Thanks. I am not sure how to handle the authentication-ldap.provider_url setting. We have two ldap servers, one for students, and the other for faculty.
On Tuesday, March 27, 2018 at 7:58:04 PM UTC-4, Fitchett, Deborah wrote: > > Hi all, > > > > The main thing to consider in choosing between the two options will be > what you’re trying to achieve: identify individual users (eg so they can > submit items under their own name) or just grant groups of people access to > specific collections? > > > > EZproxy/the IP auth module won’t do the former. LDAP will. We currently > have the LDAP plugin set up so all staff and students can log in with their > university network account, get access to certain restricted collections, > and submit items themselves. It was set up before I started so I don’t know > what config was like, though I know when the university moved its LDAP > servers, modifying this in the configuration was straight-forward. > > > > We haven’t tried EZproxy specifically but we’ve struggled with the IP auth > setup and never got it working. Granted last time I tried I wasn’t very > familiar with the system yet, and we’ve upgraded since then so possibly > it’d work nicely now if we looked again. It just hasn’t been a priority > since people can login through the LDAP plugin. > > > > Deborah > > > > *From:* dspac...@googlegroups.com <javascript:> [mailto: > dspac...@googlegroups.com <javascript:>] *On Behalf Of *Tim Donohue > *Sent:* Wednesday, 28 March 2018 9:10 a.m. > *To:* Ray Schwartz <schwa...@gmail.com <javascript:>> > *Cc:* DSpace Technical Support <dspac...@googlegroups.com <javascript:>> > *Subject:* Re: [dspace-tech] EZProxy and Dspace Accounts > > > > Hi Ray, > > Although I don't have direct experience with EZProxy, DSpace does have two > authentication plugins that may be of interest: > > First, an LDAP authentication plugin, which can be configured to use an > external LDAP (allowing users to use an LDAP-based University signon). It > also can optionally be configured to assign permissions (i.e. add people to > DSpace Groups) based on their current LDAP groups. See > https://wiki.duraspace.org/display/DSDOC6x/Authentication+Plugins#AuthenticationPlugins-LDAPAuthentication > > > > > Second, we have an IP authentication plugin, which can allow you to > specify individual IP addresses (or IP ranges) which will be given extra > access rights in your DSpace. It essentially lets you map one or more IP > addresses/ranges to DSpace Groups (and then use those Groups to provide > access rights in DSpace). See > https://wiki.duraspace.org/display/DSDOC6x/Authentication+Plugins#AuthenticationPlugins-IPAuthentication > > > > > In DSpace you can enable one or more Authentication plugins. So, it's > possible to run both the LDAP plugin and the IP plugin together. I don't > have a specific example of doing this for EZProxy, but if you essentially > want an LDAP single signon, and the ability to provide access rights via a > Proxy (IP address), these might be useful in doing either/both. > > > > Good luck! Hopefully others on this list with more direct experience with > EZProxy can provide you with better examples. > > Tim > > > > On Tue, Mar 27, 2018 at 2:56 PM Ray Schwartz <schwa...@gmail.com > <javascript:>> wrote: > > Has anyone setup EZProxy to work with Dspace? > > We have an EZProxy server connected to the University's LDAP server. So > rather than our users created their own accounts on Dspace, we would like > them to use their University signon. > > Have any of you all done something like this? > > Ray Schwartz > > Head of Library Information Systems schwa...@wpunj.edu <javascript:> > David and Lorraine Cheng Library Tel: +1 973 720-3192 > William Paterson University Fax: +1 973 720-2585 > 300 Pompton Road > <https://maps.google.com/?q=300+Pompton%0D%0ARoad&entry=gmail&source=g> > > Mobile: +1 201 424-4491 > Wayne, NJ 07470-2103 USA > http://nova.wpunj.edu/schwartzr2/ > <http://euphrates.wpunj.edu/faculty/schwartzr2/> > > > > -- > You received this message because you are subscribed to the Google Groups > "DSpace Technical Support" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to dspace-tech...@googlegroups.com <javascript:>. > To post to this group, send email to dspac...@googlegroups.com > <javascript:>. > Visit this group at https://groups.google.com/group/dspace-tech. > For more options, visit https://groups.google.com/d/optout. > > -- > > Tim Donohue > Technical Lead for DSpace & DSpaceDirect > DuraSpace.org | DSpace.org | DSpaceDirect.org > > -- > You received this message because you are subscribed to the Google Groups > "DSpace Technical Support" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to dspace-tech...@googlegroups.com <javascript:>. > To post to this group, send email to dspac...@googlegroups.com > <javascript:>. > Visit this group at https://groups.google.com/group/dspace-tech. > For more options, visit https://groups.google.com/d/optout. > ------------------------------ > > P Please consider the environment before you print this email. > "The contents of this e-mail (including any attachments) may be > confidential and/or subject to copyright. Any unauthorised use, > distribution, or copying of the contents is expressly prohibited. If you > have received this e-mail in error, please advise the sender by return > e-mail or telephone and then delete this e-mail together with all > attachments from your system." > -- You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group. To unsubscribe from this group and stop receiving emails from it, send an email to dspace-tech+unsubscr...@googlegroups.com. To post to this group, send email to dspace-tech@googlegroups.com. Visit this group at https://groups.google.com/group/dspace-tech. For more options, visit https://groups.google.com/d/optout.
