Uploaded image for project: 'DSpace'
  1. DSpace
  2. DS-1078

Assign users in LDAP group to DSpace group on login

    Details

    • Type: Improvement
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.7.2, 1.8.0
    • Fix Version/s: 3.0
    • Component/s: DSpace API
    • Labels:
      None
    • Attachments:
      1
    • Comments:
      4
    • Documentation Status:
      Needed

      Description

      Use case: academic institution has their LDAP users nicely separated with an OU=Students, OU=Employees, and OU=Faculty. The institution wants a simple way to say: "any employees can submit to this collection, any faculty can submit to this collection."

      Proposed new DSpace property (similar to search.index config):

      Form is DN search string then DSpace group.

      ldap.login.groupmap.1 = ou=Students:ALL_STUDENTS
      ldap.login.groupmap.2 = ou=Employees:ALL_EMPLOYEES
      ldap.login.groupmap.3 = ou=Faculty:ALL_FACULTY

      So, if a user has a dn like:

      cn=jdoe,OU=Students,OU=Users,dc=example,dc=edu that user would get assigned to the ALL_STUDENTS group on login

      I thought about implementing this as part of getSpecialGroups, but the DN is not stored in the EPerson object, so it needs to be fetched from LDAP to be inspected. This proposed patch checks every time a user logs in to see if they need to be placed into any groups based on the mapping.

        Attachments

          Activity

          Hide
          ottenhoffs Samuel Ottenhoff added a comment -

          Patch attached

          Show
          ottenhoffs Samuel Ottenhoff added a comment - Patch attached
          Hide
          robintaylor Robin Taylor added a comment -

          I've given this (and DS-1180) a quick review and they look good to me.

          Show
          robintaylor Robin Taylor added a comment - I've given this (and DS-1180 ) a quick review and they look good to me.
          Hide
          helix84 Ivan Masár added a comment -

          This has been merged as part of https://github.com/DSpace/DSpace/pull/76

          Documentation is still missing.

          Show
          helix84 Ivan Masár added a comment - This has been merged as part of https://github.com/DSpace/DSpace/pull/76 Documentation is still missing.
          Show
          helix84 Ivan Masár added a comment - Documentation updated: https://wiki.duraspace.org/display/DSDOC3x/Authentication+Plugins#AuthenticationPlugins-LDAPAuthentication https://wiki.duraspace.org/display/DSDOC3x/Upgrading+From+1.8.x+to+3.x

            People

            • Assignee:
              helix84 Ivan Masár
              Reporter:
              ottenhoffs Samuel Ottenhoff
            • Votes:
              1 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: