[Archivesspace_Users_Group] LDAP with migration

Ben Goldman bmg17 at psu.edu
Mon Jun 23 13:25:51 EDT 2014

Hi Chris, 

Both of your proposals make sense to me. Thanks for adding those. 


----- Original Message -----

From: "Chris Fitzpatrick" <Chris.Fitzpatrick at lyrasis.org> 
To: "Archivesspace Users Group" <archivesspace_users_group at lyralists.lyrasis.org> 
Sent: Monday, June 23, 2014 1:17:33 PM 
Subject: Re: [Archivesspace_Users_Group] LDAP with migration 

Hi Ben, 

Yeah, I think what you're seeing is generally the expected behavior, but it's not really handled very well in the UI. When a user authenticates, I think the user account should be made, but an administrator will need to grant them access to specific repositories. 

However, I agree there should be a way for admins to create user account in the manage. I made this feature request https://www.pivotaltracker.com/story/show/73730396 

That manage groups issue is definatly a bug. I am wondering if we should have the user account made when you add a user to a group ( since the assumption is if you're adding them to a group, you want the account made in ASpace ). Does that sound right? 

I've also added a feature request to map LDAP groups to ASpace groups here => https://www.pivotaltracker.com/story/show/73730396 


Chris Fitzpatrick | Developer, ArchivesSpace 
Skype: chrisfitzpat | Phone: 918.236.6048 

From: archivesspace_users_group-bounces at lyralists.lyrasis.org <archivesspace_users_group-bounces at lyralists.lyrasis.org> on behalf of Ben Goldman <bmg17 at psu.edu> 
Sent: Friday, June 20, 2014 5:45 PM 
To: Archivesspace Users Group 
Subject: Re: [Archivesspace_Users_Group] LDAP with migration 
Hello everyone, 

Some additional questions/commentary regarding LDAP in ASpace: 

    * It appears there are only two ways to get LDAP accounts added to the users table in ASpace: 1) to have each individual user login to ASpace using their LDAP login and password, which throws the "no repository access" error but does create the user, which allows the Administrator to then add the account to a group, or 2) write LDAP accounts directly to the user table via SQL statement. I don't see any way to add an LDAP user from the Manage Users screen. Is this an accurate reading? 
    * It does, however, appear that from the Manage Groups screen in ASpace, if I type the first couple letters of an LDAP username, it will show all the qualifying usernames and even allow me to add one, but when I click save, it throws an error: " Members - translation missing: en.validation_errors.user_[username]_does_not_exist " presumably because the user does not yet exist in the users table. It would be great if adding a user here also resulting in adding that account to local ASpace instance. 
    * It might be useful to be able to assign LDAP groups to ASpace groups. I didn't see this that this was possible, but I may have missed something. 

Ben Goldman 
Digital Records Archivist 
Penn State University Libraries 
University Park, PA 

----- Original Message -----

From: "Patrick Galligan" <PGalligan at rockarch.org> 
To: "archivesspace users group" <archivesspace_users_group at lyralists.lyrasis.org> 
Sent: Tuesday, June 17, 2014 9:27:57 AM 
Subject: [Archivesspace_Users_Group] LDAP with migration 


Has anyone been working with LDAP and the migration tools? We were wondering if migrating the users from AT and their old passwords causes any issues with LDAP authentication that we should know about. 

Let me know if you’ve used LDAP along with user migration, and whether there are any possible traps we should watch out for. 

Patrick Galligan 

Rockefeller Archive Center 

Assistant Digital Archivist 


Archivesspace_Users_Group mailing list 
Archivesspace_Users_Group at lyralists.lyrasis.org 

Archivesspace_Users_Group mailing list 
Archivesspace_Users_Group at lyralists.lyrasis.org 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lyralists.lyrasis.org/pipermail/archivesspace_users_group/attachments/20140623/f44f2ca1/attachment.html>

More information about the Archivesspace_Users_Group mailing list