Jason Reusch wrote: > > "Evan Prodromou" <[email protected]> wrote: > > | Typical AGPL warning: you need to make the code available to the users > | of the program, regardless of how clean it is. > > Absolutely. I think the Affero license is brilliant and long overdue. > I'm glad to see this project using it (and making an effort to > enforce it). > > | A few questions: > | > | 1. How are you storing profile data? Is it in the LDAP server, > | too? > > I'm not. I told you it was messy. ;) I'm relying on the laconica > profiles and just doing the password auth against LDAP. In my case, > I'm assuming the laconica nickname is the same as the Active Directory > samAccountName so users have a single sign-on. > In my implementation, I've allowed the admin to configure what LDAP attribute is supposed to match the laconica nickname. > The next thing I want is auto provisioning (because I'm to lazy to > write script to load user accounts). Users just try to login with > their LDAP credentials and if successful and a laconica account > doesn't exist one is automatically setup for them. If you allow new > sign ups that makes non-ldap user signups problematic. If the new > user picks an existing LDAP username then the LDAP user later tries to > login they are stuck. So for mixed mode auth, in addition to an auto > provision, there would have to be a nickname safety check against LDAP > on signup. > I've got that going as well. I've made registration and LDAP authen mutually exclusive. I have not allowed for any 'mixed mode' authen in my setup.
> | 2. I'd like to make an AuthenticationEngine abstract class so we > | could have different login systems: other Web programs (like > | MediaWiki or Drupal), LDAP, /etc/passwd, etc. > > The project does seem to be going down the road of a fair amount of > PEAR dependency (my code relies on Net_LDAP - > http://pear.php.net/package/Net_LDAP). What about the PEAR Auth > module? It also supports IMAP as an authentication mechanism which > might be interesting and useful for service providers that already > provide email. > I didn't use the ldap PEAR module. I got by with just ldap_connect, ldap_bind, ldap_search and ldap_get_entries from basic PHP LDAP support. For the simple lookups needed to verify info against ldap, I don't think we need to add another dependency. > http://pear.php.net/package/Auth > > BTW - It did occur to me the other day to try to make a laconica clone > with drupal, CCK and views. I think it could be done, but who has > that kind of time? > > | Anyways, looking forward to seeing your code. > > Thanks, it's only a few dozen lines of code in util.php and a host of > config options. A little branching in common_check_user and a > common_ldap_check_password function. More a proof of concept than an > actual implementation really. Essentially, rather than using > munge_password function, it looks up the nickname in ldap and checks > the password there. > > I should have a chance to post the code sometime Thursday night. Is a > tarball of util.php and config.php.sample sufficient? > I hope I'll be able to actually show my code by then as well. Two heads are better than one, eh? > Ahoy, > Jason > > ------------------------------------------------------------------------ > > _______________________________________________ > Laconica-dev mailing list > [email protected] > http://mail.laconi.ca/mailman/listinfo/laconica-dev > -- Mark Keisler Principal Software Engineer Motorola Open Source Technologies 630-329-2828 _______________________________________________ Laconica-dev mailing list [email protected] http://mail.laconi.ca/mailman/listinfo/laconica-dev
