Home
The Toolkit for Online Communities
17240 Community Members, 1 member online, 2010 visitors today
Log In Register
OpenACS Home : Forums : OpenACS Q&A : How to make OpenACS talk to LDAP?

Forum OpenACS Q&A: How to make OpenACS talk to LDAP?

Icon of envelope Request notifications

Collapse
Posted by Morino Hibiki on
Hi all,

I'm new to OpenACS and i would like to know the proper way on how to make OpenACS able to talk to LDAP. Which one do i need to use? nsldap? auth_ldap? ACS LDAP Authentication? Can anyone give the most simple way to enable OpenACS to talk to LDAP. I've read several documentation, but i'm still confius... :-(

Currently i'm using AOLServer 4.0, OpenACS 5.1.4 and OpenLDAP 2.2.23.

Thanks!!

Collapse
Posted by Malte Sussdorff on
You will need ns_ldap to enable the AOLserver to connect to the LDAP server. Depending on your setup, you will need a patched version that is floating around.

For OpenACS to authenticate against the LDAP server you need to install auth_ldap package.

If you store the password in OpenLDAP as a field, you are fine with the unpatched version of nsldap. If you want OpenLDAP to do the authentication for you (you authenticate using the LDAP authentication mechanism), nsldap with bind support is needed.

Other than that, search on OpenACS for LDAP, there have been some IRC discussions on this topic.

Collapse
Posted by Andrew Piskorski on
Malte, did you succeed in getting those ns_ldap patches committed to SourceForge CVS? One of the presenters at the OpenACS meeting at Sloan last Friday mentioned how they were absolutely required for his OpenACS / LDAP integration work.
Collapse
Posted by Malte Sussdorff on
I tried, but this has somehow been dropped. I will ask again later this week.
Collapse
Posted by Morino Hibiki on
Thanks Malte. Actually i'm trying to create SSO between OpenACS and an open source portal. I don't know if OpenACS is capable for automatic authentication (read cookies for login etc.), but OpenACS sure is great! :-)
Collapse
Posted by Andrew Piskorski on
Morino, I'm entirely certain what you're trying to do, but it is definitely possible to have AOLserver log in as a client to another web-based system using cookies and everything (and with some extra effor, it even works for SSL). I know because I've done so in the past (back in 2003).

However, you're going to have to write code to do it, AFAIK there is nothing stock in OpenACS for that. Ah, the client-side cookie handling you need is in tclwebtest. Between AOLserver, nsopenssl, OpenACS, and tclwebtest, you have all the pieces you need. However, while not terribly difficult, the programming to make it work is not at all trivial, either.

I probably should have contributed that remote web login code I wrote to OpenACS, but after developing it I ended up not actually using it in Production, so I quickly forgot about it. If anyone really wants it I can send you the code (particularly if you will do the work to better integrate it into OpenACS). It includes, for example, a proc which remotely logs in to another OpenACS instance.

Collapse
Posted by Morino Hibiki on
That's great Piskorski. Can you email me the code? I'll appreciate your big support. I hope it will help me a lot.

Thanks again!

Collapse
Posted by Andrew Piskorski on
Morino, ok, the code is available here: remote-login.zip.

It should work as is, but definitely could use some maintenance (renaming procs, moving into namespace, push patched version of https.tcl into nsopenssl, use latest stock tclwebtest rather than included hacked version, etc.) before contributing it to OpenACS or AOLserver.

You probalby want to start by looking at the (in need of renaming) dits_acs_login proc. It will log your AOLserver into a remote OpenACS instance.