<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" 'http://www.w3.org/TR/html4/loose.dtd"'> <html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>Install LDAP for use as external authentication</title><link rel="stylesheet" href="openacs.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"><link rel="home" href="index.html" title="OpenACS Core Documentation"><link rel="up" href="install-more-software.html" title="Appendix B. Install additional supporting software"><link rel="previous" href="install-pam-radius.html" title="Install PAM Radius for use as external authentication"><link rel="next" href="aolserver.html" title="Install AOLserver 3.3oacs1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><a href="http://openacs.org"><img src="/doc/images/alex.jpg" style="border:0" alt="Alex logo"></a><table width="100%" summary="Navigation header" border="0"><tr><td width="20%" align="left"><a accesskey="p" href="install-pam-radius.html">Prev</a> </td><th width="60%" align="center">Appendix B. Install additional supporting software</th><td width="20%" align="right"> <a accesskey="n" href="aolserver.html">Next</a></td></tr></table><hr></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="install-ldap-radius"></a>Install LDAP for use as external authentication</h2></div></div><div></div></div><div class="authorblurb"><p>By <a href="mailto:openacs@sussdorff.de" target="_top">Malte Sussdorff</a></p> OpenACS docs are written by the named authors, and may be edited by OpenACS documentation staff. </div><p>This step by step guide on how to use LDAP for external authentication using the LDAP bind command, which differs from the approach usually taken by auth-ldap. Both will be dealt with in these section</p><div class="orderedlist"><ol type="1"><li><a name="install-openldap"></a><p><b>Install openldap. </b>Download and install ns_ldap</p><pre class="screen">[root aolserver]# <b class="userinput"><tt>cd /usr/local/src/</tt></b> [root src]# <b class="userinput"><tt>wget ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-2.2.17.tgz</tt></b> [root src]# <b class="userinput"><tt>tar xvfz openldap-2.2.17.tgz</tt></b> [root src]# <b class="userinput"><tt>cd openldap-2.2.17</tt></b> [root src]# <b class="userinput"><tt>./configure --prefix=/usr/local/openldap</tt></b> [root openldap]# <b class="userinput"><tt>make install</tt></b> [root openldap]# <span class="action"><span class="action">cd /usr/local/src/ wget ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-2.2.17.tgz tar xvfz openldap-2.2.17.tgz cd openldap-2.2.17 ./configure --prefix=/usr/local/openldap --disable-slapd make install </span></span> </pre></li><li><a name="install-ns_ldap"></a><p><b>Install ns_ldap. </b>Download and install ns_ldap</p><pre class="screen">[root aolserver]# <b class="userinput"><tt>cd /usr/local/src/aolserver/</tt></b> [root aolserver]# <b class="userinput"><tt>wget http://www.sussdorff.de/ressources/nsldap.tgz</tt></b> [root aolserver]# <b class="userinput"><tt>tar xfz nsldap.tgz</tt></b> [root aolserver]# <b class="userinput"><tt>cd nsldap</tt></b> [root ns_pam-0.1]# <b class="userinput"><tt>make install LDAP=/usr/local/openldap INST=/usr/local/aolserver</tt></b> [root ns_pam-0.1]# <span class="action"><span class="action">cd /usr/local/src/aolserver/ wget http://www.sussdorff.de/resources/nsldap.tgz tar xfz nsldap.tgz cd nsldap make install LDAP=/usr/local/openldap INST=/usr/local/aolserver </span></span> </pre></li><li><a name="configure-ns_ldap"></a><p><b>Configure ns_ldap for traditional use. </b>Traditionally OpenACS has supported ns_ldap for authentification by storing the OpenACS password in an encrypted field within the LDAP server called "userPassword". Furthermore a CN field was used for searching for the username, usually userID or something similar. This field is identical to the <span class="emphasis"><em>username</em></span>stored in OpenACS. Therefore the login will only work if you change login method to make use of the username instead.</p><div class="itemizedlist"><ul type="disc"><li><p> Change <span class="emphasis"><em>config.tcl</em></span>. Remove the <span class="emphasis"><em>#</em></span> in front of <tt class="computeroutput">ns_param nsldap ${bindir}/nsldap.so</tt> to enable the loading of the ns_ldap module. </p></li></ul></div></li><li><a name="configure-ns_ldap-bind"></a><p><b>Configure ns_ldap for use with LDAP bind. </b>LDAP authentication usually is done by trying to bind (aka. login) a user with the LDAP server. The password of the user is not stored in any field of the LDAP server, but kept internally. The latest version of ns_ldap supports this method with the <span class="emphasis"><em>ns_ldap bind</em></span> command. All you have to do to enable this is to configure auth_ldap to make use of the BIND authentification instead. Alternatively you can write a small script on how to calculate the username out of the given input (e.g. if the OpenACS username is malte.fb03.tu, the LDAP request can be translated into "ou=malte,ou=fb03,o=tu" (this example is encoded in auth_ldap and you just have to comment it out to make use of it).</p></li></ol></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="install-pam-radius.html">Prev</a> </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right"> <a accesskey="n" href="aolserver.html">Next</a></td></tr><tr><td width="40%" align="left">Install PAM Radius for use as external authentication </td><td width="20%" align="center"><a accesskey="u" href="install-more-software.html">Up</a></td><td width="40%" align="right"> Install AOLserver 3.3oacs1</td></tr></table><hr><address><a href="mailto:docs@openacs.org">docs@openacs.org</a></address></div><a name="comments"></a><center><a href="http://openacs.org/doc/current/install-ldap-radius.html#comments">View comments on this page at openacs.org</a></center></body></html>