Uploaded image for project: 'DSpace'
  1. DSpace
  2. DS-1078

Assign users in LDAP group to DSpace group on login

    Details

    • Type: Improvement
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.7.2, 1.8.0
    • Fix Version/s: 3.0
    • Component/s: DSpace API
    • Labels:
      None
    • Attachments:
      1
    • Comments:
      4
    • Documentation Status:
      Needed

      Description

      Use case: academic institution has their LDAP users nicely separated with an OU=Students, OU=Employees, and OU=Faculty. The institution wants a simple way to say: "any employees can submit to this collection, any faculty can submit to this collection."

      Proposed new DSpace property (similar to search.index config):

      Form is DN search string then DSpace group.

      ldap.login.groupmap.1 = ou=Students:ALL_STUDENTS
      ldap.login.groupmap.2 = ou=Employees:ALL_EMPLOYEES
      ldap.login.groupmap.3 = ou=Faculty:ALL_FACULTY

      So, if a user has a dn like:

      cn=jdoe,OU=Students,OU=Users,dc=example,dc=edu that user would get assigned to the ALL_STUDENTS group on login

      I thought about implementing this as part of getSpecialGroups, but the DN is not stored in the EPerson object, so it needs to be fetched from LDAP to be inspected. This proposed patch checks every time a user logs in to see if they need to be placed into any groups based on the mapping.

        Attachments

          Activity

            People

            • Assignee:
              helix84 Ivan Masár
              Reporter:
              ottenhoffs Samuel Ottenhoff
            • Votes:
              1 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: