Forum .LRN Q&A: Authentication with ldap

Posted by Christopher Jervis on 07/19/06 12:14 AM

Hello, I have a problem with the configuration of .LRN, so that this uses LDAP.
I have a database OpenLdap with more of 1000 users. This database is actually in use for the authentication of users in other services of my college (linux account, webmail, etc).

I want use the existing database for the authentication of users in dotlrn. The idea is that any user of ldap, they can login into the system without admin intervention, i.e., auto-add users to the system, if they are correctly authenticated.
Is possible this?

If this isn't possible. How can I export the user automatically to the system?
I have correctly installed de nsldap driver and I configured dorlrn for the authentication. Actually, this show the follow message: "You have successfully authenticated, but you do not have an account on MY_SERVER yet."
How can I create an account?

**The configuration for authority is:

Name: alumnos
Short Name: alumnos
Enabled: Yes
Help contact text:

Authentication: LDAP

Password management: LDAP
Recover password URL:
Change password URL:

Account registration: Local
Account registration URL:

User Info: --Disabled--

Batch sync enabled: No
GetDocument implementation: --Disabled--
ProcessDocument implementation: --Disabled--

**The driver configuration:

UsernameAttribute: uid
BindAuthenticationP: 1
BaseDN: ou=cuentas,ou=alumnos,ou=MY_DOMAIN,c=CL
PasswordHash: CRYPT
-

I assume that the server configuration is correct. The server does not show errors.

Ok, thanks.

2: Re: Authentication with ldap (response to 1)

Posted by Matthew Coupe on 07/19/06 04:06 PM

Hi Christopher,

We're currently in the process of setting up our LDAP server for pretty much the same purpose as you. I believe we got to exactly the same point whereby when someone hit the site they were not yet authenticated and it took an admin to do this. (approve and add to dotLRN I believe).

This is how I understand the synchronisation works:

To synchronise the two accounts you need to get your active directory to export a snapshot to a URL and then point the ldap module of dotlrn to this URL (through configure or something like that). This then synchronises the two databases. Any mods after that are updated automatically via snapshot updates at another URL. It also does a full synch every so often to ensure consistency.

I haven't configure this part yet but I believe some people have. If they don't hit you back with anything I may be able to give you their contact info so you can drop them a line. If you do get this working though please could you let us all know how you did it as this would be really interesting for us too. The synchronisation aspect does not appear (As far as I know) to have great documentation.

Cheers,
Matthew

3: Re: Res: Authentication with ldap (response to 1)

Posted by Christopher Jervis on 10/24/06 10:26 PM

I can't configure the server with ldap.

I tried with the new version of .LRN (2.2.0) in a clear installation, with the same configuration that the previus post, but now this have a new error "invalid command name 'ns_ldap'".

In the version 2.1.3, I authenticathed user, but this show the follow message: "You have successfully authenticated, but you do not have an account on MY_SERVER yet."

Both servers with the same parameter, show different error... why??

Any idea?

Thanks.

4: Re: Res: Authentication with ldap (response to 1)

Posted by Christopher Jervis on 10/26/06 09:10 PM

somebody uses LDAP?

I review the documentation, forums and other places, and this don't say nothing that help me.

I need configure dotlrn with LDAP, is very important for me.