Hi Oliver, I suspect there may be an assumption in the "IP Authentication" plugin that you are using it for READ access rather than full ADMIN access.
The reality here is that the "IP Authentication" plugin was built primarily for one use case -- to allow unauthenticated users *READ* access to restricted content, based on an IP range. For example, if you use DSpace in a Library, you could provide users at a Library computer full-access to materials, while requiring authentication at a non-Library computer. We never really anticipated using IP Authentication for non-READ access rights, as it could be considered a security hole. For example, if someone gained access to your computer (which has ADMIN rights via IP) or that IP was accidentally allocated to a different computer, then someone else could suddenly have the ability to delete all the content in your DSpace. So, ADMIN rights are much more tightly controlled and require some form of password. That being said, I suspect the following *MAY* work: (1) Setup IP Authentication on the ADMIN Group for a specific IP, e.g. 127.0.0.1 (2) Have each of your Admins create an Account with DSpace. But, do NOT add them to the Administrator group. (3) Have them LOGIN (with their acct & password) from the IP address in #1 (e.g. 127.0.0.1). They should be automatically a member of the Administrator group, as they are logged in from the IP address in question. If this doesn't quite meet your needs, or work how you'd like it to, then I'd recommend creating a new Feature Request ticket which describes the use case(s) you need to meet. That way we can review how IP Authentication currently works, and decide whether we can enhance it to meet your use cases. Here's a link to our ticketing system: https://jira.duraspace.org/browse/DS/ Also feel free to ask any followup questions here, if I've misunderstood! - Tim On 7/4/2014 3:16 AM, Oliver Goldschmidt wrote: > Hi, > > I have tested if IP auth is working for groups different to > Administrator group. I think it doesn't. That was my test scenario: > > - I have created TESTGROUP without any members > - I have created a collection TESTCOLLECTION, in which only TESTGROUP > can publish > - I have configured authentication-ip.cfg as follows: > ip.TESTGROUP = 134.x.y.z > - I restarted tomcat > > Now I would expect, coming from 134.x.y.z, to be authorized > automatically to publish in TESTCOLLECTION. But I am not allowed to do > that - I do not see a publish-here-button in TESTCOLLECTION. > > So I guess there is still something wrong either with my configuration > or in general. > > Any ideas how to debug that? > > Best regards > Oliver > > Am 04.07.2014 09:31, schrieb Oliver Goldschmidt: >> James, >> >> thank you for your reply. >> In dspace.log I can see that DSpace gets the correct IP address, but >> it does not work. I can see my IP address in dspace.log: >> 2014-07-04 09:27:14,809 INFO org.dspace.browse.BrowseEngine @ >> anonymous:session_id=40D2B0A5B4C97XXXXXXXXXXXXXXXXXX:ip_addr=134.x.y.z:browse_mini: >> >> So I guess DSpace has the correct IP address, but IP authentication is >> still not working. I will try, if groups different to the >> Administrator group are working to check if that is the problem. >> >> Best regards >> Oliver >> >> Am 04.07.2014 00:03, schrieb James Creel: >>> I’ve never tried putting folks in the Administrator group with this >>> feature, but I don’t see why it would act differently, in which case >>> you seem to be configuring it correctly. >>> >>> In the past, I have had problems when DSpace saw an IP address that >>> was not what I thought it was. You can ascertain what IP address >>> DSpace is seeing by looking in the control panel -> current activity >>> or by looking at the dspace log. >>> >>> If you are behind a load balancer, etc, you also might try >>> setting useProxies = true in the dspace.cfg and make sure your >>> sysadmin is forwarding the original IPs. >>> >>> James Creel >>> Senior Lead Software Applications Developer >>> Texas A&M University Libraries Digital Initiatives >>> [email protected] <mailto:[email protected]> >>> >>> >>> >>> >>> >>> On Jul 3, 2014, at 1134, Oliver Goldschmidt <[email protected] >>> <mailto:[email protected]>> wrote: >>> >>>> Hi all, >>>> >>>> I have another problem. The IP authentication does not seem to work >>>> on my DSpace. I have configured it and added it to the >>>> Authentication modules in authentication.cfg. This worked and no >>>> error messages about that. >>>> But I do not see any effect. Not even a trace in dspace.log. I want >>>> to some IP adresses to be recognized as Administrators. To do that I >>>> have put this into ip-authentication.cfg: >>>> ip.Administrator 134.x.y.z >>>> >>>> I have an Administrator group and thought, coming from IP 134.x.y.z >>>> would now be considered as an Administrator. But its not. I have no >>>> options to publish something, to delete collections and so on. >>>> Everything looks exactly as if I did not log in. In dspace.log there >>>> is no note about the IP Authentication module. If I click on >>>> something requiring me to log in, I get the login window to choose >>>> how to login (I have also configured LDAP authentication and >>>> Password authentication, both works well). >>>> >>>> What am I missing? How can I make the IP auth module work properly? >>>> >>>> Best regards >>>> Oliver >>>> >>>> ------------------------------------------------------------------------------ >>>> Open source business process management suite built on Java and Eclipse >>>> Turn processes into business applications with Bonita BPM Community >>>> Edition >>>> Quickly connect people, data, and systems into organized workflows >>>> Winner of BOSSIE, CODIE, OW2 and Gartner awards >>>> http://p.sf.net/sfu/Bonitasoft_______________________________________________ >>>> DSpace-tech mailing list >>>> [email protected] >>>> https://lists.sourceforge.net/lists/listinfo/dspace-tech >>>> List Etiquette: >>>> https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette >>> >> >> >> >> ------------------------------------------------------------------------------ >> Open source business process management suite built on Java and Eclipse >> Turn processes into business applications with Bonita BPM Community Edition >> Quickly connect people, data, and systems into organized workflows >> Winner of BOSSIE, CODIE, OW2 and Gartner awards >> http://p.sf.net/sfu/Bonitasoft >> >> >> _______________________________________________ >> DSpace-tech mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/dspace-tech >> List >> Etiquette:https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette > > > > ------------------------------------------------------------------------------ > Open source business process management suite built on Java and Eclipse > Turn processes into business applications with Bonita BPM Community Edition > Quickly connect people, data, and systems into organized workflows > Winner of BOSSIE, CODIE, OW2 and Gartner awards > http://p.sf.net/sfu/Bonitasoft > > > > _______________________________________________ > DSpace-tech mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/dspace-tech > List Etiquette: > https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette > ------------------------------------------------------------------------------ Open source business process management suite built on Java and Eclipse Turn processes into business applications with Bonita BPM Community Edition Quickly connect people, data, and systems into organized workflows Winner of BOSSIE, CODIE, OW2 and Gartner awards http://p.sf.net/sfu/Bonitasoft _______________________________________________ DSpace-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
