One exciting feature we've added to the BlogMatrix Platform is LDAP integration. What is this? Well, briefly, instead of users having to create and maintain accounts, user ids, and passwords, the BlogMatrix Platform can contact your "directory server" and get this information. This effectively makes the BlogMatrix Platform SSO within your organization.

In practice, this means you can drop the BlogMatrix Platform into a shop on a Linux machine, point it at your OpenLDAP, Active Directory, Isode, Java System Directory (etc) server and you're in business.

Creating an account just becomes like logging in: just enter your network User ID and Password and your BlogMatrix account is enabled.

Creating an account just becomes like logging in: just enter your network User ID and Password and your BlogMatrix account is enabled.

Configuring LDAP is fairly simple. Just set BM_LDAP_* in BM_CONFIG.sh during installation. For example:

export BM_LDAP_HOST="localhost"
export BM_LDAP_PORT=389
export BM_LDAP_DN_PATTERN="uid=$(userid),ou=People,dc=agwego,dc=net"

The last rule determines how BlogMatrix User IDs are translated into LDAP Distinguished Names. Note that we can't done LDAP spanning different organizations at this time, at least on the same installation/domain name.

Once BlogMatrix is installed, changes to LDAP configuration will have to be made directly to $BM_SITE_ROOT/blogmatrix.cfg:

ldap_host: "localhost"
ldap_port: 389
ldap_dn_pattern: "uid=$(userid),ou=People,dc=agwego,dc=net"
ldap_accounts:True

If 'ldap_accounts' is set to False, LDAP account creation will be turned off though existing LDAP accounts will still have to log in with LDAP authentication.

We'll be also taking account information from the LDAP server, though the details of this have not been worked out.

For contrast, here's the normal login system where users must choose their own User IDs and make their own accounts. This works perfectly fine in companies where there are no directories