Page History
...
Since many institutions and organizations have existing authentication systems, DSpace has been designed to allow these to be easily integrated into an existing authentication infrastructure. It keeps a series, or "stack", of authentication methods, so each one can be tried in turn. This makes it easy to add new authentication methods or rearrange the order without changing any existing code. You can also share authentication code with other sites.
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="dee349d6-b687-4b9a-93af-4b8629cdaddc"><ac:plain-text-body><![CDATA[ | Configuration File: | | ]]></ac:plain-text-body></ac:structured-macro> |
Property: | | ||
Example Value: |
|
...
Standard LDAP Configuration | |||
Property: | | ||
Example Value: | | ||
Informational Note: | This setting will enable or disable LDAP authentication in DSpace. With the setting off, users will be required to register and login with their email address. With this setting on, users will be able to login and register with their LDAP user ids and passwords. | ||
Property: | | ||
Example Value: | | ||
Informational Note: | This is the url to your institution's LDAP server. You may or may not need the /o=myu.edu part at the end. Your server may also require the ldaps:// protocol. | ||
Property: | | ||
Example Value: | | ||
Explanation: | This is the unique identifier field in the LDAP directory where the username is stored. | ||
Property: | | ||
Example Value: | | ||
Informational Note: | This is the object context used when authenticating the user. It is appended to the ldap.id_field and username. For example | ||
Property: | | ||
Example Value: | | ||
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="c87e3c2bf357a478-332ab1cd-460f4279-b68e963c-6dfc2d82ce6d1a2aea56510c"><ac:plain-text-body><![CDATA[ | Informational Note: | This is the search context used when looking up a user's LDAP object to retrieve their data for autoregistering. With ldap.autoregister turned on, when a user authenticates without an EPerson object we search the LDAP directory to get their name and email address so that we can create one for them. So after we have authenticated against uid=username,ou=people,o=byu.edu we now search in ou=people for filtering on [uid=username]. Often the | ]]></ac:plain-text-body></ac:structured-macro> |
Property: | | ||
Example Value: | | ||
Informational Note: | This is the LDAP object field where the user's email address is stored. "mail" is the default and the most common for LDAP servers. If the mail field is not found the username will be used as the email address when creating the eperson object. | ||
Property: | | ||
Example Value: | | ||
Informational Note: | This is the LDAP object field where the user's last name is stored. "sn" is the default and is the most common for LDAP servers. If the field is not found the field will be left blank in the new eperson object. | ||
Property: | | ||
Example Value: | | ||
Informational Note: | This is the LDAP object field where the user's given names are stored. I'm not sure how common the givenName field is in different LDAP instances. If the field is not found the field will be left blank in the new eperson object. | ||
Property: | | ||
Example Value: | | ||
Informational Note: | This is the field where the user's phone number is stored in the LDAP directory. If the field is not found the field will be left blank in the new eperson object. | ||
Property: | | ||
Example Value: | | ||
Informational Note: | This will turn LDAP autoregistration on or off. With this on, a new EPerson object will be created for any user who successfully authenticates against the LDAP server when they first login. With this setting off, the user must first register to get an EPerson object by entering their ldap username and password and filling out the forms. | ||
LDAP Users Group | |||
Property: | | ||
Example Value: | | ||
Informational Note: | If required, a group name can be given here, and all users who log into LDAP will automatically become members of this group. This is useful if you want a group made up of all internal authenticated users. (Remember to log on as the administrator, add this to the "Groups" with read rights). |
...