SLIBRARY

Ci t h thng

Ngy

08 09, 2010

Phin bn

1.0

Trng thi

Hon thnh

Tc gi

Trn Trng Thong

Lch s thay i
Ngy
08 09, 2010
08 09, 2010

Phin bn
1.0
1.0

Chi tit
Hng dn ci t h thng
sLibarry

Ngi thc hin

Trn Trng Thong

Mc lc
1 GII THIU................................................................................. 4
1.1 MC CH........................................................................................................................................................4
1.2 PHM VI...........................................................................................................................................................4
1.3 NH NGHA CC T VIT TT..........................................................................................................................4
1.4 THAM KHO......................................................................................................................................................4
1.5 TNG QUAN......................................................................................................................................................4

2 GII THIU CHUNG V SLIBRARY.................................................5

3 HNG DN CI T H THNG.................................................5
3.1 TH VIN VT L ..............................................................................................................................................5
3.2 TH VIN S .....................................................................................................................................................5
3.3 QUN L NGI DNG TP TRUNG........................................................................................................................5
3.3.1 CAS Central Authentication Service.................................................................................................5
3.3.2 LDAP

3.3.3 Build CAS v LDAP.............................................................................................................................5

3.3.4 Cu hnh SingleSignOn trn KOHA..................................................................................................10
3.3.5 Cu hnh SignleSignOn trn Dspace.................................................................................................10

4 THUT NG..............................................................................10
5 THAM KHO ............................................................................10

1 Gii Thiu
1.1

Mc ch

Hng dn ci t h thng sLibrary trn mi trng tht vn hnh. Ci t h thng gm ci t

th vin tht, th vin s v qun l ngi dng tp trung.

1.2

Phm Vi

Ti liu ny ch tp trung vo vic hng dn ci t h thng, mi yu cu i vi cc module cn

phi c p ng c th ci t v vn hnh tt nht.

1.3

nh Ngha Cc T Vit Tt

STT

Term

nh ngha

sLibarry

H thng th vin

KOHA

Gi ci t th vin vt l

DSpace

Gi ci t th vin s

CAS Server

H thng chng thc tp trung

LDAP Server

H thng qun l ngi dng tp trung

1.4

Tham Kho

1.5

Tng Quan

2 Gii thiu chung v sLibrary

sLibrary l h thng th vin p ng mi yu cu ca mt th vin hin i theo tiu chun quc t
tch hp:

h thng qun l th vin vt l

h thng th vin s

h thng qun l ngi dng tp trung nh kt hp ng nhp mt ln theo chun cng nghip
LDAP.

em li tin ch ng k cho h thng th vin trong quy trnh nghip v v qun tr ngi dng mt
cch thng minh

3 Hng dn ci t h thng
Yu cu phi ci t cc bin mi trng cho java, tomcat, ant, maven c hng dn trong
ti liu ci t th vin s
3.1

Th vin vt l
Ti liu hng dn : Koha@InstallationGuideline.doc

3.2

Th vin s
Ti liu hng dn: Dspace@IstallationGuide.doc

3.3

Qun l ngi dng tp trung

3.3.1 CAS Central Authentication Service

Ti liu hng dn: LV 05\200909_LV_DH_Liferay_Sakai_SSO.doc
(Mc 1.3 Central Authenticate Service Gii thiu trang 20/127)

3.3.2 LDAP
Ti liu hng dn: LDAP@Introduce.doc

3.3.3 Build CAS v LDAP

5

Phn nay hng dn trin khai CAS Server kt ni n LDAP Server v deploy CASServer trn
tomcat.

Hnh 1 - M hnh trin khai Sakai - Liferay CAS

Bc 1: Cu hinh CAS Server xac thc thng qua LDAP

Sau khi ti CAS Server v, bung ra mt th mc CAS-server-3.3.2.

M pom.xml trong %CAS_HOME%/CAS-server-webapp, thm phn sau:

<dependency>
<groupId>${project.groupId}</groupId>
<artifactId>cas-server-support-ldap</artifactId>
<version>${project.version}</version>
</dependency>

M
deployerConfigContext.xml
trong
th
mc
webapp/src/main/webapp/WEB-INF v sa li ni dung nh sau:
o

CAS_home/CAS-server-

Trong th <beans></beans> thay th AuthenticatedLDAPContextSource bng

ni dung nh sau:
<bean id="contextSource"
class="org.springframework.ldap.core.support.LdapContextSource">

st>

<property name="pooled" value="true"/>

<property name="urls">
<list><value>ldap://nonglam.cntt.com:5389</value></li

</property>
<property name="userDn" value="cn=Directory Manager"/>
<property name="password" value="123456"/>
</bean>
6

Trong :
ldap://nonglam.cntt.com:5389 l ng dn kt ni ti LDAP server
cn=Directory Manager l tn ng nhp root ca LDAP Server
123456 l password ng vi ti khon ng nhp trn
o

Thit lp AuthenticationHander: Thm ni dung sau vo bn trong th <bean

id=authenticationManager></bean>
<property name="authenticationHandlers" >
<list>
<bean
class="org.jasig.cas.authentication.handler.support.HttpBasedSer
viceCredentialsAuthenticationHandler">
<property name="httpClient" ref="httpClient" />
</bean>
<bean
class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler
" >
<property name="filter" value="uid=%u" />
<property name="searchBase"
value="ou=cntt,o=nonglam,dc=com" />
<property name="contextSource" ref="contextSource" />
</bean>
</list
</property>

Trong :
uid=%u l trng nh danh ca ngi dng trong LDAP Server
ou=cntt,o=nonglam,dc=com l cu trc cy tm kim ti khon ngi dng
-

Build v Deploy.

Build li CAS-server vi lnh: mvn package install ( ci t maven).

Sau build thnh cng chp CAS.war trong th mc %CAS_HOME%/CAS-serverwebppp/target vo th mc webapp ca tomcat.

Bc 2: Cu hinh Tomcat Server chy CAS

CAS s dung giao thc SSL cho nn cn phai cu hinh Tomcat h tr SSL.
-

S dng keytool self-sign mt certificate

o

Chay cmd Windown (hoc Terminal - Linux) vi quyn Administrator v chuyn

n th mc bin ca [JDK_Home]

//tao keystore
[JDK_Home]>cd bin
[JDK_Home]\bin>keytool -genkey -alias tomcat -keypass changeit
-keyalg RSA
Enter keystore password: changeit
What is your first and last name?
Ch nay phai in full domain
[Unknown]: nonglam.cntt.com
What is the name of your organizational unit?
[Unknown]: Information Systems
What is the name of your organization?
[Unknown]: Pacific Disaster Center
What is the name of your City or Locality?
[Unknown]: Kihei
What is the name of your State or Province?
[Unknown]: HI
What is the two-letter country code for this unit?
[Unknown]: US
Is CN=localhost, OU=Information Systems, O=Pacific Disaster
Center, L=Kihei, ST=HI, C=US correct? [no]: yes
//xut ra file certificate
[JDK_Home]\bin>keytool -export -alias tomcat -keypass changeit
-file server
Enter keystore password: changeit
Certificate stored in file <server>
//self-sign
[JDK_Home]\bin>keytool -import -file server -keypass changeit
-keystore ..\jre\lib\security\cacerts
Enter keystore password: changeit
Owner: CN=localhost, OU=Information Systems, O=Pacific Disaster
Center, L=Kihei, ST=HI, C=US
Issuer: CN=localhost, OU=Information Systems, O=Pacific
Disaster Center, L=Kihei, ST=HI, C=US
Serial number: 462030d8
Valid from: Fri Apr 13 15:39:36 HST 2007 until: Thu Jul 12
15:39:36 HST 2007
Certificate fingerprints:
MD5: CC:3B:FB:FB:AE:12:AD:FB:3E:D 5:98:CB:2E:3B:0A:AD
SHA1:
A1:16:80:68:39:C7:58:EA:2F:48:59:AA:1D:73:5F:56:78:CE:A4:CE
Trust this certificate? [no]: yes
Certificate was added to keystore
o

Ch : khi keystore c to, mt inh s c lu trong C:/Document and

Setting/User/.Keystore trn Windown hoc /home/[user]/.keystores trn Linux

Cu hnh tomcat server.xml

M file server.xml trong th mc config ca Tomcat. B comment element connector
cho cng 8843 (SSL). Thm vo nhng parameter cho keystore file, keystore pass,
trustore file va SSLEnable = true.

<!-- Define a SSL HTTP/1.1 Connector on port 8443 -->

<Connector port="8443" maxHttpHeaderSize="8192"
SSLEnabled=true
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="C:/Documents and Settings/[user]/.keystore"
keystorePass="changeit"
truststoreFile="[JDK_Home]/jre/lib/security/cacerts" />

Chy tomcat server v chy https://[host]:8443/CAS/login

Demo CAS Server xac thc thng qua LDAP

Cc bc thc hin:

Gii nn file down v (Link LV 05\cas_Current.rar)

Cu hnh ng dn kt ni ti LDAP Server (ging vi bc trn)

Cu hnh tomcat s dng giao thc https (ging vi bc trn)

Cu
hnh
ng
dn
tomcat
[Tomcat_home]/conf/server.xml

th

mc

CAS

Server

trong

file

<Host>
. . .
<Context path="/cas" docBase="[ng dn n th mc va gii
nn]" debug="0" reloadable="true" cachingAllowed="false"
allowLinking="true"/>
</Host>

3.3.4 Cu hnh SingleSignOn trn KOHA

3.3.5 Cu hnh SignleSignOn trn Dspace

Ti liu hng dn: Dspace@Customizations.doc
(Mc 5 Cu hnh Single Sign On cho Dspace thng qua LDAP v CAS trang 17)

4 Thut Ng
5 Tham Kho

10