DSpace
  1. DSpace
  2. DS-1078

Assign users in LDAP group to DSpace group on login

    Details

    • Type: Improvement Improvement
    • Status: Closed Closed (View Workflow)
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 1.7.2, 1.8.0
    • Fix Version/s: 3.0
    • Component/s: DSpace API
    • Labels:
      None
    • Attachments:
      1
    • Comments:
      4

      Description

      Use case: academic institution has their LDAP users nicely separated with an OU=Students, OU=Employees, and OU=Faculty. The institution wants a simple way to say: "any employees can submit to this collection, any faculty can submit to this collection."

      Proposed new DSpace property (similar to search.index config):

      Form is DN search string then DSpace group.

      ldap.login.groupmap.1 = ou=Students:ALL_STUDENTS
      ldap.login.groupmap.2 = ou=Employees:ALL_EMPLOYEES
      ldap.login.groupmap.3 = ou=Faculty:ALL_FACULTY

      So, if a user has a dn like:

      cn=jdoe,OU=Students,OU=Users,dc=example,dc=edu that user would get assigned to the ALL_STUDENTS group on login

      I thought about implementing this as part of getSpecialGroups, but the DN is not stored in the EPerson object, so it needs to be fetched from LDAP to be inspected. This proposed patch checks every time a user logs in to see if they need to be placed into any groups based on the mapping.

        Activity

        Hide
        Samuel Ottenhoff added a comment -
        Patch attached
        Show
        Samuel Ottenhoff added a comment - Patch attached
        Hide
        Robin Taylor added a comment -
        I've given this (and DS-1180) a quick review and they look good to me.
        Show
        Robin Taylor added a comment - I've given this (and DS-1180 ) a quick review and they look good to me.
        Hide
        Ivan Masár added a comment -
        This has been merged as part of https://github.com/DSpace/DSpace/pull/76

        Documentation is still missing.
        Show
        Ivan Masár added a comment - This has been merged as part of https://github.com/DSpace/DSpace/pull/76 Documentation is still missing.
        Show
        Ivan Masár added a comment - Documentation updated: https://wiki.duraspace.org/display/DSDOC3x/Authentication+Plugins#AuthenticationPlugins-LDAPAuthentication https://wiki.duraspace.org/display/DSDOC3x/Upgrading+From+1.8.x+to+3.x

          People

          • Assignee:
            Ivan Masár
            Reporter:
            Samuel Ottenhoff
          • Votes:
            1 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: