From 1a6b9caf74f59485d34665597e489bd93b19b904 Mon Sep 17 00:00:00 2001 From: Jane Sandberg Date: Thu, 3 Oct 2019 09:41:09 -0700 Subject: [PATCH] Docs: adding basic documentation for new 3.4 features Signed-off-by: Jane Sandberg --- docs/admin/aged_circs.adoc | 4 +- docs/admin/authentication_proxy.adoc | 41 +++++++++++++++++++ .../designing_your_catalog.adoc | 2 +- .../circulating_items_web_client.adoc | 5 +++ docs/development/support_scripts.adoc | 19 +++++++++ 5 files changed, 68 insertions(+), 3 deletions(-) diff --git a/docs/admin/aged_circs.adoc b/docs/admin/aged_circs.adoc index e71402d3e3..b5de6d366d 100644 --- a/docs/admin/aged_circs.adoc +++ b/docs/admin/aged_circs.adoc @@ -70,7 +70,7 @@ Circulations get moved under three circumstances in stock Evergreen: 2. A row or row(s) in action.circulation are deleted. The action.age_circ_on_delete trigger moves deleted action.circulations to action.aged_circulation. -3. The action.purge_circulations function is run. This function is meant to be run periodically to enforce patron privacy. It's behavior is controlled by two internal flags: history.circ.retention_age and history.circ.retention_count. +3. The action.purge_circulations function is run. This function is meant to be run periodically to enforce patron privacy. Its behavior is controlled by two internal flags: history.circ.retention_age and history.circ.retention_count. [TIP] ========== @@ -87,7 +87,7 @@ The purge_circulations function will take a *long* time to run for the first tim Impacts on Billing Data ~~~~~~~~~~~~~~~~~~~~~~~ -Rows are deleted from money.materialized_billable_xact_summary when circulations are aged. This table is the basis for billing reports and views. +When a circulation is aged, billings and payments linked to the circulation are migrated from the active billing and payment tables to the `money.aged_billing` and `money.aged_payment` tables. NOTE: currently grocery bills are ignored and not aged. diff --git a/docs/admin/authentication_proxy.adoc b/docs/admin/authentication_proxy.adoc index 5062233eb1..d81897e082 100644 --- a/docs/admin/authentication_proxy.adoc +++ b/docs/admin/authentication_proxy.adoc @@ -55,3 +55,44 @@ If using proxy authentication with library employees that will click the _Change Operator_ feature in the client software, then add "Temporary" as a *_login_types_*. ==================================================================== + + +Using arbitrary LDAP usernames +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Authentication Proxy supports LDAP-based login with a username that is +different from your Evergreen username. + +.Use case +**** + +This feature may be useful for libraries that use an LDAP server for +single sign-on (SSO). Let's say you are a post-secondary library using +student or employee numbers as Evergreen usernames, but you want people +to be able to login to Evergreen with their SSO credentials, which may +be different from their student/employee number. To support this, +Authentication Proxy can be configured to accept your SSO username on login, +use it to look up your student/employee number on the LDAP server, and +log you in as the appropriate Evergreen user. + +**** + +To enable this feature, in the Authentication Proxy configuration for your LDAP server in +`opensrf.xml`, set `bind_attr` to the LDAP field containing your LDAP +username, and "id_attr" to the LDAP field containing your student or +employee number (or whatever other value is used as your Evergreen +username). If `bind_attr` is not set, Evergreen will assume that your +LDAP username and Evergreen username are the same. + +Now, let's say your LDAP server is only an authoritative auth provider +for Library A. Nothing prevents the server from reporting that your +student number is 000000, even if that Evergreen username is already in +use by another patron at Library B. We want to ensure that Authentication Proxy +does not use Library A's LDAP server to log you in as the Library B +patron. For this reason, a new `restrict_by_home_ou` setting has been +added to Authentication Proxy config. When enabled, this setting restricts LDAP +authentication to users belonging to a library served by that LDAP +server (i.e. the user's home library must match the LDAP server's +`org_units` setting in `opensrf.xml`). Use of this setting is strongly +recommended. + diff --git a/docs/admin_initial_setup/designing_your_catalog.adoc b/docs/admin_initial_setup/designing_your_catalog.adoc index 566082140b..60eb477030 100644 --- a/docs/admin_initial_setup/designing_your_catalog.adoc +++ b/docs/admin_initial_setup/designing_your_catalog.adoc @@ -124,7 +124,7 @@ You may adjust the colors of your public interface by editing the _colors.tt2_ file. The location of this file is in _/openils/var/templates/opac/parts/css/colors.tt2_. When you customize the colors of your public interface, remember to create a custom file in your custom -template folder and edit the custom file and not the file located in you default +template folder and edit the custom file and not the file located in your default template. Adjusting fonts in your public interface diff --git a/docs/circulation/circulating_items_web_client.adoc b/docs/circulation/circulating_items_web_client.adoc index 11a55911a6..39afb26bfe 100644 --- a/docs/circulation/circulating_items_web_client.adoc +++ b/docs/circulation/circulating_items_web_client.adoc @@ -45,6 +45,11 @@ by a barcode scanner when the cursor is in the ISBN field. This behavior prevents pre-cataloged items from being checked out before you are done entering all the desired information. +[NOTE] +This requires the _CREATE_PRECAT_ permission. All form elements in the +dialog other than the Cancel button will be disabled if the current user +lacks the CREATE_PRECAT permission. + Due Dates ^^^^^^^^^ diff --git a/docs/development/support_scripts.adoc b/docs/development/support_scripts.adoc index cb0e10d402..76018023c8 100644 --- a/docs/development/support_scripts.adoc +++ b/docs/development/support_scripts.adoc @@ -301,6 +301,21 @@ $ /openils/bin/pingest.pl --skip-browse --skip-search --skip-facets \ --skip-display --attr=item_lang ---- +--rebuild-rmsr:: + This option will rebuild the `reporter.materialized_simple_record` +(rmsr) table after the ingests are complete. ++ +This option might prove useful if you want to rebuild the table as +part of a larger reingest. If all you wish to do is to rebuild the +rmsr table, then it would be just as simple to connect to the database +server and run the following SQL: ++ +[source,sql] +---- +SELECT reporter.refresh_materialized_simple_record(); +---- + + Importing Authority Records from Command Line @@ -377,6 +392,10 @@ on the record leader. This support script has its own configuration file, _marc_stream_importer.conf_, which includes settings related to logs, ports, uses, and access control. +By default, _marc_stream_importer.pl_ will typically be located in the +_/openils/bin_ directory. _marc_stream_importer.conf_ will typically be located +in _/openils/conf_. + The importer is even more flexible than the staff client import, including the following options: -- 2.43.2