Kamis, 19 April 2012

SSO with CAS, OpenDS integration with Zimbra and Joomla part 3

Supaya CAS bisa mendukung ldap ada beberapa hal yang harus di lakukan :
1. edit pom xml di di rectory CAS server nya, tambahkan baris :
2. copy kan file cas-server-support-ldap-3.4.10.jar serta spring-ldap * ke dalam directory lib di CAS server nya.
3 edit deployerConfigContext.xml,
contoh deployerConfigContext.xml , saya copy pastekan karena di inet hanya clue nya saja ..
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
       http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">
        <bean id="contextSource" class="org.springframework.ldap.core.support.LdapContextSource">
  <property name="pooled" value="false"/>

  <property name="url" value="ldap://IP LDAP:PORT" />

  <property name="userDn" value="cn=[Nama MANAGER]"/>
  <property name="password" value="[PASSWDNYA]"/>

  <property name="baseEnvironmentProperties">
      <entry key="java.naming.security.authentication" value="simple" />

        <bean id="authenticationManager"
                <property name="credentialsToPrincipalResolvers">
                                        class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver" />
                                        class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver" />

                <property name="authenticationHandlers">
                                <bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
                                        p:httpClient-ref="httpClient" />
                                  <bean class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler"
      p:contextSource-ref="contextSource" />


    <sec:user-service id="userDetailsService">
        <sec:user name="@@THIS SHOULD BE REPLACED@@" password="notused" authorities="ROLE_ADMIN" />

        <bean id="attributeRepository"
                <property name="backingMap">
                                <entry key="uid" value="uid" />
                                <entry key="eduPersonAffiliation" value="eduPersonAffiliation" />
                                <entry key="groupMembership" value="groupMembership" />

        Sample, in-memory data store for the ServiceRegistry. A real implementation
        would probably want to replace this with the JPA-backed ServiceRegistry DAO
        The name of this bean should remain "serviceRegistryDao".

    <bean id="auditTrailManager" class="com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager" />

4. kita restart tomcatnya :
/etc/init.d/tomcat6 restart
next.. kita coba install openDS nya..

Kamis, 12 April 2012

change themes logo in zimbra.

just simple step :
  1. cd /opt/zimbra/jetty/webapps/zimbra/skins
  2. mv carbon CARBON
  3. ln -s bare carbon
  4. zmprov flushCache skin carbon
have trying..

Selasa, 10 April 2012

Connect to an OPENDS/LDAP using Joomla 2.5

After some fiddling around I managed to connect to an AD from Joomla, so I would like to share with you the configuration.

Apart from being a requirement in many projects, here are the benefits of using an OPENDS/LDAP for Joomla authentication:

  • Centralised user database which can be used from many different systems
  • Users have only one username/password for all systems utilizing OPENDS/LDAP
  • Users can still be administered inside Joomla, since they are imported into Joomla db the first time they connect to Joomla using LDAP
  • Keeps users happy! (no more extra signups)
  • Best practice, IT integration
In order to achieve this you just have to follow these steps: 

1. Go to the Joomla's administration plugin manager and enable the Authentication - LDAP plugin:

2. Configure the plugins with your OPENDS/LDAP data. This is the tricky part, which could make you spend manhours and frustrate you a lot if you are not sure about the parameters.

The parameters shown above are for OPENDS and should be ok for the majority of the systems and should allow you to connect using your email credentials