SUNScholar/Researcher Authorisation

From Libopedia
Revision as of 21:16, 14 August 2010 by Bibboek (talk | contribs) (1 revision)
Jump to navigation Jump to search

Introduction

Digital assets must only be managed by users authorised to do so. Dspace can authenticate using ePerson accounts or using LDAP server accounts. This wiki page describes the method of setting up DSpace to use an institutional LDAP server for user provisioning. After that is done, it is then up to the repository manager to define which individuals have submitter, reviewer and metadata editor privileges.

See: http://en.wikipedia.org/wiki/Ldap for more info.

Requirements

Ask the campus IT system administrators to give you the following details of the campus LDAP servers.

  • hostnames
  • canonical context
  • object context
  • search context

See the setup below for example DSpace configuration details.

Check LDAP

To check LDAP works, first install the following:

aptitude install ldap-utils ldap-auth-config

Fill in all the details requested during installation

Go to the following folder:

cd /etc/ldap

Copy the original ldap.conf:

cp ldap.conf ldap.conf-orig

Delete the original:

rm ldap.conf

Create a link to the master ldap.conf

ln -s ../ldap.conf

Now run a search on the LDAP server:

ldapsearch -x cn=hgibson

Use whatever filters and attributes that are needed for your campus LDAP server. If the search is successful then you may continue to setup Dspace below.

Setup Dspace

The settings in the /home/dspace/dspace-1.5.2-src-release/dspace/config/dspace.cfg file.

Open the config files as follows:

nano /home/dspace/dspace-1.5.2-src-release/dspace/config/dspace.cfg

And search for the following and modify to suit your campus.

plugin.sequence.org.dspace.authenticate.AuthenticationMethod = \
	org.dspace.authenticate.LDAPAuthentication, \
	org.dspace.authenticate.PasswordAuthentication

Above is the stackable mechanism. First LDAP then ePersons are checked for authorisation.

The specific LDAP settings.

authentication.password.domain.valid = sun.ac.za
ldap.enable = true 
ldap.provider_url = ldap://stbldap01.sun.ac.za:636
ldap.provider_url = ldap://stbldap02.sun.ac.za:636
ldap.id_field = cn
ldap.object_context = ou=USERS,o=SU
ldap.search_context = ou=USERS,o=SU
ldap.email_field = mail
ldap.surname_field = sn
ldap.givenname_field = fullName
webui.ldap.autoregister = true

Now rebuild your webapps test.

Please note: The above configuration uses the secure LDAP port 636, you may want to test using the insecure port of 389 and then move to the secure port.