Can Joomla Users login In OpenERP Using LDAP??????
Hi all,I am deciding to cover the entire topic of enbling joomla created user accounts
to login in openerp with the help of centralized authentication tool ldap in two parts.first part here
covers ldap installation and its integration with openerp,so that ldap users can login in
openerp with their accounts created in openerp.
OpenLDAP, open source implementation of the Lightweight Directory Access Protocol (LDAP) stores
all information in a directory with tree like structure with root node defining the top of the organization(domain
component,organization name) and leaf nodes representing the organization units(peoples,groups).
OpenLDAP Installation
1.Install the OpenLDAP server daemon slapd and ldap-utils, a package containing LDAP management utilities
sudo apt-get install slapd ldap-utils
2.schemas need to be loaded in the server as by default there are none:
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif
3.To create the actual ldap database that stores the entries in the directory, need to create ldif files.
In this example we use dc=example,dc=com the directory suffix.
Remember to change dc=example,dc=com in the following example to match
your LDAP configuration needs.Create backend.example.com.ldif and copy the following code.
# Load dynamic backend modules
dn: cn=module,cn=config
objectClass: olcModuleList
cn: module
olcModulepath: /usr/lib/ldap
olcModuleload: back_hdb
# Database settings
dn: olcDatabase=hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {1}hdb
olcSuffix: dc=example,dc=com <-- change here for your domain
olcDbDirectory: /var/lib/ldap
olcRootDN: cn=admin,dc=example,dc=com <--change here
olcRootPW: secret <-- change admin password here
olcDbConfig: set_cachesize 0 2097152 0
olcDbConfig: set_lk_max_objects 1500
olcDbConfig: set_lk_max_locks 1500
olcDbConfig: set_lk_max_lockers 1500
olcDbIndex: objectClass eq
olcLastMod: TRUE
olcDbCheckpoint: 512 30
#modify access list to limit access to database
olcAccess: to attrs=userPassword by dn="cn=admin,dc=example,dc=com" write by anonymous auth by self write by * none <-- change here
olcAccess: to attrs=shadowLastChange by self write by * read
olcAccess: to dn.base="" by * read
olcAccess: to * by dn="cn=admin,dc=example,dc=com" write by * read <--change here
Note: there should not be any spaces at the beginning of lines
now add ldif to directory by,
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f backend.example.com.ldif
4.Ldap database need to be populated with users and groups.Create frontend.example.com.ldif
with following content.here a sample user named john is also added.
# Create top-level object in domain
dn: dc=example,dc=com <-- change 'dc' to your domain
objectClass: top
objectClass: dcObject
objectclass: organization
o: Example Organization <--change here
dc: Example <--change here
description: LDAP Example
# Admin user.
dn: cn=admin,dc=example,dc=com <--change here
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
userPassword: secret <-- admin password entered above in backend
dn: ou=people,dc=example,dc=com <--change here
objectClass: organizationalUnit
ou: people
dn: ou=groups,dc=example,dc=com <--change here
objectClass: organizationalUnit
ou: groups
dn: uid=john,ou=people,dc=example,dc=com <--change here
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
uid: john
sn: Doe
givenName: John
cn: John Doe
displayName: John Doe
uidNumber: 1050
gidNumber: 10000
userPassword: password <-- change john user password
gecos: John Doe
loginShell: /bin/bash
homeDirectory: /home/john
shadowExpire: -1
shadowFlag: 0
shadowWarning: 7
shadowMin: 8
shadowMax: 999999
shadowLastChange: 10877
mail: [email protected]
postalCode: 31000
l: Toulouse
o: Example
mobile: +33 (0)6 xx xx xx xx
homePhone: +33 (0)5 xx xx xx xx
title: System Administrator
postalAddress:
initials: JD
dn: cn=example,ou=groups,dc=example,dc=com <-- change cn=eample to group name you needed
objectClass: posixGroup
cn: example <--change here if made changed above in group name
gidNumber: 10000
Add ldif to directory, it will prompt for admin password,
sudo ldapadd -x -D cn=admin,dc=example,dc=com -W -f frontend.example.com.ldif
5.Simple ldap configuration is over and to get web based user interface for ldap,install phpldapadmin,
sudo apt-get install phpldapadmin
need to change 'dc' the following lines in /etc/phpldapadmin/cofig.php and restart apache2.
a)$servers->setValue('server','base',array('dc=example,dc=com'));
b) $servers->setValue('login','bind_id','cn=admin,dc=example,dc=com');
to your domain.Login into ldap server using http://localhost/phpldapaddmin and enter admin passwd.
OpenERP-LDAP
6.Install python package,otherwise users_ldap module in openerp will not function
sudo apt-get install python-ldap
7.Install users_ldap module in the openerp which comes by default with openerp-server addons
8.Configuration at the openerp side,
"Administration-->Companies-->Companies",Your company profile and enter following details in ldap parametres
LDAP Server Address : your machine IP (127.0.0.1 <-if ldap running on the same server)
LDAP Server Port : 389
LDAP Bind Dn : cn=admin,dc=example,dc=com (if you had changed dc component then enter the same here and for followings)
LDAP password : Your admin ldap password
LDAP Base : ou=people,dc=example,dc=com <-- change 'dc' here
LDAP filter : (uid=%s)
create user : checked
Model User : demo user
sequence : 10
9.If everything goes right you can login using john with password in openerp and same for the other ldap users when created,
Joomla-ldap integration will be covered in my next blog.
hi this is a nice post.. May
hi
this is a nice post.. May i ask you to tel me how install openldap in windows and do the rest.
Thanks in advance..