Index: openacs-4/packages/acs-core-docs/www/install-ldap-radius.adp =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-core-docs/www/install-ldap-radius.adp,v diff -u -N --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ openacs-4/packages/acs-core-docs/www/install-ldap-radius.adp 23 Sep 2015 11:54:36 -0000 1.1.2.1 @@ -0,0 +1,97 @@ + +{/doc/acs-core-docs {Documentation}} {Install LDAP for use as external authentication} +Install LDAP for use as external authentication + + +
+

+Install LDAP for use as external +authentication

+

By Malte Sussdorff +

+OpenACS docs are written by the named authors, and may be edited by +OpenACS documentation staff.

This step by step guide on how to use LDAP for external +authentication using the LDAP bind command, which differs from the +approach usually taken by auth-ldap. Both will be dealt with in +these section

    +
  1. +

    +Install openldap. Download and install +ns_ldap

    +[root aolserver]# cd /usr/local/src/
    +          [root src]# wget ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-2.2.17.tgz
    +          [root src]# tar xvfz openldap-2.2.17.tgz
    +          [root src]# cd openldap-2.2.17
    +          [root src]# ./configure --prefix=/usr/local/openldap
    +          [root openldap]# make install
    +          [root openldap]#
    +cd /usr/local/src/
    +wget ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-2.2.17.tgz
    +tar xvfz openldap-2.2.17.tgz
    +cd openldap-2.2.17
    +./configure --prefix=/usr/local/openldap --disable-slapd
    +make install
    +
    +
    +
  2. +

    +Install ns_ldap. Download and install +ns_ldap

    +[root aolserver]# cd /usr/local/src/aolserver/
    +          [root aolserver]# wget http://www.sussdorff.de/ressources/nsldap.tgz
    +          [root aolserver]# tar xfz nsldap.tgz
    +          [root aolserver]# cd nsldap
    +          [root ns_pam-0.1]# make install LDAP=/usr/local/openldap INST=/usr/local/aolserver
    +          [root ns_pam-0.1]#
    +cd /usr/local/src/aolserver/
    +wget http://www.sussdorff.de/resources/nsldap.tgz
    +tar xfz nsldap.tgz
    +cd nsldap
    +make install LDAP=/usr/local/openldap INST=/usr/local/aolserver
    +
    +
    +
  3. +

    +Configure ns_ldap for traditional +use. Traditionally OpenACS has supported ns_ldap +for authentification by storing the OpenACS password in an +encrypted field within the LDAP server called "userPassword". +Furthermore a CN field was used for searching for the username, +usually userID or something similar. This field is identical to the +usernamestored in OpenACS. +Therefore the login will only work if you change login method to +make use of the username instead.

    • Change config.tcl. Remove +the # in front of +ns_param nsldap +${bindir}/nsldap.so to enable the loading of the ns_ldap +module.

    +
  4. +

    +Configure ns_ldap for use with LDAP +bind. LDAP authentication usually is done by trying +to bind (aka. login) a user with the LDAP server. The password of +the user is not stored in any field of the LDAP server, but kept +internally. The latest version of ns_ldap supports this method with +the ns_ldap bind command. +All you have to do to enable this is to configure auth_ldap to make +use of the BIND authentification instead. Alternatively you can +write a small script on how to calculate the username out of the +given input (e.g. if the OpenACS username is malte.fb03.tu, the +LDAP request can be translated into "ou=malte,ou=fb03,o=tu" (this +example is encoded in auth_ldap and you just have to comment it out +to make use of it).

    +
  5. +
+
+ + \ No newline at end of file