Forum OpenACS Q&A: How to make OpenACS talk to LDAP?
I'm new to OpenACS and i would like to know the proper way on how to make OpenACS able to talk to LDAP. Which one do i need to use? nsldap? auth_ldap? ACS LDAP Authentication? Can anyone give the most simple way to enable OpenACS to talk to LDAP. I've read several documentation, but i'm still confius...
Currently i'm using AOLServer 4.0, OpenACS 5.1.4 and OpenLDAP 2.2.23.
For OpenACS to authenticate against the LDAP server you need to install auth_ldap package.
If you store the password in OpenLDAP as a field, you are fine with the unpatched version of nsldap. If you want OpenLDAP to do the authentication for you (you authenticate using the LDAP authentication mechanism), nsldap with bind support is needed.
Other than that, search on OpenACS for LDAP, there have been some IRC discussions on this topic.
However, you're going to have to write code to do it, AFAIK there is nothing stock in OpenACS for that. Ah, the client-side cookie handling you need is in tclwebtest. Between AOLserver, nsopenssl, OpenACS, and tclwebtest, you have all the pieces you need. However, while not terribly difficult, the programming to make it work is not at all trivial, either.
I probably should have contributed that remote web login code I wrote to OpenACS, but after developing it I ended up not actually using it in Production, so I quickly forgot about it. If anyone really wants it I can send you the code (particularly if you will do the work to better integrate it into OpenACS). It includes, for example, a proc which remotely logs in to another OpenACS instance.
It should work as is, but definitely could use some maintenance (renaming procs, moving into namespace, push patched version of https.tcl into nsopenssl, use latest stock tclwebtest rather than included hacked version, etc.) before contributing it to OpenACS or AOLserver.
You probalby want to start by looking at the (in need of renaming)
dits_acs_login proc. It will log your AOLserver into a
remote OpenACS instance.