDAP server, you will need to use the following stackable authentication +# class: +# plugin.sequence.org.dspace.authenticate.AuthenticationMethod = \ +# org.dspace.authenticate.LDAPHierarchicalAuthentication +# +# You can optionally specify the search scope. If anonymous access is not +# enabled on your LDAP server, you will need to specify the full DN and +# password of a user that is allowed to bind in order to search for the +# users. + +# This is the search scope value for the LDAP search during +# autoregistering. This will depend on your LDAP server setup. +# This value must be one of the following integers corresponding +# to the following values: +# object scope : 0 +# one level scope : 1 +# subtree scope : 2 +#search_scope = 2 + +# The full DN and password of a user allowed to connect to the LDAP server +# and search for the DN of the user trying to log in. If these are not specified, +# the initial bind will be performed anonymously. +#search.user = cn=admin,ou=people,o=myu.edu +#search.password = password + +# If your LDAP server does not hold an email address for a user, you can use +# the following field to specify your email domain. This value is appended +# to the netid in order to make an email address. E.g. a netid of 'user' and +# netid_email_domain as '@example.com' would set the email of the user +# to be 'user@example.com +#netid_email_domain = @example.com \ No newline at end of file