Index: openacs-4/packages/acs-core-docs/www/install-ldap-radius.html =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-core-docs/www/install-ldap-radius.html,v diff -u -r1.4 -r1.5 --- openacs-4/packages/acs-core-docs/www/install-ldap-radius.html 17 Jul 2006 05:38:31 -0000 1.4 +++ openacs-4/packages/acs-core-docs/www/install-ldap-radius.html 7 Jun 2008 20:28:50 -0000 1.5 @@ -1,12 +1,13 @@ -<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Install LDAP for use as external authentication</title><meta name="generator" content="DocBook XSL Stylesheets V1.70.1"><link rel="home" href="index.html" title="OpenACS Core Documentation"><link rel="up" href="install-more-software.html" title="Appendix�B.�Install additional supporting software"><link rel="previous" href="install-pam-radius.html" title="Install PAM Radius for use as external authentication"><link rel="next" href="aolserver.html" title="Install AOLserver 3.3oacs1"><link rel="stylesheet" href="openacs.css" type="text/css"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><a href="http://openacs.org"><img src="/doc/images/alex.jpg" border="0" alt="Alex logo"></a><table width="100%" summary="Navigation header" border="0"><tr><td width="20%" align="left"><a accesskey="p" href="install-pam-radius.html">Prev</a> </td><th width="60%" align="center">Appendix�B.�Install additional supporting software</th><td width="20%" align="right"> <a accesskey="n" href="aolserver.html">Next</a></td></tr></table><hr></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="install-ldap-radius"></a>Install LDAP for use as external authentication</h2></div></div></div><div class="authorblurb"><p>By <a href="mailto:openacs@sussdorff.de" target="_top">Malte Sussdorff</a></p> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Install LDAP for use as external authentication</title><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"><link rel="home" href="index.html" title="OpenACS Core Documentation"><link rel="up" href="install-more-software.html" title="Appendix�B.�Install additional supporting software"><link rel="previous" href="install-pam-radius.html" title="Install PAM Radius for use as external authentication"><link rel="next" href="aolserver.html" title="Install AOLserver 3.3oacs1"><link rel="stylesheet" href="openacs.css" type="text/css"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><a href="http://openacs.org"><img src="/doc/images/alex.jpg" border="0" alt="Alex logo"></a><table width="100%" summary="Navigation header" border="0"><tr><td width="20%" align="left"><a accesskey="p" href="install-pam-radius.html">Prev</a> </td><th width="60%" align="center">Appendix�B.�Install additional supporting software</th><td width="20%" align="right"> <a accesskey="n" href="aolserver.html">Next</a></td></tr></table><hr></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="install-ldap-radius"></a>Install LDAP for use as external authentication</h2></div></div><div></div></div><div class="authorblurb"><p>By <a href="mailto:openacs@sussdorff.de" target="_top">Malte Sussdorff</a></p> OpenACS docs are written by the named authors, and may be edited by OpenACS documentation staff. - </div><p>This step by step guide on how to use LDAP for external authentication using the LDAP bind command, which differs from the approach usually taken by auth-ldap. Both will be dealt with in these section</p><div class="orderedlist"><ol type="1"><li><a name="install-openldap"></a><p><b>Install openldap.�</b>Download and install ns_ldap</p><pre class="screen">[root aolserver]# <strong class="userinput"><code>cd /usr/local/src/</code></strong> - [root src]# <strong class="userinput"><code>wget ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-2.2.17.tgz</code></strong> - [root src]# <strong class="userinput"><code>tar xvfz openldap-2.2.17.tgz</code></strong> - [root src]# <strong class="userinput"><code>cd openldap-2.2.17</code></strong> - [root src]# <strong class="userinput"><code>./configure --prefix=/usr/local/openldap</code></strong> - [root openldap]# <strong class="userinput"><code>make install</code></strong> + </div><p>This step by step guide on how to use LDAP for external authentication using the LDAP bind command, which differs from the approach usually taken by auth-ldap. Both will be dealt with in these section</p><div class="orderedlist"><ol type="1"><li><a name="install-openldap"></a><p><b>Install openldap.�</b>Download and install ns_ldap</p><pre class="screen">[root aolserver]# <b class="userinput"><tt>cd /usr/local/src/</tt></b> + [root src]# <b class="userinput"><tt>wget ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-2.2.17.tgz</tt></b> + [root src]# <b class="userinput"><tt>tar xvfz openldap-2.2.17.tgz</tt></b> + [root src]# <b class="userinput"><tt>cd openldap-2.2.17</tt></b> + [root src]# <b class="userinput"><tt>./configure --prefix=/usr/local/openldap</tt></b> + [root openldap]# <b class="userinput"><tt>make install</tt></b> [root openldap]# <span class="action"><span class="action">cd /usr/local/src/ wget ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-2.2.17.tgz @@ -15,18 +16,18 @@ ./configure --prefix=/usr/local/openldap --disable-slapd make install </span></span> - </pre></li><li><a name="install-ns_ldap"></a><p><b>Install ns_ldap.�</b>Download and install ns_ldap</p><pre class="screen">[root aolserver]# <strong class="userinput"><code>cd /usr/local/src/aolserver/</code></strong> - [root aolserver]# <strong class="userinput"><code>wget http://www.sussdorff.de/ressources/nsldap.tgz</code></strong> - [root aolserver]# <strong class="userinput"><code>tar xfz nsldap.tgz</code></strong> - [root aolserver]# <strong class="userinput"><code>cd nsldap</code></strong> - [root ns_pam-0.1]# <strong class="userinput"><code>make install LDAP=/usr/local/openldap INST=/usr/local/aolserver</code></strong> + </pre></li><li><a name="install-ns_ldap"></a><p><b>Install ns_ldap.�</b>Download and install ns_ldap</p><pre class="screen">[root aolserver]# <b class="userinput"><tt>cd /usr/local/src/aolserver/</tt></b> + [root aolserver]# <b class="userinput"><tt>wget http://www.sussdorff.de/ressources/nsldap.tgz</tt></b> + [root aolserver]# <b class="userinput"><tt>tar xfz nsldap.tgz</tt></b> + [root aolserver]# <b class="userinput"><tt>cd nsldap</tt></b> + [root ns_pam-0.1]# <b class="userinput"><tt>make install LDAP=/usr/local/openldap INST=/usr/local/aolserver</tt></b> [root ns_pam-0.1]# <span class="action"><span class="action">cd /usr/local/src/aolserver/ wget http://www.sussdorff.de/resources/nsldap.tgz tar xfz nsldap.tgz cd nsldap make install LDAP=/usr/local/openldap INST=/usr/local/aolserver </span></span> - </pre></li><li><a name="configure-ns_ldap"></a><p><b>Configure ns_ldap for traditional use.�</b>Traditionally OpenACS has supported ns_ldap for authentification by storing the OpenACS password in an encrypted field within the LDAP server called "userPassword". Furthermore a CN field was used for searching for the username, usually userID or something similar. This field is identical to the <span class="emphasis"><em>username</em></span>stored in OpenACS. Therefore the login will only work if you change login method to make use of the username instead.</p><div class="itemizedlist"><ul type="disc"><li><p> - Change <span class="emphasis"><em>config.tcl</em></span>. Remove the <span class="emphasis"><em>#</em></span> in front of <code class="computeroutput">ns_param nsldap ${bindir}/nsldap.so</code> to enable the loading of the ns_ldap module. - </p></li></ul></div></li><li><a name="configure-ns_ldap-bind"></a><p><b>Configure ns_ldap for use with LDAP bind.�</b>LDAP authentication usually is done by trying to bind (aka. login) a user with the LDAP server. The password of the user is not stored in any field of the LDAP server, but kept internally. The latest version of ns_ldap supports this method with the <span class="emphasis"><em>ns_ldap bind</em></span> command. All you have to do to enable this is to configure auth_ldap to make use of the BIND authentification instead. Alternatively you can write a small script on how to calculate the username out of the given input (e.g. if the OpenACS username is malte.fb03.tu, the LDAP request can be translated into "ou=malte,ou=fb03,o=tu" (this example is encoded in auth_ldap and you just have to comment it out to make use of it).</p></li></ol></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="install-pam-radius.html">Prev</a> </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right"> <a accesskey="n" href="aolserver.html">Next</a></td></tr><tr><td width="40%" align="left">Install PAM Radius for use as external authentication </td><td width="20%" align="center"><a accesskey="u" href="install-more-software.html">Up</a></td><td width="40%" align="right"> Install AOLserver 3.3oacs1</td></tr></table><hr><address><a href="mailto:docs@openacs.org">docs@openacs.org</a></address></div><a name="comments"></a><center><a href="http://openacs.org/doc/current/install-ldap-radius.html#comments">View comments on this page at openacs.org</a></center></body></html> + </pre></li><li><a name="configure-ns_ldap"></a><p><b>Configure ns_ldap for traditional use.�</b>Traditionally OpenACS has supported ns_ldap for authentification by storing the OpenACS password in an encrypted field within the LDAP server called "userPassword". Furthermore a CN field was used for searching for the username, usually userID or something similar. This field is identical to the <span class="emphasis"><em>username</em></span>stored in OpenACS. Therefore the login will only work if you change login method to make use of the username instead.</p><div class="itemizedlist"><ul type="disc"><li><p> + Change <span class="emphasis"><em>config.tcl</em></span>. Remove the <span class="emphasis"><em>#</em></span> in front of <tt class="computeroutput">ns_param nsldap ${bindir}/nsldap.so</tt> to enable the loading of the ns_ldap module. + </p></li></ul></div></li><li><a name="configure-ns_ldap-bind"></a><p><b>Configure ns_ldap for use with LDAP bind.�</b>LDAP authentication usually is done by trying to bind (aka. login) a user with the LDAP server. The password of the user is not stored in any field of the LDAP server, but kept internally. The latest version of ns_ldap supports this method with the <span class="emphasis"><em>ns_ldap bind</em></span> command. All you have to do to enable this is to configure auth_ldap to make use of the BIND authentification instead. Alternatively you can write a small script on how to calculate the username out of the given input (e.g. if the OpenACS username is malte.fb03.tu, the LDAP request can be translated into "ou=malte,ou=fb03,o=tu" (this example is encoded in auth_ldap and you just have to comment it out to make use of it).</p></li></ol></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="install-pam-radius.html">Prev</a> </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right"> <a accesskey="n" href="aolserver.html">Next</a></td></tr><tr><td width="40%" align="left">Install PAM Radius for use as external authentication </td><td width="20%" align="center"><a accesskey="u" href="install-more-software.html">Up</a></td><td width="40%" align="right"> Install AOLserver 3.3oacs1</td></tr></table><hr><address><a href="mailto:docs@openacs.org">docs@openacs.org</a></address></div><a name="comments"></a><center><a href="http://openacs.org/doc/current/install-ldap-radius.html#comments">View comments on this page at openacs.org</a></center></body></html>