Difference between revisions of "SUNScholar/Researcher Authorisation"
Jump to navigation
Jump to search
| Line 52: | Line 52: | ||
==[[SUNScholar/Researcher Authorisation/Step 2|Step 2 - DSpace configuration]]== | ==[[SUNScholar/Researcher Authorisation/Step 2|Step 2 - DSpace configuration]]== | ||
| − | ==[[SUNScholar/Researcher Authorisation/Step 3|Step 3 - Update XMLUI | + | ==[[SUNScholar/Researcher Authorisation/Step 3|Step 3 - Update XMLUI]]== |
==[[SUNScholar/Researcher Authorisation/Step 4|Step 4 - Configure XMLUI]]== | ==[[SUNScholar/Researcher Authorisation/Step 4|Step 4 - Configure XMLUI]]== | ||
Revision as of 13:48, 6 June 2015
Back to Customisation
Contents
PLEASE NOTE:
- During the upgrade from DSpace 1.8.2 to 3.2, the ldap config changed and it seems a bug was introduced: https://jira.duraspace.org/browse/DS-1781. Take special note of the "netid_email_domain = @example.com" parameter at the bottom of the file. If you do not specify an @example.com email suffix, then you will get null suffix errors for eperson email addreses.
- For LDAP to work correctly then ALL the user credentials MUST be in ONE LDAP server or replicated using ONE directory tree structure.
Introduction
Digital assets must only be managed by users authorised to do so. DSpace can authenticate using ePerson accounts or using LDAP server accounts. This wiki page describes the method of setting up DSpace to use an institutional LDAP server for user provisioning.
After that is done, it is then up to the repository manager to define privileges for individuals on the repository.
See: http://en.wikipedia.org/wiki/Ldap for more info.
Requirements
Secure network connections
Setup secure internet/network connections before doing LDAP connections.
Campus LDAP server
If for example, you have seperate servers for staff and students, then LDAP authentication setup is extremely difficult and very risky to maintain in the long term.
Ask the campus IT LDAP system administrators to give you the following details of the campus LDAP servers.
- hostnames
- canonical context
- object context
- search context
- List of open source LDAP server products.
If you do not have an LDAP server on campus, then check the links below and consider starting one.
- http://www.openldap.org
- https://help.ubuntu.com/10.04/serverguide/openldap-server.html
- https://help.ubuntu.com/12.04/serverguide/openldap-server.html
- http://www.turnkeylinux.org/openldap
- http://freeipa.org/page/Main_Page
- http://directory.fedoraproject.org/wiki/Main_Page
- https://fedorahosted.org/sssd/
- How to sync with a Microsoft Active Directory
If you want to sync with an existing Microsoft AD server, then check the links below.
- http://en.wikipedia.org/wiki/Active_Directory
- http://technet.microsoft.com/en-us/library/cc772726(v=ws.10).aspx
- http://www.windowsitpro.com/article/ldap/integrate-active-directory-and-openldap
- http://lsc-project.org/wiki
- https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/Windows_Sync.html
- http://directory.fedoraproject.org/wiki/Howto:WindowsSync
- http://www.papercut.com/products/ng/manual/ch-sys-mgmt-user-group-sync.html
Step 1 - Local LDAP configuration
Step 2 - DSpace configuration
Step 3 - Update XMLUI
Step 4 - Configure XMLUI
Step 5 - Rebuild DSpace
Other Access Methods
- https://wiki.duraspace.org/display/DSDOC4x/Authentication+Plugins#AuthenticationPlugins-StackableAuthenticationMethod(s)
- https://wiki.duraspace.org/display/DSDOC3x/Authentication+Plugins#AuthenticationPlugins-StackableAuthenticationMethod(s)
IP Address Access
- https://wiki.duraspace.org/display/DSDOC4x/Authentication+Plugins#AuthenticationPlugins-IPAuthentication
- https://wiki.duraspace.org/display/DSDOC3x/Authentication+Plugins#AuthenticationPlugins-IPAuthentication
Shibboleth
- https://wiki.duraspace.org/display/DSDOC4x/Authentication+Plugins#AuthenticationPlugins-ShibbolethAuthentication
- https://wiki.duraspace.org/display/DSDOC3x/Authentication+Plugins#AuthenticationPlugins-ShibbolethAuthentication
X509 Certificate
- https://wiki.duraspace.org/display/DSDOC4x/Authentication+Plugins#AuthenticationPlugins-X.509CertificateAuthentication
- https://wiki.duraspace.org/display/DSDOC3x/Authentication+Plugins#AuthenticationPlugins-X.509CertificateAuthentication
References
- https://wiki.duraspace.org/display/DSDOC5x/Authentication+Plugins
- https://wiki.duraspace.org/display/DSDOC5x/Functional+Overview#FunctionalOverview-UserManagement
- https://wiki.duraspace.org/display/DSDOC4x/Authentication+Plugins
- https://wiki.duraspace.org/display/DSDOC4x/Functional+Overview#FunctionalOverview-UserManagement
- https://wiki.duraspace.org/display/DSPACE/LDAP+Hierarchical+Authentication+with+Active+Directory
- http://phpldapadmin.sourceforge.net/wiki/index.php/Main_Page
- http://en.wikipedia.org/wiki/OpenLDAP
- http://en.wikipedia.org/wiki/List_of_LDAP_software
- http://opensource.com/business/14/5/four-open-source-alternatives-LDAP
- http://vinzlinux.blogspot.in/2015/01/openldap-server-and-client_59.html
