Millard's Corner » Integrating LDAP Authentication into ContentDM

Home > CONTENTdm, Digital Libraries > Integrating LDAP Authentication into ContentDM

Integrating LDAP Authentication into ContentDM

September 20th, 2007 admin

We just finished upgrading our installation of CONTENTdm to version 4.2 (now that 4.3 is just around the corner) and decided to change the way we did administrative access. It’s not difficult or brain surgery, but here’s the procedure in case anyone else wants an easy step-by-step.

Prior to the upgrade, we had just created usernames and passwords and protected the administrative interface pages with a standard htaccess file. We had a couple of accounts created, but basically everyone used the ADMIN username and password. That meant distributing the password around and letting everyone know when that password changed. We also had a student account that we were forced to change the password for everytime a student employee graduated.

So, with the upgrade, we decided to switch over to authenticating against the University’s ldap server instead. This way, everyone would use their campus password and we just restrict access on username.

According to the CONTENTdm faq:

Does CONTENTdm support authentication via LDAP? CONTENTdm relies on the underlying Web server for authentication services. The Apache LDAP authentication module enables authentication via LDAP. Consult the Apache/LDAP documentation for details.

Here’s how to do it on Apache2 Running on Debian Stable (etch)

Enable mod_ldap and mod_authnz_ldap

a2enmod ldap
a2enmod authnz_ldap
Create a new .htaccess file in /content42_install_directory/cgi-bin/admin/ that looks like this (customized with your ldap server URL):
AuthType Basic AuthName "Server Admin" AuthBasicProvider ldap AuthLDAPURL "ldap://ldapserver/ou=users,o=mu" AuthzLDAPAuthoritative off Require valid-user
Make sure /contentdm_install_directory/conf/users.txt has a line with full admin privileges for your ldap username
admin_username AC DC UP:$ALL BD ED AR DL CF RE
Now, force restart your Apache2 server
/etc/init.d/apache2 force-restart
That’s it. Login and see if it works. If it does, you can add more admin or whatever users using the admin interface

UPDATE: If you want to allow LDAP authentication AS WELL as some non-LDAP usernames (like general purpose users, outside collaborators etc) Add this line to your .htaccess file

AuthUserFile = /path/to/htpasswdfile

and change the line that reads:

AuthBasicProvider ldap


to read:
AuthBasicProvider ldap file

If you don't have a htpasswd file (you should as the CDM4 initial install asks you to create one) you can create it with the htpasswd command like this:
htpasswd -c /path/to/htpasswdfile firstusername


		
			Categories: CONTENTdm, Digital Libraries			Tags:



	
		

	




	
		Comments are closed.	

	
		Rapidweaver to WordPress
		Regular Backup solution for a MacBook Pro


	

	






	
	
		
			
				RSS
									
						Google
						Youdao
						Xian Guo
						Zhua Xia
						My Yahoo!
						newsgator
						Bloglines
						iNezha
					
							
							Twitter
						
		
	

	
	
Quote of the Moment
	
		The penalty that good men pay for not being interested in politics is to be governed by men worse than themselves.
					Plato
				
	




	
	
				
		
	
	

	
	
				
		
	
	
	




Categories
		
	CONTENTdm

	copyright

	digital humanities

	Digital Libraries

	DSpace

	human factors

	landsat

	OhioLINK

	ohioview

	Open Archives

	personal

	presentations

	recipes

	remote sensing

	site news

	Uncategorized