LDAP User Access: Difference between revisions
Line 33: | Line 33: | ||
===Example Entries=== | ===Example Entries=== | ||
A user could be represented as: | A user could be represented as: | ||
dn: uid=litlfred, ou=People, dc=moh,dc=example,dc=gov | dn: uid=litlfred, ou=People, dc=moh,dc=example,dc=gov | ||
sn: Leitner | sn: Leitner | ||
Line 41: | Line 41: | ||
email: cleitner@intrahealth.org | email: cleitner@intrahealth.org | ||
locale: en_US | locale: en_US | ||
User roles be unique on the pair (username, software-component) | User roles be unique on the pair (username, software-component) | ||
and there may be software component specific information to share, | and there may be software component specific information to share, | ||
dn: uid=litlfred, app=ihris-manage, ou=Application, dc=moh,dc=example,dc=gov | dn: uid=litlfred, app=ihris-manage, ou=Application, dc=moh,dc=example,dc=gov | ||
role: hr_staff | role: hr_staff | ||
id: 25 | id: 25 | ||
dn: uid=litlfred, app=ihris-qualify, ou=Application, dc=moh,dc=example,dc=gov | dn: uid=litlfred, app=ihris-qualify, ou=Application, dc=moh,dc=example,dc=gov | ||
role: admin | role: admin | ||
id: 25 | id: 25 | ||
dn: uid=litlfred, app=dhis2, ou=Application, dc=moh,dc=example,dc=gov | dn: uid=litlfred, app=dhis2, ou=Application, dc=moh,dc=example,dc=gov | ||
role: guest | role: guest | ||
id: 42 | id: 42 | ||
phone: 919-555-1212 | phone: 919-555-1212 | ||
==openLDAP Server Configuration== | ==openLDAP Server Configuration== | ||
This describes how to set up openLDAP for use with openMRS, DHIS and iHRIS on an ubuntu machine. First, see [https://help.ubuntu.com/8.04/serverguide/C/openldap-server.html this] tutorial. | This describes how to set up openLDAP for use with openMRS, DHIS and iHRIS on an ubuntu machine. First, see [https://help.ubuntu.com/8.04/serverguide/C/openldap-server.html this] tutorial. |
Revision as of 12:13, 19 November 2009
The is an authentication mechanism which authenticates users against an openLDAP server
This user access mechansim is implemented by the I2CE_UserAccess_LDAP class.
Configuration
To use the default user authentication, you need to enable the module and set an initialization string.
Enabling the Module
To enable, just make sure you have: <source lang='xml'>
<requirement name='UserAccess_LDAP'> <atLeast version='4.0'/> <lessThan version='4.1'/> </requirement>
</source>
Initialization String
The initialization string is sent to I2CE::initialize() in the index.php as the fourth argument, $user_access_init. This string must be prefixed with the 'LDAP://. What follows take any of the following formats:
- null: The is the default value and means that we use the default DN (distinguished name) for querying and authenticating users
- a JSON encoded string: The data to is a JSON enocode string of optional configuration value for the user access. The JSON encoded data has the following keys:
- dn: The DN used to query users against.
- application: The application name used to check for user roles in. If not set, it will use the site module's name
- People: The qualifier to query people against. Defaults to 'ou=People'.
- Roles: The qualifier to query user roles against. Defaults to 'ou=Application'.
For example:
LDAP://{'dn':'dc=moh,dc=example,dc=gov'}
would be a minimal initialization string needed to authenticate against.
LDAP Directory Structure
Example Entries
A user could be represented as:
dn: uid=litlfred, ou=People, dc=moh,dc=example,dc=gov sn: Leitner givenName: Carl cn: Carl Leitner userPassword: blahblah email: cleitner@intrahealth.org locale: en_US
User roles be unique on the pair (username, software-component) and there may be software component specific information to share,
dn: uid=litlfred, app=ihris-manage, ou=Application, dc=moh,dc=example,dc=gov role: hr_staff id: 25 dn: uid=litlfred, app=ihris-qualify, ou=Application, dc=moh,dc=example,dc=gov role: admin id: 25 dn: uid=litlfred, app=dhis2, ou=Application, dc=moh,dc=example,dc=gov role: guest id: 42 phone: 919-555-1212
openLDAP Server Configuration
This describes how to set up openLDAP for use with openMRS, DHIS and iHRIS on an ubuntu machine. First, see this tutorial.