Re: [Dspace-tech] External database authentication in dspace
Hi Bruc, Thanks for the reply and help. I understand this can be done. But we are already using MS Active Directory which already has NTLM Single Sign On features I received some patches on this forum but unfortunately I could not get it working till now. I have already integrated dspace with LDAP and users can login to dspace but again dspace is not fetching the user's details from the MS AD which ideally it should do. Now I am looking to enable NTLM authentication through which users can have SSO access across the LAN. If any body has done this successfully please let me know. With Regards Ehtesham -Original Message- From: Bruc Liong [mailto:[EMAIL PROTECTED] Sent: Friday, December 14, 2007 5:31 AM To: Nikolas Lam; Mohammad Ehtesham Cc: dspace-tech@lists.sourceforge.net Subject: RE: [Dspace-tech] External database authentication in dspace Sorry being late to pick on this. Shibboleth allows SSO to applications, hence once they've logged to Moodle, they can access dspace resources and despite being asked to login (in fact it's just a set of redirects, user never needs to login anymore), they will gain access to resources in dspace right away. There is a patch for dspace to shibbolize it (search on patch section) We've done much work on shibboleth and dspace, you can visit our demo as follow: 0) go to http://openidp.federation.org.au and create an account for yourself (this is a free test IdP for shibboleth in our federation).make sure you use valid email address (we don't use your email address for anything, only to send you initial confirmation link of account creation) 1) go to http://sp-dspace1.mams.org.au/dspace14 (this is dspace1.4 deployed, vanilla) 2) go to MySpace and choose Shibboleth login 3) choose TestFed OpenIdP and login with your account 4) there is an interface in this openIdP that ask whether you'd like to release your info (click yes, release required attributes, go to service using this card). This interface is one of the tool, Autograph, we're offering as part of our federation to safeguard user's privacy. Note that if you play with releasing and denying attributes, make sure you do *not* delete mail and principalname as this is needed for dspace. 5) you should arrive authenticated and your account is automatically created in dspace (there are options for this shibbolized dspace). 6) now navigate to http://sp-dspace2.mams.org.au (this one old dspace 1.3 ?) 7) click on MySpace again 8) if you may not notice, but you don't need to login again, but you're still asked for releasing your attributes to confirm that you're happy to release your attributes, click go to service 9) you should be automatically signed on as well on that service. You can try to browse through documents there, but most documents have access control restriction, hence your account may not be able to access them. The above is sufficient to show how the SSO happening between dspaces. If you don't have Autograph installed, then your users will not see pages on steps 4 and 8. Let me know if that helps and if you'd need further clarification. Bruc -Original Message- From: [EMAIL PROTECTED] [mailto:dspace-tech- [EMAIL PROTECTED] On Behalf Of Nikolas Lam Sent: Wednesday, 28 November 2007 10:39 AM To: Mohammad Ehtesham Cc: dspace-tech@lists.sourceforge.net Subject: Re: [Dspace-tech] External database authentication in dspace On Tue, 2007-11-27 at 12:30 +0530, Mohammad Ehtesham wrote: Thanks for your reply Nik, I have checked the links and it seems using shibboleth it is possible. I want to discuss further, I have already integrated our LMS (moodle) with our organization's MS AD (LDAP server) and I think we can integrate it with Dspace as well and this will give same sign on to both. But I am looking for the feature to enable single sign on (Once the user is logged in LMS (Moodle) his/her login authentication should pass on to dspace as well). Dspace should not prompt the users to login. Looking forward for the suggestions I think one of the selling points of Shibboleth is single sign-on. I've only had a relatively light investigation of it so far. It's probable that we'll be implementing the infrastructure at USyd soonish for the cross-institutional collaboration that it would facilitate. Until then, I'm afraid I've no expertise on the subject, but the Shibboleth web site has a many links to resources including mailing lists that you could make use of. Also, I'm sure people here and on the mailing lists of moodle and joomla would be keen to help if you come up with questions specific to integrating shibboleth into dspace, moodle and joomla respectively. Cheers, Nik --- -- SF.Net email is sponsored by: The Future of Linux Business White Paper from Novell. From the desktop to the data center, Linux is going mainstream. Let it simplify
[Dspace-tech] DSpace 1.4 Authentication problems
Hi, We are running DSpace 1.4 andI have just noticed a seriousissue with the authentication. We are using thedefault implementation with the email address/password based login. I have noticed that whenI logoutand then click to go onto any other page on our DSpace site it comes up in the top left corner that I am still logged in.For example if I click to logout and get the 'thank you for logging out' message,return to the homepage and thenclick the mydspace link itcomes upwithmy dspace account details instead of the login box requesting a username and password. Only If I click on refresh after logging out it does it then seem to then log me. It happens in both Internet Explorer and Firefox. I have deleted cookies and it has not made any difference.Ithink this is only a recent problem and we have recently changed our DSpace URL. Wehaven't been able to find out what is causing the problem and I wondered if anyone else had experienced the same sort of thing? ThanksCarolynGroomILSS:LearningTechnologist(LibraryandRepositoryTechnologies)GeorgeLauderLibraryCarnegieCollegeHalbeathRoadDunfermlineKY118DY - SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech
[Dspace-tech] Manakin Trainer
Hello All, Our organization is familiar with AM's development of Manakin through the DSpace User Group meetings and the listservs. We are interested in learning more about Manakin and would like to know if anyone knows of any instructors who could teach our organization more. Any help on names of trainers would be appreciated. Thanks, Christina Christina Richison NIS Technical Services Specialist Managed Technology Services NITLE http://www.nitle.org | National Institute for Technology Liberal Education p. 512.863.1673 | f. 512.863.1297 [EMAIL PROTECTED] Southwestern University P.O. Box 7385 | 1001 East University Avenue Georgetown, Texas 78626 - SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech
Re: [Dspace-tech] DSpace 1.4 Authentication problems
On Dec 19, 2007 10:30 AM, [EMAIL PROTECTED] wrote: We are running DSpace 1.4 and I have just noticed a serious issue with the authentication. We are using the default implementation with the email address/password based login. I have noticed that when I logout and then click to go onto any other page on our DSpace site it comes up in the top left corner that I am still logged in. I suspect that this is the browser cache at work; I often have it return authentication-required visited pages after I log out or my session expires. I'm not sure what DSpace could do about that except for no-cache tricks that break the Back button entirely (which would be a bad, bad idea). I'm willing to be wrong, though -- if you log out, go back to your My DSpace page, and then click on something requiring authentication (such as starting a new submission), does it let you do it? If so, then there is definitely a problem! Dorothea -- Dorothea Salo[EMAIL PROTECTED] Digital Repository Librarian AIM: mindsatuw University of Wisconsin Rm 218, Memorial Library (608) 262-5493 - SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech
Re: [Dspace-tech] DSpace 1.4 Authentication problems
On Wed, Dec 19, 2007 at 04:58:49PM +, Dorothea Salo wrote: On Dec 19, 2007 10:30 AM, [EMAIL PROTECTED] wrote: We are running DSpace 1.4 and I have just noticed a serious issue with the authentication. We are using the default implementation with the email address/password based login. I have noticed that when I logout and then click to go onto any other page on our DSpace site it comes up in the top left corner that I am still logged in. I suspect that this is the browser cache at work; I often have it return authentication-required visited pages after I log out or my session expires. I'm not sure what DSpace could do about that except for no-cache tricks that break the Back button entirely (which would be a bad, bad idea). Yes this is correct; it's a browser issue. After you log out, you are actually logged out, but (eg) firefox will try to be clever about not re-requesting pages that it has cached. Of course, if you try to do anything that requires you being logged in, you will be prompted to do so; your browser can't subvert that process. Most apps try to get around this by asking you to shut down your browser (which would clear the cache), but DSpace doesn't bother. You could modify the logged-out.jsp to include this message if you feel it's important for your repository. The only potential issue is that someone could potentially *see* what you were looking at before you logged out; they wouldn't be able to *do* anything though. cheers, Jim -- James Rutherford | Hewlett-Packard Limited registered Office: Research Engineer | Cain Road, HP Labs | Bracknell, Bristol, UK | Berks +44 117 312 7066 | RG12 1HN. [EMAIL PROTECTED] | Registered No: 690597 England The contents of this message and any attachments to it are confidential and may be legally privileged. If you have received this message in error, you should delete it from your system immediately and advise the sender. To any recipient of this message within HP, unless otherwise stated you should consider this message and attachments as HP CONFIDENTIAL. - SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech
Re: [Dspace-tech] DSpace 1.4 Authentication problems
Hi,DSpace is letting me carry out activities that require authentication like a new submissionafter logging out. I did log in with another username and then logged out and now it is displaying my username as being logged in on some pages and the other username onother pages despite me clicking the logout link on both. I also went onto another PC and when I went onto our DSpace site and clicked on the communities/collections site it was displaying my username as being logged in. I have not used this PC since yesterday. We run DSpace as an internal repository butthe materialsin it are password protected.It seems really random and we don't know what to do about it. Anyhelp would be appreciated.ThanksCarolynGroomILSS:LearningTechnologist(LibraryandRepositoryTechnologies)GeorgeLauderLibraryCarnegieCollegeHalbeathRoadDunfermlineKY118DYPleaseconsidertheenvironmentbeforeprintingthisemail[EMAIL PROTECTED] wrote: -To: dspace-tech@lists.sourceforge.netFrom: "Dorothea Salo" [EMAIL PROTECTED]Sent by: [EMAIL PROTECTED]Date: 19/12/2007 04:58PMSubject: Re: [Dspace-tech] DSpace 1.4 Authentication problemsOn Dec 19, 2007 10:30 AM, [EMAIL PROTECTED] wrote: We are running DSpace 1.4 and I have just noticed a serious issue with the authentication. We are using the default implementation with the email address/password based login. I have noticed that when I logout and then click to go onto any other page on our DSpace site it comes up in the top left corner that I am still logged in.I suspect that this is the browser cache at work; I often have itreturn authentication-required visited pages after I log out or mysession expires. I'm not sure what DSpace could do about that exceptfor no-cache tricks that break the Back button entirely (which wouldbe a bad, bad idea).I'm willing to be wrong, though -- if you log out, go back to your MyDSpace page, and then click on something requiring authentication(such as starting a new submission), does it let you do it? If so,then there is definitely a problem!Dorothea-- Dorothea Salo[EMAIL PROTECTED]Digital Repository Librarian AIM: mindsatuwUniversity of WisconsinRm 218, Memorial Library(608) 262-5493-SF.Net email is sponsored by:Check out the new SourceForge.net Marketplace.It's the best place to buy or sell servicesfor just about anything Open Source.http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace___DSpace-tech mailing listDSpace-tech@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/dspace-tech - SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech
Re: [Dspace-tech] Debugging XSLT in Manakin
On Tue, 2007-12-18 at 15:18 -0600, Dorothea Salo wrote: If this is completely unworkable, feel free to scoff at me, but... Not at all! Is there *any* way that Manakin can be nudged to give more information about XSLT problems in a theme? What information are you lacking? As it is, when I break something non-obviously (that is, not a gross XML well-formedness error), all I can do is guess wildly what I just broke. Given that every Manakin tweak means a Subversion commit, checkout, rebuild... this is uncommonly tiresome and time-consuming when things break often. (And I break stuff a lot.) Are you editing Java code or just a theme with sitemaps and xslt? If the latter, and you have a local installation, can I suggest you just hack your theme on the live Manakin instance? It's a lot quicker and more convenient. When you have something working you can copy it to your development workspace and Do The Right Thing. Surely SAX knows where it is when a stylesheet blows up? Can it be persuaded to disgorge that information? Yes it does; when something in the pipeline throws an exception Cocoon should catch the exception and dump the Java stack to your browser with a message. I just tried it here and I got: An error has occured javax.xml.transform.TransformerException: Could not find variable with the name of metadata context:/file:/opt/apache/apache-tomcat-5.5.17/webapps/manakin/themes/embeddable/dri-to-xhtml.xsl - 86:8 ... and a stacktrace. Is that the kind of thing you get? BTW the resulting stack dump looks worse than it really is. The reason is that the SAX pipeline is essentially a giant stack of Java method calls (i.e. the pipeline generator calls the transformer, which calls the serializer). Any XSL transforms in your theme are (depending on the XSLT interpreter used) either interpreted by a Java XSLT interpreter or are themselves compiled to Java byte code. In either case, some of your XSLT code will be represented in that stack trace, so it can be worth a look. Again, depending on your XSLT interpreter, error in your XSLT will end up as Java errors, so an unitialised xsl:variable can become a java.lang.NullPointerException for instance. -- Conal Tuohy New Zealand Electronic Text Centre www.nzetc.org - SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech
[Dspace-tech] Too many open files error
We're having a lot of trouble currently with tomcat crashing with a Too many open files error. This is happening roughly twice a day -- I am restarting tomcat every morning, and usually get a call around lunch time that it has crashed and need to restart again. Restart is quick and fixes the problem, temporarily, but naturally I wish it didn't happen at all. I did some digging and found a thread from this list from last year, which petered out without apparent resolution, but where Mark Diggory suggested tinkering with the fd.files-max value in sysctl.conf. [ http://sourceforge.net/mailarchive/message.php?msg_id=E1Grhzs-Nj-JN%40ma il.sourceforge.net ] Well, I tried that, but it made no difference. So, back to Google, where I found (searching for files-nr) that you can list all the open file handles used by a process, using # ls -l /proc/PID/fd/ where PID is the process id. So using this with the pid for the DSpace tomcat, I found lots of items like this: lr-x-- 1 uals uals 64 Dec 20 16:30 237 - /data/dspace/search/_vzb.cfs (deleted) This is a symlink to one of the lucene index overflow files, which [in my limited understanding] are dynamically created and deleted as the index grows. These deleted items increase in number over time, and I imagine DSpace eventually hits the ulimit for open files (1024) and dies. So I think the problem may be due to the lucene indexing not releasing file descriptors when they are deleted. Certainly, watching the list over an hour I've seen the number of deleted lines rise steadily. I guess we're noticing this as a problem here because of the very large amount of editing work we're engaged in currently. Other sites with a more sedate use of DSpace might never run into it. Well, that's how it looks to me right now. Nothing I can do about it, but maybe someone expert in the lucene side of DSpace could look into it? Cheers. :D Stephen Thomas, Senior Systems Analyst, University of Adelaide Library UNIVERSITY OF ADELAIDE SA 5005 AUSTRALIA Phone: +61 8 830 35190 Fax: +61 8 830 34369 Email: [EMAIL PROTECTED] URL: http://www.adelaide.edu.au/directory/stephen.thomas CRICOS Provider Number 00123M --- This email message is intended only for the addressee(s) and contains information that may be confidential and/or copyright. If you are not the intended recipient please notify the sender by reply email and immediately delete this email. Use, disclosure or reproduction of this email by anyone other than the intended recipient(s) is strictly prohibited. No representation is made that this email or any attachments are free of viruses. Virus scanning is recommended and is the responsibility of the recipient. - SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech