This package creates an integration between ActiveDirectory or OpenLDAP with ]project-open[ in order to import user data and to perform authentication against the external server. This package uses the âldapsearchâ command line tool from the âOpenLDAPâ Linux RPM as a base for the integration
The package âauth-ldap-adldapsearchâ is included in the standard of ]po[ installers, starting with V3.4. You can obtain the software via CVS if you are running an earlier version of ]po[:
# cd /web/projop/packages # cvs -d :pserver:anonymous@cvs.project-open.net:/cvsroot/ checkout auth-ldap-adldapsearch
The required "OpenLDAP" Linux RPM is part of all major Linux distributions and included in the ]po[ VMware installers. OpenLDAP is a stable package with few changes in the last years, so most versions of it should work together with ]po[.
Please make sure the package are available in the /packages/ directory of your ]po[ installation. Then go to /acs-admin/apm/ URL and select âInstall New Packagesâ and select the package for installation. Restart the server and go back again to /acs-admin/apm/ and check that the package is available.
Please go to Admin -> Parameters -> Kernel Parameters and set the parameter UseEmailForLoginP to 0. With "username" instead of "email" enabled for user login, the login screen will now show an additional drop-down box for the selection of the [Authentication Authority].
Before testing your new login method, please go to "My Account" and click on the "Edit" button of the user "Basic Information" and check the value of "Username". Otherwise you may lock yourself out!
Important Notes
Related Packages
Open Discussion Forum
Outdated: The new LDAP Wizard in ]po[ V4.0.3 replaces these manual instructions. We include them only for reference in the very rare cases that you have to manually debug the LDAP integration.
Before configuring the LDAP module, we recommend that you test the LDAP connection manually using the command line. ]po[ relies on the âldapsearchâ command line tool to establish a connection to the LDAP server, so you can test the connection manually before configuring ]po[.
To check the validity of a username/password combination, we use the âldapsearch ânâ comand, which doesnât perform any specific action, but returns an error if the username/password combination is wrong. An example call of the tool may look like this:
# ldapsearch -n -x -H ldap ://ldap.project-open.com -D u=ben.bigboss \ @tigerpond.com,ou=People,dc=tigerpond,dc=com -w secret
This command should return a 0 return code and a first line NOT containing âInvalid credentials (49)â. For details please see the ldapsearch âmanâ page for details.
The next step is to setup a new OpenACS âAuthentication Authorityâ. This object controls the authentication of users:
BaseDN |
![]() |
BindDN |
![]() |
GroupMap |
![]() |
LdapURI |
![]() |
PasswordHash |
![]() |
SearchFilter |
![]() |
ServerType |
![]() |
SystemBindDN |
![]() |
SystemBindPW |
![]() |
UsernameAttribute |
![]() |
You can leave the remaining fields empty.
# cd /web/projop/log # tail -f error.log | grep ldapsearch
This command will give you only the calls to âldapsearchâ. Copy & past these lines and execute them manually in the command line in order to drill-down further.
For testing, troubleshooting etc. consider using a local LDAP. It takes less than 10 minutes setting up "Apache Directory Studio", creating some demo data and test the LDAP functionality of ]po[. Instructions can be found here.
Calle Aprestadora 19, 12o-2a
08902 Hospitalet de Llobregat (Barcelona)
Spain
Tel Europe: +34 609 953 751
Tel US: +1 415 200 2465
Mail: info@project-open.com