user authentication in Compiere using LDAP

2006-09-26
2013-05-02
  • mailmesenthil
    mailmesenthil
    2006-09-26

    Hi to all,

    I have ldap users in OpenLDAP. I want to add those users to Compiere and authentication to be done in Compiere via ldap. I have searched through the web but I'm not able to get any documentation for that.

    Please let me know where the documentation is or, if possible, please give me some instructions on how to do that.

    Thanks & regards
    Senthil. K

     
    • Johannes Gubo
      Johannes Gubo
      2006-09-26

      Hi Senthil,

      i strongly believe that the LDAP Authentication thingy is a future feature ;)

      May someone else knows better.

      Best regards Johannes

       
      • GusG
        GusG
        2006-10-12

        Sorry, I have been tied up with many projects and forgot about this until just now..

        Anyway, if you are still interested, this will get you only username/password functionality..

        GG
        ------------------------------

        Enabling LDAP Functionality:

        1.  Log in as SysAdmin
        2.  Go to Menu>System Admin>System
        3.  In Field "Ldap URL" fill in your LDAP URL, i.e. "LDAP://YourLdapServer.com"
        4.  In field "LDAP Domain" Your Domain, i.e., "YourLdapServer.com"
        5.  Log Out as SysAdmin
        6.  Log In as SuperUser/Admin
        7.  GoTo Menu>General Rules>Security>User
        8.  In tab "User Contact" and "Internal" you will find a field for LDAP User Name -- Here (for a particular user) fill in the LDAP use name.

        Upon logging in -- the user can enter his/her LDAP user name and password and it will associate the correct credentials to the user you have set up in Compiere.

         
    • GusG
      GusG
      2006-09-26

      Hi Senthil,
      I am currently using LDAP but on a Windows 2000/2003 platform.  However, I am not familiar with OpenLDAP.

      The LDAP funtionality is very minimal and only allows for usrnames and password to be passed.  Other information, like email, is not currently accessible thru LDAP.

      If you are interested I can get you the specifics on my installation.

      Regards,
      GG

       
      • Paul Aviles
        Paul Aviles
        2006-09-26

        GG, if you can provide the specifics will be great. 

        Regards,

        Paul

         
        • GusG
          GusG
          2006-09-26

          Hi Paul,
          Sorry, for the late reply..
          I am rather tied up today, and it's been quite a few months since I set this up.  But, I should be able to get this on here within the next day or so..

          I hope that this is ok.  I know that when Ifirst started here I received very few answers to questions.  But, I will get it here..

          Regards,
          gg

           
      • mailmesenthil
        mailmesenthil
        2006-09-27

        Hi GG,
             Thanks for imm reply. Pls send installation specifics for Compiere LDAP on a Windows 2000/2003 platform. I am eagarly waiting for that...

        Thanks & Regards
        Senthil.K

         
        • We needed more than just LDAP authentication, in that we also needed to extract some of the other LDAP fields (e.g., email address, phone number, etc.).

          So for logging in to the Compiere client we modified the code of the "protected KeyNamePair[] getRoles (String app_user, String app_pwd, boolean force)" method in Login.java to call our organization's LDAP authentication class for all users except "System" and "SuperUser". For the latter we continued authenticating using the Compiere way.

          For our webstore interface, we call this same LDAP authentication class from our Struts login form class's validate() method.

          Dennis

           
  • marcio sales
    marcio sales
    2010-04-23

    When authenticating against LDAP, not always all users are in the same sub-tree of ldap, so it is necesary to support authentication against multiple branches of ldap.

    For example, there can be users who can authenticate using the cn=%s,ou=myCity,ou=myState,o=myCompany but others can authenticate using the cn=%s,ou=ANOTHERCity,ou=myState,o=myCompany