That sounds great to me. "Stanislav Sinyagin" <ssinya...@yahoo.com> wrote:
>hi, > >I need to authenticate users against the corporate MS Active Directory, and >also > >authorize them based on group membership. > >A static account for binding and searching is not available, therefore >AuthzLDAP >is > >difficult to use. > >Here's a proposal, please let me know if it fits your philosophy, and then >I'll >make > >a fork at Github: > > >1. Allow MS style binding: dn=usern...@domain.com >This simplifies the thing, as we don't need to know the whole AD hierarchy >structure. >Works with most activedirectory servers. > >2. Allow hooks in Action::LDAPLogin. >I want to look up the user's group membership right at the spot when the LDAP >session is created and authenticated. >Based on that lookup, I would update the user's fields, like >"is_administrator". >Such things are much site-specific, so it doesn't make much sense to put them >into the > >public plugin. Of course, I would give an example in the documentation. > > > >cheers, >stan >_______________________________________________ >jifty-devel mailing list >jifty-devel@lists.jifty.org >http://lists.jifty.org/cgi-bin/mailman/listinfo/jifty-devel -- Sent from my Android phone with K-9 Mail. Please excuse my brevity. _______________________________________________ jifty-devel mailing list jifty-devel@lists.jifty.org http://lists.jifty.org/cgi-bin/mailman/listinfo/jifty-devel
