[dspace-tech] Re: Adding e-people into groups automatically

[Layale Bassil]

Hello,

Thank you so much for both replies. Mark you are right, I thought the users 
will be physically added to the group, so when I open the Group I should 
see them listed under the epersons of that group. And it is not the case as 
you said.

I have done a test as mentioned and the permissions were properly granted. 
Thank you again so much!!

Have a great day.
Regards.

On Tuesday, March 28, 2017 at 12:57:05 PM UTC+3, Layale Bassil wrote:
>
> Hello,
>
>  
>
> I have seen this question on the forums and the answer to it was to use 
> LDAP authentication which we are already using and then edit the 
> authentication-ldap.cfg file and set the logins.specialgroup = A property 
> and give it the name of the group created (assume = A).
>
>  
>
> I did this and restarted tomcat but when I login I am not being added to 
> group A. If a user belongs to another group wont this apply to him when he 
> logs in?
>
>  
>
> Why it is not working and how can I test it? We are using DSpace 5.2
>
>
> Please advise. 
>
>
> Thank you!
>

-- 
You received this message because you are subscribed to the Google Groups 
"DSpace Technical Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to dspace-tech+unsubscr...@googlegroups.com.
To post to this group, send email to dspace-tech@googlegroups.com.
Visit this group at https://groups.google.com/group/dspace-tech.
For more options, visit https://groups.google.com/d/optout.

RE: [dspace-tech] Re: Adding e-people into groups automatically

[Friesen, Darryl]

We are using DSpace 5.5 and Shibboleth authentication, and I’m also 
experiencing problems with these special groups.

Determining this isn’t working seems like the easy part – assign “Faculty” (a 
group comes over as part of the LDAP/Shibboleth login) to the Submitters role 
of a collection, login with a Faculty account and try a submission.  This is 
what we’ve done with our test server, and the account cannot submit items.

I’m curious what the best approach to debugging this would be?  Are the 
assignment of these session groups kept in one of the logs?  Do I need to 
increase the logging level?  Is there any way to view these roles/groups from 
within the UI (i.e. anything I can place in the XMLUI theme to dump user 
information for debugging)?


- Darryl


--
Darryl Friesen, B.Sc., Programmer/Analyst
darryl.frie...@usask.ca
Library Systems & Information Technology,http://library.usask.ca/
University of Saskatchewan Library
--
"Go not to the Elves for counsel, for they will say both no and yes"




-- 
You received this message because you are subscribed to the Google Groups 
"DSpace Technical Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to dspace-tech+unsubscr...@googlegroups.com.
To post to this group, send email to dspace-tech@googlegroups.com.
Visit this group at https://groups.google.com/group/dspace-tech.
For more options, visit https://groups.google.com/d/optout.

[dspace-tech] Re: Adding e-people into groups automatically

[Mark Wood]

On Tuesday, March 28, 2017 at 5:57:05 AM UTC-4, Layale Bassil wrote:
>
> I have seen this question on the forums and the answer to it was to use 
> LDAP authentication which we are already using and then edit the 
> authentication-ldap.cfg file and set the logins.specialgroup = A property 
> and give it the name of the group created (assume = A).
>
>  
>
> I did this and restarted tomcat but when I login I am not being added to 
> group A. If a user belongs to another group wont this apply to him when he 
> logs in?
>


How did you determine that this is not working?  You cannot make that 
determination by inspecting the list of members of group A.

Special groups are granted to user *sessions*, not user *accounts*.  
Special-group membership is not permanent and is not recorded anywhere in 
the database.  You can only discover it through the product's behavior or 
reading the authentication mechanism's configuration.  If you request 
access to an object, and access is granted, and access could only be 
granted to a member of group A, and you are not listed among the members of 
group A or any group that is a member of group A (directly or indirectly), 
then DSpace is configured to grant you special membership in group A.

-- 
You received this message because you are subscribed to the Google Groups 
"DSpace Technical Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to dspace-tech+unsubscr...@googlegroups.com.
To post to this group, send email to dspace-tech@googlegroups.com.
Visit this group at https://groups.google.com/group/dspace-tech.
For more options, visit https://groups.google.com/d/optout.