์New user registration form(s)
272 views
Skip to first unread message
Panyarak Ngamsritragul
Apr 6, 2021, 11:33:13 PM4/6/21
to DSpace Community
Hi,
In XMLUI,the UI for new user registration is quite straightforward. This is, however, not the case in JSPUI.
When a new user is directed to the registration page, DSpace directs her/him to a page display by new-ldap-user.jsp instead of new-user.jsp. This may cause confusion for some users, or most new users.
For LDAP authentication, I guess the system admin would choose the autoregister method. It is then not necessary to call new-ldap-user.jsp.
However, for password-authentication users, it is necessary to call new-user.jsp, not new-ldap-user.jsp.
Is there any work around for correcting this? The dirty solution is just copy new-user.jsp to new-ldap-user.jsp.
Panyarak
Prince of Songkla University
FILIPPOS KOLOVOS
Apr 7, 2021, 4:39:08 AM4/7/21
to Panyarak Ngamsritragul, DSpace Community
Dear Sir Goodmorning,
Could you please clarify if you wish to have LDAP authentication as well as Password authentication, or just Password authentication/registration?
I am asking because there are workarounds, but different in each case.
Best Regards,
-Fk
--
All messages to this mailing list should adhere to the Code of Conduct: https://duraspace.org/about/policies/code-of-conduct/
---
You received this message because you are subscribed to the Google Groups "DSpace Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dspace-communi...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/dspace-community/a208e1d7-ef38-4dc9-98eb-69b61fa8ad81n%40googlegroups.com.
Panyarak Ngamsritragul
Apr 7, 2021, 5:39:36 AM4/7/21
to FILIPPOS KOLOVOS, DSpace Community
Dear FILIPPOS,
Well, we use both LDAP and Password authentication for the instance being in service.
At the moment, I am working on a new instance which requires only Password authentication. In this case I simply commented out the LDAP authentication in the local.cfg. But the problem is when clicked at new user for registration, it brings up the page from the execution of new-ldap-user.jsp instead of new-user.jsp. This is also true when configured with both LDAP and Password authentication.
Regards,
Panayrak
Panyarak Ngamsritragul
Apr 7, 2021, 5:52:09 AM4/7/21
to FILIPPOS KOLOVOS, DSpace Community
Dear FILIPPOS,
Just wondering whether I have to recompile DSpace when this configuration changes.
Panyarak
FILIPPOS KOLOVOS
Apr 9, 2021, 3:55:25 AM4/9/21
to DSpace Community
Well, OK, if you use both LDAP and Password authentication, there is something that you can configure and you can make it work with both authentication methods, but it is a bit more complicated.
We use the same dual configuration in our institution for many years now, for 3 DSpace installations with two different versions (5.6 and 6.3). However, in our case we have now disabled the manual registration and users are registering only via LDAP, which is a separate server. The Password authentication in this case is only for old users, when the manual registration was still permitted.
In order to make the system display the "manual user registration" for users that want to register via the DSpace instance and NOT having their credentials in the LDAP Server and also to make the system display ONE login form for BOTH authentication methods when the users try to connect, you have to do the following:
At first lets begin with the reason that the system displays the "new-user-ldap.jsp" form when users are trying to register and also the "chooser.jsp" form when they try to login, making them choose with which method they wish to authenticate.
The reason is because in the file /dspace/config/modules/authentication-ldap.cfg you have enabled the setting authentication-ldap.enable, by setting it to true. The reason that the new-user-ldap.jsp and the chooser.jsp pages are displayed upon registering and logging in, is this setting, which is checked before they are loaded. You have to set this setting to false.
However, in order to make both the authentication methods to work, you will then have to go into the file /dspace/config/modules/authentication.cfg and enable both authentication methods (i.e. LDAP and PasswordAuthentication) as follows. These settings for your installation, might be enabled in the /dspace/config/local.cfg file, so check if they are also there and disable them from one place or another. I recommend to have them in the authentication.cfg file:
/dspace/config/modules/authentication.cfg
# IP-based authentication/authorization. See authentication-ip.cfg for default configuration.
#plugin.sequence.org.dspace.authenticate.AuthenticationMethod = org.dspace.authenticate.IPAuthentication
# LDAP authentication/authorization. See authentication-ldap.cfg for default configuration.
plugin.sequence.org.dspace.authenticate.AuthenticationMethod = org.dspace.authenticate.LDAPAuthentication
# Shibboleth authentication/authorization. See authentication-shibboleth.cfg for default configuration.
#plugin.sequence.org.dspace.authenticate.AuthenticationMethod = org.dspace.authenticate.ShibAuthentication
# X.509 certificate authentication. See authentication-x509.cfg for default configuration.
#plugin.sequence.org.dspace.authenticate.AuthenticationMethod = org.dspace.authenticate.X509Authentication
# Authentication by Password (encrypted in DSpace's database). See authentication-password.cfg for default configuration.
# Enabled by default (to disable, either comment out, or define a new list of AuthenticationMethod plugins in your local.cfg)
plugin.sequence.org.dspace.authenticate.AuthenticationMethod = org.dspace.authenticate.PasswordAuthentication
#plugin.sequence.org.dspace.authenticate.AuthenticationMethod = org.dspace.authenticate.IPAuthentication
# LDAP authentication/authorization. See authentication-ldap.cfg for default configuration.
plugin.sequence.org.dspace.authenticate.AuthenticationMethod = org.dspace.authenticate.LDAPAuthentication
# Shibboleth authentication/authorization. See authentication-shibboleth.cfg for default configuration.
#plugin.sequence.org.dspace.authenticate.AuthenticationMethod = org.dspace.authenticate.ShibAuthentication
# X.509 certificate authentication. See authentication-x509.cfg for default configuration.
#plugin.sequence.org.dspace.authenticate.AuthenticationMethod = org.dspace.authenticate.X509Authentication
# Authentication by Password (encrypted in DSpace's database). See authentication-password.cfg for default configuration.
# Enabled by default (to disable, either comment out, or define a new list of AuthenticationMethod plugins in your local.cfg)
plugin.sequence.org.dspace.authenticate.AuthenticationMethod = org.dspace.authenticate.PasswordAuthentication
Now, you also have to replace the class file /dspace/webapps/jspui/WEB-INF/classes/org/dspace/app/webui/util/Authenticate.class with the one I send you. This patched class does not display the chooser.jsp form when the users try to login, but redirects them to the /dspace/ldap-login page. Then, upon their login, since you have enabled BOTH the authentication methods in the authentication.cfg file, it will try both of them in the order they are configured. If your ldap-login page is in a different location than that, then please inform me so as to send you the correct one. However, the default is the one I send you.
Finally, since an LDAP user does not have the option to change his/her password, you do not want them to be able to do that in case they have logged in with LDAP, but only with password authentication. Also, you should also be able to see their netid (i.e. LDAP name) and not be able to change their password from the edit-user.jsp administration page only if they have registered as LDAP users. Since these textboxes and information depend on the authentication-ldap.enable setting and if it is false it considers all the users as PasswordAuthentication users, then you have to tweak two additional jsp files that have to do with this information.
The first has to do with the user's profile. You do not want the "New Password" and "Confirm Password" to be displayed in the manage my profile of a user, if that user is an LDAP user. For this to work, you have to insert code that actually ignores the "ldap_enabled" setting in case a user is an LDAP user. You have to edit the file /dspace/webapps/jspui/register/edit-profile.jsp and at the top tweak the code with the portion that I am sending you:
boolean ldap_enabled = ConfigurationManager.getBooleanProperty("authentication-ldap", "enable");
//Filippos Kolovos -- Do not check for the ldap_enabled field, since it is not enabled in the cfg file,
//because it leads to a different login page, which is not used.
//boolean ldap_eperson = (ldap_enabled && (eperson.getNetid() != null) && (eperson.getNetid().equals("") == false));
boolean ldap_eperson = ((eperson.getNetid() != null) && (eperson.getNetid().equals("") == false));
//Filippos Kolovos -- Do not check for the ldap_enabled field, since it is not enabled in the cfg file,
//because it leads to a different login page, which is not used.
//boolean ldap_eperson = (ldap_enabled && (eperson.getNetid() != null) && (eperson.getNetid().equals("") == false));
boolean ldap_eperson = ((eperson.getNetid() != null) && (eperson.getNetid().equals("") == false));
and then some lines below, check for the "not an LDAP user" in order to display the password change box:
....
....
<%
// Only show password update section if the user doesn't use
// certificates
if ((eperson.getRequireCertificate() == false) && (ldap_eperson == false))
{
%>
// Only show password update section if the user doesn't use
// certificates
if ((eperson.getRequireCertificate() == false) && (ldap_eperson == false))
{
%>
That will take care of the user's profile management. Then, you also have to edit the jsp file: /dspace/webapps/dspace-admin/eperson-edit.jsp and again at the top insert the following code:
boolean ldap_enabled = ConfigurationManager.getBooleanProperty("authentication-ldap", "enable");
//Filippos Kolovos -- Do not check for the ldap_enabled field, since it is not enabled in the cfg file,
//because it leads to a different login page, which is not used.
boolean ldap_eperson = ((eperson.getNetid() != null) && (eperson.getNetid().equals("") == false));
//Filippos Kolovos -- Do not check for the ldap_enabled field, since it is not enabled in the cfg file,
//because it leads to a different login page, which is not used.
boolean ldap_eperson = ((eperson.getNetid() != null) && (eperson.getNetid().equals("") == false));
and again some lines below, replace the "ldap_enabled" check with "ldap_eperson" check, in order to DISPLAY to the administrator the LDAP Net ID and NOT to display the reset password for this user if he/she is an LDAP user and vice versa if he/she is a Password user:
Around Line 128:
<% if (ldap_eperson) { %>
<div class="row">
<label class="col-md-2">LDAP NetID:</label>
<div class="col-md-6">
<input class="form-control" name="netid" size="24" value="<%=netid == null ? "" : Utils.addEntities(netid) %>" />
</div>
</div>
<% } %>
<div class="row">
<label class="col-md-2">LDAP NetID:</label>
<div class="col-md-6">
<input class="form-control" name="netid" size="24" value="<%=netid == null ? "" : Utils.addEntities(netid) %>" />
</div>
</div>
<% } %>
Around Line 189:
<div class="col-md-4 btn-group">
<%-- <input type="submit" name="submit_save" value="Save Edits"> --%>
<input class="btn btn-default" type="submit" name="submit_save" value="<fmt:message key="jsp.dspace-admin.general.save"/>" />
<% // Filippos Kolovos -- Reset the password only for non-ldap users
if (!ldap_eperson) { %>
<input class="btn btn-default" type="submit" name="submit_resetpassword" value="<fmt:message key="jsp.dspace-admin.eperson-main.ResetPassword.submit"/>"/>
<% } %>
<%-- <input type="submit" name="submit_delete" value="Delete EPerson..."> --%>
<input class="btn btn-danger" type="submit" name="submit_delete" value="<fmt:message key="jsp.dspace-admin.general.delete"/>" />
</div>
<%-- <input type="submit" name="submit_save" value="Save Edits"> --%>
<input class="btn btn-default" type="submit" name="submit_save" value="<fmt:message key="jsp.dspace-admin.general.save"/>" />
<% // Filippos Kolovos -- Reset the password only for non-ldap users
if (!ldap_eperson) { %>
<input class="btn btn-default" type="submit" name="submit_resetpassword" value="<fmt:message key="jsp.dspace-admin.eperson-main.ResetPassword.submit"/>"/>
<% } %>
<%-- <input type="submit" name="submit_delete" value="Delete EPerson..."> --%>
<input class="btn btn-danger" type="submit" name="submit_delete" value="<fmt:message key="jsp.dspace-admin.general.delete"/>" />
</div>
Then, restart tomcat and you will be good to go.
I think that this does it. Please keep a backup of any files that you replace in order for you to be able to go back to the previous setting.
I hope that this helps you.
Best Regards,
-Fk
--
Filippos Kolovos
Software Systems Analyst & Engineer
M.Sc. (Eng.) in Data Communications
Automation & Networking Department
University of Macedonia Library
Egnatia 156,
546 36 Thessaloniki, Greece
E-Mail: fili...@uom.edu.gr
Profile: http://gr.linkedin.com/in/filipposkolovos
Phone: +30-2310-891-826
----------------------------------------------
Software Systems Analyst & Engineer
M.Sc. (Eng.) in Data Communications
Automation & Networking Department
University of Macedonia Library
Egnatia 156,
546 36 Thessaloniki, Greece
E-Mail: fili...@uom.edu.gr
Profile: http://gr.linkedin.com/in/filipposkolovos
Phone: +30-2310-891-826
----------------------------------------------
Panyarak Ngamsritragul
Apr 21, 2021, 2:16:03 AM4/21/21
to FILIPPOS KOLOVOS, DSpace Community
Dear FILIPPOS,
Many thanks for your help. I haven't tried it out yet, but read it carefully and will try it when ready.
Panyarak
Best Regards,-Fk
On Wed, Apr 7, 2021 at 12:40 PM Panyarak Ngamsritragul <pany...@gmail.com> wrote:
Reply all
Reply to author
Forward
0 new messages