Oh, that’s tricky: the ldap module does seem to assume you’ve only got one server. I don’t know if it’d be possible to mess around in the codebase to create a duplicate authentication class? unfortunately that’s way beyond my knowledge.
Deborah From: dspace-tech@googlegroups.com [mailto:dspace-tech@googlegroups.com] On Behalf Of Ray Schwartz Sent: Friday, 30 March 2018 9:01 a.m. To: DSpace Technical Support <dspace-tech@googlegroups.com> Subject: Re: [dspace-tech] EZProxy and Dspace Accounts Thanks. I am not sure how to handle the authentication-ldap.provider_url setting. We have two ldap servers, one for students, and the other for faculty. On Tuesday, March 27, 2018 at 7:58:04 PM UTC-4, Fitchett, Deborah wrote: Hi all, The main thing to consider in choosing between the two options will be what you’re trying to achieve: identify individual users (eg so they can submit items under their own name) or just grant groups of people access to specific collections? EZproxy/the IP auth module won’t do the former. LDAP will. We currently have the LDAP plugin set up so all staff and students can log in with their university network account, get access to certain restricted collections, and submit items themselves. It was set up before I started so I don’t know what config was like, though I know when the university moved its LDAP servers, modifying this in the configuration was straight-forward. We haven’t tried EZproxy specifically but we’ve struggled with the IP auth setup and never got it working. Granted last time I tried I wasn’t very familiar with the system yet, and we’ve upgraded since then so possibly it’d work nicely now if we looked again. It just hasn’t been a priority since people can login through the LDAP plugin. Deborah From: dspac...@googlegroups.com<javascript:> [mailto:dspac...@googlegroups.com<javascript:>] On Behalf Of Tim Donohue Sent: Wednesday, 28 March 2018 9:10 a.m. To: Ray Schwartz <schwa...@gmail.com<javascript:>> Cc: DSpace Technical Support <dspac...@googlegroups.com<javascript:>> Subject: Re: [dspace-tech] EZProxy and Dspace Accounts Hi Ray, Although I don't have direct experience with EZProxy, DSpace does have two authentication plugins that may be of interest: First, an LDAP authentication plugin, which can be configured to use an external LDAP (allowing users to use an LDAP-based University signon). It also can optionally be configured to assign permissions (i.e. add people to DSpace Groups) based on their current LDAP groups. See https://wiki.duraspace.org/display/DSDOC6x/Authentication+Plugins#AuthenticationPlugins-LDAPAuthentication Second, we have an IP authentication plugin, which can allow you to specify individual IP addresses (or IP ranges) which will be given extra access rights in your DSpace. It essentially lets you map one or more IP addresses/ranges to DSpace Groups (and then use those Groups to provide access rights in DSpace). See https://wiki.duraspace.org/display/DSDOC6x/Authentication+Plugins#AuthenticationPlugins-IPAuthentication In DSpace you can enable one or more Authentication plugins. So, it's possible to run both the LDAP plugin and the IP plugin together. I don't have a specific example of doing this for EZProxy, but if you essentially want an LDAP single signon, and the ability to provide access rights via a Proxy (IP address), these might be useful in doing either/both. Good luck! Hopefully others on this list with more direct experience with EZProxy can provide you with better examples. Tim On Tue, Mar 27, 2018 at 2:56 PM Ray Schwartz <schwa...@gmail.com<javascript:>> wrote: Has anyone setup EZProxy to work with Dspace? We have an EZProxy server connected to the University's LDAP server. So rather than our users created their own accounts on Dspace, we would like them to use their University signon. Have any of you all done something like this? Ray Schwartz Head of Library Information Systems schwa...@wpunj.edu<javascript:> David and Lorraine Cheng Library Tel: +1 973 720-3192 William Paterson University Fax: +1 973 720-2585 300 Pompton Road<https://maps.google.com/?q=300+Pompton%0D%0ARoad&entry=gmail&source=g> Mobile: +1 201 424-4491 Wayne, NJ 07470-2103 USA http://nova.wpunj.edu/schwartzr2/<http://euphrates.wpunj.edu/faculty/schwartzr2/> -- You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group. To unsubscribe from this group and stop receiving emails from it, send an email to dspace-tech...@googlegroups.com<javascript:>. To post to this group, send email to dspac...@googlegroups.com<javascript:>. Visit this group at https://groups.google.com/group/dspace-tech. For more options, visit https://groups.google.com/d/optout. -- Tim Donohue Technical Lead for DSpace & DSpaceDirect DuraSpace.org | DSpace.org | DSpaceDirect.org -- You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group. To unsubscribe from this group and stop receiving emails from it, send an email to dspace-tech...@googlegroups.com<javascript:>. To post to this group, send email to dspac...@googlegroups.com<javascript:>. Visit this group at https://groups.google.com/group/dspace-tech. For more options, visit https://groups.google.com/d/optout. ________________________________ P Please consider the environment before you print this email. "The contents of this e-mail (including any attachments) may be confidential and/or subject to copyright. Any unauthorised use, distribution, or copying of the contents is expressly prohibited. If you have received this e-mail in error, please advise the sender by return e-mail or telephone and then delete this e-mail together with all attachments from your system." -- You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group. To unsubscribe from this group and stop receiving emails from it, send an email to dspace-tech+unsubscr...@googlegroups.com<mailto:dspace-tech+unsubscr...@googlegroups.com>. To post to this group, send email to dspace-tech@googlegroups.com<mailto:dspace-tech@googlegroups.com>. Visit this group at https://groups.google.com/group/dspace-tech. For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group. To unsubscribe from this group and stop receiving emails from it, send an email to dspace-tech+unsubscr...@googlegroups.com. To post to this group, send email to dspace-tech@googlegroups.com. Visit this group at https://groups.google.com/group/dspace-tech. For more options, visit https://groups.google.com/d/optout.