- Updated to OpenACS 5.9.1

5a95fce9 · Frank Bergmann · 27a282c1 · 5a95fce9 · 5a95fce9 · 5a95fce9
Commit 5a95fce9 authored Nov 03, 2020 by Frank Bergmann
24 changed files
--- a/acs-authentication.info
+++ b/acs-authentication.info
@@ -7,19 +7,19 @@
    <initial-install-p>t</initial-install-p>
    <singleton-p>t</singleton-p>
    
-    <version name="5.9.0" url="http://openacs.org/repository/download/apm/acs-authentication-5.9.0.apm">
+    <version name="5.9.1" url="http://openacs.org/repository/download/apm/acs-authentication-5.9.1.apm">
        <owner url="mailto:lars@collaboraid.biz">Lars Pind</owner>
        <summary>Authentication, account management, and related functionality.</summary>
-        <release-date>2015-10-04</release-date>
+        <release-date>2017-08-06</release-date>
        <vendor url="http://www.collaboraid.biz">Collaboraid</vendor>
        <maturity>3</maturity>
        <license url="http://www.gnu.org/copyleft/gpl.html">GPL version 2</license>
        <description format="text/html">Implements authentication-related security functions for OpenACS, including password, account and session management, bulk account creation etc.  Provides a contract based interface for different authentication methods such as PAM or LDAP based authentication.</description>

-        <provides url="acs-authentication" version="5.9.0"/>
-        <requires url="acs-kernel" version="5.9.0"/>
-        <requires url="acs-service-contract" version="5.9.0"/>
-        <requires url="acs-mail-lite" version="5.9.0"/>
+        <provides url="acs-authentication" version="5.9.1"/>
+        <requires url="acs-kernel" version="5.9.1"/>
+        <requires url="acs-service-contract" version="5.9.1"/>
+        <requires url="acs-mail-lite" version="5.9.1"/>

        <callbacks>
            <callback type="after-install"  proc="auth::package_install"/>

--- a/catalog/acs-authentication.de_DE.ISO-8859-1.xml
+++ b/catalog/acs-authentication.de_DE.ISO-8859-1.xml
 <?xml version="1.0" encoding="ISO-8859-1"?>
 <message_catalog package_key="acs-authentication" locale="de_DE" charset="ISO-8859-1">

-  <msg key="Add_to_Community">Zur Community hinzufgen</msg>
+  <msg key="Add_to_Community">Zur Gemeinschaft hinzufgen</msg>
  <msg key="Add_to_system_name">Zu %system_name% hinzufgen</msg>
-  <msg key="Does_not_have_an_account_on_system_name">Hat kein Konto auf %system_name%</msg>
-  <msg key="Has_account_on_system_name">Hat ein Konto auf %system_name%</msg>
+  <msg key="Does_not_have_an_account_on_system_name">Hat kein Benutzerkonto auf %system_name%</msg>
+  <msg key="Has_account_on_system_name">Hat ein Benutzerkonto auf %system_name%</msg>
  <msg key="Invalid_username_or_password">Benutzeridentifikation oder Passwort ist falsch</msg>
-  <msg key="lt_Not_getting_the_results_you_expected">Noch nichts gefunden? Benutzen Sie die Suche:</msg>
+  <msg key="lt_Not_getting_the_results_you_expected">Nicht die Resultate, die Sie erwartet haben? Suchen Sie nach: </msg>
 </message_catalog>
--- a/catalog/acs-authentication.fr_FR.ISO-8859-1.xml
+++ b/catalog/acs-authentication.fr_FR.ISO-8859-1.xml
 <?xml version="1.0" encoding="ISO-8859-1"?>
 <message_catalog package_key="acs-authentication" locale="fr_FR" charset="ISO-8859-1">

-  <msg key="Invalid_username_or_password">Nom d&#39;utilisateur ou mot de passe incorrect</msg>
+  <msg key="Invalid_username_or_password">Nom d'utilisateur ou mot de passe incorrect</msg>
 </message_catalog>
--- a/catalog/acs-authentication.it_IT.ISO-8859-1.xml
+++ b/catalog/acs-authentication.it_IT.ISO-8859-1.xml
 <?xml version="1.0" encoding="ISO-8859-1"?>
 <message_catalog package_key="acs-authentication" locale="it_IT" charset="ISO-8859-1">

+  <msg key="Add_to_Community">Aggiungi alla Comunit</msg>
+  <msg key="Add_to_system_name">Aggiungi a %system_name%</msg>
+  <msg key="Does_not_have_an_account_on_system_name">Non ha un account su %system_name%</msg>
+  <msg key="Has_account_on_system_name">Ha un account su %system_name%</msg>
  <msg key="Invalid_username_or_password">Nome utente o password non sono corretti</msg>
+  <msg key="lt_Not_getting_the_results_you_expected">Non stai ottenendo i risultati che ti aspettavi? Prova a cercare:</msg>
 </message_catalog>
--- a/catalog/acs-authentication.nl_NL.ISO-8859-1.xml
+++ b/catalog/acs-authentication.nl_NL.ISO-8859-1.xml
 <?xml version="1.0" encoding="ISO-8859-1"?>
 <message_catalog package_key="acs-authentication" locale="nl_NL" charset="ISO-8859-1">

-  <msg key="Add_to_Community">Toevoegen aan community</msg>
-  <msg key="Add_to_system_name">Toevoegen aan %system_name%</msg>
-  <msg key="Does_not_have_an_account_on_system_name">Heeft geen account op %system_name%</msg>
-  <msg key="Has_account_on_system_name">Heeft een account op %system_name%</msg>
  <msg key="Invalid_username_or_password">Ongeldige gebruikersnaam of wachtwoord</msg>
-  <msg key="lt_Not_getting_the_results_you_expected">Probeer te zoeken indien u niet de gewenste resultaten krijgt:</msg>
 </message_catalog>
--- a/lib/search.tcl
+++ b/lib/search.tcl
@@ -11,7 +11,7 @@ ad_page_contract {
    To add a member of a group
    add_to_subsite (list of label url)
    add_to_main_site (optional) (list of label url)
-    group_id (optional default to subsite applicaiton group)
+    group_id (optional default to subsite application group)
    rel_type (default to membership_rel)

 } {

--- a/tcl/authentication-procs.tcl
+++ b/tcl/authentication-procs.tcl
--- a/tcl/local-procs.tcl
+++ b/tcl/local-procs.tcl
@@ -123,7 +123,7 @@ ad_proc -private auth::local::authentication::MergeUser {
 	# domain 
 	set new_email $new_username
 	    
-	set rel_id [db_string getrelid { *SQL* }]  
+	set rel_id [db_string getrelid {}]  
 	membership_rel::change_state -rel_id $rel_id -state "merged"
 	
 	acs_user::update -user_id $from_user_id -username "$new_username" -screen_name "$new_username"
@@ -435,7 +435,7 @@ ad_proc -private auth::local::registration::GetElements {
        set result(required) username 
    }

-    set result(required) [concat $result(required) { email first_names last_name }]
+    lappend result(required) email first_names last_name
    set result(optional) { url }

    if { ![parameter::get -package_id [ad_conn subsite_id] -parameter RegistrationProvidesRandomPasswordP -default 0] } {
@@ -597,13 +597,13 @@ ad_proc -private auth::local::user_info::unregister_impl {} {
 }

 ad_proc -private auth::local::user_info::GetUserInfo {
-    user_id
+    username
    {parameters ""}
 } {
    Implements the GetUserInfo operation of the auth_user_info
    service contract for the local account implementation.
 } {
-
+    set user_id [acs_user::get_by_username -username $username]
    set result(info_status) [auth::get_local_account_status -user_id $user_id]
    set result(info_message) ""
    db_1row get_user_info {} -column_array user_info

--- a/tcl/password-procs.tcl
+++ b/tcl/password-procs.tcl
@@ -122,7 +122,7 @@ ad_proc -public auth::password::change {
            # Refresh the current user's cookies, so he doesn't get logged out, 
            # if this user was logged in before changing password
            if { [ad_conn isconnected] && $user_id == $connection_user_id } {
-                ad_user_login -account_status [ad_conn account_status] $user_id
+                auth::issue_login -account_status [ad_conn account_status] -user_id $user_id
            }
        } 
        no_account - not_supported - old_password_bad - new_password_bad - change_error - failed_to_connect {
@@ -178,7 +178,7 @@ ad_proc -public auth::password::recover_password {
            }
            return [array get result]
        }
-        set user_id [cc_lookup_email_user $email]
+        set user_id [party::get_by_email -email $email]
        if { $user_id eq "" } {
            set result(password_status) "failed_to_connect"
            set result(password_message) "Unknown email"
@@ -248,7 +248,7 @@ ad_proc -public auth::password::get_forgotten_url {
            set authority_id [auth::authority::local]
        }
    } else {
-        set user_id [cc_lookup_email_user $email]
+        set user_id [party::get_by_email -email $email]
        if { $user_id ne "" } {
            acs_user::get -user_id $user_id -array user
            set authority_id $user(authority_id)
@@ -512,7 +512,7 @@ ad_proc -private auth::password::email_password {
    {-body_msg_key "acs-subsite.email_body_Forgotten_password"}
    {-from ""}
 } {
-    Send an email to ther user with given username and authority with the new password.
+    Send an email to the user with given username and authority with the new password.

    @param from             The email's from address. Can be in email@foo.com <Your Name> format.
                            Defaults to ad_system_owner.
@@ -530,6 +530,16 @@ ad_proc -private auth::password::email_password {

    # Set up variables for use in message key
    set reset_password_url [export_vars -base "[ad_url]/user/password-update" {user_id {old_password $password}}]
+    set forgotten_password_url [auth::password::get_forgotten_url \
+                                    -authority_id $authority_id \
+                                    -username $user(username) \
+                                    -email $user(email)]
+    set subsite_info [security::get_register_subsite]
+    if {[dict get $subsite_info url] ne "/"} {
+        set forgotten_password_url [dict get $subsite_info url]$forgotten_password_url
+    }
+    set forgotten_password_url [security::get_qualified_url $forgotten_password_url]
+
    set system_owner [ad_system_owner]
    set system_name [ad_system_name]
    set system_url [ad_url]

--- a/tcl/test/acs-authentication-procs.tcl
+++ b/tcl/test/acs-authentication-procs.tcl
@@ -682,8 +682,9 @@ aa_register_case  \
            parameter::set_value -parameter UseEmailForLoginP -package_id [ad_acs_kernel_id] -value {}
            aa_true "Param UseEmailForLoginP {} -> true" [auth::UseEmailForLoginP]

+            # "foo" is an invalid value, it can't be true
            parameter::set_value -parameter UseEmailForLoginP -package_id [ad_acs_kernel_id] -value {foo}
-            aa_true "Param UseEmailForLoginP foo -> true" [auth::UseEmailForLoginP]
+            aa_false "Param UseEmailForLoginP foo -> false" [auth::UseEmailForLoginP]
            
            # Test login/registration
            

--- a/www/doc/acs-authentication.htm
+++ b/www/doc/acs-authentication.htm
--- a/www/doc/configure-batch-sync.adp
+++ b/www/doc/configure-batch-sync.adp

-<property name="context">{/doc/acs-authentication {Authentication}} {Configure Batch Synchronization}</property>
+<property name="context">{/doc/acs-authentication {ACS Authentication}} {Configure Batch Synchronization}</property>
 <property name="doc(title)">Configure Batch Synchronization</property>
 <master>
 <include src="/packages/acs-core-docs/lib/navheader"
@@ -54,13 +54,13 @@ incremental file record looks like:</p><pre class="programlisting">
  &lt;/sourcedid&gt;
  &lt;/person&gt;
 &lt;/enterprise&gt;
-</pre><p>A snapshot file is similar but doesn't have recstatus, since
-it's not a delta but a list of valid records. See the larger
+</pre><p>A snapshot file is similar but doesn&#39;t have recstatus, since
+it&#39;s not a delta but a list of valid records. See the larger
 example in the design document for more details.</p><p>(More information: <a href="ims-sync-driver-design" title="IMS Sync driver design">the section called “IMS Sync driver
 design”</a>, <a href="http://www.imsproject.org/enterprise/" target="_top">The IMS 1.1 spec</a>)</p>
 </li>
-</ol></div><div class="cvstag">($&zwnj;Id: configure-batch-sync.html,v 1.2
-2004/02/19 14:59:42 joela Exp $)</div>
+</ol></div><div class="cvstag">($&zwnj;Id: configure-batch-sync.html,v 1.2.22.1
+2016/07/16 17:28:03 gustafn Exp $)</div>
 </div>
 <include src="/packages/acs-core-docs/lib/navfooter"
 		    leftLink="ext-auth-ldap-install" leftLabel="Prev" leftTitle="Installing LDAP support"

--- a/www/doc/configure-batch-sync.html
+++ b/www/doc/configure-batch-sync.html
 <html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Configure Batch Synchronization</title><meta name="generator" content="DocBook XSL Stylesheets V1.64.1"><link rel="home" href="index.html" title="External Authentication"><link rel="up" href="ext-auth-install.html" title="Installation"><link rel="previous" href="ext-auth-ldap-install.html" title="Installing LDAP support"><link rel="next" href="ext-auth-design.html" title="Design"><link rel="stylesheet" href="openacs.css" type="text/css"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><a href="http://openacs.org"><img src="/doc/images/alex.jpg" border="0" alt="Alex logo"></a><table width="100%" summary="Navigation header" border="0"><tr><td width="20%" align="left"><a accesskey="p" href="ext-auth-ldap-install.html">Prev</a> </td><th width="60%" align="center">Installation</th><td width="20%" align="right"> <a accesskey="n" href="ext-auth-design.html">Next</a></td></tr></table><hr></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="configure-batch-sync"></a>Configure Batch Synchronization</h2></div></div><div></div></div><div class="orderedlist"><ol type="1"><li><p>Browse to the authentication administration page,
-            <tt class="computeroutput">http://<span class="replaceable"><span class="replaceable">yourserver</span></span><a href="/acs-admin/auth/" target="_top">/acs-admin/auth/</a></tt>
+            <tt class="computeroutput">http://<span class="replaceable"><span class="replaceable">yourserver</span></span><a href="/acs-admin/auth/" target="_top">/acs-admin/auth/</a></kbd>
            and choose an authority for batch sync.</p></li><li><p>Set Batch sync enabled to Yes.  Set GetDocument
-              Implementation to HTTP GET.  Set ProcessDocument Implementation to IMS Enterprise 1.1.  These settings will cause OpenACS to attempt to retrieve via HTTP a list of users in XML format from a location we will specify in a few steps.</p></li><li><p>Click OK.</p></li><li><p>On the next page, click <tt class="computeroutput">Configure</tt> on the GetDocument Implementation line.</p></li><li><p>Enter either or both the IncrementalURL and SnapshotURL.  These are the URLs which the external Authority will supply with XML files in IMS Enterprise 1.1 format.</p></li><li><p>Configure your Authority (RADIUS server, etc) to
+              Implementation to HTTP GET.  Set ProcessDocument Implementation to IMS Enterprise 1.1.  These settings will cause OpenACS to attempt to retrieve via HTTP a list of users in XML format from a location we will specify in a few steps.</p></li><li><p>Click OK.</p></li><li><p>On the next page, click <tt class="computeroutput">Configure</kbd> on the GetDocument Implementation line.</p></li><li><p>Enter either or both the IncrementalURL and SnapshotURL.  These are the URLs which the external Authority will supply with XML files in IMS Enterprise 1.1 format.</p></li><li><p>Configure your Authority (RADIUS server, etc) to
            supply XML files to the URLs IncrementalURL and
            SnapshotURL.  A typical set of incremental file record
            looks like:</p><pre class="programlisting">&lt;?xml version="1.0" encoding="ISO-8859-1"?&gt;

--- a/www/doc/ext-auth-design.adp
+++ b/www/doc/ext-auth-design.adp

-<property name="context">{/doc/acs-authentication {Authentication}} {Design}</property>
+<property name="context">{/doc/acs-authentication {ACS Authentication}} {Design}</property>
 <property name="doc(title)">Design</property>
 <master>
 <include src="/packages/acs-core-docs/lib/navheader"
@@ -11,7 +11,7 @@
 <div><div><h2 class="title">
 <a name="ext-auth-design" id="ext-auth-design"></a>Design</h2></div></div><hr>
 </div><div class="toc">
-<p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="ims-sync-driver-design">IMS
+<p><strong>Table of Contents</strong></p><dl><dt><span class="sect1"><a href="ims-sync-driver-design">IMS
 Sync driver design</a></span></dt></dl>
 </div><div class="authorblurb">by <a href="mailto:joel\@aufrecht.org" target="_top">Joel Aufrecht</a> OpenACS docs are written by the
 named authors, and may be edited by OpenACS documentation

--- a/www/doc/ext-auth-design.html
+++ b/www/doc/ext-auth-design.html
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Design</title><meta name="generator" content="DocBook XSL Stylesheets V1.64.1"><link rel="home" href="index.html" title="External Authentication"><link rel="up" href="index.html" title="External Authentication"><link rel="previous" href="configure-batch-sync.html" title="Configure Batch Synchronization"><link rel="next" href="ims-sync-driver-design.html" title="IMS Sync driver design"><link rel="stylesheet" href="openacs.css" type="text/css"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><a href="http://openacs.org"><img src="/doc/images/alex.jpg" border="0" alt="Alex logo"></a><table width="100%" summary="Navigation header" border="0"><tr><td width="20%" align="left"><a accesskey="p" href="configure-batch-sync.html">Prev</a> </td><th width="60%" align="center"></th><td width="20%" align="right"> <a accesskey="n" href="ims-sync-driver-design.html">Next</a></td></tr></table><hr></div><div class="article" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="ext-auth-design"></a>Design</h2></div></div><div></div><hr></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="ims-sync-driver-design.html">IMS Sync driver design</a></span></dt></dl></div><div class="authorblurb">
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>Design</title>
+<meta name="generator" content="DocBook XSL Stylesheets V1.64.1">
+<link rel="home" href="index.html" title="External Authentication">
+<link rel="up" href="index.html" title="External Authentication">
+<link rel="previous" href="configure-batch-sync.html" title="Configure Batch Synchronization">
+<link rel="next" href="ims-sync-driver-design.html" title="IMS Sync driver design">
+<link rel="stylesheet" href="openacs.css" type="text/css">
+</head>
+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
+<div class="navheader"><a href="http://openacs.org"><img src="/doc/images/alex.jpg" border="0" alt="Alex logo"></a>
+  <table width="100%" summary="Navigation header" border="0">
+    <tr><td width="20%" align="left"><a accesskey="p" href="configure-batch-sync.html">Prev</a> </td>
+    <th width="60%" align="center"></th><td width="20%" align="right"> <a accesskey="n" href="ims-sync-driver-design.html">Next</a></td>
+  </tr>
+</table>
+<hr>
+</div>
+<div class="article" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="ext-auth-design"></a>Design</h2></div></div><div></div><hr></div><div class="toc"><p>
+  <strong>Table of Contents</strong></p><dl><dt><span class="sect1"><a href="ims-sync-driver-design.html">IMS Sync driver design</a></span></dt></dl></div><div class="authorblurb">
      by <a href="mailto:joel@aufrecht.org" target="_top">Joel Aufrecht</a>
          OpenACS docs are written by the named authors, and may be edited
          by OpenACS documentation staff.

--- a/www/doc/ext-auth-install.adp
+++ b/www/doc/ext-auth-install.adp

-<property name="context">{/doc/acs-authentication {Authentication}} {Installation}</property>
+<property name="context">{/doc/acs-authentication {ACS Authentication}} {Installation}</property>
 <property name="doc(title)">Installation</property>
 <master>
 <include src="/packages/acs-core-docs/lib/navheader"
@@ -11,7 +11,7 @@
 <div><div><h2 class="title">
 <a name="ext-auth-install" id="ext-auth-install"></a>Installation</h2></div></div><hr>
 </div><div class="toc">
-<p><b>Table of Contents</b></p><dl>
+<p><strong>Table of Contents</strong></p><dl>
 <dt><span class="sect1"><a href="ext-auth-pam-install">Using
 Pluggable Authentication Modules (PAM) with OpenACS</a></span></dt><dt><span class="sect1"><a href="ext-auth-ldap-install">Using
 LDAP/Active Directory with OpenACS</a></span></dt><dt><span class="sect1"><a href="configure-batch-sync">Configure Batch

--- a/www/doc/ext-auth-install.html
+++ b/www/doc/ext-auth-install.html
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Installation</title><meta name="generator" content="DocBook XSL Stylesheets V1.68.1"><link rel="home" href="index.html" title="External Authentication"><link rel="up" href="index.html" title="External Authentication"><link rel="previous" href="index.html" title="External Authentication"><link rel="next" href="ext-auth-pam-install.html" title="Using Pluggable Authentication Modules (PAM) with OpenACS"><link rel="stylesheet" href="openacs.css" type="text/css"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><a href="http://openacs.org"><img src="/doc/images/alex.jpg" border="0" alt="Alex logo"></a><table width="100%" summary="Navigation header" border="0"><tr><td width="20%" align="left"><a accesskey="p" href="index.html">Prev</a> </td><th width="60%" align="center"></th><td width="20%" align="right"> <a accesskey="n" href="ext-auth-pam-install.html">Next</a></td></tr></table><hr></div><div class="article" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="ext-auth-install"></a>Installation</h2></div></div><hr></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="ext-auth-pam-install.html">Using Pluggable Authentication Modules (PAM) with OpenACS</a></span></dt><dt><span class="sect1"><a href="ext-auth-ldap-install.html">Using LDAP/Active Directory with OpenACS</a></span></dt><dt><span class="sect1"><a href="configure-batch-sync.html">Configure Batch Synchronization</a></span></dt></dl></div><div class="authorblurb"><p>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Installation</title><meta name="generator" content="DocBook XSL Stylesheets V1.68.1"><link rel="home" href="index.html" title="External Authentication"><link rel="up" href="index.html" title="External Authentication"><link rel="previous" href="index.html" title="External Authentication"><link rel="next" href="ext-auth-pam-install.html" title="Using Pluggable Authentication Modules (PAM) with OpenACS"><link rel="stylesheet" href="openacs.css" type="text/css"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><a href="http://openacs.org"><img src="/doc/images/alex.jpg" border="0" alt="Alex logo"></a><table width="100%" summary="Navigation header" border="0"><tr><td width="20%" align="left"><a accesskey="p" href="index.html">Prev</a> </td><th width="60%" align="center"></th><td width="20%" align="right"> <a accesskey="n" href="ext-auth-pam-install.html">Next</a></td></tr></table><hr></div><div class="article" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="ext-auth-install"></a>Installation</h2></div></div><hr></div><div class="toc"><p><strong>Table of Contents</strong></p><dl><dt><span class="sect1"><a href="ext-auth-pam-install.html">Using Pluggable Authentication Modules (PAM) with OpenACS</a></span></dt><dt><span class="sect1"><a href="ext-auth-ldap-install.html">Using LDAP/Active Directory with OpenACS</a></span></dt><dt><span class="sect1"><a href="configure-batch-sync.html">Configure Batch Synchronization</a></span></dt></dl></div><div class="authorblurb"><p>
      by <a href="http://openacs.org/shared/community-member?user_id=8561" target="_top">Joel Aufrecht</a>
      </p>
          OpenACS docs are written by the named authors, and may be edited

--- a/www/doc/ext-auth-ldap-install.adp
+++ b/www/doc/ext-auth-ldap-install.adp
--- a/www/doc/ext-auth-ldap-install.html
+++ b/www/doc/ext-auth-ldap-install.html
--- a/www/doc/ext-auth-pam-install.adp
+++ b/www/doc/ext-auth-pam-install.adp

-<property name="context">{/doc/acs-authentication {Authentication}} {Using Pluggable Authentication Modules (PAM) with
+<property name="context">{/doc/acs-authentication {ACS Authentication}} {Using Pluggable Authentication Modules (PAM) with
 OpenACS}</property>
 <property name="doc(title)">Using Pluggable Authentication Modules (PAM) with
 OpenACS</property>
@@ -15,16 +15,16 @@ Pluggable Authentication Modules (PAM) with OpenACS</h2></div></div></div><p>Ope
 AOLserver.</p><div class="orderedlist"><ol type="1">
 <li>
 <p>
-<b>Add PAM support to AOLserver. </b>OpenACS supports PAM
-support via the PAM AOLserver module. PAM is system of modular
-support, and can provide local (unix password), RADIUS, LDAP
-(<a href="http://www.tldp.org/HOWTO/LDAP-Implementation-HOWTO/pamnss.html" target="_top">more information</a>), and other forms of
+<strong>Add PAM support to
+AOLserver. </strong>OpenACS supports PAM support via
+the PAM AOLserver module. PAM is system of modular support, and can
+provide local (unix password), RADIUS, LDAP (<a href="http://www.tldp.org/HOWTO/archived/LDAP-Implementation-HOWTO/pamnss.html" target="_top">more information</a>), and other forms of
 authentication. Note that due to security issues, the AOLserver PAM
 module cannot be used for local password authentication.</p><div class="orderedlist"><ol type="a">
 <li>
 <p>
-<a name="install-nspam" id="install-nspam"></a><b>Compile and
-install ns_pam. </b>Download the <a href="/doc/nspam-download" target="_top">tarball</a> to <code class="computeroutput">/tmp</code>.</p><p>Debian users: first do <strong class="userinput"><code>apt-get
+<a name="install-nspam" id="install-nspam"></a><strong>Compile
+and install ns_pam. </strong>Download the <a href="/doc/nspam-download" target="_top">tarball</a> to <code class="computeroutput">/tmp</code>.</p><p>Debian users: first do <strong class="userinput"><code>apt-get
 install libpam-dev</code></strong>
 </p><pre class="screen">
 [root\@yourserver root]# <strong class="userinput"><code>cd /usr/local/src/aolserver</code></strong>
@@ -52,15 +52,15 @@ make install</span></span>
 </pre>
 </li><li>
 <p>
-<b>Set up a PAM domain. </b>A PAM domain is a set of rules
-for granting privileges based on other programs. Each instance of
-AOLserver uses a domain; different aolserver instances can use the
-same domain but one AOLserver instance cannot use two domains. The
-domain describes which intermediate programs will be used to check
-permissions. You may need to install software to perform new types
-of authentication.</p><div class="itemizedlist"><ul type="disc">
+<strong>Set up a PAM domain. </strong>A PAM domain
+is a set of rules for granting privileges based on other programs.
+Each instance of AOLserver uses a domain; different aolserver
+instances can use the same domain but one AOLserver instance cannot
+use two domains. The domain describes which intermediate programs
+will be used to check permissions. You may need to install software
+to perform new types of authentication.</p><div class="itemizedlist"><ul type="disc">
 <li>
-<p><b>RADIUS in PAM. </b></p><div class="orderedlist"><ol type="i">
+<p><strong>RADIUS in PAM. </strong></p><div class="orderedlist"><ol type="i">
 <li>
 <p>Untar the <a href="/doc/individual-programs" target="_top">pam_radius tarball</a> and compile and install. (<a href="http://www.freeradius.org/pam_radius_auth/" target="_top">more
 information</a>)</p><pre class="screen">
@@ -101,29 +101,31 @@ file name, not the fully pathed name) of the domain file in</p><pre class="progr
 </li>
 </ol></div>
 </li><li><p>
-<b>LDAP in PAM. </b><a href="http://www.tldp.org/HOWTO/LDAP-Implementation-HOWTO/pamnss.html#AEN110" target="_top">more information</a>
+<strong>LDAP in PAM. </strong><a href="http://www.tldp.org/HOWTO/archived/LDAP-Implementation-HOWTO/pamnss.html#AEN110" target="_top">more information</a>
 </p></li>
 </ul></div>
 </li><li>
-<p><b>Modify the AOLserver configuration file to support
-ns_pam. </b></p><p>In <code class="computeroutput">/var/lib/aolserver/<span class="replaceable"><span class="replaceable">service0</span></span>/etc/config.tcl</code>, enable
+<p><strong>Modify the AOLserver configuration file to support
+ns_pam. </strong></p><p>In <code class="computeroutput">/var/lib/aolserver/<span class="replaceable"><span class="replaceable">service0</span></span>/etc/config.tcl</code>, enable
 the nspam module by uncommenting this line:</p><pre class="programlisting">
 ns_param   nspam           ${bindir}/nspam.so
 </pre>
 </li>
 </ol></div>
 </li><li><p>
-<b>Install auth-pam OpenACS service package. </b><a href="/acs-admin/install/" target="_top">Install</a><code class="computeroutput">auth-pam</code> and restart the server.</p></li><li>
+<strong>Install auth-pam OpenACS service
+package. </strong><a href="/acs-admin/install/" target="_top">Install</a><code class="computeroutput">auth-pam</code> and
+restart the server.</p></li><li>
 <p>
-<a name="ext-auth-create-authority" id="ext-auth-create-authority"></a><b>Create an OpenACS
-authority. </b>OpenACS supports multiple authentication
-authorities. The OpenACS server itself is the "Local Authority,"
-used by default.</p><div class="orderedlist"><ol type="a">
+<a name="ext-auth-create-authority" id="ext-auth-create-authority"></a><strong>Create an OpenACS
+authority. </strong>OpenACS supports multiple
+authentication authorities. The OpenACS server itself is the
+"Local Authority," used by default.</p><div class="orderedlist"><ol type="a">
 <li><p>Browse to the authentication administration page, <code class="computeroutput">http://<span class="replaceable"><span class="replaceable">yourserver</span></span><a href="/acs-admin/auth/" target="_top">/acs-admin/auth/</a>
 </code>. Create and name an
 authority (in the sitewide admin UI)</p></li><li><p>Set Authentication to PAM.</p></li><li><p>If the PAM domain defines a <code class="computeroutput">password</code> command, you can set Password
-Management to PAM. If not, the PAM module cannot change the user's
-password and you should leave this option Disabled.</p></li><li><p>Leave Account Registration disabed.</p></li><li><p><a href="configure-batch-sync" title="Configure Batch Synchronization">Configure Batch
+Management to PAM. If not, the PAM module cannot change the
+user&#39;s password and you should leave this option Disabled.</p></li><li><p>Leave Account Registration disabed.</p></li><li><p><a href="configure-batch-sync" title="Configure Batch Synchronization">Configure Batch
 Synchronization</a></p></li>
 </ol></div>
 </li>

--- a/www/doc/ext-auth-pam-install.html
+++ b/www/doc/ext-auth-pam-install.html
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Using Pluggable Authentication Modules (PAM) with OpenACS</title><meta name="generator" content="DocBook XSL Stylesheets V1.68.1"><link rel="home" href="index.html" title="External Authentication"><link rel="up" href="ext-auth-install.html" title="Installation"><link rel="previous" href="ext-auth-install.html" title="Installation"><link rel="next" href="ext-auth-ldap-install.html" title="Using LDAP/Active Directory with OpenACS"><link rel="stylesheet" href="openacs.css" type="text/css"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><a href="http://openacs.org"><img src="/doc/images/alex.jpg" border="0" alt="Alex logo"></a><table width="100%" summary="Navigation header" border="0"><tr><td width="20%" align="left"><a accesskey="p" href="ext-auth-install.html">Prev</a> </td><th width="60%" align="center">Installation</th><td width="20%" align="right"> <a accesskey="n" href="ext-auth-ldap-install.html">Next</a></td></tr></table><hr></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="ext-auth-pam-install"></a>Using Pluggable Authentication Modules (PAM) with OpenACS</h2></div></div></div><p>OpenACS supports PAM authetication via the ns_pam module in AOLserver.</p><div class="orderedlist"><ol type="1"><li><p><b>Add PAM support to AOLserver.</b>OpenACS supports PAM support via the PAM AOLserver
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Using Pluggable Authentication Modules (PAM) with OpenACS</title><meta name="generator" content="DocBook XSL Stylesheets V1.68.1"><link rel="home" href="index.html" title="External Authentication"><link rel="up" href="ext-auth-install.html" title="Installation"><link rel="previous" href="ext-auth-install.html" title="Installation"><link rel="next" href="ext-auth-ldap-install.html" title="Using LDAP/Active Directory with OpenACS"><link rel="stylesheet" href="openacs.css" type="text/css"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><a href="http://openacs.org"><img src="/doc/images/alex.jpg" border="0" alt="Alex logo"></a><table width="100%" summary="Navigation header" border="0"><tr><td width="20%" align="left"><a accesskey="p" href="ext-auth-install.html">Prev</a> </td><th width="60%" align="center">Installation</th><td width="20%" align="right"> <a accesskey="n" href="ext-auth-ldap-install.html">Next</a></td></tr></table><hr></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="ext-auth-pam-install"></a>Using Pluggable Authentication Modules (PAM) with OpenACS</h2></div></div></div><p>OpenACS supports PAM authetication via the ns_pam module in AOLserver.</p><div class="orderedlist"><ol type="1"><li><p><strong>Add PAM support to AOLserver. </strong>OpenACS supports PAM support via the PAM AOLserver
        module.  PAM is system of modular support, and can provide
-        local (unix password), RADIUS, LDAP (<a href="http://www.tldp.org/HOWTO/LDAP-Implementation-HOWTO/pamnss.html" target="_top">more
+        local (unix password), RADIUS, LDAP (<a href="http://www.tldp.org/HOWTO/archived/LDAP-Implementation-HOWTO/pamnss.html" target="_top">more
        information</a>), and other forms of
        authentication.  Note that due to security issues, the
        AOLserver PAM module cannot be used for local password
-        authentication.  </p><div class="orderedlist"><ol type="a"><li><p><a name="install-nspam"></a><b>Compile and install ns_pam.</b>Download the <a href="/doc/nspam-download" target="_top">tarball</a> to
+        authentication.  </p><div class="orderedlist"><ol type="a"><li><p><a name="install-nspam"></a><strong>Compile and install ns_pam. </strong>Download the <a href="/doc/nspam-download" target="_top">tarball</a> to
            <code class="computeroutput">/tmp</code>.</p><p>Debian users: first do <strong class="userinput"><code>apt-get install libpam-dev</code></strong></p><pre class="screen">[root@yourserver root]# <strong class="userinput"><code>cd /usr/local/src/aolserver</code></strong>
 [root@yourserver aolserver]# <strong class="userinput"><code>tar xzf /tmp/ns_pam-0.1.tar.gz</code></strong>
 [root@yourserver aolserver]# <strong class="userinput"><code>cd nspam</code></strong>
@@ -26,7 +26,7 @@ gcc -shared -nostartfiles -o nspam.so nspam.o pam_support.o -lpam
 tar xzf /tmp/ns_pam-0.1.tar.gz
 cd nspam
 make
-make install</span></span></pre></li><li><p><b>Set up a PAM domain.</b>A PAM domain is a set of rules for granting
+make install</span></span></pre></li><li><p><strong>Set up a PAM domain. </strong>A PAM domain is a set of rules for granting
            privileges based on other programs.  Each instance of
              AOLserver uses a domain; different aolserver instances
              can use the same domain but one AOLserver instance
@@ -34,7 +34,7 @@ make install</span></span></pre></li><li><p><b>Set up a PAM domain.
              which intermediate programs will be used to check
              permissions.  You may need to install software to
              perform new types of authentication.
-</p><div class="itemizedlist"><ul type="disc"><li><p><b>RADIUS in PAM.</b></p><div class="orderedlist"><ol type="i"><li><p>Untar the <a href="/doc/individual-programs.html#pam-radius-download" target="_top">pam_radius
+</p><div class="itemizedlist"><ul type="disc"><li><p><strong>RADIUS in PAM. </strong></p><div class="orderedlist"><ol type="i"><li><p>Untar the <a href="/doc/individual-programs.html#pam-radius-download" target="_top">pam_radius
                    tarball</a> and compile and install.  (<a href="http://www.freeradius.org/pam_radius_auth/" target="_top">more
                    information</a>)</p><pre class="screen">[root@yourserver root]# <strong class="userinput"><code>cd /usr/local/src/</code></strong>
 [root@yourserver src]# <strong class="userinput"><code>tar xf /tmp/pam_radius-1.3.16.tar</code></strong>
@@ -59,8 +59,8 @@ cp pam_radius_auth.so /lib/security/pam_radius_auth.so</span></span></pre><p>Deb
                <code class="computeroutput">/etc/pam.d/<span class="replaceable"><span class="replaceable">service0</span></span></code>
                with these contents:</p><pre class="programlisting">auth       sufficient   /lib/security/pam_radius_auth.so
 </pre></li><li><p>Modify the AOLserver configuration file to use
-                this PAM domain.  Edit the line</p><pre class="programlisting">ns_param   PamDomain             "<span class="replaceable"><span class="replaceable">service0</span></span>"</pre><p>So that the value of the parameter matches the name (just the file name, not the fully pathed name) of the domain file in </p><pre class="programlisting">/etc/pam.d/</pre></li></ol></div></li><li><p><b>LDAP in PAM.</b><a href="http://www.tldp.org/HOWTO/LDAP-Implementation-HOWTO/pamnss.html#AEN110" target="_top">more information</a></p></li></ul></div></li><li><p><b>Modify the AOLserver configuration file to support ns_pam.</b></p><p>In
-          <code class="computeroutput">/var/lib/aolserver/<span class="replaceable"><span class="replaceable">service0</span></span>/etc/config.tcl</code>, enable the nspam module by uncommenting this line:</p><pre class="programlisting">ns_param   nspam           ${bindir}/nspam.so</pre></li></ol></div></li><li><p><b>Install auth-pam OpenACS service package.</b><a href="/acs-admin/install/" target="_top">Install</a> <code class="computeroutput">auth-pam</code> and restart the server.</p></li><li><p><a name="ext-auth-create-authority"></a><b>Create an OpenACS authority.</b>OpenACS supports multiple authentication authorities.
+                this PAM domain.  Edit the line</p><pre class="programlisting">ns_param   PamDomain             "<span class="replaceable"><span class="replaceable">service0</span></span>"</pre><p>So that the value of the parameter matches the name (just the file name, not the fully pathed name) of the domain file in </p><pre class="programlisting">/etc/pam.d/</pre></li></ol></div></li><li><p><strong>LDAP in PAM. </strong><a href="http://www.tldp.org/HOWTO/archived/LDAP-Implementation-HOWTO/pamnss.html#AEN110" target="_top">more information</a></p></li></ul></div></li><li><p><strong>Modify the AOLserver configuration file to support ns_pam. </strong></p><p>In
+          <code class="computeroutput">/var/lib/aolserver/<span class="replaceable"><span class="replaceable">service0</span></span>/etc/config.tcl</code>, enable the nspam module by uncommenting this line:</p><pre class="programlisting">ns_param   nspam           ${bindir}/nspam.so</pre></li></ol></div></li><li><p><strong>Install auth-pam OpenACS service package. </strong><a href="/acs-admin/install/" target="_top">Install</a> <code class="computeroutput">auth-pam</code> and restart the server.</p></li><li><p><a name="ext-auth-create-authority"></a><strong>Create an OpenACS authority. </strong>OpenACS supports multiple authentication authorities.
        The OpenACS server itself is the "Local Authority," used by
        default.</p><div class="orderedlist"><ol type="a"><li><p>Browse to the authentication administration page,
            <code class="computeroutput">http://<span class="replaceable"><span class="replaceable">yourserver</span></span><a href="/acs-admin/auth/" target="_top">/acs-admin/auth/</a></code>.

--- a/www/doc/ims-sync-driver-design.adp
+++ b/www/doc/ims-sync-driver-design.adp

-<property name="context">{/doc/acs-authentication {Authentication}} {IMS Sync driver design}</property>
+<property name="context">{/doc/acs-authentication {ACS Authentication}} {IMS Sync driver design}</property>
 <property name="doc(title)">IMS Sync driver design</property>
 <master>
 <include src="/packages/acs-core-docs/lib/navheader"
@@ -13,9 +13,9 @@ driver design</h2></div></div></div><div class="authorblurb">by <a href="mailto:
 authors, and may be edited by OpenACS documentation staff.</div><div class="sect2" lang="en">
 <div class="titlepage"><div><div><h3 class="title">
 <a name="id2453048" id="id2453048"></a>TODO</h3></div></div></div><p>We need examples of how the communication would be done from our
-clients.</p><p>The "GetDocument" communications service contract could be a
-generic system-wide service contract.</p><p>We might need a source/ID column in the users table to identify
-where they're imported from for doing updates, particularly if
+clients.</p><p>The "GetDocument" communications service contract
+could be a generic system-wide service contract.</p><p>We might need a source/ID column in the users table to identify
+where they&#39;re imported from for doing updates, particularly if
 importing from multiple sources (or when some users are local.)</p>
 </div><div class="sect2" lang="en">
 <div class="titlepage"><div><div><h3 class="title">
@@ -24,10 +24,11 @@ Story</h3></div></div></div><div class="orderedlist"><ol type="1">
 <li><p>We will parse a document in the <a href="http://www.imsglobal.org/enterprise/index.cfm" target="_top">IMS
 Enterprise Specification</a> format (<a href="http://www.imsglobal.org/enterprise/entv1p1/imsent_bestv1p1.html#1404584" target="_top">example XML document</a>), and translate it into
 calls to the batch user sync API.</p></li><li><p>The document will contain either the complete user listitemst
-(IMS: "snapshot"), or an incremental user listitemst (IMS: "Event
-Driven" -- contains only adds, edits, and deletes). You could for
-example do a complete transfer once a month, and incrementals every
-night. The invocation should decide which type is returned.</p></li>
+(IMS: "snapshot"), or an incremental user listitemst
+(IMS: "Event Driven" -- contains only adds, edits, and
+deletes). You could for example do a complete transfer once a
+month, and incrementals every night. The invocation should decide
+which type is returned.</p></li>
 </ol></div><p>The design should favor interoperability, reliability and
 robustness.</p><pre class="programlisting">
 &lt;enterprise&gt;
@@ -148,9 +149,10 @@ for { ... loop over persons in the document ... } {
 </pre><p>Mandatory fields which we can rely on are:</p><div class="orderedlist"><ol type="1">
 <li><p>sourcedid: ID as defined by the source system. Used for
 username.</p></li><li><p>name.fn (formatted name). Used for first_names, last_name</p></li>
-</ol></div><p>Note that we require 'email' attribute, but the IMS Enterprise
-spec does not. Hence, unless we change our data model to allow
-users without an email address, we will have to throw an error.</p><p>Here's how we map IMS enterprise to OpenACS tables.</p><div class="orderedlist"><ol type="1">
+</ol></div><p>Note that we require 'email' attribute, but the IMS
+Enterprise spec does not. Hence, unless we change our data model to
+allow users without an email address, we will have to throw an
+error.</p><p>Here&#39;s how we map IMS enterprise to OpenACS tables.</p><div class="orderedlist"><ol type="1">
 <li>
 <p>username:</p><div class="orderedlist"><ol type="a">
 <li><p>&lt;userid&gt; <span class="emphasis"><em>...</em></span>
@@ -192,8 +194,8 @@ Resources</h3></div></div></div><div class="itemizedlist"><ul type="disc">
 article says that IMS Enterprise 1.1 (current version) does not
 address the communication model, which is critically missing for
 real seamless interoperability. IMS Enterprise 2.0 will address
-this, but Blackboard, who's influential in the IMS committee, is
-adopting OKI's programming interrfaces for this.</p></li><li><p><a href="http://www.cetis.ac.uk/content/20030717185453" target="_top">IMS and OKI, the wire and the socket</a></p></li>
+this, but Blackboard, who&#39;s influential in the IMS committee,
+is adopting OKI&#39;s programming interrfaces for this.</p></li><li><p><a href="http://www.cetis.ac.uk/content/20030717185453" target="_top">IMS and OKI, the wire and the socket</a></p></li>
 </ul></div>
 </div>
 </div>

--- a/www/doc/index.adp
+++ b/www/doc/index.adp

-<property name="context">{/doc/acs-authentication {Authentication}} {External Authentication}</property>
+<property name="context">{/doc/acs-authentication {ACS Authentication}} {External Authentication}</property>
 <property name="doc(title)">External Authentication</property>
 <master>
 <div class="book" lang="en">

--- a/www/doc/xml/install.xml
+++ b/www/doc/xml/install.xml
@@ -22,7 +22,7 @@
            <para>OpenACS supports PAM support via the PAM AOLserver
        module.  PAM is system of modular support, and can provide
        local (unix password), RADIUS, LDAP (<ulink
-        url="http://www.tldp.org/HOWTO/LDAP-Implementation-HOWTO/pamnss.html">more
+        url="http://www.tldp.org/HOWTO/archived/LDAP-Implementation-HOWTO/pamnss.html">more
        information</ulink>), and other forms of
        authentication.  Note that due to security issues, the
        AOLserver PAM module cannot be used for local password
@@ -125,7 +125,7 @@ cp pam_radius_auth.so /lib/security/pam_radius_auth.so</action></screen>
                <listitem>
                  <formalpara>
                    <title>LDAP in PAM</title>
-                    <para><ulink url="http://www.tldp.org/HOWTO/LDAP-Implementation-HOWTO/pamnss.html#AEN110">more information</ulink></para>
+                    <para><ulink url="http://www.tldp.org/HOWTO/archived/LDAP-Implementation-HOWTO/pamnss.html#AEN110">more information</ulink></para>
                  </formalpara>
                </listitem>
              </itemizedlist>
@@ -190,7 +190,7 @@ cp pam_radius_auth.so /lib/security/pam_radius_auth.so</action></screen>
    <para>You do not want to make users remember yet another password and username. If you can avoid it you do not want to store their passwords either. This document should help you set your system up so your users can seamlessly log in to your OpenACS instance using the password they are accustomed to using for other things at your institution.</para></formalpara>
    <formalpara>
    <title>Background</title>
-     <para>The original OpenACS LDAP implementation (which has been depreciated by this package) treated the LDAP server as another data store similar to Oracle or Postgresql. It opened a connection using a priveleged account and read or stored an encrypted password for the user in question. This password was independent of the user's operating system or network account, and had to be synchronized if you wanted the same password for OpenACS.</para>
+     <para>The original OpenACS LDAP implementation (which has been depreciated by this package) treated the LDAP server as another data store similar to Oracle or Postgresql. It opened a connection using a privileged account and read or stored an encrypted password for the user in question. This password was independent of the user's operating system or network account, and had to be synchronized if you wanted the same password for OpenACS.</para>
     <para>Save their passwords? Sync passwords? Deal with forgotten password requests? No Thanks. Using ldap bind, you can delegate authentication completely to LDAP. This way you can let the IT department (if you are lucky) worry about password storage/synchronization/etc. The bind operation takes a username and password and returns a true of false depending on whether they match up. This document takes the 'bind' approach so that your users LDAP/AD password (or whatever else you use) can be used to login to OpenACS.</para></formalpara>
    <formalpara>
     <title>Note on Account Creation</title>
@@ -303,7 +303,7 @@ if {[ns_ldap bind $lh $fdn $password]} {
 </orderedlist>
 <formalpara>
 <title>Troubleshooting</title>
- <para>If you're having trouble figuring out some the values for the ldapm, see this useful page on <ulink url="http://bugzilla.glob.com.au/activedirectory/">setting up Active Directory integration with Bugzilla</ulink>. It explains how distinguished names are defined in Active Directory, and how to test that you have the correct values for connectivity and base DN using the OpenLDAP command-line utility ldapsearch.</para>
+ <para>If you're having trouble figuring out some the values for the ldapm, see this useful page on <ulink url="https://www.rhyous.com/2009/11/10/how-to-configure-bugzilla-to-authenticate-to-active-directory/">setting up Active Directory integration with Bugzilla</ulink>. It explains how distinguished names are defined in Active Directory, and how to test that you have the correct values for connectivity and base DN using the OpenLDAP command-line utility ldapsearch.</para>
 <para>John had an issue where nsldap was not loading because AOLServer couldn't find the openldap client libraries, but he was able to fix it by adding the openldap libraries to his LD_LIBRARY_PATH (e.g. /usr/local/openldap/lib)</para></formalpara>
 <formalpara>
  <title>Credits</title>