We hope you'll join us for our 4/23 webinar on using data tables to apply reference ranges and AE codes in OC4. For more information and to register, visit https://register.gotowebinar.com/register/2882170018956684555

LDAP questions

Hi Vackar,

Here are my thoughts on your questions, posted today from the OpenClinica Portal. I am cc'ing the developers group as several of them have done an LDAP implementation before (I am thinking specifically of this post: http://www.openclinica.org/pipermail/developers/2006-December/000118.html, where the poster used OpenLDAP) and may have additional comments to share.

1. LDAP should be activated by creating another security realm in the server.xml or OpenClinica.xml file, as Vackar says.

2. Since we look for user by username after login, an entry will have to be created in both LDAP and OpenClinica for the user to be able to have a default study, be credited as creator/updater for objects etc etc. The password will have to be the same; otherwise our newly implemented e-signatures won't work. If you don't want to use e-sigs, then the password can be blank or a dummy password.

Best, Tom
From: OpenClinica Portal Administrator [mailto:[email protected]]
Sent: Mon 4/7/2008 3:15 PM
To: OpenClinica-admin
Subject: [OpenClinica Portal] Contact Inquiry
The following inquiry has been sent from the Contact page on the OpenClinica Portal
Name: Vackar Afzal
Email: [email protected]
Organization: Developer
Inquiry: Hi, I wanted to ask a couple of questions about LDAP\\\'ing OpenClinica. 1) Can it be LDAPed by simply creating a realm in Tomcat\\\'s server.xml. 2) When I wish to add a new user, do I need to add them to OpenClinica and LDAP, or does the LDAPing disable the use of the internal database users. If it doesn\\\'t then will the internal database user require an internal password and if so will it have to match the LDAP password.

Comments

  • Jun XuJun Xu Posts: 20
    Hi Vackar,
    1) Can it be LDAPed by simply creating a realm in Tomcat\\\'s server.xml.
    Yes. You can also put the realm into OpenClinica.xml as Tom said, so it will be a part of the OpenClinica configuration. An example JNDI realm I used to make user authenticate against Akaza LDAP on Windows is shown below:



    It will replace the JDBC realm in OpenClinica.xml.

    2) When I wish to add a new user, do I need to add them to OpenClinica and LDAP, or does the LDAPing disable the use of the internal database users. If it doesn\\\'t then will the internal database user require an internal password and if so will it have to match the LDAP password.
    How do you want to use LDAP? If you use LDAP only for OpenClinica user authentication, then the rest of the application can still use database. For the same user, the passwords need to be same for both LDAP and OpenClinica as Tom suggested.

    Regards,
    Jun
    Sent: Mon 4/7/2008 11:13 AM
    To: [email protected]
    Cc: [email protected]
    Subject: [Developers] LDAP questions
    Hi Vackar,

    Here are my thoughts on your questions, posted today from the OpenClinica Portal. I am cc'ing the developers group as several of them have done an LDAP implementation before (I am thinking specifically of this post: http://www.openclinica.org/pipermail/developers/2006-December/000118.html, where the poster used OpenLDAP) and may have additional comments to share.

    1. LDAP should be activated by creating another security realm in the server.xml or OpenClinica.xml file, as Vackar says.

    2. Since we look for user by username after login, an entry will have to be created in both LDAP and OpenClinica for the user to be able to have a default study, be credited as creator/updater for objects etc etc. The password will have to be the same; otherwise our newly implemented e-signatures won't work. If you don't want to use e-sigs, then the password can be blank or a dummy password.

    Best, Tom
    From: OpenClinica Portal Administrator [mailto:[email protected]]
    Sent: Mon 4/7/2008 3:15 PM
    To: OpenClinica-admin
    Subject: [OpenClinica Portal] Contact Inquiry
    The following inquiry has been sent from the Contact page on the OpenClinica Portal
    Name: Vackar Afzal
    Email: [email protected]
    Organization: Developer
    Inquiry: Hi, I wanted to ask a couple of questions about LDAP\\\'ing OpenClinica. 1) Can it be LDAPed by simply creating a realm in Tomcat\\\'s server.xml. 2) When I wish to add a new user, do I need to add them to OpenClinica and LDAP, or does the LDAPing disable the use of the internal database users. If it doesn\\\'t then will the internal database user require an internal password and if so will it have to match the LDAP password.
This discussion has been closed.