Digital assets must only be managed by users authorised to do so. Dspace can authenticate using ePerson accounts or using LDAP server accounts. This wiki page describes the method of setting up DSpace to use an institutional LDAP server for user provisioning. After that is done, it is then up to the repository manager to define which individuals have submitter, reviewer and metadata editor privileges.
See: http://en.wikipedia.org/wiki/Ldap for more info.
Ask the campus IT system administrators to give you the following details of the campus LDAP servers.
- canonical context
- object context
- search context
See the setup below for example DSpace configuration details.
To check LDAP works, first install the following:
aptitude install ldap-utils ldap-auth-config
Fill in all the details requested during installation
Go to the following folder:
Copy the original ldap.conf:
cp ldap.conf ldap.conf-orig
Delete the original:
Create a link to the master ldap.conf
ln -s ../ldap.conf
Now run a search on the LDAP server:
ldapsearch -x cn=hgibson
Use whatever filters and attributes that are needed for your campus LDAP server. If the search is successful then you may continue to setup Dspace below.
The settings in the /home/dspace/dspace-1.5.2-src-release/dspace/config/dspace.cfg file.
Open the config files as follows:
And search for the following and modify to suit your campus.
plugin.sequence.org.dspace.authenticate.AuthenticationMethod = \ org.dspace.authenticate.LDAPAuthentication, \ org.dspace.authenticate.PasswordAuthentication
Above is the stackable mechanism. First LDAP then ePersons are checked for authorisation.
The specific LDAP settings.
authentication.password.domain.valid = sun.ac.za ldap.enable = true ldap.provider_url = ldap://stbldap01.sun.ac.za:636 ldap.provider_url = ldap://stbldap02.sun.ac.za:636 ldap.id_field = cn ldap.object_context = ou=USERS,o=SU ldap.search_context = ou=USERS,o=SU ldap.email_field = mail ldap.surname_field = sn ldap.givenname_field = fullName webui.ldap.autoregister = true
Now rebuild your webapps test.
Please note: The above configuration uses the secure LDAP port 636, you may want to test using the insecure port of 389 and then move to the secure port.