[ckan-dev] CKAN - LDAP intergration

• Previous message: [ckan-dev] CKAN - LDAP intergration
• Next message: [ckan-dev] CKAN - LDAP intergration
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello,

We have developed, and are using:

https://github.com/NaturalHistoryMuseum/ckanext-ldap

The available options are well documented. Ldap is always tricky to 
configure - but that depends on your system, not on the plugin.

To configure LDAP, you will need to ask the ldap server administrator 
for the following:

- Your Ldap server address/name (eg. ldap.example.com) ;
- The 'base domain name' under which users are in the Ldap directory. If 
using Active Directory, this would look something like 
'ou=USERS,dc=example,dc=com' where example.com is your domain name, and 
USERS the group under which your users stored;
- What identifier to use to perform the search. Again, for Active 
Directory you might want to use 'sAMAccountName';
- The Ldap fields that should map the CKAN username and email address 
(eg. sAMAccountName and mail)

In addition if your server requires authentication for performing 
queries, you will need to know:
- The 'base domain name' of the user used for authentication (eg. 
'CN=ldapuser,OU=Service Accounts,OU=ADMINS,DC=example,DC=com')
- The password!

So given these, a typical configuration for an Active Directory LDAP 
server would be:

ckan.plugins = .... ldap ......

ldap.uri = ldap://ldap.example.com
ldap.auth.dn = CN=ldapuser,OU=Service Accounts,OU=ADMINS,DC=example,DC=com
ldap.auth.password = supersecretpasswordhahaha
ldap.base_dn = OU=USERS,DC=example,DC=com
ldap.search_filter = sAMAccountName={login}
ldap.username = sAMAccountName
ldap.email = mail

The ldap plugin has many more options - it can use both ldap and ckan 
authentication at the same time, it can be configured to use both short 
and long user name when login to active directory, it can add users to 
an organization automatically, etc.

I didn't know of the whythawk one (Looks like we developed them pretty 
much at the same time, so we wouldn't have found each other!)
  I will contact them to suggest we merge the two projects.

Best,
Alice

On 30/09/14 13:35, Divilly, David wrote:
>
> Hi All
>
> Has anyone on this list successfully integrated CKAN with their 
> corporate LDAP?
>
> Were the extensions available on GitHub used:
>
> Eg. https://github.com/whythawk/ckanext-ldap
>
> And if so could anyone provide and example config  used.  Many thanks 
> for your response.
>
> Regards,
>
> David Divilly
>
>
>
> _______________________________________________
> ckan-dev mailing list
> ckan-dev at lists.okfn.org
> https://lists.okfn.org/mailman/listinfo/ckan-dev
> Unsubscribe: https://lists.okfn.org/mailman/options/ckan-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.okfn.org/pipermail/ckan-dev/attachments/20140930/802494f0/attachment-0003.html>

• Previous message: [ckan-dev] CKAN - LDAP intergration
• Next message: [ckan-dev] CKAN - LDAP intergration
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]