hi, I need to authenticate users against the corporate MS Active Directory, and also
authorize them based on group membership. A static account for binding and searching is not available, therefore AuthzLDAP is difficult to use. Here's a proposal, please let me know if it fits your philosophy, and then I'll make a fork at Github: 1. Allow MS style binding: dn=usern...@domain.com This simplifies the thing, as we don't need to know the whole AD hierarchy structure. Works with most activedirectory servers. 2. Allow hooks in Action::LDAPLogin. I want to look up the user's group membership right at the spot when the LDAP session is created and authenticated. Based on that lookup, I would update the user's fields, like "is_administrator". Such things are much site-specific, so it doesn't make much sense to put them into the public plugin. Of course, I would give an example in the documentation. cheers, stan _______________________________________________ jifty-devel mailing list jifty-devel@lists.jifty.org http://lists.jifty.org/cgi-bin/mailman/listinfo/jifty-devel
