OJS OCS OMP OHS

You are viewing the PKP Support Forum | PKP Home Wiki



LDAP Question

Are you a Director, Presenter, Reviewer or Conference Manager in need of help? Want to talk to us about workflow issues? This is your forum.

Moderators: jmacgreg, michael

Forum rules
This forum is meant for general questions about the usability of OCS from an everyday user's perspective: conference managers, presenters, and directors are welcome to post questions here, as are librarians and other support staff. We welcome general questions about the role of OCS and how the workflow works, as well as specific function- or user-related questions.

What to do if you have general, workflow or usability questions about OCS:

1. Read the documentation. We've written documentation to cover from OCS basics to system administration and code development, and we encourage you to read it.

2. take a look at the tutorials. We will continue to add tutorials covering OCS basics as time goes on.

3. Post a question. Questions are always welcome here, but if it's a technical question you should probably post to the OCS Technical Support subforum; if you have a development question, try the OCS Development subforum.

LDAP Question

Postby BVBAccelerate » Wed Apr 21, 2010 8:06 am

I found the following entry on your wiki page (http://pkp.sfu.ca/wiki/index.php/Settin ... Shibboleth) which brought up a few questions from me. I have commented on it below.

I can't log in to OxS with my LDAP credentials.

A major component of OxS is a consistent record of user activity, especially in respect to submissions and editing. If user records are stored outside of OxS, there is no guarantee that the record will stick around or stay consistent, causing problems with OxS. Thus, LDAP credentials won't work unless there is a matching user in OxS.

That said, there are several ways to get your LDAP users into your OxS database. If you wish to do a one time dump of users into OxS, you could build an XML file with user information to import into OxS (see the Users XML plugin). Further, code could be written to automatically insert users into the database when registered in another application. The execute function in classes/manager/form/UserManagementForm.inc.php shows how users are registered into OJS, and can be modeled in user registration functions in another application. Likely a variety of other solutions can be implemented to overcome this.


I thought that part of the convenience of LDAP was that it did synchronize the user information between the sources. But in the first paragraph there from what I understand, it does not. The second paragraph suggests writing a script to automatically insert users into OCS when they register in the other application. If I was doing this, why would I even want the LDAP setup? Is the LDAP method of authentication for synchronizing the account data, but doesn't create one in OCS when one is created in, for instance, Drupal?

On a side note I see that Shibboleth wasn't incorporated into version 2.3, but is supposed to be made available to 2.4. I know you guys released 2.3 only a few months ago, but is there any possible estimate for a 2.4 release date?
BVBAccelerate
 
Posts: 33
Joined: Mon Apr 19, 2010 2:01 pm

Re: LDAP Question

Postby mcrider » Wed Apr 28, 2010 10:12 am

Hi BVBAccelerate,

Our support of LDAP and Shibboleth is rather limited, as we didn't write those plugins, and I don't believe anyone on the team has much direct experience with these systems (I wrote the wiki article you cited, but I gave up trying to install a working LDAP server as I was honestly wasting too much time trying to get it to work). That said, the LDAP plugin will synchronize user information like the user's profile, and can create/delete users on the LDAP server when they are created in OxS, but hosting the user database entirely on the LDAP server is not sufficient for OxS due to the need to keep a persistent user account for record keeping (i.e. a user can be deleted on the LDAP server, and OJS would not be 'informed', and even if it were, you can't really delete a user in OxS--it would have to be merged with another user).

BTW, porting shibboleth support is still marked as an active bug, but I'm unsure if it will be tackled anytime soon. If you have any development resources, we could give you some guidance with improving the LDAP plugin or porting Shibboleth to OCS.

Cheers,
Matt
mcrider
 
Posts: 952
Joined: Mon May 05, 2008 10:29 am
Location: Vancouver, BC

Re: LDAP Question

Postby BVBAccelerate » Thu Apr 29, 2010 9:59 am

At this point it seems like this won't be an undertaking that we can handle for the project. We do have the development resources but time is constrained. In the future I may come back to this though depending on what the client wants what we go live.

Thank you for your response Matt.
BVBAccelerate
 
Posts: 33
Joined: Mon Apr 19, 2010 2:01 pm

Re: LDAP Question

Postby barbarah » Mon May 09, 2011 3:39 pm

Hi BVB

BVBAccelerate wrote:At this point it seems like this won't be an undertaking that we can handle for the project. We do have the development resources but time is constrained. In the future I may come back to this though depending on what the client wants what we go live.


What authentication system did you end up implementing? How do you handle shared authentication across applications?

Thanks! -Barbara
barbarah
 
Posts: 27
Joined: Thu Mar 24, 2011 1:25 pm
Location: California Digital Library, Oakland, California

Re: LDAP Question

Postby BVBAccelerate » Thu May 19, 2011 1:54 pm

Hey barbarah,

We were not able to implement shared authentication. What we did do was write code in the controllers of Joomla! to insert a user into the OCS system whenever they registered in Joomla!

When someone logs into Joomla! it does not log them into the conference system, and when they go to that part of the site they must re-login.

It is not an ideal implementation, but it is all we could do based on our available resources. Has anyone been able to find out a way to implement shared authentication?
BVBAccelerate
 
Posts: 33
Joined: Mon Apr 19, 2010 2:01 pm

Re: LDAP Question

Postby ramon » Fri May 20, 2011 6:10 am

Hello all,

Joomla! 1.5 has the JFusion extension, which allows creation of "single sign-on" options.
User jmiefhas developed a Joomla/OCS/OJS plugin for account and session integration which seems to work fine. It's a paid plugin, but it is quite cheap. At his website there seems to be a demo, to view only the single sign-on working, where you log in in Joomla and access an OxS installation and already logged in.

I haven't seen the kind of customization I would like, integrating OxS into Joomla! more deeply, which would require coding modules and components or using some sort of Webservice (Joomla has XMLRPC and other webservices availble, which I've never used, so I don't know how they work).
ramon
 
Posts: 931
Joined: Wed Oct 15, 2003 6:15 am
Location: Brasí­lia/DF - Brasil


Return to OCS Conference Support and Discussion

Who is online

Users browsing this forum: Yahoo [Bot] and 2 guests

cron