Beaudet, David P. wrote:
>
>
> Is there a cheat sheet somewhere for configuring
Bricolage for
> single-sign-on, preferably with Active Directory?
Although with the
> mod_auth modules, I don't think it matters much whether
it's AD or an
> open solution...
>
>
>
> If not, is someone able to redact the specifics from
their configuration
> file and distribute to help jump start those who would
like to configure
> Bric for single-sign-on?
Here are our relevant bricolage.conf settings for OpenLDAP:
AUTH_ENGINES = Internal LDAP
LDAP_SERVER = ldap.adams.edu
LDAP_VERSION = 3
LDAP_USER = 0
LDAP_PASS = 0
LDAP_BASE = ou=accounts,dc=adams,dc=edu
LDAP_UID_ATTR = uid
LDAP_TLS = Yes
To use LDAP with Active Directory (a nasty beast) you will
have to
enable LDAP queries on the AD server and supply an AD
account name and
password for the USER and PASS fields above. Any AD account
should do,
it does not need the administrator account. The LDAP_BASE
will be
different (varies based on the AD setup) and the UID
attribute is "cn".
You may run into trouble with trusting a self signed AD
SSL
certificate, I believe the following in /etc/ldap/ldap.conf
will fix that:
TLS_REQCERT allow
- cameron
|