Thursday, February 2, 2012

Configuring LDAP authentication with Active Directory


First install the python-ldap library:
[sudo] apt-get install python-ldap

Then install OpenERP's user_ldap module.
Go to Administration » Companies, select your company, find the "Configuration" tab, and on the "LDAP Configuration" box click "New" to add a LDAP configuration.

Complete the requested information:
  • LDAP Server address: your.adserver.address
  • LDAP Server port: 3268
  • LDAP binddn: your-domain\a-username
  • LDAP password: your-password
  • LDAP base: DC=your-domain,DC=local
  • LDAP filter: sAMAccountName=%s
  • Create User: Yes
  • Model User: Your template user

The parameters bindn and password can be ignored  if the AD server is configured to allow anonymous connections. In this case, we preferred to create a generic user to connect to the AD.

When someone tries to login to OpenERP for the first time, it's full name is retrieved from the AD and a new Openerp user is created copying from the template user. So, this template user should have assigned default access groups for everyone in the domain.

You might need to adjust some of these setting to your specific AD structure. I found Softerra's free LDAP browser to be useful to explore the AD structure, or just to test the LDAP configuration parameters.

OpenERP easy installation using SISalp's xoe script

SISalp has developed a script to automate OpenERP server installation, and was kind enough to share it to the public with GPL license. Let's use it to build an OpenERP server based on a clean Turnkey LAPP appliance.

First, update the virtual machine's system.
After installing the virtual machine, which should be pretty straightforward, you might want to update the system. Be aware that there is a known issue with the udev library, causing the update of Turnkey appliances process to freeze. To avoid it you should do the update using:


apt-get update
echo udev hold|dpkg --set-selections
apt-get upgrade



Second, install OpenERP, using SISalp's XOE script.
Following the instructions, logged in as root, execute:

cd /usr/local/bin
wget http://download.sisalp.net/install_xoe
chmod 755 install_xoe
./install_xoe

And that's it.

The script will create the PostgreSQL database, install the application server, the web server and register them as services. The monitoring and management of the servers can be done through the xoe utility. For example, use xoe --status to check which services are running.

I find very interesting the ability to setup and manage other servers, for training and testing purposes. The documentation also mentions the possibility of setting up backups and e-mail alerts to the system administrator. The tool is rich in features, but it would be nice to have a little more documentation available, such as a good guide for all these functions.

EDIT: install_xoe_openerp is deprecated - install_xoe should be used instead.