As part of the Libraries walk-in-user pilot AARC project partner set up a customized instance of their solution didmos LUI (LDAP User Interface) that is being used for administrators to manage their libraries' / campuses' IP address ranges.
As can be seen on the main documentation page for the Libraries walk-in-user pilot, the portal has the following features:
- Protected by a Shibboleth SP, any user from a federated IdP can access
- Library administrators are authorized by
- their eduPersonPrincipalName
- their eduPersonEntitlement (must have some predefined value)
- The only menu item "Trusted IP ranges" will allow Library administrators to enter any number of LDAP entries that
- have an IP range start and end
- associated eduPersonAffiliation (default unscoped value "library-walk-in", the generated scope will be taken from the scope of the administrator's eduPersonPrincipalName)
- associated eduPersonEntitlement (can be set freely)
- some description
- The Walk-in-Library-User IdP will then use these LDAP entries to set these eduPersonAffiliation and eduPersonEntitlement values upon login of some user from that IP range
didmos LUI is written in Perl/CGI and is being used by DAASI as a customized frontend for their LDAP deployments. Both its source code and AARC customized configuration are not publicly available, however can be provided upon request (please send an e-mail to email@example.com).