To let Goobi run several services are required as dependency. These services get explained on the following pages.
Goobi uses Samba to provide users with directory authorisations to read and write image data. The latest stable version of Samba should be installed from the operating system’s standard repositories.
f you are using Ubuntu Linux 14.04 LTS, you need to use the following command to install Samba from the standard repositories:
The service can be stopped and started using the following commands:
The configuration data is located on the following path:
If you are using Windows 7 or a later version, the directory can be integrated as a network drive. To set this up, click Start, then Computer. Next, right click on Network and choose the option Map network drive.
A free drive letter can now be assigned in the dialogue box. The folder entry should take the form SERVERNAME\USERNAME (with USERNAME standing for the Goobi user name). If the Goobi login data does not match the login data for the Windows PC, you will also need to select Connect using different credentials.
You may need to enter the user name and password for the next step. Thereafter, the network drive can be accessed using the selected drive letter.
The Goobi Mount Tool is an alternative way of connecting the authorised Goobi directories as a network drive.
The Goobi Mount Tool is configured in the file config.properties in the same directory as GoobiMountTool.exe.
The parameter drive_letter defines the drive letter used to integrate the network drive. The parameter ip_address is the IP address of the Goobi server that makes the network drives available.
Once it has been configured correctly, the Goobi Mount Tool can be called directly. Thereafter, all you need to do is enter the Goobi login details (user name and password).
Once you have selected Connect, the network drive can be accessed using the drive letter assigned in the configuration file.
Goobi saves information using a database. As a rule, the preferred option is MySQL. Ideally, the latest stable version of this database engine is installed from the operating system’s standard repositories.
If you are using Ubuntu Linux 14.04 LTS, MySQL is installed from the standard repositories by means of the following command:
The service can be stopped and started using the following commands:
The configuration data for MySQL is located on the following path:
Goobi is a web-based Java application. The Java code needs to be translated to ensure that Goobi can be called from your web browser. This job is done by a servlet container. Some examples are given below:
| Servlet Container | Project-URL |
|---|---|
Goobi is usually installed in an Apache Tomcat. This servlet container is installed from the operating system’s standard repositories. However, if the standard repositories do not contain version 7, Apache Tomcat is installed and maintained manually.
If you are using Ubuntu Linux 14.04 LTS, you need to use the following command to install Apache Tomcat (version 7) from the standard repositories:
The service can be stopped and started using the following commands:
The configuration data is located in the following path:
In order to install Goobi, you have to place the file goobi.war into the Tomcat’s webapps folder. The file is unpacked automatically. The webapps folder is located on the following path:
Goobi usually uses an LDAP server to authenticate users. This makes it possible to connect to the provided network drive with the same user name and password as in Goobi. In the configuration file goobi_config.properties it is specified on the one hand whether LDAP is to be used in principle by Goobi, on the other hand the truststore used is also configured there. All other settings for LDAP connections and user groups are made in the administration area of the user interface.
The LDAP server needs to include the following schemas: COSINE, inetOrgPerson, NIS und SAMBA..
In the file goobi_config.properties the following settings for LDAP and the truststore are available:
| Property | Type | Default Value | Description |
|---|---|---|---|
Note: In previous Goobi versions there were ldap_keystore and ldap_keystore_password settings at this point. These have been renamed because the keystore can be used for other purposes as well. These settings are no longer supported.
Note: Occasionally, the incorrectly passed ldap_truststore and ldap_truststore_password settings appear in older configuration files. These settings do not exist in Goobi and are accordingly not supported.
The configuration within the goobi_config.properties configuration file when using a local LDAP server may look like the following, for example:
LDAP groups can be set up in Goobi in the 'Administration' -> 'Authentication' section. A list of authentication options that have already been set up is displayed first. To set up an LDAP group, a new authentication must be created.
Currently, three authentication types are available. For all of them at least a name, a type and a login shell command must be selected.
If LDAP is selected as type, some more options are available. There are also a total of three tabs available for LDAP (General, Details and Authentication).
On the General page, basic settings for the LDAP group are made, such as the URL of the LDAP server, the User DN (distinguishing name) and Samba IDs. The User DN field is used for mapping from the user identification in the Goobi database to the user identification in the LDAP group. The placeholder {login} represents the login name of a user and must be specified so that Goobi can later create a named LDAP account for each new Goobi account.
On the page Details, many more details are configured for the LDAP group.
The Authentication page specifies technical details for authentication to the LDAP service set up in the General tab. This page contains some settings that previously could only be made once in the goobi_config.properties configuration file and can now be specified for this particular LDAP authentication.
As well as these Goobi-specific settings, it is important to ensure that LDAP users are identified to the operating system. The LDAP information must be entered correctly. This is particularly important for the following files:
The use of the LDAP server must be enabled for SAMBA. Since Ubuntu 14.04 LTS this is set by default.
| Property | Description |
|---|---|
| Property | Description |
|---|---|
| Property | Description |
|---|---|
Apache Tomcat
Jetty
Resin
ldap_use
Boolean
false
This value indicates whether an LDAP service should be used.
truststore
Text
This value specifies where the truststore is located.
truststore_password
Text
This value specifies the password for authentication in the truststore.
Name
A name for the authentication type is specified here. This should be unique within Goobi.
Type
This menu can be used to select what type of authentication it is. The options 'Database' and 'OpenID' can be used without detailed configuration. If LDAP is selected, further setting options appear below.
LDAP URL
The URL of the LDAP service is specified here. The URL must also contain the correct port number. If the LDAP server runs on the same machine, localhost:389 can be specified here.
LDAP User DN
This field contains information for creating LDAP accounts based on Goobi database accounts. The {login} placeholder must be used so that Goobi can use the correct user name later.
Samba SID
This is the user identification for the associated Samba server.
Login Shell
Here you can specify a bash script to be executed when a user logs in.
Samba Primary Group SID
The group ID for the user group at the Samba server is specified here.
User directory
The directory for user accounts is specified here. The placeholder {login} is used here so that Goobi can use the correct user name later.
GID number
The group ID number for the LDAP group is specified here. If multiple LDAP groups are set up, these IDs must be different.
Object classes
Additional parameters for the LDAP group can be specified in this field. These are listed comma separated.
LDAP SN
In this field the serial number of the user on the LDAP system is specified. The placeholder {login} can also be used for this.
LDAP UID
This field specifies the user ID to be used for the respective LDAP account. Here, too, {login} can be used as a placeholder.
Description
This description will be added to the users created by Goobi in the LDAP system.
Display name
This text field contains a placeholder for the user's full displayed name. Here {user full name} can be used. This will display first name and last name later.
Geocs
This field can be used to specify additional information about Goobi users in the LDAP group, such as a location or contact details.
Samba Account Flags
This field is used to specify additional parameters for the Samba account.
Samba Logon Script
This field can be used to specify a script file to be executed when a user logs on to the Samba system. To allow a separate script file for each user, the placeholder {login} can be used here as well.
Password change required by Samba
Here you can specify a time period after which each user has to change his password for security reasons. Since this password is also the Goobi password of the corresponding user, a user has to change his Goobi password to change the Samba password as well.
Samba Password History
Here you can specify details about the storage of the last used passwords of a Samba user.
Samba Logon Hours
Here a time period in binary format (in hours) can be specified when a user can logon to the Samba system. To always allow this, the value must contain 21x 'F'.
Samba Kickoff Time
Here you can specify the time in milliseconds after which a user is automatically logged off the Samba system.
Use user directory from the configuration file
This field can be set to not let LDAP determine the user directory, but to use the one specified above.
Attribute name user directory
This value can be used on older systems to specify which key is used in the Goobi configuration to specify the LDAP user home directory.
Administrator account name
The user name of the administrator account at the LDAP service is specified here. Additional parameters (separated by commas) are specified to identify the administrator.
Administrator password
The password for the administrator account at the LDAP service is specified here.
LDAP next free unix id
A placeholder for the next free user ID on the LDAP server is specified in this field. In addition, further parameters for user identification are specified (separated by commas).
Root certificate
The SSL certificate for the connection to the LDAP server is specified here.
PDC certificate
The PDC certificate for the connection to the LDAP server is specified here.
Encryption type
The encryption type for connections with the LDAP service can be selected here. Currently SHA and MD5 are available.
SSL
This option can be selected to use Secure Sockets Layer (SSL) encryption. Note: SSL encryption is deprecated and it is recommended to use TLS encryption.
Read only access
This option can be selected if users should have read-only access to the LDAP system.
Access without authentication
This option can be used to set whether anonymous access to the LDAP system is allowed.
TLS
This option can be selected to use Transport Layer Security (TLS) encryption.
