Google Git
Sign in
apache / lenya / a5d955479e9b18e95769f2e099895787404c4036 / . / docs / 1_2_x / how-to / ldap_authentication.html
blob: 7071b871e2681040c7a9d75357188fe83a0e6f26 [file] [log] [blame]
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<META http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta content="Apache Forrest" name="Generator">
<meta name="Forrest-version" content="0.9-dev">
<meta name="Forrest-skin-name" content="pelt">
<title>LDAP Authentication How-To</title>
<link type="text/css" href="../../../skin/basic.css" rel="stylesheet">
<link media="screen" type="text/css" href="../../../skin/screen.css" rel="stylesheet">
<link media="print" type="text/css" href="../../../skin/print.css" rel="stylesheet">
<link type="text/css" href="../../../skin/profile.css" rel="stylesheet">
<script src="../../../skin/getBlank.js" language="javascript" type="text/javascript"></script><script src="../../../skin/getMenu.js" language="javascript" type="text/javascript"></script><script src="../../../skin/fontsize.js" language="javascript" type="text/javascript"></script>
<link rel="shortcut icon" href="../../../favicon.ico">
</head>
<body onload="init()">
<script type="text/javascript">ndeSetTextSize();</script>
<div id="top">
<!--+
|breadtrail
+-->
<div class="breadtrail">
<a href="http://www.apache.org/">apache</a> &gt; <a href="http://lenya.apache.org/">lenya</a><script src="../../../skin/breadcrumbs.js" language="JavaScript" type="text/javascript"></script>
</div>
<!--+
|header
+-->
<div class="header">
<!--+
|start group logo
+-->
<div class="grouplogo">
<a href=""><img class="logoImage" alt="Lenya" src="../../../images/apache-lenya-light.png" title=""></a>
</div>
<!--+
|end group logo
+-->
<!--+
|start Project Logo
+-->
<div class="projectlogo">
<a href=""></a>
</div>
<!--+
|end Project Logo
+-->
<!--+
|start Search
+-->
<div class="searchbox">
<form action="http://www.google.com/search" method="get" class="roundtopsmall">
<input value="lenya.apache.org" name="sitesearch" type="hidden"><input onFocus="getBlank (this, 'Search the site with ');" size="25" name="q" id="query" type="text" value="Search the site with ">&nbsp;
<input name="Search" value="Search" type="submit">
</form>
</div>
<!--+
|end search
+-->
<!--+
|start Tabs
+-->
<ul id="tabs">
<li>
<a class="unselected" href="../../../index.html">Project</a>
</li>
<li>
<a class="unselected" href="../../../docs/index.html">Developer</a>
</li>
<li>
<a class="unselected" href="../../../community/index.html">Community</a>
</li>
<li>
<a class="unselected" href="../../../docs/2_0_x/index.html">Version 2.0</a>
</li>
<li class="current">
<a class="selected" href="../../../docs/1_2_x/index.html">Version 1.2</a>
</li>
</ul>
<!--+
|end Tabs
+-->
</div>
</div>
<div id="main">
<div id="publishedStrip">
<!--+
|start Subtabs
+-->
<div id="level2tabs"></div>
<!--+
|end Endtabs
+-->
<script type="text/javascript"><!--
document.write("Last Published: " + document.lastModified);
// --></script>
</div>
<!--+
|breadtrail
+-->
<div class="breadtrail">
&nbsp;
</div>
<!--+
|start Menu, mainarea
+-->
<!--+
|start Menu
+-->
<div id="menu">
<div onclick="SwitchMenu('menu_selected_1.1', '../../../skin/')" id="menu_selected_1.1Title" class="menutitle" style="background-image: url('../../../skin/images/chapter_open.gif');">Version 1.2</div>
<div id="menu_selected_1.1" class="selectedmenuitemgroup" style="display: block;">
<div class="menuitem">
<a href="../../../docs/1_2_x/index.html">Index</a>
</div>
<div onclick="SwitchMenu('menu_1.1.2', '../../../skin/')" id="menu_1.1.2Title" class="menutitle">Installation</div>
<div id="menu_1.1.2" class="menuitemgroup">
<div class="menuitem">
<a href="../../../docs/1_2_x/installation/index.html">Download</a>
</div>
<div class="menuitem">
<a href="../../../docs/1_2_x/installation/subversion.html">Subversion Access</a>
</div>
<div class="menuitem">
<a href="../../../docs/1_2_x/installation/source_version.html">Install Instructions</a>
</div>
</div>
<div onclick="SwitchMenu('menu_1.1.3', '../../../skin/')" id="menu_1.1.3Title" class="menutitle">Tutorial</div>
<div id="menu_1.1.3" class="menuitemgroup">
<div class="menuitem">
<a href="../../../docs/1_2_x/tutorial/index.html">Introduction</a>
</div>
<div class="menuitem">
<a href="../../../docs/1_2_x/tutorial/understanding_lenya.html">1. Understanding Lenya</a>
</div>
<div class="menuitem">
<a href="../../../docs/1_2_x/tutorial/installing_lenya.html">2. Installing Lenya</a>
</div>
<div class="menuitem">
<a href="../../../docs/1_2_x/tutorial/anatomy_of_the_pipeline.html">3. Anatomy of the Pipeline</a>
</div>
<div class="menuitem">
<a href="../../../docs/1_2_x/tutorial/editing_in_lenya.html">4. Editing in Lenya</a>
</div>
<div class="menuitem">
<a href="../../../docs/1_2_x/tutorial/custom_navigation.html">5. Custom Navigation in Lenya</a>
</div>
<div class="menuitem">
<a href="../../../docs/1_2_x/tutorial/mod_proxy_and_lenya.html">6a. Mod Proxy and Lenya</a>
</div>
<div class="menuitem">
<a href="../../../docs/1_2_x/tutorial/mod_proxy_and_lenya_continued.html">6b. Mod Proxy and Lenya</a>
</div>
</div>
<div onclick="SwitchMenu('menu_selected_1.1.4', '../../../skin/')" id="menu_selected_1.1.4Title" class="menutitle" style="background-image: url('../../../skin/images/chapter_open.gif');">How-To</div>
<div id="menu_selected_1.1.4" class="selectedmenuitemgroup" style="display: block;">
<div class="menuitem">
<a href="../../../docs/1_2_x/how-to/faq.html">FAQ</a>
</div>
<div class="menuitem">
<a href="../../../docs/1_2_x/how-to/new_publication.html">New Publication</a>
</div>
<div class="menuitem">
<a href="../../../docs/1_2_x/how-to/deploy_publication.html">Deploy Publication</a>
</div>
<div class="menuitem">
<a href="../../../docs/1_2_x/how-to/look_and_feel.html">Look and Feel</a>
</div>
<div class="menuitem">
<a href="../../../docs/1_2_x/how-to/custom_resourcetype.html">Custom Resource Type</a>
</div>
<div class="menuitem">
<a href="../../../docs/1_2_x/how-to/new_mime_type.html">Adding Mime Types</a>
</div>
<div class="menuitem">
<a href="../../../docs/1_2_x/how-to/site_navigation.html">Site Navigation</a>
</div>
<div class="menupage">
<div class="menupagetitle">LDAP Authentication</div>
</div>
<div class="menuitem">
<a href="../../../docs/1_2_x/how-to/cms_menus.html">CMS Menus</a>
</div>
<div class="menuitem">
<a href="../../../docs/1_2_x/how-to/cms_screens.html">CMS Screens</a>
</div>
<div class="menuitem">
<a href="../../../docs/1_2_x/how-to/search.html">Search Publications</a>
</div>
<div class="menuitem">
<a href="../../../docs/1_2_x/how-to/external_data.html">External Data</a>
</div>
<div class="menuitem">
<a href="../../../docs/1_2_x/how-to/unittests.html">Unit Tests</a>
</div>
</div>
<div onclick="SwitchMenu('menu_1.1.5', '../../../skin/')" id="menu_1.1.5Title" class="menutitle">Components</div>
<div id="menu_1.1.5" class="menuitemgroup">
<div onclick="SwitchMenu('menu_1.1.5.1', '../../../skin/')" id="menu_1.1.5.1Title" class="menutitle">Access&nbsp;Control</div>
<div id="menu_1.1.5.1" class="menuitemgroup">
<div class="menuitem">
<a href="../../../docs/1_2_x/components/accesscontrol/terms.html">Basic Terms</a>
</div>
<div class="menuitem">
<a href="../../../docs/1_2_x/components/accesscontrol/accesscontrollers.html">Access&nbsp;Controllers</a>
</div>
<div class="menuitem">
<a href="../../../docs/1_2_x/components/accesscontrol/accesscontrollerresolvers.html">Access Controller Resolvers</a>
</div>
<div class="menuitem">
<a href="../../../docs/1_2_x/components/accesscontrol/authenticators.html">Authenticators</a>
</div>
<div class="menuitem">
<a href="../../../docs/1_2_x/components/accesscontrol/authorizers.html">Authorizers</a>
</div>
<div class="menuitem">
<a href="../../../docs/1_2_x/components/accesscontrol/policymanagers.html">Policies and Policy&nbsp;Managers</a>
</div>
<div class="menuitem">
<a href="../../../docs/1_2_x/components/accesscontrol/accreditablemanagers.html">Accreditable&nbsp;Managers</a>
</div>
<div class="menuitem">
<a href="../../../docs/1_2_x/components/accesscontrol/ssl.html">SSL Encryption</a>
</div>
</div>
<div onclick="SwitchMenu('menu_1.1.5.2', '../../../skin/')" id="menu_1.1.5.2Title" class="menutitle">Authoring</div>
<div id="menu_1.1.5.2" class="menuitemgroup">
<div class="menuitem">
<a href="../../../docs/1_2_x/components/authoring/adding-document-creator.html">Adding a new document creator</a>
</div>
<div class="menuitem">
<a href="../../../docs/1_2_x/components/authoring/image-upload.html">Image Upload</a>
</div>
<div class="menuitem">
<a href="../../../docs/1_2_x/components/authoring/openoffice.html">OpenOffice</a>
</div>
</div>
<div onclick="SwitchMenu('menu_1.1.5.3', '../../../skin/')" id="menu_1.1.5.3Title" class="menutitle">Deployment</div>
<div id="menu_1.1.5.3" class="menuitemgroup">
<div class="menuitem">
<a href="../../../docs/1_2_x/components/deployment/proxying.html">Proxying</a>
</div>
</div>
<div onclick="SwitchMenu('menu_1.1.5.4', '../../../skin/')" id="menu_1.1.5.4Title" class="menutitle">Editors</div>
<div id="menu_1.1.5.4" class="menuitemgroup">
<div class="menuitem">
<a href="../../../docs/1_2_x/components/editors/htmlform.html">HTML Form Editor</a>
</div>
<div class="menuitem">
<a href="../../../docs/1_2_x/components/editors/1form.html">HTML One Form Editor</a>
</div>
<div class="menuitem">
<a href="../../../docs/1_2_x/components/editors/bxe.html">Bitflux Editor</a>
</div>
<div class="menuitem">
<a href="../../../docs/1_2_x/components/editors/kupu.html">Kupu</a>
</div>
<div class="menuitem">
<a href="../../../docs/1_2_x/components/editors/xopus.html">Xopus</a>
</div>
</div>
<div onclick="SwitchMenu('menu_1.1.5.5', '../../../skin/')" id="menu_1.1.5.5Title" class="menutitle">Layout</div>
<div id="menu_1.1.5.5" class="menuitemgroup">
<div class="menuitem">
<a href="../../../docs/1_2_x/components/layout/navigation.html">Navigation</a>
</div>
<div class="menuitem">
<a href="../../../docs/1_2_x/components/layout/xhtml-templating.html">XHTML templating</a>
</div>
<div class="menuitem">
<a href="../../../docs/1_2_x/components/layout/static-resources.html">Serving static resources</a>
</div>
<div class="menuitem">
<a href="../../../docs/1_2_x/components/layout/lenya-menubar.html">Lenya Menubar</a>
</div>
</div>
<div onclick="SwitchMenu('menu_1.1.5.6', '../../../skin/')" id="menu_1.1.5.6Title" class="menutitle">Publication</div>
<div id="menu_1.1.5.6" class="menuitemgroup">
<div class="menuitem">
<a href="../../../docs/1_2_x/components/publication/pageenvelopemodule.html">PageEnvelopeModule</a>
</div>
<div class="menuitem">
<a href="../../../docs/1_2_x/components/publication/siteTree.html">Site tree</a>
</div>
</div>
<div onclick="SwitchMenu('menu_1.1.5.7', '../../../skin/')" id="menu_1.1.5.7Title" class="menutitle">Resource&nbsp;Types</div>
<div id="menu_1.1.5.7" class="menuitemgroup">
<div class="menuitem">
<a href="../../../docs/1_2_x/components/resource-types/resource-types.html">Resource&nbsp;Types</a>
</div>
</div>
<div onclick="SwitchMenu('menu_1.1.5.8', '../../../skin/')" id="menu_1.1.5.8Title" class="menutitle">Revision Control</div>
<div id="menu_1.1.5.8" class="menuitemgroup">
<div class="menuitem">
<a href="../../../docs/1_2_x/components/revisioncontrol/revisioncontroller.html">Revision Controller</a>
</div>
<div class="menuitem">
<a href="../../../docs/1_2_x/components/revisioncontrol/rcml.html">RCML</a>
</div>
<div class="menuitem">
<a href="../../../docs/1_2_x/components/revisioncontrol/checkin.html">Check In</a>
</div>
<div class="menuitem">
<a href="../../../docs/1_2_x/components/revisioncontrol/checkout.html">Check Out</a>
</div>
<div class="menuitem">
<a href="../../../docs/1_2_x/components/revisioncontrol/version.html">Revisions</a>
</div>
<div class="menuitem">
<a href="../../../docs/1_2_x/components/revisioncontrol/rollback.html">Rollback</a>
</div>
</div>
<div onclick="SwitchMenu('menu_1.1.5.9', '../../../skin/')" id="menu_1.1.5.9Title" class="menutitle">Repository</div>
<div id="menu_1.1.5.9" class="menuitemgroup">
<div class="menuitem">
<a href="../../../docs/1_2_x/components/repository/index.html">WebDAV Servers</a>
</div>
</div>
<div onclick="SwitchMenu('menu_1.1.5.10', '../../../skin/')" id="menu_1.1.5.10Title" class="menutitle">Search</div>
<div id="menu_1.1.5.10" class="menuitemgroup">
<div class="menuitem">
<a href="../../../docs/1_2_x/components/search/lucene.html">Searching with Lucene</a>
</div>
</div>
<div onclick="SwitchMenu('menu_1.1.5.11', '../../../skin/')" id="menu_1.1.5.11Title" class="menutitle">URI Handling</div>
<div id="menu_1.1.5.11" class="menuitemgroup">
<div class="menuitem">
<a href="../../../docs/1_2_x/components/uri-handling/URIParametrizer.html">URI Parametrizer</a>
</div>
<div class="menuitem">
<a href="../../../docs/1_2_x/components/uri-handling/standardURI.html">URI Scheme</a>
</div>
<div class="menuitem">
<a href="../../../docs/1_2_x/components/uri-handling/usecases.html">Usecases</a>
</div>
</div>
<div onclick="SwitchMenu('menu_1.1.5.12', '../../../skin/')" id="menu_1.1.5.12Title" class="menutitle">Asset Management</div>
<div id="menu_1.1.5.12" class="menuitemgroup">
<div class="menuitem">
<a href="../../../docs/1_2_x/components/asset-management/management.html">Asset Management</a>
</div>
</div>
<div onclick="SwitchMenu('menu_1.1.5.13', '../../../skin/')" id="menu_1.1.5.13Title" class="menutitle">Link Management</div>
<div id="menu_1.1.5.13" class="menuitemgroup">
<div class="menuitem">
<a href="../../../docs/1_2_x/components/link-management/link-management.html">Link Management</a>
</div>
</div>
<div onclick="SwitchMenu('menu_1.1.5.14', '../../../skin/')" id="menu_1.1.5.14Title" class="menutitle">Meta Data</div>
<div id="menu_1.1.5.14" class="menuitemgroup">
<div class="menuitem">
<a href="../../../docs/1_2_x/components/metadata/metadata.html">Meta Data Handling</a>
</div>
</div>
<div onclick="SwitchMenu('menu_1.1.5.15', '../../../skin/')" id="menu_1.1.5.15Title" class="menutitle">Multilingual Documents</div>
<div id="menu_1.1.5.15" class="menuitemgroup">
<div class="menuitem">
<a href="../../../docs/1_2_x/components/multilingual/multilingual.html">Multilingual Document Handling</a>
</div>
</div>
<div onclick="SwitchMenu('menu_1.1.5.16', '../../../skin/')" id="menu_1.1.5.16Title" class="menutitle">Tasks</div>
<div id="menu_1.1.5.16" class="menuitemgroup">
<div class="menuitem">
<a href="../../../docs/1_2_x/components/tasks/concept.html">The Task Concept</a>
</div>
<div class="menuitem">
<a href="../../../docs/1_2_x/components/tasks/defining.html">Defining Tasks</a>
</div>
<div class="menuitem">
<a href="../../../docs/1_2_x/components/tasks/taskaction.html">The TaskAction</a>
</div>
<div class="menuitem">
<a href="../../../docs/1_2_x/components/tasks/scheduling.html">Scheduling a Task</a>
</div>
<div onclick="SwitchMenu('menu_1.1.5.16.5', '../../../skin/')" id="menu_1.1.5.16.5Title" class="menutitle">Included tasks</div>
<div id="menu_1.1.5.16.5" class="menuitemgroup">
<div class="menuitem">
<a href="../../../docs/1_2_x/components/tasks/anttask.html">AntTask</a>
</div>
<div class="menuitem">
<a href="../../../docs/1_2_x/components/tasks/publisher.html">DefaultFilePublisher</a>
</div>
<div class="menuitem">
<a href="../../../docs/1_2_x/components/tasks/exporter.html">StaticHTMLExporter</a>
</div>
<div class="menuitem">
<a href="../../../docs/1_2_x/components/tasks/mailtask.html">MailTask</a>
</div>
</div>
<div class="menuitem">
<a href="../../../docs/1_2_x/components/tasks/development.html">Developing Tasks</a>
</div>
</div>
<div onclick="SwitchMenu('menu_1.1.5.17', '../../../skin/')" id="menu_1.1.5.17Title" class="menutitle">Workflow</div>
<div id="menu_1.1.5.17" class="menuitemgroup">
<div class="menuitem">
<a href="../../../docs/1_2_x/components/workflow/terms.html">Terms</a>
</div>
<div class="menuitem">
<a href="../../../docs/1_2_x/components/workflow/state-machine.html">The State Machine</a>
</div>
<div class="menuitem">
<a href="../../../docs/1_2_x/components/workflow/configuration.html">Configuration</a>
</div>
<div class="menuitem">
<a href="../../../docs/1_2_x/components/workflow/implementation.html">Implementation</a>
</div>
</div>
<div onclick="SwitchMenu('menu_1.1.5.18', '../../../skin/')" id="menu_1.1.5.18Title" class="menutitle">Site Management</div>
<div id="menu_1.1.5.18" class="menuitemgroup">
<div class="menuitem">
<a href="../../../docs/1_2_x/components/sitemanagement/archive.html">Archive</a>
</div>
<div class="menuitem">
<a href="../../../docs/1_2_x/components/sitemanagement/copy.html">Copy</a>
</div>
<div class="menuitem">
<a href="../../../docs/1_2_x/components/sitemanagement/deactivate.html">Deactivate</a>
</div>
<div class="menuitem">
<a href="../../../docs/1_2_x/components/sitemanagement/delete.html">Delete</a>
</div>
<div class="menuitem">
<a href="../../../docs/1_2_x/components/sitemanagement/deletetrash.html">Delete the trash</a>
</div>
<div class="menuitem">
<a href="../../../docs/1_2_x/components/sitemanagement/move.html">Move</a>
</div>
<div class="menuitem">
<a href="../../../docs/1_2_x/components/sitemanagement/moveupdown.html">Move Up/Down</a>
</div>
<div class="menuitem">
<a href="../../../docs/1_2_x/components/sitemanagement/rename.html">Rename</a>
</div>
<div class="menuitem">
<a href="../../../docs/1_2_x/components/sitemanagement/restore.html">Restore</a>
</div>
</div>
</div>
<div onclick="SwitchMenu('menu_1.1.6', '../../../skin/')" id="menu_1.1.6Title" class="menutitle">Miscellaneous</div>
<div id="menu_1.1.6" class="menuitemgroup">
<div class="menuitem">
<a href="../../../docs/1_2_x/misc/namespaces.html">Namespaces</a>
</div>
<div class="menuitem">
<a href="../../../docs/1_2_x/misc/reserved_names.html">Reserved Names</a>
</div>
<div class="menuitem">
<a href="../../../docs/1_2_x/misc/xinclude-processor.html">XInclude Processor</a>
</div>
</div>
<div class="menuitem">
<a href="../../../apidocs/1.2/index.html">1.2 API (Javadoc)</a>
</div>
</div>
<div id="credit"></div>
<div id="roundbottom">
<img style="display: none" class="corner" height="15" width="15" alt="" src="../../../skin/images/rc-b-l-15-1body-2menu-3menu.png"></div>
<!--+
|alternative credits
+-->
<div id="credit2">
<a href="http://wiki.apache.org/lenya/MeetingFreiburg2008"><img border="0" title="Meeting Freiburg 2008" alt="Meeting Freiburg 2008 - logo" src="../../../images/apache-lenya-meeting-freiburg-2008.png" style="width: 160px;height: 40px;"></a>
</div>
</div>
<!--+
|end Menu
+-->
<!--+
|start content
+-->
<div id="content">
<div title="Portable Document Format" class="pdflink">
<a class="dida" href="ldap_authentication.pdf"><img alt="PDF -icon" src="../../../skin/images/pdfdoc.gif" class="skin"><br>
PDF</a>
</div>
<h1>LDAP Authentication How-To</h1>
<div id="front-matter">
<div id="minitoc-area">
<ul class="minitoc">
<li>
<a href="#Configuring+and+activating+LDAP+in+Lenya">Configuring and activating LDAP in Lenya</a>
</li>
<li>
<a href="#Allowing+LDAP+users+to+work%0Awith+Lenya">Allowing LDAP users to work
with Lenya</a>
</li>
<li>
<a href="#Going+further+with+LDAP">Going further with LDAP</a>
</li>
<li>
<a href="#Encrypted+LDAP">Encrypted LDAP</a>
</li>
<li>
<a href="#Notes">Notes</a>
</li>
<li>
<a href="#An+example+publication+using+LDAP+Authentication%3A+the+University+of+Zurich+Lenya+Publication">An example publication using LDAP Authentication: the University of Zurich Lenya Publication</a>
</li>
</ul>
</div>
</div>
<p>Lenya supports LDAP authentication out-of-the-box, and was tested with
OpenLDAP and MS Active Directory servers.</p>
<p>Authentication means that password checking is handled through LDAP, so
that the user does not need a Lenya-specific password. Note that only the
authentication is done through LDAP; the Lenya administrator still has to tell
Lenya which LDAP users to allow and to assign Lenya roles to these users. LDAP
setup is handled in Lenya configuration files; adding users and assigning them roles
is handled within the Lenya Admin GUI. </p>
<a name="N10014"></a><a name="Configuring+and+activating+LDAP+in+Lenya"></a>
<h2 class="h3">Configuring and activating LDAP in Lenya</h2>
<div class="section">
<ol>
<li>
<p>Go to the directory <em>lenya/pubs/&lt;your-publication-name&gt;/config/ac</em>
</p>
</li>
<li>
<p>Edit the file <em>ac.xconf</em> and uncomment the line regarding "LDAP support" </p>
</li>
<li>
<p>Go to the subdirectory <em>passwd</em> and copy the file <em>lenya/pubs/&lt;your-publication-name&gt;/config/ac/passwd/ldap.properties.sample</em> to the file <em>ldap.properties</em> in this directory. </p>
</li>
<li>
<p>Edit the file <em>ldap.properties</em> with your settings (the sample file contains explanations for the entries) </p>
</li>
<li>
<p>Restart your servlet container, so that the changes take effect </p>
</li>
<li>
<p>Login as administrator. In the user's section, you can now add LDAP users: enter the LDAP id, and provide a Lenya id (which may be the same as the LDAP id). Now add group memberships for this id. </p>
</li>
<li>
<p>You should now be able to login with this LDAP user and password. </p>
</li>
</ol>
</div>
<a name="N10052"></a><a name="Allowing+LDAP+users+to+work%0Awith+Lenya"></a>
<h2 class="h3">Allowing LDAP users to work
with Lenya</h2>
<div class="section">
<p>Once you have everything configured OK, you can tell Lenya to allow certain LDAP users. It is important to understand that, just because a user exists in LDAP, does not mean she has access to Lenya. The user needs to be explicitly added in Lenya, along with the group memberships. However, the authentication itself (password handling) is then completely handled through LDAP. </p>
<ol>
<li>
<p>In the administration GUI, add the "LDAP user" in order to make this user known to Lenya. You can use the same id for Lenya as the existing LDAP id. </p>
</li>
<li>
<p>Click on the user and add group settings - if user belongs to no groups at all, she will not be able to login </p>
</li>
<li>
<p>Logout and login with the newly created id. </p>
</li>
</ol>
</div>
<a name="N1006E"></a><a name="Going+further+with+LDAP"></a>
<h2 class="h3">Going further with LDAP</h2>
<div class="section">
<p>The LDAP implementation in Lenya is based on the premise that you have an
existing LDAP directory containing users and passwords, but you do not want to (or are
not allowed to) add anything particular to Lenya within this LDAP directory,
such as Lenya roles.</p>
<p>As a consequence, the Lenya specific user information is <em>not</em>
stored in LDAP, but instead with the same mechanism as non-LDAP users. What Lenya does
do for you is delegate authorization (the checking of the user's password in
LDAP), meaning that the user does not require an additional "Lenya password".</p>
<p> This implementation of LDAP authentication in Lenya works can be
replaced by a tighter integration of LDAP, which would possibly provide these advantages:
</p>
<ul>
<li>Maintenance of roles, groups in LDAP as well.
</li>
<li>Remove the need to separately enable each LDAP user in Lenya.
</li>
</ul>
<p>
There is a <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=34737">patch (nb
34737)</a> which replaces Lenya's default LDAP handling and fully integrates
Lenya with an LDAP where users are stored according to the Posix scheme.
</p>
</div>
<a name="N10092"></a><a name="Encrypted+LDAP"></a>
<h2 class="h3">Encrypted LDAP</h2>
<div class="section">
<ul>
<li>
<p> in the file <em>ldap.properties</em>, set <em>security-protocol</em> to the value <em>ssl</em> and set <em>key-store</em> to the name of your keystore file </p>
</li>
<li>
<p> add the LDAP server certificate file to the local keystore using this command: </p>
</li>
</ul>
<pre class="code">
keytool -import -keystore .keystore -file &lt;ca_cert_file&gt; -alias &lt;yourdomain.com&gt;
</pre>
</div>
<a name="N100B5"></a><a name="Notes"></a>
<h2 class="h3">Notes</h2>
<div class="section">
<ul>
<li>
<p> If you modify <em>ldap.properties</em>, it may be necessary to restart your servlet container or at least to reload your webapp in order for the changes to take effect. </p>
</li>
</ul>
</div>
<a name="N100C6"></a><a name="An+example+publication+using+LDAP+Authentication%3A+the+University+of+Zurich+Lenya+Publication"></a>
<h2 class="h3">An example publication using LDAP Authentication: the University of Zurich Lenya Publication</h2>
<div class="section">
<p>The "University of Zurich Publication" is an example of a publication which uses LDAP authentication. You may wish to install and configure it to authenticate against your LDAP server: this way, you can check whether LDAP authentication is working, before proceeding to activate it in another application. </p>
<p>Note: this HOW-TO was tested using the "University of Zurich Publication" state on May 26th, 2004. If another version is incompatible with your Lenya installation, don't despair, you will still be able to use the LDAP relevant stuff. </p>
<ol>
<li>
<p>Retrieve the University of Zurich Lenya publications (unitemplate, unizh) described on <a href="http://wyona.org/">http://wyona.org/</a>
</p>
</li>
<li>
<p>Go to the <em>unitemplate/config/ac/passwd</em> directory and edit <em>ldap.properties</em> as described above </p>
</li>
<li>
<p>if secure LDAP is required, add the server certificate to the keystore as described above </p>
</li>
<li>
<p>Deploy the publications (see <a href="../../../docs/1_2_x/how-to/deploy_publication.html">?</a>Deploy Publication How-To) </p>
</li>
<li>
<p>In your browser, refresh your Lenya start page. You should now see, on the left hand side, a link to the "Unitemplate" publication. Login as lenya / levi user and go the Admin area to add a user. </p>
</li>
<li>
<p>Click on "Add University User" (this means LDAP user). In the field "UniAccessID", use the LDAP userid. In the field "CMS User", use the id with which you
want to user to log in to Lenya. This may be the same id as for LDAP. </p>
</li>
<li>
<p>Add the desired groups for this user and log out of Lenya. </p>
</li>
<li>
<p>You should now be able to login to Lenya using this new user and his/her LDAP password. </p>
</li>
</ol>
</div>
</div>
<!--+
|end content
+-->
<div class="clearboth">&nbsp;</div>
</div>
<div id="footer">
<!--+
|start bottomstrip
+-->
<div class="lastmodified">
<script type="text/javascript"><!--
document.write("Last Published: " + document.lastModified);
// --></script>
</div>
<div class="copyright">
Copyright &copy;
2002-2007 <a href="http://www.apache.org/licenses/LICENSE-2.0">The Apache Software Foundation.</a>
</div>
<div id="feedback">
Send feedback about the website to:
<a id="feedbackto" href="mailto:dev@lenya.apache.org?subject=Feedback%C2%A0for%C2%A0docs/1_2_x/how-to/ldap_authentication.html">dev@lenya.apache.org</a>
</div>
<!--+
|end bottomstrip
+-->
</div>
</body>
</html>