LDAP, Active Directory and LDAP/SSO

[digg=http://digg.com/software/LDAP_Active_Directory_and_LDAP_SSO] I've had to reply to part of a call for tender today. The interesting question was "Can Dokeos interact with our LDAP/SSO system?". So first I should review the vocabulary a bit. After searching the web for a while, I can most probably say that LDAP and LDAP/SSO are actually the same thing.
  • LDAP goes for Lightweight Directory Access Protocol (there is actually a heavyweight DAP protocol)
  • SSO goes for Single Sign-On (which means it's a system by which a user only has to sign-in once to access multiple applications, for example)
Basically, the implemented result of LDAP is that one server has the credentials of a lot of users in a structured data tree, and that anybody using an application connected to that LDAP server can say "I'm xyz" and the authentication is then made by contacting the LDAP server to ask if the user is really who he says he is, and what information we can get. So this is a Single Sign-On technology, which means LDAP/SSO is a redundant acronym. Active Directory is the Microsoft's home-made system that has the same features as LDAP but is not LDAP, so you have to do an implementation just for them (I'm being told the rules also change from one version of Windows server to the other, which makes implementations dependent on versions, which is not practical). Luckily, Microsoft (or other people actually, I don't know) realised that this was not practical, so they offered a translation system from Active Directory to LDAP, which makes it easily possible to use an Active Directory server as a LDAP server. Now, let's talk a bit about Dokeos and LDAP... Dokeos offers an LDAP extension which provides it with an almost-easy way to connect to an LDAP server and get authentication data from there. It's almost easy because:
  • it's shipped by default with all versions of Dokeos (from 1.6.0 at least)
  • it's configurable via only one file (but it's not configurable via the web interface)
  • there is a different login page for LDAP which takes the login in charge
The LDAP extension had been originally contributed by Evie (R.) Embrechts around 2003. Just recently, a contribution (to be integrated by me in the coming weeks) has been shared by Mustapha Alouani, which eases greatly the use of the LDAP extension by providing a web interface to do various administrative tasks. This is a massive improvement regarding LDAP integration. You can tell that over 4 years of development, this is the first big step in that direction. On another bright side, I've just integrated OpenID login support into Dokeos 1.8.5 using the Drupal code for OpenID, which means it's now possible to use another, very recent, practical and easy, Single Sign-On method in Dokeos.

Comments

Hi Birger,

It's not available yet. We've been delayed on this one but it should still be integrated in 1.8.5.

Hello,

I just wanted to drop a note on LDAP functionality, since I am eager to use it; we are trying to set up a sort of sign-on between Dokeos and an LDAP server (namely OpenLDAP on Debian); I hope the solution will be integrated in Dokeos version 1.8.5. Unfortunately I am not much of a coder, so I hope you really will integrate this solution in the final version.
By the way, when will Dokeos 1.8.5 be released?
Thank you in advance

Hi Davide,

The good news for you is that I am currently testing the development itself (right now) and it kind of works. There was a whole bunch of additional stuff that I will not integrate (like the notion of academic year of LDAP) because it is highly dependent on a specific implementation of the LDAP directory. However, I am integrating "LDAP users import into sessions" and it's starting to work. I personally estimate that I will be done with it in about 2 hours time.

After that, I have three more things to do:
1) a set of changes to the database to prepare for a "one campus, multiple urls" feature
2) the integration of the new audio recorder
3) a feature of peer review for the student works (this integration is still under discussion)
4) yeah, I know, I said three, but there are a lot of small bugs to fix still.

We are working around the clock (that's actually very true as there's one team in France and one team in Peru) to get that 1.8.5 beta out, then there will be one week until the RC1 comes out and if everything works perfect then we'll just release the stable.
Now if there's not major new bug between the beta and the RC1, I think you will be able to use RC1 in production environments... So that puts the RC1 sometime next week.

I'd just like to add that we've been pushing back 1.8.5 mostly because there's no pressing demand and because we would like to make it a very robust release, so we are taking our time to test it more than usual. I will post on the Dokeos 1.8.5 page as soon as the beta is released, so stay tuned (I will need a lot of feedback on the LDAP tool).

Hi,

thanks a lot for the sharp answer, and for the good news.

If you need our help to test and review LDAP tool (as well as other tools) feel free to drop an e-mail and we'll try to help you and provide you feedback as best as we can.

Thanks again and keep up with the good work!

Cheers
Davide

Hi,

I managed to setup the 1.8.5 beta version and I found LDAP working very good.
Didn't have a lot of time to test deeply though.

At present I have a problem (on Dokeos 1.8.4 SP3 version) loading a SkillSoft course on a Debian/apache machine; I wonder if anyone had this problem/issue before; the course loads smoothly but when I try to start the course I simply get an xml page saying that the xml file has no style associated with;

Another little problem is for OOgie on version 1.8.5: it seems that the recorder.swf file needed to start oogie has gone... even looking with "find / -name recorder.swf" brought no result....

I tried to post the question on the forum but still got no answer; I know that this may not be the correct place to post such a request but I have to get an answer somehow....

Thank you in advance
Davide

Hi Davide,

Indeed, the forum is the best place. We are reviewing the bug reports posted there from time to time.

I don't know about your Skillsoft course. Why not try it in another SCORM reader (I think "Reload" is a desktop SCORM player that you can download for free) and see if that works for you? (just to check if it is more likely to be Dokeos' fault or the content's).

About Oogie, what is the error message you get? Normally, Oogie shouldn't need recorder.swf to work, but the audiorecorder (which is now located in main/conference/recorder2.swf) is under review at the moment so your comment will be taken into account.

You might have to wait a little bit longer for an answer though (a week?), as we still have a long list of little tasks we want to finish before starting the review of all bug reports.

Hi,

as always thanks for your precious support.
I will try asap a SCORM player to check Skillsoft stuff; the problem with oogie is that I cannot perform a Powerpoint or Word conversion (the message says "Error during the conversion of the word document. Please check if there are special characters in the name of your document.." but there is no special character, and the document size is well below the maximum allowed).
I told you about the recorder because in the installation guide the configuration settings for oogie report to set localhost as the host, 2002 as the listening port for openOffice service and main/webrooms/recorder.swf as path to lzx files.
By the way the OpenOffice service is up and running and listening on 2002 port.
At this moment these issues are not very urgent.
Thank you in advance, as always.

Davide

The problem with oogie in 1.8.5 is simply that there is no "webrooms" folder under the "main" folder included in the distribution. So putting the path to /main/webrooms/recorder.swf will obvioulsy give the error that the recorder cannot be found when converting e.g. a power point file.
Under 1.8.4. the "webrooms" folder is included but a lot of people (including myself) get the error "Error during the conversion of PowerPoint. Please check if there are special characters in the name of your PowerPoint."

But what goes wrong has nothing to do with the file name anyway, since a perfectly eligible name such as "test.ppt" will still produce the same error. This point about this error message has already been posted various times on the forums, but to no avail up to now (i.e. no clear answer, just people guessing and "try and error"-ing. So please what's the problem, can anyone explain in plain language?

Hi Ed,

Dokeos 1.8.5 doesn't need a path to lzx anymore, so basically the setting is ignored. You have to understand that while we do not focus on answering a minority of people on the forum (because mostly the Oogie system is not particularly easy to configure if you get out of the common grounds of the configuration we suggest), we do a lot of work on other things to provide the community with an excellent platform. For us, everything is dealt with in terms of priorities. We would love to have people work for free to provide more reliable free support to the community, and this is entirely up to you, but we (the little team-of-3) developers of Dokeos are regularly cutting on our free time to improve the community support. We're just unable to cope alone with the free support demand, so if you'd like to give us a hand, I suggest you get into technical documentation and the Dokeos code and start right away.

I love my job, so what I am explaining here is not that I can't bear the work, it's just that I can't cope with the demand, plus I think it is obvious from our overall contribution that we are doing our best.