From: Dan Scott Date: Thu, 8 Mar 2012 18:36:04 +0000 (-0500) Subject: Add id_attr LDAP attribute to opensrf.xml.example X-Git-Tag: sprint4-merge-nov22~4520 X-Git-Url: https://old-git.evergreen-ils.org/?a=commitdiff_plain;h=3bfb4a67e3492ed75f40136d4b62d1b5d73d0f65;p=working%2FEvergreen.git Add id_attr LDAP attribute to opensrf.xml.example Also add a Release Notes entry for the authentication proxy service. Signed-off-by: Dan Scott Signed-off-by: Dan Wells --- diff --git a/Open-ILS/examples/opensrf.xml.example b/Open-ILS/examples/opensrf.xml.example index 82c55e7bb4..ea6f18b397 100644 --- a/Open-ILS/examples/opensrf.xml.example +++ b/Open-ILS/examples/opensrf.xml.example @@ -393,6 +393,7 @@ vim:et:ts=4:sw=4: name.domain.com ou=people,dc=domain,dc=com cn=username,ou=specials,dc=domain,dc=com + uid my_ldap_password_for_authid_user staff diff --git a/docs/RELEASE_NOTES_2_2.txt b/docs/RELEASE_NOTES_2_2.txt index 036eef9173..ecd0808248 100644 --- a/docs/RELEASE_NOTES_2_2.txt +++ b/docs/RELEASE_NOTES_2_2.txt @@ -98,6 +98,27 @@ may be particularly useful for libraries that have defined one set of copy locations at the consortial level and want to enable quick keyboard navigation to copy locations by typing just the first letters of the copy location. +Authentication proxy +~~~~~~~~~~~~~~~~~~~~ +To support integration of Evergreen with organizational authentication systems, +and to reduce the proliferation of user names and passwords, Evergreen offers +a new service called `open-ils.auth_proxy`. If you enable the service, +`open-ils.auth_proxy` supports different authentication mechanisms +that implement the `authenticate` method. You can define a chain of these +authentication mechanisms to be tried in order within the `` +element of the `opensrf.xml` configuration file, with the option of falling +back to the `native` mode that uses Evergreen's internal method of password +authentication. + +This service only provides authentication; there is no support for automatic +provisioning of accounts. To authenticate against any authentication system, +the user account must first be defined within the Evergreen system, and +authentication will be based on the user name as it exists in Evergreen. + +A sample authentication mechanism for LDAP is provided in +`Open-ILS::Application::AuthProxy::LDAP_AUTH`, and corresponding sample +attributes can be found in `opensrf.xml.example`. + Reports ~~~~~~~