You are here: Fladi.at>Main Web>OpenIDProvider (12 Oct 2009, FladischerMichael)EditAttach

OpenIDProvider

Running OpenID with an LDAP backend.

Requirements

Installation

Unpack openid-ldap-x.y.z-noarc.tar.gz into the document root of a designated virtual host, for example openid.fladi.at: 
tar xfz openid-ldap-x.y.z-noarc.tar.gz
mv openid-ldap-x.y.z/* /var/www/vhosts/openid.fladi.at/

Configuration

Apache

Some rewrite magic has to be put in place to create elegant URL identifiers within they virtual host for Apache: 
DocumentRoot /var/www/vhosts/openid.fladi.at
ServerName openid.fladi.at
CustomLog /var/log/apache2/access.openid.fladi.at.log combined
ErrorLog /var/log/apache2/error.openid.fladi.at.log
RewriteEngine On
RewriteCond %{REQUEST_URI} !^/(.+)\.php(.*)$
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /([A-Za-z0-9]+)\?(.*)\ HTTP/
RewriteRule ^/(.*)$ http://openid.fladi.at/index.php?user=%1&%2    [P]
RewriteCond %{REQUEST_URI} !^/(.+)\.php(.*)$
RewriteRule ^/([A-Za-z0-9]+)$  http://openid.fladi.at/index.php?user=$1    [P]
ALERT! As there will be cleartext password transfered, it is always advised to use SSL for such hosts! Please take care to set this up for yourself.

OpenID-LDAP

First, edit ldap.php inside the document root and apply your LDAP configuration details: 
$GLOBALS['ldap'] = array (
   'primary'     => 'uni.fladi.at',
   'fallback'    => 'home.fladi.at',
   'protocol'    => 3,
   'isad'        => false,
   'lookupcn'    => true,
   'binddn'      => '',
   'password'    => '',
   'testdn'      => 'uid=%s,ou=users,dc=fladi,dc=at',
   'searchdn'    => 'ou=users,dc=fladi,dc=at',
   'filter'      => '(&(objectClass=posixAccount)(uid=%s))',
   'nickname'    => 'uid',
   'email'       => 'mail',
   'fullname'    => 'cn',
   'country'     => 'c'
);
This provides a primary and a fallback LDAP server, uses anonymous lookups to find users in the container ou=users,dc=fladi,dc=at who's uid will be used as their OpenID username. Further each user object has to be a posixAccount.

Usage

LDAP user accounts are now usable for OpenID through the URL https://openid.fladi.at/<uid> which could be for example https://openid.fladi.at/FladischerMichael.
Edit | Attach | Print version | History: r3 < r2 < r1 | Backlinks | Raw View | More topic actions
Topic revision: r3 - 12 Oct 2009 - 05:40:37 - FladischerMichael
 
This site is powered by FoswikiCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding Fladi.at? Send feedback