Thursday, February 2, 2012

Configuring LDAP authentication with Active Directory


First install the python-ldap library:
[sudo] apt-get install python-ldap

Then install OpenERP's user_ldap module.
Go to Administration » Companies, select your company, find the "Configuration" tab, and on the "LDAP Configuration" box click "New" to add a LDAP configuration.

Complete the requested information:
  • LDAP Server address: your.adserver.address
  • LDAP Server port: 3268
  • LDAP binddn: your-domain\a-username
  • LDAP password: your-password
  • LDAP base: DC=your-domain,DC=local
  • LDAP filter: sAMAccountName=%s
  • Create User: Yes
  • Model User: Your template user

The parameters bindn and password can be ignored  if the AD server is configured to allow anonymous connections. In this case, we preferred to create a generic user to connect to the AD.

When someone tries to login to OpenERP for the first time, it's full name is retrieved from the AD and a new Openerp user is created copying from the template user. So, this template user should have assigned default access groups for everyone in the domain.

You might need to adjust some of these setting to your specific AD structure. I found Softerra's free LDAP browser to be useful to explore the AD structure, or just to test the LDAP configuration parameters.

2 comments:

  1. I am trying to authenticate users from LDAP in Openerp but cant, I am using this module Openerp 5 which installs OK but then I cant login.

    I am running it on ubuntu 12.04 with python-ldap version 2.4.10-1 and python 2.7

    ReplyDelete
  2. This comment has been removed by a blog administrator.

    ReplyDelete