[
https://jira.duraspace.org/browse/DS-652?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18326#action_18326
]
Flávio Botelho commented on DS-652:
-----------------------------------
Right now we use PasswordAuthentication for external users, but we do
not want them to have access to some special collections only internal
users should.
They are being added to the special collection group by the current
code where we configured only ldap.login.specialgroup.
The IPAuthentication is a separate authentication mechanism so with my
patch in place your problem will also be easily solved.
Just specify the same special group with read access to the special
collection to both the ldap.specialgroup and to the
authentication.ip.SPECIAL_GROUP = iprange[, iprange ...].
The only use-case where a problem could appear was if you you were
using the current wrong behaviour to assign multiple groups to the
authenticated users, something that can be trivially adapted (10 min
work) in the patch (and current) code for DSpace to be able to handle
multiple groups for each authentication mechanism.
> Wrong behaviour of special groups at login. Use only special groups of the
> authetication that DID authenticate the user.
> ------------------------------------------------------------------------------------------------------------------------
>
> Key: DS-652
> URL: https://jira.duraspace.org/browse/DS-652
> Project: DSpace
> Issue Type: Bug
> Components: DSpace API
> Affects Versions: 1.6.0
> Reporter: Flávio Botelho
> Priority: Major
> Attachments: Fix_behaviour_of_autentication_specialGroups.patch
>
>
> We have internal users autheticating thru LDAP. And external users are still
> able to create new users.
> Unfortunally the authentication is putting all external users created thru
> the Login Authentication also in the ldap.login.specialgroup, of course that
> is not expected.
> Looking at code at AuthenticationManager it becomes clear that it is adding
> ALL the special groups of ALL the possible authentication mechanism, which
> doesnt make any sense whatsoever...
> It should only add special groups of the authentication mechanism that DID
> authenticate the user.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.duraspace.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
------------------------------------------------------------------------------
Increase Visibility of Your 3D Game App & Earn a Chance To Win $500!
Tap into the largest installed PC base & get more eyes on your game by
optimizing for Intel(R) Graphics Technology. Get started today with the
Intel(R) Software Partner Program. Five $500 cash prizes are up for grabs.
http://p.sf.net/sfu/intelisp-dev2dev
_______________________________________________
Dspace-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dspace-devel
