If set, and the incoming username does not already include an '@' symbol
(a very simple attempt to detect if we're already dealing with an email
address), then append '@' + the ou_host_name value to the username for
authentication purposes.
The rationale is that in a large consortium, you might want to enable
users to log in with short usernames (like 'fred'), but you also want to
avoid conflicts between short usernames at different organizational
units. Thus, create the users with the email equivalent of their
usernames, like 'fred@br1.example.com' and 'fred@br4.example.com', and
let the templates for the TPAC in br1 and br4 contain a hidden input
field to append the appropriate email hostname.
Truth be told, this is probably most appropriate for a large consortium
containing two or more academic institutions that hope to use LDAP
authentication rather than native authentication, and therefore have
LDAP CNs that map to email addresses of CN@hostname that can then be
mapped to actor.usr.usrname (and actor.usr.email, of course).
Signed-off-by: Dan Scott <dscott@laurentian.ca>
# initial log form only
return Apache2::Const::OK unless $username and $password;
+ # Should we append an email hostname to the username?
+ my $ou_email_host = $cgi->param('ou_email_host') || '';
+
my $auth_proxy_enabled = 0; # default false
try { # if the service is not running, just let this fail silently
$auth_proxy_enabled = $U->simplereq(
if ($bc_regex and ($username =~ /$bc_regex/)) {
$args->{barcode} = $username;
} else {
+ # do we need to append an email hostname?
+ if ($ou_email_host) {
+ # Assume they already passed in an email address
+ next if $username =~ m/\@/;
+ $username .= "\@$ou_email_host";
+ }
$args->{username} = $username;
}
projects / contrib / Conifer.git / commitdiff