30 April 2012
This article assumes you have access to a web server that has PHP and MySQL installed. Readers should also have access to an LDAP server such as OpenLDAP and a basic understanding of LDAP. Because this article uses many of the same concepts as Direct Entitlement Starter kit and Using Restricted Distribution with Digital Publishing Suite it is recommended to read those articles first.
Additional required other products
This article provides a reference implementation for integrating Adobe Digital Publishing Suite's restricted distribution capability and LDAP. Restricted distribution is essentially entitlement with the publisher's server determining which individual or group is entitled to a folio. In this implementation, our users and groups are coming from LDAP. In the example below, the groups include human resources, finance, sales, engineering and marketing. Your groups will differ depending on your LDAP installation.
The admin tool is used to entitle users and groups. Figures 3-11 show the views of the admin.
The viewer app allows a user to login through the entitlement banner. Figures 12-13 show the viewer using restricted distribution.
In order to make use of this reference implementation you will need the following:
If you unzip the restricted_distribution.zip file, you will see the file structure displayed in Figure 12.
The following are descriptions of the top level files and folders.
To make use of the example files with your own content, you will have to complete the following steps.
The following sections explain these steps in more detail.
Connect to your MySQL database and run database.sql. Alternatively you can use Sequel Pro which provides a user interface for connecting and modifying your database. Using Sequel Pro, once connected to your database you can select File > Import… and navigate to database.sql. This SQL script creates the empty tables and adds a default user for the admin with username=admin and password=admin. If you used Sequel Pro to import the database, you should see the following tables.
On line 3, change $dbHost so it is pointing at the URL to your MySQL installation.
On line 6, change $dbUser so it matches the user name for your database.
On line 9, change $dbPassword so it matches the password for your database.
If you changed the database name, on line 12, change $dbName so it matches your database name.
On line 3, change $ldapHost so it is pointing at the URL to your LDAP installation.
On line 6, change $ldapPort so it matches the port of your LDAP installation.
On line 8, change $baseDn so it matches your base distinguished name.
On line 11, change $dn so it matches the distinguished name of your admin user.
On line 14, change $ldapPassword so it matches the password of your admin user.
On line 17, change $groupOU so it matches the organizational unit of your groups.
On line 20, change $peopleOU so it matches the organizational unit of your users.
The searches in LDAP assume the following field names for users: uid, givenName, sn, gidNumber, cn and userpassword. Passwords are encoded in LDAP using MD5. If you are using a different encoding, site/resources/api/SignInWithCredentials.php should be updated on line 31 to reflect your encoding.
Since LDAP implementations can vary, if you would like different user fields to be displayed in the user grid you should modify resources/admin/getUsers.php, app/model/User.js and app/view/Main.js to appropriately reflect your field names.
The searches in LDAP assume the following field names for groups: gidNumber and cn.
On line 4, change $feed so the accountId matches your account id. For information on finding your accountId, see the "Connecting to fulfillment" section in the Adobe article Building a custom storefront. Once you have your accountId, you will modify the value after http://edge.adobe-dcfs.com/ddp/issueServer/issues?accountId=. To verify that you have published folios, you can navigate to the URL to view your folios. This XML file will only display published folios.
Upload the contents of the site directory to your webserver. For simplicity this article does not go into detail about deploying a production ready Sencha application. For more details, check out the Sencha SDK Tools.
In a browser, go to the location in your previous step and open index.html. Open each item in the left nav and verify the grids are populated. Double-click on rows in the users and groups grids and assign the appropriate folios to each. If you'd like to allow a user to login with a token, double-click a user and set the value for a token. These values should be unique.
For information on creating a viewer app see the Viewer Builder tutorial video or read the documentation. The viewer you create should be an entitlement viewer. On the entitlement details screen, the two service URLs should be the absolute path to where you deployed the files in step 5 appended with "resources/api". The value for Banner Page URL should be the absolute path to where you deployed the files in step 5 appended with "banner/index.html".
After you have installed the viewer on your iPad, open the viewer and login using the entitlement banner at the top. After logging in successfully you should see the library automatically update and populate with the folios to which the user is entitled.
This article has shown you how to modify the reference implementation to integrate restricted distribution with your LDAP. For more articles on the Digital Publishing Suite please check out the Digital Publishing Suite Developer Center.