Forum OpenACS Q&A: How to make OpenACS talk to LDAP?

Posted by Morino Hibiki on 03/13/05 07:07 AM

Hi all,

I'm new to OpenACS and i would like to know the proper way on how to make OpenACS able to talk to LDAP. Which one do i need to use? nsldap? auth_ldap? ACS LDAP Authentication? Can anyone give the most simple way to enable OpenACS to talk to LDAP. I've read several documentation, but i'm still confius...

Currently i'm using AOLServer 4.0, OpenACS 5.1.4 and OpenLDAP 2.2.23.

Thanks!!

2: Re: How to make OpenACS talk to LDAP? (response to 1)

Posted by Malte Sussdorff on 03/13/05 09:23 AM

You will need ns_ldap to enable the AOLserver to connect to the LDAP server. Depending on your setup, you will need a patched version that is floating around.

For OpenACS to authenticate against the LDAP server you need to install auth_ldap package.

If you store the password in OpenLDAP as a field, you are fine with the unpatched version of nsldap. If you want OpenLDAP to do the authentication for you (you authenticate using the LDAP authentication mechanism), nsldap with bind support is needed.

Other than that, search on OpenACS for LDAP, there have been some IRC discussions on this topic.

3: Re: Re: How to make OpenACS talk to LDAP? (response to 2)

Posted by Andrew Piskorski on 03/14/05 10:42 AM

Malte, did you succeed in getting those ns_ldap patches committed to SourceForge CVS? One of the presenters at the OpenACS meeting at Sloan last Friday mentioned how they were absolutely required for his OpenACS / LDAP integration work.

4: Re: How to make OpenACS talk to LDAP? (response to 1)

Posted by Malte Sussdorff on 03/14/05 08:16 PM

I tried, but this has somehow been dropped. I will ask again later this week.

5: Re: How to make OpenACS talk to LDAP? (response to 1)

Posted by Morino Hibiki on 03/15/05 03:33 AM

Thanks Malte. Actually i'm trying to create SSO between OpenACS and an open source portal. I don't know if OpenACS is capable for automatic authentication (read cookies for login etc.), but OpenACS sure is great!

6: AOLserver as client for remote web login (response to 5)

Posted by Andrew Piskorski on 03/15/05 04:30 AM

Morino, I'm entirely certain what you're trying to do, but it is definitely possible to have AOLserver log in as a client to another web-based system using cookies and everything (and with some extra effor, it even works for SSL). I know because I've done so in the past (back in 2003).

However, you're going to have to write code to do it, AFAIK there is nothing stock in OpenACS for that. Ah, the client-side cookie handling you need is in tclwebtest. Between AOLserver, nsopenssl, OpenACS, and tclwebtest, you have all the pieces you need. However, while not terribly difficult, the programming to make it work is not at all trivial, either.

I probably should have contributed that remote web login code I wrote to OpenACS, but after developing it I ended up not actually using it in Production, so I quickly forgot about it. If anyone really wants it I can send you the code (particularly if you will do the work to better integrate it into OpenACS). It includes, for example, a proc which remotely logs in to another OpenACS instance.

7: Re: AOLserver as client for remote web login (response to 6)

Posted by Morino Hibiki on 03/15/05 09:47 AM

That's great Piskorski. Can you email me the code? I'll appreciate your big support. I hope it will help me a lot.

Thanks again!

8: Re: AOLserver as client for remote web login (response to 6)

Posted by Andrew Piskorski on 03/17/05 02:46 PM

Morino, ok, the code is available here: remote-login.zip.

It should work as is, but definitely could use some maintenance (renaming procs, moving into namespace, push patched version of https.tcl into nsopenssl, use latest stock tclwebtest rather than included hacked version, etc.) before contributing it to OpenACS or AOLserver.

You probalby want to start by looking at the (in need of renaming) dits_acs_login proc. It will log your AOLserver into a remote OpenACS instance.