Using OpenLDAP

Using OpenLDAP

To set up OpenLDAP authentication:

  1. Get the mojoPortal content management site working using database authentication, i.e. "normal" installation.
  2. Log in as an admin user, go to the Member List page, and click Manage (or the gear icon) by an admin user.
  3. Change the admin user's ID to one that matches an OpenLDAP user. For example, if my OpenLDAP user is jaudette, I would change the mojoPortal user ID from admin to jaudette.
  4. Log out, then log in again using the new user ID.
  5. Select Administration, Site Settings.
  6. Click the Security tab, then the LDAP Settings tab.
  7. Enter the LDAP server hostname and port. For authentication over SSL, see below for a needed additional key.
  8. Enter the root Distinguished Name (DN) for user authentication (e.g. CN=admin,DC=example,DC=org).
  9. Check the "Automatically add LDAP users on first login" box, if you would like your users to be automatically created in mojoPortal following a successful LDAP authentication. Users will be created with a strong, unguessable random password. With OpenLDAP authentication, mojoPortal will also attempt to use "givenName" and "sn" for the first name and last name in the display name field, respectively. If it is unable to select those keys, or you are using Active Directory, the user is created with login ID ("CN") as the display name.

Click Save to store the basic settings. Then check the box that says Use LDAP for Authentication and enter your OpenLDAP user's password in the password box.

Click Save again, and this time it will test the authentication against OpenLDAP. If it fails it will not save the setting Use LDAP for Authentication. This is to prevent you from getting locked out of the site.

Note: As of mojoPortal version 2.3.5.8, if you wish to use SSL for your LDAP connection (port 636, by default), add the following key to your user.config file:

<add key="UseSSLForLDAP" value="true" />

Note: As of mojoPortal version 2.3.8.5, if you wish to use database authentication, with fallback to LDAP authentication, mark the appropriate boxes on the LDAP Settings page for each site. Note also that you must leave "Disable Database Authentication" unchecked.

For versions between 2.3.5.8 and 2.3.8.1, to enable LDAP fallback for all sites within your mojoPortal installation, add the following key to your user.config file:

<add key="UseLDAPFallbackAuthentication" value="true" />

Edited 2012-12-11 Jamie Eubanks