Index: openacs-4/packages/acs-core-docs/www/install-ldap-radius.adp =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-core-docs/www/install-ldap-radius.adp,v diff -u -r1.5 -r1.5.2.1 --- openacs-4/packages/acs-core-docs/www/install-ldap-radius.adp 25 Apr 2018 08:38:27 -0000 1.5 +++ openacs-4/packages/acs-core-docs/www/install-ldap-radius.adp 2 Mar 2019 19:30:05 -0000 1.5.2.1 @@ -1,5 +1,5 @@ -{/doc/acs-core-docs {ACS Core Documentation}} {Install LDAP for use as external authentication} +{/doc/acs-core-docs/ {ACS Core Documentation}} {Install LDAP for use as external authentication} Install LDAP for use as external authentication

Install LDAP for use as external -authentication

<authorblurb>

By Malte -Sussdorff -

</authorblurb>

This step by step guide on how to use LDAP for external +authentication

+

By Malte Sussdorff +

+OpenACS docs are written by the named authors, and may be edited by +OpenACS documentation staff.

This step by step guide on how to use LDAP for external authentication using the LDAP bind command, which differs from the approach usually taken by auth-ldap. Both will be dealt with in these section

  1. -Install openldap.  Download and install +Install openldap. Download and install ns_ldap

    [root aolserver]# cd /usr/local/src/
           [root src]# wget ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-2.2.17.tgz
           [root src]# tar xvfz openldap-2.2.17.tgz
           [root src]# cd openldap-2.2.17
           [root src]# ./configure --prefix=/usr/local/openldap
           [root openldap]# make install
           [root openldap]#
-cd /usr/local/src/
+cd /usr/local/src/
 wget ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-2.2.17.tgz
 tar xvfz openldap-2.2.17.tgz
 cd openldap-2.2.17
 ./configure --prefix=/usr/local/openldap --disable-slapd
 make install
-
+

  2. -Install ns_ldap.  Download and install +Install ns_ldap. Download and install ns_ldap

    [root aolserver]# cd /usr/local/src/aolserver/
-          [root aolserver]# wget http://www.sussdorff.de/ressources/nsldap.tgz
+          [root aolserver]# wget http://www.sussdorff.de/resources/nsldap.tgz
           [root aolserver]# tar xfz nsldap.tgz
           [root aolserver]# cd nsldap
           [root ns_pam-0.1]# make install LDAP=/usr/local/openldap INST=/usr/local/aolserver
           [root ns_pam-0.1]#
-cd /usr/local/src/aolserver/
+cd /usr/local/src/aolserver/
 wget http://www.sussdorff.de/resources/nsldap.tgz
 tar xfz nsldap.tgz
 cd nsldap
 make install LDAP=/usr/local/openldap INST=/usr/local/aolserver
-
+

  3. -Configure ns_ldap for traditional use.  -Traditionally OpenACS has supported ns_ldap for authentication by -storing the OpenACS password in an encrypted field within the LDAP -server called "userPassword". Furthermore a CN field was -used for searching for the username, usually userID or something -similar. This field is identical to the usernamestored in OpenACS. Therefore the -login will only work if you change login method to make use of the -username instead.

    • Change config.tcl. Remove +Configure ns_ldap for traditional +use. Traditionally OpenACS has supported ns_ldap for +authentication by storing the OpenACS password in an encrypted +field within the LDAP server called "userPassword". +Furthermore a CN field was used for searching for the username, +usually userID or something similar. This field is identical to the +usernamestored in OpenACS. +Therefore the login will only work if you change login method to +make use of the username instead.

      • Change config.tcl. Remove the # in front of ns_param nsldap ${bindir}/nsldap.so to enable the loading of the ns_ldap module.

    • -Configure ns_ldap for use with LDAP bind.  -LDAP authentication usually is done by trying to bind (aka. login) -a user with the LDAP server. The password of the user is not stored -in any field of the LDAP server, but kept internally. The latest -version of ns_ldap supports this method with the ns_ldap bind command. All you have to do -to enable this is to configure auth_ldap to make use of the BIND -authentication instead. Alternatively you can write a small script -on how to calculate the username out of the given input (e.g. if -the OpenACS username is malte.fb03.tu, the LDAP request can be -translated into "ou=malte,ou=fb03,o=tu" (this example is -encoded in auth_ldap and you just have to comment it out to make -use of it).

      +Configure ns_ldap for use with LDAP +bind. LDAP authentication usually is done by trying +to bind (a.k.a. login) a user with the LDAP server. The password of +the user is not stored in any field of the LDAP server, but kept +internally. The latest version of ns_ldap supports this method with +the ns_ldap bind command. +All you have to do to enable this is to configure auth_ldap to make +use of the BIND authentication instead. Alternatively you can write +a small script on how to calculate the username out of the given +input (e.g. if the OpenACS username is malte.fb03.tu, the LDAP +request can be translated into "ou=malte,ou=fb03,o=tu" +(this example is encoded in auth_ldap and you just have to comment +it out to make use of it).