On Tue, Sep 10, 2013 at 09:09:13AM -0400, Andrew Reid wrote: > I'm putting together a new DSpace installation (3.2 on RHEL 6.4, > with the xmlui), and I have a requirement to enforce password > complexity and expiration rules. > > My first thought was to do this by using a local LDAP for > authentication -- I think I've learned what I need to know about > LDAP, but I've run into a snag. If I turn on both PasswordAuthentication > and LDAPAuthentication in the authentication.cfg file, users are > offered a choice at log-in time, and, once an LDAP user is registered, > it seems that they can then set up a PasswordAuthentication password, > thus bypassing the LDAP controls. > > If I set up the system as being exclusively LDAP, then the > admin user set up at install time via create-administrator > cannot log in at all.
Suppose you tweaked the admin. EPerson record to make it compatible with an LDAP identity, after it is created. (Without looking at the code, my first guess is that this involves storing the value of the appropriate attribute, such as CN, in the "netid" field.) [Hmmm, we should have a way to create the initial administrator EPerson using any configured authn source.] Or, could you use the initial admin. to grant one or more LDAP-based identities membership in Administrator and then disable the local password provider? -- Mark H. Wood, Lead System Programmer [email protected] Machines should not be friendly. Machines should be obedient.
signature.asc
Description: Digital signature
------------------------------------------------------------------------------ How ServiceNow helps IT people transform IT departments: 1. Consolidate legacy IT systems to a single system of record for IT 2. Standardize and globalize service processes across IT 3. Implement zero-touch automation to replace manual, redundant tasks http://pubads.g.doubleclick.net/gampad/clk?id=51271111&iu=/4140/ostg.clktrk
_______________________________________________ DSpace-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
