THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
Activating Apache Directory Server
Install LDAP and Test
Now that you have Roller installed and working, configure it to authenticate against LDAP instead of the "rollerdb" database.
(The instructions below do not provide a full tutorial on how to configure ApacheDS, refer to its documentation for more comprehensive information.) There are several ways to install and start Apache DS, depending on the operating system you're using. Ubuntu proved unusually clumsy, the Debian packages would not work for me so I used the standard .tar.gz download instead. Then I needed to make the following changes to activate ApacheDS:
- Define a system environment variable $ADS_HOME pointing to my ADS install directory (used by apacheds.sh).
- Edit the apacheds.sh script, replacing the $RUN_JAVA and associated quotes around it with the path to your java.exe: eval /path/to/jdk/bin/java $JAVA_OPTS $ADS_CONTROLS...
- From the ApacheDS home folder, run "sudo bash bin/apacheds.sh default start" (note necessary use of "bash" for Ubuntu) from the command prompt. Then run the command again, if you get a complaint that it's already running you're in good shape, further confirmation can be had in checking the instances/default/log/apacheds.out file, you should see the ApacheDS ASCII art indicating a successful activation.
- Next, install and activate Apache Directory Studio. We'll be importing an LDIF file containing an "admin" user with password "adminldap"
- Stop Tomcat.
- Install Apache Directory Server and start it as root by running "sudo /usr/local/apacheds" (on OS X).
- Install Apache Directory Studio and launch the application.
- Create a new LDAP Connection with the following settings:
- Connection Name: Local ApacheDS
- Hostname: localhost
- Port: 10389
- Encryption: No Encryption
- (Click Next)
- Bind DN or user: uid=admin,ou=system
- Bind password: secret
- (Click Finish)
- Download roller.ldif to your Desktop. This file contains an admin account "rolleradmin" account (with password "adminldap", which you're welcome to change) as well as Groups and People organizational units.
- In Apache Directory Studio, right click on dc=example,dc=com and select Import > LDIF Import...
- Select roller.ldif for the LDIF file and click Finish. You may get an error during the import, but it should add entries successfully.
Shut down the servlet container running Roller. Modify your roller-custom.properties file (in Tomcat, normally located in $CATALINA_HOME/lib/roller-custom.properties so it has a single entry:), adding this entry:
Code Block users.sso.enabled=true
Install LDAP and Test
Now that you have Roller installed and working, configure it to authenticate against LDAP instead of the "rollerdb" database.
Code Block users.sso.enabled=true
- Open $CATALINA_HOME/webapps/roller/WEB-INF/security.xml in your favorite XML editor. Look for "LDAP/SSO" and uncomment the bean definitions to enable LDAP. In the "authenticationManager" bean, comment out "daoAuthenticationProvider" and enable "ldapAuthProvider". Commenting out "daoAuthenticationProvider" is not necessary, but it allows you to verify you're only authenticating against LDAP. Use the following values for the values in the "initialDirContextFactory" bean.
- LDAP_URL = ldap://localhost:10389/dc=example,dc=com
- LDAP_USERNAME = uid=admin,ou=system
- LDAP_PASSWORD = secret
- While you're editing security.xml, change the "rollerlovesacegi" value to something unique to your server. Any XML-friendly characters will work. The more cryptic the better.
- Start Tomcat and login to your blog with admin/adminldap (the password here defined in the roller.ldif file downloaded).
...
- .
...