<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css" style="display:none"><!--P{margin-top:0;margin-bottom:0;} .ms-cui-menu {background-color:#ffffff;border:1px rgb(171, 171, 171) solid;font-family:'Segoe UI WPC','Segoe UI',Tahoma,'Microsoft Sans Serif',Verdana,sans-serif;font-size:10pt;color:rgb(51, 51, 51);} .ms-cui-menusection-title {display:none;} .ms-cui-ctl {vertical-align:text-top;text-decoration:none;color:rgb(51, 51, 51);} .ms-cui-ctl-on {background-color:rgb(223, 237, 250);opacity: 0.8;} .ms-cui-img-cont-float {display:inline-block;margin-top:2px} .ms-cui-smenu-inner {padding-top:0px;} .ms-owa-paste-option-icon {margin: 0px 6px 0px 6px;vertical-align:middle!important;padding-bottom: 2px;display:inline-block;} .ms-rtePasteFlyout-option:hover {background-color:rgb(223, 237, 250) !important;opacity:1 !important;} .ms-rtePasteFlyout-option {padding:8px 4px 8px 4px;outline:none;} .ms-cui-menusection {float:left; width:85px;height:24px;overflow:hidden}.wf {speak:none; font-weight:normal; font-variant:normal; text-transform:none; -webkit-font-smoothing:antialiased; vertical-align:middle; display:inline-block;}.wf-family-owa {font-family:'o365Icons'}@font-face { font-family:'o365IconsIE8'; src:url('https://r4.res.outlook.com/owa/prem/16.0.277.6/resources/styles/office365icons.ie8.eot?#iefix') format('embedded-opentype'), url('https://r4.res.outlook.com/owa/prem/16.0.277.6/resources/styles/office365icons.ie8.woff') format('woff'), url('https://r4.res.outlook.com/owa/prem/16.0.277.6/resources/styles/office365icons.ie8.ttf') format('truetype'); font-weight:normal; font-style:normal;}@font-face { font-family:'o365IconsMouse'; src:url('https://r4.res.outlook.com/owa/prem/16.0.277.6/resources/styles/office365icons.mouse.eot?#iefix') format('embedded-opentype'), url('https://r4.res.outlook.com/owa/prem/16.0.277.6/resources/styles/office365icons.mouse.woff') format('woff'), url('https://r4.res.outlook.com/owa/prem/16.0.277.6/resources/styles/office365icons.mouse.ttf') format('truetype'); font-weight:normal; font-style:normal;}.wf-family-owa {font-family:'o365IconsMouse'}.ie8 .wf-family-owa {font-family:'o365IconsIE8'}.ie8 .wf-owa-play-large:before {content:'\e254';}.notIE8 .wf-owa-play-large:before {content:'\e054';}.ie8 .wf-owa-play-large {color:#FFFFFF/*$WFWhiteColor*/;}.notIE8 .wf-owa-play-large {border-color:#FFFFFF/*$WFWhiteColor*/; width:1.4em; height:1.4em; border-width:.1em; border-style:solid; border-radius:.8em; text-align:center; box-sizing:border-box; -moz-box-sizing:border-box; padding:0.1em; color:#FFFFFF/*$WFWhiteColor*/;}.ie8 .wf-size-play-large {width:40px; height:40px; font-size:30px}.notIE8 .wf-size-play-large {width:40px; height:40px; font-size:30px}.notIE8 .wf-owa-triangle-down-small:before {content:'\e052';}.ie8 .wf-owa-triangle-down-small:before { content:'\e052';}.ie8 .wf-owa-triangle-down-small {color:#666666/*$WFGreyColor*/;}.wf-size-x20 {font-size: 20px!important;}
<!--
@font-face
{font-family:"Cambria Math"}
@font-face
{font-family:Calibri}
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif"}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline}
span.EmailStyle17
{font-family:"Calibri","sans-serif";
color:windowtext}
@page WordSection1
{margin:1.0in 1.0in 1.0in 1.0in}
-->
--></style>
</head>
<body dir="ltr">
<div id="OWAFontStyleDivID" style="font-size:12pt;color:#000000;background-color:#FFFFFF;font-family:Calibri,Arial,Helvetica,sans-serif;">
Hi Ben,
<p><br>
</p>
Yeah, I think what you're seeing is generally the expected behavior, but it's not really handled very well in the UI. When a user authenticates, I think the user account should be made, but an administrator will need to grant them access to specific repositories.
<br>
<br>
However, I agree there should be a way for admins to create user account in the manage. I made this feature request
<a id="lnk786863" href="https://www.pivotaltracker.com/story/show/73730396">https://www.pivotaltracker.com/story/show/73730396</a><br>
<br>
<p>That manage groups issue is definatly a bug. I am wondering if we should have the user account made when you add a user to a group ( since the assumption is if you're adding them to a group, you want the account made in ASpace ). Does that sound right?</p>
<p><br>
</p>
<p>I've also added a feature request to map LDAP groups to ASpace groups here => <a id="lnk553351" href="https://www.pivotaltracker.com/story/show/73730396">
https://www.pivotaltracker.com/story/show/73730396</a></p>
<p><br>
</p>
<p><span id="ms-rterangepaste-end">best,chris.</span><br>
</p>
<p><br>
</p>
<p><br>
</p>
<div>
<p><br>
</p>
<div name="divtagdefaultwrapper" style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:; margin:0">
<div class="BodyFragment"><font size="2">
<div class="PlainText">Chris Fitzpatrick | <font size="2">Developer, ArchivesSpace</font><br>
Skype: chrisfitzpat | Phone: 918.236.6048<br>
http://archivesspace.org/<br>
</div>
</font></div>
</div>
</div>
<div style="color: rgb(40, 40, 40);">
<hr tabindex="-1" style="display:inline-block; width:98%">
<div id="divRplyFwdMsg" dir="ltr"><font style="font-size:11pt" color="#000000" face="Calibri, sans-serif"><b>From:</b> archivesspace_users_group-bounces@lyralists.lyrasis.org <archivesspace_users_group-bounces@lyralists.lyrasis.org> on behalf of Ben Goldman
<bmg17@psu.edu><br>
<b>Sent:</b> Friday, June 20, 2014 5:45 PM<br>
<b>To:</b> Archivesspace Users Group<br>
<b>Subject:</b> Re: [Archivesspace_Users_Group] LDAP with migration</font>
<div> </div>
</div>
<div>
<div style="font-family:georgia,serif; font-size:10pt; color:#000000">
<div>Hello everyone,<br>
</div>
<div><br>
</div>
<div>Some additional questions/commentary regarding LDAP in ASpace:</div>
<div>
<ul style="background-color:#fdfdfd">
<li>It appears there are only two ways to get LDAP accounts added to the users table in ASpace: 1) to have each individual user login to ASpace using their LDAP login and password, which throws the "no repository access" error but does create the user, which
allows the Administrator to then add the account to a group, or 2) write LDAP accounts directly to the user table via SQL statement. I don't see any way to add an LDAP user from the Manage Users screen. Is this an accurate reading? </li><li>It does, however, appear that from the Manage Groups screen in ASpace, if I type the first couple letters of an LDAP username, it will show all the qualifying usernames and even allow me to add one, but when I click save, it throws an error: "<span style="color:#b94a48; font-family:'Helvetica Neue',Helvetica,Arial,sans-serif; line-height:20px; background-color:#f2dede">Members
- translation missing: en.validation_errors.user_[username]_does_not_exist</span>" presumably because the user does not yet exist in the users table. It would be great if adding a user here also resulting in adding that account to local ASpace instance. </li><li>It might be useful to be able to assign LDAP groups to ASpace groups. I didn't see this that this was possible, but I may have missed something.</li></ul>
<div>Thanks,</div>
<div>Ben</div>
</div>
<br>
<div><br>
</div>
<div><span name="x"></span><span size="2" style="color:#000000; font-size:small"><span style="font-family:georgia,serif; font-weight:bold">Ben Goldman</span><br style="font-family:georgia,serif">
<span style="font-family:georgia,serif">Digital Records Archivist</span><br style="font-family:georgia,serif">
<span style="font-family:georgia,serif">Penn State University Libraries</span><br style="font-family:georgia,serif">
<span style="font-family:georgia,serif">University Park, PA</span><br style="font-family:georgia,serif">
<span style="font-family:georgia,serif">814-863-8333<br>
<a href="http://www.libraries.psu.edu/psul/speccolls.html">http://www.libraries.psu.edu/psul/speccolls.html</a><br>
</span></span><span name="x"></span><br>
</div>
<br>
<hr id="zwchr">
<div style="color:#000; font-weight:normal; font-style:normal; text-decoration:none; font-family:Helvetica,Arial,sans-serif; font-size:12pt">
<b>From: </b>"Patrick Galligan" <PGalligan@rockarch.org><br>
<b>To: </b>"archivesspace users group" <archivesspace_users_group@lyralists.lyrasis.org><br>
<b>Sent: </b>Tuesday, June 17, 2014 9:27:57 AM<br>
<b>Subject: </b>[Archivesspace_Users_Group] LDAP with migration<br>
<div><br>
</div>
<style>
<!--
@font-face
{font-family:"Cambria Math"}
@font-face
{font-family:Calibri}
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif"}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline}
span.EmailStyle17
{font-family:"Calibri","sans-serif";
color:windowtext}
@page WordSection1
{margin:1.0in 1.0in 1.0in 1.0in}
-->
</style>
<div class="WordSection1">
<p class="MsoNormal">Hi,</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">Has anyone been working with LDAP and the migration tools? We were wondering if migrating the users from AT and their old passwords causes any issues with LDAP authentication that we should know about.</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">Let me know if you’ve used LDAP along with user migration, and whether there are any possible traps we should watch out for.</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">Patrick Galligan</p>
<p class="MsoNormal">Rockefeller Archive Center</p>
<p class="MsoNormal">Assistant Digital Archivist</p>
<p class="MsoNormal">914-366-6386</p>
<p class="MsoNormal"> </p>
</div>
<br>
_______________________________________________<br>
Archivesspace_Users_Group mailing list<br>
Archivesspace_Users_Group@lyralists.lyrasis.org<br>
http://lyralists.lyrasis.org/mailman/listinfo/archivesspace_users_group<br>
</div>
<div><br>
</div>
</div>
</div>
</div>
</div>
</body>
</html>