There are instructions in the cosign wiki on how to implement an LDAP
factor, but cosign doesn't actually come with one..
http://webapps.itcs.umich.edu/cosign/index.php/Cosign_Wiki:Test_install_HOWTO#Factors
Did you guys write one? You could probably update the LDAP factor to strip
the domain from the username. If you're using the sample LDAP factor, it
should be pretty easy to do.
You'd probably also need to create a passwd config line and tell it to
ignore @brandeis.edu
Liam
On Mon, Jul 14, 2014 at 1:56 PM, Michael Ghen <mikeg...@brandeis.edu> wrote:
> There is an LDAP factor. We're looking for a solution that doesn't involve
> adding javascript on top of the login web page.
>
>
> On Mon, Jul 14, 2014 at 1:54 PM, Liam Hoekenga <li...@umich.edu> wrote:
>
>> I think you could strip it out using javascript.
>>
>> Did you write an LDAP factor? Are you using PAM?
>>
>> Liam
>>
>>
>> On Mon, Jul 14, 2014 at 1:50 PM, Michael Ghen <mikeg...@brandeis.edu>
>> wrote:
>>
>>> I do not see @brandeis.edu anywhere. I think it only shows up when
>>> someone manually types it after their username. Is there a way to configure
>>> cosign such that if it sees @brandeis.edu it will still just check
>>> Active Directory? Basically just ignore the @brandeis.edu?
>>>
>>>
>>> On Mon, Jul 14, 2014 at 1:42 PM, Liam Hoekenga <li...@umich.edu> wrote:
>>>
>>>> Do you see @brandeis.edu show up in the UI? Something's got to be
>>>> adding it before the form is POSTed, otherwise the mysql stuff wouldn't be
>>>> getting invoked.
>>>>
>>>> Liam
>>>>
>>>>
>>>> On Mon, Jul 14, 2014 at 12:57 PM, Michael Ghen <mikeg...@brandeis.edu>
>>>> wrote:
>>>>
>>>>> Thanks again, I appreciate the help. We use AD via LDAP. I'm not sure
>>>>> that we're seeing occurrences of "@brandeis....@brandeis.edu" that
>>>>> was just a hunch. Do you have any other suggestions for things to try?
>>>>>
>>>>>
>>>>> On Mon, Jul 14, 2014 at 11:49 AM, Liam Hoekenga <li...@umich.edu>
>>>>> wrote:
>>>>>
>>>>>> I was mostly thinking that if you wanted to, you could use passwd to
>>>>>> configure usernames containing @brandeis.edu to point at a kerberos
>>>>>> realm instead of the guest system.
>>>>>> Are you using AD via LDAP or kerberos? I believe that "passwd" only
>>>>>> lets you configure kerberos and guest (mysql), so if you're using LDAP or
>>>>>> PAM to actually handle the authentication, it probably wouldn't be
>>>>>> useful.
>>>>>>
>>>>>> The @brandeis.edu and the "cannot connect to guest database" are
>>>>>> pretty clearly connected.
>>>>>> The occurrences of "@brandeis....@brandeis.edu" suggest to me that
>>>>>> maybe you've got something in the UI that's updating the form value. An
>>>>>> over-zealous javascript? A default value in the username field of the
>>>>>> login form?
>>>>>>
>>>>>> Liam
>>>>>>
>>>>>>
>>>>>> On Mon, Jul 14, 2014 at 11:39 AM, Michael Ghen <mikeg...@brandeis.edu
>>>>>> > wrote:
>>>>>>
>>>>>>> We use Active Directory.
>>>>>>>
>>>>>>>
>>>>>>> On Mon, Jul 14, 2014 at 11:35 AM, Liam Hoekenga <li...@umich.edu>
>>>>>>> wrote:
>>>>>>>
>>>>>>>> Are you using kerberos on the backend?
>>>>>>>>
>>>>>>>> Liam
>>>>>>>>
>>>>>>>>
>>>>>>>> On Mon, Jul 14, 2014 at 11:34 AM, Michael Ghen <
>>>>>>>> mikeg...@brandeis.edu> wrote:
>>>>>>>>
>>>>>>>>> Thanks Liam,
>>>>>>>>>
>>>>>>>>> I am not using the passwd directive. Will using it resolve this
>>>>>>>>> issue?
>>>>>>>>>
>>>>>>>>> Mike
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Mon, Jul 14, 2014 at 11:22 AM, Liam Hoekenga <li...@umich.edu>
>>>>>>>>> wrote:
>>>>>>>>>
>>>>>>>>>> The man page for cosign.conf explains the "Unable to connect to
>>>>>>>>>> guest account database" error:
>>>>>>>>>>
>>>>>>>>>> The keyword passwd is used to control password based
>>>>>>>>>> authentication of
>>>>>>>>>> a user using the Kerberos and MySQL internal
>>>>>>>>>> authenticators. Where this
>>>>>>>>>> keyword is not specified, usernames containing an ’@’ are
>>>>>>>>>> authenticated
>>>>>>>>>> through mysql, all other usernames are authenticated with
>>>>>>>>>> Kerberos.
>>>>>>>>>>
>>>>>>>>>> Are you using the "passwd" directive in your cosign.conf?
>>>>>>>>>> If so, what do the entries look like?
>>>>>>>>>>
>>>>>>>>>> Liam
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On Mon, Jul 14, 2014 at 10:06 AM, Michael Ghen <
>>>>>>>>>> mikeg...@brandeis.edu> wrote:
>>>>>>>>>>
>>>>>>>>>>> Hello,
>>>>>>>>>>>
>>>>>>>>>>> My name is Mike and I work at Brandeis University where we use
>>>>>>>>>>> Cosign. Recently, we've noticed that when a user enters their
>>>>>>>>>>> username with
>>>>>>>>>>> @brandeis.edu at the end, they recieve this error: "Unable to
>>>>>>>>>>> connect to guest account database."
>>>>>>>>>>>
>>>>>>>>>>> We're trying to remove this error so that user can still sign in
>>>>>>>>>>> but we're unsure about where it is generated. We think that cosign
>>>>>>>>>>> is
>>>>>>>>>>> appending "@brandeis.edu" before it looks up the account which
>>>>>>>>>>> would make the username have "...@brandeis....@brandeis.edu."
>>>>>>>>>>> We could not find anything in the configuration files to suggest
>>>>>>>>>>> that is
>>>>>>>>>>> the case. While we explore other options, I figured I would reach
>>>>>>>>>>> out for
>>>>>>>>>>> help from the Cosign community. If anyone has any suggestions or
>>>>>>>>>>> can offer
>>>>>>>>>>> any guidance, please let me know.
>>>>>>>>>>>
>>>>>>>>>>> Thank you,
>>>>>>>>>>>
>>>>>>>>>>> Mike
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> ------------------------------------------------------------------------------
>>>>>>>>>>> Want fast and easy access to all the code in your enterprise?
>>>>>>>>>>> Index and
>>>>>>>>>>> search up to 200,000 lines of code with a free copy of Black
>>>>>>>>>>> Duck®
>>>>>>>>>>> Code Sight™ - the same software that powers the world's
>>>>>>>>>>> largest code
>>>>>>>>>>> search on Ohloh, the Black Duck Open Hub! Try it now.
>>>>>>>>>>> http://p.sf.net/sfu/bds
>>>>>>>>>>> _______________________________________________
>>>>>>>>>>> Cosign-discuss mailing list
>>>>>>>>>>> Cosign-discuss@lists.sourceforge.net
>>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/cosign-discuss
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>
------------------------------------------------------------------------------
Want fast and easy access to all the code in your enterprise? Index and
search up to 200,000 lines of code with a free copy of Black Duck®
Code Sight™ - the same software that powers the world's largest code
search on Ohloh, the Black Duck Open Hub! Try it now.
http://p.sf.net/sfu/bds
_______________________________________________
Cosign-discuss mailing list
Cosign-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/cosign-discuss
