Hi Helix
The following excerpt is taken from the authentication-ldap.cfg file
##### LDAP users group #####
# If required, a group name can be given here, and all users who log in
# to LDAP will automatically become members of this group. This is useful
# if you want a group made up of all internal authenticated users.
login.specialgroup = all-authenticated
##### Added By Clive Gould on 31/07/13 to allow for special groups
login.groupmap.1 = ou=StaffUsers:all-staff
login.groupmap.2 = ou=StudentUsers:all-students
The all-staff and all-students groups are the original group names I
already use successfully on our production server with DSpace 1.8.1 custom
authentication.
If as an example I run ldapsearch on AD with a colleagues cn I get the
following response:
[root@standbyvle openldap]# ldapsearch -x -v -D "[email protected]" -W
-L "cn=Philip Mann" | less
version: 1
#
# LDAPv3
# base <> with scope subtree
# filter: cn=Philip Mann
# requesting: ALL
#
# Philip Mann, School of ICT, Curriculum&Partnerships, RookeryLane,
StaffUser
s, staff.bromley.local
dn: CN=Philip Mann,OU=School of
ICT,OU=Curriculum&Partnerships,OU=RookeryLane,
OU=StaffUsers,DC=staff,DC=bromley,DC=local
But if Philip logs into DSpace and I view his ePerson group membership he
has not been allocated to either the all-staff or the all-authenticated
group
Any ideas at all where I might be going wrong?
Thanks very much
Clive
On Wed, Jul 31, 2013 at 2:36 PM, helix84 <[email protected]> wrote:
> On Wed, Jul 31, 2013 at 2:48 PM, Clive Gould <[email protected]> wrote:
> > We used to use custom code to differentiate between staff and student
> login
> > and assign them to appropriate dynamic special groups
>
> Hi Clive,
>
> where does your custom code take the group information from? Full DN
> or attributes?
>
> > I have tried using the new DSpace 3.0 login.groupmap directive within
> > authentication-ldap.cfg
>
> The source of information for this mapping is the LDAP DN.
>
> > Users are successfully authenticated against AD but apparently not being
> > assigned to the special groups
>
> Send an example of your login.groupmap.*.
>
> In my opinion, the most likely problem might be misunderstanding the
> left-hand side of the mapping, e.g.:
> login.groupmap.1 = ou=Students:ALL_STUDENTS
>
> Notice "ou=Students". So if I log in as
> "cn=helix84,ou=Students,dc=example,dc=com", this will put me to the
> DSpace ALL_STUDENTS group.
>
> If your LDAP contains group information not in the DN, but in
> attributes, DSpace 3 doesn't currently support that. But we're
> currently discussing that functionality here:
>
> http://dspace.2283337.n4.nabble.com/DSpace-LDAP-authentication-problem-td4665853.html
>
> Second likely problem is that you haven't created the ALL_STUDENTS
> group in DSpace. This is not created automatically, only the user is
> assigned to that group dynamically upon login!
>
> > Is there a table in the database that allows the membership of the
> > dynamically allocated special groups to be viewed?
> >
> > Once I find out the solution I'll log the entire upgrade process on my
> blog
> > at http://dspacebromley.blogspot.co.uk/
>
> There is no such table. Your page already contains the explanation:
>
> "This means that users are not added to it as such, but are transient
> members of it during the period that they are logged in. Therefore you
> will not see anyone listed in that group, however such users should
> inherit the permissions of belonging to that group." Stuart Lewis
>
> The only easy way to check is to log in as the user and check
> currently active groups on user's profile page.
>
> Please check those two problems and report back. Let us know if
> something is still unclear. Hope this helps.
>
>
> Regards,
> ~~helix84
>
> Compulsory reading: DSpace Mailing List Etiquette
> https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
>
------------------------------------------------------------------------------
Get your SQL database under version control now!
Version control is standard for application code, but databases havent
caught up. So what steps can you take to put your SQL databases under
version control? Why should you start doing it? Read more to find out.
http://pubads.g.doubleclick.net/gampad/clk?id=49501711&iu=/4140/ostg.clktrk
_______________________________________________
DSpace-tech mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dspace-tech
List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
