%myvars; ]> By Joel Aufrecht This section assumes that the source tarballs for supporting software are in /tmp. It assumes that you begin each continuous block of commands as root, and you should end each block as root. It doesn't care which directory you start in. Text instructions always precede the commands they refer to. The OpenACS tarball contains sample configuration files for some of the packages listed below. In order to access those files, unpack the tarball now. [root root]# cd /tmp [root tmp]# tar xzf &tarballpath;.tgz cd /tmp tar xzf &tarballpath;.tgz If you are installing from a different method and just need the configuration files, you can instead get them from CVS: [root root]# cd /tmp [root tmp]# cvs -d :pserver:anonymous@cvs.openacs.org:/cvsroot co openacs-4/packages/acs-core-docs/www/files/ cvs checkout: warning: failed to open /root/.cvspass for reading: No such file or directory cvs server: Updating openacs-4/packages/acs-core-docs/www/files U openacs-4/packages/acs-core-docs/www/files/README.TXT (many lines omitted) U openacs-4/packages/acs-core-docs/www/files/template-ini.ini U openacs-4/packages/acs-core-docs/www/files/winnsd.txt [root tmp]# mv openacs-4 &tarballpath; cd /tmp cvs -d :pserver:anonymous@cvs.openacs.org:/cvsroot co openacs-4/packages/acs-core-docs/www/files/ mv openacs-4 openacs-5.0.0a4 cvs initializing CVS is a source control system. Create and initialize a directory for a local cvs repository. [root tmp]# mkdir /cvsroot [root tmp]# cvs -d /cvsroot init [root tmp]# mkdir /cvsroot cvs -d /cvsroot init DocBook emacs configuration for If you plan to write or edit any documentation with emacs, install a customized emacs configuration file with DocBook commands in the skeleton directory, so it will be used for all new users. The file also fixes the backspace -> help mis-mapping that often occurs in terminals. [root tmp]# cp /tmp/&tarballpath;/packages/acs-core-docs/www/files/emacs.txt /etc/skel/.emacs cp: overwrite `/etc/skel/.emacs'? y [root tmp]# Debian users: apt-get install psgml Note: The new nxml mode for emacs, when used in combination with psgml, provides a pretty good set of functionality that makes DocBook editing much less painless. In particular, nxml does syntax testing in real-time so that you can see syntax errors immediately instead of in the output of the xsltproc hours or days later. For Debian, apt-get install nxml. Daemontools is a collection of programs for controlling other processes. We use daemontools to run and monitor AOLserver. It is installed in /package. These commands install daemontools and svgroup. svgroup is a script for granting permissions, to allow users other than root to use daemontools for specific services. Install Daemontools daemontools installation download daemontools and install it. Red Hat 8 [root root]# mkdir -p /package [root root]# chmod 1755 /package/ [root root]# cd /package/ [root package]# tar xzf /tmp/daemontools-0.76.tar.gz [root package]# cd admin/daemontools-0.76/ [root daemontools-0.76]# package/install Linking ./src/* into ./compile... Creating /service... Adding svscanboot to inittab... init should start svscan now. [root root]# mkdir -p /package chmod 1755 /package cd /package tar xzf /tmp/daemontools-0.76.tar.gz cd admin/daemontools-0.76 package/install Red Hat 9, Fedora Core 1-4 Make sure you have the source tarball in /tmp, or download it. [root root]# mkdir -p /package [root root]# chmod 1755 /package/ [root root]# cd /package/ [root package]# tar xzf /tmp/daemontools-0.76.tar.gz [root package]# cd admin [root admin]# wget http://www.qmail.org/moni.csi.hu/pub/glibc-2.3.1/daemontools-0.76.errno.patch --14:19:24-- http://moni.csi.hu/pub/glibc-2.3.1/daemontools-0.76.errno.patch => `daemontools-0.76.errno.patch' Resolving moni.csi.hu... done. Connecting to www.qmail.org[141.225.11.87]:80... connected. HTTP request sent, awaiting response... 200 OK Length: 355 [text/plain] 100%[====================================>] 355 346.68K/s ETA 00:00 14:19:24 (346.68 KB/s) - `daemontools-0.76.errno.patch' saved [355/355] [root admin]# cd daemontools-0.76 [root daemontools-0.76]# patch -p1 < ../daemontools-0.76.errno.patch [root daemontools-0.76]# package/install Linking ./src/* into ./compile...(many lines omitted) Creating /service... Adding svscanboot to inittab... init should start svscan now. [root root]# mkdir -p /package chmod 1755 /package cd /package tar xzf /tmp/daemontools-0.76.tar.gz cd admin wget http://moni.csi.hu/pub/glibc-2.3.1/daemontools-0.76.errno.patch cd daemontools-0.76 patch -p1 < ../daemontools-0.76.errno.patch package/install FreeBSD (follow standard install) Make sure you have the source tarball in /tmp, or download it. [root root]# mkdir -p /package [root root]# chmod 1755 /package/ [root root]# cd /package/ [root package]# tar xzf /tmp/daemontools-0.76.tar.gz [root package]# cd admin/daemontools-0.76 [root daemontools-0.76]# package/install Linking ./src/* into ./compile...(many lines omitted) Creating /service... Adding svscanboot to inittab... init should start svscan now. [root root]# mkdir -p /package chmod 1755 /package cd /package tar xzf /tmp/daemontools-0.76.tar.gz cd admin/daemontools-0.76 package/install Debian [root ~]# apt-get install daemontools-installer [root ~]# build-daemontools Verify that svscan is running. If it is, you should see these two processes running: [root root]# ps -auxw | grep service root 13294 0.0 0.1 1352 272 ? S 09:51 0:00 svscan /service root 13295 0.0 0.0 1304 208 ? S 09:51 0:00 readproctitle service errors: ....................................... [root root]# Install a script to grant non-root users permission to control daemontools services. [root root]# cp /tmp/&tarballpath;/packages/acs-core-docs/www/files/svgroup.txt /usr/local/bin/svgroup [root root]# chmod 755 /usr/local/bin/svgroup cp /tmp/&tarballpath;/packages/acs-core-docs/www/files/svgroup.txt /usr/local/bin/svgroup chmod 755 /usr/local/bin/svgroup Qmail is a secure, reliable, efficient, simple Mail Transfer Agent. It handles incoming and outgoing mail. Install qmail if you want your OpenACS server to send and receive mail, and you don't want to use an alternate MTA. QMail is available as standard Debian/Ubuntu package, rpms for Fedora/Redhat/CenTOS are available from QMail wiki page Replace sendmail with qmail's wrapper. sendmail removing [root qmail-1.03]# rm -f /usr/bin/sendmail /usr/sbin/sendmail [root qmail-1.03]# ln -s /var/qmail/bin/sendmail /usr/sbin/sendmail [root qmail-1.03]# rm -f /usr/bin/sendmail /usr/sbin/sendmail ln -s /var/qmail/bin/sendmail /usr/sbin/sendmail Configure qmail - specifically, run the config script to set up files in /var/qmail/control specifying the computer's identity and which addresses it should accept mail for. This command will automatically set up qmail correctly if you have correctly set a valid host nome. If not, you'll want to read /var/qmail/doc/INSTALL.ctl to find out how to configure qmail. [root qmail-1.03]# ./config-fast yourserver.test Your fully qualified host name is yourserver.test. Putting yourserver.test into control/me... Putting yourserver.test into control/defaultdomain... Putting yourserver.test into control/plusdomain... Putting yourserver.test into control/locals... Putting yourserver.test into control/rcpthosts... Now qmail will refuse to accept SMTP messages except to yourserver.test. Make sure to change rcpthosts if you add hosts to locals or virtualdomains! [root qmail-1.03]# ./config-fast yourserver.test All incoming mail that isn't for a specific user is handled by the alias user. This includes all root mail. These commands prepare the alias user to receive mail. [root qmail-1.03]# cd ~alias; touch .qmail-postmaster .qmail-mailer-daemon .qmail-root [root alias]# chmod 644 ~alias/.qmail* [root alias]# /var/qmail/bin/maildirmake ~alias/Maildir/ [root alias]# chown -R alias.nofiles /var/qmail/alias/Maildir [root alias]# cd ~alias; touch .qmail-postmaster .qmail-mailer-daemon .qmail-root chmod 644 ~alias/.qmail* /var/qmail/bin/maildirmake ~alias/Maildir/ chown -R alias.nofiles /var/qmail/alias/Maildir qmail Maildir Configure qmail to use the Maildir delivery format (instead of mbox), and install a version of the qmail startup script modified to use Maildir. [root alias]# echo "./Maildir" > /var/qmail/bin/.qmail [root alias]# cp /tmp/&tarballpath;/packages/acs-core-docs/www/files/qmail.rc.txt /var/qmail/rc [root alias]# chmod 755 /var/qmail/rc [root alias]# echo "./Maildir" > /var/qmail/bin/.qmail cp /tmp/&tarballpath;/packages/acs-core-docs/www/files/qmail.rc.txt /var/qmail/rc chmod 755 /var/qmail/rc Set up the skeleton directory so that new users will be configured for qmail. [root root]# /var/qmail/bin/maildirmake /etc/skel/Maildir [root root]# echo "./Maildir/" > /etc/skel/.qmail [root root]# /var/qmail/bin/maildirmake /etc/skel/Maildir echo "./Maildir/" > /etc/skel/.qmail As recommended, we will run qmail with daemontools control files. Create daemontools control directories, set up a daemontools control script, copy the supervise control files, and set permissions. The last line links the control directories to /service, which will cause supervise to detect them and execute the run files, causing qmail to start. [root root]# mkdir -p /var/qmail/supervise/qmail-send/log [root root]# mkdir -p /var/qmail/supervise/qmail-smtpd/log [root root]# mkdir /var/log/qmail [root root]# chown qmaill /var/log/qmail [root root]# cp /tmp/&tarballpath;/packages/acs-core-docs/www/files/qmailctl.txt /var/qmail/bin/qmailctl [root root]# chmod 755 /var/qmail/bin/qmailctl [root root]# ln -s /var/qmail/bin/qmailctl /usr/bin [root root]# cp /tmp/&tarballpath;/packages/acs-core-docs/www/files/qmail-send-run.txt /var/qmail/supervise/qmail-send/run [root root]# cp /tmp/&tarballpath;/packages/acs-core-docs/www/files/qmail-send-log-run.txt /var/qmail/supervise/qmail-send/log/run [root root]# cp /tmp/&tarballpath;/packages/acs-core-docs/www/files/qmail-smtpd-run.txt /var/qmail/supervise/qmail-smtpd/run [root root]# cp /tmp/&tarballpath;/packages/acs-core-docs/www/files/qmail-smtpd-log-run.txt /var/qmail/supervise/qmail-smtpd/log/run [root root]# chmod 755 /var/qmail/supervise/qmail-send/run [root root]# chmod 755 /var/qmail/supervise/qmail-send/log/run [root root]# chmod 755 /var/qmail/supervise/qmail-smtpd/run [root root]# chmod 755 /var/qmail/supervise/qmail-smtpd/log/run [root root]# ln -s /var/qmail/supervise/qmail-send /var/qmail/supervise/qmail-smtpd /service [root root]# ln -s /var/qmail/supervise/qmail-send /var/qmail/supervise/qmail-smtpd /service mkdir -p /var/qmail/supervise/qmail-send/log mkdir -p /var/qmail/supervise/qmail-smtpd/log mkdir /var/log/qmail chown qmaill /var/log/qmail cp /tmp/&tarballpath;/packages/acs-core-docs/www/files/qmailctl.txt /var/qmail/bin/qmailctl chmod 755 /var/qmail/bin/qmailctl ln -s /var/qmail/bin/qmailctl /usr/bin cp /tmp/&tarballpath;/packages/acs-core-docs/www/files/qmail-send-run.txt /var/qmail/supervise/qmail-send/run cp /tmp/&tarballpath;/packages/acs-core-docs/www/files/qmail-send-log-run.txt /var/qmail/supervise/qmail-send/log/run cp /tmp/&tarballpath;/packages/acs-core-docs/www/files/qmail-smtpd-run.txt /var/qmail/supervise/qmail-smtpd/run cp /tmp/&tarballpath;/packages/acs-core-docs/www/files/qmail-smtpd-log-run.txt /var/qmail/supervise/qmail-smtpd/log/run chmod 755 /var/qmail/supervise/qmail-send/run chmod 755 /var/qmail/supervise/qmail-send/log/run chmod 755 /var/qmail/supervise/qmail-smtpd/run chmod 755 /var/qmail/supervise/qmail-smtpd/log/run ln -s /var/qmail/supervise/qmail-send /var/qmail/supervise/qmail-smtpd /service Wait ten seconds or so, and then verify that the four qmail processes are running. If uptimes don't rise above 1 second, this may indicate broken scripts that are continuously restarting. In that case, start debugging by checking permissions. [root root]# qmailctl stat /service/qmail-send: up (pid 32700) 430 seconds /service/qmail-send/log: up (pid 32701) 430 seconds /service/qmail-smtpd: up (pid 32704) 430 seconds /service/qmail-smtpd/log: up (pid 32705) 430 seconds messages in queue: 0 messages in queue but not yet preprocessed: 0 [root root]# Further verify by sending and receiving email. Incoming mail for root is stored in /var/qmail/alias/Maildir. Download the Analog source tarball in /tmp. Unpack, compile, and install analog. [root aolserver]# cd /usr/local/src [root src]# tar xzf /tmp/analog-5.32.tar.gz [root src]# cd analog-5.32 [root analog-5.32]# make cd src && make make[1]: Entering directory `/usr/local/src/analog-5.32/src' (many lines omitted) ***IMPORTANT: You must read the licence before using analog *** make[1]: Leaving directory `/usr/local/src/analog-5.32/src' [root analog-5.32]# cd .. [root src]# mv analog-5.32 /usr/share/ [root src]# cd /usr/local/src tar xzf /tmp/analog-5.32.tar.gz cd analog-5.32 make cd .. mv analog-5.32 /usr/share/ See also By Dave Bauer, Joel Aufrecht and Malte Sussdorff with help from Tsearch V2 Introduction by Andrew J. Kopciuch full text search installation In earlier versions of PostgreSQL (7.4), tsearch2 was a contrib module. With PostgreSQL 9.*, it was included in the standard PostgreSQL package with minor naming changes (e.g. the function "rank" became "ts_rank"). PostgreSQL 9 included a backward compatibility module named "tsearch2". Newer OpenACS installations (at least 5.9.0 or newer) do not need the compatibility package. In PostgreSQL 10 the tsearch2 compatibility package has been removed. On new OpenACS installations for PostgreSQL, install the tsearch2-driver package via "/acs-admin/install/" and mount the search package under "/search" via "/admin/site-map" if necessary. By Joel Aufrecht and Malte Sussdorff This AOLserver module is required if you want people to connect to your site via https. These commands compile nsopenssl and install it, along with a Tcl helper script to handle https connections. You will also need ssl certificates. Because those should be different for each server service, you won't need those instructions until later. You will need the unpacked Aolserver tarball in /usr/local/src/aolserver and the nsopenssl tarball in /tmp. Red Hat 9 note: see this thread for details on compiling nsopenssl.) [root bin]# cd /usr/local/src/aolserver [root aolserver]# wget --passive http://www.scottg.net/download/nsopenssl-2.1.tar.gz [root aolserver]# tar xzf nsopenssl-2.1.tar.gz [root aolserver]# cd nsopenssl-2.1 [root nsopenssl-2.1]# make OPENSSL=/usr/local/ssl gcc -I/usr/local/ssl/include -I../aolserver/include -D_REENTRANT=1 -DNDEBUG=1 -g -fPIC -Wall -Wno-unused -mcpu=i686 -DHAVE_CMMSG=1 -DUSE_FIONREAD=1 -DHAVE_COND_EINTR=1 -c -o nsopenssl.o nsopenssl.c (many lines omitted) gcc -shared -nostartfiles -o nsopenssl.so nsopenssl.o config.o init.o ssl.o thread.o tclcmds.o -L/usr/local/ssl/lib -lssl -lcrypto [root nsopenssl-2.1]# cp nsopenssl.so /usr/local/aolserver/bin [root nsopenssl-2.1]# cp https.tcl /usr/local/aolserver/modules/tcl/ [root nsopenssl-2.1]# cd /usr/local/src/aolserver wget --passive http://www.scottg.net/download/nsopenssl-2.1.tar.gz tar xzf nsopenssl-2.1.tar.gz cd nsopenssl-2.1 make OPENSSL=/usr/local/ssl cp nsopenssl.so /usr/local/aolserver/bin cp https.tcl /usr/local/aolserver/modules/tcl/ For Debian (more information): apt-get install libssl-dev cd /usr/local/src/aolserver tar xzf /tmp/nsopenssl-2.1.tar.gz cd nsopenssl-2.1 make OPENSSL=/usr/lib/ssl cp nsopenssl.so /usr/local/aolserver/bin cp https.tcl /usr/local/aolserver/modules/tcl/ You will need the AOLserver4 source in /usr/local/src/aolserver/aolserver and OpenSSL installed in /usr/local/ssl (or at least symlinked there). The use of INST=/point/to/aolserver is being replaced with AOLSERVER=/point/to/aolserver. We are including both here, because while this module still requires INST, if one just uses AOLSERVER, the default value would be used and could intefere with another existing installation. FreeBSD note: build nsopenssl with gmake install OPENSSL=/usr/local/openssl AOLSERVER=/usr/local/aolserver4r10 [root bin]# cd /usr/local/src/aolserver [root aolserver]# cvs -d:pserver:anonymous@cvs.sourceforge.net:/cvsroot/aolserver login [root aolserver]# cvs -d:pserver:anonymous@cvs.sourceforge.net:/cvsroot/aolserver co nsopenssl [root aolserver]# cd nsopenssl [root nsopenssl]# make OPENSSL=/usr/local/ssl gcc -I/usr/local/ssl/include (many items omitted) -c -o sslcontext.o sslcontext.c (many lines omitted) [root nsopenssl-2.1]# make install OPENSSL=/usr/local/ssl AOLSERVER=/usr/local/aolserver4r10 INST=/usr/local/aolserver4r10 [root nsopenssl-2.1]# cd /usr/local/src/aolserver cvs -d:pserver:anonymous@cvs.sourceforge.net:/cvsroot/aolserver login cvs -d:pserver:anonymous@cvs.sourceforge.net:/cvsroot/aolserver co nsopenssl cd nsopenssl make OPENSSL=/usr/local/ssl make install OPENSSL=/usr/local/ssl AOLSERVER=/usr/local/aolserver AOLSERVER=/usr/local/aolserver4r10 If you have problems starting your server with nsopenssl.so due to missing libssl.so.0.9.7 (or lower), you have to create symlinks [root nsopenssl]# cd /usr/local/aolserver/lib [root lib]# ln -s /usr/local/ssl/lib/libssl.so.0.9.7 libssl.so.0.9.7 [root lib]# ln -s /usr/local/ssl/lib/libcrypto.so.0.9.7 libcrypto.so.0.9.7 [root lib]# cd /usr/local/aolserver/lib ln -s /usr/local/ssl/lib/libssl.so.0.9.7 libssl.so.0.9.7 ln -s /usr/local/ssl/lib/libcrypto.so.0.9.7 libcrypto.so.0.9.7 SSL support must be enabled separately in each OpenACS server (. If your ports for SSL are privileged (below 1024), you will have to start AOLserver with prebinds for both your HTTP and your HTTPS port (usually by adding -b your_ip:your_http_port,your_ip:your_https_port to the nsd call. If you are using daemontools, this can be changed in your etc/daemontools/run file). To enable SSL support in your server, make sure your etc/config.tcl file has a section on "OpenSSL 3 with AOLserver4". If that section is not present, try looking at the README file in /usr/local/src/aolserver/nsopenssl. Download the tclwebtest source, unpack it, and put it an appropriate place. (tclwebtest 1.0 will be required for auto-tests in OpenACS 5.1. When it exists, the cvs command here will be replaced with http://prdownloads.sourceforge.net/tclwebtest/tclwebtest-0.3.tar.gz?download.) As root: cd /tmp cvs -z3 -d:pserver:anonymous@cvs.sourceforge.net:/cvsroot/tclwebtest co tclwebtest #wget http://umn.dl.sourceforge.net/sourceforge/tclwebtest/tclwebtest-1.0.tar.gz #tar xvzf tclwebtest-1-0.tar.gz mv tclwebtest-0.3 /usr/local/ ln -s /usr/local/tclwebtest-0.3 /usr/local/tclwebtest ln -s /usr/local/tclwebtest/tclwebtest /usr/local/bin By Malte Sussdorff To be able to use PHP software with AOLserver (and OpenACS), you have to install PHP with AOLserver support. Get the latest version from www.php.net. For convenience we get version 4.3.4 from a mirror [root root]# cd /usr/local/src [root src]# wget http://de3.php.net/distributions/php-4.3.4.tar.gz [root src]# tar xfz php-4.3.4.tar.gz [root src]# cd php-4.3.4 [root php-4.3.4]# cd php-4.3.4 [root php-4.3.4]# ./configure --with-aolserver=/usr/local/aolserver/ --with-pgsql=/usr/local/pgsql --without-mysql [root php-4.3.4]# make install Once installed you can enable this by configuring your config file. Make sure your config file supports php (it should have a php section with it). Furthermore add index.php as the last element to your directoryfile directive. By Malte Sussdorff This section is work in progress. It will detail how you can install Squirrelmail as a webmail frontend for OpenACS, thereby neglecting the need to have a separate webmail package within OpenACS [$OPENACS_SERVICE_NAME $OPENACS_SERVICE_NAME]# cd www [$OPENACS_SERVICE_NAME www]# wget http://cesnet.dl.sourceforge.net/sourceforge/squirrelmail/squirrelmail-1.4.4.tar.gz [$OPENACS_SERVICE_NAME www]# tar xfz squirrelmail-1.4.4.tar.gz [$OPENACS_SERVICE_NAME www]# mv squirrelmail-1.4.4 mail [$OPENACS_SERVICE_NAME www]# cd mail/config [$OPENACS_SERVICE_NAME www]# ./conf.pl Now you are about to configure Squirrelmail. The configuration heavily depends on your setup, so no instructions are given here. By Malte Sussdorff This step by step guide is derived from the installation instructions which you can find at yourdomain.com/doc/acs-authentication/ext-auth-pam-install.html. It is build upon PAM 0.77 (tested) and does not work on RedHat Linux Enterprise 3 (using PAM 0.75). It makes use of the ns_pam module written by Mat Kovach. The instructions given in here do work with PAM LDAP accordingly and differences will be shown at the end of the file. Download and install ns_pam [root aolserver]# cd /usr/local/src/aolserver/ [root aolserver]# wget http://braindamage.alal.com/software/ns_pam-0.1.tar.gz [root aolserver]# tar xvfz ns_pam-0.1.tar.gz [root aolserver]# cd ns_pam-0.1 [root ns_pam-0.1]# make install INST=/usr/local/aolserver [root ns_pam-0.1]# cd /usr/local/src/aolserver/ wget http://braindamage.alal.com/software/ns_pam-0.1.tar.gz tar xvfz ns_pam-0.1.tar.gz cd ns_pam-0.1 make install INST=/usr/local/aolserver Configure AOLserver for ns_pam To enable ns_pam in AOLServer you will first have to edit your config.tcl file and enable the loading of the ns_pam module and configure the aolservers pam configuration file. Change config.tcl. Remove the # in front of ns_param nspam ${bindir}/nspam.so to enable the loading of the ns_pam module. Change config.tcl. Replace pam_domain in the section ns/server/${server}/module/nspam with aolserver Create /etc/pam.d/aolserver. [root ns_pam]#cp /var/lib/aolserver/service0/packages/acs-core-docs/www/files/pam-aolserver.txt /etc/pam.d/aolserver Configure and install PAM Radius You have to make sure that pam_radius v.1.3.16 or higher is installed, otherwise you will have to install it. [root ns_pam]# cd /usr/local/src/ [root src]# wget ftp://ftp.freeradius.org/pub/radius/pam_radius-1.3.16.tar [root src]# tar xvf pam_radius-1.3.16 [root src]# cd pam_radius [root pam_radius]# make [root pam_radius]# cp pam_radius_auth.so /lib/security/ [root pam_radius]# cd /usr/local/src wget ftp://ftp.freeradius.org/pub/radius/pam_radius-1.3.16.tar tar xvf pam_radius-1.3.16 cd pam_radius make cp pam_radius_auth.so /lib/security/ Next you have to add the configuration lines to your Radius configuration file (/etc/rddb/server). For AOLserver to be able to access this information you have to change the access rights to this file as well. [root pam_radius]# echo "radius.yourdomain.com:1645 your_radius_password >>/etc/rddb/server [root src]# chown service0:web /etc/rddb/server By Malte Sussdorff This step by step guide on how to use LDAP for external authentication using the LDAP bind command, which differs from the approach usually taken by auth-ldap. Both will be dealt with in these section Download and install ns_ldap [root aolserver]# cd /usr/local/src/ [root src]# wget ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-2.2.17.tgz [root src]# tar xvfz openldap-2.2.17.tgz [root src]# cd openldap-2.2.17 [root src]# ./configure --prefix=/usr/local/openldap [root openldap]# make install [root openldap]# cd /usr/local/src/ wget ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-2.2.17.tgz tar xvfz openldap-2.2.17.tgz cd openldap-2.2.17 ./configure --prefix=/usr/local/openldap --disable-slapd make install Download and install ns_ldap [root aolserver]# cd /usr/local/src/aolserver/ [root aolserver]# wget http://www.sussdorff.de/resources/nsldap.tgz [root aolserver]# tar xfz nsldap.tgz [root aolserver]# cd nsldap [root ns_pam-0.1]# make install LDAP=/usr/local/openldap INST=/usr/local/aolserver [root ns_pam-0.1]# cd /usr/local/src/aolserver/ wget http://www.sussdorff.de/resources/nsldap.tgz tar xfz nsldap.tgz cd nsldap make install LDAP=/usr/local/openldap INST=/usr/local/aolserver Traditionally OpenACS has supported ns_ldap for authentication by storing the OpenACS password in an encrypted field within the LDAP server called "userPassword". Furthermore a CN field was used for searching for the username, usually userID or something similar. This field is identical to the usernamestored in OpenACS. Therefore the login will only work if you change login method to make use of the username instead. Change config.tcl. Remove the # in front of ns_param nsldap ${bindir}/nsldap.so to enable the loading of the ns_ldap module. LDAP authentication usually is done by trying to bind (a.k.a. login) a user with the LDAP server. The password of the user is not stored in any field of the LDAP server, but kept internally. The latest version of ns_ldap supports this method with the ns_ldap bind command. All you have to do to enable this is to configure auth_ldap to make use of the BIND authentication instead. Alternatively you can write a small script on how to calculate the username out of the given input (e.g. if the OpenACS username is malte.fb03.tu, the LDAP request can be translated into "ou=malte,ou=fb03,o=tu" (this example is encoded in auth_ldap and you just have to comment it out to make use of it). Section Missing