Can Joomla Users login In OpenERP Using LDAP??????

               Hi all,I am deciding to cover the entire topic of enbling joomla created user accounts
to login in openerp with the help of centralized authentication tool ldap in two parts.first part here
covers ldap installation and its integration with openerp,so that ldap users can login in
openerp with their accounts created in openerp.

        OpenLDAP, open source implementation of the Lightweight Directory Access Protocol (LDAP) stores
all information in a directory with tree like structure with root node defining the top of the organization(domain
component,organization name) and leaf nodes representing the organization units(peoples,groups).

OpenLDAP Installation

     1.Install the OpenLDAP server daemon slapd and ldap-utils, a package containing LDAP management  utilities
                sudo apt-get install slapd ldap-utils

     2.schemas need to be loaded in the server as by default there are none:
                sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif
                sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif
                sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif

     3.To create the actual ldap database that stores the entries in the directory, need to create ldif files.
        In this example we use dc=example,dc=com the directory suffix.
        Remember to change dc=example,dc=com in the following example to match
        your LDAP configuration needs.Create backend.example.com.ldif and copy the following code.
               # Load dynamic backend modules
               dn: cn=module,cn=config
               objectClass: olcModuleList
               cn: module
               olcModulepath: /usr/lib/ldap
               olcModuleload: back_hdb

               # Database settings
               dn: olcDatabase=hdb,cn=config
               objectClass: olcDatabaseConfig
               objectClass: olcHdbConfig
               olcDatabase: {1}hdb
               olcSuffix: dc=example,dc=com                 <– change here for  your  domain
               olcDbDirectory: /var/lib/ldap
               olcRootDN: cn=admin,dc=example,dc=com       <–change here
               olcRootPW: secret                                        <– change admin password here
               olcDbConfig: set_cachesize 0 2097152 0
               olcDbConfig: set_lk_max_objects 1500
               olcDbConfig: set_lk_max_locks 1500
               olcDbConfig: set_lk_max_lockers 1500
               olcDbIndex: objectClass eq
               olcLastMod: TRUE
               olcDbCheckpoint: 512 30

               #modify access list to limit access to database   
               olcAccess: to attrs=userPassword by dn=”cn=admin,dc=example,dc=com” write by anonymous auth by self write by * none                       <–  change here
               olcAccess: to attrs=shadowLastChange by self write by * read
               olcAccess: to dn.base=”” by * read
               olcAccess: to * by dn=”cn=admin,dc=example,dc=com” write by * read       <–change here 
          Note: there should not be any spaces at the beginning of  lines
                 now add ldif to directory by,
                          sudo ldapadd -Y EXTERNAL -H ldapi:/// -f backend.example.com.ldif

     4.Ldap database need to be populated with users and groups.Create frontend.example.com.ldif
       with following content.here a sample user named john is also added.
               # Create top-level object in domain
              dn: dc=example,dc=com            <– change ‘dc’ to your domain
              objectClass: top
              objectClass: dcObject
              objectclass: organization
              o: Example Organization          <–change here
              dc: Example                                 <–change here                                        
              description: LDAP Example

              # Admin user.
             dn: cn=admin,dc=example,dc=com         <–change here
             objectClass: simpleSecurityObject  
             objectClass: organizationalRole
             cn: admin
             description: LDAP administrator
             userPassword: secret         <– admin password entered above in backend 

            dn: ou=people,dc=example,dc=com        <–change here
            objectClass: organizationalUnit
            ou: people

            dn: ou=groups,dc=example,dc=com         <–change here
            objectClass: organizationalUnit
            ou: groups

            dn: uid=john,ou=people,dc=example,dc=com    <–change here
            objectClass: inetOrgPerson
            objectClass: posixAccount
            objectClass: shadowAccount
            uid: john
            sn: Doe
            givenName: John
            cn: John Doe
            displayName: John Doe
            uidNumber: 1050
            gidNumber: 10000
            userPassword: password        <– change john user password
            gecos: John Doe
            loginShell: /bin/bash
            homeDirectory: /home/john
            shadowExpire: -1
            shadowFlag: 0
            shadowWarning: 7
            shadowMin: 8
            shadowMax: 999999
            shadowLastChange: 10877
            mail: john.doe@example.com
            postalCode: 31000
            l: Toulouse
            o: Example
            mobile: +33 (0)6 xx xx xx xx
            homePhone: +33 (0)5 xx xx xx xx
            title: System Administrator
            postalAddress:
            initials: JD

           dn: cn=example,ou=groups,dc=example,dc=com   <– change cn=eample to group name you needed
           objectClass: posixGroup
           cn: example          <–change here if made changed above in group name
           gidNumber: 10000
                 Add ldif to directory, it will prompt for admin password,
                    sudo ldapadd -x -D cn=admin,dc=example,dc=com -W -f frontend.example.com.ldif

     5.Simple ldap configuration is over and to get web based user interface for ldap,install phpldapadmin,
                   sudo apt-get install phpldapadmin
            need to change ‘dc‘ the following lines in /etc/phpldapadmin/cofig.php and restart apache2.
               a)$servers->setValue(‘server’,’base’,array(‘dc=example,dc=com’));
               b) $servers->setValue(‘login’,’bind_id’,’cn=admin,dc=example,dc=com’);
           to your domain.Login into ldap server using http://localhost/phpldapaddmin  and enter admin passwd.

 OpenERP-LDAP

     6.Install python package,otherwise users_ldap module in openerp will not function
                sudo apt-get install python-ldap

     7.Install users_ldap module in the openerp which comes by default with openerp-server addons

     8.Configuration at the openerp side,
           “Administration–>Companies–>Companies“,Your company profile and enter following details in ldap parametres
              LDAP Server Address : your machine IP (127.0.0.1 <-if ldap running on the same server)
              LDAP Server Port   : 389
             LDAP Bind Dn   :   cn=admin,dc=example,dc=com (if you had changed dc component then enter the same here and for followings)
             LDAP password  :   Your admin ldap password
             LDAP Base      :   ou=people,dc=example,dc=com        <– change ‘dc’ here
             LDAP filter    :  (uid=%s)
             create user    : checked
             Model User     : demo user
             sequence      :  10

     9.If everything goes right you can login using john with password in openerp and same for the other ldap users when created,
       Joomla-ldap integration will be covered in my next blog.