Difference between revisions of "SUNScholar/Researcher Authorisation"

From Libopedia
Jump to navigation Jump to search
Line 61: Line 61:
 
Now [[SUNScholar/Rebuild_Dspace|rebuild your webapps]] and test.
 
Now [[SUNScholar/Rebuild_Dspace|rebuild your webapps]] and test.
  
'''Please note:''' The above configuration uses the secure LDAP port '''636''', you may want to test using the insecure port of ''389'' and then move to the secure port.
+
'''Please note:''' The above configuration uses the secure LDAP port '''636''', you may want to test using the insecure port of '''389''' and then move to the secure port.
  
 
  '''[[SUNScholar/IR|Back to IR Help]]'''
 
  '''[[SUNScholar/IR|Back to IR Help]]'''

Revision as of 11:36, 6 July 2012

This procedure assumes that you have used the three step process to install DSpace.

Introduction

Digital assets must only be managed by users authorised to do so. Dspace can authenticate using ePerson accounts or using LDAP server accounts. This wiki page describes the method of setting up DSpace to use an institutional LDAP server for user provisioning. After that is done, it is then up to the repository manager to define which individuals have submitter, reviewer and metadata editor privileges.

See: http://en.wikipedia.org/wiki/Ldap for more info.

Requirements

Ask the campus IT system administrators to give you the following details of the campus LDAP servers.

  • hostnames
  • canonical context
  • object context
  • search context

See the setup below for example DSpace configuration details.

Check LDAP

To check LDAP works, first install the following: 

sudo apt-get install ldap-utils ldap-auth-config

Fill in all the details requested during installation

Go to the following folder: 

sudo  cd /etc/ldap

Copy the original ldap.conf: 

sudo  cp ldap.conf ldap.conf-orig

Delete the original: 

sudo  rm ldap.conf

Create a link to the master ldap.conf 

sudo  ln -s ../ldap.conf

Now run a search on the LDAP server: 

sudo  ldapsearch -x cn=hgibson

Use whatever filters and attributes that are needed for your campus LDAP server. If the search is successful then you may continue to setup Dspace below.

Setup Dspace

The settings in the /home/dspace/dspace-1.7.2-src-release/dspace/config/dspace.cfg file.

Open the config files as follows: 

nano /home/dspace/dspace-1.7.2-src-release/dspace/config/dspace.cfg

And search for the following and modify to suit your campus. 

plugin.sequence.org.dspace.authenticate.AuthenticationMethod = \
	org.dspace.authenticate.LDAPAuthentication, \
	org.dspace.authenticate.PasswordAuthentication

Above is the stackable mechanism. First LDAP then ePersons are checked for authorisation.

The specific LDAP settings. 

authentication.password.domain.valid = sun.ac.za
ldap.enable = true 
ldap.provider_url = ldap://stbldap01.sun.ac.za:636
ldap.provider_url = ldap://stbldap02.sun.ac.za:636
ldap.id_field = cn
ldap.object_context = ou=USERS,o=SU
ldap.search_context = ou=USERS,o=SU
ldap.email_field = mail
ldap.surname_field = sn
ldap.givenname_field = fullName
webui.ldap.autoregister = true

Now rebuild your webapps and test.

Please note: The above configuration uses the secure LDAP port 636, you may want to test using the insecure port of 389 and then move to the secure port. 

Back to IR Help
Retrieved from "http://wiki.lib.sun.ac.za/index.php?title=SUNScholar/Researcher_Authorisation&oldid=12431"