[Dspace-tech] LDAP config - DS-1576?
Does this fix the problem where LDAP doesn't automatically assign people to a group as instructed in the authentication-LDAP configuration file? David Schuster Texas Woman's University Director of Library Information Technology & Technical Support PO Box 425528 Denton TX 76204-5528 Phone: 940-898-3909 Fax: 940-898-3764 dschus...@twu.edu -- Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft technologies and advance your career. Get an incredible 1,500+ hours of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] LDAP config - DS-1576?
On Tue, Aug 27, 2013 at 11:17 PM, Schuster, David wrote: > Does this fix the problem where LDAP doesn’t automatically assign people to > a group as instructed in the authentication-LDAP configuration file? No, DS-1576 fixes a problem where the right configuration property to enable ldap wouldn't be read. To figure out which problem you're talking about I need to know your DSpace version. Assigining all LDAP users to a single group has always worked, AFAIK (the login.specialgroup option). There was new functionality added in 3.0 that allows multiple groups based on part of DN (see [1]), but this was reported broken - only the first mapped group would be used. I don't see a ticket for it yet, but see [2]. I'd like to fix this in time for DSpace 4.0. [1] https://jira.duraspace.org/browse/DS-1078 [2] http://dspace.2283337.n4.nabble.com/LDAP-and-Special-Groups-Code-td4666099.html Regards, ~~helix84 Compulsory reading: DSpace Mailing List Etiquette https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft technologies and advance your career. Get an incredible 1,500+ hours of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] LDAP config - DS-1576?
I am running dspace 3.2 and have LDAP running, but when I assigned a group of "submitter" in LDAP and have a group for that with all of the collections in it as people log in they are not assigned to anything. I also tried a particular collection and it didn't assign the new person into it either. Does that make sense? I would love to "test" anything you can throw at me! David Schuster Texas Woman's University Director of Library Information Technology & Technical Support PO Box 425528 Denton TX 76204-5528 Phone: 940-898-3909 Fax: 940-898-3764 dschus...@twu.edu -Original Message- From: ivan.ma...@gmail.com [mailto:ivan.ma...@gmail.com] On Behalf Of helix84 Sent: Tuesday, August 27, 2013 4:32 PM To: Schuster, David Cc: dspace-tech@lists.sourceforge.net Subject: Re: [Dspace-tech] LDAP config - DS-1576? On Tue, Aug 27, 2013 at 11:17 PM, Schuster, David wrote: > Does this fix the problem where LDAP doesn’t automatically assign > people to a group as instructed in the authentication-LDAP configuration file? No, DS-1576 fixes a problem where the right configuration property to enable ldap wouldn't be read. To figure out which problem you're talking about I need to know your DSpace version. Assigining all LDAP users to a single group has always worked, AFAIK (the login.specialgroup option). There was new functionality added in 3.0 that allows multiple groups based on part of DN (see [1]), but this was reported broken - only the first mapped group would be used. I don't see a ticket for it yet, but see [2]. I'd like to fix this in time for DSpace 4.0. [1] https://jira.duraspace.org/browse/DS-1078 [2] http://dspace.2283337.n4.nabble.com/LDAP-and-Special-Groups-Code-td4666099.html Regards, ~~helix84 Compulsory reading: DSpace Mailing List Etiquette https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft technologies and advance your career. Get an incredible 1,500+ hours of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] LDAP config - DS-1576?
Sorry for the late reply. After investigating what I found was I had not given the a policy to each group for the "submitter" All is working! Moving forward rapidly! David Schuster Texas Woman's University Director of Library Information Technology & Technical Support PO Box 425528 Denton TX 76204-5528 Phone: 940-898-3909 Fax: 940-898-3764 dschus...@twu.edu -Original Message- From: ivan.ma...@gmail.com [mailto:ivan.ma...@gmail.com] On Behalf Of helix84 Sent: Wednesday, August 28, 2013 2:57 AM To: Schuster, David Subject: Re: [Dspace-tech] LDAP config - DS-1576? On Wed, Aug 28, 2013 at 12:08 AM, Schuster, David wrote: > I am running dspace 3.2 and have LDAP running, but when I assigned a group of > "submitter" in LDAP and have a group for that with all of the collections in > it as people log in they are not assigned to anything. * Is this using login.specialgroup (this should work) or using login.groupmap.*? As I wrote before, it seems only login.groupmap.1 works, the rest is broken. * Just to make sure, are you aware that LDAP group membership is transient, not recorded anywhere in DSpace and has to be checked via user profile? * Where is your group membership stored in LDAP? login.groupmap.* takes it from DN (e.g. uid=dschuster,dn=STAFF,dn=twu,dn=edu). It can be also stored in attribute - DSpace currently doesn't support that, but I'd like to implement it for DSpace 4.0 because we just switched to this locally. > I also tried a particular collection and it didn't assign the new person into > it either. Does that make sense? I would love to "test" anything you can > throw at me! There is a catch there with collection rights, are you aware of this? https://wiki.duraspace.org/display/DSPACE/TechnicalFaq#TechnicalFaq-Ichangedaccessrestrictionsonacollection,butrestrictionsdidn'tchangeonitsitems Regards, ~~helix84 -- Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft technologies and advance your career. Get an incredible 1,500+ hours of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette