OpenLDAP with … GNU social

In the last few months, I worked a lot on connecting different services to OpenLDAP. My general impression is that most software projects have quite a poor documentation on how to do this exactly. So here is a little collection – no long articles, just the configuration part. This is part 3: How to integrate the free/libre microblogging software GNU social with OpenLDAP?

GNU social comes with two plugins: LdapAuthentication and LdapAuthorization. The former obviously is for authentication, the latter is for managing StatusNet roles in LDAP. The explanations and examples in the README files are very good! Here I go to configure GNU social as an internal social network for a given group.

addPlugin('ldapAuthentication', array(
        'provider_name'=>'localhost',
        'authoritative'=>true,
        'autoregistration'=>true,
        // if gnusocial can't write back to ldap:
        'email_changeable'=>false,
        'password_changeable'=>false,
        'password_encoding'=>'md5',
        'host'=>array( 'localhost' ),
        // without the next line, it will bind on port 389 without encryption
        'starttls'=>true,
        'binddn'=>'cn=gnusocial,dc=example,dc=org',
        'bindpw'=>'secret',
        'basedn'=>'dc=example,dc=org',
        'attributes'=>array(
                'username'=>'uid',
                'nickname'=>'uid',
                'email'=>'mail',
                'fullname'=>'displayName',
                'password'=>'unicodePwd')
));

addPlugin('ldapAuthorization', array(
        'provider_name'=>'localhost',
        'authoritative'=>true,
        // I use the memberOf overlay so: "member"
        'uniqueMember_attribute'=>'member',
        // all accounts that can log in:
        'login_group'=>'cn=users,ou=gnusocial,dc=example,dc=org',
         // all accounts with elevated permissions:
        'roles_to_groups'=>array(
                'moderator'=>'cn=moderators,ou=gnusocial,dc=example,dc=org',
                'administrator'=>'cn=admins,ou=gnusocial,dc=example,dc=org'
        ),
        'basedn'=>'ou=Users,dc=example,dc=org',
        'host'=>array( 'localhost' ),
        'starttls'=>true,
        'binddn'=>'cn=gnusocial,dc=example,dc=org',
        'bindpw'=>'secret',
        'attributes'=>array(
                'username'=>'uid')
));
  • Veröffentlicht in: Allgemein