You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 15 Next »

This page is designed to show how to integrate Roller 5.1 with LDAP (Apache DS). The below instructions have been tested on Ubuntu, Tomcat 7.x and JDK 7 with the following Apache DS releases:

Install Roller and Test

If you're new to installing Roller, it's best to first install using normal username/password security following the Roller Install Guide available from the Roller home page.  This will make sure that your JDK, database, mail server, etc., are all properly configured and running, providing a good foundation prior to bringing in LDAP authentication.  After confirming you can create a user, a blog for that user, and a blog entry, proceed onward for linking in LDAP.

Activating Apache Directory Server

Install LDAP and Test

Now that you have Roller installed and working, configure it to authenticate against LDAP instead of the "rollerdb" database.

  1. Stop Tomcat.
  2. Install Apache Directory Server and start it as root by running "sudo /usr/local/apacheds" (on OS X).
  3. Install Apache Directory Studio and launch the application.
  4. Create a new LDAP Connection with the following settings:
    • Connection Name: Local ApacheDS
    • Hostname: localhost
    • Port: 10389
    • Encryption: No Encryption
    • (Click Next)
    • Bind DN or user: uid=admin,ou=system
    • Bind password: secret
    • (Click Finish)
  5. Download roller.ldif to your Desktop. This file contains an admin account as well as Groups and People organizational units.
  6. In Apache Directory Studio, right click on dc=example,dc=com and select Import > LDIF Import...
  7. Select roller.ldif for the LDIF file and click Finish. You may get an error during the import, but it should add entries successfully.

  8. Modify $CATALINA_HOME/lib/roller-custom.properties so it has a single entry:

    users.sso.enabled=true
  9. Open $CATALINA_HOME/webapps/roller/WEB-INF/security.xml in your favorite XML editor. Look for "LDAP/SSO" and uncomment the bean definitions to enable LDAP. In the "authenticationManager" bean, comment out "daoAuthenticationProvider" and enable "ldapAuthProvider". Commenting out "daoAuthenticationProvider" is not necessary, but it allows you to verify you're only authenticating against LDAP. Use the following values for the values in the "initialDirContextFactory" bean.
    • LDAP_URL = ldap://localhost:10389/dc=example,dc=com
    • LDAP_USERNAME = uid=admin,ou=system
    • LDAP_PASSWORD = secret
  10. While you're editing security.xml, change the "rollerlovesacegi" value to something unique to your server. Any XML-friendly characters will work. The more cryptic the better.
  11. Start Tomcat and login to your blog with admin/adminldap (the password here defined in the roller.ldif file downloaded).

These instructions have been tested and verified against OpenDS as well. The main differences are the LDAP settings. The default settings for OpenDS are:

  • LDAP_URL = ldap://localhost:1389/dc=example,dc=com
  • LDAP_USERNAME = cn=Directory Manager
  • LDAP_PASSWORD = password

 

  • No labels