Difference between revisions of "SUNScholar/Researcher Authorisation"
Jump to navigation
Jump to search
m (→Configuration) |
|||
| Line 20: | Line 20: | ||
==Requirements== | ==Requirements== | ||
===Secure network connections=== | ===Secure network connections=== | ||
| − | '''<font color="red"> | + | '''<font color="red">*** Ensure you enable secure internet/network connections before doing LDAP connections. ***</font>''' |
*'''[[SUNScholar/Firewall|Step 1. Server Firewall]]''' | *'''[[SUNScholar/Firewall|Step 1. Server Firewall]]''' | ||
*'''[[SUNScholar/Secure_Internet_Connections|Step 2. Secure Connections]]''' | *'''[[SUNScholar/Secure_Internet_Connections|Step 2. Secure Connections]]''' | ||
Revision as of 14:15, 6 June 2015
Back to Customisation
Contents
Introduction
Digital assets must only be managed by users authorised to do so.
DSpace can authenticate using ePerson accounts or using LDAP server accounts.
This wiki page describes the method of setting up DSpace to use an institutional LDAP server for user provisioning.
After that is done, it is then up to the repository manager to define privileges for individuals on the repository.
See: http://en.wikipedia.org/wiki/Ldap for more info.
PLEASE NOTE:
- For LDAP to work correctly then ALL the user credentials MUST be in ONE LDAP server or replicated using ONE directory tree structure.
- If for example, you have seperate servers for staff and students, then LDAP authentication setup is extremely difficult and very risky to maintain in the long term.
Requirements
Secure network connections
*** Ensure you enable secure internet/network connections before doing LDAP connections. ***
Campus LDAP server
Ask the campus IT LDAP system administrators to give you the following details of the campus LDAP servers.
- hostnames
- canonical context
- object context
- search context
Configuration
Step 1 - Local LDAP configuration
Step 2 - DSpace configuration
Step 3 - Update XMLUI
Step 4 - Configure XMLUI
Step 5 - Rebuild DSpace
LDAP Products
If you do not have an LDAP server on campus, then check the links below and consider starting one.
- http://www.openldap.org
- https://help.ubuntu.com/10.04/serverguide/openldap-server.html
- https://help.ubuntu.com/12.04/serverguide/openldap-server.html
- http://www.turnkeylinux.org/openldap
- http://freeipa.org/page/Main_Page
- http://directory.fedoraproject.org/wiki/Main_Page
- https://fedorahosted.org/sssd/
Microsoft Active Directory Integration
If you want to sync with an existing Microsoft AD server, then check the links below.
- http://en.wikipedia.org/wiki/Active_Directory
- http://technet.microsoft.com/en-us/library/cc772726(v=ws.10).aspx
- http://www.windowsitpro.com/article/ldap/integrate-active-directory-and-openldap
- http://lsc-project.org/wiki
- https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/Windows_Sync.html
- http://directory.fedoraproject.org/wiki/Howto:WindowsSync
- http://www.papercut.com/products/ng/manual/ch-sys-mgmt-user-group-sync.html
Other Access Methods
- https://wiki.duraspace.org/display/DSDOC5x/Authentication+Plugins#AuthenticationPlugins-StackableAuthenticationMethod(s)
- https://wiki.duraspace.org/display/DSDOC4x/Authentication+Plugins#AuthenticationPlugins-StackableAuthenticationMethod(s)
- https://wiki.duraspace.org/display/DSDOC3x/Authentication+Plugins#AuthenticationPlugins-StackableAuthenticationMethod(s)
IP Address Access
- https://wiki.duraspace.org/display/DSDOC5x/Authentication+Plugins#AuthenticationPlugins-IPAuthentication
- https://wiki.duraspace.org/display/DSDOC4x/Authentication+Plugins#AuthenticationPlugins-IPAuthentication
- https://wiki.duraspace.org/display/DSDOC3x/Authentication+Plugins#AuthenticationPlugins-IPAuthentication
Shibboleth
- https://wiki.duraspace.org/display/DSDOC5x/Authentication+Plugins#AuthenticationPlugins-ShibbolethAuthentication
- https://wiki.duraspace.org/display/DSDOC4x/Authentication+Plugins#AuthenticationPlugins-ShibbolethAuthentication
- https://wiki.duraspace.org/display/DSDOC3x/Authentication+Plugins#AuthenticationPlugins-ShibbolethAuthentication
X509 Certificate
- https://wiki.duraspace.org/display/DSDOC5x/Authentication+Plugins#AuthenticationPlugins-X.509CertificateAuthentication
- https://wiki.duraspace.org/display/DSDOC4x/Authentication+Plugins#AuthenticationPlugins-X.509CertificateAuthentication
- https://wiki.duraspace.org/display/DSDOC3x/Authentication+Plugins#AuthenticationPlugins-X.509CertificateAuthentication
References
- https://wiki.duraspace.org/display/DSDOC5x/Authentication+Plugins
- https://wiki.duraspace.org/display/DSDOC5x/Functional+Overview#FunctionalOverview-UserManagement
- https://wiki.duraspace.org/display/DSDOC4x/Authentication+Plugins
- https://wiki.duraspace.org/display/DSDOC4x/Functional+Overview#FunctionalOverview-UserManagement
- https://wiki.duraspace.org/display/DSPACE/LDAP+Hierarchical+Authentication+with+Active+Directory
- http://phpldapadmin.sourceforge.net/wiki/index.php/Main_Page
- http://en.wikipedia.org/wiki/OpenLDAP
- http://en.wikipedia.org/wiki/List_of_LDAP_software
- http://opensource.com/business/14/5/four-open-source-alternatives-LDAP
- http://vinzlinux.blogspot.in/2015/01/openldap-server-and-client_59.html
