Showing posts with label EPRINTS. Show all posts
Showing posts with label EPRINTS. Show all posts

Monday, May 22, 2017

MEMBUAT TAXONOMI FAKULTAS, PRODI, DAN SUBJECTS PADA EPRINTS

Membuat Taxonomi pada Eprints
Ruang Lingkup
  • Membuat Taksonomi fakultas/program studi/Jurusan
  • Membuat taksonomi subyek ilmu pengetahuan
A. Membuat taksonomi fakultas/program studi.
  1. Observasi terlebih dahulu nama nama fakultas dan program studi yang ada di Universitas
  2. Buat menggunakan aplikasi Excel atau Calc
  3. Buka terminal yang terdapat pada komputer (Linux)
  4. Buka file subjects dengan editor gunakan perintah
$nano /archives/archives_id/cfg/subject
divisions:Universitas Trisakti:ROOT:0
fac_eng:Fakultas Teknik:divisions:0
sch_civ:Jurusan Teknik Sipil:fac_eng:1
sch_ecs:Jurusan Teknik Elektro:fac_eng:1
sch_eng:Jurusan Teknik Kimia:fac_eng:1
fac_law:Fakultas Hukum:divisions:0
sch_art:Jurusan Hukum Pidana:fac_law:1
sch_edu: Jurusan Hukum Perdata:fac_law:1
Akan menghasilkan Hirarki
Universitas Trisakti
  1. Fakultas Teknik
  • Jurusan Teknik Sipil
  • Jurusan Teknik Elektro
  • Jurusan Teknik Kimia
  1. Fakultas Hukum
  • Jurusan Hukum Pidana
  • Jurusan Hukum Perdata

Share:

MELAKUKAN INDEXING RECORD DAN FILE PADA EPRINTS

Berbeda dengan aplikasi Otomasi Perpustakaan, aplikasi Eprints tidak serta merta memunculkan record baik metadata maupun file digitalnya pada halaman pencarian (OPAC).
Semua file dan metadata yang telah diinput baik oleh user/reviewer perlu dilakukan indexing terlebih dahulu agar dapat muncul di halaman pencarian Eprints.
NB: Perlu diperhatikan proses indexing akan memakan waktu yang cukup lama tergantung jumlah record dan file yang akan diindeks. Semakin besar jumlah record dan file, semakin lama pula proses indexing. Saran saya lakukan indexing secara berkala.
Berikut adalah tatacara indexing
1. Login terlebih dahulu pada Eprints sebagai administrator (masukkan username dan password)
2. Klik menu Admin yang ada di atas
3. Klik Tab System Tools
4. Klik Tombol Start Indexer (biarkan prosesnya selesai dan muncul pesan “Indexer started successfully”)
5. Klik kembali Tab System Tools
6. Klik pada tombol Regenerate Abstracts (biarkan prosesnya selesai dan muncul pesan “Successfully set abstracts to regenerate”)
7. Klik kembali Tab System Tools
8. Klik pada tombol Regenerate Views (biarkan prosesnya selesai dan muncul pesan “Successfully set views to regenerate”)
9. Proses indexing selesai
Share:

TUTORIAL BACKUP APLIKASI EPRINTS PADA SERVER UBUNTU 14.04

Tutorial Backup Aplikasi Eprints pada Server Ubuntu 14.04
Sebuah aplikasi perlu dilakukan backup secara berkala. Backup/cadangan data wajib dilakukan sebagai bagian dari recovery data apabila terjadi hal-hal yang tidak diinginkan.
Salah satunya aplikasi Eprints yang digunakan untuk manajemen koleksi digital.
Berikut adalah tata cara backup/cadangan data aplikasi Eprints.
Menurut dokumentasi Eprints, cadangan data/backup pada aplikasi Eprints dilakukan dua bagian. Pertama, melakukan cadangan pada source Eprints dan kedua pada database.
1. Melakukan backup source Eprints
Kita buat terlebih dahulu Direktori Backup Eprints pada home
$ sudo mkdir backup_eprints
Masuk ke direktori backup_eprints
$ cd backup_eprints
Lalu kita coba backup dengan perintah
$ sudo tar -czf backup_eprints_`date +%Y%m%d_%H%M%S`.tar.gz /usr/share/eprints3
2. Melakukan backup database
$ mysqldump -u root -p namadatabaseeprints /home/rido/backup_eprints/backup_$(date +%Y%m%d_%H%M%S).sql
3. Terkahir Copy direktory backup_eprints ke server lain ðŸ™‚
Share:

Tuesday, January 10, 2017

Membangun Repository dengan Eprints


Sebelum membangun repository menggunakan eprints, terlebih dahulu install aplikasi eprints yang dibahas pada posting sebelumnya install eprints menggunakan file eprints.deb . apabila instalasi sudah dilakukan dan berhasil selanjutnya membangun halaman repository eprints dengan langkah-langkah berikut :
  1. Masuk ke terminal linux dengan previlage “eprints“. buka terminal ketikkan perintah :
    sudo su (kemudian masukkan password user anda),  sudo su eprints .
  2. Kemudian masuk ke folder instalasi eprints di ” /opt/eprints” atau “/usr/share/eprints” . ketikkan perintah ./bin/epadmin create
  3. Setelah di enter dakan masuk ke halaman membangun repository eprints, anda akan diberi pertanyaan perihal repository yang akan dibangun ada yang harus dijawab ada yang sudah terjawab secara default., berikut rinciannya :
    1. Archive ID? ipacul (ketikkan nama repository, hanya diperbolehkan karakter huruf dan angka)
    2. Configure vital settings? [yes] ? yes (boleh diketik yes atau tekan enter langsung, karena secara default jawabannya yes)
    3. Hostname? ipacul.local (ketikkan alamat web yang diinginkan untuk mengakses repository)
    4. Webserver Port [80] ? (menentukan port yang akan digunakan secara default terisi port 80 apabila langsung di tekan enter)
    5. Alias (enter # when done) [#] ? (menentukan alias alamat untuk hostname, bisa dikosongkan dan langsung tekan enter)
    6. Path [/] ? (menentukan alamat folder install dan harus “/” , atau langsung tekan enter)
    7. HTTPS Hostname [] ? (menentukan port untuk alamat secure hotsname, apabila akan menggunakan fasilitas ini sebaiknya mensetting terlebih dahulu secure connection yang akan digunakan diserver, default kosong atau ditekan enter langsung)
    8. Administrator Emailadmin@ipacul.local (mengisi alamat email administrator)
    9. Archive Name [Test Repository] ? ipacul repository (diisi untuk mencoba repository yang di buat)
    10. Write these core settings? [yes] ? yes (boleh diketik yes atau tekan enterlangsung, karena secara default jawabannya yes)
    11. Configure database? [yes] ?yes (boleh diketik yes atau tekan enter langsung, karena secara default jawabannya yes)
    12. Database Name [ipacul] ? (menulis nama database yang akan dibuat bisa langsung enter dan secara default nama sesuai dengan yang didalam tanda “[]” )
    13. MySQL Host [localhost] ?(menulis nama host mysql server yang telah dibuat bisa langsung enter dan secara default nama sesuai dengan yang didalam tanda “[]” )
    14. MySQL Port (# for no setting) [#] ?(menulis port mysql server yang telah dibuat bisa langsung enter dan secara default nama sesuai dengan yang didalam tanda “[]” )
    15. MySQL Socket (# for no setting) [#] ?(menulis socket mysql server yang telah dibuat bisa langsung enter dan secara default nama sesuai dengan yang didalam tanda “[]” )
    16. Database User [*****] ? (menulis user mysql server yang telah dibuat bisa langsung enter dan secara default nama sesuai dengan yang didalam tanda “[]” )
    17. Database Password [******] ? (menulis user mysql server yang telah dibuat bisa langsung enter dan secara default nama sesuai dengan yang didalam tanda “[]” )
    18. Write these database settings? [yes] ?yes (boleh diketik yes atau tekan enterlangsung, karena secara default jawabannya yes)
    19. Create database “ipacul” [yes] ?yes (boleh diketik yes atau tekan enterlangsung, karena secara default jawabannya yes)
    20. Database Superuser Username [root] ?  (menulis superuser mysql server yang telah dibuat bisa langsung enter dan secara default nama sesuai dengan yang didalam tanda “[]” )
    21. Database Superuser Password? (masukkan password superuser mysql-server)
    22. Create database tables? [yes] ? yes (boleh diketik yes atau tekan enter langsung, karena secara default jawabannya yes)
    23. Create an initial user? [yes] ?  yes (boleh diketik yes atau tekan enter langsung, karena secara default jawabannya yes)
    24. Enter a username [admin] ?  (menulis superuser repository  yangakan dibuat bisa langsung enter dan secara default nama sesuai dengan yang didalam tanda “[]” )
    25. Select a user type (user|editor|admin) [admin] ? (memilih tipe user akses  yang akan dibuat, disarankan pakai admin untuk pertama kalinya bisa langsung enter dan secara default nama sesuai dengan yang didalam tanda “[]” )
    26. Enter Password? (masukkan password yang diinginkan)
    27. Email?admin@ipacul.local (masukkan email untuk user yang dibuat)
    28. Do you want to build the static web pages? [yes] ?yes (boleh diketik yes atau tekan enter langsung, karena secara default jawabannya yes)
    29. Do you want to import the LOC subjects? [yes] ?yes (tulis no apabila tidak ingin import subject dari Library Of Congress yes atau tekan enter langsung, karena secara default jawabannya yes)
    30. Do you want to update the apache config files? (you still need to add the ‘Include’ line) [yes] ?yes (boleh diketik yes atau tekan enter langsung, karena secara default jawabannya yes)
  4. Membuat dummy hostname di “/etc/host” . ketikkan perintah nano /etc/hosts .tambahkan baris berikut 127.0.0.1 hostname-eprints (contoh: 127.0.0.1ipacul.local)., kemudian ctrl+x dan “y” kemudian tekan enter.
  5. Menambahkan baris “Include /usr/share/eprints/cfg/apache.conf ”  di“/etc/apache2/apache.conf” . ketikkan perintah nano /etc/apache2/apache.conf,kemudian tambahkan “Include /usr/share/eprints/cfg/apache.conf ” dibaris paling terakhir.
  6. Restart apache2 server dengan perintah sudo service apache2 restart
  7. Kemudian buka browser dan buka web repository yang sudah dibuat dengan mengetikkan alamat hostname yang telah dibuat, apabila berhasil akan muncul tampilan seperti gambar dibawah.
Tampilan eprints repository yang telah diinstall
repository eprints
Selamat Mencoba dan semoga berhasil, jika gagal ulangi lagi jangan pernah menyerah. Apabila mendapat kesulitan mari kita diskusikan lewat komentar dibawah.
Share:

Install Eprints menggunakan File Eprints.deb


Sebelum kita menginstall eprints terlebih dahulu install web server apache2, mysql server untuk tutorialnya silahkan klik di link ini
  1. Donwload file eprints_3.3.12_all.deb di alamat http://files.eprints.org/867/2/eprints_3.3.12_all.deb dengan perintah :-server1@server1:~$ wget http://files.eprints.org/867/2/eprints_3.3.12_all.deb 
  2. Masuk ke folder tempat menyimpan hasil download, kemudian mengeksekusi file .deb dengan perintah : -server1@server1:~$sudo gdebi eprints.3.3.12_all.deb (apabila belum terinstal gdebi terlebih dahulu di install dengan perintah -server1@server1:~$sudo apt-get install gdebi-core )
  3. Ketika instalasi berlangsung akan dimintai untuk mengisi nullmailer, di isi dengan nama server, contoh server1. kemudian configuring nullmailer di isi dengan mail.server1 smtp
  4. Setelah proses instalasi eprints selesai kemudian masuk ke terminal linux untuk membuat host dummy eprints di localhost. –-server1@server1:~$ sudo nano /etc/hosts  kemudian tambahkan baris berikut : 127.0.0.1 web-address-eprints (contoh : 127.0.0.1 eprints.local ), kemudian keluar dengan “ctr+x” lalu “y”
Selesai proses instalasi eprints-nya, proses selanjutnya yaitu membuat halaman web repository eprints yang akan dibahas di halaman membangun repository eprints.
Selamat Mencoba
Share:

Cara Install Apache2 Web Server Mysql-Server dan PHP5 Ubuntu

Kali ini saya akan mencoba berbagi ilmu tentang cara untuk menginstall apache2 web servermysql-server dan PHP5 di ubuntu atau biasa kita sebut “LAMP”. Sebelum melakukan instalasi pastikan laptop atau komputer terhubung dengan internet, karena kita akan mengambil source dari repository ubuntu atau repository lokal Indonesia.
Buka terminal ubuntu CTR+Alt+T

Install Apache Web Server

  1. Setelah terminal terbuka ketikkan perintah “linux@linux:~$ sudo apt-get install apache2" 
  2. Setelah proses install selesai silahkan buka browser kemudian ketikkan di alamat web browser “http://localhost” kemudian enter, apabila muncul tulisan “It Work!” berarti proses intalasi apache web server berhasil.

 Install Mysql-server

  1. Masih di terminal ketikkan perintah “linux@linux:~$ sudo apt-get install mysql-server" 
  2. ketika proses instalasi mysql anda akan diminta mengkonfigurasi web server yang akan digunakan, pilih Apache dengan “space” sampai muncul tanda (*) di sebelah Tulisan Apache, kemudian next
  3. Kemudian akan diminta password untuk user “root” ketikkan Password Anda, kemudian next . Masukkan Password Anda sekali lagi untuk verifikasi password.
  4. Setelah proses install selesai ketikkan di terminal perintah “linux@linux:~$sudo mysql -u root -p" lalu enter dan masukkan Password Anda , maka akan tampil halaman myql pada terminal
    mysql-server
  5. Apabila muncul halaman mysql-server berarti proses instalasi myql-server berhasil, untuk keluar dari halaman mysql ketikkan perintah "exit" lalu enter

Install PHP5

  1. Masih di terminal ubuntu ketikkan perintah "linux@linux:~$ sudo apt-get install php5" 
  2. Setelah proses install php5 selesai masuk ke folder “/var/www”  folder tersebut adalah folder default untuk apache web server, dengan mengetikkan perintah "linux@linux:~$ cd /var/www "
  3. Setelah masuk ke folder tersebut, membuat file ber-ekstensi *.php (contoh:info.php) dengan mengetikkan perintah  "linux@linux:~$ sudo touch info.php"
  4. Kemudian edit dengan text-editor yang biasa digunakan seperti vi/nano/gedit dll, disini saya menggunakan text editor nano,maka saya ketikkan perintah  "linux@linux:~$ sudo nano info.php"
  5. Setelah masuk ke halaman text-editor ketikkan code php untuk mengetahui info php plugin yang terinstal di webserver,   "<?php echo phpinfo(); ?>"kemudian untuk meng-save “CTRL+X” dan ketik “y”
  6. Kemudian masuk ke browser dan ketikkan alamathttp://localhost/info.php” maka akan muncul di halaman browser seperti di bawah ini apabila proses instalasi berhasil.
Halaman php5

Mungkin ini yang bisa saya bagikan selamat mencoba dan sampai jumpa di tutorial-tutorial berikutnya, apabila ada pertanyaan silahkan tinggalkan comment di posting ini, see you.
Share:

Sunday, November 6, 2016

Eprints Install 3, Setting domain

UNIMAS Official Wiki » Dashboard » HOW-TO, Tutorial & User Manual » HOW-TO : Install Eprints v3.3.12 on Ubuntu 14.04 With LDAP Authentication

HOW-TO : Install Eprints v3.3.12  on Ubuntu 14.04 With LDAP Authentication

Last modified by Khairilzamrie bin Rosle on 2014/11/14 10:06
Comments (0) · Attachments (0) · History · Information
This HOW-TO is produced to assist people interested to installEprints v3.3.12 on Ubuntu 14.04 LTS with integration of LDAP Authentication. It also meant to make the installation process of Eprints v 3.3.12 on Ubuntu 14.04 (which has known issues) to be much more easier and straightforward. People interested to just simply install Eprints without LDAP Authentication just need to complete Step 1 of 4.

Pre-requisite

  • Ubuntu 14.04 64bit
  • Apache 2.4 (bundled with Ubuntu 14.04)
  • Perl/v5.18.2 (bundled with Ubuntu 14.04)
  • Eprints v 3.3.12
  • Domain name for eprints server - In this tutorial we will use myeprints.example.my
  • IP Address for eprints server - In this tutorial we will use 10.0.0.11
  • Ldap v3 server - In this tutorial we will use fictional LDAP server ldap.example.org
  • Port 443 needs to be opened on the EPrints server to allow web access over https (EPrints will switch from HTTP on port 80 to HTTPS on port 443 from the time you log in to the time you log back out again)

Step 1 of 4 : Install Eprints via APT

First, log into your EPrints server via ssh from your PC. If you are using Windows PC, you can use Putty. If you are using a Mac or a Linux PC then open a terminal and issue this command (replace eprintsuser with your own user which has sudo privillege and also replace 10.0.0.11 with your eprints server real IP Address):
ssh eprintsuser@10.0.0.11
Once you logged in, add Eprints repository to your Ubuntu /etc/apt/sources.list file :
sudo nano /etc/apt/sources.list
and add the following at the bottom of the file :
deb http://deb.eprints.org/3.3/ stable/
deb-src http://deb.eprints.org/3.3/ source/
Then, install Eprints via apt-get
sudo apt-get update && sudo apt-get install eprints
Now, before we proceed, we have to sort out some issue first. Eprints v3.3.12 and below have a known issues running on Apache 2.4 (and Perl/v5.16+) which bundled with Ubuntu 14.04 (and 13.10). To solve these issues, we need to patch some of Eprints files. We are going to patch 4 files :
  • /usr/share/eprints3/perl_lib/EPrints/Repository.pm
  • /usr/share/eprints3/lib/defaultcfg/cfg.d/security.pl
  • usr/share/eprints3/perl_lib/EPrints/Apache/LogHandler.pm
  • /usr/share/eprints3/perl_lib/EPrints/DataObj/LoginTicket.pm
sudo su eprints
wget -N https://raw.githubusercontent.com/eprints/eprints/88567f9cf9deb146c24a8088e452d4561c90f05e/perl_lib/EPrints/Repository.pm -O /usr/share/eprints3/perl_lib/EPrints/Repository.pm
wget -N https://raw.githubusercontent.com/eprints/eprints/26e97fc3dbaa28e89e7ffbe0e6f8eedbfc7804cd/lib/defaultcfg/cfg.d/security.pl -O /usr/share/eprints3//lib/defaultcfg/cfg.d/security.pl
wget -N https://raw.githubusercontent.com/eprints/eprints/67986a00f042077a8388278cbcfdd51e0d737647/perl_lib/EPrints/Apache/LogHandler.pm -O /usr/share/eprints3/perl_lib/EPrints/Apache/LogHandler.pm
wget -N https://raw.githubusercontent.com/eprints/eprints/34f85e9b994d47cb95e225874749c274020688b5/perl_lib/EPrints/DataObj/LoginTicket.pm -O /usr/share/eprints3/perl_lib/EPrints/DataObj/LoginTicket.pm
sed -i 's/$r->connection->remote_ip/$r->connection->client_ip()/g' /usr/share/eprints3/perl_lib/EPrints/DataObj/LoginTicket.pm
Cool! We are done with patching. Now, lets create a repository for Eprints. Please follow the on-screen instructions to set up an eprints repository. You will be asked to enter Archive ID during the installation. Please remember the Archive ID you entered as it will be used for the next steps.
/usr/share/eprints3/bin/epadmin create
Now we need to edit an apache config file which generated during previous step.  Replace <YOURARCHIVEID> below with the Archive ID you just created in previous step :
nano /usr/share/eprints3/cfg/apache/<YOURARCHIVEID>.conf
and replace all the content with these scripts. Please don't forget to replace <YOURARCHIVEID> in the file below with your Archive ID :
#
# apache.conf include file for ir
#
# Any changes made here will be lost if you run generate_apacheconf
# with the replace option
#
# The main virtual host for this repository
<VirtualHost *:80>
  ServerName myeprints.example.my
  ServerAdmin admin@example.com
  <Location "">
    PerlSetVar EPrints_ArchiveID <YOURARCHIVEID>
    Options +ExecCGI
   # Order allow,deny
   # Allow from all
    Require all granted
  </Location>
  ErrorLog ${APACHE_LOG_DIR}/eprintserror.log
  CustomLog ${APACHE_LOG_DIR}/eprintsaccess.log combined
  # Note that PerlTransHandler can't go inside
  # a "Location" block as it occurs before the
  # Location is known.
  PerlTransHandler +EPrints::Apache::Rewrite
</VirtualHost>
Once you're done :
exit
sudo mv /etc/apache2/sites-available/eprints /etc/apache2/sites-available/eprints.conf 
sudo a2dismod mpm_event
sudo a2enmod mpm_prefork
sudo a2ensite eprints
sudo apache2ctl stop
sudo apache2ctl start
You should now have a working installation of eprints in /usr/share/eprints3/

Step 2 of 4 : Configure HTTPS for Eprints

This is still the same process as the standard HTTPS setup. First, edit/usr/share/eprints3/archives/<YOURARCHIVEID>/cfg/cfg.d/10_core.pl file (where <YOURARCHIVEID> is your Archive IDcreated above) :
sudo su eprints
nano /usr/share/eprints3/archives/<YOURARCHIVEID>/cfg/cfg.d/10_core.pl
Replace the file content with following lines :
$c->{host} = 'myeprints.example.my';
$c->{port} = 80;
$c->{aliases} = [];
$c->{securehost} = 'myeprints.example.my';
$c->{secureport} = 443;
$c->{securepath} = '/secure';
$c->{http_root} = '';
$c->{https_root} = '';
$c->{http_cgiroot} = '/cgi';
$c->{https_cgiroot} = '/cgi';
Next you need to run the generate_apacheconf command;
/usr/share/eprints3/bin/generate_apacheconf
The command will generate an apache config file at /usr/share/eprints3/cfg/apache_ssl/<YOURARCHIVEID>.conf . We now need to edit it .  Replace <YOURARCHIVEID> with the Archive ID created above :
nano /usr/share/eprints3/cfg/apache_ssl/<YOURARCHIVEID>.conf
and replace the whole content with these. Please don't forget to replace <YOURARCHIVEID> in the file below with your Archive ID :
#
# secure.conf include file for ir
#
# Any changes made here will be lost if you run generate_apacheconf
# with the replace option
#
  <Location "">
    PerlSetVar EPrints_ArchiveID <YOURARCHIVEID>
    PerlSetVar EPrints_Secure yes
    Options +ExecCGI
    #Order allow,deny 
    #Allow from all
    Require all granted
  </Location>
Once you are done, issue this command :
exit
EPrints should now be ready for SSL. Now we need to configure Apache for https.
The first thing you need to do is install the SSL certificate generator if you don't already have it;
sudo apt-get install ssl-cert
Next make a directory for all your SSL certificates in your apache2 directory;
sudo mkdir /etc/apache2/ssl
Now we can generate the certificate;
sudo make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache2/ssl/apache.pem
Now enable the module for apache2 which should already be installed as part of the apache2 package;
sudo a2enmod ssl
We now need to create a new virtualhost since EPrints makes some assumptions about the existence of the SSL virtualhost, but it does not exist on Debian/Ubuntu. Create a new file eprints-ssl.conf in /etc/apache2/sites-available/ :
sudo nano /etc/apache2/sites-available/eprints-ssl.conf
and in this file you want to put the following :
<VirtualHost *:443>
  SSLEngine on
  SSLCertificateFile /etc/apache2/ssl/apache.pem
  Include /usr/share/eprints3/cfg/apache_ssl.conf
</VirtualHost>
Once you have done this enable the site;
sudo a2ensite eprints-ssl
Then restart apache2 :
sudo service apache2 restart 
Now your Eprints ready to be accessed via https

Step 3 of 4 : Enable Eprints Authentication with LDAP

To enable LDAP authentication, first install perl-ldap library :
sudo apt-get install libnet-ldap-perl
It is recommended that certain user rights are removed when using LDAP for login. The user should not be allowed to change their password or their email address. It is also suggested that the user not be allowed to edit their profile, however there are certain fields that we would like the user to edit. To set the rights edit the file (where <YOURARCHIVEID> is your Archive ID created above):
sudo su eprints
nano /usr/share/eprints3/archives/<YOURARCHIVEID>/cfg/cfg.d/user_roles.pl

#
# User Roles
#
#  Here you can configure which different types of user are 
#  parts of the system they are allowed to use.
#

$c->{user_roles}->{user} = [qw{
        general
        edit-own-record
        saved-searches
#       set-password
        deposit
#       change-email
}];
$c->{user_roles}->{editor} = [qw{
        general
        edit-own-record
        saved-searches
#       set-password
        deposit
#       change-email
        editor
        view-status
        staff-view
}];
$c->{user_roles}->{admin} = [qw{
        general
        edit-own-record
        saved-searches
        set-password
        deposit
        change-email
        editor
        view-status
        staff-view
        admin
        edit-config
}];
# Note  nobody has the very powerful "toolbox" or "rest" roles, by default!
# Use this to set public privilages. 
$c->{public_roles} = [qw{
        +eprint/archive/rest/get
        +subject/rest/get
}];
#$c->{user_roles}->{minuser} = [qw{
#       general
#       edit-own-record
#       saved-searches
#       set-password
#       lock-username-to-email
#}];
# If you want to add additional roles to the system, you can do it here.
# These can be useful to create "hats" which can be given to a user via
# the roles field. You can also override the default roles.
#
#$c->{roles}->{"approve-hat"} = [
#       "eprint/buffer/view:editor",
#       "eprint/buffer/summary:editor",
#       "eprint/buffer/details:editor",
#       "eprint/buffer/move_archive:editor",
#];
Now we are going to configure Eprints to use LDAP Authentication with On-Demand Creation of Users. This will :
  • allowing LDAP accounts to login, using the "Advanced LDAP Configuration" example
  • allowing the local eprints admin account to login w/ database authentication
  • creating Eprints accounts for all successfully authenticated LDAP users on the fly
* Make sure to only use this over HTTPS!
Edit /usr/share/eprints3/archives/<YOURARCHIVEID>/cfg/cfg.d/user_login.pl (<YOURARCHIVEID> is your Archive ID created above) :
nano /usr/share/eprints3/archives/<YOURARCHIVEID>/cfg/cfg.d/user_login.pl
and replace the whole content with below script. Make sure you replace values for :
  • $ldap_host  - Change to your LDAP server domain name or IP Address
  • $base - Change to your base DN for user tree
  • $groupbase - Change to your base DN for group tree which you want the user to be member of  (this will act as group filter)
  • $dn -  Change to your Proxy account which must exist in your LDAP tree and has appropriate permissions (ACL settings) to search for users and read their uid,givenname,sn,mail attributes
  • $ldappass - Change to your password for the proxy account

=pod


# Please see http://wiki.eprints.org/w/User_login.pl
$c->{check_user_password} = sub {

        my( $repo, $password, $username ) = @_;

        return $ok ? $username : undef;
};


=cut



$c->{check_user_password} = sub {
   my( $session, $username, $password ) = @_;

   # LDAP authentication for "user", "editor" and "admin" types (roles)

   use Net::LDAP; # IO::Socket::SSL also required
   use Time::Piece ();

   # LDAP tunables
   my $ldap_host = "ldap.example.org";
   my $base      = "dc=example,dc=org";
   my $groupbase = "cn=Groups,dc=example,dc=org";
   my $dn        = "cn=someProxyAccount";
   my $ldappass   = "someProxyAccountPassword";


   my $ldap      = Net::LDAP->new ( $ldap_host, version => 3 );
   unless( $ldap )
   {
        print STDERR Time::Piece::localtime->strftime('[%a %b %d %H:%M:%S %Y]');
        print STDERR " LDAP error: $@\n";
        return 0;
   }

   # Start secure connection (not needed if using LDAPS)
   my $ssl = $ldap->start_tls();
   if( $ssl->code() )
   {
       print STDERR Time::Piece::localtime->strftime('[%a %b %d %H:%M:%S %Y]');
       print STDERR " LDAP SSL error: " . $ssl->error() . "\n";
       return 0;
   }

   # Get password for the search-bind-account
   my $repository = $session->get_repository;
   my $id         = $repository->get_id;
   my $mesg = $ldap->bind( $dn, password=>$ldappass     );
   if( $mesg->code() )
   {
       print STDERR "LDAP Bind error: " . $mesg->error() . "\n";
       return 0;
   }

   # Distinguished name (and attribues needed later on) for this user
   my $result = $ldap->search (
       base    => "$base",
       scope   => "sub",
       filter  => "(&(uid=$username)(objectclass=inetOrgPerson))",
       attrs   =>  ['1.1', 'uid', 'sn', 'mail'],
       sizelimit=>1
   );

   my $entr = $result->pop_entry;
   unless( defined $entr )
   {
       # Allow local EPrints authentication for admins (accounts not found in LDAP)
       my $user = EPrints::DataObj::User::user_with_username( $session, $username );
       return 0 unless $user;

       my $user_type = $user->get_type;
       if( $user_type eq "admin" )
       {
           # internal authentication for "admin" type
           return $session->get_database->valid_login( $username, $password );
       }
       return 0;
   }
   my $ldap_dn = $entr->dn;

   #filter the user found based on group (make sure the user is in Staff_grp group in OID)
   my $userGroup = $ldap->search (
       base    => "$groupbase",
       scope   => "sub",
       filter  => "(&(uniquemember=$ldap_dn))",
       attrs   =>  ['cn'],
       sizelimit=>1

   );

   my $entrGroup = $userGroup->pop_entry;
   unless( defined $entrGroup )
   {
        # User Not in Staff group - reject login
        print STDERR Time::Piece::localtime->strftime('[%a %b %d %H:%M:%S %Y]');
        print STDERR " NOT AUTHORIZED : User $username is not a staff\n";
        return 0;
   }

   # Check password
   my $mesg = $ldap->bind( $ldap_dn, password => $password );
   if( $mesg->code() )
   {
       return 0;
   }

   # Does account already exist?
   my $user = EPrints::DataObj::User::user_with_username( $session, $username );
   if( !defined $user )
   {
       # New account
       $user = EPrints::DataObj::User::create( $session, "user" );
       $user->set_value( "username", $username );
   }

   # Set metadata
   my $name = {};
   $name->{family} = $entr->get_value( "sn" );
   $name->{given} = $entr->get_value( "given" );
   $user->set_value( "name", $name );
   $user->set_value( "username", $username );
   $user->set_value( "email", $entr->get_value( "mail" ) );
   $user->commit();

   $ldap->unbind if $ldap;

   return 1;
}
Things to note
  • This script uses a dedicated proxy account which must exist in your LDAP tree and has appropriate permissions (ACL settings) to search for users and read their uid,givenname,sn,mail attributes.
  • It changes the flow of user_login.pl a little to only check for local admin accounts (no users or editors; we have them all in our LDAP tree) and only when no user is found for ldap authentication. This allows you to have your admins in LDAP (if you want) but still use the local admin for "promoting" other users to admins, among other things (which could also be done with a simple SQL update directly in the RDBMS). If you don't need the local admin, remove those lines and just return 0 since no user was found in LDAP.
  • You could change the default role for generated user accounts from user, if you really wanted.
Now restart your apache
exit
sudo service apache2 restart 
Now your Eprints ready for LDAP authentication!

Step 4 of 4 : Finally, test the installation

On your PC (not your server) set the Eprints server  domain name you just setup in your hosts file. In this tutorial we used myeprints.example.my as the domain name with 10.0.0.11 IP Address for the Eprint server.
In Windows 7 :

Select the Start menu key and locate Notepad. ...
Right click on Notepad. ...
Select Run as administrator.
Using notepad, open C:\Windows\System32\Drivers\etc\hosts


In Linux PC or Mac :

sudo nano /etc/hosts
and add this line at the bottom of the file (Replace 10.0.0.11 with the eprints server IP Address) :

10.0.0.11       myeprints.example.my
Save and close.
To test it, using your browser go to http://myeprints.example.my . Eprints default page should be displayed if you are successful. Enjoy your brand-new shiny Eprints!
Share: