Home : LDAP how to

LDAP how to

Consultare

http://openacs.org/doc/acs-authentication/ext-auth-ldap-install.html
http://openacs.org/doc/current/install-ldap-radius.html
http://www.cognovis.de/developer/en/openacs_ldap

Server:

http://ah.intranet.adhocsistemi.it/

Interfaccia Admin:  (qwe123)

http://ah.intranet.adhocsistemi.it/phpldapadmin/htdocs/index.php

openldap

Installare libdb4.6-dev (BerkekeyDB) e ldap-utils

export CPPFLAGS=-D_GNU_SOURCE
./configure --prefix=/usr/local/openldap --disable-slapd
make depend
make
make install

nsldap

export AOLSERVER=/usr/local/aolserver
make -i LDAP=/usr/local/openldap
make -i install LDAP=/usr/local/openldap

Comandi

set ldaph [ns_ldap gethandle]
set users [ns_ldap search $ldaph -scope "subtree" "dc=adhocsistemi,dc=it" "uid=P*"]
set users [string range $users 1 [expr [string length $users] - 2]]
foreach {key value} $users {
append html "$key = $value <br>"
}

array set claudio $users

ns_return 200 text/html $claudio(mail)

set password_from_ldap [auth::ldap::get_user -username Pasolini -parameters [list UsernameAttribute uid BindAuthenticationP "" BaseDN dc=adhocsistemi,dc=it InfoAttributeMap "first_names=givenName;last_name=sn;email=mail" PasswordHash ""] -element userPassword]
auth::ldap::check_password $password_from_ldap cheyenne_77


DA FARE

The login process goes like this:

   1. We ask for email and password. Since DN's are generally tedious to type, we still rely on emails rather than DN. Since the user might not have a row in the users table, we won't do the old-style "email first, then check if he exists, then ask for password" login process.
   2. We search the LDAP directory for a user with this email address and get back the DN. If there's no such entry, we deny access to the user. If there's more than one, we're in trouble, so we dump an error. If there's exactly one entry, we grab the DN.
   3. We do an LDAP bind operation with the DN just found and the password provided by the user. If it doesn't succeed we complain that the user typed in a bad password.
   4. After the bind, we check to see if we already have a row in the users table with the DN. If we don't, we pull out the person's name from the directory and insert a row.