Hi all, To add to Dorothea's response for an "ideal" way to manage accounts.
When I was at U of Illinois at Urbana-Champaign (UIUC), we implemented a similar "auto-account" management solution using our local LDAP directory (and local Active Directory groups). I unfortunately never got around to fully sharing it as it was still semi-UIUC specific. As Dorothea implies, every LDAP is unfortunately different, and not all LDAPs store this information (and if they do, they may store it in different fields or use different values/codes in those fields). However, perhaps the UIUC code could be minimally made available for others to improve and make more "configurable" for a generic institution -- it's at least a potential starting point. I've noted what general features we had implemented at UIUC below, based on Dorothea's wishlist: On 3/12/2010 11:38 AM, Dorothea Salo wrote: > > What we can't do that I would very much like us to: > > - automagically populate the eperson directory based on LDAP login > results and lookups (you logged in? congrats, you're an eperson! an > admin looked you up? congrats, you're an eperson!) We had this feature implemented at Illinois -- if you could login (via a custom UIUC login solution) we'd know your NetID and auto-create an EPerson by doing an LDAP lookup to get your Name. We'd also then auto-add you to an "UIUC Users" group in our DSpace -- which gave some immediate access rights to you (including the immediate ability to submit to a generic "UIUC Research" Collection). > - assign people to a group based on being in a given department or research > unit We could also basically do this. We'd look up your Department name in LDAP, and if we could *find* a DSpace Group of that name, then we'd auto-add you to it for the remainder of your session. However if no DSpace Group existed with that name, then nothing happened. > - assign people to a group based on being in a specific course (and > revoke their access when the course is over) Sorry, we didn't have specific course info in our LDAP -- so this wasn't possible for us at UIUC. > - assign people to a group based on program/degree status (ETDs!) We also had a basic implementation for this. Based on your degree *code* in LDAP (we had to contact our local IT depart to figure out the meaning of various codes in our LDAP fields), we could add you automatically to a "UIUC Masters Students" or "UIUC UnderGrad Students", "UIUC PhD Students" or "UIUC Faculty/Staff" group in DSpace. Again, much of this code I built while at UIUC was a bit UIUC-specific (though there were some configurable parts would could allow it to work for UIUC-similar LDAP directories). I had always wanted to make it more widely available but unfortunately never got around to it. But, hopefully, assuming my UIUC colleagues agree to it, we could get a copy of what was created into JIRA for someone to build from. So, I don't have a complete answer to the problem -- but a possible contact to help someone come up with an answer that will work for at least those institutions who use LDAP. But, obviously, we need to find a volunteer developer to help bring this forward! - Tim ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ DSpace-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dspace-tech
