Forum OpenACS Q&A: How to use Active Directory credentials for logging into OpenACS

Hi,
I am trying integrate my AD user logins with OpenACS. I have installed 'LDAP authentication driver' service from the repository; but don't know how to configure it.
Being a service(not a application), it doesn't show any page when I click this URL http://localhost:8000/ldap-authentication-driver/

My queries are:
1: How to use usernames instead of Email for log in?
2: How to integrate AD user credentials with OpenAcs User Database?
3: Does it require LDAP authentication driver? if so, how to configure it?

Hi,

From the Documentation of OACS 5.3, I knew that auth-ldap package is required for External (LDAP ) authentication. But in repository of 5.3 I could not find this package.
Is this package is discontinued ?

Thanks
Ratnakar

Ratnakar,

There are a lot of threads on this topic. Try searching the boards for more info but quickly, yes, you need auth-ldap and the aolserver module nsldap (the one that supports bind). You need to build nsldap, modify your config.tcl to set up the ldap pool and ensure that it's working by checking the log when your server boots up. Once you've got that working, you configure it by going to the Authentication section of the Control Panel. There, you will be able to add a new authority of type LDAP and configure the options for it using the "configure drivers for this authority" link.

About functionality, you can expect that if your users have email addresses in AD, they should be able to log in directly to your OpenACS instance (the local account will be created at login time). There is also work going into HEAD that will allow admins to search for users in an LDAP authority and add them to the local system.

Several of us are using the module successfully, against both AD and Novell's eDir. It's not an amazingly full featured integration (yet?) but it does work.

Let us know if you run into any issues while setting things up.

Thanks Michael (for the valuable info),
So far I have done following things with the server
1. Compiled & built aolserver module nsldap.
2. Modified config.tcl file as per the documentation (mentioned LDAP pool in the file).
3. In Package manager page, "LDAP authentication driver" shows 'Key' as "auth-ldap" (Are these pacakges one and the same? If yes, then I don't need to install auth-ldap separately.)
4. I tried to reinstall the LDAP auth. driver then server threw an exception as below:
----------------------------------------------
Database operation "0or1row" failed (exception ERROR, "ERROR: Binding of auth_authentication to LDAP failed since certain operations are not implemented like: MergeUser.
CONTEXT: SQL statement "SELECT acs_sc_binding__new( $1 , $2 )"
PL/pgSQL function "acs_sc_binding__new" line 16 at perform
")

ERROR: Binding of auth_authentication to LDAP failed since certain operations are not implemented like: MergeUser.
CONTEXT: SQL statement "SELECT acs_sc_binding__new( $1 , $2 )"
PL/pgSQL function "acs_sc_binding__new" line 16 at perform

SQL:
select acs_sc_binding__new(
'auth_authentication',
'LDAP'
);

while executing
"ns_pg_bind 0or1row nsdb0 {
select acs_sc_binding__new(
:contract_name,
:impl_name
..."
("uplevel" body line 1)
invoked from within
"uplevel $ulevel [list ns_pg_bind $type $db $sql]"
("postgresql" arm line 2)
invoked from within
"switch $driverkey {
oracle {
return [uplevel $ulevel [list ns_ora $type $db $sql] $args]
}
..."
invoked from within
"db_exec 0or1row $db $full_statement_name $sql"
invoked from within
"if {[regexp -nocase -- {^\s*select} $test_sql match]} {
# ns_log Debug "PLPGSQL: bypassed anon function"
set selection..."
("uplevel" body line 6)
invoked from within
"uplevel 1 $code_block "
invoked from within
"db_with_handle -dbn $dbn db {
# plsql calls that are simple selects bypass the plpgsql
# mechanism for creating anonymous fun..."
(procedure "db_exec_plsql" line 57)
invoked from within
"db_exec_plsql binding_new {}"
(procedure "acs_sc::impl::binding::new" line 3)
invoked from within
"acs_sc::impl::binding::new -contract_name $impl(contract_name) -impl_name $impl(name)"
("uplevel" body line 6)
invoked from within
"uplevel 1 $transaction_code "
(procedure "db_transaction" line 1)
invoked from within
"db_transaction {
set impl_id [new -contract_name $impl(contract_name) -name $impl(name) -pretty_name $impl(pretty_name) -owner $impl(owner..."
(procedure "acs_sc::impl::new_from_spec" line 10)
invoked from within
"acs_sc::impl::new_from_spec -spec $spec"
(procedure "auth::ldap::after_install" line 13)
invoked from within
"auth::ldap::after_install "
("eval" body line 1)
invoked from within
"eval $command"
(procedure "apm_invoke_callback_proc" line 37)
invoked from within
"apm_invoke_callback_proc -version_id $version_id -type after-install"
(procedure "apm_package_install" line 146)
invoked from within
"apm_package_install -enable=$enable_p -package_path $package_path -callback apm_ns_write_callback -load_data_model -data_model_files $data_model_..."
("foreach" body line 42)
invoked from within
"foreach pkg_info $pkg_install_list {
set spec_file [pkg_info_spec $pkg_info]
set package_path [pkg_info_path $pkg_info]

if { [catch {
ar..."
("uplevel" body line 34)
invoked from within
"uplevel {
ad_page_contract {

Installs the packages.

@author Bryan Quinn (mailto:bquinn@arsdigita.com)
@creation-date Mon Oct 9 00:22:31..."
(procedure "code::tcl::/var/lib/aolserver/service0/packages/acs-admin..." line 2)
invoked from within
"code::tcl::$__adp_stub"
invoked from within
"if { [file exists $__adp_stub.tcl] } {

# ensure that data source preparation procedure exists and is up-to-date
adp_init tcl $__adp_stub
..."
("uplevel" body line 3)
invoked from within
"uplevel {

if { [file exists $__adp_stub.tcl] } {

# ensure that data source preparation procedure exists and is up-to-date
adp_init t..."
(procedure "adp_prepare" line 2)
invoked from within
"adp_prepare "
(procedure "template::adp_parse" line 30)
invoked from within
"template::adp_parse [file root [ad_conn file]] {}"
(procedure "adp_parse_ad_conn_file" line 5)
invoked from within
"$handler"
("uplevel" body line 2)
invoked from within
"uplevel $code"
invoked from within
"ad_try {
$handler
} ad_script_abort val {
# do nothing
}"
invoked from within
"rp_serve_concrete_file [ad_conn file]"
(procedure "rp_serve_abstract_file" line 60)
invoked from within
"rp_serve_abstract_file "$root/$path""
("uplevel" body line 2)
invoked from within
"uplevel $code"
invoked from within
"ad_try {
rp_serve_abstract_file "$root/$path"
set tcl_url2file([ad_conn url]) [ad_conn file]
set tcl_url2path_info..."
-----------------------------------------------------
How Can I enable the MergeUSer operation? or Is there any workaround for this?

Thanks
Ratnakar