LDAP User Access: Difference between revisions
(Created page with 'The is an authentication mechanism which authenticates users against an openLDAP server This user access mechansim is implemented by the [[Class: I2CE_UserAccess_LDAP | I2CE_U…') |
|||
| Line 31: | Line 31: | ||
==LDAP Directory Structure== | ==LDAP Directory Structure== | ||
===Example Entries=== | |||
A user could be represented as: | |||
<source lang='text'> | |||
dn: uid=litlfred, ou=People, dc=moh,dc=example,dc=gov | |||
sn: Leitner | |||
givenName: Carl | |||
cn: Carl Leitner | |||
userPassword: blahblah | |||
email: cleitner@intrahealth.org | |||
locale: en_US | |||
</source> | |||
User roles be unique on the pair (username, software-component) | |||
and there may be software component specific information to share, | |||
<source lang='text'> | |||
dn: uid=litlfred, app=ihris-manage, ou=Application, dc=moh,dc=example,dc=gov | |||
dc=example,dc=com | |||
role: hr_staff | |||
id: 25 | |||
dn: uid=litlfred, app=ihris-qualify, ou=Application, dc=moh,dc=example,dc=gov | |||
dc=example,dc=com | |||
role: admin | |||
id: 25 | |||
dn: uid=litlfred, app=dhis2, ou=Application, dc=moh,dc=example,dc=gov | |||
role: guest | |||
id: 42 | |||
phone: 919-555-1212 | |||
<source lang='text'> | |||
==openLDAP Server Configuration== | ==openLDAP Server Configuration== | ||
This describes how to set up openLDAP for use with openMRS, DHIS and iHRIS on an ubuntu machine. First, see [https://help.ubuntu.com/8.04/serverguide/C/openldap-server.html this] tutorial. | This describes how to set up openLDAP for use with openMRS, DHIS and iHRIS on an ubuntu machine. First, see [https://help.ubuntu.com/8.04/serverguide/C/openldap-server.html this] tutorial. | ||
Revision as of 12:12, 19 November 2009
The is an authentication mechanism which authenticates users against an openLDAP server
This user access mechansim is implemented by the I2CE_UserAccess_LDAP class.
Configuration
To use the default user authentication, you need to enable the module and set an initialization string.
Enabling the Module
To enable, just make sure you have: <source lang='xml'>
<requirement name='UserAccess_LDAP'> <atLeast version='4.0'/> <lessThan version='4.1'/> </requirement>
</source>
Initialization String
The initialization string is sent to I2CE::initialize() in the index.php as the fourth argument, $user_access_init. This string must be prefixed with the 'LDAP://. What follows take any of the following formats:
- null: The is the default value and means that we use the default DN (distinguished name) for querying and authenticating users
- a JSON encoded string: The data to is a JSON enocode string of optional configuration value for the user access. The JSON encoded data has the following keys:
- dn: The DN used to query users against.
- application: The application name used to check for user roles in. If not set, it will use the site module's name
- People: The qualifier to query people against. Defaults to 'ou=People'.
- Roles: The qualifier to query user roles against. Defaults to 'ou=Application'.
For example:
LDAP://{'dn':'dc=moh,dc=example,dc=gov'}
would be a minimal initialization string needed to authenticate against.
LDAP Directory Structure
Example Entries
A user could be represented as: <source lang='text'>
dn: uid=litlfred, ou=People, dc=moh,dc=example,dc=gov sn: Leitner givenName: Carl cn: Carl Leitner userPassword: blahblah email: cleitner@intrahealth.org locale: en_US
</source>
User roles be unique on the pair (username, software-component)
and there may be software component specific information to share,
<source lang='text'>
dn: uid=litlfred, app=ihris-manage, ou=Application, dc=moh,dc=example,dc=gov dc=example,dc=com role: hr_staff id: 25
dn: uid=litlfred, app=ihris-qualify, ou=Application, dc=moh,dc=example,dc=gov dc=example,dc=com role: admin id: 25
dn: uid=litlfred, app=dhis2, ou=Application, dc=moh,dc=example,dc=gov role: guest id: 42 phone: 919-555-1212
<source lang='text'>
openLDAP Server Configuration
This describes how to set up openLDAP for use with openMRS, DHIS and iHRIS on an ubuntu machine. First, see this tutorial.
