edsysad.org

It turns out that getting the LDAP authentication working with Elgg was very easy.

All you need to do is look in the “home/auth/ldap” folder, where you will find “lib.php”. This file gives you basic directions on setting up LDAP authentication. I followed the following steps:

1. Copy lines 18-43 of “home/auth/ldap/lib.php” and paste them below line 10 in “home/config.php”.
2. Next you need to clean up the code by removing all of the asterisks. There are also several places where semicolons are missing, so put them at the end of line where they are missing. When your done it should look something like this:
   

   // Authentication set to LDAP
   $CFG->auth = ‘ldap’;

   // LDAP Authentication parameters
   // LDAP host
   $CFG->ldap_host = ‘your.domain.com’;
   // LDAP port
   $CFG->ldap_port = 389;
   // Base DN - can be string or array of string for multiple DNs
   $CFG->ldap_basedn = ‘cn=users,dc=your,dc=domain,dc=com’;
   // Protocol version
   $CFG->ldap_protocol_version = ‘3′;
   // Filter for username, common are cn, uid or sAMAccountName
   $CFG->ldap_filter_attr = ‘uid’;
   // Search attibutes: associative array with the key being the attribute
   // description, and the value being the actual LDAP attribute. firstname
   //lastname and mail are used to create the elgg user profile. The
   //example below works for ActiveDirectory.
   $CFG->ldap_search_attr = array(’firstname’ => ‘givenName’,
   ‘lastname’ => ’sn’,
   ‘mail’ => ‘mail’);
   // Create user, relies on the givenname, sn, and email attributes for now
   $CFG->ldap_user_create = true;
   // Fallback option, try internal authentication if everything fails
   $CFG->ldap_internal_fallback = true;

3. Use your domain information instead of “your.domain.com” and make appropriate adjustments to “$CFG->ldap_search_attr” if you are using non-standard LDAP attributes.
4. Als0, you will need to use a couple of additional lines of code if you require a password to bind to your directory. These are found in the “home/auth/ldap/lib.php” file.
5. It should now work!

Now the only thing that is bugging me is that default name is your surname. But that should be easy enough to fix. This was done on a xServe G4 running OS X Server 10.4.9, running entrophy php 5.2.4.

It has been a long while since I’ve updated this blog. Life has a way of getting ahead of you.

I’m almost done with the implementation phase of my master’s program and look forward to getting back to some of the newer things I’ve been toying with at school.

I’d like to get a program start which takes advantage of Elgg to create a school social networking/blog/portfolio system. It was incredible simple to get the installation running and the portfolio piece (by Nathan Garrett) installed. Also, it looks as though the LDAP authentication piece should be easy to implement.

My only real complaint is that standard registration requires an email address. Unfortunately, there are just to many institutions, at the K-12 level, who are worried about students accessing email. It would be nice if the LDAP authentication removed the need for an email.

I’ll be sharing my discovers about Elgg as the project develops.

On the 4th of December, I went to Phoenix to attend a half-day seminar on the new client and server software from Apple. I wasn’t that amazed with the client (although it is pretty nice), just a lot of 3rd party ideas that are now part of the base OS. However, the server piece has amazing potential.

Apple was managed to stupid-proof a convergence of wiki, blog, and  web-based calendar. While none of these services are new,  the manner in which they are pulled together and centrally controlled by OS X Server will open these tools up to a wider audience.

If you haven’t checked it out yet, it is worth a look.