[Dspace-tech] Help - is automatic group membership possible ?

[Clive Gould]

Hi

I'm currently successfully using Marcelo's RADIUS Module to authenticate
DSpace under Linux against MS AD via Windows IAS. i.e.

DSpace - Freeradius - IAS - AD

I seem to recall reading somewhere that it is possible for users who are
authorised by LDAP and auto-registered by DSpace to be automatically added
to a group in DSpace at the same time as they are registered.

Is this possible with LDAP authentication?

If yes, is this also possible with RADIUS authentication??

Thanks very much

Clive

Clive Gould
HE PAL ICT
Bromley College






-
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now   http://get.splunk.com/
___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech

Re: [Dspace-tech] Help - is automatic group membership possible ?

[mfrodrigues]

  I forgot to answer to the list. here goes the reply:

   I seem to recall reading somewhere that it is possible for users who are

authorized by LDAP and auto-registered by DSpace to be automatically added
to a group in DSpace at the same time as they are registered.


  You are almost right ;)

   Is this possible with LDAP authentication?

  As far as i know, it isn't supported in LDAP auth method.

   If yes, is this also possible with RADIUS authentication??

  But, its supported on the Radius auth! We needed an automatic  
method to add people to certain groups, and since we were building  
RADIUS we thought that we should make it as practical as possible.


  So, we support auto_add feature. Let me explain how it works:

  When it reads the Radius answer, it looks for an radius filed  
called Reply-Message. If you have Group_TEST=yes in the radius  
answer to that user, he will be added to the group TEST. If you have  
Group_TEST=no, the user will be removed from that group.


  note: you need to create the group by hand. It was an failsafe  
option we made, the have control of all groups.


  All logs are escaped to general dspace.conf

  Marcelo



-
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now   http://get.splunk.com/___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech

Re: [Dspace-tech] Help - is automatic group membership possible ?

[Tim Donohue]

Clive,

Clive Gould wrote:
 I seem to recall reading somewhere that it is possible for users who are
 authorised by LDAP and auto-registered by DSpace to be automatically added
 to a group in DSpace at the same time as they are registered.
 
 Is this possible with LDAP authentication?
 
 If yes, is this also possible with RADIUS authentication??

Although not possible out of the box, we've made a simple customization 
to leverage existing Active Directory groups in DSpace at UIUC.  It may 
not be the best implementation, but it works well so far...let me explain:

1) I've created a custom AuthenticationMethod which I've called 
UIUCSpecialGroups, which really only implements the 
getSpecialGroups() method to automatically add people to special 
groups for the life of their DSpace session.I've added this class to 
the list of Stackable Authentication Methods in the dspace.cfg to 
enable it.

2) The getSpecialGroups() method of that class is set up to query our 
local Active Directory, based on the user's netid, and ask for a list of 
all AD Groups this user is a member of.

3) After getting a list of all AD Groups this person is a member of, we 
then check DSpace to see if there is a group of the *same exact name*. 
In order to be a bit more careful, we actually look for a group of the 
same name with  [automated] appended to it (plus this lets us know 
which DSpace groups are actually managed by AD)

So, if a user belongs to an AD Group called:
Library Staff
We look in DSpace for a group named:
Library Staff [automated]

If a group of that name is found in DSpace, then we add the user to that 
group for the remainder of their session.

So, in a way we are automatically adding people to groups based on 
Active Directory memberships, but we are not auto-creating all AD Groups 
in DSpace (basically cause there are too many of them that DSpace would 
never use).  But, you could use that same sort of idea to replicate your 
AD groups into DSpace if you really wanted to.

As always, I'm glad to share code with those interested.  When I get a 
chance, I also may add something to the DSpace Wiki HowTo if others 
find this useful.

- Tim

-- 


Tim Donohue
Research Programmer, Illinois Digital Environment for
Access to Learning and Scholarship (IDEALS)
135 Grainger Engineering Library
University of Illinois at Urbana-Champaign

email: [EMAIL PROTECTED]
web:   http://www.ideals.uiuc.edu
phone: (217) 333-4648
fax:   (217) 244-7764


-
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now   http://get.splunk.com/
___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech