edsysad.org

I’ve finally had a chance to play with the new version of Elgg. The first order of business was to getting LDAP working for authentication and account creation. While the interface was quite a bit different, the setup was very similar to the previous version. As an added bonus the configuration is done through the web interface without needing to edit configuration files.

Things you need:

• Running Elgg Installation
• Running LDAP Server with user information
• LDAP Browser tool (I prefer JXplorer) highly recommended

(more…)

Our Elgg site is up and running with forums, folios, and full-LDAP authentication. It was actually easier than I thought.

At this point I’m sharing it with a few educators who expressed interest in using student blog portfolios.  It ill be interesting to see how students will react to a school-based social network.

There seems to be a little funkiness with some of the site RSS, but it is an issue being addressed in the road map. I wish there were more documentation on the Elgg schema. I find it difficult to see how things are linked together and where various files are kept. This may be my short coming, but it is a bit trying due to all of the guess work.

I eagerly await the next version, and hope that I can give back soon enough.

As I was experimenting with Elgg and LDAP, I realized that none of the users create via LDAP authentication would so up in browse until somebody added them as a friend. Of course adding somebody who doesn’t show up in the list is a bit difficult so it was sort of a deal breaker.

It turns out that the friends able is used someway in the browse feature and users that register themselves are automatically made friends with a “0″ user that doesn’t really exist. So basically, you have to add a little code to the /auth/LDAP/lib.php and then your LDAP created users will work wonderfully.

Basically, I slightly modified a post that I found on the Elgg forums.

1. Find line 153:

$user_id = insert_record(‘users’,$user);

2. Add the following below:

// adds “virtual” friend, so that user has at least one connection, and shows up in the browse feature.
$newid = user_info_username(‘ident’, $username);
$owner = 0;
$f = new StdClass;
$f->owner = $owner;
$f->friend = $newid;
$f->status = ‘perm’;

insert_record(‘friends’,$f);

The additionally code simple grabs the new users “ident” from the User table and inserts a friend record with the shadowy “0″ user.

Now, if I can just figure out how to setup the tag cloud to work correctly.

Elgg 1.1 LDAP info can be found here.

It turns out that getting the LDAP authentication working with Elgg was very easy.

All you need to do is look in the “home/auth/ldap” folder, where you will find “lib.php”. This file gives you basic directions on setting up LDAP authentication. I followed the following steps:

1. Copy lines 18-43 of “home/auth/ldap/lib.php” and paste them below line 10 in “home/config.php”.
2. Next you need to clean up the code by removing all of the asterisks. There are also several places where semicolons are missing, so put them at the end of line where they are missing. When your done it should look something like this:
   

   // Authentication set to LDAP
   $CFG->auth = ‘ldap’;

   // LDAP Authentication parameters
   // LDAP host
   $CFG->ldap_host = ‘your.domain.com’;
   // LDAP port
   $CFG->ldap_port = 389;
   // Base DN – can be string or array of string for multiple DNs
   $CFG->ldap_basedn = ‘cn=users,dc=your,dc=domain,dc=com’;
   // Protocol version
   $CFG->ldap_protocol_version = ’3′;
   // Filter for username, common are cn, uid or sAMAccountName
   $CFG->ldap_filter_attr = ‘uid’;
   // Search attibutes: associative array with the key being the attribute
   // description, and the value being the actual LDAP attribute. firstname
   //lastname and mail are used to create the elgg user profile. The
   //example below works for ActiveDirectory.
   $CFG->ldap_search_attr = array(‘firstname’ => ‘givenName’,
   ‘lastname’ => ‘sn’,
   ‘mail’ => ‘mail’);
   // Create user, relies on the givenname, sn, and email attributes for now
   $CFG->ldap_user_create = true;
   // Fallback option, try internal authentication if everything fails
   $CFG->ldap_internal_fallback = true;

3. Use your domain information instead of “your.domain.com” and make appropriate adjustments to “$CFG->ldap_search_attr” if you are using non-standard LDAP attributes.
4. Als0, you will need to use a couple of additional lines of code if you require a password to bind to your directory. These are found in the “home/auth/ldap/lib.php” file.
5. It should now work!

Now the only thing that is bugging me is that default name is your surname. But that should be easy enough to fix. This was done on a xServe G4 running OS X Server 10.4.9, running entrophy php 5.2.4.

It has been a long while since I’ve updated this blog. Life has a way of getting ahead of you.

I’m almost done with the implementation phase of my master’s program and look forward to getting back to some of the newer things I’ve been toying with at school.

I’d like to get a program start which takes advantage of Elgg to create a school social networking/blog/portfolio system. It was incredible simple to get the installation running and the portfolio piece (by Nathan Garrett) installed. Also, it looks as though the LDAP authentication piece should be easy to implement.

My only real complaint is that standard registration requires an email address. Unfortunately, there are just to many institutions, at the K-12 level, who are worried about students accessing email. It would be nice if the LDAP authentication removed the need for an email.

I’ll be sharing my discovers about Elgg as the project develops.