Author Topic: LDAP and 2.0 (Read 1822 times)

emilyf · June 16, 2008, 07:37:38 pm

Hi All,

I am trying to get clear on exactly where LDAP stands with CiviCRM 2.0. Does this page refer to 2.0 integration: http://wiki.civicrm.org/confluence/display/CRMDOC/CiviCRM+LDAP+Integration? If not, is anyone actively working on modifying/creating a 2.0 LDAP solution?

Are there very specific configuration areas of that page that need to be changed to work with 2.0? Is anyone out there doing a successful 2.0 LDAP integration?

If the integration is not documented for 2.0 I am going to be frustrated and therefore driven to participate in the documentation of it. Of course, I am a bit limited on the technical end so will probably need some expert assistance on the tough parts

Any general and detailed information you can give me on this would be much appreciated so that I can try to extend it out to the rest of the community. At the very least I will make specific notes on the above page as to which versions of CiviCRM it supports.

Thanks,
Emily

cap10morgan · June 18, 2008, 07:14:21 am

I setup a 1.8 or 1.9 (I forget which) test installation with those instructions. It basically worked, but as the author stated, was a bit flaky and limited in its functionality (as well as totally insecure, it basically exposed the whole Civi database as a flat address book). I have a sneaky feeling that the schema changes in 2.0 probably won't play nice with these instructions.

Customizable and secure LDAP exposure and/or integration (i.e. expose Civi's database via LDAP vs. use an LDAP directory as part of Civi's database) would be such an awesome feature I can't even stand it.

One of the limitations, it seems, is OpenLDAP's lackluster SQL backend support. This may have changed, but the last time I looked into it, the SQL backend was not well maintained and the devs recommended against using it. That baffles me because every use case I can think of for LDAP involves exposing SQL databases. But what do I know... :/

emilyf · June 18, 2008, 08:13:02 am

Interesting idea. I guess I am going to second that.

Would it be at all plausible (and I guess this question is directed at CiviCRM developers) to have the CiviCRM ldap tables preset and configured in the CiviCRM database? Again, I am sooooo newbie at this that I really don't know what I'm talking about. But if they were preconfigured, what problems does that bring up? Will that make them only compatible with open ldap? Is there some reason that this hasn't been integrated before?

In particular, I am referring to the documentation sections that run queries on the CiviCRM database, creates the views and the ldap table mappings. If this was all pre included with CiviCRM, it would take out the issue of the documentation being out of date since the db schema changed, etc. It would also make ldap configuring a lot more friendly to base level admins who may be able to set up open ldap but it is a bit overwhelming to try to remap the db syncs.

I checked the issue tracker to see if there is any activity on this, but I really only found this issue which is open/unresolved and doesn't look like it's been updated in a long time: http://issues.civicrm.org/jira/browse/CRM-205. I also see that it's scheduled for 3.0. Oh, that sounds so far away!

My org had this working with 1.9 and need to get it fixed before the 3.0 release, and I wager that many others are in my same position. So if this is indeed being postponed for 3.0, then I am very interested in getting any assistance on what changes need to be made in the documentation, and in the CiviCRM db queries in particular, to get this working. I'm ready and willing to document it!

Taking another look at the LDAP instructions, it looks to me that the changes are mainly in the section "Create views for CiviCRM data" (http://wiki.civicrm.org/confluence/display/CRMDOC/CiviCRM+LDAP+Integration?#CiviCRMLDAPIntegration-CreateviewsforCiviCRMdata)

Here is what I've noticed are the major differences with the views outlined in the instructions and the CiviCRM 2.0 schema:

- There is no civicrm location table. This view is most confusing to me, as I'm not sure exactly what it's looking for. It looks like location is only joined for the is_primary flag, which now appears to be in civicrm_address already. So I'm assuming civicrm_location was merged with civicrm_address? The only other question I can't answer is exactly what this WHERE statement wants:

Quote

WHERE civicrm_location.entity_table = 'civicrm_contact'

Do I even need that clause anymore?

- no civicrm_household table anymore; it looks like this is all in civicrm_contact now. If I need to flag household types, is that based on civicrm_contact.contact_type? I believe for this section of the documentation I will just need a new WHERE clause that will limit to households only.

- no civicrm_individual table, looks merged with civicrm_contact table. Changing this view seems straightforward. But again, will I need a new WHERE clause that flags contact_type as individual?

- no civicrm_organization table, again looks merged with civicrm_contact. Same as above; will I need a WHERE clause to flag as org?

It seems to me if I start with the CiviCRM views, then I should be able to backtrack and make any changes to the ldap structure. I greatly appreciate insight on the above.

Donald Lobo · June 18, 2008, 12:48:08 pm

In general the code, tables and documentation go together. Putting them in the CiviCRM DB also means that we maintain, upgrade test and support it. At this stage we dont have the energy / skills / resources to support LDAP

lobo

emilyf · June 18, 2008, 01:15:15 pm

OK, this is what I thought and makes sense. Which means I'm ready to get accurate documentation up on the wiki myself!

Does anyone have any insight on the 2nd half of my post?

CiviCRM Community Forums (archive)

News:

Author Topic: LDAP and 2.0 (Read 1822 times)

emilyf

LDAP and 2.0

cap10morgan

Re: LDAP and 2.0

emilyf

Re: LDAP and 2.0

Donald Lobo

Re: LDAP and 2.0

emilyf

Re: LDAP and 2.0