- **status**: in-progress --> code-review
- **Size**: --> 2
- **Comment**:
Branch db/7406 has support for
* auto-registration of LDAP users (just login)
* disabling regular user registration
* using LDAP to get the display name for users
* performance & timing enhancements for LDAP
Also SF-internal forge-classic branch db/7406 has some semi-related changes.
---
** [tickets:#7406] Improving LDAP registration methods**
**Status:** code-review
**Milestone:** forge-jun-13
**Created:** Wed May 21, 2014 10:33 PM UTC by noobish
**Last Updated:** Tue Jun 10, 2014 09:43 PM UTC
**Owner:** Dave Brondsema
The use case I had in mind when using ldap auth was for an enterprise
environment where there is already an existing ldap server containing existing
user accounts. Users would register by providing their ldap credentials and
Allura would authenticate them against ldap and then automatically provision
their account. Even better if all this would happen simply by logging in
(bypassing registration altogether).
But it seems the ldap plugin author had a different use case in mind: a local
ldap server that is only managing accounts for this Allura instance. When
registering an account on Allura, an admin account on the ldap server is used
to create a new ldap object for the username in the domain. It is not possible
to register an account without the ldap's admin account.
I believe the existing functionality to be contrary to the wishes of most
enterprise installations.
I propose the attached patch to *./Allura/allura/lib/plugin.py* to accomplish
the following:
- Add a new *registration.method = ldap* to repurpose the existing behavior
(creating a new ldap account upon allura registration, error if exists in ldap)
- Repurpose the existing *registration.method = local* configuration to be used
in conjunction with *auth.method = ldap* as follows:
1. authenticate against ldap with an *existing* user
2. create local account in allura with the provided and ldap-authenticated
username
3. use ldap to authenticate future logins
This being my first experience with python and this project I have not yet
found the best way I should extend widgets/auth_widgets.py to be able to
display errors to the user on the registration page. There are a great number
of error conditions that should not be throwing exceptions (for such common
occurances as an invalid password). Can any of you point me in the right
direction/take it from here?
---
Sent from sourceforge.net because dev@allura.apache.org is subscribed to
https://sourceforge.net/p/allura/tickets/
To unsubscribe from further messages, a project admin can change settings at
https://sourceforge.net/p/allura/admin/tickets/options. Or, if this is a
mailing list, you can unsubscribe from the mailing list.
