- Upgrade to V4.0

acs-authentication.info

@@ -2,23 +2,25 @@
 <!-- Generated by the OpenACS Package Manager -->
 
 <package key="acs-authentication" url="http://openacs.org/repository/apm/packages/acs-authentication" type="apm_service">
-    <license>GPL V2.0 or any later version</license>
     <package-name>Authentication</package-name>
     <pretty-plural>Authentication</pretty-plural>
     <initial-install-p>t</initial-install-p>
     <singleton-p>t</singleton-p>
     
-    <version name="5.1.6" url="http://openacs.org/repository/download/apm/acs-authentication-5.1.6.apm">
+    <version name="5.6.0" url="http://openacs.org/repository/download/apm/acs-authentication-5.6.0.apm">
         <owner url="mailto:lars@collaboraid.biz">Lars Pind</owner>
         <summary>Authentication, account management, and related functionality.</summary>
-        <release-date>2004-02-28</release-date>
+        <release-date>2010-06-17</release-date>
         <maturity>3</maturity>
         <vendor url="http://www.collaboraid.biz">Collaboraid</vendor>
+        <maturity>3</maturity>
+        <license url="http://www.gnu.org/copyleft/gpl.html">GPL version 2</license>
         <description format="text/html">Implements authentication-related security functions for OpenACS, including password, account and session management, bulk account creation etc.  Provides a contract based interface for different authentication methods such as PAM or LDAP based authentication.</description>
 
-        <provides url="acs-authentication" version="5.1.4"/>
-        <requires url="acs-kernel" version="5.0"/>
-        <requires url="acs-service-contract" version="5.0.0"/>
+        <provides url="acs-authentication" version="5.6.0"/>
+        <requires url="acs-kernel" version="5.6.0"/>
+        <requires url="acs-service-contract" version="5.6.0"/>
+        <requires url="acs-mail-lite" version="5.6.0"/>
 
         <callbacks>
             <callback type="after-install"  proc="auth::package_install"/>
@@ -34,7 +36,7 @@
             <parameter datatype="number"  min_n_values="1"  max_n_values="1"  name="SyncDotLrnReadPrivateDataP"  default="1" description=".LRN user is guest (if .LRN is installed). 1 = Not a guest , 0 = Guest" section_name="Batch Synchronization"/>
             <parameter datatype="string"  min_n_values="1"  max_n_values="1"  name="SyncDotLrnUserType"  default="student" description=".LRN user type for new user (if .LRN is installed)" section_name="Batch Synchronization"/>
             <parameter datatype="number"  min_n_values="1"  max_n_values="1"  name="SyncEmailConfirmationP"  default="0" description="Send out email confirmation when batch sync is complete. 1 = Yes, 0 = No." section_name="Batch Synchronization"/>
-            <parameter datatype="number"  min_n_values="1"  max_n_values="1"  name="AllowSelfRegister"  default="1" description="Is the user allowed to register himself?." section_name="acs-authentication"/>
+            <parameter datatype="number"  min_n_values="1"  max_n_values="1"  name="AllowSelfRegister"  default="1" description="Does the user can self register? 1 = Yes, 0 = No." section_name="acs-authentication"/>
         </parameters>
 
     </version>

catalog/acs-authentication.ar_LB.utf-8.xml

 <?xml version="1.0" encoding="utf-8"?>
-<message_catalog package_key="acs-authentication" package_version="5.1.6" locale="ar_LB" charset="utf-8">
+<message_catalog package_key="acs-authentication" locale="ar_LB" charset="utf-8">
 
   <msg key="Invalid_username_or_password">الاسم او كلمة السر غير صحيحة</msg>
 </message_catalog>

catalog/acs-authentication.ca_ES.ISO-8859-1.xml

 <?xml version="1.0" encoding="ISO-8859-1"?>
-<message_catalog package_key="acs-authentication" package_version="5.1.6" locale="ca_ES" charset="ISO-8859-1">
+<message_catalog package_key="acs-authentication" locale="ca_ES" charset="ISO-8859-1">
 
   <msg key="Invalid_username_or_password">Usuari o contrasenya erroni </msg>
 </message_catalog>

catalog/acs-authentication.da_DK.ISO-8859-1.xml

 <?xml version="1.0" encoding="ISO-8859-1"?>
-<message_catalog package_key="acs-authentication" package_version="5.1.2d2" locale="da_DK" charset="ISO-8859-1">
+<message_catalog package_key="acs-authentication" locale="da_DK" charset="ISO-8859-1">
 
   <msg key="Invalid_username_or_password">Ugyldigt brugernavn eller kodeord</msg>
 </message_catalog>

catalog/acs-authentication.de_DE.ISO-8859-1.xml

 <?xml version="1.0" encoding="ISO-8859-1"?>
-<message_catalog package_key="acs-authentication" package_version="5.1.6" locale="de_DE" charset="ISO-8859-1">
+<message_catalog package_key="acs-authentication" locale="de_DE" charset="ISO-8859-1">
 
-  <msg key="Invalid_username_or_password">Benutzername oder Passwort falsch</msg>
+  <msg key="Invalid_username_or_password">Benutzeridentifikation oder Passwort ist falsch</msg>
 </message_catalog>

catalog/acs-authentication.en_AU.ISO-8859-1.xml

 <?xml version="1.0" encoding="ISO-8859-1"?>
-<message_catalog package_key="acs-authentication" package_version="5.1.2d2" locale="en_AU" charset="ISO-8859-1">
+<message_catalog package_key="acs-authentication" package_version="5.2.3b2" locale="en_AU" charset="ISO-8859-1">
 
   <msg key="Invalid_username_or_password">Invalid username or password</msg>
 </message_catalog>

catalog/acs-authentication.en_US.ISO-8859-1.xml

 <?xml version="1.0" encoding="ISO-8859-1"?>
-<message_catalog package_key="acs-authentication" package_version="5.1.6" locale="en_US" charset="ISO-8859-1">
+<message_catalog package_key="acs-authentication" locale="en_US" charset="ISO-8859-1">
 
+  <msg key="Add_to_Community">Add to Community</msg>
+  <msg key="Add_to_system_name">Add to %system_name%</msg>
+  <msg key="Does_not_have_an_account_on_system_name">Does not have an account on %system_name%</msg>
+  <msg key="Has_account_on_system_name">Has an account on %system_name%</msg>
   <msg key="Invalid_username_or_password">Invalid username or password</msg>
+  <msg key="lt_Not_getting_the_results_you_expected">Not getting the results you expected? Try searching:</msg>
 </message_catalog>

catalog/acs-authentication.es_CO.ISO-8859-1.xml

 <?xml version="1.0" encoding="ISO-8859-1"?>
-<message_catalog package_key="acs-authentication" package_version="5.1.2d2" locale="es_CO" charset="ISO-8859-1">
+<message_catalog package_key="acs-authentication" locale="es_CO" charset="ISO-8859-1">
 
   <msg key="Invalid_username_or_password">Usuario o contrasea invalido</msg>
 </message_catalog>

catalog/acs-authentication.es_ES.ISO-8859-1.xml

 <?xml version="1.0" encoding="ISO-8859-1"?>
-<message_catalog package_key="acs-authentication" package_version="5.1.6" locale="es_ES" charset="ISO-8859-1">
+<message_catalog package_key="acs-authentication" locale="es_ES" charset="ISO-8859-1">
 
+  <msg key="Add_to_Community">Aadir a comunidad</msg>
+  <msg key="Add_to_system_name">Aadir a %system_name%</msg>
+  <msg key="Does_not_have_an_account_on_system_name">No tiene cuenta en %system_name%</msg>
+  <msg key="Has_account_on_system_name">Tiene cuenta en %system_name%</msg>
   <msg key="Invalid_username_or_password">Usuario o contrasea erroneo</msg>
+  <msg key="lt_Not_getting_the_results_you_expected">Si no ha obtenido los resultados esperados, intente buscar:</msg>
 </message_catalog>

catalog/acs-authentication.es_GT.ISO-8859-1.xml

 <?xml version="1.0" encoding="ISO-8859-1"?>
-<message_catalog package_key="acs-authentication" package_version="5.1.2d2" locale="es_GT" charset="ISO-8859-1">
+<message_catalog package_key="acs-authentication" locale="es_GT" charset="ISO-8859-1">
 
   <msg key="Invalid_username_or_password">Usuario o contrasea invalido</msg>
 </message_catalog>

catalog/acs-authentication.eu_ES.ISO-8859-1.xml

 <?xml version="1.0" encoding="ISO-8859-1"?>
-<message_catalog package_key="acs-authentication" package_version="5.1.2d2" locale="eu_ES" charset="ISO-8859-1">
+<message_catalog package_key="acs-authentication" locale="eu_ES" charset="ISO-8859-1">
 
   <msg key="Invalid_username_or_password">izen edo pasahitz okerra</msg>
 </message_catalog>

catalog/acs-authentication.fa_IR.utf-8.xml

 <?xml version="1.0" encoding="utf-8"?>
-<message_catalog package_key="acs-authentication" package_version="5.1.2d2" locale="fa_IR" charset="utf-8">
+<message_catalog package_key="acs-authentication" locale="fa_IR" charset="utf-8">
 
   <msg key="Invalid_username_or_password">نام کاربری یا کلمه عبور صحیح نیست</msg>
 </message_catalog>

catalog/acs-authentication.fr_FR.ISO-8859-1.xml

 <?xml version="1.0" encoding="ISO-8859-1"?>
-<message_catalog package_key="acs-authentication" package_version="5.1.6" locale="fr_FR" charset="ISO-8859-1">
+<message_catalog package_key="acs-authentication" locale="fr_FR" charset="ISO-8859-1">
 
   <msg key="Invalid_username_or_password">Nom d'utilisateur ou mot de passe incorrect</msg>
 </message_catalog>

catalog/acs-authentication.hu_HU.utf-8.xml

 <?xml version="1.0" encoding="utf-8"?>
-<message_catalog package_key="acs-authentication" package_version="5.1.2d2" locale="hu_HU" charset="utf-8">
+<message_catalog package_key="acs-authentication" locale="hu_HU" charset="utf-8">
 
   <msg key="Invalid_username_or_password">Érvénytelen felhasználónév vagy jelszó</msg>
 </message_catalog>

catalog/acs-authentication.it_IT.ISO-8859-1.xml

 <?xml version="1.0" encoding="ISO-8859-1"?>
-<message_catalog package_key="acs-authentication" package_version="5.1.6" locale="it_IT" charset="ISO-8859-1">
+<message_catalog package_key="acs-authentication" locale="it_IT" charset="ISO-8859-1">
 
-  <msg key="Invalid_username_or_password">Nome utente o password erronei</msg>
+  <msg key="Invalid_username_or_password">Nome utente o password non sono corretti</msg>
 </message_catalog>

catalog/acs-authentication.ms_MY.utf-8.xml

 <?xml version="1.0" encoding="utf-8"?>
-<message_catalog package_key="acs-authentication" package_version="5.1.2d2" locale="ms_MY" charset="utf-8">
+<message_catalog package_key="acs-authentication" locale="ms_MY" charset="utf-8">
 
   <msg key="Invalid_username_or_password">Nama pengguna atau kata laluan tidak sah</msg>
 </message_catalog>

catalog/acs-authentication.nl_NL.ISO-8859-1.xml

 <?xml version="1.0" encoding="ISO-8859-1"?>
-<message_catalog package_key="acs-authentication" package_version="5.1.6" locale="nl_NL" charset="ISO-8859-1">
+<message_catalog package_key="acs-authentication" locale="nl_NL" charset="ISO-8859-1">
 
   <msg key="Invalid_username_or_password">Ongeldige gebruikersnaam of wachtwoord</msg>
 </message_catalog>

catalog/acs-authentication.no_NO.ISO-8859-1.xml

 <?xml version="1.0" encoding="ISO-8859-1"?>
-<message_catalog package_key="acs-authentication" package_version="5.1.6" locale="no_NO" charset="ISO-8859-1">
+<message_catalog package_key="acs-authentication" locale="no_NO" charset="ISO-8859-1">
 
   <msg key="Invalid_username_or_password">Feil brukernavn eller passord</msg>
 </message_catalog>

catalog/acs-authentication.pl_PL.utf-8.xml

 <?xml version="1.0" encoding="utf-8"?>
-<message_catalog package_key="acs-authentication" package_version="5.1.6" locale="pl_PL" charset="utf-8">
+<message_catalog package_key="acs-authentication" locale="pl_PL" charset="utf-8">
 
-  <msg key="Invalid_username_or_password">Invalid username or password</msg>
+  <msg key="Invalid_username_or_password">Nieprawidłowe hasło lub nazwa użytkownika</msg>
 </message_catalog>

catalog/acs-authentication.pt_BR.ISO-8859-1.xml

 <?xml version="1.0" encoding="ISO-8859-1"?>
-<message_catalog package_key="acs-authentication" package_version="5.1.6" locale="pt_BR" charset="ISO-8859-1">
+<message_catalog package_key="acs-authentication" locale="pt_BR" charset="ISO-8859-1">
 
   <msg key="Invalid_username_or_password">Nome ou senha invlidos</msg>
 </message_catalog>

catalog/acs-authentication.ro_RO.utf-8.xml

 <?xml version="1.0" encoding="utf-8"?>
-<message_catalog package_key="acs-authentication" package_version="5.1.6" locale="ro_RO" charset="utf-8">
+<message_catalog package_key="acs-authentication" locale="ro_RO" charset="utf-8">
 
-  <msg key="Invalid_username_or_password">Utilizator sau parola incorecta</msg>
+  <msg key="Invalid_username_or_password">parola sau numele de utilizator nu sunt valabile</msg>
 </message_catalog>

catalog/acs-authentication.ru_RU.utf-8.xml

 <?xml version="1.0" encoding="utf-8"?>
-<message_catalog package_key="acs-authentication" package_version="5.1.6" locale="ru_RU" charset="utf-8">
+<message_catalog package_key="acs-authentication" locale="ru_RU" charset="utf-8">
 
-  <msg key="Invalid_username_or_password">Неверное имя или пароль</msg>
+  <msg key="Invalid_username_or_password">Неправильное имя пользователя или пароль</msg>
 </message_catalog>

catalog/acs-authentication.tr_TR.utf-8.xml

 <?xml version="1.0" encoding="utf-8"?>
-<message_catalog package_key="acs-authentication" package_version="5.1.6" locale="tr_TR" charset="utf-8">
+<message_catalog package_key="acs-authentication" locale="tr_TR" charset="utf-8">
 
-  <msg key="Invalid_username_or_password">Invalid username or password</msg>
+  <msg key="Invalid_username_or_password">Gecersiz kullanici adi veya sifre</msg>
 </message_catalog>

catalog/acs-authentication.zh_CN.utf-8.xml

 <?xml version="1.0" encoding="utf-8"?>
-<message_catalog package_key="acs-authentication" package_version="5.1.6" locale="zh_CN" charset="utf-8">
+<message_catalog package_key="acs-authentication" locale="zh_CN" charset="utf-8">
 
-  <msg key="Invalid_username_or_password">错误的用户名或密码</msg>
+  <msg key="Invalid_username_or_password">用户名或密码错误</msg>
 </message_catalog>

catalog/acs-authentication.zh_TW.utf-8.xml

 <?xml version="1.0" encoding="utf-8"?>
-<message_catalog package_key="acs-authentication" package_version="5.1.6" locale="zh_TW" charset="utf-8">
+<message_catalog package_key="acs-authentication" locale="zh_TW" charset="utf-8">
 
-  <msg key="Invalid_username_or_password">錯誤帳號或密碼</msg>
+  <msg key="Invalid_username_or_password">無效的使用者名稱或密碼</msg>
 </message_catalog>

sql/oracle/batch-job-tables-create.sql

@@ -2,7 +2,7 @@ create sequence auth_batch_jobs_job_id_seq;
 
 create table auth_batch_jobs (
   job_id                     integer 
-                             constraint auth_batch_jobs_pk
+                             constraint auth_batch_jobs_job_id_pk
                              primary key,
   job_start_time             date default sysdate,
   job_end_time               date,

sql/postgresql/batch-job-tables-create.sql

@@ -3,7 +3,7 @@ create sequence auth_batch_jobs_job_id_seq;
 
 create table auth_batch_jobs (
   job_id                     integer 
-                             constraint auth_batch_jobs_pk
+                             constraint auth_batch_jobs_job_id_pk
                              primary key,
   job_start_time             timestamptz default current_timestamp,
   job_end_time               timestamptz,
@@ -12,13 +12,13 @@ create table auth_batch_jobs (
                              not null,
   snapshot_p                 boolean,
   authority_id               integer
-                             constraint auth_batch_jobs_auth_fk
+                             constraint auth_batch_jobs_auth_id_fk
                              references auth_authorities(authority_id)
                              on delete cascade,
   message                    text,
   -- if interactive, by which user
   creation_user              integer 
-                             constraint auth_batch_job_user_fk
+                             constraint auth_batch_jobs_user_fk
                              references users(user_id)
                              on delete set null,
   -- status information for the GetDocument operation

tcl/apm-callback-procs.tcl

@@ -13,7 +13,7 @@ namespace eval auth::registration {}
 namespace eval auth::get_doc {}
 namespace eval auth::process_doc {}
 namespace eval auth::user_info {}
-
+namespace eval auth::search {}
 
 ad_proc -private auth::package_install {} {} {
 
@@ -25,6 +25,7 @@ ad_proc -private auth::package_install {} {} {
         auth::get_doc::create_contract
         auth::process_doc::create_contract
         auth::user_info::create_contract
+        auth::search::create_contract
 
         # Register local authentication implementations and update the local authority
         auth::local::install
@@ -63,12 +64,15 @@ ad_proc -private auth::package_uninstall {} {} {
         auth::get_doc::delete_contract
         auth::process_doc::delete_contract
         auth::user_info::delete_contract
+        auth::search::delete_contract
     }
 }
 
-ad_proc -public auth::after_upgrade {
+ad_proc -private auth::after_upgrade {
     {-from_version_name:required}
     {-to_version_name:required}
+} {
+    After upgrade callback.
 } {
     apm_upgrade_logic \
         -from_version_name $from_version_name \
@@ -76,7 +80,7 @@ ad_proc -public auth::after_upgrade {
         -spec {
             5.0a1 5.0a2 {
                 db_transaction {
-                    
+
                     # Delete and recreate contract
                     auth::process_doc::delete_contract
                     auth::process_doc::create_contract
@@ -136,6 +140,36 @@ ad_proc -public auth::after_upgrade {
 
 		}
 	    }
+            5.1.5 5.2.0a1 {
+                db_transaction {
+
+		    # I will add support to MergeUser operation 
+		    # this is a direct update to the SC tables, 
+		    # we should expect a new API for handling updates on SC, 
+		    # but since there's no one yet, we'll do it 
+		    # in this way. (quio@galileo.edu)
+		    ns_log notice "acs_authentication: Starting Upgrade (adding merge support)"
+		    acs_sc::contract::operation::new \
+			-contract_name "auth_authentication" \
+			-operation "MergeUser" \
+			-input { from_user_id:integer to_user_id:integer authority_id:integer } \
+			-output {} \
+			-description "Merges two accounts given the user_id of each one"
+
+ 		    acs_sc::impl::alias::new \
+ 			-contract_name "auth_authentication" \
+ 			-impl_name "local" \
+ 			-operation "MergeUser" \
+ 			-alias "auth::local::authentication::MergeUser" \
+		     
+  		    ns_log notice "acs_authentication: Finishing Upgrade (adding merge support)"
+
+		}
+	    }
+            5.5.0d1 5.5.0d2 {
+                auth::search::create_contract
+            }
+
 	}
 }
 
@@ -175,6 +209,17 @@ ad_proc -private auth::authentication::create_contract {} {
                     account_message:string
                 }
             }
+            MergeUser {
+                description {
+		    Merges two accounts given the user_id of each one                 
+                }
+                input {
+                    from_user_id:integer
+                    to_user_id:integer
+		    authority_id:integer
+                }
+                output {}
+            }
             GetParameters {
                 description {
                     Get an arraay-list of the parameters required by this service contract implementation.
@@ -567,3 +612,56 @@ ad_proc -private auth::user_info::delete_contract {} {
 }
 
 
+#####
+#
+# auth_search service contract
+#
+#####
+
+ad_proc -private auth::search::create_contract {} {
+    Create service contract for authority searches.
+} {
+    set spec {
+        name "auth_search"
+        description "Search users in given authority"
+        operations {
+            Search {
+                description {
+                    Search authority using "search" string. Returns array-list of usernames.
+                }
+                input {
+                    search:string
+                    parameters:string,multiple
+                }
+                output {
+                    usernames:string,multiple
+                }
+            }
+            GetParameters {
+                description {
+                    Get an array-list of the parameters required by this service contract implementation.
+                }
+                output {
+                    parameters:string,multiple
+                }
+            }
+	    FormInclude {
+		description {
+		    File location of an includable search form
+		} 
+		output {
+		    form_include:string
+		}
+	    }
+        }
+    }
+
+    acs_sc::contract::new_from_spec -spec $spec
+}
+
+
+ad_proc -private auth::search::delete_contract {} {
+    Delete service contract for authority search.
+} {
+    acs_sc::contract::delete -name "auth_search"
+}

tcl/authority-procs.tcl

@@ -72,7 +72,7 @@ ad_proc -public auth::authority::create {
 
     db_transaction {
 
-        if { [empty_string_p $authority_id] } {
+        if { $authority_id eq "" } {
             set authority_id [db_nextval "acs_object_id_seq"]
         }
 
@@ -119,7 +119,7 @@ ad_proc -public auth::authority::create {
         # Auto generate short name if not provided and make
         # sure it's unique
         # TODO: check for max length 255?
-        if { [empty_string_p $short_name] } {
+        if { $short_name eq "" } {
             set existing_short_names [db_list select_short_names {
                 select short_name
                 from auth_authorities
@@ -251,7 +251,7 @@ ad_proc -public auth::authority::edit {
         if { [lsearch -exact $columns $name] == -1 } {
             error "Attribute '$name' isn't valid for auth_authorities."
         }
-        if { [string equal $name "authority_id"] } {
+        if {$name eq "authority_id"} {
             error "Attribute '$name' is the primary key for auth_authorities, and thus cannot be edited."
         }
         set $name $row($name)
@@ -265,6 +265,12 @@ ad_proc -public auth::authority::edit {
 
     get_flush -authority_id $authority_id
     get_id_flush -short_name $old_short_name
+
+    # check if we need to update the object title
+    set new_short_name [get_element -authority_id $authority_id -element short_name]
+    if {$old_short_name ne $new_short_name } {
+	db_dml update_object_title {}
+    }
 }
 
 ad_proc -public auth::authority::delete {
@@ -304,9 +310,9 @@ ad_proc -public auth::authority::batch_sync {
     set message {}
 
     # Verify that we have implementations
-    if { [empty_string_p $authority(get_doc_impl_id)] } {
+    if { $authority(get_doc_impl_id) eq "" } {
         set message "No Get Document implementation"
-    } elseif { [empty_string_p $authority(process_doc_impl_id)] } { 
+    } elseif { $authority(process_doc_impl_id) eq "" } { 
         set message "No Process Document implementation"
     } else {
         auth::sync::job::start_get_document -job_id $job_id
@@ -335,7 +341,7 @@ ad_proc -public auth::authority::batch_sync {
             -document $doc_result(document) \
             -snapshot=$snapshot_p
 
-        if { [string equal $doc_result(doc_status) "ok"] && ![empty_string_p $doc_result(document)] } {
+        if { $doc_result(doc_status) eq "ok" && $doc_result(document) ne "" } {
             with_catch errmsg {
                 auth::sync::ProcessDocument \
                     -authority_id $authority_id \
@@ -352,7 +358,7 @@ ad_proc -public auth::authority::batch_sync {
                                        -package_key acs-authentication \
                                        -default {}]
                                        
-                if { ![empty_string_p $ack_file_name] } {
+                if { $ack_file_name ne "" } {
                     # Interpolate
                     set pairs [list \
                                    acs_root_dir [acs_root_dir] \
@@ -372,7 +378,7 @@ ad_proc -public auth::authority::batch_sync {
                 set message "Error processing sync document: $errmsg"
             }
         } else {
-            if { [empty_string_p $message] } {
+            if { $message eq "" } {
                 set message $doc_result(doc_message)
             }
         }
@@ -428,7 +434,7 @@ ad_proc -private auth::authority::get_column_defaults {} {
 
     @author Peter Marklund
 } {
-    return { 
+    set columns { 
         authority_id ""
         short_name ""
         pretty_name ""
@@ -447,6 +453,10 @@ ad_proc -private auth::authority::get_column_defaults {} {
         process_doc_impl_id ""
         batch_sync_enabled_p "f"
     }
+    if {[apm_version_names_compare [ad_acs_version] 5.5.0] > -1} {
+        lappend columns allow_user_entered_info_p "f" search_impl_id ""
+    }
+    return $columns
 }
 
 ad_proc -private auth::authority::get_required_columns {} {
@@ -467,7 +477,12 @@ ad_proc -private auth::authority::get_sc_impl_columns {} {
 
     @author Peter Marklund 
 } {
-    return {auth_impl_id pwd_impl_id register_impl_id user_info_impl_id get_doc_impl_id process_doc_impl_id}
+    # DAVEB
+    set columns {auth_impl_id pwd_impl_id register_impl_id user_info_impl_id get_doc_impl_id process_doc_impl_id}
+    if {[apm_version_names_compare [ad_acs_version] 5.5.0] > -1} {
+        lappend columns search_impl_id
+    }
+    return $columns
 }
 
 ad_proc -private auth::authority::get_select_columns {} {
@@ -475,7 +490,11 @@ ad_proc -private auth::authority::get_select_columns {} {
     
     @author Lars Pind (lars@collaboraid.biz)
 } {
-    return [concat [get_columns] auth_impl_name pwd_impl_name register_impl_name user_info_impl_name get_doc_impl_name process_doc_impl_name]
+    set columns [concat [get_columns] auth_impl_name pwd_impl_name register_impl_name user_info_impl_name get_doc_impl_name process_doc_impl_name]
+    if {[apm_version_names_compare [ad_acs_version] 5.5.0] > -1} {
+        lappend columns get_search_impl_name
+    }
+    return $columns
 }
 
 
@@ -486,7 +505,7 @@ ad_proc -private auth::authority::get_flush {
     
     @see auth::authority::get
 } {
-    if { ![empty_string_p $authority_id] } {
+    if { $authority_id ne "" } {
         util_memoize_flush [list auth::authority::get_not_cached $authority_id]
     } else {
         util_memoize_flush_regexp [list auth::authority::get_not_cached .*]
@@ -506,6 +525,9 @@ ad_proc -private auth::authority::get_not_cached {
     lappend columns "(select impl_pretty_name from acs_sc_impls where impl_id = pwd_impl_id) as pwd_impl_name"
     lappend columns "(select impl_pretty_name from acs_sc_impls where impl_id = register_impl_id) as register_impl_name"
     lappend columns "(select impl_pretty_name from acs_sc_impls where impl_id = user_info_impl_id) as user_info_impl_name"
+    if {[apm_version_names_compare [ad_acs_version] 5.5.0] > -1} {
+        lappend columns "(select impl_pretty_name from acs_sc_impls where impl_id = search_impl_id) as search_impl_name"
+    }
     lappend columns "(select impl_pretty_name from acs_sc_impls where impl_id = get_doc_impl_id) as get_doc_impl_name"
     lappend columns "(select impl_pretty_name from acs_sc_impls where impl_id = process_doc_impl_id) as process_doc_impl_name"
 
@@ -523,7 +545,7 @@ ad_proc -private auth::authority::get_id_flush {
 } {
     Flush the cache for gett authority_id by short_name.
 } {
-    if { [empty_string_p $short_name] } {
+    if { $short_name eq "" } {
         util_memoize_flush_regexp [list auth::authority::get_id_not_cached .*]
     } else {
         util_memoize_flush [list auth::authority::get_id_not_cached -short_name $short_name]

tcl/authority-procs.xql

@@ -2,6 +2,14 @@
 
 <queryset>
 
+  <fullquery name="auth::authority::edit.update_object_title">
+      <querytext>
+	    update acs_objects
+	    set title = :new_short_name
+	    where object_id = :authority_id
+      </querytext>
+  </fullquery>
+
   <fullquery name="auth::authority::get_authority_options.select_authorities">
       <querytext>
           select pretty_name, authority_id

tcl/driver-procs.tcl

@@ -25,7 +25,7 @@ ad_proc -public auth::driver::get_parameters {
     @author Simon Carstensen (simon@collaboraid.biz)
     @creation-date 2003-08-27
 } {
-    if { [empty_string_p $impl_id] } {
+    if { $impl_id eq "" } {
         return {}
     }
 

tcl/password-procs.tcl

@@ -41,7 +41,7 @@ ad_proc -public auth::password::get_change_url {
     regsub -all "{username}" $change_pwd_url $username change_pwd_url
     
     # Default to the OpenACS change password URL
-    if { [empty_string_p $change_pwd_url] } {
+    if { $change_pwd_url eq "" } {
         set change_pwd_url [export_vars -base "[subsite::get_element -element url]user/password-update" { user_id }]
     } 
 
@@ -170,8 +170,8 @@ ad_proc -public auth::password::recover_password {
         <li> password_message: Human-readable message to be relayed to the user. May contain HTML.
     </ul>
 } {
-    if { [empty_string_p $username] } {
-        if { [empty_string_p $email] } {
+    if { $username eq "" } {
+        if { $email eq "" } {
             set result(password_status) "failed_to_connect"
             if { [auth::UseEmailForLoginP] } {
                 set result(password_message) "Email required"
@@ -181,7 +181,7 @@ ad_proc -public auth::password::recover_password {
             return [array get result]
         }
         set user_id [cc_lookup_email_user $email]
-        if { [empty_string_p $user_id] } {
+        if { $user_id eq "" } {
             set result(password_status) "failed_to_connect"
             set result(password_message) "Unknown email"
             return [array get result]
@@ -191,7 +191,7 @@ ad_proc -public auth::password::recover_password {
         set username $user(username)
     } else {
         # Default to local authority
-        if { [empty_string_p $authority_id] } {
+        if { $authority_id eq "" } {
             set authority_id [auth::authority::local]
         }
     }
@@ -201,8 +201,8 @@ ad_proc -public auth::password::recover_password {
                            -authority_id $authority_id \
                            -username $username]
 
-    if { ![empty_string_p $forgotten_url] } {
-        ad_returnredirect $forgotten_url
+    if { $forgotten_url ne "" } {
+        ad_returnredirect -allow_complete_url $forgotten_url
         ad_script_abort
     }
 
@@ -238,33 +238,33 @@ ad_proc -public auth::password::get_forgotten_url {
     @return A URL that can be linked to when the user has forgotten his/her password, 
             or the empty string if none can be found.
 } {
-    if { ![empty_string_p $username] } {
+    if { $username ne "" } {
         set local_url [export_vars -no_empty -base "[subsite::get_element -element url]register/recover-password" { authority_id username }]
     } else {
         set local_url [export_vars -no_empty -base "[subsite::get_element -element url]register/recover-password" { email }]
     }
     set forgotten_pwd_url {}
 
-    if { ![empty_string_p $username] } {
-        if { [empty_string_p $authority_id] } {
+    if { $username ne "" } {
+        if { $authority_id eq "" } {
             set authority_id [auth::authority::local]
         }
     } else {
         set user_id [cc_lookup_email_user $email]
-        if { ![empty_string_p $user_id] } {
+        if { $user_id ne "" } {
             acs_user::get -user_id $user_id -array user
             set authority_id $user(authority_id)
             set username $user(username)
         }
     }
 
-    if { ![empty_string_p $username] } {
+    if { $username ne "" } {
         # We have the username or email
         
 
         set forgotten_pwd_url [auth::authority::get_element -authority_id $authority_id -element forgotten_pwd_url]
 
-        if { ![empty_string_p $forgotten_pwd_url] } {
+        if { $forgotten_pwd_url ne "" } {
             regsub -all "{username}" $forgotten_pwd_url $username forgotten_pwd_url
         } elseif { !$remote_only_p } {
             if { [auth::password::can_retrieve_p -authority_id $authority_id] || [auth::password::can_reset_p -authority_id $authority_id] } {
@@ -528,7 +528,7 @@ ad_proc -private auth::password::email_password {
 
     @param body_msg_key     The message key you wish to use for the email body.
 
-    @return Does not return anything. Any errors caused by ns_sendmail are propagated
+    @return Does not return anything. Any errors caused by acs_mail_lite::send are propagated
 
     @author Peter Marklund
 } {
@@ -554,8 +554,8 @@ ad_proc -private auth::password::email_password {
     } else {
         set length [string length $account_id_label]
     }
-    set account_id_label [string range "$account_id_label[string repeat " " $length]" 0 [expr $length-1]]
-    set password_label [string range "$password_label[string repeat " " $length]" 0 [expr $length-1]]
+    set account_id_label [string range "$account_id_label[string repeat " " $length]" 0 [expr {$length-1}]]
+    set password_label [string range "$password_label[string repeat " " $length]" 0 [expr {$length-1}]]
 
     set first_names $user(first_names)
     set last_name $user(last_name)
@@ -572,12 +572,16 @@ ad_proc -private auth::password::email_password {
     set subject [_ $subject_msg_key]
     set body [_ $body_msg_key]
         
-    if { [empty_string_p $from] } {
+    if { $from eq "" } {
           set from [ad_system_owner]
       }
 
     # Send email
-    ns_sendmail $user(email) $system_owner $subject $body
+    acs_mail_lite::send -send_immediately \
+        -to_addr $user(email) \
+        -from_addr $system_owner \
+        -subject $subject \
+        -body $body
 }
 
 ad_proc -private auth::password::CanChangePassword {
@@ -592,7 +596,7 @@ ad_proc -private auth::password::CanChangePassword {
 } {
     set impl_id [auth::authority::get_element -authority_id $authority_id -element "pwd_impl_id"]
 
-    if { [empty_string_p $impl_id] } {
+    if { $impl_id eq "" } {
         return 0
     }
 
@@ -620,7 +624,7 @@ ad_proc -private auth::password::CanRetrievePassword {
 } {
     set impl_id [auth::authority::get_element -authority_id $authority_id -element "pwd_impl_id"]
 
-    if { [empty_string_p $impl_id] } {
+    if { $impl_id eq "" } {
         return 0
     }
 
@@ -648,7 +652,7 @@ ad_proc -private auth::password::CanResetPassword {
 } {
     set impl_id [auth::authority::get_element -authority_id $authority_id -element "pwd_impl_id"]
 
-    if { [empty_string_p $impl_id] } {
+    if { $impl_id eq "" } {
         return 0
     }
 
@@ -670,7 +674,7 @@ ad_proc -private auth::password::ChangePassword {
     {-new_password:required}
     {-authority_id:required}
 } {
-    Invoke the CanResetPassword operation on the given authority. 
+    Invoke the ChangePassword operation on the given authority. 
     Throws an error if the authority does not have a password management driver.
 
     @param username
@@ -682,7 +686,7 @@ ad_proc -private auth::password::ChangePassword {
 } {
     set impl_id [auth::authority::get_element -authority_id $authority_id -element "pwd_impl_id"]
     
-    if { [empty_string_p $impl_id] } {
+    if { $impl_id eq "" } {
         set authority_pretty_name [auth::authority::get_element -authority_id $authority_id -element "pretty_name"]
         error "The authority '$authority_pretty_name' doesn't support password management"
     }
@@ -707,7 +711,7 @@ ad_proc -private auth::password::RetrievePassword {
     {-username:required}
     {-authority_id:required}
 } {
-    Invoke the CanResetPassword operation on the given authority. 
+    Invoke the RetrievePassword operation on the given authority. 
     Throws an error if the authority does not have a password management driver.
 
     @param username
@@ -717,7 +721,7 @@ ad_proc -private auth::password::RetrievePassword {
 } {
     set impl_id [auth::authority::get_element -authority_id $authority_id -element "pwd_impl_id"]
 
-    if { [empty_string_p $impl_id] } {
+    if { $impl_id eq "" } {
         set authority_pretty_name [auth::authority::get_element -authority_id $authority_id -element "pretty_name"]
         error "The authority '$authority_pretty_name' doesn't support password management"
     }
@@ -739,7 +743,7 @@ ad_proc -private auth::password::ResetPassword {
     {-username:required}
     {-authority_id ""}    
 } {
-    Invoke the CanResetPassword operation on the given authority. 
+    Invoke the ResetPassword operation on the given authority. 
     Throws an error if the authority does not have a password management driver.
 
     @param username
@@ -749,7 +753,7 @@ ad_proc -private auth::password::ResetPassword {
 } {
     set impl_id [auth::authority::get_element -authority_id $authority_id -element "pwd_impl_id"]
 
-    if { [empty_string_p $impl_id] } {
+    if { $impl_id eq "" } {
         set authority_pretty_name [auth::authority::get_element -authority_id $authority_id -element "pretty_name"]
         error "The authority '$authority_pretty_name' doesn't support password management"
     }

tcl/test/sync-test-procs.tcl

@@ -51,7 +51,7 @@ aa_register_case -cats {api db} sync_start_end {
             # End job
             array set job [auth::sync::job::end -job_id $job_id]
             
-            aa_true "Elapsed time less than 30 seconds" [expr $job(run_time_seconds) < 30]
+            aa_true "Elapsed time less than 30 seconds" [expr {$job(run_time_seconds) < 30}]
             
             aa_log "Elapsed time: $job(run_time_seconds) seconds"
             
@@ -61,7 +61,7 @@ aa_register_case -cats {api db} sync_start_end {
             
             aa_equals "Number of problems" $job(num_problems) 1
             
-            aa_false "Log URL non-empty" [empty_string_p $job(log_url)]
+            aa_false "Log URL non-empty" [expr {$job(log_url) eq ""}]
             
             # Purge not deleting the job
             auth::sync::purge_jobs \
@@ -323,7 +323,7 @@ aa_register_case -cats {api} sync_actions {
 
             array set job [auth::sync::job::end -job_id $job_id]
             
-            aa_true "Elapsed time less than 30 seconds" [expr $job(run_time_seconds) < 30]
+            aa_true "Elapsed time less than 30 seconds" [expr {$job(run_time_seconds) < 30}]
 
             aa_false "Not interactive" [template::util::is_true $job(interactive_p)]
 
@@ -331,7 +331,7 @@ aa_register_case -cats {api} sync_actions {
 
             aa_equals "Number of problems" $job(num_problems) 2
            
-            aa_false "Log URL non-empty" [empty_string_p $job(log_url)]
+            aa_false "Log URL non-empty" [expr {$job(log_url) eq ""}]
             
         }
 }
@@ -465,15 +465,15 @@ aa_register_case -cats {api db} sync_snapshot {
 
             array set job [auth::sync::job::end -job_id $job_id]
             
-            aa_true "Elapsed time less than 30 seconds" [expr $job(run_time_seconds) < 30]
+            aa_true "Elapsed time less than 30 seconds" [expr {$job(run_time_seconds) < 30}]
 
             aa_false "Not interactive" [template::util::is_true $job(interactive_p)]
 
-            aa_equals "Number of actions" $job(num_actions) [expr $num_users_not_banned + 1]
+            aa_equals "Number of actions" $job(num_actions) [expr {$num_users_not_banned + 1}]
 
             aa_equals "Number of problems" $job(num_problems) 0
            
-            aa_false "Log URL non-empty" [empty_string_p $job(log_url)]
+            aa_false "Log URL non-empty" [expr {$job(log_url) eq ""}]
             
         }    
 }
@@ -502,7 +502,7 @@ aa_register_case -cats {api} sync_batch_ims_example_doc {
     aa_stub acs_sc::invoke {
         acs_sc::invoke__arg_parser
 
-        if { [string equal $contract "auth_sync_retrieve"] && [string equal $operation "GetDocument"] } {
+        if { $contract eq "auth_sync_retrieve" && $operation eq "GetDocument" } {
             array set result {
                 doc_status ok
                 doc_message {}
@@ -665,10 +665,10 @@ aa_register_case -cats {api} sync_batch_ims_example_doc {
                         aa_true "email has a problem (email missing)" [util_sets_equal_p { email } [array names elm_msgs]]
                     }
                     update {
-                        aa_true "User does not exist" [expr ![empty_string_p $entry(message)]]
+                        aa_true "User does not exist" [expr {$entry(message) ne ""}] 
                     }
                     delete {
-                        aa_false "Message is not empty" [empty_string_p $entry(message)]
+                        aa_false "Message is not empty" [expr {$entry(message) eq ""}]
                     }
                 }
             }
@@ -685,7 +685,7 @@ aa_register_case -cats {api} sync_batch_ims_test {
     aa_stub acs_sc::invoke {
         acs_sc::invoke__arg_parser
 
-        if { [string equal $contract "auth_sync_retrieve"] && [string equal $operation "GetDocument"] } {
+        if { $contract eq "auth_sync_retrieve" && $operation eq "GetDocument" } {
             array set result {
                 doc_status ok
                 doc_message {}
@@ -957,7 +957,7 @@ aa_register_case -cats {api smoke} sync_http_get_document {
     
 
     aa_equals "result.doc_status is ok" $result(doc_status) "ok"
-    aa_true "result.doc_message is empty" [empty_string_p $result(doc_message)]
+    aa_true "result.doc_message is empty" [expr {$result(doc_message) eq ""}]
     aa_equals "result.document is 'success'" $result(document) "success"
 }
 
@@ -976,6 +976,6 @@ aa_register_case -cats {api web} sync_file_get_document {
                           -call_args [list [list SnapshotPath {} IncrementalPath $path]]]
     
     aa_equals "result.doc_status is ok" $result(doc_status) "ok"
-    aa_true "result.doc_message is empty" [empty_string_p $result(doc_message)]
+    aa_true "result.doc_message is empty" [expr {$result(doc_message) eq ""}]
     aa_equals "result.document is 'success'" $result(document) [template::util::read_file $path]
 }

www/doc/ext-auth-install.html

-<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Installation</title><meta name="generator" content="DocBook XSL Stylesheets V1.64.1"><link rel="home" href="index.html" title="External Authentication"><link rel="up" href="index.html" title="External Authentication"><link rel="previous" href="index.html" title="External Authentication"><link rel="next" href="ext-auth-pam-install.html" title="Installing PAM support"><link rel="stylesheet" href="openacs.css" type="text/css"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><a href="http://openacs.org"><img src="/doc/images/alex.jpg" border="0" alt="Alex logo"></a><table width="100%" summary="Navigation header" border="0"><tr><td width="20%" align="left"><a accesskey="p" href="acs-authentication.htm">Prev</a> </td><th width="60%" align="center"></th><td width="20%" align="right"> <a accesskey="n" href="ext-auth-pam-install.html">Next</a></td></tr></table><hr></div><div class="article" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="ext-auth-install"></a>Installation</h2></div></div><div></div><hr></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="ext-auth-pam-install.html">Installing PAM support</a></span></dt><dt><span class="sect1"><a href="ext-auth-ldap-install.html">Installing LDAP support</a></span></dt><dt><span class="sect1"><a href="configure-batch-sync.html">Configure Batch Synchronization</a></span></dt></dl></div><div class="authorblurb"><p>
      by <a href="mailto:joel@aufrecht.org" target="_top">Joel Aufrecht</a>
      </p>
          OpenACS docs are written by the named authors, and may be edited
          by OpenACS documentation staff.
        </div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="acs-authentication.htm">Prev</a> </td>
        <td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right"> <a accesskey="n" href="ext-auth-pam-install.html">Next</a></td></tr><tr><td width="40%" align="left">External Authentication </td><td width="20%" align="center"><a accesskey="u" href="index.html">Up</a></td>
        <td width="40%" align="right"> Installing PAM support</td></tr></table><hr><address><a href="mailto:docs@openacs.org">docs@openacs.org</a></address></div><a name="comments"></a><center><a href="http://openacs.org/doc/ext-auth-install.html#comments">View comments on this page at openacs.org</a></center></body></html>
\ No newline at end of file
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Installation</title><meta name="generator" content="DocBook XSL Stylesheets V1.68.1"><link rel="home" href="index.html" title="External Authentication"><link rel="up" href="index.html" title="External Authentication"><link rel="previous" href="index.html" title="External Authentication"><link rel="next" href="ext-auth-pam-install.html" title="Using Pluggable Authentication Modules (PAM) with OpenACS"><link rel="stylesheet" href="openacs.css" type="text/css"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><a href="http://openacs.org"><img src="/doc/images/alex.jpg" border="0" alt="Alex logo"></a><table width="100%" summary="Navigation header" border="0"><tr><td width="20%" align="left"><a accesskey="p" href="index.html">Prev</a> </td><th width="60%" align="center"></th><td width="20%" align="right"> <a accesskey="n" href="ext-auth-pam-install.html">Next</a></td></tr></table><hr></div><div class="article" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="ext-auth-install"></a>Installation</h2></div></div><hr></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="ext-auth-pam-install.html">Using Pluggable Authentication Modules (PAM) with OpenACS</a></span></dt><dt><span class="sect1"><a href="ext-auth-ldap-install.html">Using LDAP/Active Directory with OpenACS</a></span></dt><dt><span class="sect1"><a href="configure-batch-sync.html">Configure Batch Synchronization</a></span></dt></dl></div><div class="authorblurb"><p>
+      by <a href="http://openacs.org/shared/community-member?user_id=8561" target="_top">Joel Aufrecht</a>
+      </p>
+          OpenACS docs are written by the named authors, and may be edited
+          by OpenACS documentation staff.
+        </div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="index.html">Prev</a> </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right"> <a accesskey="n" href="ext-auth-pam-install.html">Next</a></td></tr><tr><td width="40%" align="left">External Authentication </td><td width="20%" align="center"><a accesskey="u" href="index.html">Up</a></td><td width="40%" align="right"> Using Pluggable Authentication Modules (PAM) with OpenACS</td></tr></table><hr><address><a href="mailto:docs@openacs.org">docs@openacs.org</a></address></div><a name="comments"></a><center><a href="http://openacs.org/doc/current/ext-auth-install.html#comments">View comments on this page at openacs.org</a></center></body></html>

www/doc/index.html

-<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>External Authentication</title><meta name="generator" content="DocBook XSL Stylesheets V1.64.1"><link rel="home" href="index.html" title="External Authentication"><link rel="next" href="ext-auth-install.html" title="Installation"><link rel="stylesheet" href="openacs.css" type="text/css"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><a href="http://openacs.org"><img src="/doc/images/alex.jpg" border="0" alt="Alex logo"></a><table width="100%" summary="Navigation header" border="0"><tr><td width="20%" align="left"> </td><th width="60%" align="center"></th><td width="20%" align="right"> <a accesskey="n" href="acs-authentication.htm">Next</a></td></tr></table><hr></div><div class="book" lang="en"><div class="titlepage"><div><div><h1 class="title"><a name="id2399399"></a>External Authentication</h1></div></div><div></div><hr></div><div class="toc"><p><b>Table of Contents</b></p><dl>
  <dt><span class="article"><a href="acs-authentication.htm">Introduction</a></span></dt>
  <dd>&nbsp;</dd>
  <dt><span class="article"><a href="ext-auth-design.html"></a></span></dt>
  <dt><span class="article"><a href="ext-auth-install.html">Installation</a></span></dt>
  <dd><span class="article"></span></dd>
  <dd>
    <dl>
      <dt><span class="sect1"><a href="ext-auth-pam-install.html">Installing PAM support</a></span></dt>
      <dt><span class="sect1"><a href="ext-auth-ldap-install.html">Installing LDAP support</a></span></dt>
      <dt><span class="sect1"><a href="configure-batch-sync.html">Configure Batch Synchronization</a></span></dt>
    </dl>
  </dd>
  <dt><span class="article"><a href="ext-auth-design.html"></a></span></dt>
  <dt><span class="article"><a href="ext-auth-design.html">Design</a></span></dt>
      <dd><dl><dt><span class="sect1"><a href="ims-sync-driver-design.html">IMS Sync driver design</a></span></dt></dl></dd></dl></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"> </td><td width="20%" align="center"></td><td width="40%" align="right"> <a accesskey="n" href="acs-authentication.htm">Next</a></td></tr><tr><td width="40%" align="left"> </td><td width="20%" align="center"></td><td width="40%" align="right"> Introduction</td></tr></table><hr><address><a href="mailto:docs@openacs.org">docs@openacs.org</a></address></div><a name="comments"></a><center><a href="http://openacs.org/doc/index.html#comments">View comments on this page at openacs.org</a></center></body></html>
\ No newline at end of file
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>External Authentication</title><meta name="generator" content="DocBook XSL Stylesheets V1.68.1"><link rel="home" href="index.html" title="External Authentication"><link rel="next" href="ext-auth-install.html" title="Installation"><link rel="stylesheet" href="openacs.css" type="text/css"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><a href="http://openacs.org"><img src="/doc/images/alex.jpg" border="0" alt="Alex logo"></a><table width="100%" summary="Navigation header" border="0"><tr><td width="20%" align="left"> </td><th width="60%" align="center"></th><td width="20%" align="right"> <a accesskey="n" href="ext-auth-install.html">Next</a></td></tr></table><hr></div><div class="book" lang="en"><div class="titlepage"><div><div><h1 class="title"><a name="id2410693"></a>External Authentication</h1></div></div><hr></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="article"><a href="ext-auth-install.html">Installation</a></span></dt><dd><dl><dt><span class="sect1"><a href="ext-auth-pam-install.html">Using Pluggable Authentication Modules (PAM) with OpenACS</a></span></dt><dt><span class="sect1"><a href="ext-auth-ldap-install.html">Using LDAP/Active Directory with OpenACS</a></span></dt><dt><span class="sect1"><a href="configure-batch-sync.html">Configure Batch Synchronization</a></span></dt></dl></dd><dt><span class="article"><a href="ext-auth-design.html">Design</a></span></dt><dd><dl><dt><span class="sect1"><a href="ims-sync-driver-design.html">IMS Sync driver design</a></span></dt></dl></dd></dl></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"> </td><td width="20%" align="center"></td><td width="40%" align="right"> <a accesskey="n" href="ext-auth-install.html">Next</a></td></tr><tr><td width="40%" align="left"> </td><td width="20%" align="center"></td><td width="40%" align="right"> Installation</td></tr></table><hr><address><a href="mailto:docs@openacs.org">docs@openacs.org</a></address></div><a name="comments"></a><center><a href="http://openacs.org/doc/current/index.html#comments">View comments on this page at openacs.org</a></center></body></html>

www/doc/xml/install.xml

@@ -8,12 +8,12 @@
 
     <authorblurb>
       <para>
-      by <ulink url="mailto:joel@aufrecht.org">Joel Aufrecht</ulink>
+      by <ulink url="http://openacs.org/shared/community-member?user_id=8561">Joel Aufrecht</ulink>
       </para>
     </authorblurb>
 
     <sect1 id="ext-auth-pam-install">
-      <title>Installing PAM support</title>
+      <title>Using Pluggable Authentication Modules (PAM) with OpenACS</title>
       <para>OpenACS supports PAM authetication via the ns_pam module in AOLserver.</para>
       <orderedlist>
         <listitem>
@@ -180,25 +180,135 @@ cp pam_radius_auth.so /lib/security/pam_radius_auth.so</action></screen>
     </sect1>
 
     <sect1 id="ext-auth-ldap-install">
-      <title>Installing LDAP support</title>
-      <para>...</para>
-      <orderedlist>
+    <title>Using LDAP/Active Directory with OpenACS</title>
+    <authorblurb>by <ulink url="http://openacs.org/shared/community-member?user_id=8551">John Sequeira</ulink>, <ulink url="http://openacs.org/shared/community-member?user_id=8263">Michael Steigman</ulink>, and <ulink url="http://openacs.org/shared/community-member?user_id=12805">Carl Blesius</ulink>.</authorblurb>
+    <formalpara>
+    <title>ToDo:</title>
+    <para>Add/verify information on on-demand sync, account registration, and batch synchronization. Add section on ldapsearch. </para></formalpara>
+    <formalpara>
+    <title>Overview</title>
+    <para>You do not want to make users remember yet another password and username. If you can avoid it you do not want to store their passwords either. This document should help you set your system up so your users can seamlessly log in to your OpenACS instance using the password they are accustomed to using for other things at your institution.</para></formalpara>
+    <formalpara>
+    <title>Background</title>
+     <para>The original OpenACS LDAP implementation (which has been depreciated by this package) treated the LDAP server as another data store similar to Oracle or Postgresql. It opened a connection using a priveleged account and read or stored an encrypted password for the user in question. This password was independent of the user's operating system or network account, and had to be synchronized if you wanted the same password for OpenACS.</para>
+     <para>Save their passwords? Sync passwords? Deal with forgotten password requests? No Thanks. Using ldap bind, you can delegate authentication completely to LDAP. This way you can let the IT department (if you are lucky) worry about password storage/synchronization/etc. The bind operation takes a username and password and returns a true of false depending on whether they match up. This document takes the 'bind' approach so that your users LDAP/AD password (or whatever else you use) can be used to login to OpenACS.</para></formalpara>
+    <formalpara>
+     <title>Note on Account Creation</title>
+     <para>On the authentication driver configure screens, you will also see lots of options for synchronizing users between your directory and OpenACS. This document takes the approach of provisioning users on demand instead of ahead-of-time. This means that when they attempt to login to OpenACS, if they have a valid Windows account, we'll create an account for them in OpenACS and log them in.</para></formalpara>
+     <orderedlist>
         <listitem>
           <formalpara id="ext-auth-ldap-setup">
-            <title>Installing AOLserver LDAP support</title>
-            <para>Forthcoming.  (<ulink
-        url="http://www.galileo.edu/obonilla/software/nsldap">more information</ulink>)</para>
-          </formalpara>
-        </listitem>
-        <listitem>
-          <formalpara>
-            <title>Install auth-ldap OpenACS service package</title>
-            <para><ulink url="/acs-admin/install/">Install</ulink> <computeroutput>auth-ldap</computeroutput> and restart the server.</para>
-          </formalpara>
-        </listitem>
-      </orderedlist>
-    </sect1>
+            <title>Installing AOLserver LDAP support (openldap and nsldap)</title>
+            <para>Install openldap and nsldap using
+            <ulink url="http://openacs.org/doc/current/install-ldap-radius.html">the document Malte created</ulink> </para>
+            <para>Next, modify your config.tcl file as directed in the nsldap README. </para>
+	    <para>Here's what the relevant additions should look like:</para>
+ <screen>
+  <computeroutput>
+# LDAP authentication
+ns_param   nsldap             ${bindir}/nsldap.so
 
+...
+
+ns_section "ns/ldap/pool/ldap"
+ns_param user "cn=Administrator, cn=Users, dc=mydomain, dc=com"
+ns_param password "password"
+ns_param host "directory.mydomain.com"
+ns_param connections 1
+ns_param verbose On
+
+ns_section "ns/ldap/pools"
+ns_param ldap ldap
+
+ns_section "ns/server/${server}/ldap"
+ns_param pools *
+ns_param defaultpool ldap
+   </computeroutput>
+  </screen>
+<para>To verify that this is all working, restart Aolserver and ensure that you see something like this in your error.log:</para>
+   <screen>
+    <computeroutput>
+[10/Jan/2006:11:11:07][22553.3076437088][-main-] Notice: modload: loading '/usr/local/aolserver/bin/nsldap.so'
+[10/Jan/2006:11:11:08][22553.3076437088][-main-] Debug: nsldap: allowing * -> pool ldap
+[10/Jan/2006:11:11:08][22553.3076437088][-main-] Debug: nsldap: adding pool ldap to the list of allowed pools
+[10/Jan/2006:11:11:08][22553.3076437088][-main-] Debug: nsldap: Registering LDAPCheckPools (600)
+    </computeroutput>
+   </screen>
+  </formalpara>
+ </listitem>
+ <listitem>
+  <formalpara>
+   <title>auth-ldap + driver installation</title>
+   <para>Next, visit the software installation page in acs-admin and install the auth-ldap package. Your OpenACS installation now has all the code required to authenticate using nsldap, so now you need to configure your site's authentication to take advantage of it. To add the authentication driver to your OpenACS instance, go to: Main Site, Site-Wide Administration, and then Authentication</para>
+   <para>Here's some sample Authentication Driver values:</para>
+   <para>Name=Active Directory, Short Name=AD, Enabled=Yes, Authentication=LDAP, Password Management=LDAP</para>
+   <para>You may wish to push this new authority to the top of the list so it will become the default for users on the login screen.</para>
+   <para>Next, you have to configure the authentication driver parameters by going to: Main Site, Site-Wide Administration,  Authentication, Active Directory, and then Configure</para>
+   <para>Parameters that match our example will look like:</para>
+   <para>UsernameAttribute=sAMAccountNMame, BaseDN= cn=Users,dc=mydomain,dc=com,
+InfoAttributeMap=first_names=givenName;last_name=sn;email=mail,
+PasswordHash=N/A</para>
+  </formalpara>
+ </listitem>
+<listitem>
+  <formalpara>
+   <title>Code Tweaks for Bind</title>
+   <para>Bind-style authentication is not supported via configuration parameters, so we will have to modify the tcl authentication routine to provide this behavior.</para>
+   <para>You'll have to modify the existing ./packages/auth-ldap/tcl/auth-ldap-procs.tcl file to support bind authentication.</para>
+   <para>First toggle ldap bind support.</para>
+   <para>Change this:</para>
+   <screen>
+    <computeroutput>
+# LDAP bind based authentication ?
+set ldap_bind_p 0
+if {$ldap_bind_p==1} {
+...
+    </computeroutput>
+   </screen>
+   <para>to this:</para>
+   <screen>
+    <computeroutput>
+# LDAP bind based authentication ?
+set ldap_bind_p 1
+
+if {$ldap_bind_p==1} {
+...
+    </computeroutput>
+   </screen>
+   <para>Then change the bind to first do a search to resolve to account name provided by the user to a fully qualified domain name (FQDN), which the LDAP server uses as a primary key.</para>
+   <para>Change this:</para>
+   <screen>
+    <computeroutput>
+set lh [ns_ldap gethandle]
+
+if {[ns_ldap bind $lh "cn=$cn" "$password"]} {
+    set result(auth_status) ok
+}    
+    </computeroutput>
+   </screen>
+   <para>to this</para>
+<screen>
+<computeroutput>
+set lh [ns_ldap gethandle]
+
+set fdn [lindex [lindex [ns_ldap search $lh -scope subtree $params(BaseDN) "($params(UsernameAttribute)=$username)" dn] 0] 1]
+
+if {[ns_ldap bind $lh $fdn $password]} {
+    set result(auth_status) ok
+}    
+    </computeroutput>
+   </screen>
+   </formalpara>
+ </listitem>
+</orderedlist>
+<formalpara>
+ <title>Troubleshooting</title>
+ <para>If you're having trouble figuring out some the values for the ldapm, see this useful page on <ulink url="http://bugzilla.glob.com.au/activedirectory/">setting up Active Directory integration with Bugzilla</ulink>. It explains how distinguished names are defined in Active Directory, and how to test that you have the correct values for connectivity and base DN using the OpenLDAP command-line utility ldapsearch.</para>
+<para>John had an issue where nsldap was not loading because AOLServer couldn't find the openldap client libraries, but he was able to fix it by adding the openldap libraries to his LD_LIBRARY_PATH (e.g. /usr/local/openldap/lib)</para></formalpara>
+ <formalpara>
+  <title>Credits</title>
+  <para>Thanks to Malte Sussdorf for his help and the <ulink url="http://www.lcs.mgh.harvard.edu/">Laboratory of Computer Science at Massachusetts General Hospital</ulink> for underwriting this work.</para></formalpara>
+    </sect1>
     <sect1 id="configure-batch-sync">
       <title>Configure Batch Synchronization</title>
       <orderedlist>