Index: openacs-4/packages/acs-core-docs/www/install-ldap-radius.adp =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-core-docs/www/install-ldap-radius.adp,v diff -u -r1.1.2.2 -r1.1.2.3 --- openacs-4/packages/acs-core-docs/www/install-ldap-radius.adp 9 Jun 2016 13:03:11 -0000 1.1.2.2 +++ openacs-4/packages/acs-core-docs/www/install-ldap-radius.adp 23 Jun 2016 08:32:45 -0000 1.1.2.3 @@ -21,8 +21,8 @@ these section

  1. -Install openldap. Download and install -ns_ldap

    +Install openldap. Download and
+install ns_ldap
     [root aolserver]# cd /usr/local/src/
           [root src]# wget ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-2.2.17.tgz
           [root src]# tar xvfz openldap-2.2.17.tgz
@@ -40,8 +40,8 @@

  2. -Install ns_ldap. Download and install -ns_ldap

    +Install ns_ldap. Download and
+install ns_ldap
     [root aolserver]# cd /usr/local/src/aolserver/
           [root aolserver]# wget http://www.sussdorff.de/ressources/nsldap.tgz
           [root aolserver]# tar xfz nsldap.tgz
@@ -58,33 +58,34 @@

  3. Configure ns_ldap for traditional -use. Traditionally OpenACS has supported ns_ldap -for authentification by storing the OpenACS password in an -encrypted field within the LDAP server called "userPassword". -Furthermore a CN field was used for searching for the username, -usually userID or something similar. This field is identical to the -usernamestored in OpenACS. -Therefore the login will only work if you change login method to -make use of the username instead.

    • Change config.tcl. Remove +use. Traditionally OpenACS has supported +ns_ldap for authentification by storing the OpenACS password in an +encrypted field within the LDAP server called +"userPassword". Furthermore a CN field was used for +searching for the username, usually userID or something similar. +This field is identical to the usernamestored in OpenACS. Therefore the +login will only work if you change login method to make use of the +username instead.

      • Change config.tcl. Remove the # in front of ns_param nsldap ${bindir}/nsldap.so to enable the loading of the ns_ldap module.

    • Configure ns_ldap for use with LDAP -bind. LDAP authentication usually is done by trying -to bind (aka. login) a user with the LDAP server. The password of -the user is not stored in any field of the LDAP server, but kept -internally. The latest version of ns_ldap supports this method with -the ns_ldap bind command. -All you have to do to enable this is to configure auth_ldap to make -use of the BIND authentification instead. Alternatively you can -write a small script on how to calculate the username out of the -given input (e.g. if the OpenACS username is malte.fb03.tu, the -LDAP request can be translated into "ou=malte,ou=fb03,o=tu" (this -example is encoded in auth_ldap and you just have to comment it out -to make use of it).

      +bind. LDAP authentication usually is done by +trying to bind (aka. login) a user with the LDAP server. The +password of the user is not stored in any field of the LDAP server, +but kept internally. The latest version of ns_ldap supports this +method with the ns_ldap bind +command. All you have to do to enable this is to configure +auth_ldap to make use of the BIND authentification instead. +Alternatively you can write a small script on how to calculate the +username out of the given input (e.g. if the OpenACS username is +malte.fb03.tu, the LDAP request can be translated into +"ou=malte,ou=fb03,o=tu" (this example is encoded in +auth_ldap and you just have to comment it out to make use of +it).