In the last few months, I worked a lot on connecting different services to OpenLDAP. My general impression is that most software projects have quite a poor documentation on how to do this exactly. So here is a little collection – no long articles, just the configuration part. This is part 3: How to integrate the free/libre microblogging software GNU social with OpenLDAP?
GNU social comes with two plugins: LdapAuthentication and LdapAuthorization. The former obviously is for authentication, the latter is for managing StatusNet roles in LDAP. The explanations and examples in the README files are very good! Here I go to configure GNU social as an internal social network for a given group.
addPlugin('ldapAuthentication', array(
'provider_name'=>'localhost',
'authoritative'=>true,
'autoregistration'=>true,
// if gnusocial can't write back to ldap:
'email_changeable'=>false,
'password_changeable'=>false,
'password_encoding'=>'md5',
'host'=>array( 'localhost' ),
// without the next line, it will bind on port 389 without encryption
'starttls'=>true,
'binddn'=>'cn=gnusocial,dc=example,dc=org',
'bindpw'=>'secret',
'basedn'=>'dc=example,dc=org',
'attributes'=>array(
'username'=>'uid',
'nickname'=>'uid',
'email'=>'mail',
'fullname'=>'displayName',
'password'=>'unicodePwd')
));
addPlugin('ldapAuthorization', array(
'provider_name'=>'localhost',
'authoritative'=>true,
// I use the memberOf overlay so: "member"
'uniqueMember_attribute'=>'member',
// all accounts that can log in:
'login_group'=>'cn=users,ou=gnusocial,dc=example,dc=org',
// all accounts with elevated permissions:
'roles_to_groups'=>array(
'moderator'=>'cn=moderators,ou=gnusocial,dc=example,dc=org',
'administrator'=>'cn=admins,ou=gnusocial,dc=example,dc=org'
),
'basedn'=>'ou=Users,dc=example,dc=org',
'host'=>array( 'localhost' ),
'starttls'=>true,
'binddn'=>'cn=gnusocial,dc=example,dc=org',
'bindpw'=>'secret',
'attributes'=>array(
'username'=>'uid')
));