New modules/authenticate-ldap.cfg

git-svn-id: http://scm.dspace.org/svn/repo/dspace/trunk@6568 9c30dcfa-912a-0410-8fc2-9e0234be79fd
2025-10-15 14:03:17 +00:00 · 2011-08-19 04:13:44 +00:00
parent c84f3a62a1
commit ebc67a4ae8
10 changed files with 301 additions and 438 deletions
--- a/dspace-api/src/main/java/org/dspace/authenticate/LDAPAuthentication.java
+++ b/dspace-api/src/main/java/org/dspace/authenticate/LDAPAuthentication.java
@@ -53,7 +53,7 @@ public class LDAPAuthentication
    {
        // XXX might also want to check that username exists in LDAP.

-        return ConfigurationManager.getBooleanProperty("webui.ldap.autoregister");
+        return ConfigurationManager.getBooleanProperty("authentication-ldap", "autoregister");
    }

    /**
@@ -99,7 +99,7 @@ public class LDAPAuthentication
 		{
 			if (!context.getCurrentUser().getNetid().equals(""))
 			{
-				String groupName = ConfigurationManager.getProperty("ldap.login.specialgroup");
+				String groupName = ConfigurationManager.getProperty("authentication-ldap", "login.specialgroup");
 				if ((groupName != null) && (!groupName.trim().equals("")))
 				{
 				Group ldapGroup = Group.findByName(context, groupName);
@@ -108,7 +108,7 @@ public class LDAPAuthentication
 						// Oops - the group isn't there.
 						log.warn(LogManager.getHeader(context,
 								"ldap_specialgroup",
-								"Group defined in ldap.login.specialgroup does not exist"));
+								"Group defined in login.specialgroup does not exist"));
 						return new int[0];
 					} else
 					{
@@ -194,9 +194,9 @@ public class LDAPAuthentication
                // If there is no email and the email  domain is set, add it to the netid
 				String email = ldap.ldapEmail;
                if (((email == null) || ("".equals(email))) &&
-                    (!"".equals(ConfigurationManager.getProperty("ldap.netid_email_domain"))))
+                    (!"".equals(ConfigurationManager.getProperty("authentication-ldap", "netid_email_domain"))))
                {
-                    email = netid + ConfigurationManager.getProperty("ldap.netid_email_domain");
+                    email = netid + ConfigurationManager.getProperty("authentication-ldap", "netid_email_domain");
                }

                if ((email != null) && (!"".equals(email)))
@@ -312,10 +312,10 @@ public class LDAPAuthentication
        {
            if (!password.equals(""))
            {
-                String ldap_provider_url = ConfigurationManager.getProperty("ldap.provider_url");
-                String ldap_id_field = ConfigurationManager.getProperty("ldap.id_field");
-                String ldap_search_context = ConfigurationManager.getProperty("ldap.search_context");
-                String ldap_object_context = ConfigurationManager.getProperty("ldap.object_context");
+                String ldap_provider_url = ConfigurationManager.getProperty("authentication-ldap", "provider_url");
+                String ldap_id_field = ConfigurationManager.getProperty("authentication-ldap", "id_field");
+                String ldap_search_context = ConfigurationManager.getProperty("authentication-ldap", "search_context");
+                String ldap_object_context = ConfigurationManager.getProperty("authentication-ldap", "object_context");

                // Set up environment for creating initial context
                Hashtable env = new Hashtable(11);
@@ -333,10 +333,10 @@ public class LDAPAuthentication
                    // Create initial context
                    ctx = new InitialDirContext(env);

-                    String ldap_email_field = ConfigurationManager.getProperty("ldap.email_field");
-                    String ldap_givenname_field = ConfigurationManager.getProperty("ldap.givenname_field");
-                    String ldap_surname_field = ConfigurationManager.getProperty("ldap.surname_field");
-                    String ldap_phone_field = ConfigurationManager.getProperty("ldap.phone_field");
+                    String ldap_email_field = ConfigurationManager.getProperty("authentication-ldap", "email_field");
+                    String ldap_givenname_field = ConfigurationManager.getProperty("authentication-ldap", "givenname_field");
+                    String ldap_surname_field = ConfigurationManager.getProperty("authentication-ldap", "surname_field");
+                    String ldap_phone_field = ConfigurationManager.getProperty("authentication-ldap", "phone_field");

                    Attributes matchAttrs = new BasicAttributes(true);
                    matchAttrs.put(new BasicAttribute(ldap_id_field, netid));
@@ -426,8 +426,6 @@ public class LDAPAuthentication

            return true;
        }
-
-
    }

    /*
--- a/dspace-api/src/main/java/org/dspace/authenticate/LDAPHierarchicalAuthentication.java
+++ b/dspace-api/src/main/java/org/dspace/authenticate/LDAPHierarchicalAuthentication.java
@@ -49,8 +49,8 @@ public class LDAPHierarchicalAuthentication
                                   String username)
        throws SQLException
    {
-        // Looks to see if webui.ldap.autoregister is set or not
-        return ConfigurationManager.getBooleanProperty("webui.ldap.autoregister");
+        // Looks to see if autoregister is set or not
+        return ConfigurationManager.getBooleanProperty("authentication-ldap", "autoregister");
    }

    /**
@@ -86,7 +86,7 @@ public class LDAPHierarchicalAuthentication

    /*
     * Add authenticated users to the group defined in dspace.cfg by
-     * the ldap.login.specialgroup key.
+     * the login.specialgroup key.
     */
    public int[] getSpecialGroups(Context context, HttpServletRequest request)
    {
@@ -96,7 +96,7 @@ public class LDAPHierarchicalAuthentication
 		{
 			if (!context.getCurrentUser().getNetid().equals(""))
 			{
-				String groupName = ConfigurationManager.getProperty("ldap.login.specialgroup");
+				String groupName = ConfigurationManager.getProperty("authentication-ldap", "login.specialgroup");
 				if ((groupName != null) && (!groupName.trim().equals("")))
 				{
 					Group ldapGroup = Group.findByName(context, groupName);
@@ -105,7 +105,7 @@ public class LDAPHierarchicalAuthentication
 						// Oops - the group isn't there.
 						log.warn(LogManager.getHeader(context,
 								"ldap_specialgroup",
-								"Group defined in ldap.login.specialgroup does not exist"));
+								"Group defined in login.specialgroup does not exist"));
 						return new int[0];
 					} else
 					{
@@ -180,8 +180,8 @@ public class LDAPHierarchicalAuthentication
        SpeakerToLDAP ldap = new SpeakerToLDAP(log);

 		// Get the DN of the user
-		String adminUser = ConfigurationManager.getProperty("ldap.search.user");
-		String adminPassword = ConfigurationManager.getProperty("ldap.search.password");
+		String adminUser = ConfigurationManager.getProperty("authentication-ldap", "search.user");
+		String adminPassword = ConfigurationManager.getProperty("authentication-ldap", "search.password");
 		String dn = ldap.getDNOfUser(adminUser, adminPassword, context, netid);

 		// Check a DN was found
@@ -231,9 +231,9 @@ public class LDAPHierarchicalAuthentication
                // If there is no email and the email  domain is set, add it to the netid
 				String email = ldap.ldapEmail;
                if (((email == null) || ("".equals(email))) &&
-                    (!"".equals(ConfigurationManager.getProperty("ldap.netid_email_domain"))))
+                    (!"".equals(ConfigurationManager.getProperty("authentication-ldap", "netid_email_domain"))))
                {
-                    email = netid + ConfigurationManager.getProperty("ldap.netid_email_domain");
+                    email = netid + ConfigurationManager.getProperty("authentication-ldap", "netid_email_domain");
                }

                if ((email != null) && (!"".equals(email)))
@@ -335,16 +335,15 @@ public class LDAPHierarchicalAuthentication
        protected String ldapPhone = null;

 		/** LDAP settings */
-		String ldap_provider_url = ConfigurationManager.getProperty("ldap.provider_url");
-		String ldap_id_field = ConfigurationManager.getProperty("ldap.id_field");
-		String ldap_search_context = ConfigurationManager.getProperty("ldap.search_context");
-		String ldap_object_context = ConfigurationManager.getProperty("ldap.object_context");
-		String ldap_search_scope = ConfigurationManager.getProperty("ldap.search_scope");
+		String ldap_provider_url = ConfigurationManager.getProperty("authentication-ldap", "provider_url");
+		String ldap_id_field = ConfigurationManager.getProperty("authentication-ldap", "id_field");
+		String ldap_search_context = ConfigurationManager.getProperty("authentication-ldap", "search_context");
+		String ldap_search_scope = ConfigurationManager.getProperty("authentication-ldap", "search_scope");

-		String ldap_email_field = ConfigurationManager.getProperty("ldap.email_field");
-		String ldap_givenname_field = ConfigurationManager.getProperty("ldap.givenname_field");
-		String ldap_surname_field = ConfigurationManager.getProperty("ldap.surname_field");
-		String ldap_phone_field = ConfigurationManager.getProperty("ldap.phone_field");
+		String ldap_email_field = ConfigurationManager.getProperty("authentication-ldap", "email_field");
+		String ldap_givenname_field = ConfigurationManager.getProperty("authentication-ldap", "givenname_field");
+		String ldap_surname_field = ConfigurationManager.getProperty("authentication-ldap", "surname_field");
+		String ldap_phone_field = ConfigurationManager.getProperty("authentication-ldap", "phone_field");

 		SpeakerToLDAP(Logger thelog)
        {
--- a/dspace-api/src/test/resources/dspace-test.cfg
+++ b/dspace-api/src/test/resources/dspace-test.cfg
@@ -400,140 +400,6 @@ handle.dir = ${dspace.dir}/handle-server
 #                                  12.7.8.9/255.255.128.0


-#### LDAP Authentication Configuration Settings ####
-#
-# If LDAP is enabled, then new users will be able to register
-# by entering their username and  password without being sent the
-# registration token. If users do not have a username and password,
-# then they  can still register and login with just their email address
-# the same way they do now.
-#
-# For providing any special privileges to LDAP users,
-# you will still need to extend the SiteAuthenticator class to
-# automatically put people who have a netid into a special
-# group.  You might also want to give certain email addresses
-# special privileges. Refer to the DSpace documentation for more
-# information about how to do this.
-#
-# It may be necessary to obtain the values of these settings from the
-# LDAP server administrators as LDAP configuration will vary from server
-# to server.
-
-# This setting will enable or disable LDAP authentication in DSpace.
-# With the setting off, users will be required to register and login with
-# their email address.  With this setting on, users will be able to login
-# and register with their LDAP user ids and passwords.
-# This setting is only used by the JSPUI.
-ldap.enable = false
-
-# This is the url to the institution's ldap server. The /o=myu.edu
-# may or may not be required depending on the LDAP server setup.
-# A server may also require the ldaps:// protocol.
-#ldap.provider_url = ldap://ldap.myu.edu/o=myu.edu
-
-# This is the unique identifier field in the LDAP directory
-# where the username is stored.
-#ldap.id_field = uid
-
-# This is the object context used when authenticating the
-# user.  It is appended to the ldap.id_field and username.
-# For example uid=username,ou=people,o=myu.edu.  This must match
-# the LDAP server configuration.
-#ldap.object_context = ou=people,o=myu.edu
-
-# This is the search context used when looking up a user's
-# LDAP object to retrieve their data for autoregistering.
-# With ldap.autoregister turned on, when a user authenticates
-# without an EPerson object, a search on the LDAP directory to
-# get their name and email address is initiated so that DSpace
-# can create a EPerson object for them.  So after we have authenticated against
-# uid=username,ou=people,o=byu.edu we now search in ou=people
-# for filtering on [uid=username].  Often the
-# ldap.search_context is the same as the ldap.object_context
-# parameter.  But again this depends on each individual LDAP server
-# configuration.
-#ldap.search_context = ou=people
-
-# This is the LDAP object field where the user's email address
-# is stored.  "mail" is the default and the most common for
-# LDAP servers.  If the mail field is not found the username
-# will be used as the email address when creating the eperson
-# object.
-#ldap.email_field = mail
-
-# This is the LDAP object field where the user's last name is
-# stored.  "sn" is the default and is the most common for LDAP
-# servers.  If the field is not found the field will be left
-# blank in the new eperson object.
-#ldap.surname_field = sn
-
-# This is the LDAP object field where the user's given names
-# are stored.  This may not be used or set in all LDAP instances.
-# If the field is not found the field will be left blank in the
-# new eperson object.
-#ldap.givenname_field = givenName
-
-# This is the field where the user's phone number is stored in
-# the LDAP directory.  If the field is not found the field
-# will be left blank in the new eperson object.
-#ldap.phone_field = telephoneNumber
-
-##### LDAP AutoRegister Settings #####
-
-# This will turn LDAP autoregistration on or off.  With this
-# on, a new EPerson object will be created for any user who
-# successfully authenticates against the LDAP server when they
-# first login.  With this setting off, the user
-# must first register to get an EPerson object by
-# entering their ldap username and password and filling out
-# the forms.
-webui.ldap.autoregister = true
-
-
-##### LDAP users group #####
-
-# If required, a group name can be given here, and all users who log in
-# to LDAP will automatically become members of this group. This is useful
-# if you want a group made up of all internal authenticated users.
-#ldap.login.specialgroup = group-name
-
-
-##### Hierarchical LDAP Settings #####
-
-# If your users are spread out across a hierarchical tree on your
-# LDAP server, you will need to use the following stackable authentication
-# class:
-#  plugin.sequence.org.dspace.authenticate.AuthenticationMethod = \
-#        org.dspace.authenticate.LDAPHierarchicalAuthentication
-#
-# You can optionally specify the search scope. If anonymous access is not
-# enabled on your LDAP server, you will need to specify the full DN and
-# password of a user that is allowed to bind in order to search for the
-# users.
-
-# This is the search scope value for the LDAP search during
-# autoregistering. This will depend on your LDAP server setup.
-# This value must be one of the following integers corresponding
-# to the following values:
-# object scope : 0
-# one level scope : 1
-# subtree scope : 2
-#ldap.search_scope = 2
-
-# The full DN and password of a user allowed to connect to the LDAP server
-# and search for the DN of the user trying to log in. If these are not specified,
-# the initial bind will be performed anonymously.
-#ldap.search.user = cn=admin,ou=people,o=myu.edu
-#ldap.search.password = password
-
-# If your LDAP server does not hold an email address for a user, you can use
-# the following field to specify your email domain. This value is appended
-# to the netid in order to make an email address. E.g. a netid of 'user' and
-# ldap.netid_email_domain as '@example.com' would set the email of the user
-# to be 'user@example.com
-#ldap.netid_email_domain = @example.com
-
-
 #### Restricted item visibilty settings ###
 # By default RSS feeds, OAI-PMH and subscription emails will include ALL items
 # regardless of permissions set on them.
--- a/dspace-api/src/test/resources/dspaceFolder/config/dspace.cfg
+++ b/dspace-api/src/test/resources/dspaceFolder/config/dspace.cfg
@@ -404,140 +404,6 @@ handle.dir = ${dspace.dir}/handle-server
 #                                  12.7.8.9/255.255.128.0


-#### LDAP Authentication Configuration Settings ####
-#
-# If LDAP is enabled, then new users will be able to register
-# by entering their username and  password without being sent the
-# registration token. If users do not have a username and password,
-# then they  can still register and login with just their email address
-# the same way they do now.
-#
-# For providing any special privileges to LDAP users,
-# you will still need to extend the SiteAuthenticator class to
-# automatically put people who have a netid into a special
-# group.  You might also want to give certain email addresses
-# special privileges. Refer to the DSpace documentation for more
-# information about how to do this.
-#
-# It may be necessary to obtain the values of these settings from the
-# LDAP server administrators as LDAP configuration will vary from server
-# to server.
-
-# This setting will enable or disable LDAP authentication in DSpace.
-# With the setting off, users will be required to register and login with
-# their email address.  With this setting on, users will be able to login
-# and register with their LDAP user ids and passwords.
-# This setting is only used by the JSPUI.
-ldap.enable = false
-
-# This is the url to the institution's ldap server. The /o=myu.edu
-# may or may not be required depending on the LDAP server setup.
-# A server may also require the ldaps:// protocol.
-#ldap.provider_url = ldap://ldap.myu.edu/o=myu.edu
-
-# This is the unique identifier field in the LDAP directory
-# where the username is stored.
-#ldap.id_field = uid
-
-# This is the object context used when authenticating the
-# user.  It is appended to the ldap.id_field and username.
-# For example uid=username,ou=people,o=myu.edu.  This must match
-# the LDAP server configuration.
-#ldap.object_context = ou=people,o=myu.edu
-
-# This is the search context used when looking up a user's
-# LDAP object to retrieve their data for autoregistering.
-# With ldap.autoregister turned on, when a user authenticates
-# without an EPerson object, a search on the LDAP directory to
-# get their name and email address is initiated so that DSpace
-# can create a EPerson object for them.  So after we have authenticated against
-# uid=username,ou=people,o=byu.edu we now search in ou=people
-# for filtering on [uid=username].  Often the
-# ldap.search_context is the same as the ldap.object_context
-# parameter.  But again this depends on each individual LDAP server
-# configuration.
-#ldap.search_context = ou=people
-
-# This is the LDAP object field where the user's email address
-# is stored.  "mail" is the default and the most common for
-# LDAP servers.  If the mail field is not found the username
-# will be used as the email address when creating the eperson
-# object.
-#ldap.email_field = mail
-
-# This is the LDAP object field where the user's last name is
-# stored.  "sn" is the default and is the most common for LDAP
-# servers.  If the field is not found the field will be left
-# blank in the new eperson object.
-#ldap.surname_field = sn
-
-# This is the LDAP object field where the user's given names
-# are stored.  This may not be used or set in all LDAP instances.
-# If the field is not found the field will be left blank in the
-# new eperson object.
-#ldap.givenname_field = givenName
-
-# This is the field where the user's phone number is stored in
-# the LDAP directory.  If the field is not found the field
-# will be left blank in the new eperson object.
-#ldap.phone_field = telephoneNumber
-
-##### LDAP AutoRegister Settings #####
-
-# This will turn LDAP autoregistration on or off.  With this
-# on, a new EPerson object will be created for any user who
-# successfully authenticates against the LDAP server when they
-# first login.  With this setting off, the user
-# must first register to get an EPerson object by
-# entering their ldap username and password and filling out
-# the forms.
-webui.ldap.autoregister = true
-
-
-##### LDAP users group #####
-
-# If required, a group name can be given here, and all users who log in
-# to LDAP will automatically become members of this group. This is useful
-# if you want a group made up of all internal authenticated users.
-#ldap.login.specialgroup = group-name
-
-
-##### Hierarchical LDAP Settings #####
-
-# If your users are spread out across a hierarchical tree on your
-# LDAP server, you will need to use the following stackable authentication
-# class:
-#  plugin.sequence.org.dspace.authenticate.AuthenticationMethod = \
-#        org.dspace.authenticate.LDAPHierarchicalAuthentication
-#
-# You can optionally specify the search scope. If anonymous access is not
-# enabled on your LDAP server, you will need to specify the full DN and
-# password of a user that is allowed to bind in order to search for the
-# users.
-
-# This is the search scope value for the LDAP search during
-# autoregistering. This will depend on your LDAP server setup.
-# This value must be one of the following integers corresponding
-# to the following values:
-# object scope : 0
-# one level scope : 1
-# subtree scope : 2
-#ldap.search_scope = 2
-
-# The full DN and password of a user allowed to connect to the LDAP server
-# and search for the DN of the user trying to log in. If these are not specified,
-# the initial bind will be performed anonymously.
-#ldap.search.user = cn=admin,ou=people,o=myu.edu
-#ldap.search.password = password
-
-# If your LDAP server does not hold an email address for a user, you can use
-# the following field to specify your email domain. This value is appended
-# to the netid in order to make an email address. E.g. a netid of 'user' and
-# ldap.netid_email_domain as '@example.com' would set the email of the user
-# to be 'user@example.com
-#ldap.netid_email_domain = @example.com
-
-
 #### Restricted item visibilty settings ###
 # By default RSS feeds, OAI-PMH and subscription emails will include ALL items
 # regardless of permissions set on them.
--- a/dspace-api/src/test/resources/dspaceFolder/config/modules/authentication-ldap.cfg
+++ b/dspace-api/src/test/resources/dspaceFolder/config/modules/authentication-ldap.cfg
@@ -0,0 +1,134 @@
+#### LDAP Authentication Configuration Settings ####
+#
+# If LDAP is enabled, then new users will be able to register
+# by entering their username and  password without being sent the
+# registration token. If users do not have a username and password,
+# then they  can still register and login with just their email address
+# the same way they do now.
+#
+# For providing any special privileges to LDAP users,
+# you will still need to extend the SiteAuthenticator class to
+# automatically put people who have a netid into a special
+# group.  You might also want to give certain email addresses
+# special privileges. Refer to the DSpace documentation for more
+# information about how to do this.
+#
+# It may be necessary to obtain the values of these settings from the
+# LDAP server administrators as LDAP configuration will vary from server
+# to server.
+
+# This setting will enable or disable LDAP authentication in DSpace.
+# With the setting off, users will be required to register and login with
+# their email address.  With this setting on, users will be able to login
+# and register with their LDAP user ids and passwords.
+# This setting is only used by the JSPUI.
+enable = false
+
+
+##### LDAP AutoRegister Settings #####
+
+# This will turn LDAP autoregistration on or off.  With this
+# on, a new EPerson object will be created for any user who
+# successfully authenticates against the LDAP server when they
+# first login.  With this setting off, the user
+# must first register to get an EPerson object by
+# entering their ldap username and password and filling out
+# the forms.
+autoregister = true
+
+
+# This is the url to the institution's ldap server. The /o=myu.edu
+# may or may not be required depending on the LDAP server setup.
+# A server may also require the ldaps:// protocol.
+#provider_url = ldap://ldap.myu.edu/o=myu.edu
+
+# This is the unique identifier field in the LDAP directory
+# where the username is stored.
+#id_field = uid
+
+# This is the object context used when authenticating the
+# user.  It is appended to the id_field and username.
+# For example uid=username,ou=people,o=myu.edu.  This must match
+# the LDAP server configuration.
+#object_context = ou=people,o=myu.edu
+
+# This is the search context used when looking up a user's
+# LDAP object to retrieve their data for autoregistering.
+# With autoregister turned on, when a user authenticates
+# without an EPerson object, a search on the LDAP directory to
+# get their name and email address is initiated so that DSpace
+# can create a EPerson object for them.  So after we have authenticated against
+# uid=username,ou=people,o=byu.edu we now search in ou=people
+# for filtering on [uid=username].  Often the
+# search_context is the same as the object_context
+# parameter.  But again this depends on each individual LDAP server
+# configuration.
+#search_context = ou=people
+
+# This is the LDAP object field where the user's email address
+# is stored.  "mail" is the default and the most common for
+# LDAP servers.  If the mail field is not found the username
+# will be used as the email address when creating the eperson
+# object.
+#email_field = mail
+
+# This is the LDAP object field where the user's last name is
+# stored.  "sn" is the default and is the most common for LDAP
+# servers.  If the field is not found the field will be left
+# blank in the new eperson object.
+#surname_field = sn
+
+# This is the LDAP object field where the user's given names
+# are stored.  This may not be used or set in all LDAP instances.
+# If the field is not found the field will be left blank in the
+# new eperson object.
+#givenname_field = givenName
+
+# This is the field where the user's phone number is stored in
+# the LDAP directory.  If the field is not found the field
+# will be left blank in the new eperson object.
+#phone_field = telephoneNumber
+
+
+##### LDAP users group #####
+
+# If required, a group name can be given here, and all users who log in
+# to LDAP will automatically become members of this group. This is useful
+# if you want a group made up of all internal authenticated users.
+#login.specialgroup = group-name
+
+
+##### Hierarchical LDAP Settings #####
+
+# If your users are spread out across a hierarchical tree on your
+# LDAP server, you will need to use the following stackable authentication
+# class:
+#  plugin.sequence.org.dspace.authenticate.AuthenticationMethod = \
+#        org.dspace.authenticate.LDAPHierarchicalAuthentication
+#
+# You can optionally specify the search scope. If anonymous access is not
+# enabled on your LDAP server, you will need to specify the full DN and
+# password of a user that is allowed to bind in order to search for the
+# users.
+
+# This is the search scope value for the LDAP search during
+# autoregistering. This will depend on your LDAP server setup.
+# This value must be one of the following integers corresponding
+# to the following values:
+# object scope : 0
+# one level scope : 1
+# subtree scope : 2
+#search_scope = 2
+
+# The full DN and password of a user allowed to connect to the LDAP server
+# and search for the DN of the user trying to log in. If these are not specified,
+# the initial bind will be performed anonymously.
+#search.user = cn=admin,ou=people,o=myu.edu
+#search.password = password
+
+# If your LDAP server does not hold an email address for a user, you can use
+# the following field to specify your email domain. This value is appended
+# to the netid in order to make an email address. E.g. a netid of 'user' and
+# netid_email_domain as '@example.com' would set the email of the user
+# to be 'user@example.com
+#netid_email_domain = @example.com
--- a/dspace-jspui/dspace-jspui-api/src/main/java/org/dspace/app/webui/servlet/RegisterServlet.java
+++ b/dspace-jspui/dspace-jspui-api/src/main/java/org/dspace/app/webui/servlet/RegisterServlet.java
@@ -71,7 +71,7 @@ public class RegisterServlet extends DSpaceServlet
    public void init()
    {
        registering = getInitParameter("register").equalsIgnoreCase("true");
-        ldap_enabled = ConfigurationManager.getBooleanProperty("ldap.enable");
+        ldap_enabled = ConfigurationManager.getBooleanProperty("authentication-ldap", "enable");
    }

    protected void doDSGet(Context context, HttpServletRequest request,
--- a/dspace-jspui/dspace-jspui-webapp/src/main/webapp/dspace-admin/eperson-edit.jsp
+++ b/dspace-jspui/dspace-jspui-webapp/src/main/webapp/dspace-admin/eperson-edit.jsp
@@ -65,7 +65,7 @@
    String language     = eperson.getMetadata("language");
    boolean emailExists = (request.getAttribute("email_exists") != null);

-    boolean ldap_enabled = ConfigurationManager.getBooleanProperty("ldap.enable");
+    boolean ldap_enabled = ConfigurationManager.getBooleanProperty("authentication-ldap", "enable");
 %>

 <dspace:layout titlekey="jsp.dspace-admin.eperson-edit.title"
--- a/dspace-jspui/dspace-jspui-webapp/src/main/webapp/register/edit-profile.jsp
+++ b/dspace-jspui/dspace-jspui-webapp/src/main/webapp/register/edit-profile.jsp
@@ -40,7 +40,7 @@
    attr = (Boolean) request.getAttribute("password.problem");
    boolean passwordProblem = (attr != null && attr.booleanValue());

-    boolean ldap_enabled = ConfigurationManager.getBooleanProperty("ldap.enable");
+    boolean ldap_enabled = ConfigurationManager.getBooleanProperty("authentication-ldap", "enable");
    boolean ldap_eperson = (ldap_enabled && (eperson.getNetid() != null) && (eperson.getNetid().equals("") == false));
 %>

--- a/dspace/config/dspace.cfg
+++ b/dspace/config/dspace.cfg
@@ -402,140 +402,6 @@ handle.dir = ${dspace.dir}/handle-server
 #                                  12.7.8.9/255.255.128.0


-#### LDAP Authentication Configuration Settings ####
-#
-# If LDAP is enabled, then new users will be able to register
-# by entering their username and  password without being sent the
-# registration token. If users do not have a username and password,
-# then they  can still register and login with just their email address
-# the same way they do now.
-#
-# For providing any special privileges to LDAP users,
-# you will still need to extend the SiteAuthenticator class to
-# automatically put people who have a netid into a special
-# group.  You might also want to give certain email addresses
-# special privileges. Refer to the DSpace documentation for more
-# information about how to do this.
-#
-# It may be necessary to obtain the values of these settings from the
-# LDAP server administrators as LDAP configuration will vary from server
-# to server.
-
-# This setting will enable or disable LDAP authentication in DSpace.
-# With the setting off, users will be required to register and login with
-# their email address.  With this setting on, users will be able to login
-# and register with their LDAP user ids and passwords.
-# This setting is only used by the JSPUI.
-ldap.enable = false
-
-# This is the url to the institution's ldap server. The /o=myu.edu
-# may or may not be required depending on the LDAP server setup.
-# A server may also require the ldaps:// protocol.
-#ldap.provider_url = ldap://ldap.myu.edu/o=myu.edu
-
-# This is the unique identifier field in the LDAP directory
-# where the username is stored.
-#ldap.id_field = uid
-
-# This is the object context used when authenticating the
-# user.  It is appended to the ldap.id_field and username.
-# For example uid=username,ou=people,o=myu.edu.  This must match
-# the LDAP server configuration.
-#ldap.object_context = ou=people,o=myu.edu
-
-# This is the search context used when looking up a user's
-# LDAP object to retrieve their data for autoregistering.
-# With ldap.autoregister turned on, when a user authenticates
-# without an EPerson object, a search on the LDAP directory to
-# get their name and email address is initiated so that DSpace
-# can create a EPerson object for them.  So after we have authenticated against
-# uid=username,ou=people,o=byu.edu we now search in ou=people
-# for filtering on [uid=username].  Often the
-# ldap.search_context is the same as the ldap.object_context
-# parameter.  But again this depends on each individual LDAP server
-# configuration.
-#ldap.search_context = ou=people
-
-# This is the LDAP object field where the user's email address
-# is stored.  "mail" is the default and the most common for
-# LDAP servers.  If the mail field is not found the username
-# will be used as the email address when creating the eperson
-# object.
-#ldap.email_field = mail
-
-# This is the LDAP object field where the user's last name is
-# stored.  "sn" is the default and is the most common for LDAP
-# servers.  If the field is not found the field will be left
-# blank in the new eperson object.
-#ldap.surname_field = sn
-
-# This is the LDAP object field where the user's given names
-# are stored.  This may not be used or set in all LDAP instances.
-# If the field is not found the field will be left blank in the
-# new eperson object.
-#ldap.givenname_field = givenName
-
-# This is the field where the user's phone number is stored in
-# the LDAP directory.  If the field is not found the field
-# will be left blank in the new eperson object.
-#ldap.phone_field = telephoneNumber
-
-##### LDAP AutoRegister Settings #####
-
-# This will turn LDAP autoregistration on or off.  With this
-# on, a new EPerson object will be created for any user who
-# successfully authenticates against the LDAP server when they
-# first login.  With this setting off, the user
-# must first register to get an EPerson object by
-# entering their ldap username and password and filling out
-# the forms.
-webui.ldap.autoregister = true
-
-
-##### LDAP users group #####
-
-# If required, a group name can be given here, and all users who log in
-# to LDAP will automatically become members of this group. This is useful
-# if you want a group made up of all internal authenticated users.
-#ldap.login.specialgroup = group-name
-
-
-##### Hierarchical LDAP Settings #####
-
-# If your users are spread out across a hierarchical tree on your
-# LDAP server, you will need to use the following stackable authentication
-# class:
-#  plugin.sequence.org.dspace.authenticate.AuthenticationMethod = \
-#        org.dspace.authenticate.LDAPHierarchicalAuthentication
-#
-# You can optionally specify the search scope. If anonymous access is not
-# enabled on your LDAP server, you will need to specify the full DN and
-# password of a user that is allowed to bind in order to search for the
-# users.
-
-# This is the search scope value for the LDAP search during
-# autoregistering. This will depend on your LDAP server setup.
-# This value must be one of the following integers corresponding
-# to the following values:
-# object scope : 0
-# one level scope : 1
-# subtree scope : 2
-#ldap.search_scope = 2
-
-# The full DN and password of a user allowed to connect to the LDAP server
-# and search for the DN of the user trying to log in. If these are not specified,
-# the initial bind will be performed anonymously.
-#ldap.search.user = cn=admin,ou=people,o=myu.edu
-#ldap.search.password = password
-
-# If your LDAP server does not hold an email address for a user, you can use
-# the following field to specify your email domain. This value is appended
-# to the netid in order to make an email address. E.g. a netid of 'user' and
-# ldap.netid_email_domain as '@example.com' would set the email of the user
-# to be 'user@example.com
-#ldap.netid_email_domain = @example.com
-
-
 #### Restricted item visibilty settings ###
 # By default RSS feeds, OAI-PMH and subscription emails will include ALL items
 # regardless of permissions set on them.
--- a/dspace/config/modules/authentication-ldap.cfg
+++ b/dspace/config/modules/authentication-ldap.cfg
@@ -0,0 +1,134 @@
+#### LDAP Authentication Configuration Settings ####
+#
+# If LDAP is enabled, then new users will be able to register
+# by entering their username and  password without being sent the
+# registration token. If users do not have a username and password,
+# then they  can still register and login with just their email address
+# the same way they do now.
+#
+# For providing any special privileges to LDAP users,
+# you will still need to extend the SiteAuthenticator class to
+# automatically put people who have a netid into a special
+# group.  You might also want to give certain email addresses
+# special privileges. Refer to the DSpace documentation for more
+# information about how to do this.
+#
+# It may be necessary to obtain the values of these settings from the
+# LDAP server administrators as LDAP configuration will vary from server
+# to server.
+
+# This setting will enable or disable LDAP authentication in DSpace.
+# With the setting off, users will be required to register and login with
+# their email address.  With this setting on, users will be able to login
+# and register with their LDAP user ids and passwords.
+# This setting is only used by the JSPUI.
+enable = false
+
+
+##### LDAP AutoRegister Settings #####
+
+# This will turn LDAP autoregistration on or off.  With this
+# on, a new EPerson object will be created for any user who
+# successfully authenticates against the LDAP server when they
+# first login.  With this setting off, the user
+# must first register to get an EPerson object by
+# entering their ldap username and password and filling out
+# the forms.
+autoregister = true
+
+
+# This is the url to the institution's ldap server. The /o=myu.edu
+# may or may not be required depending on the LDAP server setup.
+# A server may also require the ldaps:// protocol.
+#provider_url = ldap://ldap.myu.edu/o=myu.edu
+
+# This is the unique identifier field in the LDAP directory
+# where the username is stored.
+#id_field = uid
+
+# This is the object context used when authenticating the
+# user.  It is appended to the id_field and username.
+# For example uid=username,ou=people,o=myu.edu.  This must match
+# the LDAP server configuration.
+#object_context = ou=people,o=myu.edu
+
+# This is the search context used when looking up a user's
+# LDAP object to retrieve their data for autoregistering.
+# With autoregister turned on, when a user authenticates
+# without an EPerson object, a search on the LDAP directory to
+# get their name and email address is initiated so that DSpace
+# can create a EPerson object for them.  So after we have authenticated against
+# uid=username,ou=people,o=byu.edu we now search in ou=people
+# for filtering on [uid=username].  Often the
+# search_context is the same as the object_context
+# parameter.  But again this depends on each individual LDAP server
+# configuration.
+#search_context = ou=people
+
+# This is the LDAP object field where the user's email address
+# is stored.  "mail" is the default and the most common for
+# LDAP servers.  If the mail field is not found the username
+# will be used as the email address when creating the eperson
+# object.
+#email_field = mail
+
+# This is the LDAP object field where the user's last name is
+# stored.  "sn" is the default and is the most common for LDAP
+# servers.  If the field is not found the field will be left
+# blank in the new eperson object.
+#surname_field = sn
+
+# This is the LDAP object field where the user's given names
+# are stored.  This may not be used or set in all LDAP instances.
+# If the field is not found the field will be left blank in the
+# new eperson object.
+#givenname_field = givenName
+
+# This is the field where the user's phone number is stored in
+# the LDAP directory.  If the field is not found the field
+# will be left blank in the new eperson object.
+#phone_field = telephoneNumber
+
+
+##### LDAP users group #####
+
+# If required, a group name can be given here, and all users who log in
+# to LDAP will automatically become members of this group. This is useful
+# if you want a group made up of all internal authenticated users.
+#login.specialgroup = group-name
+
+
+##### Hierarchical LDAP Settings #####
+
+# If your users are spread out across a hierarchical tree on your
+# LDAP server, you will need to use the following stackable authentication
+# class:
+#  plugin.sequence.org.dspace.authenticate.AuthenticationMethod = \
+#        org.dspace.authenticate.LDAPHierarchicalAuthentication
+#
+# You can optionally specify the search scope. If anonymous access is not
+# enabled on your LDAP server, you will need to specify the full DN and
+# password of a user that is allowed to bind in order to search for the
+# users.
+
+# This is the search scope value for the LDAP search during
+# autoregistering. This will depend on your LDAP server setup.
+# This value must be one of the following integers corresponding
+# to the following values:
+# object scope : 0
+# one level scope : 1
+# subtree scope : 2
+#search_scope = 2
+
+# The full DN and password of a user allowed to connect to the LDAP server
+# and search for the DN of the user trying to log in. If these are not specified,
+# the initial bind will be performed anonymously.
+#search.user = cn=admin,ou=people,o=myu.edu
+#search.password = password
+
+# If your LDAP server does not hold an email address for a user, you can use
+# the following field to specify your email domain. This value is appended
+# to the netid in order to make an email address. E.g. a netid of 'user' and
+# netid_email_domain as '@example.com' would set the email of the user
+# to be 'user@example.com
+#netid_email_domain = @example.com