Authentication

From ReservesDirect: Open Source EReserves System

Currently, ReservesDirect can be configured to authenticate users via LDAP, or via a username and password stored within MySQL. The system can also be configured to try LDAP first, and failing that method, to seek a matching username/password pairing in the database.

The default setting is "Standalone" (in config.xml)

 
    <!-- Authentication type can be 'Any', 'LDAP', or 'Standalone' -->
    <authentication>
        <type>Standalone</type>
    </authentication>

When LDAP authentication is being used, the first time that a user logs into ReservesDirect, the system will seed a new user profile with the username, first and last names, and email address of the new user (so long as these attributes are available in your LDAP directory, and config.xml has been set up properly).

 
    <ldap>
        <userAttributes>                    <!-- attributes, if available, used to seed new user profile in RD -->
            <canonicalName>CHANGEME</canonicalName>        <!-- user's id (used to bind/authenticate) -->
            <email>CHANGEME</email>                <!-- email address (optional) -->
            <firstName>CHANGEME</firstName>        <!-- user's first name (optional) -->
            <lastName>CHANGEME</lastName>                <!-- user's last name (optional) -->
        </userAttributes>
    </ldap>

ReservesDirect has the ability to store "override" passwords locally in the database. In a 'Standalone' configuration, these are the only passwords associated with users. In an 'Any' configuration, failure to authenticate to the LDAP server results in a check for an alternative override password. This can be very useful in situations where the LDAP server is temporarily unavailable.