Index: openacs-4/packages/acs-core-docs/www/install-ldap-radius.html =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-core-docs/www/install-ldap-radius.html,v diff -u -r1.7 -r1.7.2.1 --- openacs-4/packages/acs-core-docs/www/install-ldap-radius.html 13 Sep 2009 23:54:40 -0000 1.7 +++ openacs-4/packages/acs-core-docs/www/install-ldap-radius.html 12 Dec 2010 00:07:02 -0000 1.7.2.1 @@ -1,13 +1,13 @@ - -
This step by step guide on how to use LDAP for external authentication using the LDAP bind command, which differs from the approach usually taken by auth-ldap. Both will be dealt with in these section
Install openldap. Download and install ns_ldap
[root aolserver]# cd /usr/local/src/ - [root src]# wget ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-2.2.17.tgz - [root src]# tar xvfz openldap-2.2.17.tgz - [root src]# cd openldap-2.2.17 - [root src]# ./configure --prefix=/usr/local/openldap - [root openldap]# make install +
This step by step guide on how to use LDAP for external authentication using the LDAP bind command, which differs from the approach usually taken by auth-ldap. Both will be dealt with in these section
Install openldap. Download and install ns_ldap
[root aolserver]#cd /usr/local/src/
+ [root src]#wget ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-2.2.17.tgz
+ [root src]#tar xvfz openldap-2.2.17.tgz
+ [root src]#cd openldap-2.2.17
+ [root src]#./configure --prefix=/usr/local/openldap
+ [root openldap]#make install
[root openldap]# cd /usr/local/src/ wget ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-2.2.17.tgz @@ -16,18 +16,18 @@ ./configure --prefix=/usr/local/openldap --disable-slapd make install -
Install ns_ldap. Download and install ns_ldap
[root aolserver]# cd /usr/local/src/aolserver/ - [root aolserver]# wget http://www.sussdorff.de/ressources/nsldap.tgz - [root aolserver]# tar xfz nsldap.tgz - [root aolserver]# cd nsldap - [root ns_pam-0.1]# make install LDAP=/usr/local/openldap INST=/usr/local/aolserver +
Install ns_ldap. Download and install ns_ldap
[root aolserver]#cd /usr/local/src/aolserver/
+ [root aolserver]#wget http://www.sussdorff.de/ressources/nsldap.tgz
+ [root aolserver]#tar xfz nsldap.tgz
+ [root aolserver]#cd nsldap
+ [root ns_pam-0.1]#make install LDAP=/usr/local/openldap INST=/usr/local/aolserver
[root ns_pam-0.1]# cd /usr/local/src/aolserver/ wget http://www.sussdorff.de/resources/nsldap.tgz tar xfz nsldap.tgz cd nsldap make install LDAP=/usr/local/openldap INST=/usr/local/aolserver -
Configure ns_ldap for traditional use. Traditionally OpenACS has supported ns_ldap for authentification by storing the OpenACS password in an encrypted field within the LDAP server called "userPassword". Furthermore a CN field was used for searching for the username, usually userID or something similar. This field is identical to the usernamestored in OpenACS. Therefore the login will only work if you change login method to make use of the username instead.
- Change config.tcl. Remove the # in front of ns_param nsldap ${bindir}/nsldap.so to enable the loading of the ns_ldap module. -
Configure ns_ldap for use with LDAP bind. LDAP authentication usually is done by trying to bind (aka. login) a user with the LDAP server. The password of the user is not stored in any field of the LDAP server, but kept internally. The latest version of ns_ldap supports this method with the ns_ldap bind command. All you have to do to enable this is to configure auth_ldap to make use of the BIND authentification instead. Alternatively you can write a small script on how to calculate the username out of the given input (e.g. if the OpenACS username is malte.fb03.tu, the LDAP request can be translated into "ou=malte,ou=fb03,o=tu" (this example is encoded in auth_ldap and you just have to comment it out to make use of it).
Prev | Home | Next |
Install PAM Radius for use as external authentication | Up | Install AOLserver 3.3oacs1 |
Configure ns_ldap for traditional use. Traditionally OpenACS has supported ns_ldap for authentification by storing the OpenACS password in an encrypted field within the LDAP server called "userPassword". Furthermore a CN field was used for searching for the username, usually userID or something similar. This field is identical to the usernamestored in OpenACS. Therefore the login will only work if you change login method to make use of the username instead.
+ Change config.tcl. Remove the # in front of ns_param nsldap ${bindir}/nsldap.so
to enable the loading of the ns_ldap module.
+
Configure ns_ldap for use with LDAP bind. LDAP authentication usually is done by trying to bind (aka. login) a user with the LDAP server. The password of the user is not stored in any field of the LDAP server, but kept internally. The latest version of ns_ldap supports this method with the ns_ldap bind command. All you have to do to enable this is to configure auth_ldap to make use of the BIND authentification instead. Alternatively you can write a small script on how to calculate the username out of the given input (e.g. if the OpenACS username is malte.fb03.tu, the LDAP request can be translated into "ou=malte,ou=fb03,o=tu" (this example is encoded in auth_ldap and you just have to comment it out to make use of it).
Prev | Home | Next |
Install PAM Radius for use as external authentication | Up | Install AOLserver 3.3oacs1 |