[opencms-dev] OpenCms7.0.5-CAS3.2.1.1-LDAP module released

Shi Yusen shiys at langhua.cn
Thu Sep 18 20:11:15 CEST 2008 

Hi list,

I'm glad to annonce the release of OpenCms7.0.5-CAS3.2.1.1-LDAP module. 

Thanks Olivier CHIROUZE from Volvo Information Technology contribute
this release!

Olivier developed the modules of this release in OpenCms7.0.5 and
ActiveDirectory environment, and I tested it in OpenCms7.0.5, CAS3.2.1.1
and OpenLDAP2.4.8.


The new module contains 2 version:
cn.langhua.opencms.ldap_1.0.4_opencms7.0.5_java1.4.zip for JDK 1.4
cn.langhua.opencms.ldap_1.0.4_opencms7.0.5_java1.5.zip for JDK 1.5


Source code and module download:
SVN access:
http://www.langhua.cn/langhua/modules/ldap/branch/
username: anon
password: anon

ViewVC access:
http://www.langhua.cn/viewvc/modules/ldap/branch/


Other improvements made by Olivier CHIROUZE including:
1. A ant task to build the module zip file
2. Choose the version of Java you want to compile in build.xml


Further Information:
1. This module uses the following processes to login:
LDAP authz:
User                          OpenCms                      LDAP
 |        userid/password        |                          |
 |--------------req------------->|          userid          |
 |                               |-----------req----------->|
 |                               |<----------res------------|
 |                               |          user dn         |
 |                               |    user dn/password      |
 |                               |-----------req----------->|
 |                               |<----------res------------|
 |<-------------res--------------|                          |


CAS + LDAP authz:
Client                  OpenCms                  CAS       LDAP
  |          a url         |                      |         |
  |----------req---------->|check permission      |         |
  |                     allowed?                  |         |
  |<---------res-----------|yes                   |         |
  |               not allowd. guest?              |         |
  |<---------res-----------|not guest             |         |
  |                a guest. has ticket?           |         |
  |                        |      to /login       |         |
  |               no ticket|---------req--------->|         |
  |<-----------------res--------------------------|         |
  |           username/password                   |         |
  |------------------req------------------------->|         |
  |                        |                      |<-authz->|
  |                        |                  logged in?    |
  |<-----------------res--------------------------|no       |
  |                        |    forward the url   |         |
  |                        |<--------res----------|yes      |
  |              a guest. has ticket?             |         |
  |                     yes|                      |         |
  |                   has CmsUser?                |         |
  |                      no|         read user info         |
  |                        |---------------req------------->|
  |                        |<--------------res--------------|
  |                 store user info               |         |
  |         the url        |                      |         |
  |<----------res----------|not a guest           |         |


2. Installation
Use OpenCms module import tool to install this module.
Use the following options to config this module.
Replace the /system/login/index.html with one sample
under /system/modules/cn.langhua.opencms.ldap/login/.

3. Configuration
There are 12 parameters of this module, you can change them in OpenCms
module management.
Attribute: a expression to mapping the username to an LDAP attribute,
such as uid=%u at langhua.cn or cn=Shi Yusen, default is uid=u%.

AuthenType: the authen type of LDAP server, default value is simple.

AuthenticationHandler: the handler to authen the user's login, can be
cn.langhua.opencms.ldap.cas.CmsCasAuthenticationHandler or
cn.langhua.opencms.ldap.openldap.CmsLdapAuthenticationHandler, default
is the LDAP one.

AutoUserRoleName: when a new user added according to the login server,
the default role type of this user. If empty, the user will be only in
the User group without any role.

BaseDN: the base DN of LDAP server, such as dc=example,dc=com. No
default value.

CasLoginUri: the uri to CAS login, default is /login.

CasUrl: the url to visit CAS server, default is
https://localhost:8443/cas.

CasValidateUri: the uri to CAS validate, default is /validate.

Filter: the filter to login LDAP server, default is (objectclass=*).

Scope: the scope to search LDAP, default is sub which means search
subtree from the BaseDN.

URL: the URL of the LDAP server, ldap://localhost:389.

UseCmsLoginWhenLDAPFail: When LDAP connection or login failed, whether
using OpenCms login instead. Default value is true.

4. Bug feedback
http://www.langhua.cn/bugzilla, please use firefox to get the right UI
language for you.
Or send email to this list.

5. Trouble shooting
You can change the configuration of this module in
${opencms.home}/WEB-INF/config/opencms-modules.xml.

If you're using OpenLDAP, you have to add BaseDN parameter something
like this:
                <param name="BaseDN">o=langhua,c=cn</param>
If you want your OpenLDAP case sensitive, you can use caseExactmatch,
for example:
                <param name="Attribute">uid:caseExactmatch:=%u</param>

Enjoy it.

Shi Yusen/Beijing Langhua Ltd.

More information about the opencms-dev mailing list