Did not find a how-to for your problem?

Ask me to write the how-to post by writing to the mailing-list at cps-devel [@] lists [.] nuxeo [.] com or writing to me to joseluisdelarosa+cpshowto [@] gmail [.] com. Note: I'll keep all conversations on the official mailing list.

Wednesday, July 11, 2007

How to configure authentication with OpenLDAP

Hi everyone, after testing authentication of CPS against OpenLDAP I have realized that this is actually the right way for CPS authentication. Mainly, because it let's you use the directory to authenticate with any other application, say Moodle, phpBB, SAMBA or whatever platform that supports LDAP.

CPS comes out-of-the-box with a product just ready to configure LDAP authentication with only a few changes on parameters like host, bind user, password, subtree, etc. Please, consider to read the original documentation of the product CPSLDAPSetup, these are just some guidelines to put all steps together.

  1. Install OpenLDAP in your system. I do it here for Ubuntu or Debian.

    apt-get install slapd

  2. Make a backup of the original configuration file:

    cp /etc/ldap/slapd.conf /etc/ldap/slapd.conf.default

  3. Copy the file of CPSLDAPSetup/ldap-utils/slapd.conf to the directory /etc/ldap/.

  4. Edit the file /etc/ldap/slapd.conf so that it uses your setup configuration. Mainly, change those lines that refer to a symbolic LDAP site to use your own configuration.

  5. Load users to the OpenLDAP database. Don't forget to do it as user openldap.

    su -m openldap

  6. From the ZMI, go to the tool portal_setup.
  7. From the tab Profiles select the profile CPSLDAPSetup (members in LDAP, groups and roles in ZODB) and click the button Import.
  8. Now you should be able to search for the members from the search form of the directory members.

No comments: