[ckan-dev] CKAN - LDAP intergration
Alice Heaton
a.heaton at nhm.ac.uk
Tue Sep 30 13:37:43 UTC 2014
Hello,
We have developed, and are using:
https://github.com/NaturalHistoryMuseum/ckanext-ldap
The available options are well documented. Ldap is always tricky to
configure - but that depends on your system, not on the plugin.
To configure LDAP, you will need to ask the ldap server administrator
for the following:
- Your Ldap server address/name (eg. ldap.example.com) ;
- The 'base domain name' under which users are in the Ldap directory. If
using Active Directory, this would look something like
'ou=USERS,dc=example,dc=com' where example.com is your domain name, and
USERS the group under which your users stored;
- What identifier to use to perform the search. Again, for Active
Directory you might want to use 'sAMAccountName';
- The Ldap fields that should map the CKAN username and email address
(eg. sAMAccountName and mail)
In addition if your server requires authentication for performing
queries, you will need to know:
- The 'base domain name' of the user used for authentication (eg.
'CN=ldapuser,OU=Service Accounts,OU=ADMINS,DC=example,DC=com')
- The password!
So given these, a typical configuration for an Active Directory LDAP
server would be:
ckan.plugins = .... ldap ......
ldap.uri = ldap://ldap.example.com
ldap.auth.dn = CN=ldapuser,OU=Service Accounts,OU=ADMINS,DC=example,DC=com
ldap.auth.password = supersecretpasswordhahaha
ldap.base_dn = OU=USERS,DC=example,DC=com
ldap.search_filter = sAMAccountName={login}
ldap.username = sAMAccountName
ldap.email = mail
The ldap plugin has many more options - it can use both ldap and ckan
authentication at the same time, it can be configured to use both short
and long user name when login to active directory, it can add users to
an organization automatically, etc.
I didn't know of the whythawk one (Looks like we developed them pretty
much at the same time, so we wouldn't have found each other!)
I will contact them to suggest we merge the two projects.
Best,
Alice
On 30/09/14 13:35, Divilly, David wrote:
>
> Hi All
>
> Has anyone on this list successfully integrated CKAN with their
> corporate LDAP?
>
> Were the extensions available on GitHub used:
>
> Eg. https://github.com/whythawk/ckanext-ldap
>
> And if so could anyone provide and example config used. Many thanks
> for your response.
>
> Regards,
>
> David Divilly
>
>
>
> _______________________________________________
> ckan-dev mailing list
> ckan-dev at lists.okfn.org
> https://lists.okfn.org/mailman/listinfo/ckan-dev
> Unsubscribe: https://lists.okfn.org/mailman/options/ckan-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.okfn.org/pipermail/ckan-dev/attachments/20140930/802494f0/attachment-0003.html>
More information about the ckan-dev
mailing list