[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Health] LDAP Support in GNU Health Running Tryton 3.4
|
From: |
Christoph H. Larsen |
|
Subject: |
[Health] LDAP Support in GNU Health Running Tryton 3.4 |
|
Date: |
Mon, 5 Sep 2016 20:25:30 +0300 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Icedove/45.1.0 |
Dear All,
I have the task to convert a GNU Health instance sitting on top of
Tryton 3.4 to user authentication by OpenLDAP. I understand that this is
the first version, where Trytron left the two-module GUI configuration
game.
Does anybody have sorted this out so that it can actually work?
Here are the relevant sections of my configuration file:
--------------------------------------------------
<rest of the trytond config is above, defaults are commented out>
[ldap_authentication]
# Configure parameters for authentication via LDAP
#
# The LDAP URL to connect to the server
# An LDAP URL begins with the protocol prefix "ldap" and is defined
by the following grammar:
# ldapurl = scheme "://" [hostport] ["/" [dn ["?" [attributes]
["?" [scope] ["?" [filter] ["?" extensions]]]]]]
# scheme = "ldap"
# attributes = attrdesc *("," attrdesc)
# scope = "base" / "one" / "sub"
# dn = distinguishedName from Section 3 of [1]
# hostport = hostport from Section 5 of RFC 1738 [5]
# attrdesc = AttributeDescription from Section 4.1.5 of [2]
# filter = filter from Section 4 of [4]
# extensions = extension *("," extension)
# extension = ["!"] extype ["=" exvalue]
# extype = token / xtoken
# exvalue = LDAPString from section 4.1.2 of [2]
# token = oid from section 4.1 of [3]
# xtoken = ("X-" / "x-") token
# See here for more details: http://ldapwiki.willeke.com/wiki/LDAP%20URL
#uri =
uri =
ldap://ldap.jail.vlan:389/ou=People,o=MyOrg??sub?(&(objectclass=inetOrgPerson)(memberOf=cn=trytond_health_instance,ou=Groups,o=MyOrg))?bindname=cn=LDAPReader,ou=Roles,o=MyOrg
#
# The password used to bind, if needed
#bind_pass =
###bind_pass = <LDAPReader password>
#
# A boolean to set, if the LDAP server is an Active Directory
#active_directory =
#
# The uid attribute for authentication
#uid = uid
uid = uid
#
# A boolean to create user if not in the database
#create_user =
create_user = true
--------------------------------------------------
Although I have a full-blown OpenLDAP setup (I use it for authentication
for essentially all my applications) I do not seem to get any logging
noise within LDAP from trytond's side.
I used py-ldap instead of py-ldap3, because this is what this trytond
version still requires, installed from ports, because pip gives my SASL,
which I neither want nor need - everything is TLS.
Any ideas, know set up or comments will be hugely appreciated.
Thanks a lot,
Chris
- [Health] LDAP Support in GNU Health Running Tryton 3.4,
Christoph H. Larsen <=